Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Firefox: Werbe-Addons installieren sich selbsständig neu

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 03.02.2015, 20:06   #1
kriD_
 
Firefox: Werbe-Addons installieren sich selbsständig neu - Icon16

Firefox: Werbe-Addons installieren sich selbsständig neu



Hallo Trojaner-Board!

Ich bin neu hier und froh, dass ich diese Seite gefunden habe.
Bis jetzt hatte ich (auch ohne Virenschutz) noch nie Probleme mit Viren, Trojanern, Malware oder sonstigem Mist. Vor einiger zeit habe ich mich jedoch verdrückt und mehr oder minder ausversehen den 1 Click Downloader installiert. Seitdem wird mein Browser (Firefox Version 35.0.1) regelmäßig von Werbe-Addons unbrauchbar gemacht. Das tolle daran ist, dass diese Addons jedes mal einen neuen beknackten Namen haben, das das googlen nach Lösungen nahezu unmöglich macht. Die manuelle Entfernung der Addons beseitigt das Problem temporär, jedoch hat sich irgendwas tiefer ins system eingenistet, als mir lieb ist und verfügt über Berechtigungen Programme und Addons zu installieren.

Ich werde mal den Krankheitsverlauf teils bebildert beschreiben:
Irgendwann (konnte keinen speziellen Auslöser feststellen) schließt Firefox (FF) und öffnet sich kurz darauf mit einer Fehlermeldung und einem popup wieder:
Fehlermeldung:

Popup:

Beim schließen des popups öffnet sich ein neues FF Vollbild Fenster und man wird auf einen Downloadlink für ein tolles "Systembereinigungstool" auf YAC.mx weitergeleitet. Super seriös.
Das Download Fenster mit Dateinamen:

Das Werbe Addon ist zu diesem Zeitpunkt ohne weiteres Zutun bereits in FF integriert. In diesem Fall handelt es sich um das Addon: "DigiSaeveR 6.7", jedoch habe ich z.B. im Moment "DigiSaver 6.7" (man beachte das fehlende "ae") und "DigiCouPOnn 5.3" am start.

Symptome durch die Addons:
Die Addons spammen jede Seite (ja, auch das Trojaner-Board) mit nervig blinkenden "Sie haben gewonnen!!11elf" Meldungen zu und schalten Werbung bzw. verändern Suchanfragen bei google und anderen Seiten.
Symptom Screenshots:


Desweiteren habe ich das gefühl, dass die Treiber meiner Eeingabegeräte und auch meiner externen Soundkarte nach dem booten langsam laden. Braucht manchmal trotz SSD eine Minute, bis ich die Sachen normal benutzen kann. Jedoch könnte dies auch andere Ursachen haben.

Um das Problem zu beheben war ich nicht untätig. Ich habe eine Reihe von Maßnamen zur Bekämpfung getätigt, von denen sich die Malware jedoch gänzlich unbeeindruckt zeigt. Ich werde hier mein Vorgehen erläutern:
1) Addons manuell in FF entfernen

2) FF restaurieren

3) Malwarebytes Version 2.0.4.1028 und alle Funde in Quarantäne
LOGFILE:
Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Scan Date: 03.02.2015
Scan Time: 13:52:59
Logfile: malwarebytes log.txt
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.02.03.04
Rootkit Database: v2015.01.14.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: kriD

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 338602
Time Elapsed: 3 min, 23 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 7
PUP.Optional.Multiplug, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{A3FC46A0-9B62-0EF3-B475-743B3A2762B1}, , [55bb49d1f89238fe0ded32bf738fa65a], 
PUP.Optional.Multiplug, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{317D8BB4-16C3-CFBD-3777-AED69667DA46}, , [040c8892850540f6c733ed044fb329d7], 
PUP.Optional.Multiplug, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{53B21E29-3967-C332-57EB-C02631658584}, , [749c44d66a2032045d9d589915eda060], 
PUP.Optional.Multiplug, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{7223EDAC-E091-B3C1-BD91-B66CE557800F}, , [d739120862286fc7ce2c21d06d95e31d], 
PUP.Optional.Multiplug, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{E957849A-94AC-6F46-4623-C31474E3C170}, , [11ffd04a8802cf6710eab63b39c9916f], 
PUP.Optional.Multiplug, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{B5DB572D-EA87-D3B0-08F6-4D153EA6A783}, , [d53b3fdb9bef1a1c4ab032bfd13146ba], 
PUP.Optional.Multiplug, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{CA1838EF-A497-194E-3850-37A62CEE398B}, , [3fd193873951c67026d451a04cb68878], 

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 10
PUP.Optional.Multiplug, C:\Program Files (x86)\NBA Live News\NBA Live News.exe, , [55bb49d1f89238fe0ded32bf738fa65a], 
PUP.Optional.Multiplug, C:\Program Files (x86)\NeataoCoupoN\NeataoCoupoN.exe, , [040c8892850540f6c733ed044fb329d7], 
PUP.Optional.Multiplug, C:\Program Files (x86)\SaveaNewaApppz\aFur2HwgqKjgKt.exe, , [64acfe1c7a1033036f8b33be43bf30d0], 
PUP.Optional.Multiplug, C:\Program Files (x86)\TAkeTheCoUponi\TAkeTheCoUponi.exe, , [749c44d66a2032045d9d589915eda060], 
PUP.Optional.Multiplug, C:\Program Files (x86)\DigiSaeveR\DigiSaeveR.exe, , [d739120862286fc7ce2c21d06d95e31d], 
PUP.Optional.Multiplug, C:\Program Files (x86)\DiiscountExtensi\v6xL3qQqX1gxSu.exe, , [2fe134e65832a49205f5bd34ee1453ad], 
PUP.Optional.Multiplug, C:\Program Files (x86)\Facebook Chat Platinum\Facebook Chat Platinum.exe, , [11ffd04a8802cf6710eab63b39c9916f], 
PUP.Optional.Multiplug, C:\Program Files (x86)\FInndBesstDeall\uonx9otKFFCbtC.exe, , [d53b3fdb9bef1a1c4ab032bfd13146ba], 
PUP.Optional.Multiplug, C:\Program Files (x86)\Fuskr\Fuskr.exe, , [f11ff723682285b1a555e110c939b848], 
PUP.Optional.Multiplug, C:\Program Files (x86)\MinimumPreicEe\MinimumPreicEe.exe, , [3fd193873951c67026d451a04cb68878], 

Physical Sectors: 0
(No malicious items detected)


(end)
         
danach Reboot

4)AdwCleaner Version 4.109 und alle Funde Löschen
danach Reboot
LOGFILE:
Code:
ATTFilter
# AdwCleaner v4.109 - Bericht erstellt am 03/02/2015 um 14:00:54
# Aktualisiert 24/01/2015 von Xplode
# Database : 2015-02-02.1 [Live]
# Betriebssystem : Windows 7 Professional N Service Pack 1 (64 bits)
# Benutzername : kriD - KRID-PC
# Gestartet von : E:\Downloads\AdwCleaner09.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\13523111935511328913
Ordner Gelöscht : C:\ProgramData\bbabbea825ff7891
Ordner Gelöscht : C:\Program Files (x86)\DigiSaeveR
Ordner Gelöscht : C:\Program Files (x86)\DiiscountExtensi
Ordner Gelöscht : C:\Program Files (x86)\FInndBesstDeall
Ordner Gelöscht : C:\Program Files (x86)\MinimumPreicEe
Ordner Gelöscht : C:\Program Files (x86)\NeataoCoupoN
Ordner Gelöscht : C:\Program Files (x86)\SaveaNewaApppz
Ordner Gelöscht : C:\Program Files (x86)\TAkeTheCoUponi

***** [ Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\P1091b106_9c38_4628_bc21_7bab588a29fd_.P1091b106_9c38_4628_bc21_7bab588a29fd_
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\P1091b106_9c38_4628_bc21_7bab588a29fd_.P1091b106_9c38_4628_bc21_7bab588a29fd_.9
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\P8e24857b_40af_4cf1_8a92_42fe78fe05d1_.P8e24857b_40af_4cf1_8a92_42fe78fe05d1_
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\P8e24857b_40af_4cf1_8a92_42fe78fe05d1_.P8e24857b_40af_4cf1_8a92_42fe78fe05d1_.9
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Pf6ca3691_f66f_4997_bddb_0078e22a474e_.Pf6ca3691_f66f_4997_bddb_0078e22a474e_
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Pf6ca3691_f66f_4997_bddb_0078e22a474e_.Pf6ca3691_f66f_4997_bddb_0078e22a474e_.9
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1091b106-9c38-4628-bc21-7bab588a29fd}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{8e24857b-40af-4cf1-8a92-42fe78fe05d1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{f6ca3691-f66f-4997-bddb-0078e22a474e}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{079E2F0F-FCA0-4163-BC82-5355B879E86E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8e24857b-40af-4cf1-8a92-42fe78fe05d1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1091b106-9c38-4628-bc21-7bab588a29fd}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8e24857b-40af-4cf1-8a92-42fe78fe05d1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{f6ca3691-f66f-4997-bddb-0078e22a474e}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{1091b106-9c38-4628-bc21-7bab588a29fd}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{8e24857b-40af-4cf1-8a92-42fe78fe05d1}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{f6ca3691-f66f-4997-bddb-0078e22a474e}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8e24857b-40af-4cf1-8a92-42fe78fe05d1}
Schlüssel Gelöscht : HKCU\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B138259A-351E-33FA-2726-8D71704F1DA9}

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17496


-\\ Mozilla Firefox v35.0.1 (x86 de)


*************************

AdwCleaner[R0].txt - [9316 octets] - [28/01/2015 12:29:04]
AdwCleaner[R1].txt - [4737 octets] - [29/01/2015 10:20:25]
AdwCleaner[R2].txt - [4323 octets] - [30/01/2015 11:08:55]
AdwCleaner[R3].txt - [1276 octets] - [30/01/2015 11:11:58]
AdwCleaner[R4].txt - [4756 octets] - [30/01/2015 12:09:06]
AdwCleaner[R5].txt - [5969 octets] - [02/02/2015 10:28:54]
AdwCleaner[R6].txt - [2345 octets] - [02/02/2015 20:37:06]
AdwCleaner[R7].txt - [5772 octets] - [02/02/2015 21:36:21]
AdwCleaner[R8].txt - [5832 octets] - [02/02/2015 21:37:37]
AdwCleaner[R9].txt - [4622 octets] - [03/02/2015 14:00:03]
AdwCleaner[S0].txt - [8281 octets] - [28/01/2015 12:32:36]
AdwCleaner[S1].txt - [4511 octets] - [29/01/2015 10:21:53]
AdwCleaner[S2].txt - [4030 octets] - [30/01/2015 11:10:54]
AdwCleaner[S3].txt - [4709 octets] - [30/01/2015 12:09:52]
AdwCleaner[S4].txt - [6035 octets] - [02/02/2015 10:29:42]
AdwCleaner[S5].txt - [2416 octets] - [02/02/2015 20:37:50]
AdwCleaner[S6].txt - [5498 octets] - [02/02/2015 21:38:59]
AdwCleaner[S7].txt - [4527 octets] - [03/02/2015 14:00:54]

########## EOF - C:\AdwCleaner\AdwCleaner[S7].txt - [4587 octets] ##########
         
5)Junkware Removal Tool Version 6.4.1 als Admin
LOGFILE:
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.2 (02.02.2015:1)
OS: Windows 7 Professional N x64
Ran by kriD on 03.02.2015 at 14:03:21,89
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 03.02.2015 at 14:04:31,13
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
6)SC-Cleaner Version 1.3.4
LOGFILE:
Code:
ATTFilter
Shortcut Cleaner 1.3.4 by Lawrence Abrams (Grinler)
hxxp://www.bleepingcomputer.com/
Copyright 2008-2015 BleepingComputer.com
More Information about Shortcut Cleaner can be found at this link:
 hxxp://www.bleepingcomputer.com/download/shortcut-cleaner/

Windows Version: Windows 7 Professional N Service Pack 1
Program started at: 02/03/2015 02:05:10 PM.

Scanning for registry hijacks:

 * No issues found in the Registry.

Searching for Hijacked Shortcuts:

Searching C:\Users\kriD\AppData\Roaming\Microsoft\Windows\Start Menu\

Searching C:\ProgramData\Microsoft\Windows\Start Menu\

Searching C:\Users\kriD\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\

Searching C:\Users\Public\Desktop\

Searching C:\Users\kriD\Desktop


0 bad shortcuts found.

Program finished at: 02/03/2015 02:05:11 PM
Execution time: 0 hours(s), 0 minute(s), and 1 seconds(s)
         
7)Firewall aus, dann ESET mit diesen Einstellungen durchlaufen lassen (hat ewig gedauert, gab aber einen ganzen Haufen Funde)
LOGFILE:
Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=ef3fc8fb3702ad41b971b6a4f1c586d7
# engine=22287
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-02-03 06:28:48
# local_time=2015-02-03 07:28:48 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 86385 174617978 0 0
# scanned=1380522
# found=86
# cleaned=0
# scan_time=19174
sh=64A10080677CCE154432518DE19044D45FA4C54A ft=1 fh=c71c00113b026a7c vn="Variante von Win32/Adware.MultiPlug.EG Anwendung" ac=I fn="C:\$Recycle.Bin\S-1-5-21-2803228219-286040756-942108547-1000\$RU2UL7L\DWXrCPtUtRWR42.dll"
sh=90C78CCE3FC28035D0F6CB78AE184DF5F931BD43 ft=1 fh=8ed56cb4118f3842 vn="Variante von Win64/Adware.MultiPlug.F Anwendung" ac=I fn="C:\$Recycle.Bin\S-1-5-21-2803228219-286040756-942108547-1000\$RU2UL7L\DWXrCPtUtRWR42.x64.dll"
sh=E1627887B8D026176C8FDD3B47464994B6C6E75D ft=1 fh=c71c0011d1f04f44 vn="Variante von Win32/Adware.MultiPlug.EG Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\50CoUpOnso\KSG8TD7tNI2dID.dll.vir"
sh=0813518EC2DAEB0A49D7EE2C9482150CC0EB1136 ft=1 fh=c71c0011cf414413 vn="Variante von Win32/AdWare.MultiPlug.BN Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\50CoUpOnso\KSG8TD7tNI2dID.exe.vir"
sh=B4A902903F32E193135FDD59056BD3EA6F810E99 ft=1 fh=4abd756ec908c160 vn="Variante von Win64/Adware.MultiPlug.F Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\50CoUpOnso\KSG8TD7tNI2dID.x64.dll.vir"
sh=C2015DA2AB0A6BD7BA458E9A08F3CEE6C23CEFCF ft=1 fh=c71c0011e43d4b09 vn="Variante von Win32/Adware.MultiPlug.EG Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\BitSaVer\PHVOG1epn8U9T8.dll.vir"
sh=0813518EC2DAEB0A49D7EE2C9482150CC0EB1136 ft=1 fh=c71c0011cf414413 vn="Variante von Win32/AdWare.MultiPlug.BN Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\BitSaVer\PHVOG1epn8U9T8.exe.vir"
sh=7F1453C1ED4F42528282F9C9614CB1479A90B85D ft=1 fh=4abd756e0906e7c9 vn="Variante von Win64/Adware.MultiPlug.F Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\BitSaVer\PHVOG1epn8U9T8.x64.dll.vir"
sh=0813518EC2DAEB0A49D7EE2C9482150CC0EB1136 ft=1 fh=c71c0011cf414413 vn="Variante von Win32/AdWare.MultiPlug.BN Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\CCoupExtensIon\CCoupExtensIon.exe.vir"
sh=0813518EC2DAEB0A49D7EE2C9482150CC0EB1136 ft=1 fh=c71c0011cf414413 vn="Variante von Win32/AdWare.MultiPlug.BN Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\CheaaPMe\5kwF9A4iJbYVZG.exe.vir"
sh=0813518EC2DAEB0A49D7EE2C9482150CC0EB1136 ft=1 fh=c71c0011cf414413 vn="Variante von Win32/AdWare.MultiPlug.BN Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\CoupExtensiono\CoupExtensiono.exe.vir"
sh=0813518EC2DAEB0A49D7EE2C9482150CC0EB1136 ft=1 fh=c71c0011cf414413 vn="Variante von Win32/AdWare.MultiPlug.BN Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\DigiSavier\DigiSavier.exe.vir"
sh=0813518EC2DAEB0A49D7EE2C9482150CC0EB1136 ft=1 fh=c71c0011cf414413 vn="Variante von Win32/AdWare.MultiPlug.BN Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\DiscaoauNtEXteanSi\DiscaoauNtEXteanSi.exe.vir"
sh=0813518EC2DAEB0A49D7EE2C9482150CC0EB1136 ft=1 fh=c71c0011cf414413 vn="Variante von Win32/AdWare.MultiPlug.BN Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\DisucouunttExuteeNsi\DisucouunttExuteeNsi.exe.vir"
sh=0813518EC2DAEB0A49D7EE2C9482150CC0EB1136 ft=1 fh=c71c0011cf414413 vn="Variante von Win32/AdWare.MultiPlug.BN Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\DoWnSavE\98tOQQdP7WnWXK.exe.vir"
sh=A29CE6E035A8C0A6DF87BF8CC2DF27D093E59271 ft=1 fh=c71c0011bf530d8b vn="Variante von Win32/Adware.MultiPlug.EG Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\ExSSTTraCoupaon\lNtSgIO9AgWMcJ.dll.vir"
sh=0813518EC2DAEB0A49D7EE2C9482150CC0EB1136 ft=1 fh=c71c0011cf414413 vn="Variante von Win32/AdWare.MultiPlug.BN Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\ExSSTTraCoupaon\lNtSgIO9AgWMcJ.exe.vir"
sh=A7F249E6E51FF42FDCE2959B917A17BBA9637FC6 ft=1 fh=8ed56cb421b18009 vn="Variante von Win64/Adware.MultiPlug.F Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\ExSSTTraCoupaon\lNtSgIO9AgWMcJ.x64.dll.vir"
sh=9D93EC2563387B1CE6B52B5B37A2176AD73664DC ft=1 fh=c71c0011a93f6c37 vn="Variante von Win32/Adware.MultiPlug.EG Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\FInndBesstDeall\uonx9otKFFCbtC.dll.vir"
sh=A6F3304D171E9711C5D3264B6D30FF369EED84FF ft=1 fh=4abd756e52565346 vn="Variante von Win64/Adware.MultiPlug.F Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\FInndBesstDeall\uonx9otKFFCbtC.x64.dll.vir"
sh=0813518EC2DAEB0A49D7EE2C9482150CC0EB1136 ft=1 fh=c71c0011cf414413 vn="Variante von Win32/AdWare.MultiPlug.BN Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\FinndBeSttDeaal\FinndBeSttDeaal.exe.vir"
sh=0813518EC2DAEB0A49D7EE2C9482150CC0EB1136 ft=1 fh=c71c0011cf414413 vn="Variante von Win32/AdWare.MultiPlug.BN Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\FuNeDeials\Yh5LJjIgqVuTWP.exe.vir"
sh=0813518EC2DAEB0A49D7EE2C9482150CC0EB1136 ft=1 fh=c71c0011cf414413 vn="Variante von Win32/AdWare.MultiPlug.BN Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\JJoniCOupOn\FthbFcp6Y4kAZS.exe.vir"
sh=F1A3BFCFC052688020E05E4F30495788B90B9E1C ft=1 fh=c71c0011828efe71 vn="Variante von Win32/Adware.MultiPlug.EG Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\MinoImuemPrice\XzUPz9tcjFuwz3.dll.vir"
sh=DE07B6A229741C068CC701185B689E47FF08B66D ft=1 fh=bbdf2839debd73d8 vn="Variante von Win64/Adware.MultiPlug.F Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\MinoImuemPrice\XzUPz9tcjFuwz3.x64.dll.vir"
sh=0813518EC2DAEB0A49D7EE2C9482150CC0EB1136 ft=1 fh=c71c0011cf414413 vn="Variante von Win32/AdWare.MultiPlug.BN Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\NetoCouPoin\NetoCouPoin.exe.vir"
sh=0813518EC2DAEB0A49D7EE2C9482150CC0EB1136 ft=1 fh=c71c0011cf414413 vn="Variante von Win32/AdWare.MultiPlug.BN Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\RaNddoMPorrice\RaNddoMPorrice.exe.vir"
sh=7C120029D7B6A5EA32418BFAA40C1BF198192221 ft=1 fh=c71c00119fad19c9 vn="Variante von Win32/Adware.MultiPlug.EG Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\RandomPricee\W6XKKg63ETEuWS.dll.vir"
sh=0813518EC2DAEB0A49D7EE2C9482150CC0EB1136 ft=1 fh=c71c0011cf414413 vn="Variante von Win32/AdWare.MultiPlug.BN Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\RandomPricee\W6XKKg63ETEuWS.exe.vir"
sh=37B20CCFCB4B3801E2CC75ACDB2F3DE228A9C020 ft=1 fh=8ed56cb4421817df vn="Variante von Win64/Adware.MultiPlug.F Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\RandomPricee\W6XKKg63ETEuWS.x64.dll.vir"
sh=0813518EC2DAEB0A49D7EE2C9482150CC0EB1136 ft=1 fh=c71c0011cf414413 vn="Variante von Win32/AdWare.MultiPlug.BN Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\RegularDeaLis\IDleHEAJGdooIY.exe.vir"
sh=1A7D6927EB35B4758F32B9F30F829CAD74E0D8F5 ft=1 fh=c71c0011d0681230 vn="Variante von Win32/Adware.MultiPlug.EG Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SavveNEwaAappz\3Jg81P0OuieJ9s.dll.vir"
sh=3D7C01451A38FDE6E6668D52039A7AD528CBF9F3 ft=1 fh=8ed56cb44a136286 vn="Variante von Win64/Adware.MultiPlug.F Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SavveNEwaAappz\3Jg81P0OuieJ9s.x64.dll.vir"
sh=0813518EC2DAEB0A49D7EE2C9482150CC0EB1136 ft=1 fh=c71c0011cf414413 vn="Variante von Win32/AdWare.MultiPlug.BN Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SavveriExtiennsion\SavveriExtiennsion.exe.vir"
sh=0813518EC2DAEB0A49D7EE2C9482150CC0EB1136 ft=1 fh=c71c0011cf414413 vn="Variante von Win32/AdWare.MultiPlug.BN Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\ShopDroP\SHoPDrop.exe.vir"
sh=1CC0D139FE436F83B97841FBD81C70826C3328A9 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\kriD\AppData\Roaming\Mozilla\Firefox\Profiles\gyzs6mar.default-1422612487509\Extensions\7@2y.com\content\bg.js.vir"
sh=D95A50241BC4F042AF73EE5F01BA4E86890654A2 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\kriD\AppData\Roaming\Mozilla\Firefox\Profiles\gyzs6mar.default-1422612487509\Extensions\GLs9TK@uSKeR.edu\content\bg.js.vir"
sh=ED0665556E805389427EE5823B2149DF656D9E80 ft=1 fh=c71c0011f7444cf3 vn="Variante von Win32/SProtector.N evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\SystemHero\SystemHero.dll"
sh=28A3140EE5066D98F4D787711FFAAF300AE081B0 ft=1 fh=74bc3bfe2c8d64d2 vn="Variante von Win32/InstallCore.OZ evtl. unerwünschte Anwendung" ac=I fn="C:\Users\kriD\AppData\Local\Temp\ICReinstall_PureSyncInst_CB-DL-Manager.exe"
sh=3F657E0C306BDFFCE83CBE893361FC422EE29602 ft=1 fh=c71c00112fc3fa67 vn="Variante von Win32/Adware.MultiPlug.DX Anwendung" ac=I fn="C:\Users\kriD\AppData\Local\Temp\CBbe\temp\putfu.exe"
sh=30457F7CFBCDA8749B9CD92F573741C817F1503F ft=1 fh=28278fd3183d6da2 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\kriD\AppData\Local\Temp\DMR\dmr_72.exe"
sh=53640556A012DF022817F54A1B80AC6000496BF4 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Users\kriD\Desktop\Alte Firefox-Daten\qbdotb1d.default\extensions\0kRInQ6@o.edu\content\bg.js"
sh=2691298211B2BCD21B5A6A6CB098E81AD2B3EEDC ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Users\kriD\Desktop\Alte Firefox-Daten\qbdotb1d.default\extensions\xU@vzN.net\content\bg.js"
sh=365C95D6C54AD4226A699CC1CA3B4290FC7A6854 ft=1 fh=ce963cbe80fb91ce vn="Variante von Win32/Adware.MultiPlug.ED Anwendung" ac=I fn="E:\$RECYCLE.BIN\S-1-5-21-2803228219-286040756-942108547-1000\$R34W39A.exe"
sh=27DBC4DC9E3B9C791227DB9E2436462E1FCF7439 ft=1 fh=21f2ddd672e7abf4 vn="Variante von Win32/Adware.MultiPlug.DV Anwendung" ac=I fn="E:\$RECYCLE.BIN\S-1-5-21-2803228219-286040756-942108547-1000\$RIDRFTG.exe"
sh=480CA45B4367DE9C401F6A2DDD91C22385488DE0 ft=1 fh=74bc3bfeef23f82b vn="Variante von Win32/InstallCore.OZ evtl. unerwünschte Anwendung" ac=I fn="E:\Downloads\allwaysync-14-2-1_CB-DL-Manager.exe"
sh=8FFB3B536DC9EC02797B24756E40C14D86CD2C30 ft=1 fh=6b0d589e7313d044 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="E:\Downloads\PureSync - CHIP-Installer.exe"
sh=28A3140EE5066D98F4D787711FFAAF300AE081B0 ft=1 fh=74bc3bfe2c8d64d2 vn="Variante von Win32/InstallCore.OZ evtl. unerwünschte Anwendung" ac=I fn="E:\Downloads\PureSyncInst_CB-DL-Manager.exe"
sh=709147DF74C2CE4DB824D3DC9FACF1721E46044D ft=1 fh=e1d9858cfd078f8f vn="Win32/DownWare.L evtl. unerwünschte Anwendung" ac=I fn="E:\Downloads\DAEMON Tools Ultra v2.3.0.0254\DAEMONToolsUltra230-0254.exe"
sh=1C6141995E1D8FC397D3223698E7E5469E5138BD ft=1 fh=8d455c80efd69aaf vn="Variante von Win32/Packed.ExeScript.B Trojaner" ac=I fn="E:\Installer\Software\Windows\Windows 7 Professional (x64) - DVD (German)\W7_HACKS_2009-12-26\W7_HACKS_2009-12-26\BIOS SLIC 2.1\PubKeyCompare 1.0.0.5\PubKeyCompare.exe"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="Variante von Win32/Packed.VMProtect.AAH Trojaner" ac=I fn="E:\Installer\Spiele\Action\Batman\Installer\TVM_BAAGOTY.iso"
sh=8992F72873D09212597E582A16F8D9BC60E6A22A ft=1 fh=e21391a34e842ffc vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="G:\Program Files (x86)\Common Files\DVDVideoSoft\TB\ConduitInstaller.exe"
sh=6C9E7B18FFB2150FABC06B89F4BBF1D1566406D0 ft=1 fh=c71c0011b2640ec9 vn="Variante von Win32/AdWare.MultiPlug.N Anwendung" ac=I fn="G:\ProgramData\CheaPMe\PYsTn.dll"
sh=C150A0A721A17F6B93193DB567514B96ED85759C ft=1 fh=c71c0011543901fc vn="Variante von Win32/AdWare.MultiPlug.K.gen Anwendung" ac=I fn="G:\ProgramData\CheaPMe\PYsTn.exe"
sh=21401181B5A1203FEE6D3E9706570A453E0EAC5D ft=1 fh=c71c00114e7d76fd vn="Variante von Win64/Adware.MultiPlug.A Anwendung" ac=I fn="G:\ProgramData\CheaPMe\PYsTn.x64.dll"
sh=EB2950551BAB8E070C0DA97976A4073E564D3172 ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.EB Anwendung" ac=I fn="G:\ProgramData\effdpkepolgkheoggeeeniakkjmafemo\effdpkepolgkheoggeeeniakkjmafemo.crx"
sh=C1A21E507D657B76B9CEA0FBC4DED8014E071A8B ft=1 fh=c71c001166730531 vn="Variante von Win32/AdWare.MultiPlug.N Anwendung" ac=I fn="G:\ProgramData\EnijoyCoooUpon\tg0a.dll"
sh=D8F7151E6B8464D846365C45F43633432EE71005 ft=1 fh=c71c00111dcff634 vn="Variante von Win32/AdWare.MultiPlug.K.gen Anwendung" ac=I fn="G:\ProgramData\EnijoyCoooUpon\tg0a.exe"
sh=3A4CE0F81B4A07254ABEE79041A38FCFF32D0C0A ft=1 fh=c71c00116d4495d1 vn="Variante von Win64/Adware.MultiPlug.A Anwendung" ac=I fn="G:\ProgramData\EnijoyCoooUpon\tg0a.x64.dll"
sh=6F7DA0B999F2A216A65FC4F4740D1E37BF8D3DAD ft=1 fh=c71c0011adf2139a vn="Variante von Win32/AdWare.MultiPlug.T Anwendung" ac=I fn="G:\ProgramData\Fuon2Save\jETVXwb.dll"
sh=0BFE90FAB6F10C0104F69A06184B63F7FBDBFD93 ft=1 fh=c71c0011f25c11fd vn="Variante von Win32/AdWare.MultiPlug.T Anwendung" ac=I fn="G:\ProgramData\Fuon2Save\jETVXwb.exe"
sh=17B24E567626BE32B4ED4541A957BA3EC1E8DA41 ft=1 fh=c71c0011b9dd8ce9 vn="Variante von Win64/Adware.MultiPlug.C Anwendung" ac=I fn="G:\ProgramData\Fuon2Save\jETVXwb.x64.dll"
sh=A8D5583340E2684DEEB5912427BD3AAF510739FB ft=1 fh=8a74790661716c26 vn="Variante von Win32/InstalleRex.U evtl. unerwünschte Anwendung" ac=I fn="G:\ProgramData\InstallMate\{AA752434-D6D7-4F1E-ADF5-9EF5719606C2}\_Setupx.dll"
sh=8F1C8EE7CA80E2CA8132B19F2A2E022C734E5D35 ft=1 fh=1de9b2a4fa1a759e vn="Variante von Win32/InstalleRex.T evtl. unerwünschte Anwendung" ac=I fn="G:\ProgramData\InstallMate\{EC08794D-8D0E-4238-A0D3-C52C37EB5BBB}\_Setupx.dll"
sh=917BA977A92A4F64557A4F7E9D9E8A87315BB79B ft=1 fh=c71c00111fafff46 vn="Variante von Win32/SProtector.L evtl. unerwünschte Anwendung" ac=I fn="G:\ProgramData\KeepnBrowse\KeepnBrowse.dll"
sh=597106BFFB15AD6E940F5CA7773E4249911ADAF3 ft=1 fh=e0a230b041adda0e vn="Variante von Win32/SProtector.D evtl. unerwünschte Anwendung" ac=I fn="G:\ProgramData\KeepnBrowse\KeepnBrowseSvc.dll"
sh=74853AE634412091357A6E2F8D0622AF5D7B867A ft=1 fh=c71c0011afa4f21a vn="Variante von Win64/SProtector.B evtl. unerwünschte Anwendung" ac=I fn="G:\ProgramData\KeepnBrowse\KeepnBrowse_x64.dll"
sh=412953110392AFC39361BA593C063F8C12CB4946 ft=1 fh=c71c001101371752 vn="Variante von Win32/AdWare.MultiPlug.Y Anwendung" ac=I fn="G:\ProgramData\NetooCoupon\rs_pah.dll"
sh=C4C1A11001A833F3C634301F21DF83099786A28E ft=1 fh=c71c00117197e7c5 vn="Variante von Win32/AdWare.MultiPlug.Y Anwendung" ac=I fn="G:\ProgramData\NetooCoupon\rs_pah.exe"
sh=39713544B2A9278CDD1D7609A5371CEF6C512964 ft=1 fh=c71c00119e3b8840 vn="Variante von Win64/Adware.MultiPlug.D Anwendung" ac=I fn="G:\ProgramData\NetooCoupon\rs_pah.x64.dll"
sh=D2353A0CD90F5B3186F3309FE6DE81D40DF6462A ft=1 fh=c71c0011a6d8ee5d vn="Variante von Win32/AdWare.MultiPlug.N Anwendung" ac=I fn="G:\ProgramData\RRoboSavvEr\jvmtbH.dll"
sh=4269ACDD607F43005F345EA5604026FEBFD17193 ft=1 fh=c71c00117f8f9250 vn="Variante von Win32/AdWare.MultiPlug.K.gen Anwendung" ac=I fn="G:\ProgramData\RRoboSavvEr\jvmtbH.exe"
sh=9797A6C13CB227E1BECF34EB64191533D292E94C ft=1 fh=c71c001160bedab5 vn="Variante von Win64/Adware.MultiPlug.A Anwendung" ac=I fn="G:\ProgramData\RRoboSavvEr\jvmtbH.x64.dll"
sh=A5CE595C65CF399581438ED620B908852EC512AD ft=1 fh=c71c001117b5bec4 vn="Variante von Win32/AdWare.MultiPlug.AY Anwendung" ac=I fn="G:\ProgramData\SavveLOets\1Xb.dll"
sh=0EDEFA987AD96277656D30D6BBE9E36FF8096603 ft=1 fh=c71c001158d95df3 vn="Variante von Win32/AdWare.MultiPlug.AG Anwendung" ac=I fn="G:\ProgramData\SavveLOets\1Xb.exe"
sh=6E0310BC5898C7AB68EF5B2FFB865BB3BF55C00E ft=1 fh=c71c001137a342b5 vn="Variante von Win64/Adware.MultiPlug.D Anwendung" ac=I fn="G:\ProgramData\SavveLOets\1Xb.x64.dll"
sh=3EED9C2D98A89B750303E8A32955EBBE150545A1 ft=1 fh=c71c0011a1d86ab2 vn="Variante von Win32/AdWare.MultiPlug.N Anwendung" ac=I fn="G:\ProgramData\YouTUAdBlockeR\19drYwVHc.dll"
sh=5CB443FC2A8663D298ECB3D913F8208785235642 ft=1 fh=c71c0011a1016622 vn="Variante von Win32/AdWare.MultiPlug.K.gen Anwendung" ac=I fn="G:\ProgramData\YouTUAdBlockeR\19drYwVHc.exe"
sh=C6B68E00CD7F11E2CDD35F2273ACD2E56DB78EDE ft=1 fh=c71c00114b6ea686 vn="Variante von Win64/Adware.MultiPlug.A Anwendung" ac=I fn="G:\ProgramData\YouTUAdBlockeR\19drYwVHc.x64.dll"
sh=22AF448EFE218A16CAE70C43D1A54DB25CA01C47 ft=1 fh=68e16631a81d0e2a vn="Win32/InstalleRex.K evtl. unerwünschte Anwendung" ac=I fn="G:\Users\kriD\AppData\Local\Temp\d6fjQXoY.exe.part"
sh=9E71E95FC770FB1B29B75ABF22A74B29AEB95299 ft=1 fh=4d0471d49ca62664 vn="Win32/InstalleRex.L evtl. unerwünschte Anwendung" ac=I fn="G:\Users\kriD\AppData\Local\Temp\jD4Y94Mr.exe.part"
sh=264F75DBB28C3B29CB7D22DD0AC98F1CA53D35D9 ft=1 fh=2437f72e9ca62664 vn="Win32/InstalleRex.L evtl. unerwünschte Anwendung" ac=I fn="G:\Users\kriD\AppData\Local\Temp\V3XmEL0v.exe.part"
sh=16068B8977B4DC562AE782D91BC009472667E331 ft=1 fh=c3b5a87b7d152749 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="G:\Users\kriD\AppData\Local\Temp\OCS\ocs_v71a.exe"
sh=7FD3DB54264A63C00B3B3894B8F9C76E86215068 ft=1 fh=f8300a0c77a4950c vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="G:\Users\kriD\AppData\Local\Temp\OCS\ocs_v8.exe"
sh=49D97AA8F4BDC7588ADA917DA5866EF59937C402 ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.EK Anwendung" ac=I fn="G:\Users\kriD\AppData\Roaming\Mozilla\Firefox\Profiles\qzz7vwzx.default\extensions\u2j_03y@uyacom-.com\content\bg.js"
sh=8B179DB33F881C928795BEF9521101A9A78C69F2 ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.EK Anwendung" ac=I fn="G:\Users\kriD\AppData\Roaming\Mozilla\Firefox\Profiles\qzz7vwzx.default\extensions\wipr_o61@sttpovd-.com\content\bg.js"
         
Die Sachen jedoch dicht von ESET löschen oder deinstallieren lassen. Das hatte ich bei einem früheren Versich schon Probiert, hat jedoch keinen Erfolg gebracht.

8)OTH Process Killer, damit Malwarebytes ausgeführt (Keinen Fund!)
danach Reboot

Vorhin ging das ganze Spiel jedoch wieder von vorne los und es wurden zwei neue Addons im FF installiert. Bin mittlerweile Ratlos und frage dahier hier um Hilfe. Wer hat Erfahrung damit und kann mir aus der Patsche helfen?

Vielen Dank im Voraus und liebe Grüße,
kriD_

Alt 03.02.2015, 20:20   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Firefox: Werbe-Addons installieren sich selbsständig neu - Standard

Firefox: Werbe-Addons installieren sich selbsständig neu



hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________

__________________

Alt 03.02.2015, 20:39   #3
kriD_
 
Firefox: Werbe-Addons installieren sich selbsständig neu - Standard

FRST Logs



Danke für die schnelle Rückmeldung! Hier die beiden log Files:
FRST.txt:
FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-02-2015
Ran by kriD (administrator) on KRID-PC on 03-02-2015 21:36:52
Running from C:\Users\kriD\Downloads
Loaded Profiles: kriD (Available profiles: kriD)
Platform: Windows 7 Professional N Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Native Instruments GmbH) C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Safer-Networking Ltd.) D:\Tools\Spybot - Search & Destroy 2\SDFSSvc.exe
(SteelSeries ApS) D:\Tools\SteelSeries Engine\SteelSeriesEngine.exe
(Jumping Bytes) D:\Tools\PureSync\PureSyncTray.exe
(Sand Studio) D:\Tools\Airdroid\AirDroid.exe
(Dropbox, Inc.) C:\Users\kriD\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Piotr Pawlowski) D:\Tools\foobar2000\foobar2000.exe
() C:\Users\kriD\Documents\Rainmeter\Skins\WP7\@Resources\Common\Settings\Omnimo.exe
() D:\Tools\Rainmeter\Rainmeter.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDPOP3.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDCountdown.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe
(Wacom Technology) C:\Program Files\Tablet\Wacom\WacomHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
(Telegram Messenger LLP) D:\Tools\Telegram\Telegram.exe
(Safer-Networking Ltd.) D:\Tools\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe
(Mozilla Corporation) D:\Tools\Thunderbird\thunderbird.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_296.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_296.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [10801944 2014-07-28] (Logitech Inc.)
HKLM Group Policy restriction on software: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\Adobe Application Manager (Updater) <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <====== ATTENTION
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-2803228219-286040756-942108547-1000\...\Run: [SteelSeries Engine] => D:\Tools\SteelSeries Engine\SteelSeriesEngine.exe [87040 2014-06-26] (SteelSeries ApS)
HKU\S-1-5-21-2803228219-286040756-942108547-1000\...\Run: [PureSync] => D:\Tools\PureSync\PureSyncTray.exe [915120 2014-08-09] (Jumping Bytes)
HKU\S-1-5-21-2803228219-286040756-942108547-1000\...\Run: [AirDroid 3] => D:\Tools\Airdroid\AirDroid.exe [11269120 2015-01-27] (Sand Studio)
HKU\S-1-5-21-2803228219-286040756-942108547-1000\...\MountPoints2: {81cad001-086c-11e4-8a00-ac220bc55b58} - H:\SETUP.EXE
Startup: C:\Users\kriD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\kriD\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\kriD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\foobar2000.lnk
ShortcutTarget: foobar2000.lnk -> D:\Tools\foobar2000\foobar2000.exe (Piotr Pawlowski)
Startup: C:\Users\kriD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Omnimo.lnk
ShortcutTarget: Omnimo.lnk -> C:\Users\kriD\Documents\Rainmeter\Skins\WP7\@Resources\Common\Settings\Omnimo.exe ()
Startup: C:\Users\kriD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk
ShortcutTarget: Rainmeter.lnk -> D:\Tools\Rainmeter\Rainmeter.exe ()
Startup: C:\Users\kriD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Telegram.lnk
ShortcutTarget: Telegram.lnk -> D:\Tools\Telegram\Telegram.exe (Telegram Messenger LLP)
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 1 (GFS Unread Stub)] -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} => D:\Tools\Microsoft Office 2007\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 2 (GFS Stub)] -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => D:\Tools\Microsoft Office 2007\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)] -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} => D:\Tools\Microsoft Office 2007\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 3 (GFS Folder)] -> {16F3DD56-1AF5-4347-846D-7C10C4192619} => D:\Tools\Microsoft Office 2007\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 4 (GFS Unread Mark)] -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => D:\Tools\Microsoft Office 2007\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BootExecute: autocheck autochk * sdnclean64.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: DIsccounatExTEnsi -> {2d876fe6-4945-4a54-afac-1ce4c1aacdc6} -> C:\Program Files (x86)\DIsccounatExTEnsi\vBNcsMj6GUSwUE.x64.dll ()
BHO: NNeotoCoupon -> {b23c2b1e-e9cb-4cfb-a43e-fced142ab25e} -> C:\Program Files (x86)\NNeotoCoupon\YKT9uAgBXrHCS9.x64.dll ()
BHO-x32: DIsccounatExTEnsi -> {2d876fe6-4945-4a54-afac-1ce4c1aacdc6} -> C:\Program Files (x86)\DIsccounatExTEnsi\vBNcsMj6GUSwUE.dll ()
BHO-x32: NNeotoCoupon -> {b23c2b1e-e9cb-4cfb-a43e-fced142ab25e} -> C:\Program Files (x86)\NNeotoCoupon\YKT9uAgBXrHCS9.dll ()
Handler-x32: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\Tools\Microsoft Office 2007\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\kriD\AppData\Roaming\Mozilla\Firefox\Profiles\kznrb15f.default-1422967902742
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll ()
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF HKLM-x32\...\Firefox\Extensions: [{8AA36F4F-6DC7-4c06-77AF-5035170634FE}] - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox
FF Extension: Citavi Picker - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2014-12-06]

Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 7baa6e25; c:\Program Files (x86)\SystemHero\SystemHero.dll [2508800 2015-01-10] () [File not signed]
S4 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.01.01\atkexComSvc.exe [927232 2012-10-29] ()
S4 Disc Soft Bus Service; D:\Tools\DAEMON Tools Ultra\DiscSoftBusService.exe [813328 2014-04-28] (Disc Soft Ltd)
S3 Microsoft Office Groove Audit Service; D:\Tools\Microsoft Office 2007\Office12\GrooveAuditService.exe [65824 2006-10-26] (Microsoft Corporation)
R2 SDScannerService; D:\Tools\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDWSCService; D:\Tools\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S4 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [635160 2014-04-21] (Wacom Technology, Corp.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 androidusb; C:\Windows\System32\Drivers\androidusb.sys [36256 2009-11-13] (Google Inc) [File not signed]
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2012-08-21] ()
R3 dtscsibus; C:\Windows\System32\DRIVERS\dtscsibus.sys [29696 2014-07-08] (Disc Soft Ltd)
R3 ks2avs; C:\Windows\System32\Drivers\ks2avs.sys [359784 2012-12-18] (Native Instruments GmbH)
R3 ks2usb_svc; C:\Windows\System32\Drivers\ks2usb.sys [83816 2012-12-18] (Native Instruments GmbH)
R3 SAlphamHid; C:\Windows\System32\DRIVERS\SAlpham64.sys [39168 2014-05-27] (SteelSeries Corporation)
S3 GPU-Z; \??\C:\Users\kriD\AppData\Local\Temp\GPU-Z.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-03 21:36 - 2015-02-03 21:36 - 00011354 _____ () C:\Users\kriD\Downloads\FRST.txt
2015-02-03 21:36 - 2015-02-03 21:36 - 00000000 ____D () C:\FRST
2015-02-03 21:35 - 2015-02-03 21:36 - 02131456 _____ (Farbar) C:\Users\kriD\Downloads\FRST64.exe
2015-02-03 20:00 - 2015-02-03 20:00 - 00000000 ____D () C:\ProgramData\13523111935511328913
2015-02-03 20:00 - 2015-02-03 20:00 - 00000000 ____D () C:\Program Files (x86)\SimpleClear
2015-02-03 20:00 - 2015-02-03 20:00 - 00000000 ____D () C:\Program Files (x86)\NNeotoCoupon
2015-02-03 20:00 - 2015-02-03 20:00 - 00000000 ____D () C:\Program Files (x86)\EneJoayCooupoN
2015-02-03 20:00 - 2015-02-03 20:00 - 00000000 ____D () C:\Program Files (x86)\DIsccounatExTEnsi
2015-02-03 20:00 - 2015-02-03 20:00 - 00000000 ____D () C:\Program Files (x86)\DigiSaveR
2015-02-03 20:00 - 2015-02-03 20:00 - 00000000 ____D () C:\Program Files (x86)\DigiCouPOnn
2015-02-03 19:30 - 2015-02-03 19:30 - 00010359 _____ () C:\Users\kriD\Desktop\eset save.txt
2015-02-03 14:06 - 2015-02-03 14:06 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-02-03 14:05 - 2015-02-03 14:05 - 00001794 _____ () C:\Users\kriD\Desktop\sc-cleaner.txt
2015-02-03 14:04 - 2015-02-03 14:04 - 00000626 _____ () C:\Users\kriD\Desktop\JRT.txt
2015-02-03 14:02 - 2015-02-03 14:02 - 00004683 _____ () C:\Users\kriD\Desktop\AdwCleaner[S7]after reboot.txt
2015-02-03 14:02 - 2015-02-02 19:13 - 01388274 _____ (Thisisu) C:\Users\kriD\Desktop\JRT_NEW.exe
2015-02-03 14:00 - 2015-02-03 14:00 - 00004622 _____ () C:\Users\kriD\Desktop\AdwCleaner[R9].txt
2015-02-03 13:46 - 2015-02-03 13:47 - 00000049 _____ () C:\Users\kriD\Desktop\adresse.txt
2015-02-03 13:41 - 2015-02-03 13:41 - 00000000 ____D () C:\Program Files (x86)\Facebook Chat Platinum
2015-02-02 22:00 - 2015-02-02 22:00 - 00000000 ____D () C:\Users\kriD\Documents\ProcAlyzer Dumps
2015-02-02 22:00 - 2015-02-02 22:00 - 00000000 ____D () C:\Program Files (x86)\NBA Live News
2015-02-02 21:38 - 2015-02-02 21:40 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-02-02 21:38 - 2015-02-02 21:38 - 00000957 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2015-02-02 21:38 - 2015-02-02 21:38 - 00000957 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2015-02-02 21:38 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2015-02-02 20:58 - 2015-02-02 20:58 - 00000000 ____D () C:\Program Files (x86)\Fuskr
2015-02-02 18:03 - 2014-10-18 03:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2015-02-02 18:03 - 2014-10-18 02:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2015-02-02 18:03 - 2014-07-07 03:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2015-02-02 18:03 - 2014-07-07 03:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2015-02-02 18:03 - 2014-07-07 03:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2015-02-02 18:03 - 2014-07-07 03:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2015-02-02 18:03 - 2014-07-07 02:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2015-02-02 18:03 - 2014-07-07 02:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2015-02-02 18:03 - 2014-07-07 02:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2015-02-02 18:03 - 2014-07-07 02:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2015-02-02 18:01 - 2014-11-27 02:43 - 00389296 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-02-02 18:01 - 2014-11-27 02:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-02-02 18:01 - 2014-11-22 04:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-02-02 18:01 - 2014-11-22 04:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-02-02 18:01 - 2014-11-22 03:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-02-02 18:01 - 2014-11-22 03:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-02 18:01 - 2014-11-22 03:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-02-02 18:01 - 2014-11-22 03:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-02-02 18:01 - 2014-11-22 03:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-02-02 18:01 - 2014-11-22 03:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-02-02 18:01 - 2014-11-22 03:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-02-02 18:01 - 2014-11-22 03:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-02-02 18:01 - 2014-11-22 03:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-02-02 18:01 - 2014-11-22 03:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-02-02 18:01 - 2014-11-22 03:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-02-02 18:01 - 2014-11-22 03:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-02-02 18:01 - 2014-11-22 03:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-02-02 18:01 - 2014-11-22 03:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-02-02 18:01 - 2014-11-22 02:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-02-02 18:01 - 2014-11-22 02:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-02-02 18:01 - 2014-11-22 02:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-02-02 18:01 - 2014-11-22 02:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-02-02 18:01 - 2014-11-22 02:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-02-02 18:01 - 2014-11-22 02:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-02 18:01 - 2014-11-22 02:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-02-02 18:01 - 2014-11-22 02:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-02 18:01 - 2014-11-22 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-02-02 18:01 - 2014-11-22 02:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-02-02 18:01 - 2014-11-22 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-02-02 18:01 - 2014-11-22 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-02-02 18:01 - 2014-11-22 02:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-02-02 18:01 - 2014-11-22 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-02-02 18:01 - 2014-11-22 02:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-02-02 18:01 - 2014-11-22 02:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-02-02 18:01 - 2014-11-22 02:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-02 18:01 - 2014-11-22 02:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-02-02 18:01 - 2014-11-22 02:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-02-02 18:01 - 2014-11-22 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-02-02 18:01 - 2014-11-22 01:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-02-02 18:00 - 2014-11-22 04:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-02 18:00 - 2014-11-22 03:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-02 18:00 - 2014-11-22 03:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-02-02 18:00 - 2014-11-22 03:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-02-02 18:00 - 2014-11-22 03:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-02-02 18:00 - 2014-11-22 03:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-02-02 18:00 - 2014-11-22 03:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-02 18:00 - 2014-11-22 03:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-02-02 18:00 - 2014-11-22 03:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-02 18:00 - 2014-11-22 03:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-02-02 18:00 - 2014-11-22 03:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-02 18:00 - 2014-11-22 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-02-02 18:00 - 2014-11-22 02:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-02-02 18:00 - 2014-11-22 02:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-02 18:00 - 2014-11-22 02:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-02-02 18:00 - 2014-11-22 02:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-02 18:00 - 2014-11-22 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-02-02 17:59 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-02-02 17:59 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-02-02 17:59 - 2014-12-12 06:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-02-02 17:59 - 2014-12-12 06:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-02-02 17:59 - 2014-12-12 06:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-02-02 17:59 - 2014-12-12 06:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-02-02 17:59 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-02-02 17:59 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-02-02 17:59 - 2014-12-12 06:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-02-02 17:59 - 2014-12-11 18:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-02-02 17:59 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-02-02 17:59 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-02-02 17:59 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-02-02 17:59 - 2014-11-11 04:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-02 17:59 - 2014-11-11 04:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-02-02 17:59 - 2014-11-11 04:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2015-02-02 17:59 - 2014-11-11 03:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-02-02 17:59 - 2014-11-11 03:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-02-02 17:59 - 2014-11-11 03:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2015-02-02 17:59 - 2014-11-11 02:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2015-02-02 17:59 - 2014-11-08 04:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2015-02-02 17:59 - 2014-11-08 03:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2015-02-02 17:59 - 2014-10-30 03:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2015-02-02 17:59 - 2014-10-30 02:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe
2015-02-02 17:59 - 2014-10-14 03:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-02-02 17:59 - 2014-10-14 03:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2015-02-02 17:59 - 2014-10-14 03:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-02-02 17:59 - 2014-10-14 03:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-02-02 17:59 - 2014-10-14 03:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-02-02 17:59 - 2014-10-14 02:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-02-02 17:59 - 2014-10-14 02:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-02-02 17:59 - 2014-10-14 02:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-02-02 17:59 - 2014-10-14 02:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-02-02 17:59 - 2014-10-03 03:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2015-02-02 17:59 - 2014-10-03 03:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-02-02 17:59 - 2014-10-03 03:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2015-02-02 17:59 - 2014-10-03 03:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2015-02-02 17:59 - 2014-10-03 03:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2015-02-02 17:59 - 2014-10-03 03:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-02-02 17:59 - 2014-10-03 03:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-02-02 17:59 - 2014-10-03 03:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-02-02 17:59 - 2014-10-03 03:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-02-02 17:59 - 2014-10-03 03:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2015-02-02 17:59 - 2014-10-03 02:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2015-02-02 17:59 - 2014-10-03 02:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
2015-02-02 17:59 - 2014-10-03 02:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2015-02-02 17:59 - 2014-10-03 02:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2015-02-02 17:59 - 2014-10-03 02:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2015-02-02 17:59 - 2014-10-03 02:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2015-02-02 17:59 - 2014-10-03 02:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
2015-02-02 17:59 - 2014-10-03 02:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2015-02-02 17:59 - 2014-09-19 10:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-02-02 17:59 - 2014-09-19 10:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-02-02 17:59 - 2014-09-19 10:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-02-02 17:59 - 2014-09-19 10:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-02-02 17:59 - 2014-09-19 10:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-02-02 17:59 - 2014-09-19 10:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-02-02 17:59 - 2014-09-19 10:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-02-02 17:59 - 2014-09-19 10:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-02-02 17:59 - 2014-09-19 10:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-02-02 17:59 - 2014-09-19 10:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-02-02 17:59 - 2014-09-19 10:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-02-02 17:59 - 2014-09-19 10:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-02-02 17:59 - 2014-08-21 07:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-02-02 17:59 - 2014-08-21 07:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-02-02 17:59 - 2014-08-21 07:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-02-02 17:59 - 2014-08-21 07:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-02-02 17:59 - 2014-08-12 03:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2015-02-02 17:59 - 2014-08-12 02:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2015-02-02 17:58 - 2014-10-25 02:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2015-02-02 17:58 - 2014-10-25 02:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2015-02-02 17:58 - 2014-10-18 03:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-02 17:58 - 2014-10-18 02:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-02-02 17:58 - 2014-10-14 03:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-02-02 17:58 - 2014-10-14 02:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2015-02-02 17:58 - 2014-10-10 01:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-02 17:39 - 2015-02-02 17:39 - 00000703 _____ () C:\Users\kriD\Desktop\Revo Uninstaller.lnk
2015-02-02 10:16 - 2015-02-02 10:16 - 00000262 _____ () C:\Users\kriD\Desktop\Video Downloader entfernen - Trojaner-Board.URL
2015-02-02 10:14 - 2015-02-02 10:14 - 00000000 ____D () C:\Program Files (x86)\Download Button
2015-02-01 21:14 - 2015-02-01 21:14 - 00000000 ____D () C:\Program Files (x86)\DubLi Toolbar
2015-02-01 12:54 - 2015-02-01 12:54 - 00000000 ____D () C:\Program Files (x86)\Tab Resize split screen layouts
2015-01-31 20:59 - 2015-01-31 20:59 - 00000000 ____D () C:\Program Files (x86)\Fairy Tail Fighting
2015-01-30 12:11 - 2015-01-30 12:11 - 00000260 _____ () C:\Users\kriD\Desktop\CouponDropDown entfernen - Trojaner-Board.URL
2015-01-30 12:11 - 2015-01-30 12:11 - 00000000 ____D () C:\Windows\ERUNT
2015-01-30 12:03 - 2015-02-02 21:28 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-01-30 12:02 - 2015-02-02 21:28 - 00000000 ____D () C:\Users\kriD\Desktop\mbar
2015-01-30 11:37 - 2015-01-30 11:37 - 00000000 ____D () C:\Program Files (x86)\UGamesFree
2015-01-30 10:33 - 2015-01-30 10:33 - 00000000 ____D () C:\Program Files (x86)\Extreme User Agent Switcher
2015-01-29 10:43 - 2015-01-29 10:43 - 00000000 ____D () C:\Program Files (x86)\MetaProducts Offline Explorer integration
2015-01-29 10:15 - 2015-01-29 10:15 - 00000242 _____ () C:\Users\kriD\Desktop\how do i remove ads by coupon drop down from my browser i never installed it and it is not an add-on. it is not in my addrem.URL
2015-01-29 09:50 - 2015-01-29 10:21 - 00000000 ____D () C:\Program Files (x86)\Emotee
2015-01-29 03:04 - 2015-02-03 19:34 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-29 02:53 - 2015-02-02 20:39 - 00097496 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-29 02:53 - 2015-01-29 02:53 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-29 02:53 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-01-29 02:53 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-01-28 12:29 - 2015-02-03 14:00 - 00000000 ____D () C:\AdwCleaner
2015-01-27 00:05 - 2015-01-27 00:05 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-24 22:23 - 2015-01-24 22:23 - 00000244 _____ () C:\Users\kriD\Desktop\Alfie Utility - Utility CaseGlassesPens.URL
2015-01-24 22:23 - 2015-01-24 22:23 - 00000233 _____ () C:\Users\kriD\Desktop\Pinterest.URL
2015-01-24 16:54 - 2015-01-24 20:52 - 01207492 _____ () C:\Users\kriD\Desktop\cutting pattern initial signs.psd
2015-01-20 21:06 - 2015-01-20 21:06 - 635104812 _____ () C:\Users\kriD\Desktop\IloveMUSIC wallpaper.psd
2015-01-18 19:31 - 2015-01-18 22:04 - 07454907 _____ () C:\Users\kriD\Desktop\handy cover cutting pattern.psd
2015-01-16 21:48 - 2015-01-20 21:24 - 12562263 _____ () C:\Users\kriD\Desktop\cutting pattern small wallet leo disassembled.psd
2015-01-16 19:51 - 2015-01-16 19:51 - 00897534 _____ () C:\Users\kriD\Desktop\button scribble.psd
2015-01-15 21:01 - 2015-01-23 20:51 - 12467407 _____ () C:\Users\kriD\Desktop\cutting pattern small wallet leo.psd
2015-01-15 01:59 - 2015-01-15 01:59 - 110381935 _____ () C:\Users\kriD\Desktop\wallpaper organic.psd
2015-01-13 21:58 - 2015-01-13 21:58 - 00000247 _____ () C:\Users\kriD\Desktop\Ring Belts.URL
2015-01-13 21:57 - 2015-01-13 21:57 - 00000273 _____ () C:\Users\kriD\Desktop\CoRLection Santa Rosa by HTC Ying Yang Double Ring belt.URL
2015-01-10 20:14 - 2015-01-11 03:41 - 00000000 ____D () C:\Program Files (x86)\SystemHero
2015-01-08 17:33 - 2015-01-08 17:33 - 00000427 _____ () C:\Users\kriD\Desktop\TomorrowLand 2015 - Be part of the madness.URL
2015-01-08 00:29 - 2015-01-08 00:29 - 00000132 _____ () C:\Users\kriD\AppData\Roaming\Adobe AIFF Format CS5 Prefs
2015-01-05 12:07 - 2015-01-05 12:07 - 00000253 _____ () C:\Users\kriD\Desktop\Remove Deals Plugin extension (Uninstall Guide).URL
2015-01-05 12:06 - 2015-02-03 13:51 - 00000000 ____D () C:\Users\kriD\Desktop\Alte Firefox-Daten
2015-01-04 22:32 - 2015-01-04 22:32 - 00000283 _____ () C:\Users\kriD\Desktop\Montage Parodies Best of 2014 Awards Winners! montageparodies.URL

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-03 21:20 - 2014-12-08 20:54 - 00000000 ____D () C:\Users\kriD\Documents\AirDroid
2015-02-03 19:47 - 2009-07-14 05:50 - 00019920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-03 19:47 - 2009-07-14 05:50 - 00019920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-03 19:46 - 2011-04-12 09:14 - 00699092 _____ () C:\Windows\system32\perfh007.dat
2015-02-03 19:46 - 2011-04-12 09:14 - 00149232 _____ () C:\Windows\system32\perfc007.dat
2015-02-03 19:46 - 2009-07-14 06:12 - 01619284 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-03 19:43 - 2014-07-06 10:36 - 01320492 _____ () C:\Windows\WindowsUpdate.log
2015-02-03 19:40 - 2014-07-14 09:47 - 00000000 ____D () C:\Users\kriD\AppData\Roaming\Dropbox
2015-02-03 19:40 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-03 19:40 - 2009-07-14 05:56 - 00112177 _____ () C:\Windows\setupact.log
2015-02-03 14:01 - 2010-11-21 04:47 - 00029002 _____ () C:\Windows\PFRO.log
2015-02-03 13:59 - 2014-07-08 18:19 - 00000000 ____D () C:\Users\kriD\AppData\Roaming\foobar2000
2015-02-03 13:36 - 2014-07-06 11:17 - 00000000 ____D () C:\Windows\pss
2015-02-02 21:07 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2015-02-02 20:35 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\schemas
2015-02-02 20:24 - 2009-07-14 05:50 - 04970744 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-02 20:24 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-02-02 18:03 - 2014-07-06 12:42 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-02 10:20 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\Cursors
2015-01-30 11:17 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\Vss
2015-01-29 10:39 - 2014-07-07 08:09 - 00000000 ____D () C:\Program Files (x86)\Heroes of Newerth
2015-01-29 09:29 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\security
2015-01-28 13:07 - 2014-07-07 07:49 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-28 13:07 - 2014-07-07 07:49 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-28 11:50 - 2014-07-30 20:31 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-27 10:12 - 2014-10-21 00:51 - 00010508 _____ () C:\Users\kriD\Desktop\Leder.xlsx
2015-01-21 01:37 - 2014-09-23 21:34 - 00000000 ____D () C:\Users\kriD\AppData\Roaming\TS3Client
2015-01-20 16:42 - 2014-08-20 09:40 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-01-15 03:32 - 2014-08-28 21:41 - 00000132 _____ () C:\Users\kriD\AppData\Roaming\Adobe PNG Format CS5 Prefs
2015-01-14 22:17 - 2014-07-06 13:14 - 00000000 ____D () C:\Users\kriD\AppData\Roaming\Adobe
2015-01-12 11:58 - 2014-10-16 19:00 - 00000000 ____D () C:\Users\kriD\Desktop\Homepage Bilder
2015-01-09 23:28 - 2014-08-10 22:02 - 00000000 ____D () C:\Users\kriD\AppData\Roaming\Mumble

==================== Files in the root of some directories =======

2015-01-08 00:29 - 2015-01-08 00:29 - 0000132 _____ () C:\Users\kriD\AppData\Roaming\Adobe AIFF Format CS5 Prefs
2014-08-28 21:41 - 2015-01-15 03:32 - 0000132 _____ () C:\Users\kriD\AppData\Roaming\Adobe PNG Format CS5 Prefs

Some content of TEMP:
====================
C:\Users\kriD\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpcfo3rf.dll
C:\Users\kriD\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpofnmeh.dll
C:\Users\kriD\AppData\Local\Temp\DseShExt-x64.dll
C:\Users\kriD\AppData\Local\Temp\DseShExt-x86.dll
C:\Users\kriD\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\kriD\AppData\Local\Temp\ICReinstall_PureSyncInst_CB-DL-Manager.exe
C:\Users\kriD\AppData\Local\Temp\ose00000.exe
C:\Users\kriD\AppData\Local\Temp\ose00001.exe
C:\Users\kriD\AppData\Local\Temp\Quarantine.exe
C:\Users\kriD\AppData\Local\Temp\SDShelEx-win32.dll
C:\Users\kriD\AppData\Local\Temp\SDShelEx-x64.dll
C:\Users\kriD\AppData\Local\Temp\sfamcc00001.dll
C:\Users\kriD\AppData\Local\Temp\sfextra.dll
C:\Users\kriD\AppData\Local\Temp\sqlite3.dll
C:\Users\kriD\AppData\Local\Temp\x2blapi.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-03 21:32

==================== End Of Log ============================
         
--- --- ---


und Addition.txt:
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-02-2015
Ran by kriD at 2015-02-03 21:37:04
Running from C:\Users\kriD\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.3.9120 - Adobe Systems Inc.)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.0.0.400 - Adobe Systems Incorporated)
Adobe Creative Suite 5 Master Collection (HKLM-x32\...\{1BBD8D70-721A-41AD-AC8F-7308A0C8FA92}) (Version: 5.0 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.296 - Adobe Systems Incorporated)
Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
AirDroid 3.0.1 (HKLM-x32\...\AirDroid) (Version: 3.0.1 - Sand Studio)
AMD Catalyst Install Manager (HKLM\...\{6119B3A6-3603-9695-0398-CDF2AF0A13F8}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
ArcaniA – Gothic 4 (HKLM-x32\...\Steam App 39690) (Version:  - Spellbound Studios)
Citavi 4 (HKLM-x32\...\{CC0A85B2-734A-45B3-B678-05F6A6499AC7}) (Version: 4.4.0.28 - Swiss Academic Software)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
DAEMON Tools Ultra (HKLM-x32\...\DAEMON Tools Ultra) (Version: 2.3.0.0254 - Disc Soft Ltd)
DigiCouPOnn (HKLM-x32\...\{CE94DD89-7404-B4B9-E713-E55CC0AB6C3B}) (Version:  - "") <==== ATTENTION
DigiSaveR (HKLM-x32\...\{7223EDAC-E091-B3C1-BD91-B66CE557800F}) (Version:  - "")
DIsccounatExTEnsi (HKLM-x32\...\{B138259A-351E-33FA-2726-8D71704F1DA9}) (Version:  - "") <==== ATTENTION
Dota 2 (HKLM-x32\...\Steam App 570) (Version:  - Valve)
Dropbox (HKU\S-1-5-21-2803228219-286040756-942108547-1000\...\Dropbox) (Version: 3.0.3 - Dropbox, Inc.)
EneJoayCooupoN (HKLM-x32\...\{2DF3E224-05CD-4113-AA7A-86F2F6607B46}) (Version:  - "") <==== ATTENTION
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
EViews 7 (HKLM-x32\...\{6A5AEDA0-3B9E-4006-90A7-E78779951A43}) (Version:  - )
EViews 7 (HKLM-x32\...\{B68FC32E-D58F-4B74-A838-B265BF40A445}) (Version:  - )
EViews 7.1 Documentation (HKLM-x32\...\{A6B1D5D2-2CB1-4FBC-B3AA-BEC656406215}) (Version:  - )
foobar2000 v1.3.2 (HKLM-x32\...\foobar2000) (Version: 1.3.2 - Peter Pawlowski)
Heroes of Newerth (HKLM-x32\...\hon) (Version: 2.3.0 - S2 Games)
Logitech Gaming Software 8.55 (HKLM\...\Logitech Gaming Software) (Version: 8.55.137 - Logitech Inc.)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Mozilla Firefox 35.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 de)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.0 - Mozilla)
Mozilla Thunderbird 31.4.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 31.4.0 (x86 de)) (Version: 31.4.0 - Mozilla)
Mumble 1.2.8 (HKLM-x32\...\{1BC144A3-20EF-49DD-8EBB-E421E128E30F}) (Version: 1.2.8 - Thorvald Natvig)
Native Instruments Audio 2 DJ Driver (HKLM-x32\...\Native Instruments Audio 2 DJ Driver) (Version:  - Native Instruments)
Native Instruments Controller Editor (HKLM-x32\...\Native Instruments Controller Editor) (Version: 1.7.0.150 - Native Instruments)
Native Instruments Service Center (HKLM-x32\...\Native Instruments Service Center) (Version: 2.5.2.1549 - Native Instruments)
Native Instruments Traktor 2 (HKLM-x32\...\Native Instruments Traktor 2) (Version: 2.6.8.382 - Native Instruments)
Native Instruments Traktor Kontrol S2 Driver (HKLM-x32\...\Native Instruments Traktor Kontrol S2 Driver) (Version:  - Native Instruments)
Natural Selection 2 (HKLM-x32\...\Steam App 4920) (Version:  - Unknown Worlds Entertainment)
NNeotoCoupon (HKLM-x32\...\{317D8BB4-16C3-CFBD-3777-AED69667DA46}) (Version:  - "") <==== ATTENTION
NVIDIA PhysX (HKLM-x32\...\{80407BA7-7763-4395-AB98-5233F1B34E65}) (Version: 9.13.1220 - NVIDIA Corporation)
ObjectDock Plus (HKLM-x32\...\ObjectDock Plus2.01) (Version: 2.01 - Stardock Corporation)
PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
PureSync (x32 Version: 3.8.0 - Jumping Bytes) Hidden
PureSync 3.8.0 (HKLM-x32\...\PureSync) (Version: 3.8.0 - Jumping Bytes)
Rainmeter (HKLM-x32\...\Rainmeter) (Version: 3.1 r2290 - )
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.67.1226.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6782 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Risen 3 - Titan Lords (HKLM-x32\...\Steam App 249230) (Version:  - Piranha Bytes)
SimpleClear (HKLM-x32\...\{8E8C2E2D-7F21-2CF5-0ADB-64935121ECF0}) (Version:  - "")
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version:  - )
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
SteelSeries Engine (HKLM\...\SteelSeries Engine) (Version: 2.8.450.22786 - SteelSeries)
Strife (HKLM-x32\...\Strife) (Version:  - S2 Games)
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version:  - Valve)
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
Telegram Desktop version 0.7.10 (HKU\S-1-5-21-2803228219-286040756-942108547-1000\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 0.7.10 - Telegram Messenger LLP)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
Wacom Tablett (HKLM\...\Wacom Tablet Driver) (Version: 6.3.8-4 - Wacom Technology Corp.)
WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2803228219-286040756-942108547-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\kriD\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2803228219-286040756-942108547-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\kriD\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2803228219-286040756-942108547-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\kriD\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2803228219-286040756-942108547-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\kriD\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2803228219-286040756-942108547-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\kriD\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2803228219-286040756-942108547-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\kriD\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2803228219-286040756-942108547-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\kriD\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2803228219-286040756-942108547-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\kriD\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2803228219-286040756-942108547-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\kriD\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

==================== Restore Points  =========================

14-01-2015 12:49:09 Geplanter Prüfpunkt
22-01-2015 16:02:47 Geplanter Prüfpunkt
30-01-2015 14:08:57 Geplanter Prüfpunkt
02-02-2015 18:01:25 Windows Update
02-02-2015 20:26:51 Revo Uninstaller's restore point - CheeapMe
02-02-2015 20:28:07 Revo Uninstaller's restore point - DiscoountuEExTensi
02-02-2015 20:28:40 Revo Uninstaller's restore point - DuigiiSAver
02-02-2015 20:29:08 Windows Defender Checkpoint
02-02-2015 20:29:40 Revo Uninstaller's restore point - ExstiraSavings
02-02-2015 20:30:34 Revo Uninstaller's restore point - Redirect Path

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2014-07-28 21:41 - 00001292 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 activate.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 ereg.adobe.com
127.0.0.1 activate.wip3.adobe.com
127.0.0.1 wip3.adobe.com
127.0.0.1 3dns-3.adobe.com
127.0.0.1 3dns-2.adobe.com
127.0.0.1 adobe-dns.adobe.com
127.0.0.1 adobe-dns-2.adobe.com
127.0.0.1 adobe-dns-3.adobe.com
127.0.0.1 ereg.wip3.adobe.com
127.0.0.1 activate-sea.adobe.com
127.0.0.1 wwis-dubc1-vip60.adobe.com
127.0.0.1 activate-sjc0.adobe.com
127.0.0.1 hl2rcv.adobe.com


==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {8003F45B-C700-4A6B-846B-EE120783A444} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {A592B856-120F-4870-8A38-A6F2904913E4} - System32\Tasks\Microsoft\Windows\TabletPC\InputPersonalization => C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe [2009-07-14] (Microsoft Corporation)

==================== Loaded Modules (whitelisted) =============

2014-07-28 19:29 - 2014-07-28 19:29 - 00866584 _____ () C:\Program Files\Logitech Gaming Software\libGLESv2.dll
2014-07-28 19:32 - 2014-07-28 19:32 - 01050904 _____ () C:\Program Files\Logitech Gaming Software\platforms\qwindows.dll
2014-07-28 19:29 - 2014-07-28 19:29 - 00059160 _____ () C:\Program Files\Logitech Gaming Software\libEGL.dll
2014-07-28 19:31 - 2014-07-28 19:31 - 00242456 _____ () C:\Program Files\Logitech Gaming Software\imageformats\qjpeg.dll
2014-06-26 19:39 - 2014-06-26 19:39 - 00504832 _____ () D:\Tools\SteelSeries Engine\SSEngineLib.dll
2014-06-26 19:39 - 2014-06-26 19:39 - 09315328 _____ () D:\Tools\SteelSeries Engine\SSEngineWinGui.dll
2014-06-26 19:39 - 2014-06-26 19:39 - 00015872 _____ () D:\Tools\SteelSeries Engine\Localization.dll
2014-06-26 19:39 - 2014-06-26 19:39 - 00011264 _____ () D:\Tools\SteelSeries Engine\ISSPlugin.dll
2014-06-26 19:39 - 2014-06-26 19:39 - 00011264 _____ () D:\Tools\SteelSeries Engine\Utilities.dll
2014-06-26 19:39 - 2014-06-26 19:39 - 00115200 _____ () D:\Tools\SteelSeries Engine\DriverCommunication.dll
2014-05-16 16:57 - 2014-05-16 16:57 - 00047616 _____ () D:\Tools\SteelSeries Engine\SteelSeriesDrivers\x2api.dll
2014-06-26 19:39 - 2014-06-26 19:39 - 00034304 _____ () D:\Tools\SteelSeries Engine\DBUtils.dll
2014-05-16 16:57 - 2014-05-16 16:57 - 01102336 _____ () D:\Tools\SteelSeries Engine\System.Data.SQLite.dll
2014-06-26 19:39 - 2014-06-26 19:39 - 00189440 _____ () D:\Tools\SteelSeries Engine\MousePlugin.dll
2014-06-26 19:39 - 2014-06-26 19:39 - 00030720 _____ () D:\Tools\SteelSeries Engine\D3MousePlugin.dll
2014-06-26 19:39 - 2014-06-26 19:39 - 00031744 _____ () D:\Tools\SteelSeries Engine\KKMousePlugin.dll
2014-06-26 19:39 - 2014-06-26 19:39 - 00030720 _____ () D:\Tools\SteelSeries Engine\SRawPlugin.dll
2014-06-26 19:39 - 2014-06-26 19:39 - 00159744 _____ () D:\Tools\SteelSeries Engine\MLGSenseiPlugin.dll
2014-06-26 19:39 - 2014-06-26 19:39 - 00020992 _____ () D:\Tools\SteelSeries Engine\WoWGoldPlugin.dll
2014-06-26 19:39 - 2014-06-26 19:39 - 00030720 _____ () D:\Tools\SteelSeries Engine\GW2MousePlugin.dll
2014-06-26 19:39 - 2014-06-26 19:39 - 00029696 _____ () D:\Tools\SteelSeries Engine\CSGOMousePlugin.dll
2014-06-26 19:39 - 2014-06-26 19:39 - 00030208 _____ () D:\Tools\SteelSeries Engine\DOTA2MousePlugin.dll
2014-06-26 19:39 - 2014-06-26 19:39 - 00023040 _____ () D:\Tools\SteelSeries Engine\WoWWirelessPlugin.dll
2014-06-26 19:39 - 2014-06-26 19:39 - 00030720 _____ () D:\Tools\SteelSeries Engine\CODMousePlugin.dll
2014-06-26 19:39 - 2014-06-26 19:39 - 00030208 _____ () D:\Tools\SteelSeries Engine\WoTMousePlugin.dll
2014-07-07 23:03 - 2014-07-07 23:03 - 00777427 _____ () C:\Users\kriD\Documents\Rainmeter\Skins\WP7\@Resources\Common\Settings\Omnimo.exe
2014-05-25 15:18 - 2014-05-25 15:18 - 00036536 _____ () D:\Tools\Rainmeter\Rainmeter.exe
2014-05-25 15:18 - 2014-05-25 15:18 - 00747192 _____ () D:\Tools\Rainmeter\Rainmeter.dll
2014-05-25 15:17 - 2014-05-25 15:17 - 00019968 _____ () D:\Tools\Rainmeter\Plugins\SysInfo.dll
2014-05-25 15:17 - 2014-05-25 15:17 - 00056832 _____ () D:\Tools\Rainmeter\Plugins\WebParser.dll
2014-08-04 18:37 - 2014-04-21 23:30 - 01356568 _____ () C:\Program Files\Tablet\Wacom\libxml2.dll
2015-01-10 20:14 - 2015-01-10 20:14 - 02508800 _____ () c:\Program Files (x86)\SystemHero\SystemHero.dll
2015-02-02 21:38 - 2014-05-13 12:04 - 00109400 _____ () D:\Tools\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2015-02-02 21:38 - 2014-05-13 12:04 - 00416600 _____ () D:\Tools\Spybot - Search & Destroy 2\DEC150.bpl
2015-02-02 21:38 - 2014-05-13 12:04 - 00167768 _____ () D:\Tools\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2015-02-02 21:38 - 2012-08-23 10:38 - 00574840 _____ () D:\Tools\Spybot - Search & Destroy 2\sqlite3.dll
2015-02-02 21:38 - 2012-04-03 17:06 - 00565640 _____ () D:\Tools\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2014-03-19 14:18 - 2015-01-27 21:08 - 00630784 _____ () D:\Tools\Airdroid\System.Data.SQLite.dll
2014-10-22 01:22 - 2014-10-22 01:22 - 00750080 _____ () C:\Users\kriD\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-02-03 19:40 - 2015-02-03 19:40 - 00043008 _____ () c:\users\krid\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpcfo3rf.dll
2014-10-22 01:22 - 2014-10-22 01:22 - 00047616 _____ () C:\Users\kriD\AppData\Roaming\Dropbox\bin\libEGL.dll
2014-10-22 01:22 - 2014-10-22 01:22 - 00863744 _____ () C:\Users\kriD\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2014-10-22 01:22 - 2014-10-22 01:22 - 00200704 _____ () C:\Users\kriD\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2013-05-04 12:57 - 2013-05-04 12:57 - 00095712 _____ () D:\Tools\foobar2000\zlib1.dll
2014-04-11 10:51 - 2014-04-11 10:51 - 00156624 _____ () D:\Tools\foobar2000\shared.dll
2014-04-11 10:49 - 2014-04-11 10:49 - 00199680 _____ () D:\Tools\foobar2000\components\foo_dsp_std.dll
2014-04-11 10:48 - 2014-04-11 10:48 - 00173056 _____ () D:\Tools\foobar2000\components\foo_unpack.dll
2014-04-11 10:51 - 2014-04-11 10:51 - 01391080 _____ () D:\Tools\foobar2000\components\foo_input_std.dll
2014-04-11 10:49 - 2014-04-11 10:49 - 00299520 _____ () D:\Tools\foobar2000\components\foo_freedb2.dll
2014-04-11 10:49 - 2014-04-11 10:49 - 00199168 _____ () D:\Tools\foobar2000\components\foo_dsp_eq.dll
2014-04-11 10:49 - 2014-04-11 10:49 - 00501248 _____ () D:\Tools\foobar2000\components\foo_converter.dll
2014-04-11 10:51 - 2014-04-11 10:51 - 00945128 _____ () D:\Tools\foobar2000\components\foo_ui_std.dll
2014-04-11 10:49 - 2014-04-11 10:49 - 00353280 _____ () D:\Tools\foobar2000\components\foo_rgscan.dll
2014-04-11 10:49 - 2014-04-11 10:49 - 00304640 _____ () D:\Tools\foobar2000\components\foo_cdda.dll
2014-04-11 10:49 - 2014-04-11 10:49 - 00350720 _____ () D:\Tools\foobar2000\components\foo_albumlist.dll
2014-04-11 10:49 - 2014-04-11 10:49 - 00285696 _____ () D:\Tools\foobar2000\components\foo_fileops.dll
2015-01-14 14:48 - 2015-01-14 14:48 - 03347056 _____ () D:\Tools\Thunderbird\mozjs.dll
2015-01-14 14:48 - 2015-01-14 14:48 - 00158832 _____ () D:\Tools\Thunderbird\NSLDAP32V60.dll
2015-01-14 14:48 - 2015-01-14 14:48 - 00023152 _____ () D:\Tools\Thunderbird\NSLDAPPR32V60.dll
2015-01-27 00:05 - 2015-01-27 00:05 - 03925104 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2015-01-28 13:07 - 2015-01-28 13:07 - 16844976 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: asComSvc => 2
MSCONFIG\Services: Disc Soft Bus Service => 3
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: SwitchBoard => 3
MSCONFIG\startupfolder: C:^Users^kriD^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^debug.nfo => C:\Windows\pss\debug.nfo.Startup
MSCONFIG\startupfolder: C:^Users^kriD^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^foobar2000.lnk => C:\Windows\pss\foobar2000.lnk.Startup
MSCONFIG\startupfolder: C:^Users^kriD^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^speedfan.exe => C:\Windows\pss\speedfan.exe.Startup
MSCONFIG\startupfolder: C:^Users^kriD^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^speedfanevents.cfg => C:\Windows\pss\speedfanevents.cfg.Startup
MSCONFIG\startupfolder: C:^Users^kriD^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^speedfanparams.cfg => C:\Windows\pss\speedfanparams.cfg.Startup
MSCONFIG\startupfolder: C:^Users^kriD^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^speedfansens.cfg => C:\Windows\pss\speedfansens.cfg.Startup
MSCONFIG\startupfolder: C:^Users^kriD^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Stardock ObjectDock.lnk => C:\Windows\pss\Stardock ObjectDock.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: AdobeCS5ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: AirDroid 3 => D:\Tools\Airdroid\AirDroid.exe /start
MSCONFIG\startupreg: DAEMON Tools Ultra Agent => "D:\Tools\DAEMON Tools Ultra\DTAgent.exe" -autorun
MSCONFIG\startupreg: GrooveMonitor => "D:\Tools\Microsoft Office 2007\Office12\GrooveMonitor.exe"
MSCONFIG\startupreg: RTHDVCPL => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
MSCONFIG\startupreg: SDTray => "D:\Tools\Spybot - Search & Destroy 2\SDTray.exe"
MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
MSCONFIG\startupreg: SwitchBoard => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

========================= Accounts: ==========================

Administrator (S-1-5-21-2803228219-286040756-942108547-500 - Administrator - Disabled)
Gast (S-1-5-21-2803228219-286040756-942108547-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-2803228219-286040756-942108547-1002 - Limited - Enabled)
kriD (S-1-5-21-2803228219-286040756-942108547-1000 - Administrator - Enabled) => C:\Users\kriD

==================== Faulty Device Manager Devices =============

Name: USB (Universal Serial Bus)-Controller
Description: USB (Universal Serial Bus)-Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Audiocontroller für Multimedia
Description: Audiocontroller für Multimedia
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (02/03/2015 09:33:04 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (02/03/2015 09:32:50 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig.

Error: (02/03/2015 08:00:27 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 35.0.1.5500, Zeitstempel: 0x54c1f9f3
Name des fehlerhaften Moduls: mozalloc.dll, Version: 35.0.1.5500, Zeitstempel: 0x54c1f224
Ausnahmecode: 0x80000003
Fehleroffset: 0x00001425
ID des fehlerhaften Prozesses: 0xb70
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3

Error: (02/03/2015 07:40:17 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/03/2015 07:30:46 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (02/03/2015 02:06:21 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (02/03/2015 02:05:48 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.


System errors:
=============
Error: (02/03/2015 07:40:17 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: ComputerstandardLokalAktivierung{BC50CF2A-E12C-4F18-90CE-714CC8600CEE}{BC50CF2A-E12C-4F18-90CE-714CC8600CEE}NT-AUTORITÄTLOKALER DIENSTS-1-5-19LocalHost (unter Verwendung von LRPC)


Microsoft Office Sessions:
=========================

==================== Memory info =========================== 

Processor: Intel(R) Xeon(R) CPU E3-1231 v3 @ 3.40GHz
Percentage of memory in use: 19%
Total physical RAM: 15826.73 MB
Available physical RAM: 12726.64 MB
Total Pagefile: 31651.64 MB
Available Pagefile: 28214.9 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:232.88 GB) (Free:158.82 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Programme) (Fixed) (Total:976.56 GB) (Free:908.19 GB) NTFS
Drive e: (Daten) (Fixed) (Total:2749.33 GB) (Free:1489.8 GB) NTFS
Drive f: (Backup) (Fixed) (Total:931.51 GB) (Free:853.42 GB) NTFS
Drive g: (Ex C) (Fixed) (Total:126.72 GB) (Free:8.8 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive h: (Ex E) (Fixed) (Total:338.94 GB) (Free:78.09 GB) NTFS
Drive i: (TOURO) (Fixed) (Total:931.51 GB) (Free:489.04 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 3726 GB) (Disk ID: A33D020D)

Partition: GPT Partition Type.

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: B2F52B71)
Partition 1: (Active) - (Size=232.9 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (Size: 931.5 GB) (Disk ID: E8900690)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

========================================================
Disk: 3 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 3ECC3ECC)
Partition 1: (Not Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Active) - (Size=126.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=338.9 GB) - (Type=07 NTFS)

========================================================
Disk: 4 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: CD0FD048)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         
Cheers,
kriD_

PS: Sind Werbe-banner hier im Forum (z.B. in der Signatur) normal?
__________________

Geändert von kriD_ (03.02.2015 um 20:44 Uhr) Grund: kosmetische Änderungen

Alt 04.02.2015, 17:53   #4
schrauber
/// the machine
/// TB-Ausbilder
 

Firefox: Werbe-Addons installieren sich selbsständig neu - Standard

Firefox: Werbe-Addons installieren sich selbsständig neu



Lade Dir bitte von hier Revo Uninstaller Download Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.
  • Installiere und starte das Programm. (Bebilderte Anleitung zu Revo Uninstaller)
  • Klicke auf Optionen und wähle als Sprache Deutsch.
  • Suche im Uninstallerfeld nach den Programmen:

    DigiCouPOnn

    DIsccounatExTEnsi

    EneJoayCooupoN

    NNeotoCoupon



  • Wähle die Programme nacheinander aus und klicke jedes Mal auf Uninstall.
  • Wähle anschließend den Modus "Moderat" aus.
  • Reste löschen:
    Klicke auf dann auf und dann auf .

 





Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 04.02.2015, 19:27   #5
kriD_
 
Firefox: Werbe-Addons installieren sich selbsständig neu - Standard

Revo



Hey Schrauber, danke für die Antwort.

Das mit dem Revo Unistaller hatte ich auch bereits vorher schon einmal probiert. Ich werde die besagten Programme gleich noch einmal entfernen. Sollte ich vorher noch einmal die von mir beschriebenen Schritte durchführen oder einfach so alles was ich jetzt an auffälligen Sachen finde deinstallieren (state of the art: Heute neu installierte Addons manuell entfert, sonst nix gemacht.)

Der Revo Uninstaller zeigt mir neben den 4 von dir beschriebenen Programmen noch weiteren Müll an, der jüngst installiert wurde:

Wenn du das OK gibts, dass ohne weiteres vorheriges zutun einfach der krams mittels Revo deinstalliert werden kann, mache ich das sowie den Scan mit Combofix.

LG kriD_


Alt 05.02.2015, 07:17   #6
schrauber
/// the machine
/// TB-Ausbilder
 

Firefox: Werbe-Addons installieren sich selbsständig neu - Standard

Firefox: Werbe-Addons installieren sich selbsständig neu



Du kannst auch andere Software mit Revo deinstalliern wenn Du sie nit brauchst oder haben willst
__________________
--> Firefox: Werbe-Addons installieren sich selbsständig neu

Alt 05.02.2015, 08:30   #7
kriD_
 
Firefox: Werbe-Addons installieren sich selbsständig neu - Standard

Firefox: Werbe-Addons installieren sich selbsständig neu



Dass ich auch andere Programme damit deinstallieren kann ist mir bewusst. Meine Frage zielte darauf ab, ob ich vorher den ganzen Malwarebytes Zirkus noch einmal durchführen soll, oder jetzt einfach so alle auffälligen Programme (und das sind nicht nur die 4 von dir aufgeführten (siehe Screenshot)) deinstallieren soll.

LG kriD_

Alt 05.02.2015, 09:36   #8
schrauber
/// the machine
/// TB-Ausbilder
 

Firefox: Werbe-Addons installieren sich selbsständig neu - Standard

Firefox: Werbe-Addons installieren sich selbsständig neu



Nein, zuerst Revo, dann Combofix, wie ich es oben angegeben habe. Danach fahren wir bei MBAM und AdwCleaner ein Update und lass die nochmal kurz ran.

Was Du mit Revo machst ist mir Schnuppe, die 4 von mir angegeben sind Adware, die müssen runter.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 05.02.2015, 10:18   #9
kriD_
 
Firefox: Werbe-Addons installieren sich selbsständig neu - Standard

Combofix



Ich glaube wir reden etwas aneinander vorbei, aber ist egal jetzt. Habe mittels Revo Uninstaller alle Adware (ca 8 Einträge) deinstalliert und Combofix durchgeführt:
Code:
ATTFilter
ComboFix 15-02-02.01 - kriD 05.02.2015  11:05:08.1.8 - x64
Microsoft Windows 7 Professional N   6.1.7601.1.1252.49.1031.18.15827.13195 [GMT 1:00]
ausgeführt von:: e:\downloads\ComboFix.exe
SP: Spybot - Search and Destroy *Enabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\DIsccounatExTEnsi
c:\program files (x86)\DIsccounatExTEnsi\vBNcsMj6GUSwUE.dat
c:\program files (x86)\DIsccounatExTEnsi\vBNcsMj6GUSwUE.dll
c:\program files (x86)\DIsccounatExTEnsi\vBNcsMj6GUSwUE.exe
c:\program files (x86)\DIsccounatExTEnsi\vBNcsMj6GUSwUE.tlb
c:\program files (x86)\DIsccounatExTEnsi\vBNcsMj6GUSwUE.x64.dll
c:\program files (x86)\NNeotoCoupon
c:\program files (x86)\NNeotoCoupon\YKT9uAgBXrHCS9.dat
c:\program files (x86)\NNeotoCoupon\YKT9uAgBXrHCS9.dll
c:\program files (x86)\NNeotoCoupon\YKT9uAgBXrHCS9.exe
c:\program files (x86)\NNeotoCoupon\YKT9uAgBXrHCS9.tlb
c:\program files (x86)\NNeotoCoupon\YKT9uAgBXrHCS9.x64.dll
c:\programdata\13523111935511328913
c:\programdata\13523111935511328913\23a9763700316e4ab5298f94308a2ef2.ini
c:\programdata\13523111935511328913\2a0b23fa8d6e74d4b5298f94308a2ef2.ini
c:\programdata\13523111935511328913\465f8e59c1c2d774b5298f94308a2ef2.ini
c:\programdata\13523111935511328913\508d37f1a64d63afb5298f94308a2ef2.ini
c:\programdata\13523111935511328913\60b6132765a7b0abb5298f94308a2ef2.ini
c:\programdata\13523111935511328913\769e86b727e42adbb5298f94308a2ef2.ini
c:\programdata\13523111935511328913\8c84dcdc46445dd6b5298f94308a2ef2.ini
c:\programdata\13523111935511328913\a7739f6d0875f7b0b5298f94308a2ef2.ini
c:\programdata\13523111935511328913\a99a93cd45c8f6c1b5298f94308a2ef2.ini
c:\programdata\13523111935511328913\c639ec01ae8d99a9b5298f94308a2ef2.ini
c:\programdata\13523111935511328913\f392fc60cfeefae4b5298f94308a2ef2.ini
c:\programdata\13523111935511328913\ff9a431c66096748b5298f94308a2ef2.ini
c:\programdata\ntuser.pol
c:\users\kriD\AppData\Local\Adobe\downloader.dll
c:\users\kriD\AppData\Local\Adobe\gccheck.exe
c:\users\kriD\AppData\Local\Adobe\gtbcheck.exe
c:\users\kriD\Documents\Rainmeter\Skins\WP7\@Resources\Common\Settings\Omnimo.exe
c:\windows\SysWow64\DEBUG.log
.
.
(((((((((((((((((((((((   Dateien erstellt von 2015-01-05 bis 2015-02-05  ))))))))))))))))))))))))))))))
.
.
2015-02-05 10:07 . 2015-02-05 10:07	--------	d-----w-	c:\users\Default\AppData\Local\temp
2015-02-05 09:55 . 2015-02-05 10:01	--------	d-----w-	c:\programdata\bbabbea825ff7891
2015-02-03 20:36 . 2015-02-03 20:37	--------	d-----w-	C:\FRST
2015-02-03 13:06 . 2015-02-03 13:06	--------	d-----w-	c:\program files (x86)\ESET
2015-02-03 12:41 . 2015-02-03 12:41	--------	d-----w-	c:\program files (x86)\Facebook Chat Platinum
2015-02-02 21:00 . 2015-02-02 21:00	--------	d-----w-	c:\program files (x86)\NBA Live News
2015-02-02 20:38 . 2013-09-20 09:49	21040	----a-w-	c:\windows\system32\sdnclean64.exe
2015-02-02 20:38 . 2015-02-02 20:40	--------	d-----w-	c:\programdata\Spybot - Search & Destroy
2015-02-02 19:58 . 2015-02-02 19:58	--------	d-----w-	c:\program files (x86)\Fuskr
2015-02-02 17:05 . 2014-12-15 03:13	11870360	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{F3695323-60DB-43C9-A5D0-4EC5FD1854EF}\mpengine.dll
2015-02-02 17:03 . 2014-10-18 02:05	4121600	----a-w-	c:\windows\system32\mf.dll
2015-02-02 17:03 . 2014-10-18 01:33	3209728	----a-w-	c:\windows\SysWow64\mf.dll
2015-02-02 17:03 . 2014-07-07 02:06	206848	----a-w-	c:\windows\system32\mfps.dll
2015-02-02 17:03 . 2014-07-07 02:06	55808	----a-w-	c:\windows\system32\rrinstaller.exe
2015-02-02 17:03 . 2014-07-07 02:06	24576	----a-w-	c:\windows\system32\mfpmp.exe
2015-02-02 17:03 . 2014-07-07 02:02	2048	----a-w-	c:\windows\system32\mferror.dll
2015-02-02 17:03 . 2014-07-07 01:40	103424	----a-w-	c:\windows\SysWow64\mfps.dll
2015-02-02 17:03 . 2014-07-07 01:39	50176	----a-w-	c:\windows\SysWow64\rrinstaller.exe
2015-02-02 17:03 . 2014-07-07 01:39	23040	----a-w-	c:\windows\SysWow64\mfpmp.exe
2015-02-02 17:03 . 2014-07-07 01:37	2048	----a-w-	c:\windows\SysWow64\mferror.dll
2015-02-02 17:00 . 2014-11-27 01:10	235176	----a-w-	c:\program files (x86)\Internet Explorer\sqmapi.dll
2015-02-02 16:59 . 2014-12-12 05:35	5553592	----a-w-	c:\windows\system32\ntoskrnl.exe
2015-02-02 16:58 . 2014-10-25 01:57	77824	----a-w-	c:\windows\system32\packager.dll
2015-02-02 16:58 . 2014-10-25 01:32	67584	----a-w-	c:\windows\SysWow64\packager.dll
2015-02-02 16:58 . 2014-10-14 02:13	3241984	----a-w-	c:\windows\system32\msi.dll
2015-02-02 16:58 . 2014-10-14 01:50	2363904	----a-w-	c:\windows\SysWow64\msi.dll
2015-02-02 16:58 . 2014-10-10 00:57	3198976	----a-w-	c:\windows\system32\win32k.sys
2015-02-02 16:58 . 2014-10-18 02:05	861696	----a-w-	c:\windows\system32\oleaut32.dll
2015-02-02 16:58 . 2014-10-18 01:33	571904	----a-w-	c:\windows\SysWow64\oleaut32.dll
2015-02-02 09:14 . 2015-02-02 09:14	--------	d-----w-	c:\program files (x86)\Download Button
2015-02-01 20:14 . 2015-02-01 20:14	--------	d-----w-	c:\program files (x86)\DubLi Toolbar
2015-02-01 11:54 . 2015-02-01 11:54	--------	d-----w-	c:\program files (x86)\Tab Resize split screen layouts
2015-01-31 19:59 . 2015-01-31 19:59	--------	d-----w-	c:\program files (x86)\Fairy Tail Fighting
2015-01-30 11:11 . 2015-01-30 11:11	--------	d-----w-	c:\windows\ERUNT
2015-01-30 11:03 . 2015-02-02 20:28	--------	d-----w-	c:\programdata\Malwarebytes' Anti-Malware (portable)
2015-01-30 10:37 . 2015-01-30 10:37	--------	d-----w-	c:\program files (x86)\UGamesFree
2015-01-30 09:33 . 2015-01-30 09:33	--------	d-----w-	c:\program files (x86)\Extreme User Agent Switcher
2015-01-29 09:43 . 2015-01-29 09:43	--------	d-----w-	c:\program files (x86)\MetaProducts Offline Explorer integration
2015-01-29 08:50 . 2015-01-29 09:21	--------	d-----w-	c:\program files (x86)\Emotee
2015-01-29 02:04 . 2015-02-03 18:34	129752	----a-w-	c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-01-29 01:53 . 2015-02-02 19:39	97496	----a-w-	c:\windows\system32\drivers\mbamchameleon.sys
2015-01-29 01:53 . 2015-01-29 01:53	--------	d-----w-	c:\programdata\Malwarebytes
2015-01-29 01:53 . 2014-11-21 05:14	63704	----a-w-	c:\windows\system32\drivers\mwac.sys
2015-01-29 01:53 . 2014-11-21 05:14	25816	----a-w-	c:\windows\system32\drivers\mbam.sys
2015-01-28 11:29 . 2015-02-03 13:00	--------	d-----w-	C:\AdwCleaner
2015-01-10 19:14 . 2015-01-11 02:41	--------	d-----w-	c:\program files (x86)\SystemHero
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-01-28 12:07 . 2014-07-07 06:49	71344	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-01-28 12:07 . 2014-07-07 06:49	701616	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2014-12-31 12:12 . 2014-07-06 11:42	113365784	----a-w-	c:\windows\system32\MRT.exe
2014-12-22 23:41 . 2010-11-21 03:27	298120	------w-	c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08	131480	----a-w-	c:\users\kriD\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08	131480	----a-w-	c:\users\kriD\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08	131480	----a-w-	c:\users\kriD\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08	131480	----a-w-	c:\users\kriD\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08	131480	----a-w-	c:\users\kriD\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08	131480	----a-w-	c:\users\kriD\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08	131480	----a-w-	c:\users\kriD\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08	131480	----a-w-	c:\users\kriD\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SteelSeries Engine"="d:\tools\SteelSeries Engine\SteelSeriesEngine.exe" [2014-06-26 87040]
"PureSync"="d:\tools\PureSync\PureSyncTray.exe" [2014-08-09 915120]
"AirDroid 3"="d:\tools\Airdroid\AirDroid.exe" [2015-01-27 11269120]
.
c:\users\kriD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\kriD\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-12-9 39207112]
foobar2000.lnk - d:\tools\foobar2000\foobar2000.exe [2014-4-11 1858000]
Rainmeter.lnk - d:\tools\Rainmeter\Rainmeter.exe [2014-5-25 36536]
Telegram.lnk - d:\tools\Telegram\Telegram.exe -autostart [2014-7-7 24075136]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	autocheck autochk *\0\0sdnclean64.exe
.
R2 7baa6e25;SystemHero;c:\windows\system32\rundll32.exe;c:\windows\SYSNATIVE\rundll32.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;d:\tools\Spybot - Search & Destroy 2\SDFSSvc.exe;d:\tools\Spybot - Search & Destroy 2\SDFSSvc.exe [x]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;d:\tools\Spybot - Search & Destroy 2\SDWSCSvc.exe;d:\tools\Spybot - Search & Destroy 2\SDWSCSvc.exe [x]
R3 androidusb;ADB Interface Driver;c:\windows\system32\Drivers\androidusb.sys;c:\windows\SYSNATIVE\Drivers\androidusb.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 GPU-Z;GPU-Z;c:\users\kriD\AppData\Local\Temp\GPU-Z.sys;c:\users\kriD\AppData\Local\Temp\GPU-Z.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 pneteth;PdaNet Broadband;c:\windows\system32\DRIVERS\pneteth.sys;c:\windows\SYSNATIVE\DRIVERS\pneteth.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R4 asComSvc;ASUS Com Service;c:\program files (x86)\ASUS\AXSP\1.01.01\atkexComSvc.exe;c:\program files (x86)\ASUS\AXSP\1.01.01\atkexComSvc.exe [x]
R4 Disc Soft Bus Service;Disc Soft Bus Service;d:\tools\DAEMON Tools Ultra\DiscSoftBusService.exe;d:\tools\DAEMON Tools Ultra\DiscSoftBusService.exe [x]
R4 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 NIHardwareService;NIHardwareService;c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe;c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [x]
S2 WTabletServicePro;Wacom Professional Service;c:\program files\Tablet\Wacom\WTabletServicePro.exe;c:\program files\Tablet\Wacom\WTabletServicePro.exe [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 busenum;SteelBusSvc;c:\windows\system32\DRIVERS\SteelBus64.sys;c:\windows\SYSNATIVE\DRIVERS\SteelBus64.sys [x]
S3 dtscsibus;DAEMON Tools Virtual SCSI Bus;c:\windows\system32\DRIVERS\dtscsibus.sys;c:\windows\SYSNATIVE\DRIVERS\dtscsibus.sys [x]
S3 hidkmdf;KMDF Driver;c:\windows\system32\DRIVERS\hidkmdf.sys;c:\windows\SYSNATIVE\DRIVERS\hidkmdf.sys [x]
S3 ks2avs;Kontrol S2 WDM Audio;c:\windows\system32\Drivers\ks2avs.sys;c:\windows\SYSNATIVE\Drivers\ks2avs.sys [x]
S3 ks2usb_svc;Traktor Kontrol S2;c:\windows\system32\Drivers\ks2usb.sys;c:\windows\SYSNATIVE\Drivers\ks2usb.sys [x]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys;c:\windows\SYSNATIVE\drivers\LGBusEnum.sys [x]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys;c:\windows\SYSNATIVE\drivers\LGVirHid.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 SAlphamHid;SteelHIDSvc;c:\windows\system32\DRIVERS\SAlpham64.sys;c:\windows\SYSNATIVE\DRIVERS\SAlpham64.sys [x]
S3 WacHidRouter;Wacom Hid Router;c:\windows\system32\DRIVERS\wachidrouter.sys;c:\windows\SYSNATIVE\DRIVERS\wachidrouter.sys [x]
S3 wacomrouterfilter;Wacom Router Filter Driver;c:\windows\system32\DRIVERS\wacomrouterfilter.sys;c:\windows\SYSNATIVE\DRIVERS\wacomrouterfilter.sys [x]
.
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08	164760	----a-w-	c:\users\kriD\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08	164760	----a-w-	c:\users\kriD\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08	164760	----a-w-	c:\users\kriD\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08	164760	----a-w-	c:\users\kriD\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08	164760	----a-w-	c:\users\kriD\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08	164760	----a-w-	c:\users\kriD\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08	164760	----a-w-	c:\users\kriD\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08	164760	----a-w-	c:\users\kriD\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2014-07-28 10801944]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: &Citavi Picker... - file://c:\program files (x86)\Internet Explorer\Citavi Picker\ShowContextMenu.html
IE: Nach Microsoft E&xel exportieren - d:\tools\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\kriD\AppData\Roaming\Mozilla\Firefox\Profiles\kznrb15f.default-1422967902742\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{2d876fe6-4945-4a54-afac-1ce4c1aacdc6} - c:\program files (x86)\DIsccounatExTEnsi\vBNcsMj6GUSwUE.dll
BHO-{b23c2b1e-e9cb-4cfb-a43e-fced142ab25e} - c:\program files (x86)\NNeotoCoupon\YKT9uAgBXrHCS9.dll
c:\users\kriD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Omnimo.lnk - c:\users\kriD\Documents\Rainmeter\Skins\WP7\@Resources\Common\Settings\Omnimo.exe
Notify-SDWinLogon - SDWinLogon.dll
BHO-{2d876fe6-4945-4a54-afac-1ce4c1aacdc6} - c:\program files (x86)\DIsccounatExTEnsi\vBNcsMj6GUSwUE.x64.dll
BHO-{b23c2b1e-e9cb-4cfb-a43e-fced142ab25e} - c:\program files (x86)\NNeotoCoupon\YKT9uAgBXrHCS9.x64.dll
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2015-02-05  11:08:26
ComboFix-quarantined-files.txt  2015-02-05 10:08
.
Vor Suchlauf: 10 Verzeichnis(se), 174.031.507.456 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 173.941.444.608 Bytes frei
.
- - End Of File - - D7ACF90F9699FA6B06F800679CEB8FE3
A36C5E4F47E84449FF07ED3517B43A31
         
Bereit weitere Anweisungen entgegen zu nehmen!

LG kriD_

Alt 05.02.2015, 12:19   #10
schrauber
/// the machine
/// TB-Ausbilder
 

Firefox: Werbe-Addons installieren sich selbsständig neu - Standard

Firefox: Werbe-Addons installieren sich selbsständig neu



Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 05.02.2015, 13:08   #11
kriD_
 
Firefox: Werbe-Addons installieren sich selbsständig neu - Standard

Neue Logs



Alles klar,

kein Fund bei Malwarebytes!
LOG:
Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Scan Date: 05.02.2015
Scan Time: 13:53:46
Logfile: malwarebytes 2.txt
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.02.05.05
Rootkit Database: v2015.02.03.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: kriD

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 347909
Time Elapsed: 3 min, 0 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)
         
AdwCleaner hat noch was gefunden - LOG:
Code:
ATTFilter
# AdwCleaner v4.109 - Bericht erstellt am 05/02/2015 um 13:59:57
# Aktualisiert 24/01/2015 von Xplode
# Database : 2015-02-04.1 [Live]
# Betriebssystem : Windows 7 Professional N Service Pack 1 (64 bits)
# Benutzername : kriD - KRID-PC
# Gestartet von : E:\Downloads\AdwCleaner09.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\bbabbea825ff7891

***** [ Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\P2d876fe6_4945_4a54_afac_1ce4c1aacdc6_.P2d876fe6_4945_4a54_afac_1ce4c1aacdc6_
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\P2d876fe6_4945_4a54_afac_1ce4c1aacdc6_.P2d876fe6_4945_4a54_afac_1ce4c1aacdc6_.9
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Pb23c2b1e_e9cb_4cfb_a43e_fced142ab25e_.Pb23c2b1e_e9cb_4cfb_a43e_fced142ab25e_
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Pb23c2b1e_e9cb_4cfb_a43e_fced142ab25e_.Pb23c2b1e_e9cb_4cfb_a43e_fced142ab25e_.9
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{2d876fe6-4945-4a54-afac-1ce4c1aacdc6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{b23c2b1e-e9cb-4cfb-a43e-fced142ab25e}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2d876fe6-4945-4a54-afac-1ce4c1aacdc6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b23c2b1e-e9cb-4cfb-a43e-fced142ab25e}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2d876fe6-4945-4a54-afac-1ce4c1aacdc6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{b23c2b1e-e9cb-4cfb-a43e-fced142ab25e}
Schlüssel Gelöscht : HKCU\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17496


-\\ Mozilla Firefox v35.0.1 (x86 de)

[kznrb15f.default-1422967902742\prefs.js] - Zeile gelöscht : user_pref("extensions.AVtt93pNNfXmoxXS.scode", "try{(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1url.indexOf(\"warnalert11.com\")>-1url.index[...]
[kznrb15f.default-1422967902742\prefs.js] - Zeile gelöscht : user_pref("extensions.FGb8bH8CrI09UCbx.scode", "try{(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1url.indexOf(\"warnalert11.com\")>-1url.index[...]
[kznrb15f.default-1422967902742\prefs.js] - Zeile gelöscht : user_pref("extensions.I2hQMfmqF5H4NbNw.scode", "try{(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1url.indexOf(\"warnalert11.com\")>-1url.index[...]
[kznrb15f.default-1422967902742\prefs.js] - Zeile gelöscht : user_pref("extensions.JKBqscipNGitrIhz.scode", "try{(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1url.indexOf(\"warnalert11.com\")>-1url.index[...]

*************************

AdwCleaner[R0].txt - [9316 octets] - [28/01/2015 12:29:04]
AdwCleaner[R10].txt - [4370 octets] - [05/02/2015 13:59:13]
AdwCleaner[R1].txt - [4737 octets] - [29/01/2015 10:20:25]
AdwCleaner[R2].txt - [4323 octets] - [30/01/2015 11:08:55]
AdwCleaner[R3].txt - [1276 octets] - [30/01/2015 11:11:58]
AdwCleaner[R4].txt - [4756 octets] - [30/01/2015 12:09:06]
AdwCleaner[R5].txt - [5969 octets] - [02/02/2015 10:28:54]
AdwCleaner[R6].txt - [2345 octets] - [02/02/2015 20:37:06]
AdwCleaner[R7].txt - [5772 octets] - [02/02/2015 21:36:21]
AdwCleaner[R8].txt - [5832 octets] - [02/02/2015 21:37:37]
AdwCleaner[R9].txt - [4622 octets] - [03/02/2015 14:00:03]
AdwCleaner[S0].txt - [8281 octets] - [28/01/2015 12:32:36]
AdwCleaner[S1].txt - [4511 octets] - [29/01/2015 10:21:53]
AdwCleaner[S2].txt - [4030 octets] - [30/01/2015 11:10:54]
AdwCleaner[S3].txt - [4709 octets] - [30/01/2015 12:09:52]
AdwCleaner[S4].txt - [6035 octets] - [02/02/2015 10:29:42]
AdwCleaner[S5].txt - [2416 octets] - [02/02/2015 20:37:50]
AdwCleaner[S6].txt - [5498 octets] - [02/02/2015 21:38:59]
AdwCleaner[S7].txt - [4683 octets] - [03/02/2015 14:00:54]
AdwCleaner[S8].txt - [4310 octets] - [05/02/2015 13:59:57]

########## EOF - C:\AdwCleaner\AdwCleaner[S8].txt - [4370 octets] ##########
         
und hier noch die FRST.txt:
FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-02-2015 01
Ran by kriD (administrator) on KRID-PC on 05-02-2015 14:04:42
Running from E:\Downloads
Loaded Profiles: kriD (Available profiles: kriD)
Platform: Windows 7 Professional N Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Native Instruments GmbH) C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
(Safer-Networking Ltd.) D:\Tools\Spybot - Search & Destroy 2\SDFSSvc.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(SteelSeries ApS) D:\Tools\SteelSeries Engine\SteelSeriesEngine.exe
(Jumping Bytes) D:\Tools\PureSync\PureSyncTray.exe
(Sand Studio) D:\Tools\Airdroid\AirDroid.exe
(Dropbox, Inc.) C:\Users\kriD\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Piotr Pawlowski) D:\Tools\foobar2000\foobar2000.exe
() D:\Tools\Rainmeter\Rainmeter.exe
(Telegram Messenger LLP) D:\Tools\Telegram\Telegram.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDPOP3.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDCountdown.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Wacom\WacomHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
(Safer-Networking Ltd.) D:\Tools\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [10801944 2014-07-28] (Logitech Inc.)
HKLM Group Policy restriction on software: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\Adobe Application Manager (Updater) <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <====== ATTENTION
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-2803228219-286040756-942108547-1000\...\Run: [SteelSeries Engine] => D:\Tools\SteelSeries Engine\SteelSeriesEngine.exe [87040 2014-06-26] (SteelSeries ApS)
HKU\S-1-5-21-2803228219-286040756-942108547-1000\...\Run: [PureSync] => D:\Tools\PureSync\PureSyncTray.exe [915120 2014-08-09] (Jumping Bytes)
HKU\S-1-5-21-2803228219-286040756-942108547-1000\...\Run: [AirDroid 3] => D:\Tools\Airdroid\AirDroid.exe [11269120 2015-01-27] (Sand Studio)
Startup: C:\Users\kriD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\kriD\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\kriD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\foobar2000.lnk
ShortcutTarget: foobar2000.lnk -> D:\Tools\foobar2000\foobar2000.exe (Piotr Pawlowski)
Startup: C:\Users\kriD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk
ShortcutTarget: Rainmeter.lnk -> D:\Tools\Rainmeter\Rainmeter.exe ()
Startup: C:\Users\kriD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Telegram.lnk
ShortcutTarget: Telegram.lnk -> D:\Tools\Telegram\Telegram.exe (Telegram Messenger LLP)
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 1 (GFS Unread Stub)] -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} => D:\Tools\Microsoft Office 2007\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 2 (GFS Stub)] -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => D:\Tools\Microsoft Office 2007\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)] -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} => D:\Tools\Microsoft Office 2007\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 3 (GFS Folder)] -> {16F3DD56-1AF5-4347-846D-7C10C4192619} => D:\Tools\Microsoft Office 2007\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 4 (GFS Unread Mark)] -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => D:\Tools\Microsoft Office 2007\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BootExecute: autocheck autochk * sdnclean64.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2803228219-286040756-942108547-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2803228219-286040756-942108547-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
Handler-x32: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\Tools\Microsoft Office 2007\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\kriD\AppData\Roaming\Mozilla\Firefox\Profiles\kznrb15f.default-1422967902742
FF Homepage: hxxp://www.google.de/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll ()
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Extension: WOT - C:\Users\kriD\AppData\Roaming\Mozilla\Firefox\Profiles\kznrb15f.default-1422967902742\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2015-02-03]
FF Extension: Adblock Plus - C:\Users\kriD\AppData\Roaming\Mozilla\Firefox\Profiles\kznrb15f.default-1422967902742\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-02-03]
FF HKLM-x32\...\Firefox\Extensions: [{8AA36F4F-6DC7-4c06-77AF-5035170634FE}] - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox
FF Extension: Citavi Picker - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2014-12-06]

Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 7baa6e25; c:\Program Files (x86)\SystemHero\SystemHero.dll [2508800 2015-01-10] () [File not signed]
S4 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.01.01\atkexComSvc.exe [927232 2012-10-29] ()
S4 Disc Soft Bus Service; D:\Tools\DAEMON Tools Ultra\DiscSoftBusService.exe [813328 2014-04-28] (Disc Soft Ltd)
S3 Microsoft Office Groove Audit Service; D:\Tools\Microsoft Office 2007\Office12\GrooveAuditService.exe [65824 2006-10-26] (Microsoft Corporation)
R2 SDScannerService; D:\Tools\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDWSCService; D:\Tools\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S4 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [635160 2014-04-21] (Wacom Technology, Corp.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 androidusb; C:\Windows\System32\Drivers\androidusb.sys [36256 2009-11-13] (Google Inc) [File not signed]
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2012-08-21] ()
R3 dtscsibus; C:\Windows\System32\DRIVERS\dtscsibus.sys [29696 2014-07-08] (Disc Soft Ltd)
R3 ks2avs; C:\Windows\System32\Drivers\ks2avs.sys [359784 2012-12-18] (Native Instruments GmbH)
R3 ks2usb_svc; C:\Windows\System32\Drivers\ks2usb.sys [83816 2012-12-18] (Native Instruments GmbH)
R3 SAlphamHid; C:\Windows\System32\DRIVERS\SAlpham64.sys [39168 2014-05-27] (SteelSeries Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 GPU-Z; \??\C:\Users\kriD\AppData\Local\Temp\GPU-Z.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-05 14:03 - 2015-02-05 14:03 - 00004450 _____ () C:\Users\kriD\Desktop\AdwCleaner[S8].txt
2015-02-05 13:58 - 2015-02-05 13:58 - 00001063 _____ () C:\Users\kriD\Desktop\malwarebytes 2.txt
2015-02-05 11:13 - 2015-02-05 11:13 - 00017741 _____ () C:\ComboFix.txt
2015-02-05 11:04 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-02-05 11:04 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-02-05 11:04 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-02-05 11:04 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-02-05 11:04 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-02-05 11:04 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2015-02-05 11:04 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2015-02-05 11:04 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2015-02-05 11:02 - 2015-02-05 11:13 - 00000000 ____D () C:\Qoobox
2015-02-05 11:02 - 2015-02-05 11:07 - 00000000 ____D () C:\Windows\erdnt
2015-02-03 23:19 - 2015-02-03 23:19 - 00000299 _____ () C:\Users\kriD\Desktop\Firefox Werbe-Addons installieren sich selbsständig neu - Trojaner-Board.URL
2015-02-03 22:31 - 2015-02-05 12:43 - 00000000 ____D () C:\Users\kriD\Desktop\trojaner board
2015-02-03 21:37 - 2015-02-03 21:37 - 00031106 _____ () C:\Users\kriD\Downloads\Addition.txt
2015-02-03 21:36 - 2015-02-05 14:04 - 00000000 ____D () C:\FRST
2015-02-03 21:36 - 2015-02-03 21:37 - 00039645 _____ () C:\Users\kriD\Downloads\FRST.txt
2015-02-03 21:35 - 2015-02-03 21:36 - 02131456 _____ (Farbar) C:\Users\kriD\Downloads\FRST64.exe
2015-02-03 14:06 - 2015-02-03 14:06 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-02-03 13:41 - 2015-02-03 13:41 - 00000000 ____D () C:\Program Files (x86)\Facebook Chat Platinum
2015-02-02 22:00 - 2015-02-02 22:00 - 00000000 ____D () C:\Users\kriD\Documents\ProcAlyzer Dumps
2015-02-02 22:00 - 2015-02-02 22:00 - 00000000 ____D () C:\Program Files (x86)\NBA Live News
2015-02-02 21:38 - 2015-02-02 21:40 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-02-02 21:38 - 2015-02-02 21:38 - 00000957 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2015-02-02 21:38 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2015-02-02 20:58 - 2015-02-02 20:58 - 00000000 ____D () C:\Program Files (x86)\Fuskr
2015-02-02 18:03 - 2014-10-18 03:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2015-02-02 18:03 - 2014-10-18 02:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2015-02-02 18:03 - 2014-07-07 03:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2015-02-02 18:03 - 2014-07-07 03:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2015-02-02 18:03 - 2014-07-07 03:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2015-02-02 18:03 - 2014-07-07 03:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2015-02-02 18:03 - 2014-07-07 02:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2015-02-02 18:03 - 2014-07-07 02:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2015-02-02 18:03 - 2014-07-07 02:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2015-02-02 18:03 - 2014-07-07 02:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2015-02-02 18:01 - 2014-11-27 02:43 - 00389296 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-02-02 18:01 - 2014-11-27 02:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-02-02 18:01 - 2014-11-22 04:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-02-02 18:01 - 2014-11-22 04:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-02-02 18:01 - 2014-11-22 03:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-02-02 18:01 - 2014-11-22 03:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-02 18:01 - 2014-11-22 03:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-02-02 18:01 - 2014-11-22 03:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-02-02 18:01 - 2014-11-22 03:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-02-02 18:01 - 2014-11-22 03:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-02-02 18:01 - 2014-11-22 03:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-02-02 18:01 - 2014-11-22 03:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-02-02 18:01 - 2014-11-22 03:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-02-02 18:01 - 2014-11-22 03:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-02-02 18:01 - 2014-11-22 03:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-02-02 18:01 - 2014-11-22 03:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-02-02 18:01 - 2014-11-22 03:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-02-02 18:01 - 2014-11-22 03:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-02-02 18:01 - 2014-11-22 02:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-02-02 18:01 - 2014-11-22 02:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-02-02 18:01 - 2014-11-22 02:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-02-02 18:01 - 2014-11-22 02:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-02-02 18:01 - 2014-11-22 02:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-02-02 18:01 - 2014-11-22 02:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-02 18:01 - 2014-11-22 02:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-02-02 18:01 - 2014-11-22 02:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-02 18:01 - 2014-11-22 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-02-02 18:01 - 2014-11-22 02:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-02-02 18:01 - 2014-11-22 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-02-02 18:01 - 2014-11-22 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-02-02 18:01 - 2014-11-22 02:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-02-02 18:01 - 2014-11-22 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-02-02 18:01 - 2014-11-22 02:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-02-02 18:01 - 2014-11-22 02:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-02-02 18:01 - 2014-11-22 02:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-02 18:01 - 2014-11-22 02:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-02-02 18:01 - 2014-11-22 02:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-02-02 18:01 - 2014-11-22 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-02-02 18:01 - 2014-11-22 01:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-02-02 18:00 - 2014-11-22 04:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-02 18:00 - 2014-11-22 03:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-02 18:00 - 2014-11-22 03:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-02-02 18:00 - 2014-11-22 03:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-02-02 18:00 - 2014-11-22 03:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-02-02 18:00 - 2014-11-22 03:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-02-02 18:00 - 2014-11-22 03:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-02 18:00 - 2014-11-22 03:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-02-02 18:00 - 2014-11-22 03:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-02 18:00 - 2014-11-22 03:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-02-02 18:00 - 2014-11-22 03:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-02 18:00 - 2014-11-22 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-02-02 18:00 - 2014-11-22 02:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-02-02 18:00 - 2014-11-22 02:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-02 18:00 - 2014-11-22 02:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-02-02 18:00 - 2014-11-22 02:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-02 18:00 - 2014-11-22 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-02-02 17:59 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-02-02 17:59 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-02-02 17:59 - 2014-12-12 06:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-02-02 17:59 - 2014-12-12 06:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-02-02 17:59 - 2014-12-12 06:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-02-02 17:59 - 2014-12-12 06:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-02-02 17:59 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-02-02 17:59 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-02-02 17:59 - 2014-12-12 06:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-02-02 17:59 - 2014-12-11 18:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-02-02 17:59 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-02-02 17:59 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-02-02 17:59 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-02-02 17:59 - 2014-11-11 04:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-02 17:59 - 2014-11-11 04:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-02-02 17:59 - 2014-11-11 04:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2015-02-02 17:59 - 2014-11-11 03:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-02-02 17:59 - 2014-11-11 03:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-02-02 17:59 - 2014-11-11 03:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2015-02-02 17:59 - 2014-11-11 02:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2015-02-02 17:59 - 2014-11-08 04:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2015-02-02 17:59 - 2014-11-08 03:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2015-02-02 17:59 - 2014-10-30 03:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2015-02-02 17:59 - 2014-10-30 02:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe
2015-02-02 17:59 - 2014-10-14 03:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-02-02 17:59 - 2014-10-14 03:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2015-02-02 17:59 - 2014-10-14 03:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-02-02 17:59 - 2014-10-14 03:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-02-02 17:59 - 2014-10-14 03:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-02-02 17:59 - 2014-10-14 02:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-02-02 17:59 - 2014-10-14 02:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-02-02 17:59 - 2014-10-14 02:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-02-02 17:59 - 2014-10-14 02:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-02-02 17:59 - 2014-10-03 03:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2015-02-02 17:59 - 2014-10-03 03:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-02-02 17:59 - 2014-10-03 03:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2015-02-02 17:59 - 2014-10-03 03:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2015-02-02 17:59 - 2014-10-03 03:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2015-02-02 17:59 - 2014-10-03 03:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-02-02 17:59 - 2014-10-03 03:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-02-02 17:59 - 2014-10-03 03:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-02-02 17:59 - 2014-10-03 03:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-02-02 17:59 - 2014-10-03 03:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2015-02-02 17:59 - 2014-10-03 02:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2015-02-02 17:59 - 2014-10-03 02:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
2015-02-02 17:59 - 2014-10-03 02:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2015-02-02 17:59 - 2014-10-03 02:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2015-02-02 17:59 - 2014-10-03 02:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2015-02-02 17:59 - 2014-10-03 02:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2015-02-02 17:59 - 2014-10-03 02:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
2015-02-02 17:59 - 2014-10-03 02:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2015-02-02 17:59 - 2014-09-19 10:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-02-02 17:59 - 2014-09-19 10:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-02-02 17:59 - 2014-09-19 10:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-02-02 17:59 - 2014-09-19 10:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-02-02 17:59 - 2014-09-19 10:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-02-02 17:59 - 2014-09-19 10:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-02-02 17:59 - 2014-09-19 10:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-02-02 17:59 - 2014-09-19 10:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-02-02 17:59 - 2014-09-19 10:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-02-02 17:59 - 2014-09-19 10:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-02-02 17:59 - 2014-09-19 10:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-02-02 17:59 - 2014-09-19 10:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-02-02 17:59 - 2014-08-21 07:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-02-02 17:59 - 2014-08-21 07:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-02-02 17:59 - 2014-08-21 07:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-02-02 17:59 - 2014-08-21 07:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-02-02 17:59 - 2014-08-12 03:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2015-02-02 17:59 - 2014-08-12 02:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2015-02-02 17:58 - 2014-10-25 02:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2015-02-02 17:58 - 2014-10-25 02:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2015-02-02 17:58 - 2014-10-18 03:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-02 17:58 - 2014-10-18 02:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-02-02 17:58 - 2014-10-14 03:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-02-02 17:58 - 2014-10-14 02:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2015-02-02 17:58 - 2014-10-10 01:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-02 17:39 - 2015-02-02 17:39 - 00000703 _____ () C:\Users\kriD\Desktop\Revo Uninstaller.lnk
2015-02-02 10:16 - 2015-02-02 10:16 - 00000262 _____ () C:\Users\kriD\Desktop\Video Downloader entfernen - Trojaner-Board.URL
2015-02-02 10:14 - 2015-02-02 10:14 - 00000000 ____D () C:\Program Files (x86)\Download Button
2015-02-01 21:14 - 2015-02-01 21:14 - 00000000 ____D () C:\Program Files (x86)\DubLi Toolbar
2015-02-01 12:54 - 2015-02-01 12:54 - 00000000 ____D () C:\Program Files (x86)\Tab Resize split screen layouts
2015-01-31 20:59 - 2015-01-31 20:59 - 00000000 ____D () C:\Program Files (x86)\Fairy Tail Fighting
2015-01-30 12:11 - 2015-01-30 12:11 - 00000260 _____ () C:\Users\kriD\Desktop\CouponDropDown entfernen - Trojaner-Board.URL
2015-01-30 12:11 - 2015-01-30 12:11 - 00000000 ____D () C:\Windows\ERUNT
2015-01-30 12:03 - 2015-02-02 21:28 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-01-30 12:02 - 2015-02-04 20:24 - 00000000 ____D () C:\Users\kriD\Desktop\mbar
2015-01-30 11:37 - 2015-01-30 11:37 - 00000000 ____D () C:\Program Files (x86)\UGamesFree
2015-01-30 10:33 - 2015-01-30 10:33 - 00000000 ____D () C:\Program Files (x86)\Extreme User Agent Switcher
2015-01-29 10:43 - 2015-01-29 10:43 - 00000000 ____D () C:\Program Files (x86)\MetaProducts Offline Explorer integration
2015-01-29 10:15 - 2015-01-29 10:15 - 00000242 _____ () C:\Users\kriD\Desktop\how do i remove ads by coupon drop down from my browser i never installed it and it is not an add-on. it is not in my addrem.URL
2015-01-29 09:50 - 2015-01-29 10:21 - 00000000 ____D () C:\Program Files (x86)\Emotee
2015-01-29 03:04 - 2015-02-05 13:53 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-29 02:53 - 2015-02-02 20:39 - 00097496 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-29 02:53 - 2015-01-29 02:53 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-29 02:53 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-01-29 02:53 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-01-28 12:29 - 2015-02-05 13:59 - 00000000 ____D () C:\AdwCleaner
2015-01-27 00:05 - 2015-01-27 00:05 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-24 22:23 - 2015-01-24 22:23 - 00000244 _____ () C:\Users\kriD\Desktop\Alfie Utility - Utility CaseGlassesPens.URL
2015-01-24 22:23 - 2015-01-24 22:23 - 00000233 _____ () C:\Users\kriD\Desktop\Pinterest.URL
2015-01-24 16:54 - 2015-01-24 20:52 - 01207492 _____ () C:\Users\kriD\Desktop\cutting pattern initial signs.psd
2015-01-20 21:06 - 2015-01-20 21:06 - 635104812 _____ () C:\Users\kriD\Desktop\IloveMUSIC wallpaper.psd
2015-01-18 19:31 - 2015-01-18 22:04 - 07454907 _____ () C:\Users\kriD\Desktop\handy cover cutting pattern.psd
2015-01-16 21:48 - 2015-01-20 21:24 - 12562263 _____ () C:\Users\kriD\Desktop\cutting pattern small wallet leo disassembled.psd
2015-01-16 19:51 - 2015-01-16 19:51 - 00897534 _____ () C:\Users\kriD\Desktop\button scribble.psd
2015-01-15 21:01 - 2015-01-23 20:51 - 12467407 _____ () C:\Users\kriD\Desktop\cutting pattern small wallet leo.psd
2015-01-15 01:59 - 2015-01-15 01:59 - 110381935 _____ () C:\Users\kriD\Desktop\wallpaper organic.psd
2015-01-13 21:58 - 2015-01-13 21:58 - 00000247 _____ () C:\Users\kriD\Desktop\Ring Belts.URL
2015-01-13 21:57 - 2015-01-13 21:57 - 00000273 _____ () C:\Users\kriD\Desktop\CoRLection Santa Rosa by HTC Ying Yang Double Ring belt.URL
2015-01-10 20:14 - 2015-01-11 03:41 - 00000000 ____D () C:\Program Files (x86)\SystemHero
2015-01-08 17:33 - 2015-01-08 17:33 - 00000427 _____ () C:\Users\kriD\Desktop\TomorrowLand 2015 - Be part of the madness.URL
2015-01-08 00:29 - 2015-01-08 00:29 - 00000132 _____ () C:\Users\kriD\AppData\Roaming\Adobe AIFF Format CS5 Prefs

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-05 14:03 - 2014-07-06 10:36 - 01362852 _____ () C:\Windows\WindowsUpdate.log
2015-02-05 14:00 - 2014-07-14 09:47 - 00000000 ____D () C:\Users\kriD\AppData\Roaming\Dropbox
2015-02-05 14:00 - 2010-11-21 04:47 - 00030412 _____ () C:\Windows\PFRO.log
2015-02-05 14:00 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-05 14:00 - 2009-07-14 05:56 - 00112345 _____ () C:\Windows\setupact.log
2015-02-05 13:21 - 2014-12-08 20:54 - 00000000 ____D () C:\Users\kriD\Documents\AirDroid
2015-02-05 11:12 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2015-02-05 11:08 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default
2015-02-05 11:07 - 2014-07-07 12:50 - 00000000 ____D () C:\Users\kriD\AppData\Local\Adobe
2015-02-05 10:35 - 2009-07-14 05:50 - 00019920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-05 10:35 - 2009-07-14 05:50 - 00019920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-05 10:34 - 2011-04-12 09:14 - 00699092 _____ () C:\Windows\system32\perfh007.dat
2015-02-05 10:34 - 2011-04-12 09:14 - 00149232 _____ () C:\Windows\system32\perfc007.dat
2015-02-05 10:34 - 2009-07-14 06:12 - 01619284 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-05 10:28 - 2014-07-08 18:19 - 00000000 ____D () C:\Users\kriD\AppData\Roaming\foobar2000
2015-02-04 02:11 - 2014-08-10 22:02 - 00000000 ____D () C:\Users\kriD\AppData\Roaming\Mumble
2015-02-04 00:28 - 2014-07-07 08:09 - 00000000 ____D () C:\Program Files (x86)\Heroes of Newerth
2015-02-03 13:51 - 2015-01-05 12:06 - 00000000 ____D () C:\Users\kriD\Desktop\Alte Firefox-Daten
2015-02-03 13:36 - 2014-07-06 11:17 - 00000000 ____D () C:\Windows\pss
2015-02-02 21:07 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2015-02-02 20:35 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\schemas
2015-02-02 20:24 - 2009-07-14 05:50 - 04970744 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-02 20:24 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-02-02 18:03 - 2014-07-06 12:42 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-02 10:20 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\Cursors
2015-01-30 11:17 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\Vss
2015-01-29 09:29 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\security
2015-01-28 13:07 - 2014-07-07 07:49 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-28 13:07 - 2014-07-07 07:49 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-28 11:50 - 2014-07-30 20:31 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-27 10:12 - 2014-10-21 00:51 - 00010508 _____ () C:\Users\kriD\Desktop\Leder.xlsx
2015-01-21 01:37 - 2014-09-23 21:34 - 00000000 ____D () C:\Users\kriD\AppData\Roaming\TS3Client
2015-01-20 16:42 - 2014-08-20 09:40 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-01-15 03:32 - 2014-08-28 21:41 - 00000132 _____ () C:\Users\kriD\AppData\Roaming\Adobe PNG Format CS5 Prefs
2015-01-14 22:17 - 2014-07-06 13:14 - 00000000 ____D () C:\Users\kriD\AppData\Roaming\Adobe
2015-01-12 11:58 - 2014-10-16 19:00 - 00000000 ____D () C:\Users\kriD\Desktop\Homepage Bilder

==================== Files in the root of some directories =======

2015-01-08 00:29 - 2015-01-08 00:29 - 0000132 _____ () C:\Users\kriD\AppData\Roaming\Adobe AIFF Format CS5 Prefs
2014-08-28 21:41 - 2015-01-15 03:32 - 0000132 _____ () C:\Users\kriD\AppData\Roaming\Adobe PNG Format CS5 Prefs

Some content of TEMP:
====================
C:\Users\kriD\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpo3h7v6.dll
C:\Users\kriD\AppData\Local\Temp\Quarantine.exe
C:\Users\kriD\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-03 21:32

==================== End Of Log ============================
         
--- --- ---

.. und die Addition.txt:
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-02-2015 01
Ran by kriD at 2015-02-05 14:04:57
Running from E:\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.3.9120 - Adobe Systems Inc.)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.0.0.400 - Adobe Systems Incorporated)
Adobe Creative Suite 5 Master Collection (HKLM-x32\...\{1BBD8D70-721A-41AD-AC8F-7308A0C8FA92}) (Version: 5.0 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.296 - Adobe Systems Incorporated)
Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
AirDroid 3.0.1 (HKLM-x32\...\AirDroid) (Version: 3.0.1 - Sand Studio)
AMD Catalyst Install Manager (HKLM\...\{6119B3A6-3603-9695-0398-CDF2AF0A13F8}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
ArcaniA – Gothic 4 (HKLM-x32\...\Steam App 39690) (Version:  - Spellbound Studios)
Citavi 4 (HKLM-x32\...\{CC0A85B2-734A-45B3-B678-05F6A6499AC7}) (Version: 4.4.0.28 - Swiss Academic Software)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
DAEMON Tools Ultra (HKLM-x32\...\DAEMON Tools Ultra) (Version: 2.3.0.0254 - Disc Soft Ltd)
Dota 2 (HKLM-x32\...\Steam App 570) (Version:  - Valve)
Dropbox (HKU\S-1-5-21-2803228219-286040756-942108547-1000\...\Dropbox) (Version: 3.0.3 - Dropbox, Inc.)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
EViews 7 (HKLM-x32\...\{6A5AEDA0-3B9E-4006-90A7-E78779951A43}) (Version:  - )
EViews 7 (HKLM-x32\...\{B68FC32E-D58F-4B74-A838-B265BF40A445}) (Version:  - )
EViews 7.1 Documentation (HKLM-x32\...\{A6B1D5D2-2CB1-4FBC-B3AA-BEC656406215}) (Version:  - )
foobar2000 v1.3.2 (HKLM-x32\...\foobar2000) (Version: 1.3.2 - Peter Pawlowski)
Heroes of Newerth (HKLM-x32\...\hon) (Version: 2.3.0 - S2 Games)
Logitech Gaming Software 8.55 (HKLM\...\Logitech Gaming Software) (Version: 8.55.137 - Logitech Inc.)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Mozilla Firefox 35.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 de)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.0 - Mozilla)
Mozilla Thunderbird 31.4.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 31.4.0 (x86 de)) (Version: 31.4.0 - Mozilla)
Mumble 1.2.8 (HKLM-x32\...\{1BC144A3-20EF-49DD-8EBB-E421E128E30F}) (Version: 1.2.8 - Thorvald Natvig)
Native Instruments Audio 2 DJ Driver (HKLM-x32\...\Native Instruments Audio 2 DJ Driver) (Version:  - Native Instruments)
Native Instruments Controller Editor (HKLM-x32\...\Native Instruments Controller Editor) (Version: 1.7.0.150 - Native Instruments)
Native Instruments Service Center (HKLM-x32\...\Native Instruments Service Center) (Version: 2.5.2.1549 - Native Instruments)
Native Instruments Traktor 2 (HKLM-x32\...\Native Instruments Traktor 2) (Version: 2.6.8.382 - Native Instruments)
Native Instruments Traktor Kontrol S2 Driver (HKLM-x32\...\Native Instruments Traktor Kontrol S2 Driver) (Version:  - Native Instruments)
Natural Selection 2 (HKLM-x32\...\Steam App 4920) (Version:  - Unknown Worlds Entertainment)
NVIDIA PhysX (HKLM-x32\...\{80407BA7-7763-4395-AB98-5233F1B34E65}) (Version: 9.13.1220 - NVIDIA Corporation)
ObjectDock Plus (HKLM-x32\...\ObjectDock Plus2.01) (Version: 2.01 - Stardock Corporation)
PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
PureSync (x32 Version: 3.8.0 - Jumping Bytes) Hidden
PureSync 3.8.0 (HKLM-x32\...\PureSync) (Version: 3.8.0 - Jumping Bytes)
Rainmeter (HKLM-x32\...\Rainmeter) (Version: 3.1 r2290 - )
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.67.1226.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6782 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Risen 3 - Titan Lords (HKLM-x32\...\Steam App 249230) (Version:  - Piranha Bytes)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version:  - )
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
SteelSeries Engine (HKLM\...\SteelSeries Engine) (Version: 2.8.450.22786 - SteelSeries)
Strife (HKLM-x32\...\Strife) (Version:  - S2 Games)
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version:  - Valve)
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
Telegram Desktop version 0.7.10 (HKU\S-1-5-21-2803228219-286040756-942108547-1000\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 0.7.10 - Telegram Messenger LLP)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
Wacom Tablett (HKLM\...\Wacom Tablet Driver) (Version: 6.3.8-4 - Wacom Technology Corp.)
WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2803228219-286040756-942108547-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\kriD\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2803228219-286040756-942108547-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\kriD\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2803228219-286040756-942108547-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\kriD\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2803228219-286040756-942108547-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\kriD\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2803228219-286040756-942108547-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\kriD\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2803228219-286040756-942108547-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\kriD\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2803228219-286040756-942108547-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\kriD\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2803228219-286040756-942108547-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\kriD\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2803228219-286040756-942108547-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\kriD\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

==================== Restore Points  =========================

30-01-2015 14:08:57 Geplanter Prüfpunkt
02-02-2015 18:01:25 Windows Update
02-02-2015 20:26:51 Revo Uninstaller's restore point - CheeapMe
02-02-2015 20:28:07 Revo Uninstaller's restore point - DiscoountuEExTensi
02-02-2015 20:28:40 Revo Uninstaller's restore point - DuigiiSAver
02-02-2015 20:29:08 Windows Defender Checkpoint
02-02-2015 20:29:40 Revo Uninstaller's restore point - ExstiraSavings
02-02-2015 20:30:34 Revo Uninstaller's restore point - Redirect Path
05-02-2015 10:55:23 Revo Uninstaller's restore point - DisocoUntExttensi
05-02-2015 10:56:19 Revo Uninstaller's restore point - Dr.Web Anti-Virus Link Checker
05-02-2015 10:57:00 Revo Uninstaller's restore point - ShooppDroop
05-02-2015 10:57:48 Revo Uninstaller's restore point - Extreme Blocker
05-02-2015 10:58:31 Revo Uninstaller's restore point - Isaavaeeri
05-02-2015 10:58:58 Revo Uninstaller's restore point - JoNiCoupon
05-02-2015 10:59:22 Revo Uninstaller's restore point - Panel View for Play Music
05-02-2015 10:59:49 Revo Uninstaller's restore point - DigiCouPOnn
05-02-2015 11:00:16 Revo Uninstaller's restore point - DigiSaveR
05-02-2015 11:00:38 Revo Uninstaller's restore point - EneJoayCooupoN
05-02-2015 11:01:03 Revo Uninstaller's restore point - SimpleClear

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2015-02-05 11:07 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {8003F45B-C700-4A6B-846B-EE120783A444} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {A592B856-120F-4870-8A38-A6F2904913E4} - System32\Tasks\Microsoft\Windows\TabletPC\InputPersonalization => C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe [2009-07-14] (Microsoft Corporation)

==================== Loaded Modules (whitelisted) ==============

2014-07-28 19:29 - 2014-07-28 19:29 - 00866584 _____ () C:\Program Files\Logitech Gaming Software\libGLESv2.dll
2014-07-28 19:32 - 2014-07-28 19:32 - 01050904 _____ () C:\Program Files\Logitech Gaming Software\platforms\qwindows.dll
2014-07-28 19:29 - 2014-07-28 19:29 - 00059160 _____ () C:\Program Files\Logitech Gaming Software\libEGL.dll
2014-07-28 19:31 - 2014-07-28 19:31 - 00242456 _____ () C:\Program Files\Logitech Gaming Software\imageformats\qjpeg.dll
2014-06-26 19:39 - 2014-06-26 19:39 - 00504832 _____ () D:\Tools\SteelSeries Engine\SSEngineLib.dll
2014-06-26 19:39 - 2014-06-26 19:39 - 09315328 _____ () D:\Tools\SteelSeries Engine\SSEngineWinGui.dll
2014-06-26 19:39 - 2014-06-26 19:39 - 00015872 _____ () D:\Tools\SteelSeries Engine\Localization.dll
2014-06-26 19:39 - 2014-06-26 19:39 - 00011264 _____ () D:\Tools\SteelSeries Engine\ISSPlugin.dll
2014-06-26 19:39 - 2014-06-26 19:39 - 00011264 _____ () D:\Tools\SteelSeries Engine\Utilities.dll
2014-06-26 19:39 - 2014-06-26 19:39 - 00115200 _____ () D:\Tools\SteelSeries Engine\DriverCommunication.dll
2014-05-16 16:57 - 2014-05-16 16:57 - 00047616 _____ () D:\Tools\SteelSeries Engine\SteelSeriesDrivers\x2api.dll
2014-06-26 19:39 - 2014-06-26 19:39 - 00034304 _____ () D:\Tools\SteelSeries Engine\DBUtils.dll
2014-05-16 16:57 - 2014-05-16 16:57 - 01102336 _____ () D:\Tools\SteelSeries Engine\System.Data.SQLite.dll
2014-06-26 19:39 - 2014-06-26 19:39 - 00189440 _____ () D:\Tools\SteelSeries Engine\MousePlugin.dll
2014-06-26 19:39 - 2014-06-26 19:39 - 00030720 _____ () D:\Tools\SteelSeries Engine\D3MousePlugin.dll
2014-06-26 19:39 - 2014-06-26 19:39 - 00031744 _____ () D:\Tools\SteelSeries Engine\KKMousePlugin.dll
2014-06-26 19:39 - 2014-06-26 19:39 - 00030720 _____ () D:\Tools\SteelSeries Engine\SRawPlugin.dll
2014-06-26 19:39 - 2014-06-26 19:39 - 00159744 _____ () D:\Tools\SteelSeries Engine\MLGSenseiPlugin.dll
2014-06-26 19:39 - 2014-06-26 19:39 - 00020992 _____ () D:\Tools\SteelSeries Engine\WoWGoldPlugin.dll
2014-06-26 19:39 - 2014-06-26 19:39 - 00030720 _____ () D:\Tools\SteelSeries Engine\GW2MousePlugin.dll
2014-06-26 19:39 - 2014-06-26 19:39 - 00029696 _____ () D:\Tools\SteelSeries Engine\CSGOMousePlugin.dll
2014-06-26 19:39 - 2014-06-26 19:39 - 00030208 _____ () D:\Tools\SteelSeries Engine\DOTA2MousePlugin.dll
2014-06-26 19:39 - 2014-06-26 19:39 - 00023040 _____ () D:\Tools\SteelSeries Engine\WoWWirelessPlugin.dll
2014-06-26 19:39 - 2014-06-26 19:39 - 00030720 _____ () D:\Tools\SteelSeries Engine\CODMousePlugin.dll
2014-06-26 19:39 - 2014-06-26 19:39 - 00030208 _____ () D:\Tools\SteelSeries Engine\WoTMousePlugin.dll
2014-05-25 15:18 - 2014-05-25 15:18 - 00036536 _____ () D:\Tools\Rainmeter\Rainmeter.exe
2014-05-25 15:18 - 2014-05-25 15:18 - 00747192 _____ () D:\Tools\Rainmeter\Rainmeter.dll
2014-05-25 15:17 - 2014-05-25 15:17 - 00019968 _____ () D:\Tools\Rainmeter\Plugins\SysInfo.dll
2014-05-25 15:17 - 2014-05-25 15:17 - 00056832 _____ () D:\Tools\Rainmeter\Plugins\WebParser.dll
2014-08-04 18:37 - 2014-04-21 23:30 - 01356568 _____ () C:\Program Files\Tablet\Wacom\libxml2.dll
2015-01-10 20:14 - 2015-01-10 20:14 - 02508800 _____ () c:\Program Files (x86)\SystemHero\SystemHero.dll
2015-02-02 21:38 - 2014-05-13 12:04 - 00109400 _____ () D:\Tools\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2015-02-02 21:38 - 2014-05-13 12:04 - 00416600 _____ () D:\Tools\Spybot - Search & Destroy 2\DEC150.bpl
2015-02-02 21:38 - 2014-05-13 12:04 - 00167768 _____ () D:\Tools\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2015-02-02 21:38 - 2012-08-23 10:38 - 00574840 _____ () D:\Tools\Spybot - Search & Destroy 2\sqlite3.dll
2015-02-02 21:38 - 2012-04-03 17:06 - 00565640 _____ () D:\Tools\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2014-03-19 14:18 - 2015-01-27 21:08 - 00630784 _____ () D:\Tools\Airdroid\System.Data.SQLite.dll
2014-10-22 01:22 - 2014-10-22 01:22 - 00750080 _____ () C:\Users\kriD\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-02-05 14:00 - 2015-02-05 14:00 - 00043008 _____ () c:\users\krid\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpo3h7v6.dll
2014-10-22 01:22 - 2014-10-22 01:22 - 00047616 _____ () C:\Users\kriD\AppData\Roaming\Dropbox\bin\libEGL.dll
2014-10-22 01:22 - 2014-10-22 01:22 - 00863744 _____ () C:\Users\kriD\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2014-10-22 01:22 - 2014-10-22 01:22 - 00200704 _____ () C:\Users\kriD\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2013-05-04 12:57 - 2013-05-04 12:57 - 00095712 _____ () D:\Tools\foobar2000\zlib1.dll
2014-04-11 10:51 - 2014-04-11 10:51 - 00156624 _____ () D:\Tools\foobar2000\shared.dll
2014-04-11 10:49 - 2014-04-11 10:49 - 00199680 _____ () D:\Tools\foobar2000\components\foo_dsp_std.dll
2014-04-11 10:48 - 2014-04-11 10:48 - 00173056 _____ () D:\Tools\foobar2000\components\foo_unpack.dll
2014-04-11 10:51 - 2014-04-11 10:51 - 01391080 _____ () D:\Tools\foobar2000\components\foo_input_std.dll
2014-04-11 10:49 - 2014-04-11 10:49 - 00304640 _____ () D:\Tools\foobar2000\components\foo_cdda.dll
2014-04-11 10:49 - 2014-04-11 10:49 - 00501248 _____ () D:\Tools\foobar2000\components\foo_converter.dll
2014-04-11 10:49 - 2014-04-11 10:49 - 00350720 _____ () D:\Tools\foobar2000\components\foo_albumlist.dll
2014-04-11 10:49 - 2014-04-11 10:49 - 00285696 _____ () D:\Tools\foobar2000\components\foo_fileops.dll
2014-04-11 10:49 - 2014-04-11 10:49 - 00199168 _____ () D:\Tools\foobar2000\components\foo_dsp_eq.dll
2014-04-11 10:49 - 2014-04-11 10:49 - 00299520 _____ () D:\Tools\foobar2000\components\foo_freedb2.dll
2014-04-11 10:51 - 2014-04-11 10:51 - 00945128 _____ () D:\Tools\foobar2000\components\foo_ui_std.dll
2014-04-11 10:49 - 2014-04-11 10:49 - 00353280 _____ () D:\Tools\foobar2000\components\foo_rgscan.dll
2015-01-27 00:05 - 2015-01-27 00:05 - 03925104 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Registry Areas =====================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2803228219-286040756-942108547-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\kriD\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: asComSvc => 2
MSCONFIG\Services: Disc Soft Bus Service => 3
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: SwitchBoard => 3
MSCONFIG\startupfolder: C:^Users^kriD^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^debug.nfo => C:\Windows\pss\debug.nfo.Startup
MSCONFIG\startupfolder: C:^Users^kriD^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^foobar2000.lnk => C:\Windows\pss\foobar2000.lnk.Startup
MSCONFIG\startupfolder: C:^Users^kriD^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^speedfan.exe => C:\Windows\pss\speedfan.exe.Startup
MSCONFIG\startupfolder: C:^Users^kriD^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^speedfanevents.cfg => C:\Windows\pss\speedfanevents.cfg.Startup
MSCONFIG\startupfolder: C:^Users^kriD^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^speedfanparams.cfg => C:\Windows\pss\speedfanparams.cfg.Startup
MSCONFIG\startupfolder: C:^Users^kriD^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^speedfansens.cfg => C:\Windows\pss\speedfansens.cfg.Startup
MSCONFIG\startupfolder: C:^Users^kriD^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Stardock ObjectDock.lnk => C:\Windows\pss\Stardock ObjectDock.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: AdobeCS5ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: AirDroid 3 => D:\Tools\Airdroid\AirDroid.exe /start
MSCONFIG\startupreg: DAEMON Tools Ultra Agent => "D:\Tools\DAEMON Tools Ultra\DTAgent.exe" -autorun
MSCONFIG\startupreg: GrooveMonitor => "D:\Tools\Microsoft Office 2007\Office12\GrooveMonitor.exe"
MSCONFIG\startupreg: RTHDVCPL => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
MSCONFIG\startupreg: SDTray => "D:\Tools\Spybot - Search & Destroy 2\SDTray.exe"
MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
MSCONFIG\startupreg: SwitchBoard => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

==================== Accounts: =============================

Administrator (S-1-5-21-2803228219-286040756-942108547-500 - Administrator - Disabled)
Gast (S-1-5-21-2803228219-286040756-942108547-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-2803228219-286040756-942108547-1002 - Limited - Enabled)
kriD (S-1-5-21-2803228219-286040756-942108547-1000 - Administrator - Enabled) => C:\Users\kriD

==================== Faulty Device Manager Devices =============

Name: USB (Universal Serial Bus)-Controller
Description: USB (Universal Serial Bus)-Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Audiocontroller für Multimedia
Description: Audiocontroller für Multimedia
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (02/05/2015 02:00:48 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/05/2015 01:50:29 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (02/05/2015 01:50:22 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig.

Error: (02/05/2015 10:48:18 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 35.0.1.5500, Zeitstempel: 0x54c1f9f3
Name des fehlerhaften Moduls: mozalloc.dll, Version: 35.0.1.5500, Zeitstempel: 0x54c1f224
Ausnahmecode: 0x80000003
Fehleroffset: 0x00001425
ID des fehlerhaften Prozesses: 0x1780
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3

Error: (02/05/2015 10:28:11 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/04/2015 03:15:21 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: Volume "Ex C (G:)" wurde aufgrund eines Fehlers nicht defragmentiert: Der Datenträger wurde vom System getrennt. (0x89000011)

Error: (02/04/2015 00:57:57 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (02/04/2015 00:57:49 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig.

Error: (02/04/2015 11:20:39 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/03/2015 09:33:04 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.


System errors:
=============
Error: (02/05/2015 02:00:49 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: ComputerstandardLokalAktivierung{BC50CF2A-E12C-4F18-90CE-714CC8600CEE}{BC50CF2A-E12C-4F18-90CE-714CC8600CEE}NT-AUTORITÄTLOKALER DIENSTS-1-5-19LocalHost (unter Verwendung von LRPC)

Error: (02/05/2015 11:12:34 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

Error: (02/05/2015 11:11:19 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

Error: (02/05/2015 11:07:35 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

Error: (02/05/2015 11:07:17 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\ComboFix\catchme.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.

Error: (02/05/2015 11:07:17 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "SystemHero" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (02/05/2015 11:05:58 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

Error: (02/05/2015 10:28:12 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: ComputerstandardLokalAktivierung{BC50CF2A-E12C-4F18-90CE-714CC8600CEE}{BC50CF2A-E12C-4F18-90CE-714CC8600CEE}NT-AUTORITÄTLOKALER DIENSTS-1-5-19LocalHost (unter Verwendung von LRPC)

Error: (02/04/2015 03:15:23 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk4\DR4 gefunden.

Error: (02/04/2015 03:15:21 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk4\DR4 gefunden.


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2015-02-05 11:07:17.522
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume4\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-02-05 11:07:17.488
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume4\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info =========================== 

Processor: Intel(R) Xeon(R) CPU E3-1231 v3 @ 3.40GHz
Percentage of memory in use: 20%
Total physical RAM: 15826.73 MB
Available physical RAM: 12597.79 MB
Total Pagefile: 31651.64 MB
Available Pagefile: 28317.44 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:232.88 GB) (Free:162.11 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Programme) (Fixed) (Total:976.56 GB) (Free:908.15 GB) NTFS
Drive e: (Daten) (Fixed) (Total:2749.33 GB) (Free:1508.79 GB) NTFS
Drive f: (Backup) (Fixed) (Total:931.51 GB) (Free:853.42 GB) NTFS
Drive g: (Ex C) (Fixed) (Total:126.72 GB) (Free:14.81 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive h: (Ex E) (Fixed) (Total:338.94 GB) (Free:78.12 GB) NTFS
Drive i: (TOURO) (Fixed) (Total:931.51 GB) (Free:489.04 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: B2F52B71)
Partition 1: (Active) - (Size=232.9 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: E8900690)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (Size: 3726 GB) (Disk ID: A33D020D)

Partition: GPT Partition Type.

========================================================
Disk: 3 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 3ECC3ECC)
Partition 1: (Not Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Active) - (Size=126.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=338.9 GB) - (Type=07 NTFS)

========================================================
Disk: 4 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: CD0FD048)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         
Danke und LG, kriD_

Alt 05.02.2015, 14:00   #12
schrauber
/// the machine
/// TB-Ausbilder
 

Firefox: Werbe-Addons installieren sich selbsständig neu - Standard

Firefox: Werbe-Addons installieren sich selbsständig neu




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 05.02.2015, 14:09   #13
kriD_
 
Firefox: Werbe-Addons installieren sich selbsständig neu - Standard

Firefox: Werbe-Addons installieren sich selbsständig neu



Ich hab das junkware removal tool vergessen bevor ich farbars drüber laufen lassen habe.. Werde das noch machen und danach eset OK?
LG kriD_

Alt 05.02.2015, 17:07   #14
schrauber
/// the machine
/// TB-Ausbilder
 

Firefox: Werbe-Addons installieren sich selbsständig neu - Standard

Firefox: Werbe-Addons installieren sich selbsständig neu



jup
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 06.02.2015, 09:20   #15
kriD_
 
Firefox: Werbe-Addons installieren sich selbsständig neu - Standard

Fehler über Fehler



Hey,

habe ESET über nacht duchlaufen lassen (dauert immer so 6 Stunden) und es gab 86 Funde. Ich habe jedoch das Häkchen bei gefundenes deinstallieren gesetzt und dann auf fertigstellen geklickt (kann ja nicht schaden dachte ich). Ich nehme mal an, das wird der Grund sein, dass es nun keine log Datei gibt für den Suchlauf.

Beim Security Check bekomme ich als log Datei:
Code:
ATTFilter
 UNSUPPORTED OPERATING SYSTEM! ABORTED!
         
Vielleicht mag er meine N Version von Windows nicht?

FRST.txt:
FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-02-2015 01
Ran by kriD (administrator) on KRID-PC on 06-02-2015 10:18:54
Running from E:\Downloads
Loaded Profiles: kriD (Available profiles: kriD)
Platform: Windows 7 Professional N Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Native Instruments GmbH) C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(SteelSeries ApS) D:\Tools\SteelSeries Engine\SteelSeriesEngine.exe
(Jumping Bytes) D:\Tools\PureSync\PureSyncTray.exe
(Sand Studio) D:\Tools\Airdroid\AirDroid.exe
(Dropbox, Inc.) C:\Users\kriD\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Piotr Pawlowski) D:\Tools\foobar2000\foobar2000.exe
() D:\Tools\Rainmeter\Rainmeter.exe
(Telegram Messenger LLP) D:\Tools\Telegram\Telegram.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDPOP3.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDCountdown.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Wacom\WacomHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe
(Mozilla Corporation) D:\Tools\Thunderbird\thunderbird.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_296.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_296.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [10801944 2014-07-28] (Logitech Inc.)
HKLM Group Policy restriction on software: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\Adobe Application Manager (Updater) <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <====== ATTENTION
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-2803228219-286040756-942108547-1000\...\Run: [SteelSeries Engine] => D:\Tools\SteelSeries Engine\SteelSeriesEngine.exe [87040 2014-06-26] (SteelSeries ApS)
HKU\S-1-5-21-2803228219-286040756-942108547-1000\...\Run: [PureSync] => D:\Tools\PureSync\PureSyncTray.exe [915120 2014-08-09] (Jumping Bytes)
HKU\S-1-5-21-2803228219-286040756-942108547-1000\...\Run: [AirDroid 3] => D:\Tools\Airdroid\AirDroid.exe [11269120 2015-01-27] (Sand Studio)
Startup: C:\Users\kriD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\kriD\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\kriD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\foobar2000.lnk
ShortcutTarget: foobar2000.lnk -> D:\Tools\foobar2000\foobar2000.exe (Piotr Pawlowski)
Startup: C:\Users\kriD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk
ShortcutTarget: Rainmeter.lnk -> D:\Tools\Rainmeter\Rainmeter.exe ()
Startup: C:\Users\kriD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Telegram.lnk
ShortcutTarget: Telegram.lnk -> D:\Tools\Telegram\Telegram.exe (Telegram Messenger LLP)
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 1 (GFS Unread Stub)] -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} => D:\Tools\Microsoft Office 2007\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 2 (GFS Stub)] -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => D:\Tools\Microsoft Office 2007\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)] -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} => D:\Tools\Microsoft Office 2007\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 3 (GFS Folder)] -> {16F3DD56-1AF5-4347-846D-7C10C4192619} => D:\Tools\Microsoft Office 2007\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 4 (GFS Unread Mark)] -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => D:\Tools\Microsoft Office 2007\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BootExecute: autocheck autochk * sdnclean64.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2803228219-286040756-942108547-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2803228219-286040756-942108547-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
Handler-x32: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\Tools\Microsoft Office 2007\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\kriD\AppData\Roaming\Mozilla\Firefox\Profiles\kznrb15f.default-1422967902742
FF Homepage: hxxp://www.google.de/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll ()
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Extension: WOT - C:\Users\kriD\AppData\Roaming\Mozilla\Firefox\Profiles\kznrb15f.default-1422967902742\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2015-02-03]
FF Extension: Adblock Plus - C:\Users\kriD\AppData\Roaming\Mozilla\Firefox\Profiles\kznrb15f.default-1422967902742\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-02-03]
FF HKLM-x32\...\Firefox\Extensions: [{8AA36F4F-6DC7-4c06-77AF-5035170634FE}] - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox
FF Extension: Citavi Picker - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2014-12-06]

Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 7baa6e25; c:\Program Files (x86)\SystemHero\SystemHero.dll [2508800 2015-01-10] () [File not signed]
S4 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.01.01\atkexComSvc.exe [927232 2012-10-29] ()
S4 Disc Soft Bus Service; D:\Tools\DAEMON Tools Ultra\DiscSoftBusService.exe [813328 2014-04-28] (Disc Soft Ltd)
S3 Microsoft Office Groove Audit Service; D:\Tools\Microsoft Office 2007\Office12\GrooveAuditService.exe [65824 2006-10-26] (Microsoft Corporation)
S2 SDScannerService; D:\Tools\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
S2 SDWSCService; D:\Tools\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S4 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [635160 2014-04-21] (Wacom Technology, Corp.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 androidusb; C:\Windows\System32\Drivers\androidusb.sys [36256 2009-11-13] (Google Inc) [File not signed]
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2012-08-21] ()
R3 dtscsibus; C:\Windows\System32\DRIVERS\dtscsibus.sys [29696 2014-07-08] (Disc Soft Ltd)
R3 ks2avs; C:\Windows\System32\Drivers\ks2avs.sys [359784 2012-12-18] (Native Instruments GmbH)
R3 ks2usb_svc; C:\Windows\System32\Drivers\ks2usb.sys [83816 2012-12-18] (Native Instruments GmbH)
R3 SAlphamHid; C:\Windows\System32\DRIVERS\SAlpham64.sys [39168 2014-05-27] (SteelSeries Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 GPU-Z; \??\C:\Users\kriD\AppData\Local\Temp\GPU-Z.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-06 01:30 - 2015-02-06 01:30 - 00000289 _____ () C:\Users\kriD\Desktop\Firefox Werbe-Addons installieren sich selbsständig neu - Seite 2 - Trojaner-Board.URL
2015-02-05 21:48 - 2015-02-05 21:48 - 00000626 _____ () C:\Users\kriD\Desktop\JRT.txt
2015-02-05 14:20 - 2015-02-05 14:20 - 00000000 ____D () C:\ProgramData\Browser AdBlocker
2015-02-05 14:05 - 2015-02-05 14:05 - 00038699 _____ () C:\Users\kriD\Desktop\FRST 2.txt
2015-02-05 14:05 - 2015-02-05 14:05 - 00034006 _____ () C:\Users\kriD\Desktop\Addition 2.txt
2015-02-05 14:03 - 2015-02-05 14:03 - 00004450 _____ () C:\Users\kriD\Desktop\AdwCleaner[S8].txt
2015-02-05 13:58 - 2015-02-05 13:58 - 00001063 _____ () C:\Users\kriD\Desktop\malwarebytes 2.txt
2015-02-05 11:13 - 2015-02-05 11:13 - 00017741 _____ () C:\ComboFix.txt
2015-02-05 11:04 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-02-05 11:04 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-02-05 11:04 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-02-05 11:04 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-02-05 11:04 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-02-05 11:04 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2015-02-05 11:04 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2015-02-05 11:04 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2015-02-05 11:02 - 2015-02-05 11:13 - 00000000 ____D () C:\Qoobox
2015-02-05 11:02 - 2015-02-05 11:07 - 00000000 ____D () C:\Windows\erdnt
2015-02-03 22:31 - 2015-02-05 12:43 - 00000000 ____D () C:\Users\kriD\Desktop\trojaner board
2015-02-03 21:37 - 2015-02-03 21:37 - 00031106 _____ () C:\Users\kriD\Downloads\Addition.txt
2015-02-03 21:36 - 2015-02-06 10:18 - 00000000 ____D () C:\FRST
2015-02-03 21:36 - 2015-02-03 21:37 - 00039645 _____ () C:\Users\kriD\Downloads\FRST.txt
2015-02-03 21:35 - 2015-02-03 21:36 - 02131456 _____ (Farbar) C:\Users\kriD\Downloads\FRST64.exe
2015-02-03 14:06 - 2015-02-03 14:06 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-02-03 13:41 - 2015-02-03 13:41 - 00000000 ____D () C:\Program Files (x86)\Facebook Chat Platinum
2015-02-02 22:00 - 2015-02-02 22:00 - 00000000 ____D () C:\Users\kriD\Documents\ProcAlyzer Dumps
2015-02-02 22:00 - 2015-02-02 22:00 - 00000000 ____D () C:\Program Files (x86)\NBA Live News
2015-02-02 21:38 - 2015-02-02 21:40 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-02-02 21:38 - 2015-02-02 21:38 - 00000957 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2015-02-02 21:38 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2015-02-02 20:58 - 2015-02-02 20:58 - 00000000 ____D () C:\Program Files (x86)\Fuskr
2015-02-02 18:03 - 2014-10-18 03:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2015-02-02 18:03 - 2014-10-18 02:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2015-02-02 18:03 - 2014-07-07 03:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2015-02-02 18:03 - 2014-07-07 03:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2015-02-02 18:03 - 2014-07-07 03:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2015-02-02 18:03 - 2014-07-07 03:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2015-02-02 18:03 - 2014-07-07 02:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2015-02-02 18:03 - 2014-07-07 02:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2015-02-02 18:03 - 2014-07-07 02:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2015-02-02 18:03 - 2014-07-07 02:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2015-02-02 18:01 - 2014-11-27 02:43 - 00389296 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-02-02 18:01 - 2014-11-27 02:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-02-02 18:01 - 2014-11-22 04:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-02-02 18:01 - 2014-11-22 04:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-02-02 18:01 - 2014-11-22 03:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-02-02 18:01 - 2014-11-22 03:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-02 18:01 - 2014-11-22 03:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-02-02 18:01 - 2014-11-22 03:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-02-02 18:01 - 2014-11-22 03:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-02-02 18:01 - 2014-11-22 03:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-02-02 18:01 - 2014-11-22 03:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-02-02 18:01 - 2014-11-22 03:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-02-02 18:01 - 2014-11-22 03:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-02-02 18:01 - 2014-11-22 03:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-02-02 18:01 - 2014-11-22 03:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-02-02 18:01 - 2014-11-22 03:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-02-02 18:01 - 2014-11-22 03:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-02-02 18:01 - 2014-11-22 03:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-02-02 18:01 - 2014-11-22 02:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-02-02 18:01 - 2014-11-22 02:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-02-02 18:01 - 2014-11-22 02:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-02-02 18:01 - 2014-11-22 02:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-02-02 18:01 - 2014-11-22 02:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-02-02 18:01 - 2014-11-22 02:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-02 18:01 - 2014-11-22 02:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-02-02 18:01 - 2014-11-22 02:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-02 18:01 - 2014-11-22 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-02-02 18:01 - 2014-11-22 02:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-02-02 18:01 - 2014-11-22 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-02-02 18:01 - 2014-11-22 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-02-02 18:01 - 2014-11-22 02:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-02-02 18:01 - 2014-11-22 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-02-02 18:01 - 2014-11-22 02:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-02-02 18:01 - 2014-11-22 02:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-02-02 18:01 - 2014-11-22 02:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-02 18:01 - 2014-11-22 02:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-02-02 18:01 - 2014-11-22 02:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-02-02 18:01 - 2014-11-22 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-02-02 18:01 - 2014-11-22 01:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-02-02 18:00 - 2014-11-22 04:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-02 18:00 - 2014-11-22 03:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-02 18:00 - 2014-11-22 03:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-02-02 18:00 - 2014-11-22 03:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-02-02 18:00 - 2014-11-22 03:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-02-02 18:00 - 2014-11-22 03:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-02-02 18:00 - 2014-11-22 03:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-02 18:00 - 2014-11-22 03:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-02-02 18:00 - 2014-11-22 03:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-02 18:00 - 2014-11-22 03:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-02-02 18:00 - 2014-11-22 03:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-02 18:00 - 2014-11-22 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-02-02 18:00 - 2014-11-22 02:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-02-02 18:00 - 2014-11-22 02:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-02 18:00 - 2014-11-22 02:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-02-02 18:00 - 2014-11-22 02:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-02 18:00 - 2014-11-22 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-02-02 17:59 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-02-02 17:59 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-02-02 17:59 - 2014-12-12 06:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-02-02 17:59 - 2014-12-12 06:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-02-02 17:59 - 2014-12-12 06:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-02-02 17:59 - 2014-12-12 06:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-02-02 17:59 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-02-02 17:59 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-02-02 17:59 - 2014-12-12 06:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-02-02 17:59 - 2014-12-11 18:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-02-02 17:59 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-02-02 17:59 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-02-02 17:59 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-02-02 17:59 - 2014-11-11 04:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-02 17:59 - 2014-11-11 04:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-02-02 17:59 - 2014-11-11 04:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2015-02-02 17:59 - 2014-11-11 03:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-02-02 17:59 - 2014-11-11 03:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-02-02 17:59 - 2014-11-11 03:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2015-02-02 17:59 - 2014-11-11 02:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2015-02-02 17:59 - 2014-11-08 04:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2015-02-02 17:59 - 2014-11-08 03:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2015-02-02 17:59 - 2014-10-30 03:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2015-02-02 17:59 - 2014-10-30 02:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe
2015-02-02 17:59 - 2014-10-14 03:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-02-02 17:59 - 2014-10-14 03:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2015-02-02 17:59 - 2014-10-14 03:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-02-02 17:59 - 2014-10-14 03:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-02-02 17:59 - 2014-10-14 03:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-02-02 17:59 - 2014-10-14 02:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-02-02 17:59 - 2014-10-14 02:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-02-02 17:59 - 2014-10-14 02:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-02-02 17:59 - 2014-10-14 02:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-02-02 17:59 - 2014-10-03 03:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2015-02-02 17:59 - 2014-10-03 03:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-02-02 17:59 - 2014-10-03 03:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2015-02-02 17:59 - 2014-10-03 03:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2015-02-02 17:59 - 2014-10-03 03:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2015-02-02 17:59 - 2014-10-03 03:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-02-02 17:59 - 2014-10-03 03:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-02-02 17:59 - 2014-10-03 03:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-02-02 17:59 - 2014-10-03 03:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-02-02 17:59 - 2014-10-03 03:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2015-02-02 17:59 - 2014-10-03 02:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2015-02-02 17:59 - 2014-10-03 02:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
2015-02-02 17:59 - 2014-10-03 02:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2015-02-02 17:59 - 2014-10-03 02:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2015-02-02 17:59 - 2014-10-03 02:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2015-02-02 17:59 - 2014-10-03 02:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2015-02-02 17:59 - 2014-10-03 02:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
2015-02-02 17:59 - 2014-10-03 02:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2015-02-02 17:59 - 2014-09-19 10:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-02-02 17:59 - 2014-09-19 10:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-02-02 17:59 - 2014-09-19 10:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-02-02 17:59 - 2014-09-19 10:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-02-02 17:59 - 2014-09-19 10:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-02-02 17:59 - 2014-09-19 10:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-02-02 17:59 - 2014-09-19 10:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-02-02 17:59 - 2014-09-19 10:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-02-02 17:59 - 2014-09-19 10:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-02-02 17:59 - 2014-09-19 10:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-02-02 17:59 - 2014-09-19 10:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-02-02 17:59 - 2014-09-19 10:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-02-02 17:59 - 2014-08-21 07:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-02-02 17:59 - 2014-08-21 07:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-02-02 17:59 - 2014-08-21 07:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-02-02 17:59 - 2014-08-21 07:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-02-02 17:59 - 2014-08-12 03:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2015-02-02 17:59 - 2014-08-12 02:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2015-02-02 17:58 - 2014-10-25 02:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2015-02-02 17:58 - 2014-10-25 02:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2015-02-02 17:58 - 2014-10-18 03:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-02 17:58 - 2014-10-18 02:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-02-02 17:58 - 2014-10-14 03:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-02-02 17:58 - 2014-10-14 02:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2015-02-02 17:58 - 2014-10-10 01:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-02 17:39 - 2015-02-02 17:39 - 00000703 _____ () C:\Users\kriD\Desktop\Revo Uninstaller.lnk
2015-02-02 10:16 - 2015-02-02 10:16 - 00000262 _____ () C:\Users\kriD\Desktop\Video Downloader entfernen - Trojaner-Board.URL
2015-02-02 10:14 - 2015-02-02 10:14 - 00000000 ____D () C:\Program Files (x86)\Download Button
2015-02-01 21:14 - 2015-02-01 21:14 - 00000000 ____D () C:\Program Files (x86)\DubLi Toolbar
2015-02-01 12:54 - 2015-02-01 12:54 - 00000000 ____D () C:\Program Files (x86)\Tab Resize split screen layouts
2015-01-31 20:59 - 2015-01-31 20:59 - 00000000 ____D () C:\Program Files (x86)\Fairy Tail Fighting
2015-01-30 12:11 - 2015-01-30 12:11 - 00000260 _____ () C:\Users\kriD\Desktop\CouponDropDown entfernen - Trojaner-Board.URL
2015-01-30 12:11 - 2015-01-30 12:11 - 00000000 ____D () C:\Windows\ERUNT
2015-01-30 12:03 - 2015-02-02 21:28 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-01-30 12:02 - 2015-02-04 20:24 - 00000000 ____D () C:\Users\kriD\Desktop\mbar
2015-01-30 11:37 - 2015-01-30 11:37 - 00000000 ____D () C:\Program Files (x86)\UGamesFree
2015-01-30 10:33 - 2015-01-30 10:33 - 00000000 ____D () C:\Program Files (x86)\Extreme User Agent Switcher
2015-01-29 10:43 - 2015-01-29 10:43 - 00000000 ____D () C:\Program Files (x86)\MetaProducts Offline Explorer integration
2015-01-29 10:15 - 2015-01-29 10:15 - 00000242 _____ () C:\Users\kriD\Desktop\how do i remove ads by coupon drop down from my browser i never installed it and it is not an add-on. it is not in my addrem.URL
2015-01-29 09:50 - 2015-01-29 10:21 - 00000000 ____D () C:\Program Files (x86)\Emotee
2015-01-29 03:04 - 2015-02-05 13:53 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-29 02:53 - 2015-02-02 20:39 - 00097496 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-29 02:53 - 2015-01-29 02:53 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-29 02:53 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-01-29 02:53 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-01-28 12:29 - 2015-02-05 13:59 - 00000000 ____D () C:\AdwCleaner
2015-01-27 00:05 - 2015-01-27 00:05 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-24 22:23 - 2015-01-24 22:23 - 00000244 _____ () C:\Users\kriD\Desktop\Alfie Utility - Utility CaseGlassesPens.URL
2015-01-24 22:23 - 2015-01-24 22:23 - 00000233 _____ () C:\Users\kriD\Desktop\Pinterest.URL
2015-01-24 16:54 - 2015-01-24 20:52 - 01207492 _____ () C:\Users\kriD\Desktop\cutting pattern initial signs.psd
2015-01-20 21:06 - 2015-01-20 21:06 - 635104812 _____ () C:\Users\kriD\Desktop\IloveMUSIC wallpaper.psd
2015-01-18 19:31 - 2015-01-18 22:04 - 07454907 _____ () C:\Users\kriD\Desktop\handy cover cutting pattern.psd
2015-01-16 21:48 - 2015-01-20 21:24 - 12562263 _____ () C:\Users\kriD\Desktop\cutting pattern small wallet leo disassembled.psd
2015-01-16 19:51 - 2015-01-16 19:51 - 00897534 _____ () C:\Users\kriD\Desktop\button scribble.psd
2015-01-15 21:01 - 2015-01-23 20:51 - 12467407 _____ () C:\Users\kriD\Desktop\cutting pattern small wallet leo.psd
2015-01-15 01:59 - 2015-01-15 01:59 - 110381935 _____ () C:\Users\kriD\Desktop\wallpaper organic.psd
2015-01-13 21:58 - 2015-01-13 21:58 - 00000247 _____ () C:\Users\kriD\Desktop\Ring Belts.URL
2015-01-13 21:57 - 2015-01-13 21:57 - 00000273 _____ () C:\Users\kriD\Desktop\CoRLection Santa Rosa by HTC Ying Yang Double Ring belt.URL
2015-01-10 20:14 - 2015-01-11 03:41 - 00000000 ____D () C:\Program Files (x86)\SystemHero
2015-01-08 17:33 - 2015-01-08 17:33 - 00000427 _____ () C:\Users\kriD\Desktop\TomorrowLand 2015 - Be part of the madness.URL
2015-01-08 00:29 - 2015-01-08 00:29 - 00000132 _____ () C:\Users\kriD\AppData\Roaming\Adobe AIFF Format CS5 Prefs

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-06 08:31 - 2014-12-08 20:54 - 00000000 ____D () C:\Users\kriD\Documents\AirDroid
2015-02-06 04:27 - 2014-07-06 10:36 - 01375214 _____ () C:\Windows\WindowsUpdate.log
2015-02-05 14:07 - 2009-07-14 05:50 - 00019920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-05 14:07 - 2009-07-14 05:50 - 00019920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-05 14:06 - 2011-04-12 09:14 - 00699092 _____ () C:\Windows\system32\perfh007.dat
2015-02-05 14:06 - 2011-04-12 09:14 - 00149232 _____ () C:\Windows\system32\perfc007.dat
2015-02-05 14:06 - 2009-07-14 06:12 - 01619284 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-05 14:00 - 2014-07-14 09:47 - 00000000 ____D () C:\Users\kriD\AppData\Roaming\Dropbox
2015-02-05 14:00 - 2010-11-21 04:47 - 00030412 _____ () C:\Windows\PFRO.log
2015-02-05 14:00 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-05 14:00 - 2009-07-14 05:56 - 00112345 _____ () C:\Windows\setupact.log
2015-02-05 11:12 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2015-02-05 11:08 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default
2015-02-05 11:07 - 2014-07-07 12:50 - 00000000 ____D () C:\Users\kriD\AppData\Local\Adobe
2015-02-05 10:28 - 2014-07-08 18:19 - 00000000 ____D () C:\Users\kriD\AppData\Roaming\foobar2000
2015-02-04 02:11 - 2014-08-10 22:02 - 00000000 ____D () C:\Users\kriD\AppData\Roaming\Mumble
2015-02-04 00:28 - 2014-07-07 08:09 - 00000000 ____D () C:\Program Files (x86)\Heroes of Newerth
2015-02-03 13:51 - 2015-01-05 12:06 - 00000000 ____D () C:\Users\kriD\Desktop\Alte Firefox-Daten
2015-02-03 13:36 - 2014-07-06 11:17 - 00000000 ____D () C:\Windows\pss
2015-02-02 21:07 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2015-02-02 20:35 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\schemas
2015-02-02 20:24 - 2009-07-14 05:50 - 04970744 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-02 20:24 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-02-02 18:03 - 2014-07-06 12:42 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-02 10:20 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\Cursors
2015-01-30 11:17 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\Vss
2015-01-29 09:29 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\security
2015-01-28 13:07 - 2014-07-07 07:49 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-28 13:07 - 2014-07-07 07:49 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-28 11:50 - 2014-07-30 20:31 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-27 10:12 - 2014-10-21 00:51 - 00010508 _____ () C:\Users\kriD\Desktop\Leder.xlsx
2015-01-21 01:37 - 2014-09-23 21:34 - 00000000 ____D () C:\Users\kriD\AppData\Roaming\TS3Client
2015-01-20 16:42 - 2014-08-20 09:40 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-01-15 03:32 - 2014-08-28 21:41 - 00000132 _____ () C:\Users\kriD\AppData\Roaming\Adobe PNG Format CS5 Prefs
2015-01-14 22:17 - 2014-07-06 13:14 - 00000000 ____D () C:\Users\kriD\AppData\Roaming\Adobe
2015-01-12 11:58 - 2014-10-16 19:00 - 00000000 ____D () C:\Users\kriD\Desktop\Homepage Bilder

==================== Files in the root of some directories =======

2015-01-08 00:29 - 2015-01-08 00:29 - 0000132 _____ () C:\Users\kriD\AppData\Roaming\Adobe AIFF Format CS5 Prefs
2014-08-28 21:41 - 2015-01-15 03:32 - 0000132 _____ () C:\Users\kriD\AppData\Roaming\Adobe PNG Format CS5 Prefs

Some content of TEMP:
====================
C:\Users\kriD\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpo3h7v6.dll
C:\Users\kriD\AppData\Local\Temp\Quarantine.exe
C:\Users\kriD\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-03 21:32

==================== End Of Log ============================
         
--- --- ---


und Addition.txt:
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-02-2015 01
Ran by kriD at 2015-02-06 10:19:06
Running from E:\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Disabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.3.9120 - Adobe Systems Inc.)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.0.0.400 - Adobe Systems Incorporated)
Adobe Creative Suite 5 Master Collection (HKLM-x32\...\{1BBD8D70-721A-41AD-AC8F-7308A0C8FA92}) (Version: 5.0 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.296 - Adobe Systems Incorporated)
Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
AirDroid 3.0.1 (HKLM-x32\...\AirDroid) (Version: 3.0.1 - Sand Studio)
AMD Catalyst Install Manager (HKLM\...\{6119B3A6-3603-9695-0398-CDF2AF0A13F8}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
ArcaniA – Gothic 4 (HKLM-x32\...\Steam App 39690) (Version:  - Spellbound Studios)
Browser AdBlocker (HKLM-x32\...\{37476589-E48E-439E-A706-56189E2ED4C4}_is1) (Version:  - Browser AdBlocker) <==== ATTENTION
Citavi 4 (HKLM-x32\...\{CC0A85B2-734A-45B3-B678-05F6A6499AC7}) (Version: 4.4.0.28 - Swiss Academic Software)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
DAEMON Tools Ultra (HKLM-x32\...\DAEMON Tools Ultra) (Version: 2.3.0.0254 - Disc Soft Ltd)
Dota 2 (HKLM-x32\...\Steam App 570) (Version:  - Valve)
Dropbox (HKU\S-1-5-21-2803228219-286040756-942108547-1000\...\Dropbox) (Version: 3.0.3 - Dropbox, Inc.)
EViews 7 (HKLM-x32\...\{6A5AEDA0-3B9E-4006-90A7-E78779951A43}) (Version:  - )
EViews 7 (HKLM-x32\...\{B68FC32E-D58F-4B74-A838-B265BF40A445}) (Version:  - )
EViews 7.1 Documentation (HKLM-x32\...\{A6B1D5D2-2CB1-4FBC-B3AA-BEC656406215}) (Version:  - )
foobar2000 v1.3.2 (HKLM-x32\...\foobar2000) (Version: 1.3.2 - Peter Pawlowski)
Heroes of Newerth (HKLM-x32\...\hon) (Version: 2.3.0 - S2 Games)
Logitech Gaming Software 8.55 (HKLM\...\Logitech Gaming Software) (Version: 8.55.137 - Logitech Inc.)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Mozilla Firefox 35.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 de)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.0 - Mozilla)
Mozilla Thunderbird 31.4.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 31.4.0 (x86 de)) (Version: 31.4.0 - Mozilla)
Mumble 1.2.8 (HKLM-x32\...\{1BC144A3-20EF-49DD-8EBB-E421E128E30F}) (Version: 1.2.8 - Thorvald Natvig)
Native Instruments Audio 2 DJ Driver (HKLM-x32\...\Native Instruments Audio 2 DJ Driver) (Version:  - Native Instruments)
Native Instruments Controller Editor (HKLM-x32\...\Native Instruments Controller Editor) (Version: 1.7.0.150 - Native Instruments)
Native Instruments Service Center (HKLM-x32\...\Native Instruments Service Center) (Version: 2.5.2.1549 - Native Instruments)
Native Instruments Traktor 2 (HKLM-x32\...\Native Instruments Traktor 2) (Version: 2.6.8.382 - Native Instruments)
Native Instruments Traktor Kontrol S2 Driver (HKLM-x32\...\Native Instruments Traktor Kontrol S2 Driver) (Version:  - Native Instruments)
Natural Selection 2 (HKLM-x32\...\Steam App 4920) (Version:  - Unknown Worlds Entertainment)
NVIDIA PhysX (HKLM-x32\...\{80407BA7-7763-4395-AB98-5233F1B34E65}) (Version: 9.13.1220 - NVIDIA Corporation)
ObjectDock Plus (HKLM-x32\...\ObjectDock Plus2.01) (Version: 2.01 - Stardock Corporation)
PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
PureSync (x32 Version: 3.8.0 - Jumping Bytes) Hidden
PureSync 3.8.0 (HKLM-x32\...\PureSync) (Version: 3.8.0 - Jumping Bytes)
Rainmeter (HKLM-x32\...\Rainmeter) (Version: 3.1 r2290 - )
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.67.1226.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6782 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Risen 3 - Titan Lords (HKLM-x32\...\Steam App 249230) (Version:  - Piranha Bytes)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version:  - )
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
SteelSeries Engine (HKLM\...\SteelSeries Engine) (Version: 2.8.450.22786 - SteelSeries)
Strife (HKLM-x32\...\Strife) (Version:  - S2 Games)
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version:  - Valve)
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
Telegram Desktop version 0.7.10 (HKU\S-1-5-21-2803228219-286040756-942108547-1000\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 0.7.10 - Telegram Messenger LLP)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
Wacom Tablett (HKLM\...\Wacom Tablet Driver) (Version: 6.3.8-4 - Wacom Technology Corp.)
WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2803228219-286040756-942108547-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\kriD\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2803228219-286040756-942108547-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\kriD\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2803228219-286040756-942108547-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\kriD\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2803228219-286040756-942108547-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\kriD\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2803228219-286040756-942108547-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\kriD\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2803228219-286040756-942108547-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\kriD\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2803228219-286040756-942108547-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\kriD\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2803228219-286040756-942108547-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\kriD\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2803228219-286040756-942108547-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\kriD\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

==================== Restore Points  =========================

30-01-2015 14:08:57 Geplanter Prüfpunkt
02-02-2015 18:01:25 Windows Update
02-02-2015 20:26:51 Revo Uninstaller's restore point - CheeapMe
02-02-2015 20:28:07 Revo Uninstaller's restore point - DiscoountuEExTensi
02-02-2015 20:28:40 Revo Uninstaller's restore point - DuigiiSAver
02-02-2015 20:29:08 Windows Defender Checkpoint
02-02-2015 20:29:40 Revo Uninstaller's restore point - ExstiraSavings
02-02-2015 20:30:34 Revo Uninstaller's restore point - Redirect Path
05-02-2015 10:55:23 Revo Uninstaller's restore point - DisocoUntExttensi
05-02-2015 10:56:19 Revo Uninstaller's restore point - Dr.Web Anti-Virus Link Checker
05-02-2015 10:57:00 Revo Uninstaller's restore point - ShooppDroop
05-02-2015 10:57:48 Revo Uninstaller's restore point - Extreme Blocker
05-02-2015 10:58:31 Revo Uninstaller's restore point - Isaavaeeri
05-02-2015 10:58:58 Revo Uninstaller's restore point - JoNiCoupon
05-02-2015 10:59:22 Revo Uninstaller's restore point - Panel View for Play Music
05-02-2015 10:59:49 Revo Uninstaller's restore point - DigiCouPOnn
05-02-2015 11:00:16 Revo Uninstaller's restore point - DigiSaveR
05-02-2015 11:00:38 Revo Uninstaller's restore point - EneJoayCooupoN
05-02-2015 11:01:03 Revo Uninstaller's restore point - SimpleClear

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2015-02-05 11:07 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {8003F45B-C700-4A6B-846B-EE120783A444} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {A592B856-120F-4870-8A38-A6F2904913E4} - System32\Tasks\Microsoft\Windows\TabletPC\InputPersonalization => C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe [2009-07-14] (Microsoft Corporation)

==================== Loaded Modules (whitelisted) ==============

2014-07-28 19:29 - 2014-07-28 19:29 - 00866584 _____ () C:\Program Files\Logitech Gaming Software\libGLESv2.dll
2014-07-28 19:32 - 2014-07-28 19:32 - 01050904 _____ () C:\Program Files\Logitech Gaming Software\platforms\qwindows.dll
2014-07-28 19:29 - 2014-07-28 19:29 - 00059160 _____ () C:\Program Files\Logitech Gaming Software\libEGL.dll
2014-07-28 19:31 - 2014-07-28 19:31 - 00242456 _____ () C:\Program Files\Logitech Gaming Software\imageformats\qjpeg.dll
2014-06-26 19:39 - 2014-06-26 19:39 - 00504832 _____ () D:\Tools\SteelSeries Engine\SSEngineLib.dll
2014-06-26 19:39 - 2014-06-26 19:39 - 09315328 _____ () D:\Tools\SteelSeries Engine\SSEngineWinGui.dll
2014-06-26 19:39 - 2014-06-26 19:39 - 00015872 _____ () D:\Tools\SteelSeries Engine\Localization.dll
2014-06-26 19:39 - 2014-06-26 19:39 - 00011264 _____ () D:\Tools\SteelSeries Engine\ISSPlugin.dll
2014-06-26 19:39 - 2014-06-26 19:39 - 00011264 _____ () D:\Tools\SteelSeries Engine\Utilities.dll
2014-06-26 19:39 - 2014-06-26 19:39 - 00115200 _____ () D:\Tools\SteelSeries Engine\DriverCommunication.dll
2014-05-16 16:57 - 2014-05-16 16:57 - 00047616 _____ () D:\Tools\SteelSeries Engine\SteelSeriesDrivers\x2api.dll
2014-06-26 19:39 - 2014-06-26 19:39 - 00034304 _____ () D:\Tools\SteelSeries Engine\DBUtils.dll
2014-05-16 16:57 - 2014-05-16 16:57 - 01102336 _____ () D:\Tools\SteelSeries Engine\System.Data.SQLite.dll
2014-06-26 19:39 - 2014-06-26 19:39 - 00189440 _____ () D:\Tools\SteelSeries Engine\MousePlugin.dll
2014-06-26 19:39 - 2014-06-26 19:39 - 00030720 _____ () D:\Tools\SteelSeries Engine\D3MousePlugin.dll
2014-06-26 19:39 - 2014-06-26 19:39 - 00031744 _____ () D:\Tools\SteelSeries Engine\KKMousePlugin.dll
2014-06-26 19:39 - 2014-06-26 19:39 - 00030720 _____ () D:\Tools\SteelSeries Engine\SRawPlugin.dll
2014-06-26 19:39 - 2014-06-26 19:39 - 00159744 _____ () D:\Tools\SteelSeries Engine\MLGSenseiPlugin.dll
2014-06-26 19:39 - 2014-06-26 19:39 - 00020992 _____ () D:\Tools\SteelSeries Engine\WoWGoldPlugin.dll
2014-06-26 19:39 - 2014-06-26 19:39 - 00030720 _____ () D:\Tools\SteelSeries Engine\GW2MousePlugin.dll
2014-06-26 19:39 - 2014-06-26 19:39 - 00029696 _____ () D:\Tools\SteelSeries Engine\CSGOMousePlugin.dll
2014-06-26 19:39 - 2014-06-26 19:39 - 00030208 _____ () D:\Tools\SteelSeries Engine\DOTA2MousePlugin.dll
2014-06-26 19:39 - 2014-06-26 19:39 - 00023040 _____ () D:\Tools\SteelSeries Engine\WoWWirelessPlugin.dll
2014-06-26 19:39 - 2014-06-26 19:39 - 00030720 _____ () D:\Tools\SteelSeries Engine\CODMousePlugin.dll
2014-06-26 19:39 - 2014-06-26 19:39 - 00030208 _____ () D:\Tools\SteelSeries Engine\WoTMousePlugin.dll
2014-05-25 15:18 - 2014-05-25 15:18 - 00036536 _____ () D:\Tools\Rainmeter\Rainmeter.exe
2014-05-25 15:18 - 2014-05-25 15:18 - 00747192 _____ () D:\Tools\Rainmeter\Rainmeter.dll
2014-05-25 15:17 - 2014-05-25 15:17 - 00019968 _____ () D:\Tools\Rainmeter\Plugins\SysInfo.dll
2014-05-25 15:17 - 2014-05-25 15:17 - 00056832 _____ () D:\Tools\Rainmeter\Plugins\WebParser.dll
2014-08-04 18:37 - 2014-04-21 23:30 - 01356568 _____ () C:\Program Files\Tablet\Wacom\libxml2.dll
2014-03-19 14:18 - 2015-01-27 21:08 - 00630784 _____ () D:\Tools\Airdroid\System.Data.SQLite.dll
2014-10-22 01:22 - 2014-10-22 01:22 - 00750080 _____ () C:\Users\kriD\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-02-05 14:00 - 2015-02-05 14:00 - 00043008 _____ () c:\users\krid\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpo3h7v6.dll
2014-10-22 01:22 - 2014-10-22 01:22 - 00047616 _____ () C:\Users\kriD\AppData\Roaming\Dropbox\bin\libEGL.dll
2014-10-22 01:22 - 2014-10-22 01:22 - 00863744 _____ () C:\Users\kriD\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2014-10-22 01:22 - 2014-10-22 01:22 - 00200704 _____ () C:\Users\kriD\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2013-05-04 12:57 - 2013-05-04 12:57 - 00095712 _____ () D:\Tools\foobar2000\zlib1.dll
2014-04-11 10:51 - 2014-04-11 10:51 - 00156624 _____ () D:\Tools\foobar2000\shared.dll
2014-04-11 10:49 - 2014-04-11 10:49 - 00199680 _____ () D:\Tools\foobar2000\components\foo_dsp_std.dll
2014-04-11 10:48 - 2014-04-11 10:48 - 00173056 _____ () D:\Tools\foobar2000\components\foo_unpack.dll
2014-04-11 10:51 - 2014-04-11 10:51 - 01391080 _____ () D:\Tools\foobar2000\components\foo_input_std.dll
2014-04-11 10:49 - 2014-04-11 10:49 - 00304640 _____ () D:\Tools\foobar2000\components\foo_cdda.dll
2014-04-11 10:49 - 2014-04-11 10:49 - 00501248 _____ () D:\Tools\foobar2000\components\foo_converter.dll
2014-04-11 10:49 - 2014-04-11 10:49 - 00350720 _____ () D:\Tools\foobar2000\components\foo_albumlist.dll
2014-04-11 10:49 - 2014-04-11 10:49 - 00285696 _____ () D:\Tools\foobar2000\components\foo_fileops.dll
2014-04-11 10:49 - 2014-04-11 10:49 - 00199168 _____ () D:\Tools\foobar2000\components\foo_dsp_eq.dll
2014-04-11 10:49 - 2014-04-11 10:49 - 00299520 _____ () D:\Tools\foobar2000\components\foo_freedb2.dll
2014-04-11 10:51 - 2014-04-11 10:51 - 00945128 _____ () D:\Tools\foobar2000\components\foo_ui_std.dll
2014-04-11 10:49 - 2014-04-11 10:49 - 00353280 _____ () D:\Tools\foobar2000\components\foo_rgscan.dll
2015-01-14 14:48 - 2015-01-14 14:48 - 03347056 _____ () D:\Tools\Thunderbird\mozjs.dll
2015-01-14 14:48 - 2015-01-14 14:48 - 00158832 _____ () D:\Tools\Thunderbird\NSLDAP32V60.dll
2015-01-14 14:48 - 2015-01-14 14:48 - 00023152 _____ () D:\Tools\Thunderbird\NSLDAPPR32V60.dll
2015-01-27 00:05 - 2015-01-27 00:05 - 03925104 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2015-01-28 13:07 - 2015-01-28 13:07 - 16844976 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Registry Areas =====================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2803228219-286040756-942108547-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\kriD\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: asComSvc => 2
MSCONFIG\Services: Disc Soft Bus Service => 3
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: SwitchBoard => 3
MSCONFIG\startupfolder: C:^Users^kriD^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^debug.nfo => C:\Windows\pss\debug.nfo.Startup
MSCONFIG\startupfolder: C:^Users^kriD^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^foobar2000.lnk => C:\Windows\pss\foobar2000.lnk.Startup
MSCONFIG\startupfolder: C:^Users^kriD^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^speedfan.exe => C:\Windows\pss\speedfan.exe.Startup
MSCONFIG\startupfolder: C:^Users^kriD^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^speedfanevents.cfg => C:\Windows\pss\speedfanevents.cfg.Startup
MSCONFIG\startupfolder: C:^Users^kriD^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^speedfanparams.cfg => C:\Windows\pss\speedfanparams.cfg.Startup
MSCONFIG\startupfolder: C:^Users^kriD^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^speedfansens.cfg => C:\Windows\pss\speedfansens.cfg.Startup
MSCONFIG\startupfolder: C:^Users^kriD^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Stardock ObjectDock.lnk => C:\Windows\pss\Stardock ObjectDock.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: AdobeCS5ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: AirDroid 3 => D:\Tools\Airdroid\AirDroid.exe /start
MSCONFIG\startupreg: DAEMON Tools Ultra Agent => "D:\Tools\DAEMON Tools Ultra\DTAgent.exe" -autorun
MSCONFIG\startupreg: GrooveMonitor => "D:\Tools\Microsoft Office 2007\Office12\GrooveMonitor.exe"
MSCONFIG\startupreg: RTHDVCPL => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
MSCONFIG\startupreg: SDTray => "D:\Tools\Spybot - Search & Destroy 2\SDTray.exe"
MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
MSCONFIG\startupreg: SwitchBoard => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

==================== Accounts: =============================

Administrator (S-1-5-21-2803228219-286040756-942108547-500 - Administrator - Disabled)
Gast (S-1-5-21-2803228219-286040756-942108547-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-2803228219-286040756-942108547-1002 - Limited - Enabled)
kriD (S-1-5-21-2803228219-286040756-942108547-1000 - Administrator - Enabled) => C:\Users\kriD

==================== Faulty Device Manager Devices =============

Name: USB (Universal Serial Bus)-Controller
Description: USB (Universal Serial Bus)-Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Audiocontroller für Multimedia
Description: Audiocontroller für Multimedia
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (02/06/2015 07:12:30 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (02/06/2015 07:12:23 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig.

Error: (02/06/2015 01:30:55 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.


System errors:
=============

Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2015-02-05 11:07:17.522
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume4\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-02-05 11:07:17.488
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume4\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info =========================== 

Processor: Intel(R) Xeon(R) CPU E3-1231 v3 @ 3.40GHz
Percentage of memory in use: 25%
Total physical RAM: 15826.73 MB
Available physical RAM: 11856.22 MB
Total Pagefile: 31651.64 MB
Available Pagefile: 28231.01 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:232.88 GB) (Free:160.58 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Programme) (Fixed) (Total:976.56 GB) (Free:908.15 GB) NTFS
Drive e: (Daten) (Fixed) (Total:2749.33 GB) (Free:1508.79 GB) NTFS
Drive f: (Backup) (Fixed) (Total:931.51 GB) (Free:853.42 GB) NTFS
Drive g: (Ex C) (Fixed) (Total:126.72 GB) (Free:14.81 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive h: (Ex E) (Fixed) (Total:338.94 GB) (Free:78.12 GB) NTFS
Drive i: (TOURO) (Fixed) (Total:931.51 GB) (Free:489.04 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: B2F52B71)
Partition 1: (Active) - (Size=232.9 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: E8900690)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (Size: 3726 GB) (Disk ID: A33D020D)

Partition: GPT Partition Type.

========================================================
Disk: 3 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 3ECC3ECC)
Partition 1: (Not Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Active) - (Size=126.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=338.9 GB) - (Type=07 NTFS)

========================================================
Disk: 4 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: CD0FD048)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         
Ich hoffe ich habs nicht versaut durch den Haken bei ESET..

LG kriD_

Antwort

Themen zu Firefox: Werbe-Addons installieren sich selbsständig neu
.dll, addon, booten, browser, cheapme, desktop, downloader, einstellungen, explorer, fehlermeldung, firefox, frage, google, helper, internet, internet explorer, junkware, langsam, launch, malware, mozilla, popup, popups, schutz, software, super, system, werbung, win32/adware.multiplug.eg, win64/adware.multiplug.f, windows, öffnet



Ähnliche Themen: Firefox: Werbe-Addons installieren sich selbsständig neu


  1. Avira lässt sich nicht installieren, Firefox macht zig Fenster auf
    Plagegeister aller Art und deren Bekämpfung - 29.03.2015 (31)
  2. avast! meldet: URL Mal - https://54.186.138.97 - firefox.exe / Firefox addons unter anderem QueenaCouppoN
    Plagegeister aller Art und deren Bekämpfung - 31.12.2014 (4)
  3. Firefox - addons verschwunden - Download Protect als Ursache?
    Plagegeister aller Art und deren Bekämpfung - 21.11.2014 (7)
  4. Windows 7 Virenscanner lässt sich nicht installieren, Firefox strartet selbstständig
    Log-Analyse und Auswertung - 11.07.2014 (9)
  5. Werbe Tabs öffnen sich in Firefox
    Plagegeister aller Art und deren Bekämpfung - 23.01.2014 (20)
  6. Werbe-PopUps öffnen sich in Firefox
    Plagegeister aller Art und deren Bekämpfung - 05.11.2013 (13)
  7. Windows 7: Weißes Popup in Firefox, OfferMosquito in Addons, anderer Startbildschirm
    Log-Analyse und Auswertung - 17.09.2013 (7)
  8. IE9 64bit und Firefox starten nicht / Firefox lässt sich nicht neu installieren
    Log-Analyse und Auswertung - 14.03.2012 (17)
  9. Firefox addons unbemerkte installation?
    Plagegeister aller Art und deren Bekämpfung - 22.01.2012 (4)
  10. Rechner meldet sich selbsständig an und ab
    Plagegeister aller Art und deren Bekämpfung - 02.11.2009 (4)
  11. Firefox lässt sich nicht downloaden und installieren
    Alles rund um Windows - 14.09.2009 (21)
  12. Firefox: Buttons + Addons funktionieren nicht mehr
    Plagegeister aller Art und deren Bekämpfung - 06.09.2009 (3)
  13. Flash Player lässt sich nicht für Firefox (nur für Opera) installieren!
    Alles rund um Windows - 06.07.2008 (1)
  14. Firefox Problem seiten öffnen sich selbsständig
    Log-Analyse und Auswertung - 26.02.2008 (6)
  15. IE macht sich selbsständig
    Log-Analyse und Auswertung - 18.12.2007 (7)
  16. Internet Explorer öffnet sich selbsständig, hängt sich auf
    Log-Analyse und Auswertung - 09.11.2007 (10)
  17. Firefox update lässt sich nicht installieren.
    Alles rund um Windows - 09.08.2007 (2)

Zum Thema Firefox: Werbe-Addons installieren sich selbsständig neu - Hallo Trojaner-Board! Ich bin neu hier und froh, dass ich diese Seite gefunden habe. Bis jetzt hatte ich (auch ohne Virenschutz) noch nie Probleme mit Viren, Trojanern, Malware oder sonstigem - Firefox: Werbe-Addons installieren sich selbsständig neu...
Archiv
Du betrachtest: Firefox: Werbe-Addons installieren sich selbsständig neu auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.