Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: pup.optional.facemoods und trojanerwarnung avg

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 25.03.2015, 13:40   #1
Tinette
 
pup.optional.facemoods und trojanerwarnung avg - Standard

pup.optional.facemoods und trojanerwarnung avg



Hallo.
Ich bin nicht sicher, wie lange das Problem besteht, heute hat mir AVG erst einmal beiläufig eine Trojanerwarnung gegeben, die bei einem zweiten Scan als geheilt galt.
Den ersten Bericht habe ich dummerweise archiviert, sprich: er ist raus aus der Liste und ich finde ihn seltsamerweise auch nicht in dem Verzeichnis, in dem er dann ja abgelegt sein müsste.


Malwarebytes hat mir dann dieses logfile präsentiert mit Funden, die es als Nicht malware eingestuft hat.
Jetzt bin ich unsicher, was ich machen soll...

Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 25.03.2015
Suchlauf-Zeit: 13:32:49
Logdatei: logfile.txt
Administrator: Ja

Version: 2.00.4.1028
Malware Datenbank: v2015.03.25.03
Rootkit Datenbank: v2015.02.25.01
Lizenz: Testversion
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows Vista Service Pack 2
CPU: x86
Dateisystem: NTFS
Benutzer: (Name)

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 334461
Verstrichene Zeit: 43 Min, 46 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Warnen
PUM: Aktiviert

(die Details und Pfade kriege ich nicht mitgespeichert...)
<?xml version="1.0" encoding="UTF-16" ?>
<mbam-log>
<header>
<date>2015/03/25 13:32:49 +0100</date>
<logfile>mbam-log-2015-03-25 (13-32-42).xml</logfile>
<isadmin>yes</isadmin>
</header>
<engine>
<version>2.00.4.1028</version>
<malware-database>v2015.03.25.03</malware-database>
<rootkit-database>v2015.02.25.01</rootkit-database>
<license>trial</license>
<file-protection>enabled</file-protection>
<web-protection>enabled</web-protection>
<self-protection>disabled</self-protection>
</engine>
<system>
<osversion>Windows Vista Service Pack 2</osversion>
<arch>x86</arch>
<username>(Name)</username>
<filesys>NTFS</filesys>
</system>
<summary>
<type>threat</type>
<result>completed</result>
<objects>334461</objects>
<time>2626</time>
<processes>0</processes>
<modules>0</modules>
<keys>4</keys>
<values>1</values>
<datas>0</datas>
<folders>0</folders>
<files>0</files>
<sectors>0</sectors>
</summary>
<options>
<memory>enabled</memory>
<startup>enabled</startup>
<filesystem>enabled</filesystem>
<archives>enabled</archives>
<rootkits>disabled</rootkits>
<deeprootkit>disabled</deeprootkit>
<heuristics>enabled</heuristics>
<pup>warn</pup>
<pum>enabled</pum>
</options>
<items>
<key><path>HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{64182481-4F71-486B-A045-B233BD0DA8FC}</path><vendor>PUP.Optional.FaceMoods.A</vendor><action></action><hash>67508ebb068437ffbae5ff2ce023d927</hash></key>
<key><path>HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{64182481-4F71-486B-A045-B233BD0DA8FC}</path><vendor>PUP.Optional.FaceMoods.A</vendor><action></action><hash>67508ebb068437ffbae5ff2ce023d927</hash></key>
<key><path>HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{DB4E9724-F518-4DFD-9C7C-78B52103CAB9}</path><vendor>PUP.Optional.FaceMoods.A</vendor><action></action><hash>eec968e19af0280e38681d0ebc4705fb</hash></key>
<key><path>HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{DB4E9724-F518-4DFD-9C7C-78B52103CAB9}</path><vendor>PUP.Optional.FaceMoods.A</vendor><action></action><hash>eec968e19af0280e38681d0ebc4705fb</hash></key>
<value><path>HKLM\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS</path><valuename>fmconverter@gmail.com</valuename><vendor>PUP.Optional.FreeMakeConverter.A</vendor><action></action><valuedata>C:\Program Files\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\</valuedata><hash>3681ea5f1773043291649f2c61a23ac6</hash></value>
</items>
</mbam-log>

Geändert von Tinette (25.03.2015 um 13:59 Uhr)

Alt 25.03.2015, 14:12   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
pup.optional.facemoods und trojanerwarnung avg - Standard

pup.optional.facemoods und trojanerwarnung avg



Hallo und

Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die mal fündig geworden?

Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs in CODE-Tags posten!
Relevant sind nur Logs der letzten 7 Tage bzw. seitdem das Problem besteht!




Zudem bitte auch ein Log mit Farbars Tool machen:

Scan mit Farbar's Recovery Scan Tool (FRST)

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)



Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit.
Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten.
Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________

__________________

Alt 25.03.2015, 14:33   #3
Tinette
 
pup.optional.facemoods und trojanerwarnung avg - Standard

pup.optional.facemoods und trojanerwarnung avg



Hallo, danke

Nein, vorher war nichts, ausser, dass er ab und zu ein bisschen lahm ist, er ist aber auch einfach sehr voll und vermüllt, weil ich keine externe Festplatte hatte um da mal aufzuräumen...

Oh - ich hab gerade das farbar recovery scantool geladen und laufen lassen - war das blöd? - ah, nee, war nicht blöd, so

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-03-2015
Ran by Jana (administrator) on JANA-PC on 25-03-2015 15:27:38
Running from C:\Users\Jana\Downloads
Loaded Profiles: Jana (Available profiles: Jana)
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgrsx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
() C:\ProgramData\Avg_Update_0215av\AVG-Secure-Search-Update_0215av.exe
() C:\Program Files\AVG Security Toolbar\AVG-Secure-Search-Update_0814tb.exe
(CyberLink Corp.) C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
(CyberLink) C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgwdsvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgnsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgemcx.exe
(Egis Technology Inc.) C:\Program Files\EgisTec\MyWinLocker 3\x86\MWLService.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApMsgFwd.exe
(Dritek System Inc.) C:\Program Files\Launch Manager\LManager.exe
(Egis Technology Inc.) C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
(Sonix) C:\Windows\vsnp2std.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgui.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdSync.exe
(AVG Secure Search) C:\Program Files\AVG Secure Search\AVG-Secure-Search-Update_JUNE2013_TB.exe
() C:\Program Files\AVG Security Toolbar\AVG-Secure-Search-Update_0814tb.exe
() C:\Users\Jana\AppData\Roaming\Avg_Update_0215av\AVG-Secure-Search-Update_0215av.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApntEx.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Hidfind.exe
(Acer Incorporated) C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTray.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgcsrvx.exe
(Microsoft Corporation) C:\Windows\System32\sdclt.exe
(Geek Software GmbH) C:\Program Files\PDF24\pdf24.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Malwarebytes Corporation) C:\Program Files\ MALWAREBYTES ANTI-MALWARE \mbamservice.exe
(Malwarebytes Corporation) C:\Program Files\ MALWAREBYTES ANTI-MALWARE \mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\ MALWAREBYTES ANTI-MALWARE \mbam.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWelcome.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [ArcadeDeluxeAgent] => C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe [156968 2009-01-21] (CyberLink Corp.)
HKLM\...\Run: [CLMLServer] => C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe [202024 2009-01-21] (CyberLink)
HKLM\...\Run: [Apoint] => C:\Program Files\Apoint2K\Apoint.exe [204800 2009-02-24] (Alps Electric Co., Ltd.)
HKLM\...\Run: [LManager] => C:\Program Files\Launch Manager\LManager.exe [1069576 2009-06-25] (Dritek System Inc.)
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe [440864 2009-06-23] (Acer Incorporated)
HKLM\...\Run: [mwlDaemon] => C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe [345384 2009-05-14] (Egis Technology Inc.)
HKLM\...\Run: [snp2std] => C:\Windows\vsnp2std.exe [344064 2007-05-10] (Sonix)
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2014\avgui.exe [5188112 2014-12-16] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-02-13] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM\...\Run: [Windows Mobile-based device management] => C:\Windows\WindowsMobile\wmdSync.exe [215552 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157480 2015-02-13] (Apple Inc.)
HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKU\S-1-5-21-2058867259-2847588522-3491946613-1000\...\Run: [AVG-Secure-Search-Update_JUNE2013_TB] => C:\Program Files\AVG Secure Search\AVG-Secure-Search-Update_JUNE2013_TB.exe [1266712 2013-06-04] (AVG Secure Search)
HKU\S-1-5-21-2058867259-2847588522-3491946613-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-2058867259-2847588522-3491946613-1000\...\Run: [AVG-Secure-Search-Update_0814tb] => C:\Program Files\AVG Security Toolbar\AVG-Secure-Search-Update_0814tb.exe [2782744 2014-08-26] ()
HKU\S-1-5-21-2058867259-2847588522-3491946613-1000\...\Run: [AVG-Secure-Search-Update_1214av] => C:\Users\Jana\AppData\Roaming\Avg_Update_1214av\AVG-Secure-Search-Update_1214av.exe /PROMPT /mid=59650494993fe9a13e2609893a9013bd-d0f9add0c8c22f6c1392a307a4e945381b0f1cb0 /CMPID=1214av
HKU\S-1-5-21-2058867259-2847588522-3491946613-1000\...\Run: [AVG-Secure-Search-Update_0215av] => C:\Users\Jana\AppData\Roaming\Avg_Update_0215av\AVG-Secure-Search-Update_0215av.exe [2794520 2015-02-17] ()
HKU\S-1-5-21-2058867259-2847588522-3491946613-1000\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKU\S-1-5-21-2058867259-2847588522-3491946613-1000\...\MountPoints2: {03dd78ff-bc64-11e0-83ba-001f169a62b2} - E:\setup.exe AUTORUN=1
HKU\S-1-5-21-2058867259-2847588522-3491946613-1000\...\MountPoints2: {360ae716-75e5-11e2-9705-001f169a62b2} - E:\setup.exe -a
HKU\S-1-5-21-2058867259-2847588522-3491946613-1000\...\MountPoints2: {d9a0688a-30cd-11e0-9745-001f169a62b2} - E:\setup.exe -a
HKU\S-1-5-21-2058867259-2847588522-3491946613-1000\...\MountPoints2: {fbb7201f-c913-11e2-9382-001f169a62b2} - F:\Startme.exe
HKU\S-1-5-21-2058867259-2847588522-3491946613-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\System32\Acer.scr [413696 2009-01-22] (Acer)
Startup: C:\Users\Jana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Jana\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jana\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jana\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jana\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files\EgisTec\MyWinLocker 3\x86\psdprotect.dll (Egis Technology Inc.)
BootExecute: autocheck autochk * sdnclean.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0809&m=aspire_5738
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0809&m=aspire_5738
HKU\S-1-5-21-2058867259-2847588522-3491946613-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2058867259-2847588522-3491946613-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0809&m=aspire_5738
HKU\S-1-5-21-2058867259-2847588522-3491946613-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://global.acer.com/
HKU\S-1-5-21-2058867259-2847588522-3491946613-1000\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com
HKU\S-1-5-21-2058867259-2847588522-3491946613-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
URLSearchHook: HKU\S-1-5-21-2058867259-2847588522-3491946613-1000 - (No Name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} -  No File
SearchScopes: HKLM -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKLM -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKU\.DEFAULT -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = 
SearchScopes: HKU\S-1-5-21-2058867259-2847588522-3491946613-1000 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE355
BHO: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} ->  No File
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-01-25] (Oracle Corporation)
BHO: Windows Live Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17] (Microsoft Corporation)
BHO: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} ->  No File
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-25] (Oracle Corporation)
Toolbar: HKLM - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} -  No File
Toolbar: HKLM - FireShot - {6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} - C:\Program Files\FireShot for Internet Explorer\fsaddin-0.98.59.dll [2014-07-25] (getfireshot.com)
Toolbar: HKU\.DEFAULT -> No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} -  No File
Toolbar: HKU\S-1-5-21-2058867259-2847588522-3491946613-1000 -> No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} -  No File
Toolbar: HKU\S-1-5-21-2058867259-2847588522-3491946613-1000 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_55-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0055-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_55-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_55-windows-i586.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -  No File []
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2007-06-09] (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Jana\AppData\Roaming\Mozilla\Firefox\Profiles\1xru579m.default-1404185215601
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_134.dll [2015-03-19] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1210150.dll [2014-03-11] (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-25] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-25] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=14.0.8051.1204 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2008-12-04] (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @Musicnotes.com/Musicnotes Viewer,version=1.18.9 -> C:\Program Files\Musicnotes\npmusicn.dll No File
FF Plugin: @Sibelius.com/Scorch Plugin,version=6.2.0.88 -> C:\Program Files\Sibelius Software\Scorch\npsibelius.dll No File
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll No File
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll No File
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2014-11-05] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2014-11-05] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2014-11-05] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2014-11-05] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2014-11-05] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPSibelius.dll [2013-03-11] ()
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\PDFNetC.dll [2010-03-31] (PDFTron Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\ScorchAxPlugin.dll [2010-04-08] ()
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\ScorchPDFWrapper.dll [2010-04-08] ()
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\avg-secure-search.xml [2014-08-25]
FF Extension: FireShot - C:\Users\Jana\AppData\Roaming\Mozilla\Firefox\Profiles\1xru579m.default-1404185215601\Extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba} [2015-02-23]
FF Extension: WOT - C:\Users\Jana\AppData\Roaming\Mozilla\Firefox\Profiles\1xru579m.default-1404185215601\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2014-07-01]
FF Extension: ZenMate Security &amp; Privacy VPN - C:\Users\Jana\AppData\Roaming\Mozilla\Firefox\Profiles\1xru579m.default-1404185215601\Extensions\firefox@zenmate.com.xpi [2014-12-04]
FF Extension: Adblock Plus - C:\Users\Jana\AppData\Roaming\Mozilla\Firefox\Profiles\1xru579m.default-1404185215601\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-07-01]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-11-26]
FF HKLM\...\Firefox\Extensions: [avg@igeared] - C:\Program Files\AVG\AVG10\Toolbar\Firefox\avg@igeared
FF HKLM\...\Firefox\Extensions: [fmconverter@gmail.com] - C:\Program Files\Freemake\Freemake Video Converter\BrowserPlugin\Firefox
FF Extension: Freemake Video Converter Plugin - C:\Program Files\Freemake\Freemake Video Converter\BrowserPlugin\Firefox [2011-11-13]
FF HKLM\...\Firefox\Extensions: [firefox@gingersoftware.2.0.0.74.com] - C:\Program Files\Ginger\Mozilla\firefox@gingersoftware.2.0.0.74.com
FF Extension: Ginger - Grammar and Spell Checker - C:\Program Files\Ginger\Mozilla\firefox@gingersoftware.2.0.0.74.com [2014-05-28]

Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [jbolfgndggfhhpbnkgnpjkfhinclbigj] - C:\Program Files\Freemake\Freemake Video Converter\BrowserPlugin\Chrome\Freemake.Plugin.Chrome.crx [2011-11-13]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVGIDSAgent; C:\Program Files\AVG\AVG2014\avgidsagent.exe [3247120 2014-12-16] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2014\avgwdsvc.exe [289328 2014-12-16] (AVG Technologies CZ, s.r.o.)
S4 CLHNService; C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [75048 2008-12-18] ()
S4 ePowerSvc; C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [707104 2009-06-23] (Acer Incorporated)
S2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [108032 2014-12-03] (Freemake) [File not signed]
R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [217088 2007-03-12] (Hewlett-Packard Co.) [File not signed]
R2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 MWLService; C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe [305448 2009-05-14] (Egis Technology Inc.)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [43520 2006-11-08] (Hewlett-Packard) [File not signed]
S4 NTI IScheduleSvc; C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [61184 2009-04-11] (NewTech Infosystems, Inc.)
S4 NTISchedulerSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [144632 2008-09-23] (NewTech Infosystems, Inc.)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53248 2006-11-08] (Hewlett-Packard) [File not signed]
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-21] (Microsoft Corporation)
S3 AVG Security Toolbar Service; C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe [X]
S2 gupdate; "C:\Program Files\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files\Google\Update\GoogleUpdate.exe" /medsvc [X]
S3 Wecsvc; %SystemRoot%\system32\wecsvc.dll [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [121624 2014-06-30] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [200984 2014-07-21] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [147736 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [21272 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [189720 2014-10-24] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [241944 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [98584 2014-10-29] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [27416 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [197400 2014-10-20] (AVG Technologies CZ, s.r.o.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2015-03-25] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-11-21] (Malwarebytes Corporation)
R1 mwlPSDFilter; C:\Windows\System32\DRIVERS\mwlPSDFilter.sys [19504 2008-12-04] (Egis Incorporated.)
R1 mwlPSDNServ; C:\Windows\System32\DRIVERS\mwlPSDNServ.sys [16432 2008-12-04] (Egis Incorporated.)
R1 mwlPSDVDisk; C:\Windows\System32\DRIVERS\mwlPSDVDisk.sys [59952 2008-12-04] (Egis Incorporated.)
S3 SNP2STD; C:\Windows\System32\DRIVERS\snp2sxp.sys [12216064 2007-09-22] ()
S3 sscdbus; C:\Windows\System32\DRIVERS\sscdbus.sys [58352 2005-08-17] (MCCI) [File not signed]
R1 StarOpen; C:\Windows\system32\Drivers\StarOpen.sys [5632 2006-07-24] () [File not signed]
S3 BTCFilterService; system32\DRIVERS\motfilt.sys [X]
S3 IntcAzAudAddService; system32\drivers\RTKVHDA.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 motccgp; system32\DRIVERS\motccgp.sys [X]
S3 motccgpfl; system32\DRIVERS\motccgpfl.sys [X]
S3 motmodem; system32\DRIVERS\motmodem.sys [X]
S3 MotoSwitchService; system32\DRIVERS\motswch.sys [X]
S3 Motousbnet; system32\DRIVERS\Motousbnet.sys [X]
S3 motusbdevice; system32\DRIVERS\motusbdevice.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-25 15:27 - 2015-03-25 15:28 - 00023861 _____ () C:\Users\Jana\Downloads\FRST.txt
2015-03-25 15:26 - 2015-03-25 15:27 - 00000000 ____D () C:\FRST
2015-03-25 15:26 - 2015-03-25 15:26 - 01135104 _____ (Farbar) C:\Users\Jana\Downloads\FRST.exe
2015-03-25 14:42 - 2015-03-25 14:18 - 00005336 _____ () C:\logfile.tab
2015-03-25 14:19 - 2015-03-25 14:19 - 00000616 _____ () C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2015-03-25 14:19 - 2015-03-25 14:19 - 00000446 _____ () C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job
2015-03-25 14:18 - 2015-03-25 14:19 - 00000644 _____ () C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job
2015-03-25 14:17 - 2015-03-25 14:17 - 00001974 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2015-03-25 14:17 - 2015-03-25 14:17 - 00001962 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2015-03-25 14:17 - 2015-03-25 14:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2015-03-25 14:17 - 2013-09-20 10:49 - 00018968 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean.exe
2015-03-25 14:16 - 2015-03-25 15:22 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2015-03-25 13:35 - 2015-03-25 13:35 - 01203488 _____ () C:\Users\Jana\Downloads\SpyBot Search Destroy - CHIP-Installer.exe
2015-03-25 13:32 - 2015-03-25 13:32 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-25 13:29 - 2015-03-25 13:29 - 00000903 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-03-25 13:29 - 2015-03-25 13:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-03-25 13:28 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-03-25 13:28 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-03-25 13:28 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-03-25 01:18 - 2015-03-25 01:18 - 00001668 _____ () C:\Users\Public\Desktop\iTunes.lnk
2015-03-25 01:18 - 2015-03-25 01:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-03-25 01:11 - 2015-03-25 01:18 - 00000000 ____D () C:\ProgramData\B0FFCDD9-5261-4e59-B29A-17A4FABDEBAB
2015-03-25 01:11 - 2015-03-25 01:17 - 00000000 ____D () C:\Program Files\iTunes
2015-03-25 01:11 - 2015-03-25 01:11 - 00000000 ____D () C:\Program Files\iPod
2015-03-25 00:54 - 2015-03-25 00:54 - 00000691 _____ () C:\Users\Jana\Downloads\Mendelssohn__Felix__Hymn__WoO_15_En - Verknüpfung.lnk
2015-03-12 03:21 - 2015-01-29 02:35 - 00369664 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-03-12 03:20 - 2015-01-29 02:35 - 00975360 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-03-12 03:19 - 2015-02-26 01:18 - 02064384 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-03-12 03:09 - 2015-02-20 03:03 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-03-12 03:09 - 2015-02-20 01:28 - 00296960 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-03-12 03:07 - 2015-02-26 03:01 - 03604408 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-03-12 03:07 - 2015-02-26 03:01 - 03552184 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-03-12 03:07 - 2015-01-21 03:02 - 00807936 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-03-12 03:07 - 2015-01-09 03:04 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-03-12 03:07 - 2015-01-09 01:18 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-03-12 03:06 - 2015-03-06 05:01 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-03-12 03:05 - 2014-10-13 02:12 - 02264064 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-03-12 03:04 - 2015-02-18 03:02 - 11587584 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-03-11 16:23 - 2015-02-21 18:37 - 12375040 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-03-11 16:23 - 2015-02-21 18:34 - 00367104 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-03-11 16:23 - 2015-02-21 18:29 - 09747968 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-03-11 16:23 - 2015-02-21 18:28 - 01810944 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-03-11 16:23 - 2015-02-21 18:22 - 01139200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-03-11 16:23 - 2015-02-21 18:21 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-03-11 16:23 - 2015-02-21 18:21 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-03-11 16:23 - 2015-02-21 18:20 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-03-11 16:23 - 2015-02-21 18:20 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-03-11 16:23 - 2015-02-21 18:19 - 01803264 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-03-11 16:23 - 2015-02-21 18:19 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-03-11 16:23 - 2015-02-21 18:19 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-03-11 16:23 - 2015-02-21 18:19 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-03-11 16:23 - 2015-02-21 18:19 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-03-11 16:23 - 2015-02-21 18:18 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-03-11 16:23 - 2015-02-21 18:18 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-03-11 16:23 - 2015-02-21 18:18 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-03-11 16:23 - 2015-02-21 18:18 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-03-11 16:23 - 2015-02-21 18:18 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-03-11 16:23 - 2015-02-21 18:18 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-03-11 16:23 - 2015-02-21 18:18 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-03-11 16:23 - 2015-02-21 18:17 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-02-27 09:27 - 2015-03-24 14:43 - 00000520 _____ () C:\Windows\Tasks\AVG_SYS_TASK_0215av.job
2015-02-27 09:27 - 2015-03-24 14:43 - 00000388 _____ () C:\Windows\Tasks\AVG_SYS_TASK_0215av_DELETE.job
2015-02-27 09:27 - 2015-02-27 09:27 - 00000000 ____D () C:\Users\Jana\AppData\Roaming\Avg_Update_0215av
2015-02-27 09:27 - 2015-02-27 09:27 - 00000000 ____D () C:\ProgramData\Avg_Update_0215av

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-25 15:23 - 2010-06-13 01:32 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-03-25 14:47 - 2009-08-05 12:02 - 01267732 _____ () C:\Windows\WindowsUpdate.log
2015-03-25 14:46 - 2012-10-12 16:12 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-25 14:46 - 2010-02-07 12:53 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-25 14:43 - 2006-11-02 13:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-25 14:43 - 2006-11-02 13:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-25 14:39 - 2011-08-18 11:04 - 00000000 ___RD () C:\Users\Jana\Dropbox
2015-03-25 13:29 - 2012-01-03 21:44 - 00000000 ____D () C:\Program Files\ MALWAREBYTES ANTI-MALWARE 
2015-03-25 13:29 - 2011-11-26 08:30 - 00000000 ____D () C:\Users\Jana\AppData\Roaming\Malwarebytes
2015-03-25 13:28 - 2011-11-26 08:30 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-03-25 13:28 - 2011-11-26 08:30 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2015-03-25 10:33 - 2011-01-03 19:25 - 00000000 ____D () C:\ProgramData\Musicnotes
2015-03-25 09:49 - 2010-11-13 14:50 - 00000000 ____D () C:\ProgramData\MFAData
2015-03-25 01:11 - 2010-12-20 19:44 - 00000000 ____D () C:\Program Files\Common Files\Apple
2015-03-25 00:58 - 2013-08-21 08:12 - 00000000 ____D () C:\Users\Jana\Documents\Noten PDF
2015-03-24 21:46 - 2010-02-07 12:53 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-24 20:29 - 2009-11-18 18:27 - 00031232 _____ () C:\Users\Jana\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-03-24 14:46 - 2011-08-18 10:58 - 00000000 ____D () C:\Users\Jana\AppData\Roaming\Dropbox
2015-03-24 14:43 - 2014-08-26 18:45 - 00000364 _____ () C:\Windows\Tasks\AVG-Secure-Search-Update_0814tb_rmv.job
2015-03-24 14:43 - 2014-08-26 18:45 - 00000364 _____ () C:\Windows\Tasks\AVG-Secure-Search-Update_0814tb_rel.job
2015-03-24 14:43 - 2013-06-04 09:09 - 00000350 _____ () C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
2015-03-24 14:43 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-24 14:42 - 2012-04-25 20:43 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-03-24 09:39 - 2006-11-02 14:01 - 00032626 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-03-23 20:11 - 2014-09-25 00:02 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-03-22 14:36 - 2014-06-28 13:54 - 00004028 _____ () C:\Windows\setupact.log
2015-03-22 07:08 - 2009-11-18 16:42 - 00000000 ____D () C:\Users\Jana
2015-03-21 11:29 - 2006-11-02 11:33 - 00006606 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-19 20:59 - 2014-06-15 17:05 - 00000000 ____D () C:\Users\Jana\AppData\Local\Adobe
2015-03-19 20:37 - 2012-04-12 05:51 - 00778928 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-03-19 20:37 - 2011-05-18 22:55 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-03-15 21:31 - 2013-04-08 10:19 - 00000000 ____D () C:\Users\Jana\Documents\Homepage
2015-03-15 21:28 - 2011-12-28 15:35 - 00014954 _____ () C:\Users\Jana\Documents\cvJana.odt
2015-03-12 03:41 - 2006-11-02 13:47 - 00353416 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-12 03:21 - 2009-03-12 04:11 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-03-12 03:19 - 2013-07-19 02:00 - 00000000 ____D () C:\Windows\system32\MRT
2015-03-12 03:10 - 2006-11-02 11:24 - 119837696 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2015-03-11 16:02 - 2011-08-18 10:58 - 00000000 ____D () C:\Users\Jana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-03-03 03:49 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\Microsoft.NET

==================== Files in the root of some directories =======

2010-07-30 21:21 - 2015-01-16 14:05 - 0020520 _____ () C:\Program Files\init.dat
2013-06-25 21:06 - 2014-06-23 06:09 - 0003728 _____ () C:\Program Files\Mozilla Firefoxavg-secure-search.xml
2014-02-10 12:30 - 2014-02-10 12:32 - 0677244 _____ () C:\Users\Jana\AppData\Roaming\Scorch_Install.log
2009-11-18 16:51 - 2010-05-21 07:03 - 0000106 _____ () C:\Users\Jana\AppData\Roaming\wklnhst.dat
2010-04-23 15:20 - 2010-04-23 15:20 - 0000552 _____ () C:\Users\Jana\AppData\Local\d3d8caps.dat
2009-11-18 22:54 - 2014-12-07 00:16 - 0007052 _____ () C:\Users\Jana\AppData\Local\d3d9caps.dat
2009-11-18 18:27 - 2015-03-24 20:29 - 0031232 _____ () C:\Users\Jana\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2010-05-09 13:31 - 2012-05-27 16:03 - 0000000 _____ () C:\Users\Jana\AppData\Local\prvlcl.dat
2009-03-12 04:26 - 2009-08-05 12:17 - 0004536 _____ () C:\ProgramData\ArcadeDeluxe2.log
2010-06-22 21:19 - 2010-06-22 21:19 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
2010-05-21 06:53 - 2010-05-21 07:02 - 0000360 _____ () C:\ProgramData\hpzinstall.log
2010-08-15 15:03 - 2010-12-20 21:06 - 0000000 _____ () C:\ProgramData\LauncherAccess.dt

Files to move or delete:
====================
C:\Users\Jana\62868_Hama Webcam Metal Pro.exe
C:\Users\Jana\setup.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-25 15:05

==================== End Of Log ============================
         
--- --- ---


Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 11-03-2015
Ran by Jana at 2015-03-25 15:29:21
Running from C:\Users\Jana\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

.NET Bildbearbeitung 2.0 (HKLM\...\{40164EEF-164E-4E39-8027-A80575676F8A}) (Version: 2.0.1 - Reben Studio&Aufnahmemedien C.M.Obrecht)
32 Bit HP CIO Components Installer (Version: 1.0.0 - Hewlett-Packard) Hidden
Acer Arcade Deluxe (HKLM\...\InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}) (Version: 2.5.6121 - CyberLink Corp.)
Acer Arcade Deluxe (Version: 2.5.6121 - CyberLink Corp.) Hidden
Acer Backup Manager (HKLM\...\InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}) (Version: 1.0.0.58 - NewTech Infosystems)
Acer eRecovery Management (HKLM\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.00.3008 - Acer Incorporated)
Acer GridVista (HKLM\...\GridVista) (Version: 2.72.317 - )
Acer PowerSmart Manager (HKLM\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 4.01.3016 - Acer Incorporated)
Acer Product Registration (HKLM\...\{DA20E1A8-07CB-4EE7-9B72-A7E28C953F0E}) (Version: 3.0.0.10 - Acer Incorporated)
Acer ScreenSaver (HKLM\...\Acer Screensaver) (Version: 1.0.0.0226 - Acer)
Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 17.0.0.134 - Adobe Systems Incorporated)
Adobe Reader X (10.1.13) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.13 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM\...\Adobe Shockwave Player) (Version: 12.1.0.150 - Adobe Systems, Inc.)
Agere Systems HDA Modem (HKLM\...\Agere Systems Soft Modem) (Version:  - Agere Systems)
AIO_Scan (Version: 90.0.222.000 - Hewlett-Packard) Hidden
ALPS Touch Pad Driver (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.5.2015.101 - Alps Electric)
Amazon MP3-Downloader 1.0.9 (HKLM\...\Amazon MP3-Downloader) (Version:  - )
Apple Application Support (32-Bit) (HKLM\...\{447CDCE5-F555-429B-BFA6-642C3C6D684F}) (Version: 3.1.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{E1DB0812-2D60-43DB-AE09-6C7027D93B28}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4800 - AVG Technologies)
AVG 2014 (Version: 14.0.4311 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4800 - AVG Technologies) Hidden
Backup Manager Basic (Version: 1.0.0.58 - NewTech Infosystems) Hidden
Big Fish: Game Manager (HKLM\...\BFGC) (Version: 3.3.0.2 - )
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom Gigabit NetLink Controller (HKLM\...\{9AF0B106-56F1-461B-A270-95BC1682E282}) (Version: 11.34.02 - Broadcom Corporation)
Choice Guard (Version: 1.2.87.0 - Microsoft Corporation) Hidden
Compatibility Pack für 2007 Office System (HKLM\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
dj_aio_corporate (Version: 90.0.222.000 - Hewlett-Packard) Hidden
DJ_AIO_Software_min (Version: 90.0.222.000 - Hewlett-Packard) Hidden
Dropbox (HKU\S-1-5-21-2058867259-2847588522-3491946613-1000\...\Dropbox) (Version: 3.2.9 - Dropbox, Inc.)
eSobi v2 (HKLM\...\InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}) (Version: 2.0.3.000223 - esobi Inc.)
eSobi v2 (Version: 2.0.3.000223 - esobi Inc.) Hidden
Express Rip (HKLM\...\ExpressRip) (Version:  - NCH Software)
Freemake Video Converter Version 4.1.5 (HKLM\...\Freemake Video Converter_is1) (Version: 4.1.5 - Ellora Assets Corporation)
Google Update Helper (Version: 1.3.23.9 - Google Inc.) Hidden
Grim Tales: Die Steinkönigin (HKLM\...\BFG-Grim Tales - Die Steinkoenigin) (Version:  - )
Hama Webcam Metal Pro (HKLM\...\{75438C0E-9925-412E-AD85-D0E71C6CE2ED}) (Version: 5.7.19203.106 - Sonix)
HP Deskjet All-In-One Driver Software 9.0.A Corporate Edition (HKLM\...\{B2C61EBB-F47C-48ba-B375-27A40F8F48F7}) (Version: 9.0 - HP)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - Intel Corporation)
iTunes (HKLM\...\{3A9FE6B1-EE7F-40AC-B831-AC7C9ABB58A0}) (Version: 12.1.1.4 - Apple Inc.)
Java 8 Update 31 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Java(TM) 6 Update 18 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216018F0}) (Version: 6.0.180 - Sun Microsystems, Inc.)
JavaFX 2.1.1 (HKLM\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
Junk Mail filter update (Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
Launch Manager (HKLM\...\LManager) (Version: 2.0.10 - Acer Inc.)
LightBox Free Image Editor (HKLM\...\LightBox Free Image Editor) (Version:  - )
Mahjong Escape Ancient China (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111252743}) (Version:  - Oberon Media)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (German) (HKLM\...\{95120000-00AF-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM\...\{62F7DA7E-CCCB-439C-A760-00C3926E761F}) (Version: 9.7.0621 - Microsoft Corporation)
MotoHelper MergeModules (Version: 1.2.0 - Motorola) Hidden
Mozilla Firefox 36.0.4 (x86 de) (HKLM\...\Mozilla Firefox 36.0.4 (x86 de)) (Version: 36.0.4 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 31.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Musicnotes Software Suite 1.5.3 (HKLM\...\Musicnotes Combined Installer_is1) (Version: 1.5.3 - Musicnotes Inc.)
MyWinLocker (HKLM\...\{68301905-2DEA-41CE-A4D4-E8B443B099BA}) (Version: 3.1.59.0 - Egis Technology Inc.)
Naviextras Toolbox (HKLM\...\Naviextras Toolbox) (Version: 3.18.3.412849 - NNG Llc.)
Naviextras Toolbox Prerequesities (HKLM\...\{537575D6-3B96-474C-BD8F-DFF667363DBD}) (Version: 1.0.0 - NNG Llc.)
NTI Backup Now 5 (HKLM\...\InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}) (Version: 5.1.2.616 - NewTech Infosystems)
NTI Backup Now Standard (Version: 5.1.2.616 - NewTech Infosystems) Hidden
Ocean Express (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111232687}) (Version:  - Oberon Media)
OpenOffice 4.1.0 (HKLM\...\{E19483E2-6C18-494D-A307-D4498BCFD2C7}) (Version: 4.10.9764 - Apache Software Foundation)
Opera 12.17 (HKLM\...\Opera 12.17.1863) (Version: 12.17.1863 - Opera Software ASA)
Orion (HKLM\...\{5B63A470-9334-44D1-AF61-6CE2DB565AE9}) (Version: 2.5.0 - Convesoft)
PDF24 Creator 6.9.1 (HKLM\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
QuickTime 7 (HKLM\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek USB 2.0 Card Reader (HKLM\...\{DC24971E-1946-445D-8A82-CE685433FA7D}) (Version: 6.0.6000.20113 - Realtek Semiconductor Corp.)
Samsung PC Studio 3 (Version: 3.0.0.80502 - Samsung Electronics Co., Ltd.) Hidden
Scan (Version: 9.0.0.0 - Hewlett-Packard) Hidden
SeaMonkey 2.32.1 (x86 de) (HKLM\...\SeaMonkey 2.32.1 (x86 de)) (Version: 2.32.1 - Mozilla)
Sibelius Scorch (Firefox, Opera, Netscape, Chrome only) (HKLM\...\{41626CC0-A854-4402-AD06-D7939515C282}) (Version: 6.2.0 - Sibelius Software, a division of Avid Technology, Inc.)
Skype™ 7.0 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Tod in Rumänien: Ein Dana Knightstone Roman Sammleredition (HKLM\...\BFG-Tod in Rumaenien - Ein Dana Knightstone Roman Sammleredition) (Version:  - )
Toolbox (Version: 90.0.146.000 - Hewlett-Packard) Hidden
Tri-Peaks Solitaire To Go (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111205743}) (Version:  - Oberon Media)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WavePad Sound Editor (HKLM\...\WavePad) (Version:  - NCH Software)
Windows Live Anmelde-Assistent (HKLM\...\{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}) (Version: 5.000.818.6 - Microsoft Corporation)
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8050.1202 - Microsoft Corporation)
Windows Live Sync (HKLM\...\{8C1E2925-14F8-45AA-B999-1E2A74BF5607}) (Version: 14.0.8050.1202 - Microsoft Corporation)
Windows Live-Uploadtool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2058867259-2847588522-3491946613-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Jana\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2058867259-2847588522-3491946613-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Jana\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2058867259-2847588522-3491946613-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jana\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2058867259-2847588522-3491946613-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jana\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2058867259-2847588522-3491946613-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jana\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2058867259-2847588522-3491946613-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jana\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2058867259-2847588522-3491946613-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jana\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2058867259-2847588522-3491946613-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jana\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2058867259-2847588522-3491946613-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jana\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2058867259-2847588522-3491946613-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jana\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)

==================== Restore Points  =========================

08-03-2015 14:00:25 Geplanter Prüfpunkt
12-03-2015 03:00:52 Windows Update
14-03-2015 01:01:17 Geplanter Prüfpunkt
15-03-2015 00:00:08 Geplanter Prüfpunkt
16-03-2015 00:33:40 Geplanter Prüfpunkt
18-03-2015 23:37:57 Geplanter Prüfpunkt
20-03-2015 00:34:03 Geplanter Prüfpunkt
21-03-2015 00:04:49 Geplanter Prüfpunkt
23-03-2015 00:57:26 Geplanter Prüfpunkt

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 11:23 - 2013-08-26 09:07 - 00450573 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
127.0.0.1	www.007guard.com
127.0.0.1	007guard.com
127.0.0.1	008i.com
127.0.0.1	www.008k.com
127.0.0.1	008k.com
127.0.0.1	www.00hq.com
127.0.0.1	00hq.com
127.0.0.1	010402.com
127.0.0.1	www.032439.com
127.0.0.1	032439.com
127.0.0.1	www.0scan.com
127.0.0.1	0scan.com
127.0.0.1	1000gratisproben.com
127.0.0.1	www.1000gratisproben.com
127.0.0.1	1001namen.com
127.0.0.1	www.1001namen.com
127.0.0.1	100888290cs.com
127.0.0.1	www.100888290cs.com
127.0.0.1	www.100sexlinks.com
127.0.0.1	100sexlinks.com
127.0.0.1	10sek.com
127.0.0.1	www.10sek.com
127.0.0.1	www.1-2005-search.com
127.0.0.1	1-2005-search.com
127.0.0.1	123fporn.info
127.0.0.1	www.123fporn.info
127.0.0.1	123haustiereundmehr.com
127.0.0.1	www.123haustiereundmehr.com

There are 1000 more lines.


==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {034223B4-3C8F-4DAF-8322-AE3DAA63272B} - System32\Tasks\{D7EDA30A-839F-4ED7-9315-76A04234245A} => pcalua.exe -a "C:\Program Files\Acer GameZone\Parking Dash\Uninstall.exe" -c "C:\Program Files\Acer GameZone\Parking Dash\install.log"
Task: {0DC572EC-2E18-496A-BA4D-87EBE7E3F2B0} - System32\Tasks\{9394FD75-4F7F-4C95-BB7E-11E799A66C92} => pcalua.exe -a "C:\Program Files\Common Files\Motorola Shared\MotPCSDrivers\Motorola Driver Installer.exe" -d "C:\Program Files\Common Files\Motorola Shared\MotPCSDrivers\"
Task: {0EC075A9-73B8-4581-AF47-20522CBFF2DF} - System32\Tasks\{E98132D1-65D2-4010-97B9-59945DFABB3F} => pcalua.exe -a "C:\Program Files\Acer GameZone\Tradewinds 2\Uninstall.exe" -c "C:\Program Files\Acer GameZone\Tradewinds 2\install.log"
Task: {15353136-507E-462F-BC75-234D2A8E3FDB} - System32\Tasks\{77CA31E2-AFE5-4B90-B0B5-E882F17F63FB} => pcalua.exe -a "C:\Program Files\bfgclient\Uninstall.exe"
Task: {1AA453F0-4729-4C17-99A2-C3905520FF18} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: {4AE90059-B89F-4E05-B224-8C00F69C5E6D} - System32\Tasks\{4E2F7CAF-247E-4330-92E9-E55D74900F8F} => C:\Program Files\Skype\Phone\Skype.exe [2014-12-11] (Skype Technologies S.A.)
Task: {4DF43397-4F74-472F-A01F-A184CDCD056A} - System32\Tasks\Refresh immunization (Spybot - Search & Destroy) => C:\Program Files\Spybot - Search &amp; Destroy 2\SDImmunize.exe
Task: {570079E8-1123-492A-8C63-6F62CFB13879} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: {596DF877-1496-49E2-9EE3-378C16F496E7} - System32\Tasks\AVG-Secure-Search-Update_0814tb_rel => C:\Program Files\AVG Security Toolbar\AVG-Secure-Search-Update_0814tb.exe [2014-08-26] ()
Task: {5E907BF7-2EB8-43CD-9934-9F984AEBA815} - System32\Tasks\NCH Swift Sound\wavepadShakeIcon => C:\Program Files\NCH Swift Sound\WavePad\WavePad.exe [2010-07-30] (NCH Software)
Task: {69B548AC-6810-4EED-9B8F-D5DACDAC617F} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Jana => C:\Program Files\Windows Calendar\WinCal.exe [2009-04-11] (Microsoft Corporation)
Task: {6A39A20B-ADA2-45BA-8CC5-DFF993AD0ED4} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {71A0B785-C030-41F0-A91D-D7F1CAA44C2A} - System32\Tasks\Scan the system (Spybot - Search & Destroy) => C:\Program Files\Spybot - Search &amp; Destroy 2\SDScan.exe
Task: {765C12A1-B6EE-40F2-91D0-E67FB5E72403} - System32\Tasks\AVG_SYS_TASK_0215av => C:\ProgramData\Avg_Update_0215av\AVG-Secure-Search-Update_0215av.exe [2015-02-17] ()
Task: {7DD8296F-2119-46B3-B43E-D29AA0AD657A} - System32\Tasks\Egis technology-Online-Aktualisierungsprogramm => C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe [2009-05-13] (Egis Technology Inc.)
Task: {82C5BEAA-329E-41D5-815E-2E152CDB290E} - System32\Tasks\MotoHelper MUM => C:\Program Files\Motorola\MotoHelper\MotoHelperUpdate.exe
Task: {920B4ED2-A12E-46E2-835E-15FBE9C6CD20} - System32\Tasks\AVG_SYS_TASK_0215av_DELETE => C:\ProgramData\Avg_Update_0215av\AVG-Secure-Search-Update_0215av.exe [2015-02-17] ()
Task: {960BBB13-9A23-4F75-B88C-CF48CF324A0F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-03-19] (Adobe Systems Incorporated)
Task: {96A59E9A-2AF8-473D-B682-E27A26F15E6C} - System32\Tasks\{C4C379BC-CE78-4407-AD9A-11CCC098E7E8} => pcalua.exe -a "C:\Program Files\Acer GameZone\Ocean Express\Uninstall.exe" -c "C:\Program Files\Acer GameZone\Ocean Express\install.log"
Task: {A2EA67EE-9389-4D9D-91D9-61EF2F4945D1} - System32\Tasks\{1A326743-0AA0-45F4-BB30-F8BB4ECE2E83} => pcalua.exe -a "C:\Program Files\Acer GameZone\Turbo Pizza\Uninstall.exe" -c "C:\Program Files\Acer GameZone\Turbo Pizza\install.log"
Task: {A33C5FE3-9589-413B-934F-7E25628F2B76} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {AB090CF3-5AC0-44C5-880F-84A83CA06359} - System32\Tasks\MotoHelper Routing => C:\Program Files\Motorola\MotoHelper\MotoHelperUpdate.exe
Task: {B332CC14-4EB5-4418-A1FC-C65A06916769} - System32\Tasks\{72B49BE9-BB14-49C4-AD86-43849CB95F1D} => pcalua.exe -a "C:\Program Files\Acer GameZone\Wedding Dash\Uninstall.exe" -c "C:\Program Files\Acer GameZone\Wedding Dash\install.log"
Task: {B386ABEF-1BD0-44C9-B47B-A895E06E79D7} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv => C:\Windows\TEMP\{A939717C-2C0B-4808-A29B-E65781C2E71E}.exe
Task: {B563FCCE-0EC8-414A-8163-0AF6BDD46EE5} - System32\Tasks\Check for updates (Spybot - Search & Destroy) => C:\Program Files\Spybot - Search &amp; Destroy 2\SDUpdate.exe
Task: {C72841EF-871D-47AE-9C50-444E72E03C89} - System32\Tasks\{F3AA552E-9274-46F3-8E57-328627C3E121} => pcalua.exe -a "C:\Program Files\Acer GameZone\Tri-Peaks Solitaire To Go\Uninstall.exe" -c "C:\Program Files\Acer GameZone\Tri-Peaks Solitaire To Go\install.log"
Task: {DD812B53-3753-4776-A784-964280C20F6A} - System32\Tasks\{FB0574A4-2DF1-437C-BD3A-0A160A7260D8} => pcalua.exe -a C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\8\INTEL3~1\IDriver.exe -c /M{D48C9BFC-FBCF-4F29-B97D-822ED6D497FE}
Task: {DF05967E-6520-4845-896B-22D6CC01969F} - System32\Tasks\Java Update Scheduler => C:\Program Files\Common Files\Java\Java Update\jusched.exe [2014-12-17] (Oracle Corporation)
Task: {DFD42890-F1C5-4976-9757-84C7492A3564} - System32\Tasks\{9AE4F6EC-C735-4246-BB1C-F531D731864C} => pcalua.exe -a "C:\Program Files\Acer GameZone\Luxor 2\Uninstall.exe" -c "C:\Program Files\Acer GameZone\Luxor 2\install.log"
Task: {E7C37B0C-58B2-431E-9F41-CB3B42551582} - System32\Tasks\MotoHelper Update => C:\Program Files\Motorola\MotoHelper\MotoHelperUpdate.exe
Task: {F1FC336B-CBCE-4BF2-9B1A-E91B1A0F0618} - System32\Tasks\MotoHelper Initial Update => C:\Program Files\Motorola\MotoHelper\MotoHelperUpdate.exe
Task: {F637AB4E-1A37-417B-A0DF-09436BAD9D0A} - System32\Tasks\{1FEA2CBF-E282-4C18-9E27-D1D616861DF3} => pcalua.exe -a "C:\Program Files\Acer GameZone\Mahjong Escape Ancient China\Uninstall.exe" -c "C:\Program Files\Acer GameZone\Mahjong Escape Ancient China\install.log"
Task: {F6AA2A58-CCC2-44C0-974B-5DB76D4658B6} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {F9E24EF6-A1E5-4B82-B8D9-E2EDA317F141} - System32\Tasks\BFGLaunch_bfgclient => C:\Program Files\bfgclient\bfgclient.exe [2014-03-05] ()
Task: {FE7BDB05-B2F1-43EF-BE96-0FA20245019D} - System32\Tasks\AVG-Secure-Search-Update_0814tb_rmv => C:\Program Files\AVG Security Toolbar\AVG-Secure-Search-Update_0814tb.exe [2014-08-26] ()

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_0814tb_rel.job => C:\Program Files\AVG Security Toolbar\AVG-Secure-Search-Update_0814tb.exe
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_0814tb_rmv.job => C:\Program Files\AVG Security Toolbar\AVG-Secure-Search-Update_0814tb.exe
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => C:\Windows\TEMP\{A939717C-2C0B-4808-A29B-E65781C2E71E}.exe <==== ATTENTION
Task: C:\Windows\Tasks\AVG_SYS_TASK_0215av.job => C:\ProgramData\Avg_Update_0215av\AVG-Secure-Search-Update_0215av.exe
Task: C:\Windows\Tasks\AVG_SYS_TASK_0215av_DELETE.job => C:\ProgramData\Avg_Update_0215av\AVG-Secure-Search-Update_0215av.exe
Task: C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe
Task: C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe

==================== Loaded Modules (whitelisted) ==============

2015-03-25 14:17 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2015-03-25 14:17 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
2015-02-27 09:27 - 2015-02-17 15:16 - 02794520 _____ () C:\ProgramData\Avg_Update_0215av\AVG-Secure-Search-Update_0215av.exe
2014-08-26 18:45 - 2014-08-26 18:45 - 02782744 _____ () C:\Program Files\AVG Security Toolbar\AVG-Secure-Search-Update_0814tb.exe
2009-01-21 00:41 - 2009-01-21 00:41 - 00872448 _____ () C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMediaLibrary.dll
2009-01-21 00:41 - 2009-01-21 00:41 - 00007680 _____ () C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvcPS.dll
2009-08-05 20:43 - 2003-06-07 22:30 - 00057344 _____ () C:\Program Files\Launch Manager\PowerUtl.dll
2015-02-27 09:27 - 2015-02-17 15:16 - 02794520 _____ () C:\Users\Jana\AppData\Roaming\Avg_Update_0215av\AVG-Secure-Search-Update_0215av.exe
2014-02-12 19:58 - 2014-02-12 19:58 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-02-13 04:20 - 2015-02-13 04:20 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-03-25 14:17 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2015-03-25 14:17 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll
2015-03-25 14:17 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files\Spybot - Search & Destroy 2\av\BDSmartDB.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:04BC9A2C
AlternateDataStreams: C:\ProgramData\Temp:0860D6D6
AlternateDataStreams: C:\ProgramData\Temp:0B4227B4
AlternateDataStreams: C:\ProgramData\Temp:0F3F6B1E
AlternateDataStreams: C:\ProgramData\Temp:1234ADAE
AlternateDataStreams: C:\ProgramData\Temp:131C0EE9
AlternateDataStreams: C:\ProgramData\Temp:178093AE
AlternateDataStreams: C:\ProgramData\Temp:17C48B08
AlternateDataStreams: C:\ProgramData\Temp:18897B1D
AlternateDataStreams: C:\ProgramData\Temp:260575F1
AlternateDataStreams: C:\ProgramData\Temp:2C678471
AlternateDataStreams: C:\ProgramData\Temp:2C86E2AD
AlternateDataStreams: C:\ProgramData\Temp:2CA4B471
AlternateDataStreams: C:\ProgramData\Temp:2CB9631F
AlternateDataStreams: C:\ProgramData\Temp:2F141B68
AlternateDataStreams: C:\ProgramData\Temp:302ECBD6
AlternateDataStreams: C:\ProgramData\Temp:3064D21D
AlternateDataStreams: C:\ProgramData\Temp:315B4A13
AlternateDataStreams: C:\ProgramData\Temp:32AE8659
AlternateDataStreams: C:\ProgramData\Temp:331B7520
AlternateDataStreams: C:\ProgramData\Temp:33384BC0
AlternateDataStreams: C:\ProgramData\Temp:35759C73
AlternateDataStreams: C:\ProgramData\Temp:363E775E
AlternateDataStreams: C:\ProgramData\Temp:3B3A35EC
AlternateDataStreams: C:\ProgramData\Temp:3D887DCC
AlternateDataStreams: C:\ProgramData\Temp:3E06C78F
AlternateDataStreams: C:\ProgramData\Temp:3E8A3E87
AlternateDataStreams: C:\ProgramData\Temp:41099CE9
AlternateDataStreams: C:\ProgramData\Temp:48977386
AlternateDataStreams: C:\ProgramData\Temp:490BCC52
AlternateDataStreams: C:\ProgramData\Temp:4F636E25
AlternateDataStreams: C:\ProgramData\Temp:5080697C
AlternateDataStreams: C:\ProgramData\Temp:52E1DB1D
AlternateDataStreams: C:\ProgramData\Temp:57176330
AlternateDataStreams: C:\ProgramData\Temp:57EE48CA
AlternateDataStreams: C:\ProgramData\Temp:5A2E8BBF
AlternateDataStreams: C:\ProgramData\Temp:5B4686D7
AlternateDataStreams: C:\ProgramData\Temp:5C353220
AlternateDataStreams: C:\ProgramData\Temp:5C9A6C78
AlternateDataStreams: C:\ProgramData\Temp:60AC3BC3
AlternateDataStreams: C:\ProgramData\Temp:614F17D3
AlternateDataStreams: C:\ProgramData\Temp:663B62CA
AlternateDataStreams: C:\ProgramData\Temp:67BA17B9
AlternateDataStreams: C:\ProgramData\Temp:69F562A6
AlternateDataStreams: C:\ProgramData\Temp:69FD6BF0
AlternateDataStreams: C:\ProgramData\Temp:6AF67671
AlternateDataStreams: C:\ProgramData\Temp:6BD304B9
AlternateDataStreams: C:\ProgramData\Temp:6BF0805F
AlternateDataStreams: C:\ProgramData\Temp:6E11933F
AlternateDataStreams: C:\ProgramData\Temp:6E90EDD7
AlternateDataStreams: C:\ProgramData\Temp:6FD26134
AlternateDataStreams: C:\ProgramData\Temp:70E897B5
AlternateDataStreams: C:\ProgramData\Temp:798A3728
AlternateDataStreams: C:\ProgramData\Temp:7C27C41C
AlternateDataStreams: C:\ProgramData\Temp:7EC01D6D
AlternateDataStreams: C:\ProgramData\Temp:814B9485
AlternateDataStreams: C:\ProgramData\Temp:865F21BF
AlternateDataStreams: C:\ProgramData\Temp:86A7B7DD
AlternateDataStreams: C:\ProgramData\Temp:8750DCE4
AlternateDataStreams: C:\ProgramData\Temp:87A3A233
AlternateDataStreams: C:\ProgramData\Temp:88C5973F
AlternateDataStreams: C:\ProgramData\Temp:8AA99C0C
AlternateDataStreams: C:\ProgramData\Temp:8B480195
AlternateDataStreams: C:\ProgramData\Temp:8DA9DB01
AlternateDataStreams: C:\ProgramData\Temp:8DD20B4A
AlternateDataStreams: C:\ProgramData\Temp:922DA2DB
AlternateDataStreams: C:\ProgramData\Temp:9254F782
AlternateDataStreams: C:\ProgramData\Temp:93226FE3
AlternateDataStreams: C:\ProgramData\Temp:93B0BB6F
AlternateDataStreams: C:\ProgramData\Temp:93B8F954
AlternateDataStreams: C:\ProgramData\Temp:94B25DF5
AlternateDataStreams: C:\ProgramData\Temp:9BFB769D
AlternateDataStreams: C:\ProgramData\Temp:9DF07E8F
AlternateDataStreams: C:\ProgramData\Temp:9E22BBE8
AlternateDataStreams: C:\ProgramData\Temp:A2FF94DF
AlternateDataStreams: C:\ProgramData\Temp:A4AF8D0D
AlternateDataStreams: C:\ProgramData\Temp:A6346EE9
AlternateDataStreams: C:\ProgramData\Temp:A6CDBCAC
AlternateDataStreams: C:\ProgramData\Temp:A78B31DD
AlternateDataStreams: C:\ProgramData\Temp:A819A132
AlternateDataStreams: C:\ProgramData\Temp:A9F13D2D
AlternateDataStreams: C:\ProgramData\Temp:AA60673F
AlternateDataStreams: C:\ProgramData\Temp:ABE89FFE
AlternateDataStreams: C:\ProgramData\Temp:ADE16379
AlternateDataStreams: C:\ProgramData\Temp:ADFAD95A
AlternateDataStreams: C:\ProgramData\Temp:B093E177
AlternateDataStreams: C:\ProgramData\Temp:B203B914
AlternateDataStreams: C:\ProgramData\Temp:B2DC8D6B
AlternateDataStreams: C:\ProgramData\Temp:B3942462
AlternateDataStreams: C:\ProgramData\Temp:B504E4C2
AlternateDataStreams: C:\ProgramData\Temp:B623B5B8
AlternateDataStreams: C:\ProgramData\Temp:BB24555F
AlternateDataStreams: C:\ProgramData\Temp:C0A2E219
AlternateDataStreams: C:\ProgramData\Temp:C0A9B815
AlternateDataStreams: C:\ProgramData\Temp:C7B98566
AlternateDataStreams: C:\ProgramData\Temp:CC7738DB
AlternateDataStreams: C:\ProgramData\Temp:CCB49694
AlternateDataStreams: C:\ProgramData\Temp:CDFF58FE
AlternateDataStreams: C:\ProgramData\Temp:CE0A077E
AlternateDataStreams: C:\ProgramData\Temp:CEE4A457
AlternateDataStreams: C:\ProgramData\Temp:D2D4B33E
AlternateDataStreams: C:\ProgramData\Temp:D4D3884D
AlternateDataStreams: C:\ProgramData\Temp:D8F9D810
AlternateDataStreams: C:\ProgramData\Temp:DCAF903C
AlternateDataStreams: C:\ProgramData\Temp:E027789A
AlternateDataStreams: C:\ProgramData\Temp:E1982A23
AlternateDataStreams: C:\ProgramData\Temp:E4FCDFD9
AlternateDataStreams: C:\ProgramData\Temp:EA701346
AlternateDataStreams: C:\ProgramData\Temp:ED92736E
AlternateDataStreams: C:\ProgramData\Temp:F4362715
AlternateDataStreams: C:\ProgramData\Temp:F4BF61E8
AlternateDataStreams: C:\ProgramData\Temp:F5E8CAE0
AlternateDataStreams: C:\ProgramData\Temp:F67AAFC5
AlternateDataStreams: C:\ProgramData\Temp:F81E7082
AlternateDataStreams: C:\ProgramData\Temp:FC60E0F8
AlternateDataStreams: C:\ProgramData\Temp:FDC41D2C
AlternateDataStreams: C:\ProgramData\Temp:FECEF728
AlternateDataStreams: C:\ProgramData\Temp:FED25C29
AlternateDataStreams: C:\ProgramData\Temp:FEEEFFAD
AlternateDataStreams: C:\Users\Jana\Downloads\AVE_MARIA_BACH_T76Jana-mix1.mp3:TOC.WMV
AlternateDataStreams: C:\Users\Jana\Downloads\O_MIO_BABBINO_CARO-MAIN.mp3:TOC.WMV
AlternateDataStreams: C:\Users\Jana\Documents\17 RusalkaJana.wav:TOC.WMV
AlternateDataStreams: C:\Users\Jana\Documents\Bel Raggio Lusinghier Jana.mp3:TOC.WMV
AlternateDataStreams: C:\Users\Jana\Documents\Connais tu le pays.mp3:TOC.WMV
AlternateDataStreams: C:\Users\Jana\Documents\Re_ Termine mit Emma in 2011.eml:OECustomProperty
AlternateDataStreams: C:\Users\Jana\Documents\Voi che sapete Jana.mp3:TOC.WMV
AlternateDataStreams: C:\Users\Jana\Documents\wennichdichliebenwill.mp3:TOC.WMV

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2058867259-2847588522-3491946613-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Jana\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
DNS Servers: 192.168.178.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: AgereModemAudio => 2
MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: CLHNService => 2
MSCONFIG\Services: ePowerSvc => 2
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: NTI IScheduleSvc => 2
MSCONFIG\Services: NTIBackupSvc => 3
MSCONFIG\Services: NTISchedulerSvc => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: Sony PC Companion => 3
MSCONFIG\Services: vToolbarUpdater18.1.9 => 2
MSCONFIG\startupreg: PDFPrint => C:\Program Files\PDF24\pdf24.exe
MSCONFIG\startupreg: tsnp2std => C:\Windows\tsnp2std.exe

==================== Accounts: =============================

Administrator (S-1-5-21-2058867259-2847588522-3491946613-500 - Administrator - Disabled)
Gast (S-1-5-21-2058867259-2847588522-3491946613-501 - Limited - Disabled)
Jana (S-1-5-21-2058867259-2847588522-3491946613-1000 - Administrator - Enabled) => C:\Users\Jana

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (03/25/2015 01:45:40 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: FreemakeUtilsService.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund eines Ausnahmefehlers beendet.
Ausnahmeinformationen: System.ArgumentException
Stapel:
   bei System.Security.Principal.SecurityIdentifier..ctor(System.String)
   bei FreemakeUtilsService.Common.ToolbarInstallationChecker.GetSidToUsernameDictionary()
   bei FreemakeUtilsService.Common.ToolbarInstallationChecker.CheckInfo(FreemakeUtilsService.Common.FreemakeToolbarsInfo)
   bei FreemakeUtilsService.Statistics.Manager.StartToolbarInfoCheck()
   bei FreemakeUtilsService.Statistics.Manager.SettingsSyncFailed(System.Object, System.EventArgs)
   bei FreemakeUtilsService.Common.Synchronizer.OnWorkerCompleted(System.Object, System.ComponentModel.RunWorkerCompletedEventArgs)
   bei System.ComponentModel.BackgroundWorker.OnRunWorkerCompleted(System.ComponentModel.RunWorkerCompletedEventArgs)
   bei System.ComponentModel.BackgroundWorker.AsyncOperationCompleted(System.Object)
   bei System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
   bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bei System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
   bei System.Threading.ThreadPoolWorkQueue.Dispatch()
   bei System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()

Error: (03/25/2015 01:04:59 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm SoftwareUpdate.exe, Version 2.1.3.127 arbeitet nicht mehr mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem zu suchen.
Prozess-ID: 13b0
Anfangszeit: 01d06671bb6dc0af
Zeitpunkt der Beendigung: 5

Error: (03/24/2015 08:11:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlerhafte Anwendung iTunes.exe, Version 12.0.1.26, Zeitstempel 0x543e558b, fehlerhaftes Modul ole32.dll, Version 6.0.6002.18277, Zeitstempel 0x4c28d53e, Ausnahmecode 0xc0000005, Fehleroffset 0x00047456,
Prozess-ID 0xe7c, Anwendungsstartzeit iTunes.exe0.

Error: (03/24/2015 08:07:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlerhafte Anwendung iTunes.exe, Version 12.0.1.26, Zeitstempel 0x543e558b, fehlerhaftes Modul CoreFP.dll, Version 2.7.39.0, Zeitstempel 0x5407fffb, Ausnahmecode 0xc0000005, Fehleroffset 0x00344f56,
Prozess-ID 0x234, Anwendungsstartzeit iTunes.exe0.

Error: (03/24/2015 02:44:24 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/24/2015 02:43:43 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Die abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (03/24/2015 02:43:43 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Die abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (03/24/2015 02:43:42 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Die abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (03/24/2015 02:43:42 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Die abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (03/23/2015 00:58:04 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: 
Details:
AddWin32ServiceFiles: Unable to back up image of service Wecsvc since QueryServiceConfig API failed

System Error:
Das System kann die angegebene Datei nicht finden.


System errors:
=============
Error: (03/25/2015 01:45:45 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Freemake Improver1

Error: (03/24/2015 04:42:26 PM) (Source: iaStor) (EventID: 9) (User: )
Description: Das Gerät \Device\Ide\iaStor0 hat innerhalb der Fehlerwartezeit nicht geantwortet.

Error: (03/24/2015 02:46:24 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Google Update Service (gupdate)%%3

Error: (03/24/2015 02:44:24 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058

Error: (03/22/2015 09:33:26 PM) (Source: iaStor) (EventID: 9) (User: )
Description: Das Gerät \Device\Ide\iaStor0 hat innerhalb der Fehlerwartezeit nicht geantwortet.

Error: (03/22/2015 01:53:21 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Windows Update

Error: (03/22/2015 01:52:36 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: 30000SENS

Error: (03/22/2015 01:50:22 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Google Update Service (gupdate)%%3

Error: (03/22/2015 01:50:13 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: 30000SENS

Error: (03/22/2015 01:47:33 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Freemake Improver%%1053


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2015-03-25 15:29:07.731
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-03-25 15:29:06.904
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-03-25 15:29:06.108
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-03-25 15:29:05.203
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-03-25 15:29:03.987
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-03-25 15:29:03.191
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-03-25 15:29:02.146
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-03-25 15:29:01.288
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-03-25 15:28:21.380
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-03-25 15:28:20.584
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Processor: Pentium(R) Dual-Core CPU T4200 @ 2.00GHz
Percentage of memory in use: 72%
Total physical RAM: 3000.09 MB
Available physical RAM: 838.8 MB
Total Pagefile: 6232.45 MB
Available Pagefile: 3833.81 MB
Total Virtual: 2047.88 MB
Available Virtual: 1876.36 MB

==================== Drives ================================

Drive c: (ACER) (Fixed) (Total:223.12 GB) (Free:104.3 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 232.9 GB) (Disk ID: 3C58EAD4)
Partition 1: (Not Active) - (Size=9.8 GB) - (Type=27)
Partition 2: (Active) - (Size=223.1 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         
__________________

Alt 25.03.2015, 14:41   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
pup.optional.facemoods und trojanerwarnung avg - Standard

pup.optional.facemoods und trojanerwarnung avg



Adware/Junkware/Toolbars entfernen

Alte Versionen von adwCleaner und falls vorhanden JRT vorher löschen, danach neu runterladen auf den Desktop!
Virenscanner jetzt vor dem Einsatz dieser Tools bitte komplett deaktivieren!


1. Schritt: adwCleaner

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).




2. Schritt: JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.




3. Schritt: Frisches Log mit FRST

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 25.03.2015, 22:02   #5
Tinette
 
pup.optional.facemoods und trojanerwarnung avg - Standard

pup.optional.facemoods und trojanerwarnung avg



Ok, offenbar hatte ich irgendwas seltsames im Log stehen und bin unten durch, ich werd dann den Rechner am Wochenende neu aufsetzen.

Logs hab ich dann gelöscht.

Danke für die Hilfe soweit!


Geändert von Tinette (25.03.2015 um 22:05 Uhr) Grund: eigene Dummheit...

Alt 25.03.2015, 23:20   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
pup.optional.facemoods und trojanerwarnung avg - Standard

pup.optional.facemoods und trojanerwarnung avg



wat wat wat

Wer sagt das, dass du unten durch seist?
__________________
--> pup.optional.facemoods und trojanerwarnung avg

Alt 25.03.2015, 23:50   #7
Tinette
 
pup.optional.facemoods und trojanerwarnung avg - Standard

pup.optional.facemoods und trojanerwarnung avg



Hey,

dank dir für die Antwort, ich hab inzwischen schon einiges runtergeschmissen und den adw quarantäne Ordner gelöscht um zu gucken, ob es was ändert, das JRT file hab ich jetzt nicht mehr, das neue ist leer, allein mit denen hier kannst du wahrscheinlich nichts mehr anfangen..
Sorry, ging nicht gegen dich - ich dachte, irgendwas ist - ich bin halt manchmal bissl begriffsstutzig
Daher hab ich angefangen, schon mal Sachen runterzuhauen, die ich nicht mit sichern will und dachte mir halt, ich mach den Kleinen am Wochenende einfach platt und frisch...
Das kann ich - den Rest leider nicht...

War nicht bös gemeint


FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-03-2015
Ran by Jana (administrator) on JANA-PC on 26-03-2015 00:20:20
Running from C:\Users\Jana\.tfo4\Desktop
Loaded Profiles: Jana (Available profiles: Jana)
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgcsrvx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
() C:\ProgramData\Avg_Update_0215av\AVG-Secure-Search-Update_0215av.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(CyberLink Corp.) C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
(CyberLink) C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgwdsvc.exe
(Egis Technology Inc.) C:\Program Files\EgisTec\MyWinLocker 3\x86\MWLService.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgnsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgemcx.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApntEx.exe
(Dritek System Inc.) C:\Program Files\Launch Manager\LManager.exe
(Egis Technology Inc.) C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
(Sonix) C:\Windows\vsnp2std.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgui.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdSync.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Hidfind.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
() C:\Users\Jana\AppData\Roaming\Avg_Update_0215av\AVG-Secure-Search-Update_0215av.exe
(Dropbox, Inc.) C:\Users\Jana\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Acer Incorporated) C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTray.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Windows\System32\sdclt.exe
(Microsoft Corporation) C:\Program Files\Windows Live\Photo Gallery\WLXQuickTimeControlHost.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Malwarebytes Corporation) C:\Program Files\ MALWAREBYTES ANTI-MALWARE \mbam.exe
(Malwarebytes Corporation) C:\Program Files\ MALWAREBYTES ANTI-MALWARE \mbamservice.exe
(Malwarebytes Corporation) C:\Program Files\ MALWAREBYTES ANTI-MALWARE \mbamscheduler.exe
(Farbar) C:\Users\Jana\.tfo4\Desktop\FRST(1).exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [ArcadeDeluxeAgent] => C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe [156968 2009-01-21] (CyberLink Corp.)
HKLM\...\Run: [CLMLServer] => C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe [202024 2009-01-21] (CyberLink)
HKLM\...\Run: [Apoint] => C:\Program Files\Apoint2K\Apoint.exe [204800 2009-02-24] (Alps Electric Co., Ltd.)
HKLM\...\Run: [LManager] => C:\Program Files\Launch Manager\LManager.exe [1069576 2009-06-25] (Dritek System Inc.)
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe [440864 2009-06-23] (Acer Incorporated)
HKLM\...\Run: [mwlDaemon] => C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe [345384 2009-05-14] (Egis Technology Inc.)
HKLM\...\Run: [snp2std] => C:\Windows\vsnp2std.exe [344064 2007-05-10] (Sonix)
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2014\avgui.exe [5188112 2014-12-16] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-02-13] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM\...\Run: [Windows Mobile-based device management] => C:\Windows\WindowsMobile\wmdSync.exe [215552 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157480 2015-02-13] (Apple Inc.)
HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKU\S-1-5-21-2058867259-2847588522-3491946613-1000\...\Run: [AVG-Secure-Search-Update_JUNE2013_TB] => "C:\Program Files\AVG Secure Search\AVG-Secure-Search-Update_JUNE2013_TB.exe"  /PROMPT /CMPID=JUNE2013_TB
HKU\S-1-5-21-2058867259-2847588522-3491946613-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-2058867259-2847588522-3491946613-1000\...\Run: [AVG-Secure-Search-Update_0814tb] => "C:\Program Files\AVG Security Toolbar\AVG-Secure-Search-Update_0814tb.exe" /PROMPT /CMPID=0814tb 
HKU\S-1-5-21-2058867259-2847588522-3491946613-1000\...\Run: [AVG-Secure-Search-Update_1214av] => C:\Users\Jana\AppData\Roaming\Avg_Update_1214av\AVG-Secure-Search-Update_1214av.exe /PROMPT /mid=59650494993fe9a13e2609893a9013bd-d0f9add0c8c22f6c1392a307a4e945381b0f1cb0 /CMPID=1214av
HKU\S-1-5-21-2058867259-2847588522-3491946613-1000\...\Run: [AVG-Secure-Search-Update_0215av] => C:\Users\Jana\AppData\Roaming\Avg_Update_0215av\AVG-Secure-Search-Update_0215av.exe [2794520 2015-02-17] ()
HKU\S-1-5-21-2058867259-2847588522-3491946613-1000\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKU\S-1-5-21-2058867259-2847588522-3491946613-1000\...\MountPoints2: {03dd78ff-bc64-11e0-83ba-001f169a62b2} - E:\setup.exe AUTORUN=1
HKU\S-1-5-21-2058867259-2847588522-3491946613-1000\...\MountPoints2: {360ae716-75e5-11e2-9705-001f169a62b2} - E:\setup.exe -a
HKU\S-1-5-21-2058867259-2847588522-3491946613-1000\...\MountPoints2: {d9a0688a-30cd-11e0-9745-001f169a62b2} - E:\setup.exe -a
HKU\S-1-5-21-2058867259-2847588522-3491946613-1000\...\MountPoints2: {fbb7201f-c913-11e2-9382-001f169a62b2} - F:\Startme.exe
HKU\S-1-5-21-2058867259-2847588522-3491946613-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\System32\Acer.scr [413696 2009-01-22] (Acer)
Startup: C:\Users\Jana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Jana\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jana\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jana\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jana\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files\EgisTec\MyWinLocker 3\x86\psdprotect.dll (Egis Technology Inc.)
BootExecute: autocheck autochk * sdnclean.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0809&m=aspire_5738
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0809&m=aspire_5738
HKU\S-1-5-21-2058867259-2847588522-3491946613-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2058867259-2847588522-3491946613-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0809&m=aspire_5738
HKU\S-1-5-21-2058867259-2847588522-3491946613-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://global.acer.com/
HKU\S-1-5-21-2058867259-2847588522-3491946613-1000\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com
HKU\S-1-5-21-2058867259-2847588522-3491946613-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
URLSearchHook: HKU\S-1-5-21-2058867259-2847588522-3491946613-1000 - (No Name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} -  No File
SearchScopes: HKLM -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2058867259-2847588522-3491946613-1000 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE355
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-01-25] (Oracle Corporation)
BHO: Windows Live Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-25] (Oracle Corporation)
Toolbar: HKLM - FireShot - {6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} - C:\Program Files\FireShot for Internet Explorer\fsaddin-0.98.59.dll No File
Toolbar: HKU\.DEFAULT -> No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} -  No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_55-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0055-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_55-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_55-windows-i586.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -  No File []
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2007-06-09] (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL No File []
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Jana\AppData\Roaming\Mozilla\Firefox\Profiles\1xru579m.default-1404185215601
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_134.dll [2015-03-19] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1210150.dll [2014-03-11] (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-25] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-25] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=14.0.8051.1204 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2008-12-04] (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @Musicnotes.com/Musicnotes Viewer,version=1.18.9 -> C:\Program Files\Musicnotes\npmusicn.dll No File
FF Plugin: @Sibelius.com/Scorch Plugin,version=6.2.0.88 -> C:\Program Files\Sibelius Software\Scorch\npsibelius.dll No File
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll No File
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll No File
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2014-11-05] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2014-11-05] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2014-11-05] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2014-11-05] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2014-11-05] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPSibelius.dll [2013-03-11] ()
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\PDFNetC.dll [2010-03-31] (PDFTron Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\ScorchAxPlugin.dll [2010-04-08] ()
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\ScorchPDFWrapper.dll [2010-04-08] ()
FF Extension: FireShot - C:\Users\Jana\AppData\Roaming\Mozilla\Firefox\Profiles\1xru579m.default-1404185215601\Extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba} [2015-02-23]
FF Extension: WOT - C:\Users\Jana\AppData\Roaming\Mozilla\Firefox\Profiles\1xru579m.default-1404185215601\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2014-07-01]
FF Extension: ZenMate Security &amp; Privacy VPN - C:\Users\Jana\AppData\Roaming\Mozilla\Firefox\Profiles\1xru579m.default-1404185215601\Extensions\firefox@zenmate.com.xpi [2014-12-04]
FF Extension: Adblock Plus - C:\Users\Jana\AppData\Roaming\Mozilla\Firefox\Profiles\1xru579m.default-1404185215601\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-07-01]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-11-26]
FF HKLM\...\Firefox\Extensions: [avg@igeared] - C:\Program Files\AVG\AVG10\Toolbar\Firefox\avg@igeared
FF HKLM\...\Firefox\Extensions: [firefox@gingersoftware.2.0.0.74.com] - C:\Program Files\Ginger\Mozilla\firefox@gingersoftware.2.0.0.74.com
FF Extension: Ginger - Grammar and Spell Checker - C:\Program Files\Ginger\Mozilla\firefox@gingersoftware.2.0.0.74.com [2014-05-28]

Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [jbolfgndggfhhpbnkgnpjkfhinclbigj] - C:\Program Files\Freemake\Freemake Video Converter\BrowserPlugin\Chrome\Freemake.Plugin.Chrome.crx [2011-11-13]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVGIDSAgent; C:\Program Files\AVG\AVG2014\avgidsagent.exe [3247120 2014-12-16] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2014\avgwdsvc.exe [289328 2014-12-16] (AVG Technologies CZ, s.r.o.)
S4 CLHNService; C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [75048 2008-12-18] ()
S4 ePowerSvc; C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [707104 2009-06-23] (Acer Incorporated)
S2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [108032 2014-12-03] (Freemake) [File not signed]
S3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [217088 2007-03-12] (Hewlett-Packard Co.) [File not signed]
R2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 MWLService; C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe [305448 2009-05-14] (Egis Technology Inc.)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [43520 2006-11-08] (Hewlett-Packard) [File not signed]
S4 NTI IScheduleSvc; C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [61184 2009-04-11] (NewTech Infosystems, Inc.)
S4 NTISchedulerSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [144632 2008-09-23] (NewTech Infosystems, Inc.)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53248 2006-11-08] (Hewlett-Packard) [File not signed]
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-21] (Microsoft Corporation)
S2 gupdate; "C:\Program Files\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files\Google\Update\GoogleUpdate.exe" /medsvc [X]
S3 Wecsvc; %SystemRoot%\system32\wecsvc.dll [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [121624 2014-06-30] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [200984 2014-07-21] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [147736 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [21272 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [189720 2014-10-24] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [241944 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [98584 2014-10-29] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [27416 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [197400 2014-10-20] (AVG Technologies CZ, s.r.o.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2015-03-25] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-11-21] (Malwarebytes Corporation)
R1 mwlPSDFilter; C:\Windows\System32\DRIVERS\mwlPSDFilter.sys [19504 2008-12-04] (Egis Incorporated.)
R1 mwlPSDNServ; C:\Windows\System32\DRIVERS\mwlPSDNServ.sys [16432 2008-12-04] (Egis Incorporated.)
R1 mwlPSDVDisk; C:\Windows\System32\DRIVERS\mwlPSDVDisk.sys [59952 2008-12-04] (Egis Incorporated.)
S3 SNP2STD; C:\Windows\System32\DRIVERS\snp2sxp.sys [12216064 2007-09-22] ()
S3 sscdbus; C:\Windows\System32\DRIVERS\sscdbus.sys [58352 2005-08-17] (MCCI) [File not signed]
R1 StarOpen; C:\Windows\system32\Drivers\StarOpen.sys [5632 2006-07-24] () [File not signed]
S3 BTCFilterService; system32\DRIVERS\motfilt.sys [X]
S3 IntcAzAudAddService; system32\drivers\RTKVHDA.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 motccgp; system32\DRIVERS\motccgp.sys [X]
S3 motccgpfl; system32\DRIVERS\motccgpfl.sys [X]
S3 motmodem; system32\DRIVERS\motmodem.sys [X]
S3 MotoSwitchService; system32\DRIVERS\motswch.sys [X]
S3 Motousbnet; system32\DRIVERS\Motousbnet.sys [X]
S3 motusbdevice; system32\DRIVERS\motusbdevice.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-25 16:56 - 2015-03-25 16:59 - 00035897 _____ () C:\Users\Jana\Downloads\FRST.txt
2015-03-25 16:56 - 2015-03-25 16:56 - 01135104 _____ (Farbar) C:\Users\Jana\Downloads\FRST.exe
2015-03-25 16:03 - 2015-03-25 16:04 - 01388782 _____ (Thisisu) C:\Users\Jana\Downloads\JRT.exe
2015-03-25 15:44 - 2015-03-25 15:44 - 02168320 _____ () C:\Users\Jana\Downloads\AdwCleaner_4.113.exe
2015-03-25 15:29 - 2015-03-25 16:59 - 00041033 _____ () C:\Users\Jana\Downloads\Addition.txt
2015-03-25 15:26 - 2015-03-26 00:20 - 00000000 ____D () C:\FRST
2015-03-25 14:42 - 2015-03-25 14:18 - 00005336 _____ () C:\logfile.tab
2015-03-25 14:19 - 2015-03-25 15:57 - 00000616 _____ () C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2015-03-25 14:19 - 2015-03-25 15:57 - 00000446 _____ () C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job
2015-03-25 14:18 - 2015-03-25 15:59 - 00000644 _____ () C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job
2015-03-25 14:17 - 2015-03-25 14:17 - 00001974 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2015-03-25 14:17 - 2015-03-25 14:17 - 00001962 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2015-03-25 14:17 - 2015-03-25 14:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2015-03-25 14:17 - 2013-09-20 10:49 - 00018968 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean.exe
2015-03-25 14:16 - 2015-03-25 15:22 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2015-03-25 13:35 - 2015-03-25 13:35 - 01203488 _____ () C:\Users\Jana\Downloads\SpyBot Search Destroy - CHIP-Installer.exe
2015-03-25 13:32 - 2015-03-25 22:57 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-25 13:29 - 2015-03-25 13:29 - 00000903 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-03-25 13:29 - 2015-03-25 13:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-03-25 13:28 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-03-25 13:28 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-03-25 13:28 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-03-25 01:18 - 2015-03-25 01:18 - 00001668 _____ () C:\Users\Public\Desktop\iTunes.lnk
2015-03-25 01:18 - 2015-03-25 01:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-03-25 01:11 - 2015-03-25 01:18 - 00000000 ____D () C:\ProgramData\B0FFCDD9-5261-4e59-B29A-17A4FABDEBAB
2015-03-25 01:11 - 2015-03-25 01:17 - 00000000 ____D () C:\Program Files\iTunes
2015-03-25 01:11 - 2015-03-25 01:11 - 00000000 ____D () C:\Program Files\iPod
2015-03-25 00:54 - 2015-03-25 00:54 - 00000691 _____ () C:\Users\Jana\Downloads\Mendelssohn__Felix__Hymn__WoO_15_En - Verknüpfung.lnk
2015-03-12 03:21 - 2015-01-29 02:35 - 00369664 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-03-12 03:20 - 2015-01-29 02:35 - 00975360 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-03-12 03:19 - 2015-02-26 01:18 - 02064384 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-03-12 03:09 - 2015-02-20 03:03 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-03-12 03:09 - 2015-02-20 01:28 - 00296960 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-03-12 03:07 - 2015-02-26 03:01 - 03604408 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-03-12 03:07 - 2015-02-26 03:01 - 03552184 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-03-12 03:07 - 2015-01-21 03:02 - 00807936 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-03-12 03:07 - 2015-01-09 03:04 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-03-12 03:07 - 2015-01-09 01:18 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-03-12 03:06 - 2015-03-06 05:01 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-03-12 03:05 - 2014-10-13 02:12 - 02264064 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-03-12 03:04 - 2015-02-18 03:02 - 11587584 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-03-11 16:23 - 2015-02-21 18:37 - 12375040 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-03-11 16:23 - 2015-02-21 18:34 - 00367104 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-03-11 16:23 - 2015-02-21 18:29 - 09747968 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-03-11 16:23 - 2015-02-21 18:28 - 01810944 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-03-11 16:23 - 2015-02-21 18:22 - 01139200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-03-11 16:23 - 2015-02-21 18:21 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-03-11 16:23 - 2015-02-21 18:21 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-03-11 16:23 - 2015-02-21 18:20 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-03-11 16:23 - 2015-02-21 18:20 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-03-11 16:23 - 2015-02-21 18:19 - 01803264 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-03-11 16:23 - 2015-02-21 18:19 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-03-11 16:23 - 2015-02-21 18:19 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-03-11 16:23 - 2015-02-21 18:19 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-03-11 16:23 - 2015-02-21 18:19 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-03-11 16:23 - 2015-02-21 18:18 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-03-11 16:23 - 2015-02-21 18:18 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-03-11 16:23 - 2015-02-21 18:18 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-03-11 16:23 - 2015-02-21 18:18 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-03-11 16:23 - 2015-02-21 18:18 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-03-11 16:23 - 2015-02-21 18:18 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-03-11 16:23 - 2015-02-21 18:18 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-03-11 16:23 - 2015-02-21 18:17 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-02-27 09:27 - 2015-03-25 15:57 - 00000520 _____ () C:\Windows\Tasks\AVG_SYS_TASK_0215av.job
2015-02-27 09:27 - 2015-03-25 15:57 - 00000388 _____ () C:\Windows\Tasks\AVG_SYS_TASK_0215av_DELETE.job
2015-02-27 09:27 - 2015-02-27 09:27 - 00000000 ____D () C:\Users\Jana\AppData\Roaming\Avg_Update_0215av
2015-02-27 09:27 - 2015-02-27 09:27 - 00000000 ____D () C:\ProgramData\Avg_Update_0215av

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-26 00:03 - 2006-11-02 12:18 - 00000000 ___RD () C:\Users\Public
2015-03-25 23:57 - 2006-11-02 13:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-25 23:57 - 2006-11-02 13:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-25 23:46 - 2012-10-12 16:12 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-25 23:46 - 2010-02-07 12:53 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-25 23:04 - 2009-08-05 12:02 - 01286027 _____ () C:\Windows\WindowsUpdate.log
2015-03-25 21:46 - 2010-02-07 12:53 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-25 18:28 - 2010-11-13 14:50 - 00000000 ____D () C:\ProgramData\MFAData
2015-03-25 16:02 - 2011-08-18 11:04 - 00000000 ___RD () C:\Users\Jana\Dropbox
2015-03-25 16:02 - 2011-08-18 10:58 - 00000000 ____D () C:\Users\Jana\AppData\Roaming\Dropbox
2015-03-25 15:57 - 2014-08-26 18:45 - 00000364 _____ () C:\Windows\Tasks\AVG-Secure-Search-Update_0814tb_rmv.job
2015-03-25 15:57 - 2014-08-26 18:45 - 00000364 _____ () C:\Windows\Tasks\AVG-Secure-Search-Update_0814tb_rel.job
2015-03-25 15:57 - 2013-06-04 09:09 - 00000350 _____ () C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
2015-03-25 15:57 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-25 15:56 - 2012-12-18 21:14 - 00082248 _____ () C:\Windows\PFRO.log
2015-03-25 15:54 - 2006-11-02 14:01 - 00032626 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-03-25 15:23 - 2010-06-13 01:32 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-03-25 13:29 - 2012-01-03 21:44 - 00000000 ____D () C:\Program Files\ MALWAREBYTES ANTI-MALWARE 
2015-03-25 13:29 - 2011-11-26 08:30 - 00000000 ____D () C:\Users\Jana\AppData\Roaming\Malwarebytes
2015-03-25 13:28 - 2011-11-26 08:30 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-03-25 10:33 - 2011-01-03 19:25 - 00000000 ____D () C:\ProgramData\Musicnotes
2015-03-25 01:11 - 2010-12-20 19:44 - 00000000 ____D () C:\Program Files\Common Files\Apple
2015-03-25 00:58 - 2013-08-21 08:12 - 00000000 ____D () C:\Users\Jana\Documents\Noten PDF
2015-03-24 20:29 - 2009-11-18 18:27 - 00031232 _____ () C:\Users\Jana\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-03-24 14:42 - 2012-04-25 20:43 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-03-23 20:11 - 2014-09-25 00:02 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-03-22 14:36 - 2014-06-28 13:54 - 00004028 _____ () C:\Windows\setupact.log
2015-03-22 07:08 - 2009-11-18 16:42 - 00000000 ____D () C:\Users\Jana
2015-03-21 11:29 - 2006-11-02 11:33 - 00006606 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-19 20:59 - 2014-06-15 17:05 - 00000000 ____D () C:\Users\Jana\AppData\Local\Adobe
2015-03-19 20:37 - 2012-04-12 05:51 - 00778928 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-03-19 20:37 - 2011-05-18 22:55 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-03-15 21:31 - 2013-04-08 10:19 - 00000000 ____D () C:\Users\Jana\Documents\Homepage
2015-03-15 21:28 - 2011-12-28 15:35 - 00014954 _____ () C:\Users\Jana\Documents\cvJana.odt
2015-03-12 03:41 - 2006-11-02 13:47 - 00353416 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-12 03:21 - 2009-03-12 04:11 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-03-12 03:19 - 2013-07-19 02:00 - 00000000 ____D () C:\Windows\system32\MRT
2015-03-12 03:10 - 2006-11-02 11:24 - 119837696 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2015-03-11 16:02 - 2011-08-18 10:58 - 00000000 ____D () C:\Users\Jana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-03-03 03:49 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\Microsoft.NET

==================== Files in the root of some directories =======

2010-07-30 21:21 - 2015-01-16 14:05 - 0020520 _____ () C:\Program Files\init.dat
2013-06-25 21:06 - 2014-06-23 06:09 - 0003728 _____ () C:\Program Files\Mozilla Firefoxavg-secure-search.xml
2014-02-10 12:30 - 2014-02-10 12:32 - 0677244 _____ () C:\Users\Jana\AppData\Roaming\Scorch_Install.log
2009-11-18 16:51 - 2010-05-21 07:03 - 0000106 _____ () C:\Users\Jana\AppData\Roaming\wklnhst.dat
2010-04-23 15:20 - 2010-04-23 15:20 - 0000552 _____ () C:\Users\Jana\AppData\Local\d3d8caps.dat
2009-11-18 22:54 - 2014-12-07 00:16 - 0007052 _____ () C:\Users\Jana\AppData\Local\d3d9caps.dat
2009-11-18 18:27 - 2015-03-24 20:29 - 0031232 _____ () C:\Users\Jana\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2010-05-09 13:31 - 2012-05-27 16:03 - 0000000 _____ () C:\Users\Jana\AppData\Local\prvlcl.dat
2009-03-12 04:26 - 2009-08-05 12:17 - 0004536 _____ () C:\ProgramData\ArcadeDeluxe2.log
2010-06-22 21:19 - 2010-06-22 21:19 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
2010-05-21 06:53 - 2010-05-21 07:02 - 0000360 _____ () C:\ProgramData\hpzinstall.log
2010-08-15 15:03 - 2010-12-20 21:06 - 0000000 _____ () C:\ProgramData\LauncherAccess.dt

Files to move or delete:
====================
C:\Users\Jana\62868_Hama Webcam Metal Pro.exe
C:\Users\Jana\setup.exe


Some content of TEMP:
====================
C:\Users\Jana\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp8cloem.dll
C:\Users\Jana\AppData\Local\Temp\Quarantine.exe
C:\Users\Jana\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-25 16:06

==================== End Of Log ============================
         
--- --- ---

Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 11-03-2015
Ran by Jana at 2015-03-26 00:21:57
Running from C:\Users\Jana\.tfo4\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

.NET Bildbearbeitung 2.0 (HKLM\...\{40164EEF-164E-4E39-8027-A80575676F8A}) (Version: 2.0.1 - Reben Studio&Aufnahmemedien C.M.Obrecht)
32 Bit HP CIO Components Installer (Version: 1.0.0 - Hewlett-Packard) Hidden
Acer Arcade Deluxe (HKLM\...\InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}) (Version: 2.5.6121 - CyberLink Corp.)
Acer Arcade Deluxe (Version: 2.5.6121 - CyberLink Corp.) Hidden
Acer Backup Manager (HKLM\...\InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}) (Version: 1.0.0.58 - NewTech Infosystems)
Acer eRecovery Management (HKLM\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.00.3008 - Acer Incorporated)
Acer GridVista (HKLM\...\GridVista) (Version: 2.72.317 - )
Acer PowerSmart Manager (HKLM\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 4.01.3016 - Acer Incorporated)
Acer Product Registration (HKLM\...\{DA20E1A8-07CB-4EE7-9B72-A7E28C953F0E}) (Version: 3.0.0.10 - Acer Incorporated)
Acer ScreenSaver (HKLM\...\Acer Screensaver) (Version: 1.0.0.0226 - Acer)
Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 17.0.0.134 - Adobe Systems Incorporated)
Adobe Reader X (10.1.13) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.13 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM\...\Adobe Shockwave Player) (Version: 12.1.0.150 - Adobe Systems, Inc.)
Agere Systems HDA Modem (HKLM\...\Agere Systems Soft Modem) (Version:  - Agere Systems)
AIO_Scan (Version: 90.0.222.000 - Hewlett-Packard) Hidden
ALPS Touch Pad Driver (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.5.2015.101 - Alps Electric)
Amazon MP3-Downloader 1.0.9 (HKLM\...\Amazon MP3-Downloader) (Version:  - )
Apple Application Support (32-Bit) (HKLM\...\{447CDCE5-F555-429B-BFA6-642C3C6D684F}) (Version: 3.1.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{E1DB0812-2D60-43DB-AE09-6C7027D93B28}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4800 - AVG Technologies)
AVG 2014 (Version: 14.0.4311 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4800 - AVG Technologies) Hidden
Backup Manager Basic (Version: 1.0.0.58 - NewTech Infosystems) Hidden
Big Fish: Game Manager (HKLM\...\BFGC) (Version: 3.3.0.2 - )
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom Gigabit NetLink Controller (HKLM\...\{9AF0B106-56F1-461B-A270-95BC1682E282}) (Version: 11.34.02 - Broadcom Corporation)
Choice Guard (Version: 1.2.87.0 - Microsoft Corporation) Hidden
Compatibility Pack für 2007 Office System (HKLM\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
dj_aio_corporate (Version: 90.0.222.000 - Hewlett-Packard) Hidden
DJ_AIO_Software_min (Version: 90.0.222.000 - Hewlett-Packard) Hidden
Dropbox (HKU\S-1-5-21-2058867259-2847588522-3491946613-1000\...\Dropbox) (Version: 3.2.9 - Dropbox, Inc.)
eSobi v2 (HKLM\...\InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}) (Version: 2.0.3.000223 - esobi Inc.)
eSobi v2 (Version: 2.0.3.000223 - esobi Inc.) Hidden
Express Rip (HKLM\...\ExpressRip) (Version:  - NCH Software)
Freemake Video Converter Version 4.1.5 (HKLM\...\Freemake Video Converter_is1) (Version: 4.1.5 - Ellora Assets Corporation)
Google Update Helper (Version: 1.3.23.9 - Google Inc.) Hidden
Grim Tales: Die Steinkönigin (HKLM\...\BFG-Grim Tales - Die Steinkoenigin) (Version:  - )
Hama Webcam Metal Pro (HKLM\...\{75438C0E-9925-412E-AD85-D0E71C6CE2ED}) (Version: 5.7.19203.106 - Sonix)
HP Deskjet All-In-One Driver Software 9.0.A Corporate Edition (HKLM\...\{B2C61EBB-F47C-48ba-B375-27A40F8F48F7}) (Version: 9.0 - HP)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - Intel Corporation)
iTunes (HKLM\...\{3A9FE6B1-EE7F-40AC-B831-AC7C9ABB58A0}) (Version: 12.1.1.4 - Apple Inc.)
Java 8 Update 31 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Java(TM) 6 Update 18 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216018F0}) (Version: 6.0.180 - Sun Microsystems, Inc.)
JavaFX 2.1.1 (HKLM\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
Junk Mail filter update (Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
Launch Manager (HKLM\...\LManager) (Version: 2.0.10 - Acer Inc.)
LightBox Free Image Editor (HKLM\...\LightBox Free Image Editor) (Version:  - )
Mahjong Escape Ancient China (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111252743}) (Version:  - Oberon Media)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (German) (HKLM\...\{95120000-00AF-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM\...\{62F7DA7E-CCCB-439C-A760-00C3926E761F}) (Version: 9.7.0621 - Microsoft Corporation)
MotoHelper MergeModules (Version: 1.2.0 - Motorola) Hidden
Mozilla Firefox 36.0.4 (x86 de) (HKLM\...\Mozilla Firefox 36.0.4 (x86 de)) (Version: 36.0.4 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 31.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Musicnotes Software Suite 1.5.3 (HKLM\...\Musicnotes Combined Installer_is1) (Version: 1.5.3 - Musicnotes Inc.)
MyWinLocker (HKLM\...\{68301905-2DEA-41CE-A4D4-E8B443B099BA}) (Version: 3.1.59.0 - Egis Technology Inc.)
Naviextras Toolbox (HKLM\...\Naviextras Toolbox) (Version: 3.18.3.412849 - NNG Llc.)
Naviextras Toolbox Prerequesities (HKLM\...\{537575D6-3B96-474C-BD8F-DFF667363DBD}) (Version: 1.0.0 - NNG Llc.)
NTI Backup Now 5 (HKLM\...\InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}) (Version: 5.1.2.616 - NewTech Infosystems)
NTI Backup Now Standard (Version: 5.1.2.616 - NewTech Infosystems) Hidden
Ocean Express (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111232687}) (Version:  - Oberon Media)
OpenOffice 4.1.0 (HKLM\...\{E19483E2-6C18-494D-A307-D4498BCFD2C7}) (Version: 4.10.9764 - Apache Software Foundation)
Opera 12.17 (HKLM\...\Opera 12.17.1863) (Version: 12.17.1863 - Opera Software ASA)
Orion (HKLM\...\{5B63A470-9334-44D1-AF61-6CE2DB565AE9}) (Version: 2.5.0 - Convesoft)
PDF24 Creator 6.9.1 (HKLM\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
QuickTime 7 (HKLM\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek USB 2.0 Card Reader (HKLM\...\{DC24971E-1946-445D-8A82-CE685433FA7D}) (Version: 6.0.6000.20113 - Realtek Semiconductor Corp.)
Samsung PC Studio 3 (Version: 3.0.0.80502 - Samsung Electronics Co., Ltd.) Hidden
Scan (Version: 9.0.0.0 - Hewlett-Packard) Hidden
SeaMonkey 2.32.1 (x86 de) (HKLM\...\SeaMonkey 2.32.1 (x86 de)) (Version: 2.32.1 - Mozilla)
Sibelius Scorch (Firefox, Opera, Netscape, Chrome only) (HKLM\...\{41626CC0-A854-4402-AD06-D7939515C282}) (Version: 6.2.0 - Sibelius Software, a division of Avid Technology, Inc.)
Skype™ 7.0 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Tod in Rumänien: Ein Dana Knightstone Roman Sammleredition (HKLM\...\BFG-Tod in Rumaenien - Ein Dana Knightstone Roman Sammleredition) (Version:  - )
Toolbox (Version: 90.0.146.000 - Hewlett-Packard) Hidden
Tri-Peaks Solitaire To Go (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111205743}) (Version:  - Oberon Media)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WavePad Sound Editor (HKLM\...\WavePad) (Version:  - NCH Software)
Windows Live Anmelde-Assistent (HKLM\...\{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}) (Version: 5.000.818.6 - Microsoft Corporation)
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8050.1202 - Microsoft Corporation)
Windows Live Sync (HKLM\...\{8C1E2925-14F8-45AA-B999-1E2A74BF5607}) (Version: 14.0.8050.1202 - Microsoft Corporation)
Windows Live-Uploadtool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2058867259-2847588522-3491946613-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Jana\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2058867259-2847588522-3491946613-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Jana\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2058867259-2847588522-3491946613-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jana\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2058867259-2847588522-3491946613-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jana\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2058867259-2847588522-3491946613-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jana\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2058867259-2847588522-3491946613-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jana\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2058867259-2847588522-3491946613-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jana\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2058867259-2847588522-3491946613-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jana\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2058867259-2847588522-3491946613-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jana\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2058867259-2847588522-3491946613-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jana\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)

==================== Restore Points  =========================

12-03-2015 03:00:52 Windows Update
14-03-2015 01:01:17 Geplanter Prüfpunkt
15-03-2015 00:00:08 Geplanter Prüfpunkt
16-03-2015 00:33:40 Geplanter Prüfpunkt
18-03-2015 23:37:57 Geplanter Prüfpunkt
20-03-2015 00:34:03 Geplanter Prüfpunkt
21-03-2015 00:04:49 Geplanter Prüfpunkt
23-03-2015 00:57:26 Geplanter Prüfpunkt

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 11:23 - 2013-08-26 09:07 - 00450573 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
127.0.0.1	www.007guard.com
127.0.0.1	007guard.com
127.0.0.1	008i.com
127.0.0.1	www.008k.com
127.0.0.1	008k.com
127.0.0.1	www.00hq.com
127.0.0.1	00hq.com
127.0.0.1	010402.com
127.0.0.1	www.032439.com
127.0.0.1	032439.com
127.0.0.1	www.0scan.com
127.0.0.1	0scan.com
127.0.0.1	1000gratisproben.com
127.0.0.1	www.1000gratisproben.com
127.0.0.1	1001namen.com
127.0.0.1	www.1001namen.com
127.0.0.1	100888290cs.com
127.0.0.1	www.100888290cs.com
127.0.0.1	www.100sexlinks.com
127.0.0.1	100sexlinks.com
127.0.0.1	10sek.com
127.0.0.1	www.10sek.com
127.0.0.1	www.1-2005-search.com
127.0.0.1	1-2005-search.com
127.0.0.1	123fporn.info
127.0.0.1	www.123fporn.info
127.0.0.1	123haustiereundmehr.com
127.0.0.1	www.123haustiereundmehr.com

There are 1000 more lines.


==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {034223B4-3C8F-4DAF-8322-AE3DAA63272B} - System32\Tasks\{D7EDA30A-839F-4ED7-9315-76A04234245A} => pcalua.exe -a "C:\Program Files\Acer GameZone\Parking Dash\Uninstall.exe" -c "C:\Program Files\Acer GameZone\Parking Dash\install.log"
Task: {0DC572EC-2E18-496A-BA4D-87EBE7E3F2B0} - System32\Tasks\{9394FD75-4F7F-4C95-BB7E-11E799A66C92} => pcalua.exe -a "C:\Program Files\Common Files\Motorola Shared\MotPCSDrivers\Motorola Driver Installer.exe" -d "C:\Program Files\Common Files\Motorola Shared\MotPCSDrivers\"
Task: {0EC075A9-73B8-4581-AF47-20522CBFF2DF} - System32\Tasks\{E98132D1-65D2-4010-97B9-59945DFABB3F} => pcalua.exe -a "C:\Program Files\Acer GameZone\Tradewinds 2\Uninstall.exe" -c "C:\Program Files\Acer GameZone\Tradewinds 2\install.log"
Task: {15353136-507E-462F-BC75-234D2A8E3FDB} - System32\Tasks\{77CA31E2-AFE5-4B90-B0B5-E882F17F63FB} => pcalua.exe -a "C:\Program Files\bfgclient\Uninstall.exe"
Task: {1AA453F0-4729-4C17-99A2-C3905520FF18} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: {4AE90059-B89F-4E05-B224-8C00F69C5E6D} - System32\Tasks\{4E2F7CAF-247E-4330-92E9-E55D74900F8F} => C:\Program Files\Skype\Phone\Skype.exe [2014-12-11] (Skype Technologies S.A.)
Task: {4DF43397-4F74-472F-A01F-A184CDCD056A} - System32\Tasks\Refresh immunization (Spybot - Search & Destroy) => C:\Program Files\Spybot - Search &amp; Destroy 2\SDImmunize.exe
Task: {570079E8-1123-492A-8C63-6F62CFB13879} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: {596DF877-1496-49E2-9EE3-378C16F496E7} - System32\Tasks\AVG-Secure-Search-Update_0814tb_rel => C:\Program Files\AVG Security Toolbar\AVG-Secure-Search-Update_0814tb.exe
Task: {5E907BF7-2EB8-43CD-9934-9F984AEBA815} - System32\Tasks\NCH Swift Sound\wavepadShakeIcon => C:\Program Files\NCH Swift Sound\WavePad\WavePad.exe [2010-07-30] (NCH Software)
Task: {6A39A20B-ADA2-45BA-8CC5-DFF993AD0ED4} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {71A0B785-C030-41F0-A91D-D7F1CAA44C2A} - System32\Tasks\Scan the system (Spybot - Search & Destroy) => C:\Program Files\Spybot - Search &amp; Destroy 2\SDScan.exe
Task: {765C12A1-B6EE-40F2-91D0-E67FB5E72403} - System32\Tasks\AVG_SYS_TASK_0215av => C:\ProgramData\Avg_Update_0215av\AVG-Secure-Search-Update_0215av.exe [2015-02-17] ()
Task: {7DD8296F-2119-46B3-B43E-D29AA0AD657A} - System32\Tasks\Egis technology-Online-Aktualisierungsprogramm => C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe [2009-05-13] (Egis Technology Inc.)
Task: {82C5BEAA-329E-41D5-815E-2E152CDB290E} - System32\Tasks\MotoHelper MUM => C:\Program Files\Motorola\MotoHelper\MotoHelperUpdate.exe
Task: {920B4ED2-A12E-46E2-835E-15FBE9C6CD20} - System32\Tasks\AVG_SYS_TASK_0215av_DELETE => C:\ProgramData\Avg_Update_0215av\AVG-Secure-Search-Update_0215av.exe [2015-02-17] ()
Task: {960BBB13-9A23-4F75-B88C-CF48CF324A0F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-03-19] (Adobe Systems Incorporated)
Task: {96A59E9A-2AF8-473D-B682-E27A26F15E6C} - System32\Tasks\{C4C379BC-CE78-4407-AD9A-11CCC098E7E8} => pcalua.exe -a "C:\Program Files\Acer GameZone\Ocean Express\Uninstall.exe" -c "C:\Program Files\Acer GameZone\Ocean Express\install.log"
Task: {98E64647-10D7-45CC-BE20-BAD6638061A1} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Jana => C:\Program Files\Windows Calendar\WinCal.exe [2009-04-11] (Microsoft Corporation)
Task: {A2EA67EE-9389-4D9D-91D9-61EF2F4945D1} - System32\Tasks\{1A326743-0AA0-45F4-BB30-F8BB4ECE2E83} => pcalua.exe -a "C:\Program Files\Acer GameZone\Turbo Pizza\Uninstall.exe" -c "C:\Program Files\Acer GameZone\Turbo Pizza\install.log"
Task: {A33C5FE3-9589-413B-934F-7E25628F2B76} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {AB090CF3-5AC0-44C5-880F-84A83CA06359} - System32\Tasks\MotoHelper Routing => C:\Program Files\Motorola\MotoHelper\MotoHelperUpdate.exe
Task: {B332CC14-4EB5-4418-A1FC-C65A06916769} - System32\Tasks\{72B49BE9-BB14-49C4-AD86-43849CB95F1D} => pcalua.exe -a "C:\Program Files\Acer GameZone\Wedding Dash\Uninstall.exe" -c "C:\Program Files\Acer GameZone\Wedding Dash\install.log"
Task: {B386ABEF-1BD0-44C9-B47B-A895E06E79D7} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv => C:\Windows\TEMP\{A939717C-2C0B-4808-A29B-E65781C2E71E}.exe
Task: {B563FCCE-0EC8-414A-8163-0AF6BDD46EE5} - System32\Tasks\Check for updates (Spybot - Search & Destroy) => C:\Program Files\Spybot - Search &amp; Destroy 2\SDUpdate.exe
Task: {C72841EF-871D-47AE-9C50-444E72E03C89} - System32\Tasks\{F3AA552E-9274-46F3-8E57-328627C3E121} => pcalua.exe -a "C:\Program Files\Acer GameZone\Tri-Peaks Solitaire To Go\Uninstall.exe" -c "C:\Program Files\Acer GameZone\Tri-Peaks Solitaire To Go\install.log"
Task: {DD812B53-3753-4776-A784-964280C20F6A} - System32\Tasks\{FB0574A4-2DF1-437C-BD3A-0A160A7260D8} => pcalua.exe -a C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\8\INTEL3~1\IDriver.exe -c /M{D48C9BFC-FBCF-4F29-B97D-822ED6D497FE}
Task: {DF05967E-6520-4845-896B-22D6CC01969F} - System32\Tasks\Java Update Scheduler => C:\Program Files\Common Files\Java\Java Update\jusched.exe [2014-12-17] (Oracle Corporation)
Task: {DFD42890-F1C5-4976-9757-84C7492A3564} - System32\Tasks\{9AE4F6EC-C735-4246-BB1C-F531D731864C} => pcalua.exe -a "C:\Program Files\Acer GameZone\Luxor 2\Uninstall.exe" -c "C:\Program Files\Acer GameZone\Luxor 2\install.log"
Task: {E7C37B0C-58B2-431E-9F41-CB3B42551582} - System32\Tasks\MotoHelper Update => C:\Program Files\Motorola\MotoHelper\MotoHelperUpdate.exe
Task: {F1FC336B-CBCE-4BF2-9B1A-E91B1A0F0618} - System32\Tasks\MotoHelper Initial Update => C:\Program Files\Motorola\MotoHelper\MotoHelperUpdate.exe
Task: {F637AB4E-1A37-417B-A0DF-09436BAD9D0A} - System32\Tasks\{1FEA2CBF-E282-4C18-9E27-D1D616861DF3} => pcalua.exe -a "C:\Program Files\Acer GameZone\Mahjong Escape Ancient China\Uninstall.exe" -c "C:\Program Files\Acer GameZone\Mahjong Escape Ancient China\install.log"
Task: {F6AA2A58-CCC2-44C0-974B-5DB76D4658B6} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {F9E24EF6-A1E5-4B82-B8D9-E2EDA317F141} - System32\Tasks\BFGLaunch_bfgclient => C:\Program Files\bfgclient\bfgclient.exe
Task: {FE7BDB05-B2F1-43EF-BE96-0FA20245019D} - System32\Tasks\AVG-Secure-Search-Update_0814tb_rmv => C:\Program Files\AVG Security Toolbar\AVG-Secure-Search-Update_0814tb.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_0814tb_rel.job => C:\Program Files\AVG Security Toolbar\AVG-Secure-Search-Update_0814tb.exe
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_0814tb_rmv.job => C:\Program Files\AVG Security Toolbar\AVG-Secure-Search-Update_0814tb.exe
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => C:\Windows\TEMP\{A939717C-2C0B-4808-A29B-E65781C2E71E}.exe <==== ATTENTION
Task: C:\Windows\Tasks\AVG_SYS_TASK_0215av.job => C:\ProgramData\Avg_Update_0215av\AVG-Secure-Search-Update_0215av.exe
Task: C:\Windows\Tasks\AVG_SYS_TASK_0215av_DELETE.job => C:\ProgramData\Avg_Update_0215av\AVG-Secure-Search-Update_0215av.exe
Task: C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe
Task: C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe

==================== Loaded Modules (whitelisted) ==============

2015-02-27 09:27 - 2015-02-17 15:16 - 02794520 _____ () C:\ProgramData\Avg_Update_0215av\AVG-Secure-Search-Update_0215av.exe
2009-01-21 00:41 - 2009-01-21 00:41 - 00872448 _____ () C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMediaLibrary.dll
2009-01-21 00:41 - 2009-01-21 00:41 - 00007680 _____ () C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvcPS.dll
2014-02-12 19:58 - 2014-02-12 19:58 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-02-13 04:20 - 2015-02-13 04:20 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-03-25 14:17 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2015-03-25 14:17 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
2015-03-25 14:17 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2015-03-25 14:17 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll
2015-03-25 14:17 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2009-08-05 20:43 - 2003-06-07 22:30 - 00057344 _____ () C:\Program Files\Launch Manager\PowerUtl.dll
2015-02-27 09:27 - 2015-02-17 15:16 - 02794520 _____ () C:\Users\Jana\AppData\Roaming\Avg_Update_0215av\AVG-Secure-Search-Update_0215av.exe
2015-03-04 23:08 - 2015-03-04 23:08 - 00750080 _____ () C:\Users\Jana\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-03-25 16:02 - 2015-03-25 16:02 - 00043008 _____ () c:\users\jana\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp8cloem.dll
2015-03-04 23:08 - 2015-03-04 23:08 - 00047616 _____ () C:\Users\Jana\AppData\Roaming\Dropbox\bin\libEGL.dll
2015-03-04 23:08 - 2015-03-04 23:08 - 00865280 _____ () C:\Users\Jana\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2015-03-04 23:07 - 2015-03-04 23:07 - 00200704 _____ () C:\Users\Jana\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:04BC9A2C
AlternateDataStreams: C:\ProgramData\Temp:0860D6D6
AlternateDataStreams: C:\ProgramData\Temp:0B4227B4
AlternateDataStreams: C:\ProgramData\Temp:0F3F6B1E
AlternateDataStreams: C:\ProgramData\Temp:1234ADAE
AlternateDataStreams: C:\ProgramData\Temp:131C0EE9
AlternateDataStreams: C:\ProgramData\Temp:178093AE
AlternateDataStreams: C:\ProgramData\Temp:17C48B08
AlternateDataStreams: C:\ProgramData\Temp:18897B1D
AlternateDataStreams: C:\ProgramData\Temp:260575F1
AlternateDataStreams: C:\ProgramData\Temp:2C678471
AlternateDataStreams: C:\ProgramData\Temp:2C86E2AD
AlternateDataStreams: C:\ProgramData\Temp:2CA4B471
AlternateDataStreams: C:\ProgramData\Temp:2CB9631F
AlternateDataStreams: C:\ProgramData\Temp:2F141B68
AlternateDataStreams: C:\ProgramData\Temp:302ECBD6
AlternateDataStreams: C:\ProgramData\Temp:3064D21D
AlternateDataStreams: C:\ProgramData\Temp:315B4A13
AlternateDataStreams: C:\ProgramData\Temp:32AE8659
AlternateDataStreams: C:\ProgramData\Temp:331B7520
AlternateDataStreams: C:\ProgramData\Temp:33384BC0
AlternateDataStreams: C:\ProgramData\Temp:35759C73
AlternateDataStreams: C:\ProgramData\Temp:363E775E
AlternateDataStreams: C:\ProgramData\Temp:3B3A35EC
AlternateDataStreams: C:\ProgramData\Temp:3D887DCC
AlternateDataStreams: C:\ProgramData\Temp:3E06C78F
AlternateDataStreams: C:\ProgramData\Temp:3E8A3E87
AlternateDataStreams: C:\ProgramData\Temp:41099CE9
AlternateDataStreams: C:\ProgramData\Temp:48977386
AlternateDataStreams: C:\ProgramData\Temp:490BCC52
AlternateDataStreams: C:\ProgramData\Temp:4F636E25
AlternateDataStreams: C:\ProgramData\Temp:5080697C
AlternateDataStreams: C:\ProgramData\Temp:52E1DB1D
AlternateDataStreams: C:\ProgramData\Temp:57176330
AlternateDataStreams: C:\ProgramData\Temp:57EE48CA
AlternateDataStreams: C:\ProgramData\Temp:5A2E8BBF
AlternateDataStreams: C:\ProgramData\Temp:5B4686D7
AlternateDataStreams: C:\ProgramData\Temp:5C353220
AlternateDataStreams: C:\ProgramData\Temp:5C9A6C78
AlternateDataStreams: C:\ProgramData\Temp:60AC3BC3
AlternateDataStreams: C:\ProgramData\Temp:614F17D3
AlternateDataStreams: C:\ProgramData\Temp:663B62CA
AlternateDataStreams: C:\ProgramData\Temp:67BA17B9
AlternateDataStreams: C:\ProgramData\Temp:69F562A6
AlternateDataStreams: C:\ProgramData\Temp:69FD6BF0
AlternateDataStreams: C:\ProgramData\Temp:6AF67671
AlternateDataStreams: C:\ProgramData\Temp:6BD304B9
AlternateDataStreams: C:\ProgramData\Temp:6BF0805F
AlternateDataStreams: C:\ProgramData\Temp:6E11933F
AlternateDataStreams: C:\ProgramData\Temp:6E90EDD7
AlternateDataStreams: C:\ProgramData\Temp:6FD26134
AlternateDataStreams: C:\ProgramData\Temp:70E897B5
AlternateDataStreams: C:\ProgramData\Temp:798A3728
AlternateDataStreams: C:\ProgramData\Temp:7C27C41C
AlternateDataStreams: C:\ProgramData\Temp:7EC01D6D
AlternateDataStreams: C:\ProgramData\Temp:814B9485
AlternateDataStreams: C:\ProgramData\Temp:865F21BF
AlternateDataStreams: C:\ProgramData\Temp:86A7B7DD
AlternateDataStreams: C:\ProgramData\Temp:8750DCE4
AlternateDataStreams: C:\ProgramData\Temp:87A3A233
AlternateDataStreams: C:\ProgramData\Temp:88C5973F
AlternateDataStreams: C:\ProgramData\Temp:8AA99C0C
AlternateDataStreams: C:\ProgramData\Temp:8B480195
AlternateDataStreams: C:\ProgramData\Temp:8DA9DB01
AlternateDataStreams: C:\ProgramData\Temp:8DD20B4A
AlternateDataStreams: C:\ProgramData\Temp:922DA2DB
AlternateDataStreams: C:\ProgramData\Temp:9254F782
AlternateDataStreams: C:\ProgramData\Temp:93226FE3
AlternateDataStreams: C:\ProgramData\Temp:93B0BB6F
AlternateDataStreams: C:\ProgramData\Temp:93B8F954
AlternateDataStreams: C:\ProgramData\Temp:94B25DF5
AlternateDataStreams: C:\ProgramData\Temp:9BFB769D
AlternateDataStreams: C:\ProgramData\Temp:9DF07E8F
AlternateDataStreams: C:\ProgramData\Temp:9E22BBE8
AlternateDataStreams: C:\ProgramData\Temp:A2FF94DF
AlternateDataStreams: C:\ProgramData\Temp:A4AF8D0D
AlternateDataStreams: C:\ProgramData\Temp:A6346EE9
AlternateDataStreams: C:\ProgramData\Temp:A6CDBCAC
AlternateDataStreams: C:\ProgramData\Temp:A78B31DD
AlternateDataStreams: C:\ProgramData\Temp:A819A132
AlternateDataStreams: C:\ProgramData\Temp:A9F13D2D
AlternateDataStreams: C:\ProgramData\Temp:AA60673F
AlternateDataStreams: C:\ProgramData\Temp:ABE89FFE
AlternateDataStreams: C:\ProgramData\Temp:ADE16379
AlternateDataStreams: C:\ProgramData\Temp:ADFAD95A
AlternateDataStreams: C:\ProgramData\Temp:B093E177
AlternateDataStreams: C:\ProgramData\Temp:B203B914
AlternateDataStreams: C:\ProgramData\Temp:B2DC8D6B
AlternateDataStreams: C:\ProgramData\Temp:B3942462
AlternateDataStreams: C:\ProgramData\Temp:B504E4C2
AlternateDataStreams: C:\ProgramData\Temp:B623B5B8
AlternateDataStreams: C:\ProgramData\Temp:BB24555F
AlternateDataStreams: C:\ProgramData\Temp:C0A2E219
AlternateDataStreams: C:\ProgramData\Temp:C0A9B815
AlternateDataStreams: C:\ProgramData\Temp:C7B98566
AlternateDataStreams: C:\ProgramData\Temp:CC7738DB
AlternateDataStreams: C:\ProgramData\Temp:CCB49694
AlternateDataStreams: C:\ProgramData\Temp:CDFF58FE
AlternateDataStreams: C:\ProgramData\Temp:CE0A077E
AlternateDataStreams: C:\ProgramData\Temp:CEE4A457
AlternateDataStreams: C:\ProgramData\Temp:D2D4B33E
AlternateDataStreams: C:\ProgramData\Temp:D4D3884D
AlternateDataStreams: C:\ProgramData\Temp:D8F9D810
AlternateDataStreams: C:\ProgramData\Temp:DCAF903C
AlternateDataStreams: C:\ProgramData\Temp:E027789A
AlternateDataStreams: C:\ProgramData\Temp:E1982A23
AlternateDataStreams: C:\ProgramData\Temp:E4FCDFD9
AlternateDataStreams: C:\ProgramData\Temp:EA701346
AlternateDataStreams: C:\ProgramData\Temp:ED92736E
AlternateDataStreams: C:\ProgramData\Temp:F4362715
AlternateDataStreams: C:\ProgramData\Temp:F4BF61E8
AlternateDataStreams: C:\ProgramData\Temp:F5E8CAE0
AlternateDataStreams: C:\ProgramData\Temp:F67AAFC5
AlternateDataStreams: C:\ProgramData\Temp:F81E7082
AlternateDataStreams: C:\ProgramData\Temp:FC60E0F8
AlternateDataStreams: C:\ProgramData\Temp:FDC41D2C
AlternateDataStreams: C:\ProgramData\Temp:FECEF728
AlternateDataStreams: C:\ProgramData\Temp:FED25C29
AlternateDataStreams: C:\ProgramData\Temp:FEEEFFAD
AlternateDataStreams: C:\Users\Jana\Downloads\AVE_MARIA_BACH_T76Jana-mix1.mp3:TOC.WMV
AlternateDataStreams: C:\Users\Jana\Downloads\O_MIO_BABBINO_CARO-MAIN.mp3:TOC.WMV
AlternateDataStreams: C:\Users\Jana\Documents\17 RusalkaJana.wav:TOC.WMV
AlternateDataStreams: C:\Users\Jana\Documents\Bel Raggio Lusinghier Jana.mp3:TOC.WMV
AlternateDataStreams: C:\Users\Jana\Documents\Connais tu le pays.mp3:TOC.WMV
AlternateDataStreams: C:\Users\Jana\Documents\Re_ Termine mit Emma in 2011.eml:OECustomProperty
AlternateDataStreams: C:\Users\Jana\Documents\Voi che sapete Jana.mp3:TOC.WMV
AlternateDataStreams: C:\Users\Jana\Documents\wennichdichliebenwill.mp3:TOC.WMV

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2058867259-2847588522-3491946613-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Jana\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
DNS Servers: 192.168.178.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: AgereModemAudio => 2
MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: CLHNService => 2
MSCONFIG\Services: ePowerSvc => 2
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: NTI IScheduleSvc => 2
MSCONFIG\Services: NTIBackupSvc => 3
MSCONFIG\Services: NTISchedulerSvc => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: Sony PC Companion => 3
MSCONFIG\Services: vToolbarUpdater18.1.9 => 2
MSCONFIG\startupreg: PDFPrint => C:\Program Files\PDF24\pdf24.exe
MSCONFIG\startupreg: tsnp2std => C:\Windows\tsnp2std.exe

==================== Accounts: =============================

Administrator (S-1-5-21-2058867259-2847588522-3491946613-500 - Administrator - Disabled)
Gast (S-1-5-21-2058867259-2847588522-3491946613-501 - Limited - Disabled)
Jana (S-1-5-21-2058867259-2847588522-3491946613-1000 - Administrator - Enabled) => C:\Users\Jana

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (03/25/2015 06:14:03 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm WLXPhotoGallery.exe, Version 14.0.8051.1204 arbeitet nicht mehr mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem zu suchen.
Prozess-ID: 808
Anfangszeit: 01d0671e7be8f403
Zeitpunkt der Beendigung: 79


System errors:
=============
Error: (03/25/2015 04:27:12 PM) (Source: iaStor) (EventID: 9) (User: )
Description: Das Gerät \Device\Ide\iaStor0 hat innerhalb der Fehlerwartezeit nicht geantwortet.


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2015-03-26 00:22:48.324
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-03-26 00:22:47.458
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-03-26 00:22:46.563
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-03-26 00:22:44.793
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-03-26 00:22:33.742
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\avgidshx.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-03-26 00:22:31.788
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\avgidshx.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-03-26 00:22:30.909
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\avgidshx.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-03-26 00:22:29.656
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\avgidshx.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-03-26 00:22:28.523
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\avgidshx.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-03-26 00:22:27.519
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\avgidshx.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Processor: Pentium(R) Dual-Core CPU T4200 @ 2.00GHz
Percentage of memory in use: 40%
Total physical RAM: 3000.09 MB
Available physical RAM: 1785 MB
Total Pagefile: 6224.45 MB
Available Pagefile: 4408.23 MB
Total Virtual: 2047.88 MB
Available Virtual: 1885.77 MB

==================== Drives ================================

Drive c: (ACER) (Fixed) (Total:223.12 GB) (Free:107.57 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 232.9 GB) (Disk ID: 3C58EAD4)
Partition 1: (Not Active) - (Size=9.8 GB) - (Type=27)
Partition 2: (Active) - (Size=223.1 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         

Alt 25.03.2015, 23:55   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
pup.optional.facemoods und trojanerwarnung avg - Standard

pup.optional.facemoods und trojanerwarnung avg



Versteh immer noch was du da meinst. Ist das der Grund, dass du die Logs von adwCleaner und JRT nicht postest?
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 26.03.2015, 00:29   #9
Tinette
 
pup.optional.facemoods und trojanerwarnung avg - Standard

pup.optional.facemoods und trojanerwarnung avg



nee, die hab ich nicht mehr, die sind mit dem temporären Ordner runtergeflogen
und als ich gerade den jrt nochmal laufen liess war
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.6 (03.22.2015:1)
OS: Windows Vista (TM) Home Premium x86
Ran by Jana on 26.03.2015 at  0:31:03,55
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 26.03.2015 at  0:36:02,31
End of JRT log
         
nur noch das drin...
den adw cleaner hab ich nicht nochmal laufen lassen fällt mir auf, hängt das so zusammen?
ich dachte, ich hab beim Rumgelösche einfach alles gekillt, was Infos gibt (was ja nicht heisst, dass es weg ist)

Code:
ATTFilter
# AdwCleaner v4.113 - Bericht erstellt 26/03/2015 um 01:10:25
# Aktualisiert 22/03/2015 von Xplode
# Datenbank : 2015-03-22.2 [Lokal]
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (x86)
# Benutzername : Jana - JANA-PC
# Gestarted von : C:\Users\Jana\Downloads\AdwCleaner_4.113(1).exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****


***** [ Geplante Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****


***** [ Internetbrowser ] *****

-\\ Internet Explorer v9.0.8112.16633


-\\ Mozilla Firefox v36.0.4 (x86 de)


*************************

AdwCleaner[R1].txt - [799 Bytes] - [26/03/2015 01:07:07]
AdwCleaner[S1].txt - [722 Bytes] - [26/03/2015 01:10:25]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [780  Bytes] ##########
         
hm... auch nix mehr drin
Und nicht zum "Verstecken", ich hatte es ja vorher auch gepostet und dachte auch, ich hätte es irgendwo gebunkert.
Ich hab es aber offenbar temporär abgelegt, also ist's weg.

Also bleibt wahrscheinlich eh nur: neu aufsetzen

Tut mir leid um deine Zeit und Geduld, aber ich schick euch auf jeden Fall ne Spende

Alt 26.03.2015, 09:12   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
pup.optional.facemoods und trojanerwarnung avg - Standard

pup.optional.facemoods und trojanerwarnung avg



FRST-Fix

Virenscanner jetzt bitte komplett deaktivieren, damit sichergestellt ist, dass der Fix sauber durchläuft!


Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
URLSearchHook: HKU\S-1-5-21-2058867259-2847588522-3491946613-1000 - (No Name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} -  No File
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => C:\Windows\TEMP\{A939717C-2C0B-4808-A29B-E65781C2E71E}.exe <==== ATTENTION
C:\Users\Jana\62868_Hama Webcam Metal Pro.exe
C:\Users\Jana\setup.exe
AlternateDataStreams: C:\ProgramData\Temp:04BC9A2C
AlternateDataStreams: C:\ProgramData\Temp:0860D6D6
AlternateDataStreams: C:\ProgramData\Temp:0B4227B4
AlternateDataStreams: C:\ProgramData\Temp:0F3F6B1E
AlternateDataStreams: C:\ProgramData\Temp:1234ADAE
AlternateDataStreams: C:\ProgramData\Temp:131C0EE9
AlternateDataStreams: C:\ProgramData\Temp:178093AE
AlternateDataStreams: C:\ProgramData\Temp:17C48B08
AlternateDataStreams: C:\ProgramData\Temp:18897B1D
AlternateDataStreams: C:\ProgramData\Temp:260575F1
AlternateDataStreams: C:\ProgramData\Temp:2C678471
AlternateDataStreams: C:\ProgramData\Temp:2C86E2AD
AlternateDataStreams: C:\ProgramData\Temp:2CA4B471
AlternateDataStreams: C:\ProgramData\Temp:2CB9631F
AlternateDataStreams: C:\ProgramData\Temp:2F141B68
AlternateDataStreams: C:\ProgramData\Temp:302ECBD6
AlternateDataStreams: C:\ProgramData\Temp:3064D21D
AlternateDataStreams: C:\ProgramData\Temp:315B4A13
AlternateDataStreams: C:\ProgramData\Temp:32AE8659
AlternateDataStreams: C:\ProgramData\Temp:331B7520
AlternateDataStreams: C:\ProgramData\Temp:33384BC0
AlternateDataStreams: C:\ProgramData\Temp:35759C73
AlternateDataStreams: C:\ProgramData\Temp:363E775E
AlternateDataStreams: C:\ProgramData\Temp:3B3A35EC
AlternateDataStreams: C:\ProgramData\Temp:3D887DCC
AlternateDataStreams: C:\ProgramData\Temp:3E06C78F
AlternateDataStreams: C:\ProgramData\Temp:3E8A3E87
AlternateDataStreams: C:\ProgramData\Temp:41099CE9
AlternateDataStreams: C:\ProgramData\Temp:48977386
AlternateDataStreams: C:\ProgramData\Temp:490BCC52
AlternateDataStreams: C:\ProgramData\Temp:4F636E25
AlternateDataStreams: C:\ProgramData\Temp:5080697C
AlternateDataStreams: C:\ProgramData\Temp:52E1DB1D
AlternateDataStreams: C:\ProgramData\Temp:57176330
AlternateDataStreams: C:\ProgramData\Temp:57EE48CA
AlternateDataStreams: C:\ProgramData\Temp:5A2E8BBF
AlternateDataStreams: C:\ProgramData\Temp:5B4686D7
AlternateDataStreams: C:\ProgramData\Temp:5C353220
AlternateDataStreams: C:\ProgramData\Temp:5C9A6C78
AlternateDataStreams: C:\ProgramData\Temp:60AC3BC3
AlternateDataStreams: C:\ProgramData\Temp:614F17D3
AlternateDataStreams: C:\ProgramData\Temp:663B62CA
AlternateDataStreams: C:\ProgramData\Temp:67BA17B9
AlternateDataStreams: C:\ProgramData\Temp:69F562A6
AlternateDataStreams: C:\ProgramData\Temp:69FD6BF0
AlternateDataStreams: C:\ProgramData\Temp:6AF67671
AlternateDataStreams: C:\ProgramData\Temp:6BD304B9
AlternateDataStreams: C:\ProgramData\Temp:6BF0805F
AlternateDataStreams: C:\ProgramData\Temp:6E11933F
AlternateDataStreams: C:\ProgramData\Temp:6E90EDD7
AlternateDataStreams: C:\ProgramData\Temp:6FD26134
AlternateDataStreams: C:\ProgramData\Temp:70E897B5
AlternateDataStreams: C:\ProgramData\Temp:798A3728
AlternateDataStreams: C:\ProgramData\Temp:7C27C41C
AlternateDataStreams: C:\ProgramData\Temp:7EC01D6D
AlternateDataStreams: C:\ProgramData\Temp:814B9485
AlternateDataStreams: C:\ProgramData\Temp:865F21BF
AlternateDataStreams: C:\ProgramData\Temp:86A7B7DD
AlternateDataStreams: C:\ProgramData\Temp:8750DCE4
AlternateDataStreams: C:\ProgramData\Temp:87A3A233
AlternateDataStreams: C:\ProgramData\Temp:88C5973F
AlternateDataStreams: C:\ProgramData\Temp:8AA99C0C
AlternateDataStreams: C:\ProgramData\Temp:8B480195
AlternateDataStreams: C:\ProgramData\Temp:8DA9DB01
AlternateDataStreams: C:\ProgramData\Temp:8DD20B4A
AlternateDataStreams: C:\ProgramData\Temp:922DA2DB
AlternateDataStreams: C:\ProgramData\Temp:9254F782
AlternateDataStreams: C:\ProgramData\Temp:93226FE3
AlternateDataStreams: C:\ProgramData\Temp:93B0BB6F
AlternateDataStreams: C:\ProgramData\Temp:93B8F954
AlternateDataStreams: C:\ProgramData\Temp:94B25DF5
AlternateDataStreams: C:\ProgramData\Temp:9BFB769D
AlternateDataStreams: C:\ProgramData\Temp:9DF07E8F
AlternateDataStreams: C:\ProgramData\Temp:9E22BBE8
AlternateDataStreams: C:\ProgramData\Temp:A2FF94DF
AlternateDataStreams: C:\ProgramData\Temp:A4AF8D0D
AlternateDataStreams: C:\ProgramData\Temp:A6346EE9
AlternateDataStreams: C:\ProgramData\Temp:A6CDBCAC
AlternateDataStreams: C:\ProgramData\Temp:A78B31DD
AlternateDataStreams: C:\ProgramData\Temp:A819A132
AlternateDataStreams: C:\ProgramData\Temp:A9F13D2D
AlternateDataStreams: C:\ProgramData\Temp:AA60673F
AlternateDataStreams: C:\ProgramData\Temp:ABE89FFE
AlternateDataStreams: C:\ProgramData\Temp:ADE16379
AlternateDataStreams: C:\ProgramData\Temp:ADFAD95A
AlternateDataStreams: C:\ProgramData\Temp:B093E177
AlternateDataStreams: C:\ProgramData\Temp:B203B914
AlternateDataStreams: C:\ProgramData\Temp:B2DC8D6B
AlternateDataStreams: C:\ProgramData\Temp:B3942462
AlternateDataStreams: C:\ProgramData\Temp:B504E4C2
AlternateDataStreams: C:\ProgramData\Temp:B623B5B8
AlternateDataStreams: C:\ProgramData\Temp:BB24555F
AlternateDataStreams: C:\ProgramData\Temp:C0A2E219
AlternateDataStreams: C:\ProgramData\Temp:C0A9B815
AlternateDataStreams: C:\ProgramData\Temp:C7B98566
AlternateDataStreams: C:\ProgramData\Temp:CC7738DB
AlternateDataStreams: C:\ProgramData\Temp:CCB49694
AlternateDataStreams: C:\ProgramData\Temp:CDFF58FE
AlternateDataStreams: C:\ProgramData\Temp:CE0A077E
AlternateDataStreams: C:\ProgramData\Temp:CEE4A457
AlternateDataStreams: C:\ProgramData\Temp:D2D4B33E
AlternateDataStreams: C:\ProgramData\Temp:D4D3884D
AlternateDataStreams: C:\ProgramData\Temp:D8F9D810
AlternateDataStreams: C:\ProgramData\Temp:DCAF903C
AlternateDataStreams: C:\ProgramData\Temp:E027789A
AlternateDataStreams: C:\ProgramData\Temp:E1982A23
AlternateDataStreams: C:\ProgramData\Temp:E4FCDFD9
AlternateDataStreams: C:\ProgramData\Temp:EA701346
AlternateDataStreams: C:\ProgramData\Temp:ED92736E
AlternateDataStreams: C:\ProgramData\Temp:F4362715
AlternateDataStreams: C:\ProgramData\Temp:F4BF61E8
AlternateDataStreams: C:\ProgramData\Temp:F5E8CAE0
AlternateDataStreams: C:\ProgramData\Temp:F67AAFC5
AlternateDataStreams: C:\ProgramData\Temp:F81E7082
AlternateDataStreams: C:\ProgramData\Temp:FC60E0F8
AlternateDataStreams: C:\ProgramData\Temp:FDC41D2C
AlternateDataStreams: C:\ProgramData\Temp:FECEF728
AlternateDataStreams: C:\ProgramData\Temp:FED25C29
AlternateDataStreams: C:\ProgramData\Temp:FEEEFFAD
EmptyTemp:
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 26.03.2015, 11:06   #11
Tinette
 
pup.optional.facemoods und trojanerwarnung avg - Standard

pup.optional.facemoods und trojanerwarnung avg



No Way...
Ich hab alles ausgestellt, es läuft nicht durch.
Auch beim dritten Mal hängt es sich auf, selbst die Firewall ist aus. Ab einem gewissen Punkt rührt sich nichts mehr.

Alt 26.03.2015, 11:17   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
pup.optional.facemoods und trojanerwarnung avg - Standard

pup.optional.facemoods und trojanerwarnung avg



Dann mach den Fix im abgesicherten Modus von Windows.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 26.03.2015, 11:24   #13
Tinette
 
pup.optional.facemoods und trojanerwarnung avg - Standard

pup.optional.facemoods und trojanerwarnung avg



Geht nicht. Hängt noch schneller.

Alt 26.03.2015, 11:30   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
pup.optional.facemoods und trojanerwarnung avg - Standard

pup.optional.facemoods und trojanerwarnung avg



Was genau hängt da eigentlich...wenn wir da nix fixen können musst du das OS neu aufspielen.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 26.03.2015, 11:35   #15
Tinette
 
pup.optional.facemoods und trojanerwarnung avg - Standard

pup.optional.facemoods und trojanerwarnung avg



Es scannt, dann bleibt der Balken stehen und es heißt oben "keine Rückmeldung" ich kann es dann nicht mal gleich schließen, es kommt nochmal die Fehlermeldung und dauert bis es sich schließen lässt.

Das OS? Was heißt das? Betriebssystem?

Geändert von Tinette (26.03.2015 um 11:41 Uhr)

Antwort

Themen zu pup.optional.facemoods und trojanerwarnung avg
bericht, datenbank, eingestuft, logfile, nicht sicher, objekte, problem, pup.optional.facemoods.a, schutz, service, trojanerwarnung, unsicher, verzeichnis, virus oder malware oder harmlos, webseite, webseiten, windows, windows vista



Ähnliche Themen: pup.optional.facemoods und trojanerwarnung avg


  1. GMER stürzt ab - MBAM erkennt PUP.Optional.Agent, PUP.Optional.IEBho.A, PUP.Optional.MyFreeze.A
    Plagegeister aller Art und deren Bekämpfung - 07.02.2015 (13)
  2. WIN7: Fund PUP.Optional.DigitalSites.A, PUP.Optional.OpenCandy, PUP.Optional.Softonic.A, PUP.Optional.Updater.A. Weitere Vorgehensweise
    Log-Analyse und Auswertung - 08.10.2014 (11)
  3. Trojaner: PUP.Optional.CrossRider.A, PUP.Optional.MySearchDial.A, PUP.Optional.Babylon.A, PUP.Optional.BuenoSearch
    Plagegeister aller Art und deren Bekämpfung - 17.07.2014 (3)
  4. Security.Hijack, PUP.Optional.OpenCandy, PUP.Optional.Somoto, PUP.Optional.MoviesToolBar etc gefunden
    Plagegeister aller Art und deren Bekämpfung - 16.04.2014 (1)
  5. PUP.Optional.DomalQ / PUP.Optional.BProtector / PUP.Optional.InstallMonetizer.A
    Plagegeister aller Art und deren Bekämpfung - 11.03.2014 (9)
  6. Windows 8: Fund von TR/Dropper.gen, PUP.Optional.Iminent.A, PUP.Optional.BizzyBolt, PUP.Optional.DigitalSites.A
    Log-Analyse und Auswertung - 10.12.2013 (13)
  7. Windows Vista: PUP.Optional.Tarma.A PUP.Optional.OpenCandy PUP.Optional.InstallCore.A
    Plagegeister aller Art und deren Bekämpfung - 11.09.2013 (13)
  8. 2x Windows Vista: PUP.Optional.Tarma.A PUP.Optional.OpenCandy PUP.Optional.InstallCore.A
    Mülltonne - 08.09.2013 (1)
  9. PUP.Optional.BrowserDefender.A, PUP.Optional.Babylon.A, PUP.Optional.Delta
    Log-Analyse und Auswertung - 25.08.2013 (8)
  10. keylogger facemoods
    Plagegeister aller Art und deren Bekämpfung - 17.09.2012 (5)
  11. Fehlermeldung[(x86)facemoods.com/facemoods/1.4.1.7.5/facemoodsrv.exe]...
    Log-Analyse und Auswertung - 28.06.2011 (1)
  12. Facemoods-Search im Internetexplorer nicht entfehrnbar
    Plagegeister aller Art und deren Bekämpfung - 28.02.2011 (3)
  13. Facemoods-Search im Internetexplorer nicht entfehrnbar
    Alles rund um Windows - 27.02.2011 (1)
  14. Ständige Trojanerwarnung
    Log-Analyse und Auswertung - 26.01.2009 (6)
  15. Falsche Wurm/Trojanerwarnung ?
    Log-Analyse und Auswertung - 02.02.2007 (1)
  16. Trojanerwarnung
    Plagegeister aller Art und deren Bekämpfung - 13.06.2003 (18)

Zum Thema pup.optional.facemoods und trojanerwarnung avg - Hallo. Ich bin nicht sicher, wie lange das Problem besteht, heute hat mir AVG erst einmal beiläufig eine Trojanerwarnung gegeben, die bei einem zweiten Scan als geheilt galt. Den ersten - pup.optional.facemoods und trojanerwarnung avg...
Archiv
Du betrachtest: pup.optional.facemoods und trojanerwarnung avg auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.