infizierter Laptop, Adware, Oursurfing, chinesische Dateien, Virus?

Penelope8282 · 16.06.2015, 09:43

Ich habe mir gestern wohl versehentlich eine infizierte Datei gedownloaded. Jedenfalls kann ich sie nicht mehr entfernen, zudem hab ich sämtliche neue Software (Oursurfing uninstall, chinesische Dateien mit dementsprechenden Zeichen, uvm.) Irgend ne Adware muss dabei sein, überall floppt Werbung auf.
Kann mit jemand helfen dies zu entfernen?

cosinus · 16.06.2015, 10:00

Hallo und

Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die mal fündig geworden?

Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs in CODE-Tags posten!
Relevant sind nur Logs der letzten 7 Tage bzw. seitdem das Problem besteht!

Zudem bitte auch ein Log mit Farbars Tool machen:

Scan mit Farbar's Recovery Scan Tool (FRST)

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit.
Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten.
Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

Penelope8282 · 16.06.2015, 11:10

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-06-2015
Ran by Sonne (administrator) on HARLEY-DAVIDSON on 16-06-2015 11:49:59
Running from C:\Users\Sonne\Desktop
Loaded Profiles: Sonne &  (Available Profiles: Sonne)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\Plugfree NETWORK\PFNService.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\PSUtility\PSUService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
(CSR, plc) C:\Program Files\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Microsoft Corporation) C:\Windows\System32\LogonUI.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\PSUtility\TrayManager.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\FDM7\FdmDaemon.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(CSR, plc) C:\Program Files\CSR\Bluetooth Feature Pack 5.0\ConMgr.exe
(FUJITSU LIMITED) C:\Program Files (x86)\Fujitsu\FUJ02E3\FUJ02E3.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\Application Panel\BtnHndHkb.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(FUJITSU LIMITED) C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(FUJITSU LIMITED) C:\Program Files\Fujitsu\Plugfree NETWORK\PFNetDm.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\Plugfree NETWORK\PFNTray.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Dummy, Ltd.) C:\Users\Sonne\Desktop\Robin Schulz feat Ilsey Headlights_10924_i20570157_il345.exe
() C:\Users\Sonne\AppData\Local\Temp\Robin Schulz feat Ilsey Headlights__10924_i1536990031_il127297.exe
(DTools LIMITED) C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe
(NavRight) C:\ProgramData\NavRight\NavRight.exe
(NavRight) C:\ProgramData\NavRight\NavRight.exe
(FlashBeat) C:\ProgramData\FlashBeat\FlashBeat.exe
(FlashBeat) C:\ProgramData\FlashBeat\FlashBeat.exe
() C:\Program Files (x86)\CinemaPlus_1.3dV15.06\0ea818e1-6dca-41bf-80a3-83aec663b48e-10.exe
(Windows APP) C:\Program Files (x86)\Rs\Rs.exe
() C:\Program Files (x86)\CinemaPlus_1.3dV15.06\0ea818e1-6dca-41bf-80a3-83aec663b48e-1-6.exe
() C:\Program Files (x86)\CinemaPlus_1.3dV15.06\e2db6740-b937-4041-963f-f478680e12ae-1-6.exe
(Tencent) C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\TAOFrame.exe
(Tencent) C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\QQPCRTP.exe
(Tencent) C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\QQPCTray.exe
(Tencent) C:\Program Files (x86)\Common Files\Tencent\QQDownload\130\Tencentdl.exe
(Tencent) C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\plugins\QMNetMon\QQPCNetFlow.exe
(Tencent) C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\QQPCTray.exe
(Tencent) C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\QQPCRealTimeSpeedup.exe
(XTab system) C:\Program Files (x86)\MiuiTab\ProtectService.exe
(SearchProtect) C:\Program Files (x86)\MiuiTab\CmdShell.exe
(XTab system) C:\Program Files (x86)\MiuiTab\HPNotify.exe
(Beijing Rising Information Technology Co., Ltd.) C:\Program Files (x86)\Rising\RSD\RsMgrSvc.exe
(Beijing Rising Information Technology Co., Ltd.) C:\Program Files (x86)\Rising\RSD\popwndexe.exe
(OldTimer Tools) C:\Users\Sonne\Desktop\Programme\PC Reinigung\TFC.exe
(OldTimer Tools) C:\Users\Sonne\Desktop\Programme\PC Reinigung\TFC.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_188.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_188.exe
(Beijing Rising Information Technology Co., Ltd.) C:\Program Files (x86)\Rising\RAV\ravmond.exe
(Beijing Rising Information Technology Co., Ltd.) C:\Program Files (x86)\Rising\RAV\rstray.exe
(Beijing Rising Information Technology Co., Ltd.) C:\Program Files (x86)\Rising\RAV\rstray64.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(Microsoft Corporation) C:\Windows\System32\SnippingTool.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1861416 2009-10-09] (Synaptics Incorporated)
HKLM\...\Run: [PfNet] => C:\Program Files\Fujitsu\Plugfree NETWORK\PfNet.exe [6310912 2010-06-24] (FUJITSU LIMITED)
HKLM\...\Run: [PSUTility] => C:\Program Files\Fujitsu\PSUtility\TrayManager.exe [188264 2009-07-30] (FUJITSU LIMITED)
HKLM\...\Run: [FDM7] => C:\Program Files\Fujitsu\FDM7\FdmDaemon.exe [164712 2009-11-26] (FUJITSU LIMITED)
HKLM\...\Run: [LoadFujitsuQuickTouch] => C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe [157544 2009-10-15] (FUJITSU LIMITED)
HKLM\...\Run: [LoadBtnHnd] => C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe [35176 2009-10-15] (FUJITSU LIMITED)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8312352 2009-10-28] (Realtek Semiconductor)
HKLM\...\Run: [ConMgr] => C:\Program Files\CSR\Bluetooth Feature Pack 5.0\ConMgr.exe [535440 2009-12-24] (CSR, plc)
HKLM\...\Run: [CSRSkype] => C:\Program Files\CSR\Bluetooth Feature Pack 5.0\CSRSkype.exe [431504 2009-12-24] (CSR, plc)
HKLM-x32\...\Run: [LoadFUJ02E3] => C:\Program Files (x86)\Fujitsu\FUJ02E3\FUJ02E3.exe [36712 2009-10-08] (FUJITSU LIMITED)
HKLM-x32\...\Run: [IndicatorUtility] => C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe [47976 2009-10-09] (FUJITSU LIMITED)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [AgentMonitor] => C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe [391040 2013-06-20] ()
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [189480 2014-02-06] (Geek Software GmbH)
HKLM-x32\...\Run: [Rs] => C:\Program Files (x86)\Rs\Rs.exe [172032 2015-06-15] (Windows APP)
HKLM-x32\...\Run: [RSDTRAY] => C:\Program Files (x86)\Rising\RSD\popwndexe.exe [126808 2012-09-25] (Beijing Rising Information Technology Co., Ltd.)
HKLM-x32\...\Run: [ QQPCTray] => C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\QQPCTray.exe [355296 2015-06-15] (Tencent)
HKLM-x32\...\Run: [RavTRAY] => C:\Program Files (x86)\Rising\RAV\rstray.exe [111000 2015-06-16] (Beijing Rising Information Technology Co., Ltd.)
HKLM-x32\...\RunOnce: [SpUninstallCleanUp] => REG delete HKEY_LOCAL_MACHINE\Software\SearchProtect /f
HKLM-x32\...\RunOnce: [ Malwarebytes Anti-Malware  (cleanup)] => C:\ProgramData\Malwarebytes\ Malwarebytes Anti-Malware \mbamdor.exe [54072 2014-10-01] (Malwarebytes Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2983943463-2176006230-4185877932-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Bubbles.scr [899584 2010-11-21] (Microsoft Corporation)
HKU\S-1-5-21-2983943463-2176006230-4185877932-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Bubbles.scr [899584 2010-11-21] (Microsoft Corporation)
AppInit_DLLs: C:\ProgramData\FlashBeat\FlashBeat64.dll => C:\ProgramData\FlashBeat\FlashBeat64.dll [905728 2015-06-03] (FlashBeat)
AppInit_DLLs:  C:\ProgramData\NavRight\NavRight64.dll => C:\ProgramData\NavRight\NavRight64.dll [905216 2015-06-03] (NavRight)
AppInit_DLLs-x32: C:\ProgramData\FlashBeat\FlashBeat32.dll => C:\ProgramData\FlashBeat\FlashBeat32.dll [630784 2015-06-03] (FlashBeat)
AppInit_DLLs-x32:  C:\ProgramData\NavRight\NavRight32.dll => C:\ProgramData\NavRight\NavRight32.dll [629248 2015-06-03] (NavRight)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2015-05-18]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\Sonne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk [2012-04-02]
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
ShellIconOverlayIdentifiers: [.QMDeskTopGCIcon] -> {B7667919-3765-4815-A66D-98A09BE662D6} => C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\QMGCShellExt64.dll [2015-06-15] (Tencent)
BootExecute: autocheck autochk *  bsmain
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2983943463-2176006230-4185877932-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2983943463-2176006230-4185877932-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.oursurfing.com/?type=hppp&ts=1434379618&z=d9e38f9a987bfbe67f189fegdz0c9z0ccm7t4q7ofg&from=fsf&uid=ST9500325AS_5VEKXSARXXXX5VEKXSAR
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.oursurfing.com/?type=hppp&ts=1434379618&z=d9e38f9a987bfbe67f189fegdz0c9z0ccm7t4q7ofg&from=fsf&uid=ST9500325AS_5VEKXSARXXXX5VEKXSAR
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.oursurfing.com/web/?type=ds&ts=1434380103&z=833811e1498f7d057639aafgfzbc3zfc5bae1gfe3w&from=amt&uid=ST9500325AS_5VEKXSARXXXX5VEKXSAR&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.oursurfing.com/web/?type=ds&ts=1434380103&z=833811e1498f7d057639aafgfzbc3zfc5bae1gfe3w&from=amt&uid=ST9500325AS_5VEKXSARXXXX5VEKXSAR&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.oursurfing.com/?type=hppp&ts=1434379618&z=d9e38f9a987bfbe67f189fegdz0c9z0ccm7t4q7ofg&from=fsf&uid=ST9500325AS_5VEKXSARXXXX5VEKXSAR
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.oursurfing.com/?type=hppp&ts=1434379618&z=d9e38f9a987bfbe67f189fegdz0c9z0ccm7t4q7ofg&from=fsf&uid=ST9500325AS_5VEKXSARXXXX5VEKXSAR
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.oursurfing.com/web/?type=ds&ts=1434380103&z=833811e1498f7d057639aafgfzbc3zfc5bae1gfe3w&from=amt&uid=ST9500325AS_5VEKXSARXXXX5VEKXSAR&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.oursurfing.com/web/?type=ds&ts=1434380103&z=833811e1498f7d057639aafgfzbc3zfc5bae1gfe3w&from=amt&uid=ST9500325AS_5VEKXSARXXXX5VEKXSAR&q={searchTerms}
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2983943463-2176006230-4185877932-1001\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.oursurfing.com/web/?type=dspp&ts=1434379618&z=d9e38f9a987bfbe67f189fegdz0c9z0ccm7t4q7ofg&from=fsf&uid=ST9500325AS_5VEKXSARXXXX5VEKXSAR&q={searchTerms}
HKU\S-1-5-21-2983943463-2176006230-4185877932-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.oursurfing.com/?type=hppp&ts=1434379618&z=d9e38f9a987bfbe67f189fegdz0c9z0ccm7t4q7ofg&from=fsf&uid=ST9500325AS_5VEKXSARXXXX5VEKXSAR
HKU\S-1-5-21-2983943463-2176006230-4185877932-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.oursurfing.com/?type=hppp&ts=1434379618&z=d9e38f9a987bfbe67f189fegdz0c9z0ccm7t4q7ofg&from=fsf&uid=ST9500325AS_5VEKXSARXXXX5VEKXSAR
HKU\S-1-5-21-2983943463-2176006230-4185877932-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.oursurfing.com/web/?type=dspp&ts=1434379618&z=d9e38f9a987bfbe67f189fegdz0c9z0ccm7t4q7ofg&from=fsf&uid=ST9500325AS_5VEKXSARXXXX5VEKXSAR&q={searchTerms}
HKU\S-1-5-21-2983943463-2176006230-4185877932-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.oursurfing.com/web/?type=dspp&ts=1434379618&z=d9e38f9a987bfbe67f189fegdz0c9z0ccm7t4q7ofg&from=fsf&uid=ST9500325AS_5VEKXSARXXXX5VEKXSAR&q={searchTerms}
HKU\S-1-5-21-2983943463-2176006230-4185877932-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.oursurfing.com/?type=hppp&ts=1434379618&z=d9e38f9a987bfbe67f189fegdz0c9z0ccm7t4q7ofg&from=fsf&uid=ST9500325AS_5VEKXSARXXXX5VEKXSAR
HKU\S-1-5-21-2983943463-2176006230-4185877932-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.oursurfing.com/?type=hppp&ts=1434379618&z=d9e38f9a987bfbe67f189fegdz0c9z0ccm7t4q7ofg&from=fsf&uid=ST9500325AS_5VEKXSARXXXX5VEKXSAR
HKU\S-1-5-21-2983943463-2176006230-4185877932-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.oursurfing.com/web/?type=dspp&ts=1434379618&z=d9e38f9a987bfbe67f189fegdz0c9z0ccm7t4q7ofg&from=fsf&uid=ST9500325AS_5VEKXSARXXXX5VEKXSAR&q={searchTerms}
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2983943463-2176006230-4185877932-1001 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.oursurfing.com/web/?type=dspp&ts=1434379618&z=d9e38f9a987bfbe67f189fegdz0c9z0ccm7t4q7ofg&from=fsf&uid=ST9500325AS_5VEKXSARXXXX5VEKXSAR&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2983943463-2176006230-4185877932-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.oursurfing.com/web/?utm_source=b&utm_medium=amt&utm_campaign=install_ie&utm_content=ds&from=amt&uid=ST9500325AS_5VEKXSARXXXX5VEKXSAR&ts=1434380175&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2983943463-2176006230-4185877932-1001 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = http://www.oursurfing.com/web/?utm_source=b&utm_medium=amt&utm_campaign=install_ie&utm_content=ds&from=amt&uid=ST9500325AS_5VEKXSARXXXX5VEKXSAR&ts=1434380175&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2983943463-2176006230-4185877932-1001 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.oursurfing.com/web/?type=dspp&ts=1434379618&z=d9e38f9a987bfbe67f189fegdz0c9z0ccm7t4q7ofg&from=fsf&uid=ST9500325AS_5VEKXSARXXXX5VEKXSAR&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2983943463-2176006230-4185877932-1001 -> {85A60A59-D3D8-468F-B598-FB4393789EF4} URL = http://www.oursurfing.com/web/?utm_source=b&utm_medium=amt&utm_campaign=install_ie&utm_content=ds&from=amt&uid=ST9500325AS_5VEKXSARXXXX5VEKXSAR&ts=1434380175&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2983943463-2176006230-4185877932-1001 -> {ABEC6EA7-E055-4279-AEF4-75C6572FA32E} URL = http://www.oursurfing.com/web/?utm_source=b&utm_medium=amt&utm_campaign=install_ie&utm_content=ds&from=amt&uid=ST9500325AS_5VEKXSARXXXX5VEKXSAR&ts=1434380175&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2983943463-2176006230-4185877932-1001 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = http://www.oursurfing.com/web/?utm_source=b&utm_medium=amt&utm_campaign=install_ie&utm_content=ds&from=amt&uid=ST9500325AS_5VEKXSARXXXX5VEKXSAR&ts=1434380175&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2983943463-2176006230-4185877932-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.oursurfing.com/web/?type=dspp&ts=1434379618&z=d9e38f9a987bfbe67f189fegdz0c9z0ccm7t4q7ofg&from=fsf&uid=ST9500325AS_5VEKXSARXXXX5VEKXSAR&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2983943463-2176006230-4185877932-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.oursurfing.com/web/?utm_source=b&utm_medium=amt&utm_campaign=install_ie&utm_content=ds&from=amt&uid=ST9500325AS_5VEKXSARXXXX5VEKXSAR&ts=1434380175&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2983943463-2176006230-4185877932-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = http://www.oursurfing.com/web/?utm_source=b&utm_medium=amt&utm_campaign=install_ie&utm_content=ds&from=amt&uid=ST9500325AS_5VEKXSARXXXX5VEKXSAR&ts=1434380175&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2983943463-2176006230-4185877932-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.oursurfing.com/web/?type=dspp&ts=1434379618&z=d9e38f9a987bfbe67f189fegdz0c9z0ccm7t4q7ofg&from=fsf&uid=ST9500325AS_5VEKXSARXXXX5VEKXSAR&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2983943463-2176006230-4185877932-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {85A60A59-D3D8-468F-B598-FB4393789EF4} URL = http://www.oursurfing.com/web/?utm_source=b&utm_medium=amt&utm_campaign=install_ie&utm_content=ds&from=amt&uid=ST9500325AS_5VEKXSARXXXX5VEKXSAR&ts=1434380175&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2983943463-2176006230-4185877932-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {ABEC6EA7-E055-4279-AEF4-75C6572FA32E} URL = http://www.oursurfing.com/web/?utm_source=b&utm_medium=amt&utm_campaign=install_ie&utm_content=ds&from=amt&uid=ST9500325AS_5VEKXSARXXXX5VEKXSAR&ts=1434380175&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2983943463-2176006230-4185877932-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = http://www.oursurfing.com/web/?utm_source=b&utm_medium=amt&utm_campaign=install_ie&utm_content=ds&from=amt&uid=ST9500325AS_5VEKXSARXXXX5VEKXSAR&ts=1434380175&type=default&q={searchTerms}
BHO: No Name -> {2BF6CDAE-6D19-44ED-9035-D44BA7CD20C5} ->  No File
BHO: 电脑管家网页防火墙 -> {7C260B4B-F7A0-40B5-B403-BEFCDC6A4C3B} -> C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\TSWebMon64.dat [2015-06-15] (Tencent)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll [2014-04-09] (McAfee, Inc.)
BHO-x32: Ó¦ÓÃ±¦Ò»¼ü°²×°²å¼þ -> {50F4150A-48B2-417A-BE4C-C83F580FB904} -> C:\Program Files (x86)\Common Files\Tencent\QQPhoneManager\2.0.201.3198\npQQPhoneManagerExt.dll [2014-05-30] (腾讯公司)
BHO-x32: LuckyTab Class -> {51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F} -> C:\Program Files (x86)\MiuiTab\SupTab.dll [2015-06-12] (Thinknice Co. Limited)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-06-27] (Oracle Corporation)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-06-27] (Oracle Corporation)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} -  No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Sonne\AppData\Roaming\Mozilla\Firefox\Profiles\dxajxy9v.default
FF NewTab: chrome://quick_start/content/index.html
FF DefaultSearchEngine: oursurfing
FF SelectedSearchEngine: oursurfing
FF Homepage: hxxp://www.oursurfing.com/?type=hppp&ts=1434379618&z=d9e38f9a987bfbe67f189fegdz0c9z0ccm7t4q7ofg&from=fsf&uid=ST9500325AS_5VEKXSARXXXX5VEKXSAR
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_188.dll [2015-06-11] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-06-11] ()
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2013-06-27] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2013-06-27] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @qq.com/npAndroidAssistant -> C:\Program Files (x86)\Common Files\Tencent\QQPhoneManager\2.0.201.3198\npQQPhoneManagerExt.dll [2014-05-30] (腾讯公司)
FF Plugin-x32: @qq.com/QQPCMgr -> C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\npQMExtensionsMozilla.dll [2015-06-15] (Tencent Technology (Shenzhen) Company Limited)
FF Plugin-x32: @rising.com.cn/nprising -> C:\Program Files (x86)\Rising\RAV\nprising.dll [2015-06-15] (Beijing Rising Information Technology Co., Ltd.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-03-17] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2983943463-2176006230-4185877932-1001: @rising.com.cn/nprising -> C:\Program Files (x86)\Rising\RAV\nprising.dll [2015-06-15] (Beijing Rising Information Technology Co., Ltd.)
FF Plugin HKU\S-1-5-21-2983943463-2176006230-4185877932-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @rising.com.cn/nprising -> C:\Program Files (x86)\Rising\RAV\nprising.dll [2015-06-15] (Beijing Rising Information Technology Co., Ltd.)
FF user.js: detected! => C:\Users\Sonne\AppData\Roaming\Mozilla\Firefox\Profiles\dxajxy9v.default\user.js [2015-06-16]
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-03-17] (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Sonne\AppData\Roaming\Mozilla\Firefox\Profiles\dxajxy9v.default\searchplugins\oursurfing.xml [2015-06-16]
FF Extension: PriceLEss - C:\Users\Sonne\AppData\Roaming\Mozilla\Firefox\Profiles\dxajxy9v.default\Extensions\2D@eVBEZhK.edu [2015-06-15]
FF Extension: CinemaPlus_1.3dV15.06 - C:\Users\Sonne\AppData\Roaming\Mozilla\Firefox\Profiles\dxajxy9v.default\Extensions\973ba634716b4639a1c150b40c@5afc24a09e55466bb60878000.com [2015-06-15]
FF Extension: CinemaPlus_1.3dV15.06 - C:\Users\Sonne\AppData\Roaming\Mozilla\Firefox\Profiles\dxajxy9v.default\Extensions\AVJYFVOD75109374@HCDE39471360.com [2015-06-16]
FF Extension: PrIcELEsS - C:\Users\Sonne\AppData\Roaming\Mozilla\Firefox\Profiles\dxajxy9v.default\Extensions\gEO@d2pbIs.org [2015-06-15]
FF Extension: QuickSearch - C:\Users\Sonne\AppData\Roaming\Mozilla\Firefox\Profiles\dxajxy9v.default\Extensions\searchffv2@gmail.com [2015-06-15]
FF Extension: Search Enginer - C:\Users\Sonne\AppData\Roaming\Mozilla\Firefox\Profiles\dxajxy9v.default\Extensions\sweetsearch@gmail.com [2015-06-15]
FF Extension: NoScript - C:\Users\Sonne\AppData\Roaming\Mozilla\Firefox\Profiles\dxajxy9v.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2013-06-28]
FF Extension: Adblock Plus - C:\Users\Sonne\AppData\Roaming\Mozilla\Firefox\Profiles\dxajxy9v.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-06-28]
FF HKLM-x32\...\Firefox\Extensions: [sweetsearch@gmail.com] - C:\Users\Sonne\AppData\Roaming\Mozilla\Firefox\Profiles\dxajxy9v.default\extensions\sweetsearch@gmail.com
FF HKLM-x32\...\Firefox\Extensions: [searchffv2@gmail.com] - C:\Users\Sonne\AppData\Roaming\Mozilla\Firefox\Profiles\dxajxy9v.default\extensions\searchffv2@gmail.com
FF HKU\S-1-5-21-2983943463-2176006230-4185877932-1001\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]
FF HKU\S-1-5-21-2983943463-2176006230-4185877932-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi

Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Sonne\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (CinemaPlus_1.3dV15.06) - C:\Users\Sonne\AppData\Local\Google\Chrome\User Data\Default\Extensions\ceaohckoegdncfpojeiehjkaffbdahli [2015-06-15]
CHR Extension: (CinemaPlus_1.3dV15.06) - C:\Users\Sonne\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkadffjmnaiokkdncgdlecdegajoiemi [2015-06-15]
CHR Extension: (Google Wallet) - C:\Users\Sonne\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-09]
CHR Extension: (Amazon) - C:\Users\Sonne\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocbnpbkmjpgbdcgiflkgkpnkinifpgpj [2015-02-10]
CHR HKLM-x32\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - http://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ocbnpbkmjpgbdcgiflkgkpnkinifpgpj] - C:\Users\Sonne\ChromeExtensions\ocbnpbkmjpgbdcgiflkgkpnkinifpgpj\amazon-icon-2.crx [2014-11-12]
CHR HKLM-x32\...\Chrome\Extension: [ooebklgpfnbcnpokahmdidgbmlcdepkm] - https://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 IHProtect Service; C:\Program Files (x86)\MiuiTab\ProtectService.exe [125056 2015-06-12] (XTab system)
R2 LMS; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [262144 2009-11-01] (Intel Corporation) [File not signed]
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
R2 PFNService; C:\Program Files\Fujitsu\Plugfree NETWORK\PFNService.exe [330240 2010-06-24] (FUJITSU LIMITED) [File not signed]
R2 PowerSavingUtilityService; C:\Program Files\Fujitsu\PSUtility\PSUService.exe [63336 2009-07-30] (FUJITSU LIMITED)
R2 QQPCRTP; C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\QQPCRTP.exe [297608 2015-06-15] (Tencent)
R2 RsMgrSvc; C:\Program Files (x86)\Rising\RSD\RsMgrSvc.exe [184088 2015-06-15] (Beijing Rising Information Technology Co., Ltd.)
R2 RsRavMon; C:\Program Files (x86)\Rising\RAV\ravmond.exe [277552 2014-05-15] (Beijing Rising Information Technology Co., Ltd.)
R3 TAOFrame; C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\TAOFrame.exe [293856 2015-06-15] (Tencent)
R2 UNS; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2314240 2009-11-01] (Intel Corporation) [File not signed]
R2 VFPRadioSupportService; C:\Program Files\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe [145840 2009-12-24] (CSR, plc)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R3 BthAvrcp; C:\Windows\System32\DRIVERS\BthAvrcp.sys [34704 2009-12-24] (CSR, plc)
R3 FUJ02B1; C:\Windows\System32\DRIVERS\FUJ02B1.sys [7808 2006-11-01] (FUJITSU LIMITED)
R3 FUJ02E3; C:\Windows\System32\DRIVERS\FUJ02E3.sys [7296 2006-11-01] (FUJITSU LIMITED)
R1 HyperVM; C:\Windows\system32\drivers\hvm.sys [41784 2015-06-16] (Beijing Rising Information Technology Co., Ltd.)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-06-16] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
U0 mtxfhi; C:\Windows\System32\drivers\cejxy.sys [79064 2015-06-16] (Malwarebytes Corporation)
R1 QMUdisk; C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\QMUdisk64.sys [62264 2015-06-15] (Tencent)
R2 QQSysMonX64; C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\QQSysMonX64.sys [129336 2015-06-15] (电脑管家)
R1 rsutils; C:\Windows\System32\DRIVERS\rsutils.sys [71760 2015-06-16] (Beijing Rising Information Technology Co., Ltd.)
R0 sysmon; C:\Windows\System32\DRIVERS\sysmon.sys [119256 2015-06-16] (Beijing Rising Information Technology Co., Ltd.)
R2 TAOAccelerator; C:\Windows\system32\Drivers\TAOAccelerator64.sys [99640 2015-06-15] (Tencent)
R1 TAOKernelDriver; C:\Windows\System32\Drivers\TAOKernel64.sys [174392 2015-06-15] (Tencent Technology(Shenzhen) Company Limited)
R3 TFsFlt; C:\Windows\System32\Drivers\TFsFltX64.sys [87864 2015-06-15] (电脑管家)
R1 TSCPM; C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\tscpm64.sys [42296 2015-06-15] (电脑管家)
R1 TSDefenseBt; C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\TSDefenseBT64.sys [28472 2015-06-15] (Tencent)
R3 TSSKX64; C:\Windows\System32\drivers\tsskx64.sys [38200 2015-06-15] (电脑管家)
R1 TSSysKit; C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\TSSysKit64.sys [87352 2015-06-15] (电脑管家)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [52736 2012-02-15] (Apple, Inc.) [File not signed]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-16 11:49 - 2015-06-16 11:50 - 00033867 _____ C:\Users\Sonne\Desktop\FRST.txt
2015-06-16 11:47 - 2015-06-16 11:47 - 02109952 _____ (Farbar) C:\Users\Sonne\Desktop\FRST64.exe
2015-06-16 11:06 - 2015-06-16 11:06 - 00000134 _____ C:\Windows\SysWOW64\BsMain.ini
2015-06-16 11:06 - 2015-06-16 11:06 - 00000000 ___RD C:\RavBin
2015-06-16 11:06 - 2015-06-16 11:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rising Antivirus
2015-06-16 11:06 - 2015-06-16 11:04 - 00091928 ____N (Beijing Rising Information Technology Co., Ltd.) C:\Windows\SysWOW64\vpatch.dll
2015-06-16 11:05 - 2015-06-16 10:35 - 00325400 ____N (Beijing Rising Information Technology Co., Ltd.) C:\Windows\system32\ravext64.dll
2015-06-16 11:05 - 2015-06-16 10:35 - 00256280 ____N (Beijing Rising Information Technology Co., Ltd.) C:\Windows\SysWOW64\ravext.dll
2015-06-16 11:05 - 2015-06-16 10:32 - 00041784 ____N (Beijing Rising Information Technology Co., Ltd.) C:\Windows\system32\Drivers\hvm.sys
2015-06-16 11:05 - 2015-06-16 10:31 - 00240472 ____N (Beijing Rising Information Technology Co., Ltd.) C:\Windows\SysWOW64\bsmain.exe
2015-06-16 10:30 - 2015-06-16 10:30 - 00079064 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\cejxy.sys
2015-06-16 10:26 - 2015-06-16 10:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\腾讯软件
2015-06-15 18:29 - 2015-06-16 11:36 - 00000112 _____ C:\Windows\setupact.log
2015-06-15 18:29 - 2015-06-15 18:29 - 00000000 _____ C:\Windows\setuperr.log
2015-06-15 17:20 - 2015-06-15 17:20 - 00003430 _____ C:\Windows\System32\Tasks\AmiUpdXp
2015-06-15 17:20 - 2015-06-15 17:20 - 00000378 _____ C:\Windows\Tasks\AmiUpdXp.job
2015-06-15 17:20 - 2015-06-15 17:20 - 00000000 ____D C:\Users\Sonne\AppData\Local\32281
2015-06-15 17:08 - 2015-06-15 17:08 - 00000000 ____D C:\ProgramData\TXQMPC
2015-06-15 17:03 - 2015-06-15 17:03 - 00003160 _____ C:\Windows\System32\Tasks\{C07EE879-4943-44B9-B8F3-B055E75D3C3D}
2015-06-15 16:57 - 2015-06-15 16:57 - 00000000 ____D C:\Users\Sonne\AppData\Roaming\1CD8A1AE-1434380225-E011-8946-8C736EA82B7D
2015-06-15 16:54 - 2015-06-15 17:02 - 00000000 ____D C:\Users\Sonne\AppData\Roaming\oursurfing
2015-06-15 16:53 - 2015-06-15 16:53 - 00000000 ____D C:\Users\Sonne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\腾讯软件
2015-06-15 16:53 - 2015-06-15 16:53 - 00000000 ____D C:\ProgramData\eolmjdcbmnnkhdgehgjabfihnechnicm
2015-06-15 16:53 - 2015-06-15 16:53 - 00000000 ____D C:\Program Files\Common Files\Tencent
2015-06-15 16:53 - 2015-06-15 16:52 - 00174392 _____ (Tencent Technology(Shenzhen) Company Limited) C:\Windows\system32\Drivers\TAOKernel64.sys
2015-06-15 16:53 - 2015-06-15 16:52 - 00099640 _____ (Tencent) C:\Windows\system32\Drivers\TAOAccelerator64.sys
2015-06-15 16:53 - 2015-06-15 16:52 - 00087864 _____ (电脑管家) C:\Windows\system32\Drivers\TFsFltX64.sys
2015-06-15 16:53 - 2015-06-15 16:52 - 00038200 _____ (电脑管家) C:\Windows\system32\Drivers\TSSKX64.sys
2015-06-15 16:52 - 2015-06-15 17:12 - 00000000 ____D C:\Users\Sonne\AppData\Roaming\Tencent
2015-06-15 16:52 - 2015-06-15 17:08 - 00000000 ____D C:\ProgramData\Tencent
2015-06-15 16:52 - 2015-06-15 16:52 - 00000000 ____D C:\Program Files (x86)\Tencent
2015-06-15 16:52 - 2015-06-15 16:52 - 00000000 ____D C:\Program Files (x86)\MyPCBU
2015-06-15 16:50 - 2015-06-16 11:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rising Software Deployment System
2015-06-15 16:50 - 2015-06-16 10:56 - 00000998 _____ C:\Windows\Tasks\bNGItKJsccWOg.job
2015-06-15 16:50 - 2015-06-16 10:30 - 00119256 ____N (Beijing Rising Information Technology Co., Ltd.) C:\Windows\system32\Drivers\sysmon.sys
2015-06-15 16:50 - 2015-06-16 10:30 - 00071760 ____N (Beijing Rising Information Technology Co., Ltd.) C:\Windows\system32\Drivers\rsutils.sys
2015-06-15 16:50 - 2015-06-15 16:50 - 00004052 _____ C:\Windows\System32\Tasks\R3jz8d0TYYLlGbCwf1NT
2015-06-15 16:50 - 2015-06-15 16:50 - 00004050 _____ C:\Windows\System32\Tasks\R3jz8d0TYYLlGbCwf1N
2015-06-15 16:50 - 2015-06-15 16:50 - 00004038 _____ C:\Windows\System32\Tasks\bNGItKJsccWOg
2015-06-15 16:50 - 2015-06-15 16:50 - 00004036 _____ C:\Windows\System32\Tasks\bNGItKJsccWO
2015-06-15 16:50 - 2015-06-15 16:50 - 00001012 _____ C:\Windows\Tasks\R3jz8d0TYYLlGbCwf1NT.job
2015-06-15 16:50 - 2015-06-15 16:50 - 00001010 _____ C:\Windows\Tasks\R3jz8d0TYYLlGbCwf1N.job
2015-06-15 16:50 - 2015-06-15 16:50 - 00000996 _____ C:\Windows\Tasks\bNGItKJsccWO.job
2015-06-15 16:50 - 2015-06-15 16:50 - 00000150 __RSH C:\rising.ini
2015-06-15 16:50 - 2012-02-29 09:49 - 00011888 ____N (Beijing Rising Information Technology Co., Ltd.) C:\Windows\system32\Drivers\rsndisp.sys
2015-06-15 16:49 - 2015-06-16 10:30 - 00000000 ____D C:\Program Files (x86)\globalUpdate
2015-06-15 16:49 - 2015-06-15 16:57 - 00000000 ____D C:\Program Files (x86)\Rs
2015-06-15 16:49 - 2015-06-15 16:50 - 00000000 ____D C:\ProgramData\Rising
2015-06-15 16:49 - 2015-06-15 16:49 - 00000000 ____D C:\Users\Sonne\AppData\Local\globalUpdate
2015-06-15 16:49 - 2015-06-15 16:49 - 00000000 ____D C:\Program Files (x86)\Rising
2015-06-15 16:49 - 2015-06-15 16:49 - 00000000 ____D C:\Program Files (x86)\b24cd062-bf2a-4359-9342-85828b0ba5d3
2015-06-15 16:49 - 2015-06-15 16:49 - 00000000 ____D C:\Program Files (x86)\639202a2-5fcc-4a00-ba2e-ebce06ee95fc
2015-06-15 16:48 - 2015-06-16 10:30 - 00000000 ____D C:\Program Files (x86)\CinemaPlus_1.3dV15.06
2015-06-15 16:48 - 2015-06-16 10:26 - 00000004 _____ C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-06-15 16:48 - 2015-06-15 16:49 - 00000330 _____ C:\Windows\Tasks\WTKXPWLM1.job
2015-06-15 16:48 - 2015-06-15 16:48 - 00003572 _____ C:\Windows\System32\Tasks\DWBTM
2015-06-15 16:48 - 2015-06-15 16:48 - 00002852 _____ C:\Windows\System32\Tasks\WTKXPWLM1
2015-06-15 16:48 - 2015-06-15 16:48 - 00000000 ____D C:\ProgramData\FlashBeat
2015-06-15 16:48 - 2015-06-15 16:48 - 00000000 ____D C:\ProgramData\37e30e59d1a7430da05c726d0388106f
2015-06-15 16:48 - 2015-06-15 16:48 - 00000000 ____D C:\ProgramData\28341ff220e0446c9fff27c4493d622e
2015-06-15 16:48 - 2015-06-15 16:48 - 00000000 ____D C:\Program Files (x86)\cinemaplus
2015-06-15 16:47 - 2015-06-16 10:30 - 00000000 ____D C:\ProgramData\WindowsMangerProtect
2015-06-15 16:47 - 2015-06-15 16:56 - 00000000 ____D C:\Program Files (x86)\MiuiTab
2015-06-15 16:47 - 2015-06-15 16:48 - 00000324 _____ C:\Windows\Tasks\XGGLNAPSJN1.job
2015-06-15 16:47 - 2015-06-15 16:47 - 00003572 _____ C:\Windows\System32\Tasks\HLEBG
2015-06-15 16:47 - 2015-06-15 16:47 - 00002846 _____ C:\Windows\System32\Tasks\XGGLNAPSJN1
2015-06-15 16:47 - 2015-06-15 16:47 - 00000000 ____D C:\ProgramData\NavRight
2015-06-15 16:47 - 2015-06-15 16:47 - 00000000 ____D C:\ProgramData\IHProtectUpDate
2015-06-15 16:47 - 2015-06-15 16:47 - 00000000 ____D C:\ProgramData\830d280829ca4028a7f37bc821cc2f16
2015-06-15 16:47 - 2015-06-15 16:47 - 00000000 ____D C:\ProgramData\12db864551ae4c578eb17db1a9f5d3cf
2015-06-15 16:47 - 2015-06-15 16:47 - 00000000 _____ C:\Windows\hgfs.sys
2015-06-15 16:46 - 2015-06-15 16:46 - 00000000 ____D C:\Users\Sonne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASPackage
2015-06-15 16:46 - 2015-06-15 16:46 - 00000000 ____D C:\Users\Sonne\AppData\Roaming\ASPackage
2015-06-15 16:46 - 2015-06-15 16:46 - 00000000 _____ C:\Windows\prleth.sys
2015-06-15 16:45 - 2015-06-15 16:45 - 00000000 ____D C:\ProgramData\9218317531913342215
2015-06-15 16:44 - 2015-06-15 16:49 - 00000000 ____D C:\Program Files (x86)\app_setup
2015-06-15 16:44 - 2015-06-15 16:44 - 00000000 ____D C:\ProgramData\efacfndghcpfjhjefehpihglncakjhem
2015-06-15 16:44 - 2015-06-15 16:44 - 00000000 ____D C:\Program Files (x86)\C2PC
2015-06-15 16:42 - 2015-06-15 16:42 - 01483792 _____ (Dummy, Ltd.) C:\Users\Sonne\Desktop\Robin Schulz feat Ilsey Headlights_10924_i20570157_il345.exe
2015-06-08 01:05 - 2015-05-01 15:17 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-06-08 01:05 - 2015-05-01 15:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-06-04 13:56 - 2015-06-08 08:43 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-05-21 15:48 - 2015-05-21 15:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2015-05-21 15:48 - 2015-05-21 15:48 - 00000000 ____D C:\Program Files\McAfee Security Scan
2015-05-20 10:46 - 2015-05-20 10:46 - 00013489 _____ C:\Users\Sonne\Documents\Stadt W´hausen Herr Meyer (PayPal).odt
2015-05-18 14:11 - 2015-05-21 15:48 - 00001937 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2015-05-18 14:11 - 2015-05-21 15:48 - 00000000 ____D C:\ProgramData\McAfee Security Scan
2015-05-18 14:10 - 2015-06-15 16:49 - 00000000 ____D C:\Program Files (x86)\Adobe
2015-05-18 14:10 - 2015-05-18 14:10 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-05-18 14:10 - 2015-05-18 14:10 - 00002013 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-16 11:50 - 2013-07-02 19:21 - 00000000 ____D C:\FRST
2015-06-16 11:41 - 2013-03-28 20:47 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-06-16 11:40 - 2014-11-13 11:04 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-06-16 11:39 - 2014-11-13 11:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-06-16 11:39 - 2014-11-13 11:04 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-06-16 11:39 - 2013-11-28 20:20 - 00001072 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-06-16 11:39 - 2011-09-30 23:16 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-06-16 11:36 - 2013-06-07 21:17 - 01955456 _____ C:\Windows\WindowsUpdate.log
2015-06-16 11:36 - 2011-09-30 23:24 - 00064544 _____ C:\Users\Sonne\AppData\Local\GDIPFONTCACHEV1.DAT
2015-06-16 10:34 - 2009-07-14 06:45 - 00024608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-06-16 10:34 - 2009-07-14 06:45 - 00024608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-06-16 10:30 - 2009-07-14 05:20 - 00000000 __RSD C:\Windows\Media
2015-06-15 17:02 - 2013-09-09 15:44 - 00002141 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-06-15 17:02 - 2013-07-09 11:08 - 00001169 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-06-15 17:02 - 2013-07-09 11:08 - 00001157 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-06-15 17:02 - 2011-09-30 23:34 - 00001431 _____ C:\Users\Sonne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-06-15 16:59 - 2013-04-17 16:39 - 00000000 ____D C:\Users\Sonne\AppData\Local\CrashDumps
2015-06-15 16:54 - 2011-09-30 23:37 - 00000000 ____D C:\Users\Sonne\AppData\Local\VirtualStore
2015-06-15 14:30 - 2011-09-30 23:16 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-06-11 12:41 - 2013-03-28 20:47 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-06-11 12:41 - 2013-03-28 20:46 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-06-11 12:41 - 2011-09-30 23:41 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-06-09 21:01 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2015-06-08 08:43 - 2013-07-09 11:08 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-06-08 01:36 - 2009-07-14 06:45 - 00294928 _____ C:\Windows\system32\FNTCACHE.DAT
2015-06-08 01:35 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-06-08 01:34 - 2012-05-14 13:08 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-06-08 01:34 - 2012-05-14 13:08 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-06-08 01:32 - 2015-04-22 13:38 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2015-06-08 01:32 - 2015-04-22 13:38 - 00000000 ___SD C:\Windows\system32\GWX
2015-06-08 01:32 - 2010-11-21 09:17 - 00000000 ____D C:\Program Files\Windows Journal
2015-06-08 01:32 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\AdvancedInstallers
2015-06-08 01:10 - 2012-03-28 10:11 - 00000000 ____D C:\Program Files (x86)\Microsoft Application Virtualization Client
2015-06-08 01:10 - 2011-04-16 12:56 - 01649782 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2015-06-08 01:10 - 2011-02-14 14:57 - 00700118 _____ C:\Windows\system32\perfh007.dat
2015-06-08 01:10 - 2011-02-14 14:57 - 00149968 _____ C:\Windows\system32\perfc007.dat
2015-06-08 01:04 - 2012-05-14 14:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-06-04 13:34 - 2015-05-15 21:27 - 00000000 ____D C:\Users\Sonne\Documents\Musch Delank Imex
2015-05-21 15:57 - 2011-09-30 23:55 - 00000000 ____D C:\Users\Sonne\Desktop\Fotos
2015-05-20 14:44 - 2011-09-30 23:23 - 00000000 ____D C:\Users\Sonne\AppData\Local\Adobe
2015-05-19 11:42 - 2012-04-01 11:15 - 00000000 ____D C:\Users\Sonne\Documents\Eigene Dateien
2015-05-19 09:12 - 2009-07-14 07:32 - 00000000 ____D C:\Windows\system32\FxsTmp
2015-05-18 14:11 - 2015-01-11 11:43 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-05-18 14:11 - 2011-09-30 23:41 - 00000000 ____D C:\Users\Sonne\AppData\Roaming\Adobe
2015-05-18 14:10 - 2011-09-30 23:18 - 00000000 ____D C:\ProgramData\Adobe
2015-05-18 13:34 - 2011-09-30 23:16 - 00004106 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-05-18 13:34 - 2011-09-30 23:16 - 00003854 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

==================== Files in the root of some directories =======

2015-04-14 18:28 - 2015-04-14 18:28 - 0004387 _____ () C:\Users\Sonne\AppData\Roaming\bNGItKJsccWO
2015-04-19 14:20 - 2015-04-19 14:20 - 0005872 _____ () C:\Users\Sonne\AppData\Roaming\bNGItKJsccWOg
2015-04-20 16:05 - 2015-04-20 16:05 - 1579520 _____ () C:\Users\Sonne\AppData\Roaming\bNGItKJsccWOg.exe
2015-04-14 18:28 - 2015-04-14 18:28 - 0004387 _____ () C:\Users\Sonne\AppData\Roaming\R3jz8d0TYYLlGbCwf1N
2015-04-19 14:20 - 2015-04-19 14:20 - 0005872 _____ () C:\Users\Sonne\AppData\Roaming\R3jz8d0TYYLlGbCwf1NT
2015-04-20 16:05 - 2015-04-20 16:05 - 1579520 _____ () C:\Users\Sonne\AppData\Roaming\R3jz8d0TYYLlGbCwf1NT.exe
2013-06-27 11:07 - 2013-06-27 11:07 - 0000005 _____ () C:\Users\Sonne\AppData\Roaming\WBPU-TTL.DAT
2013-10-02 20:36 - 2014-01-05 15:11 - 0000678 _____ () C:\Users\Sonne\AppData\Local\cookies.ini

Some files in TEMP:
====================
C:\Users\Sonne\AppData\Local\Temp\C2PC_SP.exe
C:\Users\Sonne\AppData\Local\Temp\Launcher__13202.exe
C:\Users\Sonne\AppData\Local\Temp\Robin Schulz feat Ilsey Headlights__10924_i1536990031_il127297.exe
C:\Users\Sonne\AppData\Local\Temp\sc-setup-1.10.0.16.exe
C:\Users\Sonne\AppData\Local\Temp\sdf1C73.exe
C:\Users\Sonne\AppData\Local\Temp\sdf86AA.exe
C:\Users\Sonne\AppData\Local\Temp\sdf9C1E.exe
C:\Users\Sonne\AppData\Local\Temp\Uninstall.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-06-09 15:25

==================== End of log ============================

[CODE]Additional
FRST Logfile:

Code:

ATTFilter

scan result of Farbar Recovery Scan Tool (x64) Version:13-06-2015
Ran by Sonne at 2015-06-16 11:51:42
Running from C:\Users\Sonne\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2983943463-2176006230-4185877932-500 - Administrator - Disabled)
Gast (S-1-5-21-2983943463-2176006230-4185877932-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2983943463-2176006230-4185877932-1002 - Limited - Enabled)
Sonne (S-1-5-21-2983943463-2176006230-4185877932-1001 - Administrator - Enabled) => C:\Users\Sonne

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: 电脑管家系统防护 (Enabled - Up to date) {6F9C3F92-B625-0E47-F0B1-447602EC65F5}
AV: Rising Antivirus (Enabled - Up to date) {DBC966C2-BD90-87CD-5A01-4DFB1D2EC867}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: 电脑管家系统防护 (Enabled - Up to date) {D4FDDE76-901F-01C9-CA01-7F04796B2F48}
AS: Rising Antivirus (Enabled - Up to date) {60A88726-9BAA-8843-60B1-768966A982DA}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.007.20033 - Adobe Systems Incorporated)
Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.188 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.188 - Adobe Systems Incorporated)
Advertising Center (x32 Version: 0.0.0.1 - Nero AG) Hidden
AIS Connect (HKLM-x32\...\AIS Connect) (Version: 1.1.1.6 - Fujitsu Technology Solutions GmbH)
AIS Connect (x32 Version: 1.1.1.6 - Fujitsu Technology Solutions GmbH) Hidden
AnySend (HKLM-x32\...\ASPackage) (Version: 1.0.0.0 - CMI Limited) <==== ATTENTION!
Bluetooth Feature Pack 5.0 (HKLM\...\{B2F4C332-2359-4ADE-AF0C-C631768BBB89}) (Version: 5.0.14 - CSR Plc.)
C2PC version 1.8 (HKLM-x32\...\{A23B547D-36B0-4B85-B68A-AADF6C9A723B}_is1) (Version: 1.8 - )
CCleaner (HKLM\...\CCleaner) (Version: 3.11 - Piriform)
cinemaplus version 2.04 (HKLM-x32\...\{59680D1A-6A49-4E85-BB42-6886773DF589}_is1) (Version: 2.04 - ) <==== ATTENTION
CinemaPlus_1.3dV15.06 (HKLM-x32\...\CinemaPlus_1.3dV15.06) (Version: 1.36.01.22 - CinemaPlus_1.3dV15.06) <==== ATTENTION
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DeskUpdate 4.11 (HKLM-x32\...\DeskUpdate_is1) (Version: 4.11.0074 - Fujitsu Technology Solutions)
eBay (HKLM-x32\...\{9983CD31-473F-4808-8317-5346119F0187}) (Version: 1.0.1 - eBay Inc.)
FlashBeat (HKLM-x32\...\FlashBeat) (Version:  - ) <==== ATTENTION!
Fotogalerie (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
FreeOCR v5.0 (HKLM-x32\...\freeocr_is1) (Version:  - )
Fujitsu Display Manager (HKLM-x32\...\InstallShield_{4108974B-DE87-4AD4-9167-930C62C45691}) (Version:  - )
Fujitsu Display Manager (Version: 7.01.00.210 - FUJITSU LIMITED) Hidden
Fujitsu Hotkey Utility (HKLM-x32\...\InstallShield_{BA0CC975-682B-4678-A35C-05E607F36387}) (Version: 3.60.1.0 - FUJITSU LIMITED)
Fujitsu Hotkey Utility (x32 Version: 3.60.1.0 - FUJITSU LIMITED) Hidden
Fujitsu MobilityCenter Extension Utility (HKLM-x32\...\InstallShield_{EC314CDF-3521-482B-A21C-65AC95664814}) (Version:  - )
Fujitsu MobilityCenter Extension Utility (Version: 3.01.00.000 - Ihr Firmenname) Hidden
Fujitsu System Extension Utility (HKLM-x32\...\InstallShield_{E8A5B78F-4456-4511-AB3D-E7BFFB974A7A}) (Version:  - )
Fujitsu System Extension Utility (Version: 3.1.1.0 - FUJITSU LIMITED) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.124 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
HP Deskjet 2050 J510 series Basic Device Software (HKLM\...\{474A8F3F-863A-4FCC-91F0-47A61E06FEC9}) (Version: 22.0.334.0 - Hewlett-Packard Co.)
ImagXpress (x32 Version: 7.0.74.0 - Nero AG) Hidden
Intel(R) Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2025 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Java 7 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.250 - Oracle)
Java(TM) 6 Update 22 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216022F0}) (Version: 6.0.220 - Oracle)
Junk Mail filter update (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
LifeBook Application Panel (HKLM-x32\...\InstallShield_{6226477E-444F-4DFE-BA19-9F4F7D4565BC}) (Version:  - )
LifeBook Application Panel (Version: 8.1.0.0 - FUJITSU LIMITED) Hidden
Malwarebytes Anti-Malware Version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - Deutsch (HKLM-x32\...\{90140011-0066-0407-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SkyDrive (HKU\S-1-5-21-2983943463-2176006230-4185877932-1001\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation)
Microsoft SkyDrive (HKU\S-1-5-21-2983943463-2176006230-4185877932-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 38.0.5 (x86 de) (HKLM-x32\...\Mozilla Firefox 38.0.5 (x86 de)) (Version: 38.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
MyPCBU version 2.25 (HKLM-x32\...\{7D7D6742-5B49-4454-9E9B-748E731E741A}_is1) (Version: 2.25 - )
NavRight (HKLM-x32\...\NavRight) (Version:  - )
Nero 9 Essentials (HKLM-x32\...\{54da196d-166e-41ff-97b8-b36d914b919c}) (Version:  - Nero AG)
OpenOffice.org 3.3 (HKLM-x32\...\{4286716B-1287-48E7-9078-3DC8248DBA96}) (Version: 3.3.9567 - OpenOffice.org)
oursurfing uninstall (HKLM-x32\...\oursurfing uninstall) (Version:  - oursurfing) <==== ATTENTION
PDF24 Creator 6.3.2 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
PhotoScape (HKLM-x32\...\PhotoScape) (Version:  - )
Plugfree NETWORK (HKLM\...\{7BA64D21-EE46-4a9a-8145-52B0175C3F86}) (Version: 5.3.0.1 - FUJITSU LIMITED)
Plugfree NETWORK (Version: 5.3.001 - FUJITSU LIMITED) Hidden
Power Saving Utility (HKLM-x32\...\InstallShield_{7254349B-460B-488F-B4DB-A96100C5C48B}) (Version:  - )
Power Saving Utility (Version: 31.01.11.013 - FUJITSU LIMITED) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5969 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7100.30087 - Realtek Semiconductor Corp.)
Rising Antivirus (HKLM-x32\...\RAV) (Version: 24.00.43.07 - Beijing Rising Information Technology, Inc.)
Rising Software Deployment System (HKLM-x32\...\RSD) (Version: 23.00.01.02 - Beijing Rising Information Technology, Inc.)
Rossmann Fotowelt Software 4.9 (HKLM-x32\...\Rossmann Fotowelt Software) (Version: 4.9 - ORWO Net)
Software Version Updater (HKLM-x32\...\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}) (Version: 1.1.4.2 - )
SpywareBlaster 5.0 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 14.0.10.0 - Synaptics Incorporated)
TeamViewer 7 (HKLM-x32\...\TeamViewer 7) (Version: 7.0.17271 - TeamViewer)
VisualBee for Microsoft PowerPoint (HKU\S-1-5-21-2983943463-2176006230-4185877932-1001\...\VisualBee for Microsoft PowerPoint) (Version: V3.9 - VisualBee.com)
VisualBee for Microsoft PowerPoint (HKU\S-1-5-21-2983943463-2176006230-4185877932-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\VisualBee for Microsoft PowerPoint) (Version: V3.9 - VisualBee.com)
VTech Download Agent Library (x32 Version: 1.00.0000 - VTech) Hidden
VTech Download Manager (HKLM-x32\...\VTechDownloadManager) (Version:  - VTech)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Zip Opener Packages 83 (HKU\S-1-5-21-2983943463-2176006230-4185877932-1001\...\Zip Opener Packages 83) (Version:  - ) <==== ATTENTION
Zip Opener Packages 83 (HKU\S-1-5-21-2983943463-2176006230-4185877932-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Zip Opener Packages 83) (Version:  - ) <==== ATTENTION

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2983943463-2176006230-4185877932-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Sonne\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2983943463-2176006230-4185877932-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Sonne\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2983943463-2176006230-4185877932-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Sonne\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2983943463-2176006230-4185877932-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Sonne\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\FileSyncApi64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2983943463-2176006230-4185877932-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Sonne\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2983943463-2176006230-4185877932-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Sonne\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2983943463-2176006230-4185877932-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Sonne\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2983943463-2176006230-4185877932-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Sonne\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\FileSyncApi64.dll (Microsoft Corporation)

==================== Restore Points =========================

08-05-2015 12:34:43 Windows Update
15-05-2015 14:18:39 Windows Update
19-05-2015 11:30:30 Windows Update
22-05-2015 13:33:32 Windows Update
28-05-2015 09:29:41 Windows Update
04-06-2015 13:34:06 Windows Update
08-06-2015 01:01:03 Windows Update
12-06-2015 15:46:14 Windows Update
15-06-2015 16:50:44 LavasoftWeCompanion
16-06-2015 10:45:44 Windows Update

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2013-06-27 13:09 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {008A50F6-6F65-4BD2-9CED-9C791EF23812} - System32\Tasks\WTKXPWLM1 => C:\ProgramData\FlashBeat\FlashBeat.exe [2015-06-03] (FlashBeat) <==== ATTENTION
Task: {052DD86F-62F1-497A-A9E5-710BA7A63CB9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-27] (Google Inc.)
Task: {0B591F0B-E6B2-4AAC-A1B2-1E75764927A9} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => schtasks
Task: {0C20330D-F6F8-4F2E-8E55-839AA9A4126A} - System32\Tasks\AmiUpdXp => C:\Users\Sonne\AppData\Local\32281\Updater.exe [2015-06-09] () <==== ATTENTION
Task: {0E14688E-C9EE-4B4D-A5A5-551D4BE1CA20} - System32\Tasks\XGGLNAPSJN1 => C:\ProgramData\NavRight\NavRight.exe [2015-06-03] (NavRight) <==== ATTENTION
Task: {23D0AE57-EA18-4B45-8047-200E93E04815} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-27] (Google Inc.)
Task: {240F7B74-8D37-46DA-8750-052664AEABBB} - System32\Tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTask => C:\Windows\system32\Wat\WatAdminSvc.exe [2012-03-17] (Microsoft Corporation)
Task: {2A9F2D7A-9915-4466-8678-A21B3B1D1363} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-03-07] (Adobe Systems Incorporated)
Task: {31656AD6-33B9-45E2-8C4C-F877E75F8096} - System32\Tasks\R3jz8d0TYYLlGbCwf1NT => C:\Users\Sonne\AppData\Roaming\R3jz8d0TYYLlGbCwf1NT.exe [2015-04-20] () <==== ATTENTION
Task: {3411171A-79EB-4AF9-A62B-E9E629B0164A} - System32\Tasks\bNGItKJsccWOg => C:\Users\Sonne\AppData\Roaming\bNGItKJsccWOg.exe [2015-04-20] () <==== ATTENTION
Task: {49A6221B-522F-4306-B4C6-C3E86C02A0F8} - System32\Tasks\{C07EE879-4943-44B9-B8F3-B055E75D3C3D} => pcalua.exe -a C:\Users\Sonne\AppData\Roaming\oursurfing\UninstallManager.exe -c  -ptid=amt
Task: {5C3F2F40-0337-4951-8437-B5CCCCC99282} - System32\Tasks\{18968C56-914E-4610-8DF1-80B92D002E96} => pcalua.exe -a C:\Users\Sonne\Downloads\marineemail.exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {65A6A838-CF81-4A49-AED4-D6FD263E0342} - \QtraxPlayer No Task File <==== ATTENTION
Task: {69FC9E73-AB0D-4594-A8C2-DDE5D47DDCED} - System32\Tasks\DWBTM => C:\ProgramData\37e30e59d1a7430da05c726d0388106f\37e30e59d1a7430da05c726d0388106f.exe [2015-06-03] () <==== ATTENTION
Task: {6AEEDEA0-A547-4EA4-9AFD-BFA6D14445C0} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-06-11] (Adobe Systems Incorporated)
Task: {6B7C6944-8702-4A14-BB6E-520DD18A2A23} - System32\Tasks\HLEBG => C:\ProgramData\830d280829ca4028a7f37bc821cc2f16\830d280829ca4028a7f37bc821cc2f16.exe [2015-06-03] () <==== ATTENTION
Task: {82487041-C999-4ECE-AB7C-7EFD19457194} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-05-07] (Microsoft Corporation)
Task: {85E8106C-2D2C-40FD-B2AB-B54F42DD7C5A} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle => C:\Windows\system32\GWX\GWX.exe [2015-05-07] (Microsoft Corporation)
Task: {974EC68E-FAF1-4CE4-9A02-98FF7880FA7C} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-05-07] (Microsoft Corporation)
Task: {C0BF6834-9915-4732-9C72-46A1CE0E29F5} - System32\Tasks\R3jz8d0TYYLlGbCwf1N => C:\Users\Sonne\AppData\Roaming\R3jz8d0TYYLlGbCwf1N.exe <==== ATTENTION
Task: {C81A6CC7-9F65-4B36-9A95-33D5EBF5372E} - \DealPly No Task File <==== ATTENTION
Task: {E46C9C0B-AAEF-4E29-BB4F-E8169FDD5DBA} - System32\Tasks\bNGItKJsccWO => C:\Users\Sonne\AppData\Roaming\bNGItKJsccWO.exe <==== ATTENTION
Task: {F0E5005F-E2B8-459E-A428-D7BB161AA46B} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\Logon => C:\Windows\system32\GWX\GWX.exe [2015-05-07] (Microsoft Corporation)
Task: {F18FBE52-13C8-49FF-B7FC-18FCA0169CDD} - \DealPlyUpdate No Task File <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\AmiUpdXp.job => C:\Users\Sonne\AppData\Local\32281\Updater.exe <==== ATTENTION
Task: C:\Windows\Tasks\bNGItKJsccWO.job => C:\Users\Sonne\AppData\Roaming\bNGItKJsccWO.exe <==== ATTENTION
Task: C:\Windows\Tasks\bNGItKJsccWOg.job => C:\Users\Sonne\AppData\Roaming\bNGItKJsccWOg.exe <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\R3jz8d0TYYLlGbCwf1N.job => C:\Users\Sonne\AppData\Roaming\R3jz8d0TYYLlGbCwf1N.exe <==== ATTENTION
Task: C:\Windows\Tasks\R3jz8d0TYYLlGbCwf1NT.job => C:\Users\Sonne\AppData\Roaming\R3jz8d0TYYLlGbCwf1NT.exe <==== ATTENTION
Task: C:\Windows\Tasks\WTKXPWLM1.job => C:\ProgramData\FlashBeat\FlashBeat.exe <==== ATTENTION
Task: C:\Windows\Tasks\XGGLNAPSJN1.job => C:\ProgramData\NavRight\NavRight.exe <==== ATTENTION

==================== Loaded Modules (Whitelisted) ==============

2013-06-24 10:54 - 2013-06-20 09:58 - 00391040 _____ () C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe
2015-06-15 16:43 - 2015-06-15 16:43 - 00637456 _____ () C:\Users\Sonne\AppData\Local\Temp\Robin Schulz feat Ilsey Headlights__10924_i1536990031_il127297.exe
2015-06-15 16:48 - 2015-06-15 16:48 - 01418832 ____N () C:\Program Files (x86)\CinemaPlus_1.3dV15.06\0ea818e1-6dca-41bf-80a3-83aec663b48e-10.exe
2015-06-15 16:50 - 2015-06-15 16:50 - 01313872 ____N () C:\Program Files (x86)\CinemaPlus_1.3dV15.06\0ea818e1-6dca-41bf-80a3-83aec663b48e-1-6.exe
2015-06-15 16:50 - 2015-06-15 16:50 - 01561168 ____N () C:\Program Files (x86)\CinemaPlus_1.3dV15.06\e2db6740-b937-4041-963f-f478680e12ae-1-6.exe
2013-06-24 10:54 - 2010-06-24 03:16 - 02150400 _____ () C:\Program Files (x86)\VTech\DownloadManager\System\QtCore4.dll
2013-06-24 10:54 - 2010-07-13 15:07 - 07826432 _____ () C:\Program Files (x86)\VTech\DownloadManager\System\QtGui4.dll
2013-06-24 10:54 - 2010-06-02 04:29 - 00934912 _____ () C:\Program Files (x86)\VTech\DownloadManager\System\QtNetwork4.dll
2013-06-24 10:54 - 2010-06-02 04:28 - 00335360 _____ () C:\Program Files (x86)\VTech\DownloadManager\System\QtXml4.dll
2013-06-24 10:54 - 2012-08-06 11:54 - 09843640 _____ () C:\Program Files (x86)\VTech\DownloadManager\System\QtWebKit4.dll
2013-06-24 10:54 - 2010-06-02 04:56 - 00232960 _____ () C:\Program Files (x86)\VTech\DownloadManager\System\phonon4.dll
2013-06-24 10:54 - 2010-06-02 04:54 - 02530816 _____ () C:\Program Files (x86)\VTech\DownloadManager\System\QtXmlPatterns4.dll
2013-06-24 10:54 - 2010-07-05 11:19 - 00116736 _____ () C:\Program Files (x86)\VTech\DownloadManager\System\QtSolutions_SOAP-2.7.dll
2013-06-24 10:54 - 2010-11-11 11:24 - 00028160 _____ () C:\Program Files (x86)\VTech\DownloadManager\System\DACommCenter.dll
2013-06-24 10:54 - 2010-06-02 07:05 - 00025600 _____ () C:\Program Files (x86)\VTech\DownloadManager\System\imageformats\qgif4.dll
2013-06-24 10:54 - 2010-06-02 07:05 - 00119808 _____ () C:\Program Files (x86)\VTech\DownloadManager\System\imageformats\qjpeg4.dll
2011-01-17 16:19 - 2012-04-02 12:01 - 00985088 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
2010-11-19 18:45 - 2012-04-02 12:01 - 00170496 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxslt.dll
2015-06-15 16:52 - 2015-06-15 16:52 - 00088416 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\zlib.dll
2015-06-15 16:52 - 2015-06-15 16:52 - 00137568 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\libexpatw.dll
2015-06-15 16:52 - 2015-06-15 16:52 - 00100704 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\tinyxml.dll
2015-06-15 16:52 - 2015-06-15 16:52 - 00481632 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\sqlite.dll
2015-06-15 16:52 - 2015-06-15 16:52 - 00063840 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\plugins\qmiemalrtpplugin\qmiemalrtpplugin.dll
2015-06-15 16:52 - 2015-06-15 16:52 - 00039776 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\plugins\sysspeeduprtpplugin\SysSpeedupRtpPlugin.dll
2015-06-15 16:52 - 2015-06-15 16:52 - 00018784 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\oDayProtect.dll
2015-06-15 16:52 - 2015-06-15 16:52 - 00203104 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\QQFileFlt.dll
2015-06-15 16:52 - 2015-06-15 16:52 - 00092184 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\xGraphic32.dll
2015-06-15 16:52 - 2015-06-15 16:52 - 00342040 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\arkGraphic.dll
2015-06-15 16:52 - 2015-06-15 16:52 - 00045920 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\jgImage.dll
2015-06-15 16:52 - 2015-06-15 16:52 - 00158048 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\libpng.dll
2015-06-15 16:52 - 2015-06-15 16:52 - 00285024 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\libjpegturbo.dll
2015-06-15 16:52 - 2015-06-15 16:52 - 00014176 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\jgIOStub.dll
2015-06-15 16:52 - 2015-06-15 16:52 - 00194912 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\xImage.dll
2015-06-15 16:52 - 2015-06-15 16:52 - 00076128 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\MemDefrag.dll
2015-06-15 16:52 - 2015-06-15 16:52 - 00571800 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\QMLoader\QQPCDetector.dll
2015-06-15 16:52 - 2015-06-15 16:52 - 00235872 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\QMWlanMacDll.dll
2015-06-15 16:52 - 2015-06-15 16:52 - 00088416 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\plugins\QMNetMon\zlib.dll
2015-06-15 16:52 - 2015-06-15 16:52 - 00137568 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\plugins\QMNetMon\libexpatw.dll
2015-06-15 16:52 - 2015-06-15 16:52 - 00100704 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\plugins\QMNetMon\tinyxml.dll
2015-06-15 16:52 - 2015-06-15 16:52 - 00092184 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\plugins\QMNetMon\xGraphic32.dll
2015-06-15 16:52 - 2015-06-15 16:52 - 00342040 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\plugins\QMNetMon\arkGraphic.dll
2015-06-15 16:52 - 2015-06-15 16:52 - 00045920 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\plugins\QMNetMon\jgImage.dll
2015-06-15 16:52 - 2015-06-15 16:52 - 00158048 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\plugins\QMNetMon\libpng.dll
2015-06-15 16:52 - 2015-06-15 16:52 - 00285024 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\plugins\QMNetMon\libjpegturbo.dll
2015-06-15 16:52 - 2015-06-15 16:52 - 00014176 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\plugins\QMNetMon\jgIOStub.dll
2015-06-11 12:41 - 2015-06-11 12:41 - 16867504 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_188.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:5C321E34

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\QQPCRTP => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\QQPCRTP => ""="service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\S-1-5-21-2983943463-2176006230-4185877932-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-2983943463-2176006230-4185877932-1001\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-2983943463-2176006230-4185877932-1001\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-2983943463-2176006230-4185877932-1001\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-2983943463-2176006230-4185877932-1001\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-2983943463-2176006230-4185877932-1001\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-2983943463-2176006230-4185877932-1001\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-2983943463-2176006230-4185877932-1001\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-2983943463-2176006230-4185877932-1001\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-2983943463-2176006230-4185877932-1001\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-2983943463-2176006230-4185877932-1001\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-2983943463-2176006230-4185877932-1001\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-2983943463-2176006230-4185877932-1001\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-2983943463-2176006230-4185877932-1001\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-2983943463-2176006230-4185877932-1001\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-2983943463-2176006230-4185877932-1001\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-2983943463-2176006230-4185877932-1001\...\1001movie.com -> 1001movie.com
IE restricted site: HKU\S-1-5-21-2983943463-2176006230-4185877932-1001\...\1001night.biz -> 1001night.biz
IE restricted site: HKU\S-1-5-21-2983943463-2176006230-4185877932-1001\...\100gal.net -> 100gal.net
IE restricted site: HKU\S-1-5-21-2983943463-2176006230-4185877932-1001\...\100sexlinks.com -> 100sexlinks.com

There are 5317 more restricted sites.

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2983943463-2176006230-4185877932-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Sonne\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-2983943463-2176006230-4185877932-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\Sonne\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.178.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{55CCA8F9-D7B5-4F9D-A1C7-0B120701405F}] => (Allow) C:\Program Files\HP\HP Deskjet 2050 J510 series\Bin\USBSetup.exe
FirewallRules: [{B468A948-BB76-4CC2-8EF5-6D096A47B629}] => (Allow) C:\Program Files\HP\HP Deskjet 2050 J510 series\Bin\USBSetup.exe
FirewallRules: [{CF74D96B-E1AF-4464-BBA7-6E115330DC86}] => (Allow) C:\Users\Sonne\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{457EC9A3-52BC-49DA-93F0-076B646025E4}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{D5351F3C-C8D2-49A3-AEDA-74CD7573D131}] => (Allow) LPort=2869
FirewallRules: [{159A9B9B-3C47-48E0-B8A7-E5E0B58DEA73}] => (Allow) LPort=1900
FirewallRules: [{C3CE3E41-BC8A-4006-93C6-64BBF3F1BBCD}] => (Allow) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe
FirewallRules: [{69095B4D-B1DD-4937-900E-764FB4BFDC74}] => (Allow) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe
FirewallRules: [{027761D3-0BC9-4612-9AC4-B14267E6A1E7}] => (Allow) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
FirewallRules: [{2724A7D4-B849-4303-8964-334540F1B94D}] => (Allow) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
FirewallRules: [{88C79719-3F96-4DC0-AF71-AFEC59DD0098}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{30BB36D4-C5D6-4159-93A1-BC3151A034CC}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{17D53D46-A97F-4EE3-971C-B63FFE14E20B}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{E033C7B7-2C7D-4154-8093-BF61B71ED4CF}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{70C0E24B-7BC3-4ACB-8ECE-AA2E1567D9D7}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{609E758D-717E-4834-9282-0228860D500C}] => (Allow) C:\Program Files (x86)\Rising\RAV\ravmond.exe
FirewallRules: [{98E0B3BC-E288-498B-B3A4-578CE05808E8}] => (Allow) C:\Program Files (x86)\Rising\RAV\ravmond.exe
FirewallRules: [{21A5AA21-61CA-4320-83DE-399BA6221F46}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\QQPCmgrInstallGuide.exe
FirewallRules: [{2602B83B-1568-40C5-A807-3D8B187937BD}] => (Allow) C:\program files (x86)\common files\tencent\qqdownload\130\tencentdl.exe
FirewallRules: [{40CE0218-73D9-4A4F-91FC-8A5DE007F6A6}] => (Allow) C:\program files (x86)\common files\tencent\qqdownload\130\bugreport_xf.exe
FirewallRules: [{AC4607BC-E257-44B8-9CB1-BE57E67263FF}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\QQPCTray.exe
FirewallRules: [{6C6F446B-5DCF-41D0-B111-4466031A7A9C}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\QQPCMgr.exe
FirewallRules: [{C0947541-CF29-4751-A887-F4BCD33EDCAA}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\QQPCRTP.exe
FirewallRules: [{DC2A925D-A8D1-407A-86B8-2D2E9280DBEA}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\QMDL.exe
FirewallRules: [{81EF5DF4-68DE-429A-9E3D-B43C6BAF0CAA}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\bugreport.exe
FirewallRules: [{7F1A03C7-2D48-4FA2-8D26-3D9A19FB1F14}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\QQPCFileOpen.exe
FirewallRules: [{112B5B9F-E5D2-48F7-ADD1-457835463309}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\QQPCLeakScan.exe
FirewallRules: [{CBF8034A-63AF-41DC-BD89-0BD3024078AE}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\QQPConfig.exe
FirewallRules: [{2E84B329-707E-4707-BDF6-F69283F8898B}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\QQPCSoftMgr.exe
FirewallRules: [{B412D22A-BC2C-4B33-BFDE-637399E97679}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\plugins\QMNetMon\QQPCNetFlow.exe
FirewallRules: [{BA6450E5-CC5F-4446-BE3F-B9DEE93C1854}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\QQPCBTU.exe
FirewallRules: [{FAA11A10-0A48-4E71-BDD2-488DA3454B94}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\QQPCClinic.exe
FirewallRules: [{97D14ABF-BF44-43B2-BE3B-536DEEC0F6C2}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\QQPCLaunch.exe
FirewallRules: [{BD948B14-8C19-4799-B2A4-D7904DF21CF5}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\QMUpdate\QQPCMgrUpdate.exe
FirewallRules: [{FBB344B2-584B-4308-A2F2-CE70AB3D968C}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\QQPCSoftGame.exe
FirewallRules: [{1CD34930-42E6-4A4C-B569-3D7926CCED2D}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\QQPCSysOptimize.exe
FirewallRules: [{65251F91-D874-48BD-B251-1874D834E5BE}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\QQPCUpdateAVLib.exe
FirewallRules: [{A8A802BB-5C55-45B0-B4D1-703FBB22C0FF}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\QQRepair.exe
FirewallRules: [{D31B42DD-FD8B-4D94-AE62-BB9F46539659}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\Uninst.exe
FirewallRules: [{9A32480F-FA3E-4286-99F5-FC3BDC41DE33}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\QQPCPatch.exe
FirewallRules: [{CAFF155D-2F2E-4355-BF76-9EC6DD49C97C}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\TpkUpdate.exe
FirewallRules: [{8C13F7E8-00D4-4215-98A3-09ED996C24D0}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\QMRouterMgr.exe
FirewallRules: [{25C46C94-E505-4199-B70A-08C91E15345C}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\QMAccountProtection.exe
FirewallRules: [{F367AF67-BF06-4DC1-B514-C57A7B023FED}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\QMAdBlock.exe

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Bluetooth-Peripheriegerät
Description: Bluetooth-Peripheriegerät
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Bluetooth-Peripheriegerät
Description: Bluetooth-Peripheriegerät
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (06/16/2015 10:45:57 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".


Details:
AddWin32ServiceFiles: Unable to back up image of service globalUpdate Update Service (globalUpdatem) since QueryServiceConfig API failed

System Error:
Das System kann die angegebene Datei nicht finden.
.

Error: (06/16/2015 10:45:57 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".


Details:
AddWin32ServiceFiles: Unable to back up image of service globalUpdate Update Service (globalUpdate) since QueryServiceConfig API failed

System Error:
Das System kann die angegebene Datei nicht finden.
.

Error: (06/16/2015 10:45:57 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".


Details:
AddWin32ServiceFiles: Unable to back up image of service WindowsMangerProtect Service since QueryServiceConfig API failed

System Error:
Das System kann die angegebene Datei nicht finden.
.

Error: (06/16/2015 10:30:23 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: 0ea818e1-6dca-41bf-80a3-83aec663b48e-6.exe, Version: 0.0.0.0, Zeitstempel: 0x00000000
Name des fehlerhaften Moduls: 0ea818e1-6dca-41bf-80a3-83aec663b48e-6.exe, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000d71ba
ID des fehlerhaften Prozesses: 0x16a0
Startzeit der fehlerhaften Anwendung: 0x0ea818e1-6dca-41bf-80a3-83aec663b48e-6.exe0
Pfad der fehlerhaften Anwendung: 0ea818e1-6dca-41bf-80a3-83aec663b48e-6.exe1
Pfad des fehlerhaften Moduls: 0ea818e1-6dca-41bf-80a3-83aec663b48e-6.exe2
Berichtskennung: 0ea818e1-6dca-41bf-80a3-83aec663b48e-6.exe3

Error: (06/15/2015 04:55:45 PM) (Source: WindowsMangerProtect) (EventID: 102) (User: )
Description: WindowsMangerProtect

Error: (06/15/2015 04:52:17 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.4053"1".
Die abhängige Assemblierung "Microsoft.VC80.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.4053"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (06/15/2015 04:49:42 PM) (Source: MsiInstaller) (EventID: 11316) (User: Harley-Davidson)
Description: Product: globalupdate Helper -- Error 1316. Das angegebene Konto ist bereits vorhanden.

Error: (06/15/2015 04:49:18 PM) (Source: MsiInstaller) (EventID: 11316) (User: Harley-Davidson)
Description: Product: globalupdate Helper -- Error 1316. Das angegebene Konto ist bereits vorhanden.

Error: (06/15/2015 04:45:41 PM) (Source: Adobe Reader) (EventID: 16) (User: )
Description: 

Error: (06/15/2015 02:24:29 PM) (Source: Adobe Reader) (EventID: 16) (User: )
Description: 


System errors:
=============
Error: (06/15/2015 04:53:31 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "QQPCMgr RTP Service" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

Error: (06/15/2015 04:52:28 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {9A754403-27B1-4ED7-96D7-588F07888EBF}

Error: (06/15/2015 04:50:03 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "Rav Service" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

Error: (06/15/2015 04:49:23 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "Rsd Service" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

Error: (06/08/2015 01:37:49 AM) (Source: Microsoft-Windows-LanguagePackSetup) (EventID: 1001) (User: NT-AUTORITÄT)
Description: Fehler beim Starten des Assistenten für das Sprachpaket-Setup. Führen Sie einen Neustart des Systems aus, und führen Sie den Assistenten erneut aus.

Error: (06/08/2015 01:37:48 AM) (Source: Microsoft-Windows-LanguagePackSetup) (EventID: 1000) (User: NT-AUTORITÄT)
Description: Fehler bei der CBS-Clientinitialisierung. Letzter Fehler: 0x80080005

Error: (06/08/2015 01:37:48 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {752073A1-23F2-4396-85F0-8FDB879ED0ED}

Error: (06/08/2015 01:37:21 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows Modules Installer" wurde mit folgendem Fehler beendet: 
%%16405

Error: (06/04/2015 01:23:31 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst IE Search Set erreicht.

Error: (06/04/2015 01:22:32 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎02.‎06.‎2015 um 20:53:53 unerwartet heruntergefahren.


Microsoft Office:
=========================
Error: (06/16/2015 10:45:57 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: 
Details:
AddWin32ServiceFiles: Unable to back up image of service globalUpdate Update Service (globalUpdatem) since QueryServiceConfig API failed

System Error:
Das System kann die angegebene Datei nicht finden.

Error: (06/16/2015 10:45:57 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: 
Details:
AddWin32ServiceFiles: Unable to back up image of service globalUpdate Update Service (globalUpdate) since QueryServiceConfig API failed

System Error:
Das System kann die angegebene Datei nicht finden.

Error: (06/16/2015 10:45:57 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: 
Details:
AddWin32ServiceFiles: Unable to back up image of service WindowsMangerProtect Service since QueryServiceConfig API failed

System Error:
Das System kann die angegebene Datei nicht finden.

Error: (06/16/2015 10:30:23 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: 0ea818e1-6dca-41bf-80a3-83aec663b48e-6.exe0.0.0.0000000000ea818e1-6dca-41bf-80a3-83aec663b48e-6.exe0.0.0.000000000c0000005000d71ba16a001d0a77a857e0638C:\Program Files (x86)\CinemaPlus_1.3dV15.06\0ea818e1-6dca-41bf-80a3-83aec663b48e-6.exeC:\Program Files (x86)\CinemaPlus_1.3dV15.06\0ea818e1-6dca-41bf-80a3-83aec663b48e-6.exeee1495d1-1401-11e5-ac95-e0ca9437c504

Error: (06/15/2015 04:55:45 PM) (Source: WindowsMangerProtect) (EventID: 102) (User: )
Description: WindowsMangerProtect

Error: (06/15/2015 04:52:17 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.4053"C:\Users\Sonne\AppData\Local\Temp\Tencent\QQPCMgr\~2754c540\TestMSVCR_64.exe

Error: (06/15/2015 04:49:42 PM) (Source: MsiInstaller) (EventID: 11316) (User: Harley-Davidson)
Description: Product: globalupdate Helper -- Error 1316. Das angegebene Konto ist bereits vorhanden.
(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (06/15/2015 04:49:18 PM) (Source: MsiInstaller) (EventID: 11316) (User: Harley-Davidson)
Description: Product: globalupdate Helper -- Error 1316. Das angegebene Konto ist bereits vorhanden.
(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (06/15/2015 04:45:41 PM) (Source: Adobe Reader) (EventID: 16) (User: )
Description: 

Error: (06/15/2015 02:24:29 PM) (Source: Adobe Reader) (EventID: 16) (User: )
Description: 


CodeIntegrity Errors:
===================================
  Date: 2013-06-27 13:08:33.046
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-06-27 13:08:32.968
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info =========================== 

Processor: Intel(R) Pentium(R) CPU P6200 @ 2.13GHz
Percentage of memory in use: 66%
Total physical RAM: 3892.55 MB
Available physical RAM: 1289.59 MB
Total Pagefile: 7783.3 MB
Available Pagefile: 4165.4 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (System) (Fixed) (Total:463.76 GB) (Free:250.36 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: B477DB1C)
Partition 1: (Active) - (Size=2 GB) - (Type=27)
Partition 2: (Not Active) - (Size=463.8 GB) - (Type=07 NTFS)

==================== End of log ============================

--- --- ---

Code:

ATTFilter

 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 16.06.2015
Suchlauf-Zeit: 11:40:36
Logdatei: malwarebytes.txt
Administrator: Ja

Version: 2.01.6.1022
Malware Datenbank: v2015.06.16.03
Rootkit Datenbank: v2015.06.15.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Sonne

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 393707
Verstrichene Zeit: 27 Min, 31 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Warnen
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente gefunden)

Module: 0
(Keine schädliche Elemente gefunden)

Registrierungsschlüssel: 0
(Keine schädliche Elemente gefunden)

Registrierungswerte: 0
(Keine schädliche Elemente gefunden)

Registrierungsdaten: 0
(Keine schädliche Elemente gefunden)

Ordner: 0
(Keine schädliche Elemente gefunden)

Dateien: 0
(Keine schädliche Elemente gefunden)

Physische Sektoren: 0
(Keine schädliche Elemente gefunden)


(end)

cosinus · 16.06.2015, 11:11

Was ist mit meiner Frage nach bisherigen Funden und wenn es welche gab, den Logs dazu?

Penelope8282 · 16.06.2015, 11:44

ich hatte gestern nur einmal Malewarebytes scan durchgeführt in der Hoffnung dass dann alles beseitigt ist aber ich habe keinen Log mehr dazu. Daher hatte ich eben einen neues Scan durchgeführt. Sonst hatte ich noch nichts gemacht

cosinus · 16.06.2015, 12:10

Lade Dir bitte von hier

Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.

Installiere und starte das Programm. (Bebilderte Anleitung zu Revo Uninstaller)
Klicke auf Optionen und wähle als Sprache Deutsch.
Suche im Uninstallerfeld nach den Programmen:

AnySend

cinemaplus version 2.04

CinemaPlus_1.3dV15.06

FlashBeat

oursurfing uninstall

Zip Opener Packages 83

Zip Opener Packages 83
Wähle die Programme nacheinander aus und klicke jedes Mal auf Uninstall.
Wähle anschließend den Modus "Moderat" aus.
Reste löschen:
Klicke auf dann auf und dann auf .

Penelope8282 · 16.06.2015, 19:17

Habe alles befolgt, jedoch von den 7 aufgelisteten Dateien nur 2 finden können (cinemaplus und ZipOpenerPackages 83). Beim Zipopener gab es noch eine Fehlermeldung, hatte sie versehentlich weggeklickt

Was kann ich nun tun?

cosinus · 16.06.2015, 22:03

Adware/Junkware/Toolbars entfernen

Alte Versionen von adwCleaner und falls vorhanden JRT vorher löschen, danach neu runterladen auf den Desktop!
Virenscanner jetzt vor dem Einsatz dieser Tools bitte komplett deaktivieren!

1. Schritt: adwCleaner

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

2. Schritt: JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

3. Schritt: Frisches Log mit FRST

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

Penelope8282 · 17.06.2015, 10:10

Code:

ATTFilter

# AdwCleaner v4.206 - Bericht erstellt 17/06/2015 um 10:39:28
# Aktualisiert 01/06/2015 von Xplode
# Datenbank : 2015-06-17.1 [Server]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (x64)
# Benutzername : Sonne - HARLEY-DAVIDSON
# Gestarted von : C:\Users\Sonne\Desktop\AdwCleaner_4.206.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

[!] Ordner Gelöscht : C:\ProgramData\tencent
[!] Ordner Gelöscht : C:\Program Files (x86)\tencent
Ordner Gelöscht : C:\Program Files (x86)\C2PC
Ordner Gelöscht : C:\Program Files (x86)\Common Files\tencent
Ordner Gelöscht : C:\Users\Sonne\AppData\Local\Temp\tencent
Ordner Gelöscht : C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\tencent
[!] Ordner Gelöscht : C:\Program Files\Common Files\tencent
Ordner Gelöscht : C:\Users\Sonne\AppData\Local\globalUpdate
[!] Ordner Gelöscht : C:\Users\Sonne\AppData\Roaming\tencent
Ordner Gelöscht : C:\Users\Sonne\AppData\Local\Google\Chrome\User Data\Default\Extensions\ceaohckoegdncfpojeiehjkaffbdahli
Datei Gelöscht : C:\Users\Sonne\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_fmfnfnpmhcllokmkepffndflpnadjmma_0.localstorage
Datei Gelöscht : C:\Users\Sonne\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_fmfnfnpmhcllokmkepffndflpnadjmma_0.localstorage-journal
Datei Gelöscht : C:\Users\Sonne\Favorites\eBay.lnk
Datei Gelöscht : C:\Users\Sonne\AppData\Roaming\bNGItKJsccWO
Datei Gelöscht : C:\Users\Sonne\AppData\Roaming\bNGItKJsccWOg
Datei Gelöscht : C:\Users\Sonne\AppData\Roaming\R3jz8d0TYYLlGbCwf1N
Datei Gelöscht : C:\Users\Sonne\AppData\Roaming\R3jz8d0TYYLlGbCwf1NT
Datei Gelöscht : C:\Users\Sonne\AppData\Roaming\WBPU-TTL.DAT
Datei Gelöscht : C:\Users\Sonne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\????\????\????.lnk

***** [ Geplante Tasks ] *****

Task Gelöscht : Dealply
Task Gelöscht : DealPlyUpdate
Task Gelöscht : QtraxPlayer
Task Gelöscht : amiupdaterExd
Task Gelöscht : amiupdaterExi
Task Gelöscht : bNGItKJsccWO
Task Gelöscht : bNGItKJsccWOg
Task Gelöscht : R3jz8d0TYYLlGbCwf1N
Task Gelöscht : R3jz8d0TYYLlGbCwf1NT

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\ooebklgpfnbcnpokahmdidgbmlcdepkm
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.superfish.com
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\DownloadProxy.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\CLASSES\METNSD
Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\QQPCRTP
Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\QQPCRTP
Schlüssel Gelöscht : HKLM\SOFTWARE\f1397537-c0ce-432a-a9fb-03ea6853537a
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{51BEE30D-EEC8-4BA3-930B-298B8E759EB1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{70DE12EA-79F4-46BC-9812-86DB50A2FD64}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E7270EC6-0113-4A78-B610-E501D0A9E48E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{E7270EC6-0113-4A78-B610-E501D0A9E48E}
Schlüssel Gelöscht : HKCU\Software\APN PIP
Schlüssel Gelöscht : HKCU\Software\GlobalUpdate
Schlüssel Gelöscht : HKCU\Software\InstalledBrowserExtensions
Schlüssel Gelöscht : HKCU\Software\powerpack
Schlüssel Gelöscht : HKCU\Software\simplytech
Schlüssel Gelöscht : HKLM\SOFTWARE\GlobalUpdate
Schlüssel Gelöscht : HKLM\SOFTWARE\InstalledBrowserExtensions
Schlüssel Gelöscht : HKLM\SOFTWARE\SupDp
Schlüssel Gelöscht : HKLM\SOFTWARE\VBMZ
Schlüssel Gelöscht : HKLM\SOFTWARE\searchult
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\VisualBee for Microsoft PowerPoint
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Linkey
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7D7D6742-5B49-4454-9E9B-748E731E741A}_is1
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A23B547D-36B0-4B85-B68A-AADF6C9A723B}_is1
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\InstalledBrowserExtensions

***** [ Internetbrowser ] *****

-\\ Internet Explorer v11.0.9600.17801


-\\ Mozilla Firefox v38.0.5 (x86 de)

[dxajxy9v.default\prefs.js] - Zeile Gelöscht : user_pref("browser.newtab.url", "chrome://quick_start/content/index.html");
[dxajxy9v.default\prefs.js] - Zeile Gelöscht : user_pref("browser.search.searchengine.alias", "oursurfing");
[dxajxy9v.default\prefs.js] - Zeile Gelöscht : user_pref("browser.search.searchengine.iconURL", "hxxp://www.oursurfing.com/web/favicon.ico");
[dxajxy9v.default\prefs.js] - Zeile Gelöscht : user_pref("browser.search.searchengine.name", "oursurfing");
[dxajxy9v.default\prefs.js] - Zeile Gelöscht : user_pref("browser.search.searchengine.url", "hxxp://www.oursurfing.com/web/?type=dspp&ts=1434379618&z=d9e38f9a987bfbe67f189fegdz0c9z0ccm7t4q7ofg&from=fsf&uid=ST9500325AS_5VEKXSARXXXX5VEKXSAR&q={searc[...]
[dxajxy9v.default\prefs.js] - Zeile Gelöscht : user_pref("browser.search.selectedEngine", "oursurfing");
[dxajxy9v.default\prefs.js] - Zeile Gelöscht : user_pref("browser.startup.homepage", "hxxp://www.oursurfing.com/?type=hppp&ts=1434379618&z=d9e38f9a987bfbe67f189fegdz0c9z0ccm7t4q7ofg&from=fsf&uid=ST9500325AS_5VEKXSARXXXX5VEKXSAR");
[dxajxy9v.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.Xr6TBO8JkymLSiJn.scode", "(function(){try{if(window.location.href.indexOf(\"rjr5qHw8qTCHqTaHrHkErja4rdY\")>-1){return;}}catch(e){}try{var d=[[\"cryptogmail.com\",\"bancdebinary.c[...]
[dxajxy9v.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.a973ba634716b4639a1c150b40c5afc24a09e55466bb60878000com72897.72897.cookie.previous_page.value", "%22hxxp%3A//www.trojaner-board.de/167966-infizierter-laptop-adware-oursurfing-chi[...]
[dxajxy9v.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.a973ba634716b4639a1c150b40c5afc24a09e55466bb60878000com72897.72897.internaldb.monetization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A%7B%22urls%22%3A%5B%22ssfiles.com%22%5[...]
[dxajxy9v.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.aAVJYFVOD75109374HCDE39471360com72895.72895.internaldb.monetization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A%7B%22urls%22%3A%5B%22ssfiles.com%22%5D%7D%2C%22dealply_p%22%[...]
[dxajxy9v.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.cTERK02plTF09h8D.scode", "(function(){try{if(window.location.href.indexOf(\"rjr5qHw8qTCHqTaHrHkErja4rdY\")>-1){return;}}catch(e){}try{var d=[[\"cryptogmail.com\",\"bancdebinary.c[...]
[dxajxy9v.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.crossrider.bic", "14df7b7342b757088c02099473daaacf");
[dxajxy9v.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.quick_start.enable_search1", false);
[dxajxy9v.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.quick_start.sd.closeWindowWithLastTab_prev_state", false);

-\\ Google Chrome v43.0.2357.124

[C:\Users\Sonne\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://www.oursurfing.com/web/?type=dspp&ts=1434379618&z=d9e38f9a987bfbe67f189fegdz0c9z0ccm7t4q7ofg&from=fsf&uid=ST9500325AS_5VEKXSARXXXX5VEKXSAR&q={searchTerms}
[C:\Users\Sonne\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Gelöscht [Extension] : ceaohckoegdncfpojeiehjkaffbdahli
[C:\Users\Sonne\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Gelöscht [Homepage] : hxxp://www.oursurfing.com/?type=hppp&ts=1434379618&z=d9e38f9a987bfbe67f189fegdz0c9z0ccm7t4q7ofg&from=fsf&uid=ST9500325AS_5VEKXSARXXXX5VEKXSAR
[C:\Users\Sonne\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Gelöscht [Startup_URLs] : hxxp://www.oursurfing.com/?type=hppp&ts=1434379618&z=d9e38f9a987bfbe67f189fegdz0c9z0ccm7t4q7ofg&from=fsf&uid=ST9500325AS_5VEKXSARXXXX5VEKXSAR

*************************

AdwCleaner[R0].txt - [9649 Bytes] - [28/11/2013 20:05:13]
AdwCleaner[R1].txt - [1081 Bytes] - [11/03/2014 15:11:49]
AdwCleaner[R2].txt - [1177 Bytes] - [02/04/2014 19:22:23]
AdwCleaner[R3].txt - [1297 Bytes] - [04/04/2014 10:14:09]
AdwCleaner[R4].txt - [13153 Bytes] - [17/06/2015 10:28:26]
AdwCleaner[R5].txt - [12392 Bytes] - [17/06/2015 10:33:26]
AdwCleaner[R6].txt - [13052 Bytes] - [17/06/2015 10:37:13]
AdwCleaner[S0].txt - [8864 Bytes] - [28/11/2013 20:05:52]
AdwCleaner[S1].txt - [1145 Bytes] - [11/03/2014 15:13:07]
AdwCleaner[S2].txt - [1239 Bytes] - [02/04/2014 19:23:12]
AdwCleaner[S3].txt - [1359 Bytes] - [04/04/2014 10:14:44]
AdwCleaner[S4].txt - [1039 Bytes] - [17/06/2015 10:31:06]
AdwCleaner[S5].txt - [440 Bytes] - [17/06/2015 10:35:26]
AdwCleaner[S6].txt - [12300 Bytes] - [17/06/2015 10:39:28]

########## EOF - C:\AdwCleaner\AdwCleaner[S6].txt - [12360  Bytes] ##########

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 7.0.0 (06.17.2015:1)
OS: Windows 7 Home Premium x64
Ran by Sonne on 17.06.2015 at 10:49:09,34
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{50F4150A-48B2-417A-BE4C-C83F580FB904}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{50F4150A-48B2-417A-BE4C-C83F580FB904}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{50F4150A-48B2-417A-BE4C-C83F580FB904}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\Update Techgile
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\Util Techgile



~~~ Files



~~~ Folders

Successfully deleted: [Folder] C:\Program Files (x86)\tencent
Successfully deleted: [Folder] C:\ProgramData\tencent
Successfully deleted: [Folder] C:\Users\Sonne\AppData\Roaming\tencent
Successfully deleted: [Folder] C:\ProgramData\12db864551ae4c578eb17db1a9f5d3cf
Successfully deleted: [Folder] C:\ProgramData\28341ff220e0446c9fff27c4493d622e
Successfully deleted: [Folder] C:\ProgramData\37e30e59d1a7430da05c726d0388106f
Successfully deleted: [Folder] C:\ProgramData\830d280829ca4028a7f37bc821cc2f16
Successfully deleted: [Folder] C:\Users\Sonne\appdata\local\32281



~~~ FireFox




~~~ Chrome


[C:\Users\Sonne\appdata\local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

[C:\Users\Sonne\appdata\local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:
ceaohckoegdncfpojeiehjkaffbdahli

[C:\Users\Sonne\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

[C:\Users\Sonne\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 17.06.2015 at 10:57:38,71
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-06-2015
Ran by Sonne (administrator) on HARLEY-DAVIDSON on 17-06-2015 11:07:21
Running from C:\Users\Sonne\Desktop
Loaded Profiles: Sonne (Available Profiles: Sonne)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Beijing Rising Information Technology Co., Ltd.) C:\Program Files (x86)\Rising\RSD\RsMgrSvc.exe
(Beijing Rising Information Technology Co., Ltd.) C:\Program Files (x86)\Rising\RAV\ravmond.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
(CSR, plc) C:\Program Files\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Beijing Rising Information Technology Co., Ltd.) C:\Program Files (x86)\Rising\RAV\rstray.exe
(Nero AG) C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1861416 2009-10-09] (Synaptics Incorporated)
HKLM\...\Run: [PfNet] => C:\Program Files\Fujitsu\Plugfree NETWORK\PfNet.exe [6310912 2010-06-24] (FUJITSU LIMITED)
HKLM\...\Run: [PSUTility] => C:\Program Files\Fujitsu\PSUtility\TrayManager.exe [188264 2009-07-30] (FUJITSU LIMITED)
HKLM\...\Run: [FDM7] => C:\Program Files\Fujitsu\FDM7\FdmDaemon.exe [164712 2009-11-26] (FUJITSU LIMITED)
HKLM\...\Run: [LoadFujitsuQuickTouch] => C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe [157544 2009-10-15] (FUJITSU LIMITED)
HKLM\...\Run: [LoadBtnHnd] => C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe [35176 2009-10-15] (FUJITSU LIMITED)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8312352 2009-10-28] (Realtek Semiconductor)
HKLM\...\Run: [ConMgr] => C:\Program Files\CSR\Bluetooth Feature Pack 5.0\ConMgr.exe [535440 2009-12-24] (CSR, plc)
HKLM\...\Run: [CSRSkype] => C:\Program Files\CSR\Bluetooth Feature Pack 5.0\CSRSkype.exe [431504 2009-12-24] (CSR, plc)
HKLM-x32\...\Run: [LoadFUJ02E3] => C:\Program Files (x86)\Fujitsu\FUJ02E3\FUJ02E3.exe [36712 2009-10-08] (FUJITSU LIMITED)
HKLM-x32\...\Run: [IndicatorUtility] => C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe [47976 2009-10-09] (FUJITSU LIMITED)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [AgentMonitor] => C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe [391040 2013-06-20] ()
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [189480 2014-02-06] (Geek Software GmbH)
HKLM-x32\...\Run: [Rs] => C:\Program Files (x86)\Rs\Rs.exe [172032 2015-06-15] (Windows APP)
HKLM-x32\...\Run: [RSDTRAY] => C:\Program Files (x86)\Rising\RSD\popwndexe.exe [126808 2012-09-25] (Beijing Rising Information Technology Co., Ltd.)
HKLM-x32\...\Run: [ QQPCTray] => "C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\QQPCTRAY.EXE" /regrun /qqrepair
HKLM-x32\...\Run: [RavTRAY] => C:\Program Files (x86)\Rising\RAV\rstray.exe [111000 2015-06-16] (Beijing Rising Information Technology Co., Ltd.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2983943463-2176006230-4185877932-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Bubbles.scr [899584 2010-11-21] (Microsoft Corporation)
AppInit_DLLs: C:\ProgramData\FlashBeat\FlashBeat64.dll => C:\ProgramData\FlashBeat\FlashBeat64.dll File not found
AppInit_DLLs-x32: C:\ProgramData\FlashBeat\FlashBeat32.dll => "C:\ProgramData\FlashBeat\FlashBeat32.dll" File not found
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2015-05-18]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\Sonne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk [2012-04-02]
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
ShellIconOverlayIdentifiers: [.QMDeskTopGCIcon] -> {B7667919-3765-4815-A66D-98A09BE662D6} => C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\QMGCShellExt64.dll No File
BootExecute: autocheck autochk *  bsmain
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2983943463-2176006230-4185877932-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: No Name -> {2BF6CDAE-6D19-44ED-9035-D44BA7CD20C5} ->  No File
BHO: 电脑管家网页防火墙 -> {7C260B4B-F7A0-40B5-B403-BEFCDC6A4C3B} -> C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\TSWebMon64.dat No File
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll [2014-04-09] (McAfee, Inc.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-06-27] (Oracle Corporation)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-06-27] (Oracle Corporation)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} -  No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Sonne\AppData\Roaming\Mozilla\Firefox\Profiles\dxajxy9v.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_188.dll [2015-06-11] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-06-11] ()
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2013-06-27] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2013-06-27] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @qq.com/npAndroidAssistant -> C:\Program Files (x86)\Common Files\Tencent\QQPhoneManager\2.0.201.3198\npQQPhoneManagerExt.dll No File
FF Plugin-x32: @qq.com/QQPCMgr -> C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\npQMExtensionsMozilla.dll No File
FF Plugin-x32: @rising.com.cn/nprising -> C:\Program Files (x86)\Rising\RAV\nprising.dll [2015-06-15] (Beijing Rising Information Technology Co., Ltd.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-03-17] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2983943463-2176006230-4185877932-1001: @rising.com.cn/nprising -> C:\Program Files (x86)\Rising\RAV\nprising.dll [2015-06-15] (Beijing Rising Information Technology Co., Ltd.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-03-17] (Adobe Systems Inc.)
FF Extension: NoScript - C:\Users\Sonne\AppData\Roaming\Mozilla\Firefox\Profiles\dxajxy9v.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2013-06-28]
FF Extension: Adblock Plus - C:\Users\Sonne\AppData\Roaming\Mozilla\Firefox\Profiles\dxajxy9v.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-06-28]
FF HKU\S-1-5-21-2983943463-2176006230-4185877932-1001\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: No Name - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]

Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Sonne\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (No Name) - C:\Users\Sonne\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkadffjmnaiokkdncgdlecdegajoiemi [2015-06-15]
CHR Extension: (Google Wallet) - C:\Users\Sonne\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-09]
CHR Extension: (Amazon) - C:\Users\Sonne\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocbnpbkmjpgbdcgiflkgkpnkinifpgpj [2015-02-10]
CHR HKLM-x32\...\Chrome\Extension: [ocbnpbkmjpgbdcgiflkgkpnkinifpgpj] - C:\Users\Sonne\ChromeExtensions\ocbnpbkmjpgbdcgiflkgkpnkinifpgpj\amazon-icon-2.crx [2014-11-12]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 LMS; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [262144 2009-11-01] (Intel Corporation) [File not signed]
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
S2 PFNService; C:\Program Files\Fujitsu\Plugfree NETWORK\PFNService.exe [330240 2010-06-24] (FUJITSU LIMITED) [File not signed]
S2 PowerSavingUtilityService; C:\Program Files\Fujitsu\PSUtility\PSUService.exe [63336 2009-07-30] (FUJITSU LIMITED)
R2 RsMgrSvc; C:\Program Files (x86)\Rising\RSD\RsMgrSvc.exe [184088 2015-06-15] (Beijing Rising Information Technology Co., Ltd.)
R2 RsRavMon; C:\Program Files (x86)\Rising\RAV\ravmond.exe [277552 2014-05-15] (Beijing Rising Information Technology Co., Ltd.)
S2 UNS; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2314240 2009-11-01] (Intel Corporation) [File not signed]
R2 VFPRadioSupportService; C:\Program Files\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe [145840 2009-12-24] (CSR, plc)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R3 BthAvrcp; C:\Windows\System32\DRIVERS\BthAvrcp.sys [34704 2009-12-24] (CSR, plc)
R3 FUJ02B1; C:\Windows\System32\DRIVERS\FUJ02B1.sys [7808 2006-11-01] (FUJITSU LIMITED)
R3 FUJ02E3; C:\Windows\System32\DRIVERS\FUJ02E3.sys [7296 2006-11-01] (FUJITSU LIMITED)
R1 HyperVM; C:\Windows\system32\drivers\hvm.sys [41784 2015-06-16] (Beijing Rising Information Technology Co., Ltd.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
R1 rsutils; C:\Windows\System32\DRIVERS\rsutils.sys [71760 2015-06-16] (Beijing Rising Information Technology Co., Ltd.)
R0 sysmon; C:\Windows\System32\DRIVERS\sysmon.sys [119256 2015-06-16] (Beijing Rising Information Technology Co., Ltd.)
S3 TSSKX64; C:\Windows\System32\drivers\tsskx64.sys [38200 2015-06-15] (电脑管家)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [52736 2012-02-15] (Apple, Inc.) [File not signed]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-17 10:57 - 2015-06-17 10:57 - 00002400 _____ C:\Users\Sonne\Desktop\JRT.txt
2015-06-17 10:49 - 2015-06-17 10:49 - 00000207 _____ C:\Windows\tweaking.com-regbackup-HARLEY-DAVIDSON-Windows-7-Home-Premium-(64-bit).dat
2015-06-17 10:49 - 2015-06-17 10:49 - 00000000 ____D C:\RegBackup
2015-06-17 10:48 - 2015-06-17 10:48 - 02946265 _____ (Thisisu) C:\Users\Sonne\Desktop\JRT.exe
2015-06-17 10:41 - 2015-06-17 10:41 - 00000000 ____D C:\ProgramData\TXQMPC
2015-06-17 10:26 - 2015-06-17 10:26 - 02231296 _____ C:\Users\Sonne\Desktop\AdwCleaner_4.206.exe
2015-06-16 20:04 - 2015-06-16 20:04 - 00001234 _____ C:\Users\Sonne\Desktop\Revo Uninstaller.lnk
2015-06-16 20:04 - 2015-06-16 20:04 - 00000000 ____D C:\Program Files (x86)\VS Revo Group
2015-06-16 20:02 - 2015-06-16 20:02 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Sonne\Desktop\revosetup95.exe
2015-06-16 12:21 - 2015-06-17 10:45 - 00003328 _____ C:\Windows\System32\Tasks\RsDelayLauncher_{8A34248E-7D35-4832-8378-7659E0B0A380}
2015-06-16 12:16 - 2015-06-16 12:20 - 00028984 _____ (Tencent) C:\Windows\SysWOW64\Drivers\TS888x64.sys
2015-06-16 12:14 - 2015-06-17 10:43 - 01253444 _____ C:\Windows\PFRO.log
2015-06-16 12:09 - 2015-06-16 12:09 - 00001216 _____ C:\Users\Sonne\Desktop\malwarebytes.txt
2015-06-16 11:51 - 2015-06-16 11:54 - 00047075 _____ C:\Users\Sonne\Desktop\Addition.txt
2015-06-16 11:49 - 2015-06-17 11:07 - 00016393 _____ C:\Users\Sonne\Desktop\FRST.txt
2015-06-16 11:47 - 2015-06-16 11:47 - 02109952 _____ (Farbar) C:\Users\Sonne\Desktop\FRST64.exe
2015-06-16 11:06 - 2015-06-16 11:06 - 00000134 _____ C:\Windows\SysWOW64\BsMain.ini
2015-06-16 11:06 - 2015-06-16 11:06 - 00000000 ___RD C:\RavBin
2015-06-16 11:06 - 2015-06-16 11:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rising Antivirus
2015-06-16 11:06 - 2015-06-16 11:04 - 00091928 ____N (Beijing Rising Information Technology Co., Ltd.) C:\Windows\SysWOW64\vpatch.dll
2015-06-16 11:05 - 2015-06-16 10:35 - 00325400 ____N (Beijing Rising Information Technology Co., Ltd.) C:\Windows\system32\ravext64.dll
2015-06-16 11:05 - 2015-06-16 10:35 - 00256280 ____N (Beijing Rising Information Technology Co., Ltd.) C:\Windows\SysWOW64\ravext.dll
2015-06-16 11:05 - 2015-06-16 10:32 - 00041784 ____N (Beijing Rising Information Technology Co., Ltd.) C:\Windows\system32\Drivers\hvm.sys
2015-06-16 11:05 - 2015-06-16 10:31 - 00240472 ____N (Beijing Rising Information Technology Co., Ltd.) C:\Windows\SysWOW64\bsmain.exe
2015-06-16 10:26 - 2015-06-16 10:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\腾讯软件
2015-06-15 18:29 - 2015-06-17 10:43 - 00000560 _____ C:\Windows\setupact.log
2015-06-15 18:29 - 2015-06-15 18:29 - 00000000 _____ C:\Windows\setuperr.log
2015-06-15 17:03 - 2015-06-15 17:03 - 00003160 _____ C:\Windows\System32\Tasks\{C07EE879-4943-44B9-B8F3-B055E75D3C3D}
2015-06-15 16:53 - 2015-06-15 16:53 - 00000000 ____D C:\Users\Sonne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\腾讯软件
2015-06-15 16:53 - 2015-06-15 16:52 - 00174392 _____ (Tencent Technology(Shenzhen) Company Limited) C:\Windows\system32\Drivers\TAOKernel64.sys
2015-06-15 16:53 - 2015-06-15 16:52 - 00099640 _____ (Tencent) C:\Windows\system32\Drivers\TAOAccelerator64.sys
2015-06-15 16:53 - 2015-06-15 16:52 - 00087864 _____ (电脑管家) C:\Windows\system32\Drivers\TFsFltX64.sys
2015-06-15 16:53 - 2015-06-15 16:52 - 00038200 _____ (电脑管家) C:\Windows\system32\Drivers\TSSKX64.sys
2015-06-15 16:50 - 2015-06-16 11:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rising Software Deployment System
2015-06-15 16:50 - 2015-06-16 10:30 - 00119256 ____N (Beijing Rising Information Technology Co., Ltd.) C:\Windows\system32\Drivers\sysmon.sys
2015-06-15 16:50 - 2015-06-16 10:30 - 00071760 ____N (Beijing Rising Information Technology Co., Ltd.) C:\Windows\system32\Drivers\rsutils.sys
2015-06-15 16:50 - 2015-06-15 16:50 - 00000150 __RSH C:\rising.ini
2015-06-15 16:50 - 2012-02-29 09:49 - 00011888 ____N (Beijing Rising Information Technology Co., Ltd.) C:\Windows\system32\Drivers\rsndisp.sys
2015-06-15 16:49 - 2015-06-16 12:10 - 00000000 ____D C:\Program Files (x86)\b24cd062-bf2a-4359-9342-85828b0ba5d3
2015-06-15 16:49 - 2015-06-16 12:10 - 00000000 ____D C:\Program Files (x86)\639202a2-5fcc-4a00-ba2e-ebce06ee95fc
2015-06-15 16:49 - 2015-06-15 16:57 - 00000000 ____D C:\Program Files (x86)\Rs
2015-06-15 16:49 - 2015-06-15 16:50 - 00000000 ____D C:\ProgramData\Rising
2015-06-15 16:49 - 2015-06-15 16:49 - 00000000 ____D C:\Program Files (x86)\Rising
2015-06-15 16:48 - 2015-06-17 10:43 - 00000330 _____ C:\Windows\Tasks\WTKXPWLM1.job
2015-06-15 16:48 - 2015-06-16 10:26 - 00000004 _____ C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-06-15 16:48 - 2015-06-15 16:48 - 00003572 _____ C:\Windows\System32\Tasks\DWBTM
2015-06-15 16:48 - 2015-06-15 16:48 - 00002852 _____ C:\Windows\System32\Tasks\WTKXPWLM1
2015-06-15 16:47 - 2015-06-17 10:43 - 00000324 _____ C:\Windows\Tasks\XGGLNAPSJN1.job
2015-06-15 16:47 - 2015-06-15 16:47 - 00003572 _____ C:\Windows\System32\Tasks\HLEBG
2015-06-15 16:47 - 2015-06-15 16:47 - 00002846 _____ C:\Windows\System32\Tasks\XGGLNAPSJN1
2015-06-15 16:47 - 2015-06-15 16:47 - 00000000 _____ C:\Windows\hgfs.sys
2015-06-15 16:46 - 2015-06-15 16:46 - 00000000 _____ C:\Windows\prleth.sys
2015-06-08 01:05 - 2015-05-01 15:17 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-06-08 01:05 - 2015-05-01 15:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-06-04 13:56 - 2015-06-16 12:14 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-05-21 15:48 - 2015-05-21 15:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2015-05-21 15:48 - 2015-05-21 15:48 - 00000000 ____D C:\Program Files\McAfee Security Scan
2015-05-20 10:46 - 2015-05-20 10:46 - 00013489 _____ C:\Users\Sonne\Documents\Stadt W´hausen Herr Meyer (PayPal).odt
2015-05-18 14:11 - 2015-05-21 15:48 - 00001937 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2015-05-18 14:11 - 2015-05-21 15:48 - 00000000 ____D C:\ProgramData\McAfee Security Scan
2015-05-18 14:10 - 2015-06-16 12:10 - 00000000 ____D C:\Program Files (x86)\Adobe
2015-05-18 14:10 - 2015-05-18 14:10 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-05-18 14:10 - 2015-05-18 14:10 - 00002013 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-17 11:07 - 2013-07-02 19:21 - 00000000 ____D C:\FRST
2015-06-17 10:57 - 2009-07-14 06:45 - 00024608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-06-17 10:57 - 2009-07-14 06:45 - 00024608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-06-17 10:43 - 2011-09-30 23:16 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-06-17 10:43 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-06-17 10:41 - 2013-11-28 20:05 - 00000000 ____D C:\AdwCleaner
2015-06-17 10:41 - 2013-06-07 21:17 - 02009341 _____ C:\Windows\WindowsUpdate.log
2015-06-17 10:41 - 2013-03-28 20:47 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-06-17 10:39 - 2011-09-30 23:16 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-06-16 12:21 - 2009-07-14 07:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2015-06-16 12:15 - 2009-07-14 06:45 - 00295648 _____ C:\Windows\system32\FNTCACHE.DAT
2015-06-16 12:14 - 2013-07-09 11:08 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-06-16 12:14 - 2009-07-14 05:20 - 00000000 __RSD C:\Windows\Media
2015-06-16 11:40 - 2014-11-13 11:04 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-06-16 11:39 - 2014-11-13 11:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-06-16 11:39 - 2014-11-13 11:04 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-06-16 11:39 - 2013-11-28 20:20 - 00001072 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-06-16 11:36 - 2011-09-30 23:24 - 00064544 _____ C:\Users\Sonne\AppData\Local\GDIPFONTCACHEV1.DAT
2015-06-15 17:02 - 2013-09-09 15:44 - 00002141 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-06-15 17:02 - 2013-07-09 11:08 - 00001169 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-06-15 17:02 - 2013-07-09 11:08 - 00001157 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-06-15 17:02 - 2011-09-30 23:34 - 00001431 _____ C:\Users\Sonne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-06-15 16:59 - 2013-04-17 16:39 - 00000000 ____D C:\Users\Sonne\AppData\Local\CrashDumps
2015-06-15 16:54 - 2011-09-30 23:37 - 00000000 ____D C:\Users\Sonne\AppData\Local\VirtualStore
2015-06-11 12:41 - 2013-03-28 20:47 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-06-11 12:41 - 2013-03-28 20:46 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-06-11 12:41 - 2011-09-30 23:41 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-06-09 21:01 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2015-06-08 01:34 - 2012-05-14 13:08 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-06-08 01:34 - 2012-05-14 13:08 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-06-08 01:32 - 2015-04-22 13:38 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2015-06-08 01:32 - 2015-04-22 13:38 - 00000000 ___SD C:\Windows\system32\GWX
2015-06-08 01:32 - 2010-11-21 09:17 - 00000000 ____D C:\Program Files\Windows Journal
2015-06-08 01:32 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\AdvancedInstallers
2015-06-08 01:10 - 2012-03-28 10:11 - 00000000 ____D C:\Program Files (x86)\Microsoft Application Virtualization Client
2015-06-08 01:10 - 2011-04-16 12:56 - 01649782 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2015-06-08 01:10 - 2011-02-14 14:57 - 00700118 _____ C:\Windows\system32\perfh007.dat
2015-06-08 01:10 - 2011-02-14 14:57 - 00149968 _____ C:\Windows\system32\perfc007.dat
2015-06-08 01:04 - 2012-05-14 14:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-06-04 13:34 - 2015-05-15 21:27 - 00000000 ____D C:\Users\Sonne\Documents\Musch Delank Imex
2015-05-21 15:57 - 2011-09-30 23:55 - 00000000 ____D C:\Users\Sonne\Desktop\Fotos
2015-05-20 14:44 - 2011-09-30 23:23 - 00000000 ____D C:\Users\Sonne\AppData\Local\Adobe
2015-05-19 11:42 - 2012-04-01 11:15 - 00000000 ____D C:\Users\Sonne\Documents\Eigene Dateien
2015-05-19 09:12 - 2009-07-14 07:32 - 00000000 ____D C:\Windows\system32\FxsTmp
2015-05-18 14:11 - 2015-01-11 11:43 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-05-18 14:11 - 2011-09-30 23:41 - 00000000 ____D C:\Users\Sonne\AppData\Roaming\Adobe
2015-05-18 14:10 - 2011-09-30 23:18 - 00000000 ____D C:\ProgramData\Adobe
2015-05-18 13:34 - 2011-09-30 23:16 - 00004106 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-05-18 13:34 - 2011-09-30 23:16 - 00003854 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

==================== Files in the root of some directories =======

2013-10-02 20:36 - 2014-01-05 15:11 - 0000678 _____ () C:\Users\Sonne\AppData\Local\cookies.ini

Some files in TEMP:
====================
C:\Users\Sonne\AppData\Local\Temp\C2PC_SP.exe
C:\Users\Sonne\AppData\Local\Temp\Quarantine.exe
C:\Users\Sonne\AppData\Local\Temp\sqlite3.dll
C:\Users\Sonne\AppData\Local\Temp\Uninstall.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-06-16 20:35

==================== End of log ============================

Penelope8282 · 17.06.2015, 13:16

Ok, habe alles befolgt. Im Taskmanager ist mir eben unter "Prozesse" das hier noch aufgefallen:

Penelope8282 · 17.06.2015, 13:19

So, habe alles befolgt, im Taskmanager habe ich folgendes noch gefunden, hoffe ich krieg den Screenshot hier jetzt gepostet

cosinus · 17.06.2015, 15:11

Bitte auch ne neue Addition.txt erstellen, dazu FRST starten und einen Haken setzen bei Addition.txt, dann auf Scan klicken.

Penelope8282 · 17.06.2015, 16:10

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-06-2015
Ran by Sonne (administrator) on HARLEY-DAVIDSON on 17-06-2015 16:22:40
Running from C:\Users\Sonne\Desktop
Loaded Profiles: Sonne (Available Profiles: Sonne)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Beijing Rising Information Technology Co., Ltd.) C:\Program Files (x86)\Rising\RSD\RsMgrSvc.exe
(Beijing Rising Information Technology Co., Ltd.) C:\Program Files (x86)\Rising\RAV\ravmond.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
(CSR, plc) C:\Program Files\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Beijing Rising Information Technology Co., Ltd.) C:\Program Files (x86)\Rising\RAV\rstray.exe
(Nero AG) C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_188.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_188.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1861416 2009-10-09] (Synaptics Incorporated)
HKLM\...\Run: [PfNet] => C:\Program Files\Fujitsu\Plugfree NETWORK\PfNet.exe [6310912 2010-06-24] (FUJITSU LIMITED)
HKLM\...\Run: [PSUTility] => C:\Program Files\Fujitsu\PSUtility\TrayManager.exe [188264 2009-07-30] (FUJITSU LIMITED)
HKLM\...\Run: [FDM7] => C:\Program Files\Fujitsu\FDM7\FdmDaemon.exe [164712 2009-11-26] (FUJITSU LIMITED)
HKLM\...\Run: [LoadFujitsuQuickTouch] => C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe [157544 2009-10-15] (FUJITSU LIMITED)
HKLM\...\Run: [LoadBtnHnd] => C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe [35176 2009-10-15] (FUJITSU LIMITED)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8312352 2009-10-28] (Realtek Semiconductor)
HKLM\...\Run: [ConMgr] => C:\Program Files\CSR\Bluetooth Feature Pack 5.0\ConMgr.exe [535440 2009-12-24] (CSR, plc)
HKLM\...\Run: [CSRSkype] => C:\Program Files\CSR\Bluetooth Feature Pack 5.0\CSRSkype.exe [431504 2009-12-24] (CSR, plc)
HKLM-x32\...\Run: [LoadFUJ02E3] => C:\Program Files (x86)\Fujitsu\FUJ02E3\FUJ02E3.exe [36712 2009-10-08] (FUJITSU LIMITED)
HKLM-x32\...\Run: [IndicatorUtility] => C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe [47976 2009-10-09] (FUJITSU LIMITED)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [AgentMonitor] => C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe [391040 2013-06-20] ()
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [189480 2014-02-06] (Geek Software GmbH)
HKLM-x32\...\Run: [Rs] => C:\Program Files (x86)\Rs\Rs.exe [172032 2015-06-15] (Windows APP)
HKLM-x32\...\Run: [RSDTRAY] => C:\Program Files (x86)\Rising\RSD\popwndexe.exe [126808 2012-09-25] (Beijing Rising Information Technology Co., Ltd.)
HKLM-x32\...\Run: [ QQPCTray] => "C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\QQPCTRAY.EXE" /regrun /qqrepair
HKLM-x32\...\Run: [RavTRAY] => C:\Program Files (x86)\Rising\RAV\rstray.exe [111000 2015-06-16] (Beijing Rising Information Technology Co., Ltd.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2983943463-2176006230-4185877932-1001\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_17_0_0_188_Plugin.exe [927920 2015-06-11] (Adobe Systems Incorporated)
HKU\S-1-5-21-2983943463-2176006230-4185877932-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Bubbles.scr [899584 2010-11-21] (Microsoft Corporation)
AppInit_DLLs: C:\ProgramData\FlashBeat\FlashBeat64.dll => C:\ProgramData\FlashBeat\FlashBeat64.dll File not found
AppInit_DLLs-x32: C:\ProgramData\FlashBeat\FlashBeat32.dll => "C:\ProgramData\FlashBeat\FlashBeat32.dll" File not found
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2015-05-18]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\Sonne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk [2012-04-02]
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
ShellIconOverlayIdentifiers: [.QMDeskTopGCIcon] -> {B7667919-3765-4815-A66D-98A09BE662D6} => C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\QMGCShellExt64.dll No File
BootExecute: autocheck autochk *  bsmain
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2983943463-2176006230-4185877932-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: No Name -> {2BF6CDAE-6D19-44ED-9035-D44BA7CD20C5} ->  No File
BHO: 电脑管家网页防火墙 -> {7C260B4B-F7A0-40B5-B403-BEFCDC6A4C3B} -> C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\TSWebMon64.dat No File
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll [2014-04-09] (McAfee, Inc.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-06-27] (Oracle Corporation)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-06-27] (Oracle Corporation)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} -  No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Sonne\AppData\Roaming\Mozilla\Firefox\Profiles\dxajxy9v.default
FF Homepage: hxxp://www.google.de/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_188.dll [2015-06-11] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-06-11] ()
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2013-06-27] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2013-06-27] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @qq.com/npAndroidAssistant -> C:\Program Files (x86)\Common Files\Tencent\QQPhoneManager\2.0.201.3198\npQQPhoneManagerExt.dll No File
FF Plugin-x32: @qq.com/QQPCMgr -> C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\npQMExtensionsMozilla.dll No File
FF Plugin-x32: @rising.com.cn/nprising -> C:\Program Files (x86)\Rising\RAV\nprising.dll [2015-06-15] (Beijing Rising Information Technology Co., Ltd.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-03-17] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2983943463-2176006230-4185877932-1001: @rising.com.cn/nprising -> C:\Program Files (x86)\Rising\RAV\nprising.dll [2015-06-15] (Beijing Rising Information Technology Co., Ltd.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-03-17] (Adobe Systems Inc.)
FF Extension: NoScript - C:\Users\Sonne\AppData\Roaming\Mozilla\Firefox\Profiles\dxajxy9v.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2013-06-28]
FF Extension: Adblock Plus - C:\Users\Sonne\AppData\Roaming\Mozilla\Firefox\Profiles\dxajxy9v.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-06-28]
FF HKU\S-1-5-21-2983943463-2176006230-4185877932-1001\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: No Name - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]

Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Sonne\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (No Name) - C:\Users\Sonne\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkadffjmnaiokkdncgdlecdegajoiemi [2015-06-15]
CHR Extension: (Google Wallet) - C:\Users\Sonne\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-09]
CHR Extension: (Amazon) - C:\Users\Sonne\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocbnpbkmjpgbdcgiflkgkpnkinifpgpj [2015-02-10]
CHR HKLM-x32\...\Chrome\Extension: [ocbnpbkmjpgbdcgiflkgkpnkinifpgpj] - C:\Users\Sonne\ChromeExtensions\ocbnpbkmjpgbdcgiflkgkpnkinifpgpj\amazon-icon-2.crx [2014-11-12]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 LMS; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [262144 2009-11-01] (Intel Corporation) [File not signed]
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
S2 PFNService; C:\Program Files\Fujitsu\Plugfree NETWORK\PFNService.exe [330240 2010-06-24] (FUJITSU LIMITED) [File not signed]
S2 PowerSavingUtilityService; C:\Program Files\Fujitsu\PSUtility\PSUService.exe [63336 2009-07-30] (FUJITSU LIMITED)
R2 RsMgrSvc; C:\Program Files (x86)\Rising\RSD\RsMgrSvc.exe [184088 2015-06-15] (Beijing Rising Information Technology Co., Ltd.)
R2 RsRavMon; C:\Program Files (x86)\Rising\RAV\ravmond.exe [277552 2014-05-15] (Beijing Rising Information Technology Co., Ltd.)
S2 UNS; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2314240 2009-11-01] (Intel Corporation) [File not signed]
R2 VFPRadioSupportService; C:\Program Files\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe [145840 2009-12-24] (CSR, plc)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R3 BthAvrcp; C:\Windows\System32\DRIVERS\BthAvrcp.sys [34704 2009-12-24] (CSR, plc)
R3 FUJ02B1; C:\Windows\System32\DRIVERS\FUJ02B1.sys [7808 2006-11-01] (FUJITSU LIMITED)
R3 FUJ02E3; C:\Windows\System32\DRIVERS\FUJ02E3.sys [7296 2006-11-01] (FUJITSU LIMITED)
R1 HyperVM; C:\Windows\system32\drivers\hvm.sys [41784 2015-06-16] (Beijing Rising Information Technology Co., Ltd.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
R1 rsutils; C:\Windows\System32\DRIVERS\rsutils.sys [71760 2015-06-16] (Beijing Rising Information Technology Co., Ltd.)
R0 sysmon; C:\Windows\System32\DRIVERS\sysmon.sys [119256 2015-06-16] (Beijing Rising Information Technology Co., Ltd.)
S3 TSSKX64; C:\Windows\System32\drivers\tsskx64.sys [38200 2015-06-15] (电脑管家)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [52736 2012-02-15] (Apple, Inc.) [File not signed]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-17 10:57 - 2015-06-17 10:57 - 00002400 _____ C:\Users\Sonne\Desktop\JRT.txt
2015-06-17 10:49 - 2015-06-17 10:49 - 00000207 _____ C:\Windows\tweaking.com-regbackup-HARLEY-DAVIDSON-Windows-7-Home-Premium-(64-bit).dat
2015-06-17 10:49 - 2015-06-17 10:49 - 00000000 ____D C:\RegBackup
2015-06-17 10:48 - 2015-06-17 10:48 - 02946265 _____ (Thisisu) C:\Users\Sonne\Desktop\JRT.exe
2015-06-17 10:41 - 2015-06-17 10:41 - 00000000 ____D C:\ProgramData\TXQMPC
2015-06-17 10:26 - 2015-06-17 10:26 - 02231296 _____ C:\Users\Sonne\Desktop\AdwCleaner_4.206.exe
2015-06-16 20:04 - 2015-06-16 20:04 - 00001234 _____ C:\Users\Sonne\Desktop\Revo Uninstaller.lnk
2015-06-16 20:04 - 2015-06-16 20:04 - 00000000 ____D C:\Program Files (x86)\VS Revo Group
2015-06-16 20:02 - 2015-06-16 20:02 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Sonne\Desktop\revosetup95.exe
2015-06-16 12:21 - 2015-06-17 10:45 - 00003328 _____ C:\Windows\System32\Tasks\RsDelayLauncher_{8A34248E-7D35-4832-8378-7659E0B0A380}
2015-06-16 12:16 - 2015-06-16 12:20 - 00028984 _____ (Tencent) C:\Windows\SysWOW64\Drivers\TS888x64.sys
2015-06-16 12:14 - 2015-06-17 10:43 - 01253444 _____ C:\Windows\PFRO.log
2015-06-16 12:09 - 2015-06-16 12:09 - 00001216 _____ C:\Users\Sonne\Desktop\malwarebytes.txt
2015-06-16 11:51 - 2015-06-16 11:54 - 00047075 _____ C:\Users\Sonne\Desktop\Addition.txt
2015-06-16 11:49 - 2015-06-17 16:23 - 00016650 _____ C:\Users\Sonne\Desktop\FRST.txt
2015-06-16 11:47 - 2015-06-16 11:47 - 02109952 _____ (Farbar) C:\Users\Sonne\Desktop\FRST64.exe
2015-06-16 11:06 - 2015-06-16 11:06 - 00000134 _____ C:\Windows\SysWOW64\BsMain.ini
2015-06-16 11:06 - 2015-06-16 11:06 - 00000000 ___RD C:\RavBin
2015-06-16 11:06 - 2015-06-16 11:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rising Antivirus
2015-06-16 11:06 - 2015-06-16 11:04 - 00091928 ____N (Beijing Rising Information Technology Co., Ltd.) C:\Windows\SysWOW64\vpatch.dll
2015-06-16 11:05 - 2015-06-16 10:35 - 00325400 ____N (Beijing Rising Information Technology Co., Ltd.) C:\Windows\system32\ravext64.dll
2015-06-16 11:05 - 2015-06-16 10:35 - 00256280 ____N (Beijing Rising Information Technology Co., Ltd.) C:\Windows\SysWOW64\ravext.dll
2015-06-16 11:05 - 2015-06-16 10:32 - 00041784 ____N (Beijing Rising Information Technology Co., Ltd.) C:\Windows\system32\Drivers\hvm.sys
2015-06-16 11:05 - 2015-06-16 10:31 - 00240472 ____N (Beijing Rising Information Technology Co., Ltd.) C:\Windows\SysWOW64\bsmain.exe
2015-06-16 10:26 - 2015-06-16 10:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\腾讯软件
2015-06-15 18:29 - 2015-06-17 16:14 - 00000672 _____ C:\Windows\setupact.log
2015-06-15 18:29 - 2015-06-15 18:29 - 00000000 _____ C:\Windows\setuperr.log
2015-06-15 17:03 - 2015-06-15 17:03 - 00003160 _____ C:\Windows\System32\Tasks\{C07EE879-4943-44B9-B8F3-B055E75D3C3D}
2015-06-15 16:53 - 2015-06-15 16:53 - 00000000 ____D C:\Users\Sonne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\腾讯软件
2015-06-15 16:53 - 2015-06-15 16:52 - 00174392 _____ (Tencent Technology(Shenzhen) Company Limited) C:\Windows\system32\Drivers\TAOKernel64.sys
2015-06-15 16:53 - 2015-06-15 16:52 - 00099640 _____ (Tencent) C:\Windows\system32\Drivers\TAOAccelerator64.sys
2015-06-15 16:53 - 2015-06-15 16:52 - 00087864 _____ (电脑管家) C:\Windows\system32\Drivers\TFsFltX64.sys
2015-06-15 16:53 - 2015-06-15 16:52 - 00038200 _____ (电脑管家) C:\Windows\system32\Drivers\TSSKX64.sys
2015-06-15 16:50 - 2015-06-16 11:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rising Software Deployment System
2015-06-15 16:50 - 2015-06-16 10:30 - 00119256 ____N (Beijing Rising Information Technology Co., Ltd.) C:\Windows\system32\Drivers\sysmon.sys
2015-06-15 16:50 - 2015-06-16 10:30 - 00071760 ____N (Beijing Rising Information Technology Co., Ltd.) C:\Windows\system32\Drivers\rsutils.sys
2015-06-15 16:50 - 2015-06-15 16:50 - 00000150 __RSH C:\rising.ini
2015-06-15 16:50 - 2012-02-29 09:49 - 00011888 ____N (Beijing Rising Information Technology Co., Ltd.) C:\Windows\system32\Drivers\rsndisp.sys
2015-06-15 16:49 - 2015-06-16 12:10 - 00000000 ____D C:\Program Files (x86)\b24cd062-bf2a-4359-9342-85828b0ba5d3
2015-06-15 16:49 - 2015-06-16 12:10 - 00000000 ____D C:\Program Files (x86)\639202a2-5fcc-4a00-ba2e-ebce06ee95fc
2015-06-15 16:49 - 2015-06-15 16:57 - 00000000 ____D C:\Program Files (x86)\Rs
2015-06-15 16:49 - 2015-06-15 16:50 - 00000000 ____D C:\ProgramData\Rising
2015-06-15 16:49 - 2015-06-15 16:49 - 00000000 ____D C:\Program Files (x86)\Rising
2015-06-15 16:48 - 2015-06-17 10:43 - 00000330 _____ C:\Windows\Tasks\WTKXPWLM1.job
2015-06-15 16:48 - 2015-06-16 10:26 - 00000004 _____ C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-06-15 16:48 - 2015-06-15 16:48 - 00003572 _____ C:\Windows\System32\Tasks\DWBTM
2015-06-15 16:48 - 2015-06-15 16:48 - 00002852 _____ C:\Windows\System32\Tasks\WTKXPWLM1
2015-06-15 16:47 - 2015-06-17 10:43 - 00000324 _____ C:\Windows\Tasks\XGGLNAPSJN1.job
2015-06-15 16:47 - 2015-06-15 16:47 - 00003572 _____ C:\Windows\System32\Tasks\HLEBG
2015-06-15 16:47 - 2015-06-15 16:47 - 00002846 _____ C:\Windows\System32\Tasks\XGGLNAPSJN1
2015-06-15 16:47 - 2015-06-15 16:47 - 00000000 _____ C:\Windows\hgfs.sys
2015-06-15 16:46 - 2015-06-15 16:46 - 00000000 _____ C:\Windows\prleth.sys
2015-06-08 01:05 - 2015-05-01 15:17 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-06-08 01:05 - 2015-05-01 15:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-06-04 13:56 - 2015-06-16 12:14 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-05-21 15:48 - 2015-05-21 15:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2015-05-21 15:48 - 2015-05-21 15:48 - 00000000 ____D C:\Program Files\McAfee Security Scan
2015-05-20 10:46 - 2015-05-20 10:46 - 00013489 _____ C:\Users\Sonne\Documents\Stadt W´hausen Herr Meyer (PayPal).odt
2015-05-18 14:11 - 2015-05-21 15:48 - 00001937 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2015-05-18 14:11 - 2015-05-21 15:48 - 00000000 ____D C:\ProgramData\McAfee Security Scan
2015-05-18 14:10 - 2015-06-16 12:10 - 00000000 ____D C:\Program Files (x86)\Adobe
2015-05-18 14:10 - 2015-05-18 14:10 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-05-18 14:10 - 2015-05-18 14:10 - 00002013 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-17 16:22 - 2013-07-02 19:21 - 00000000 ____D C:\FRST
2015-06-17 16:21 - 2011-09-30 23:16 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-06-17 16:14 - 2013-06-07 21:17 - 02009930 _____ C:\Windows\WindowsUpdate.log
2015-06-17 16:14 - 2013-03-28 20:47 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-06-17 14:16 - 2011-09-30 23:16 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-06-17 14:10 - 2015-05-15 21:27 - 00000000 ____D C:\Users\Sonne\Documents\Musch Delank Imex
2015-06-17 10:57 - 2009-07-14 06:45 - 00024608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-06-17 10:57 - 2009-07-14 06:45 - 00024608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-06-17 10:43 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-06-17 10:41 - 2013-11-28 20:05 - 00000000 ____D C:\AdwCleaner
2015-06-16 12:21 - 2009-07-14 07:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2015-06-16 12:15 - 2009-07-14 06:45 - 00295648 _____ C:\Windows\system32\FNTCACHE.DAT
2015-06-16 12:14 - 2013-07-09 11:08 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-06-16 12:14 - 2009-07-14 05:20 - 00000000 __RSD C:\Windows\Media
2015-06-16 11:40 - 2014-11-13 11:04 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-06-16 11:39 - 2014-11-13 11:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-06-16 11:39 - 2014-11-13 11:04 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-06-16 11:39 - 2013-11-28 20:20 - 00001072 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-06-16 11:36 - 2011-09-30 23:24 - 00064544 _____ C:\Users\Sonne\AppData\Local\GDIPFONTCACHEV1.DAT
2015-06-15 17:02 - 2013-09-09 15:44 - 00002141 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-06-15 17:02 - 2013-07-09 11:08 - 00001169 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-06-15 17:02 - 2013-07-09 11:08 - 00001157 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-06-15 17:02 - 2011-09-30 23:34 - 00001431 _____ C:\Users\Sonne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-06-15 16:59 - 2013-04-17 16:39 - 00000000 ____D C:\Users\Sonne\AppData\Local\CrashDumps
2015-06-15 16:54 - 2011-09-30 23:37 - 00000000 ____D C:\Users\Sonne\AppData\Local\VirtualStore
2015-06-11 12:41 - 2013-03-28 20:47 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-06-11 12:41 - 2013-03-28 20:46 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-06-11 12:41 - 2011-09-30 23:41 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-06-09 21:01 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2015-06-08 01:34 - 2012-05-14 13:08 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-06-08 01:34 - 2012-05-14 13:08 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-06-08 01:32 - 2015-04-22 13:38 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2015-06-08 01:32 - 2015-04-22 13:38 - 00000000 ___SD C:\Windows\system32\GWX
2015-06-08 01:32 - 2010-11-21 09:17 - 00000000 ____D C:\Program Files\Windows Journal
2015-06-08 01:32 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\AdvancedInstallers
2015-06-08 01:10 - 2012-03-28 10:11 - 00000000 ____D C:\Program Files (x86)\Microsoft Application Virtualization Client
2015-06-08 01:10 - 2011-04-16 12:56 - 01649782 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2015-06-08 01:10 - 2011-02-14 14:57 - 00700118 _____ C:\Windows\system32\perfh007.dat
2015-06-08 01:10 - 2011-02-14 14:57 - 00149968 _____ C:\Windows\system32\perfc007.dat
2015-06-08 01:04 - 2012-05-14 14:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-05-21 15:57 - 2011-09-30 23:55 - 00000000 ____D C:\Users\Sonne\Desktop\Fotos
2015-05-20 14:44 - 2011-09-30 23:23 - 00000000 ____D C:\Users\Sonne\AppData\Local\Adobe
2015-05-19 11:42 - 2012-04-01 11:15 - 00000000 ____D C:\Users\Sonne\Documents\Eigene Dateien
2015-05-19 09:12 - 2009-07-14 07:32 - 00000000 ____D C:\Windows\system32\FxsTmp
2015-05-18 14:11 - 2015-01-11 11:43 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-05-18 14:11 - 2011-09-30 23:41 - 00000000 ____D C:\Users\Sonne\AppData\Roaming\Adobe
2015-05-18 14:10 - 2011-09-30 23:18 - 00000000 ____D C:\ProgramData\Adobe
2015-05-18 13:34 - 2011-09-30 23:16 - 00004106 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-05-18 13:34 - 2011-09-30 23:16 - 00003854 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

==================== Files in the root of some directories =======

2013-10-02 20:36 - 2014-01-05 15:11 - 0000678 _____ () C:\Users\Sonne\AppData\Local\cookies.ini

Some files in TEMP:
====================
C:\Users\Sonne\AppData\Local\Temp\C2PC_SP.exe
C:\Users\Sonne\AppData\Local\Temp\Quarantine.exe
C:\Users\Sonne\AppData\Local\Temp\sqlite3.dll
C:\Users\Sonne\AppData\Local\Temp\Uninstall.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-06-16 20:35

==================== End of log ============================

[CODE]Additional
FRST Logfile:

Code:

ATTFilter

scan result of Farbar Recovery Scan Tool (x64) Version:13-06-2015
Ran by Sonne at 2015-06-17 16:24:08
Running from C:\Users\Sonne\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2983943463-2176006230-4185877932-500 - Administrator - Disabled)
Gast (S-1-5-21-2983943463-2176006230-4185877932-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2983943463-2176006230-4185877932-1002 - Limited - Enabled)
Sonne (S-1-5-21-2983943463-2176006230-4185877932-1001 - Administrator - Enabled) => C:\Users\Sonne

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Rising Antivirus (Enabled - Up to date) {DBC966C2-BD90-87CD-5A01-4DFB1D2EC867}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Rising Antivirus (Enabled - Up to date) {60A88726-9BAA-8843-60B1-768966A982DA}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.007.20033 - Adobe Systems Incorporated)
Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.188 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.188 - Adobe Systems Incorporated)
Advertising Center (x32 Version: 0.0.0.1 - Nero AG) Hidden
AIS Connect (HKLM-x32\...\AIS Connect) (Version: 1.1.1.6 - Fujitsu Technology Solutions GmbH)
AIS Connect (x32 Version: 1.1.1.6 - Fujitsu Technology Solutions GmbH) Hidden
Bluetooth Feature Pack 5.0 (HKLM\...\{B2F4C332-2359-4ADE-AF0C-C631768BBB89}) (Version: 5.0.14 - CSR Plc.)
CCleaner (HKLM\...\CCleaner) (Version: 3.11 - Piriform)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DeskUpdate 4.11 (HKLM-x32\...\DeskUpdate_is1) (Version: 4.11.0074 - Fujitsu Technology Solutions)
eBay (HKLM-x32\...\{9983CD31-473F-4808-8317-5346119F0187}) (Version: 1.0.1 - eBay Inc.)
Fotogalerie (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
FreeOCR v5.0 (HKLM-x32\...\freeocr_is1) (Version:  - )
Fujitsu Display Manager (HKLM-x32\...\InstallShield_{4108974B-DE87-4AD4-9167-930C62C45691}) (Version:  - )
Fujitsu Display Manager (Version: 7.01.00.210 - FUJITSU LIMITED) Hidden
Fujitsu Hotkey Utility (HKLM-x32\...\InstallShield_{BA0CC975-682B-4678-A35C-05E607F36387}) (Version: 3.60.1.0 - FUJITSU LIMITED)
Fujitsu Hotkey Utility (x32 Version: 3.60.1.0 - FUJITSU LIMITED) Hidden
Fujitsu MobilityCenter Extension Utility (HKLM-x32\...\InstallShield_{EC314CDF-3521-482B-A21C-65AC95664814}) (Version:  - )
Fujitsu MobilityCenter Extension Utility (Version: 3.01.00.000 - Ihr Firmenname) Hidden
Fujitsu System Extension Utility (HKLM-x32\...\InstallShield_{E8A5B78F-4456-4511-AB3D-E7BFFB974A7A}) (Version:  - )
Fujitsu System Extension Utility (Version: 3.1.1.0 - FUJITSU LIMITED) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.124 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
HP Deskjet 2050 J510 series Basic Device Software (HKLM\...\{474A8F3F-863A-4FCC-91F0-47A61E06FEC9}) (Version: 22.0.334.0 - Hewlett-Packard Co.)
ImagXpress (x32 Version: 7.0.74.0 - Nero AG) Hidden
Intel(R) Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2025 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Java 7 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.250 - Oracle)
Java(TM) 6 Update 22 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216022F0}) (Version: 6.0.220 - Oracle)
Junk Mail filter update (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
LifeBook Application Panel (HKLM-x32\...\InstallShield_{6226477E-444F-4DFE-BA19-9F4F7D4565BC}) (Version:  - )
LifeBook Application Panel (Version: 8.1.0.0 - FUJITSU LIMITED) Hidden
Malwarebytes Anti-Malware Version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - Deutsch (HKLM-x32\...\{90140011-0066-0407-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SkyDrive (HKU\S-1-5-21-2983943463-2176006230-4185877932-1001\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 38.0.5 (x86 de) (HKLM-x32\...\Mozilla Firefox 38.0.5 (x86 de)) (Version: 38.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
Nero 9 Essentials (HKLM-x32\...\{54da196d-166e-41ff-97b8-b36d914b919c}) (Version:  - Nero AG)
OpenOffice.org 3.3 (HKLM-x32\...\{4286716B-1287-48E7-9078-3DC8248DBA96}) (Version: 3.3.9567 - OpenOffice.org)
PDF24 Creator 6.3.2 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
PhotoScape (HKLM-x32\...\PhotoScape) (Version:  - )
Plugfree NETWORK (HKLM\...\{7BA64D21-EE46-4a9a-8145-52B0175C3F86}) (Version: 5.3.0.1 - FUJITSU LIMITED)
Plugfree NETWORK (Version: 5.3.001 - FUJITSU LIMITED) Hidden
Power Saving Utility (HKLM-x32\...\InstallShield_{7254349B-460B-488F-B4DB-A96100C5C48B}) (Version:  - )
Power Saving Utility (Version: 31.01.11.013 - FUJITSU LIMITED) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5969 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7100.30087 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Rising Antivirus (HKLM-x32\...\RAV) (Version: 24.00.43.14 - Beijing Rising Information Technology, Inc.)
Rising Software Deployment System (HKLM-x32\...\RSD) (Version: 23.00.01.02 - Beijing Rising Information Technology, Inc.)
Rossmann Fotowelt Software 4.9 (HKLM-x32\...\Rossmann Fotowelt Software) (Version: 4.9 - ORWO Net)
SpywareBlaster 5.0 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 14.0.10.0 - Synaptics Incorporated)
TeamViewer 7 (HKLM-x32\...\TeamViewer 7) (Version: 7.0.17271 - TeamViewer)
VTech Download Agent Library (x32 Version: 1.00.0000 - VTech) Hidden
VTech Download Manager (HKLM-x32\...\VTechDownloadManager) (Version:  - VTech)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2983943463-2176006230-4185877932-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Sonne\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2983943463-2176006230-4185877932-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Sonne\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2983943463-2176006230-4185877932-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Sonne\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2983943463-2176006230-4185877932-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Sonne\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\FileSyncApi64.dll (Microsoft Corporation)

==================== Restore Points =========================

19-05-2015 11:30:30 Windows Update
22-05-2015 13:33:32 Windows Update
28-05-2015 09:29:41 Windows Update
04-06-2015 13:34:06 Windows Update
08-06-2015 01:01:03 Windows Update
12-06-2015 15:46:14 Windows Update
15-06-2015 16:50:44 LavasoftWeCompanion
16-06-2015 10:45:44 Windows Update
16-06-2015 20:05:52 Revo Uninstaller's restore point - cinemaplus version 2.04
16-06-2015 20:09:33 Revo Uninstaller's restore point - Zip Opener Packages 83

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2013-06-27 13:09 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {008A50F6-6F65-4BD2-9CED-9C791EF23812} - System32\Tasks\WTKXPWLM1 => C:\ProgramData\FlashBeat\FlashBeat.exe <==== ATTENTION
Task: {052DD86F-62F1-497A-A9E5-710BA7A63CB9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-27] (Google Inc.)
Task: {0E14688E-C9EE-4B4D-A5A5-551D4BE1CA20} - System32\Tasks\XGGLNAPSJN1 => C:\ProgramData\NavRight\NavRight.exe <==== ATTENTION
Task: {23D0AE57-EA18-4B45-8047-200E93E04815} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-27] (Google Inc.)
Task: {240F7B74-8D37-46DA-8750-052664AEABBB} - System32\Tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTask => C:\Windows\system32\Wat\WatAdminSvc.exe [2012-03-17] (Microsoft Corporation)
Task: {2A9F2D7A-9915-4466-8678-A21B3B1D1363} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-03-07] (Adobe Systems Incorporated)
Task: {49A6221B-522F-4306-B4C6-C3E86C02A0F8} - System32\Tasks\{C07EE879-4943-44B9-B8F3-B055E75D3C3D} => pcalua.exe -a C:\Users\Sonne\AppData\Roaming\oursurfing\UninstallManager.exe -c  -ptid=amt
Task: {4C754BFD-0F30-4C99-97BE-7FC3E7D9AA29} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => schtasks
Task: {5C3F2F40-0337-4951-8437-B5CCCCC99282} - System32\Tasks\{18968C56-914E-4610-8DF1-80B92D002E96} => pcalua.exe -a C:\Users\Sonne\Downloads\marineemail.exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {69FC9E73-AB0D-4594-A8C2-DDE5D47DDCED} - System32\Tasks\DWBTM => C:\ProgramData\37e30e59d1a7430da05c726d0388106f\37e30e59d1a7430da05c726d0388106f.exe <==== ATTENTION
Task: {6AEEDEA0-A547-4EA4-9AFD-BFA6D14445C0} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-06-11] (Adobe Systems Incorporated)
Task: {6B7C6944-8702-4A14-BB6E-520DD18A2A23} - System32\Tasks\HLEBG => C:\ProgramData\830d280829ca4028a7f37bc821cc2f16\830d280829ca4028a7f37bc821cc2f16.exe <==== ATTENTION
Task: {72034D43-6577-4F5B-B719-2056A137B18A} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle => C:\Windows\system32\GWX\GWX.exe [2015-05-07] (Microsoft Corporation)
Task: {7EF8E32F-4C9A-42B3-8E52-F0CC6A459901} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\Logon => C:\Windows\system32\GWX\GWX.exe [2015-05-07] (Microsoft Corporation)
Task: {82487041-C999-4ECE-AB7C-7EFD19457194} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-05-07] (Microsoft Corporation)
Task: {974EC68E-FAF1-4CE4-9A02-98FF7880FA7C} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-05-07] (Microsoft Corporation)
Task: {9B59277C-AE77-4C67-9BB9-65CC1EFFA8D5} - System32\Tasks\RsDelayLauncher_{8A34248E-7D35-4832-8378-7659E0B0A380} => C:\PROGRAM FILES (X86)\RISING\RAV\rsdelaylauncher.exe [2015-06-16] (Beijing Rising Information Technology Co., Ltd.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\WTKXPWLM1.job => C:\ProgramData\FlashBeat\FlashBeat.exe <==== ATTENTION
Task: C:\Windows\Tasks\XGGLNAPSJN1.job => C:\ProgramData\NavRight\NavRight.exe <==== ATTENTION

==================== Loaded Modules (Whitelisted) ==============

2011-01-17 16:19 - 2012-04-02 12:01 - 00985088 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
2015-06-11 12:41 - 2015-06-11 12:41 - 16867504 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_188.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:5C321E34

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\S-1-5-21-2983943463-2176006230-4185877932-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-2983943463-2176006230-4185877932-1001\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-2983943463-2176006230-4185877932-1001\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-2983943463-2176006230-4185877932-1001\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-2983943463-2176006230-4185877932-1001\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-2983943463-2176006230-4185877932-1001\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-2983943463-2176006230-4185877932-1001\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-2983943463-2176006230-4185877932-1001\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-2983943463-2176006230-4185877932-1001\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-2983943463-2176006230-4185877932-1001\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-2983943463-2176006230-4185877932-1001\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-2983943463-2176006230-4185877932-1001\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-2983943463-2176006230-4185877932-1001\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-2983943463-2176006230-4185877932-1001\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-2983943463-2176006230-4185877932-1001\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-2983943463-2176006230-4185877932-1001\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-2983943463-2176006230-4185877932-1001\...\1001movie.com -> 1001movie.com
IE restricted site: HKU\S-1-5-21-2983943463-2176006230-4185877932-1001\...\1001night.biz -> 1001night.biz
IE restricted site: HKU\S-1-5-21-2983943463-2176006230-4185877932-1001\...\100gal.net -> 100gal.net
IE restricted site: HKU\S-1-5-21-2983943463-2176006230-4185877932-1001\...\100sexlinks.com -> 100sexlinks.com

There are 5317 more restricted sites.

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2983943463-2176006230-4185877932-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Sonne\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.178.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{55CCA8F9-D7B5-4F9D-A1C7-0B120701405F}] => (Allow) C:\Program Files\HP\HP Deskjet 2050 J510 series\Bin\USBSetup.exe
FirewallRules: [{B468A948-BB76-4CC2-8EF5-6D096A47B629}] => (Allow) C:\Program Files\HP\HP Deskjet 2050 J510 series\Bin\USBSetup.exe
FirewallRules: [{CF74D96B-E1AF-4464-BBA7-6E115330DC86}] => (Allow) C:\Users\Sonne\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{457EC9A3-52BC-49DA-93F0-076B646025E4}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{D5351F3C-C8D2-49A3-AEDA-74CD7573D131}] => (Allow) LPort=2869
FirewallRules: [{159A9B9B-3C47-48E0-B8A7-E5E0B58DEA73}] => (Allow) LPort=1900
FirewallRules: [{C3CE3E41-BC8A-4006-93C6-64BBF3F1BBCD}] => (Allow) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe
FirewallRules: [{69095B4D-B1DD-4937-900E-764FB4BFDC74}] => (Allow) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe
FirewallRules: [{027761D3-0BC9-4612-9AC4-B14267E6A1E7}] => (Allow) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
FirewallRules: [{2724A7D4-B849-4303-8964-334540F1B94D}] => (Allow) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
FirewallRules: [{88C79719-3F96-4DC0-AF71-AFEC59DD0098}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{30BB36D4-C5D6-4159-93A1-BC3151A034CC}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{17D53D46-A97F-4EE3-971C-B63FFE14E20B}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{E033C7B7-2C7D-4154-8093-BF61B71ED4CF}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{70C0E24B-7BC3-4ACB-8ECE-AA2E1567D9D7}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{609E758D-717E-4834-9282-0228860D500C}] => (Allow) C:\Program Files (x86)\Rising\RAV\ravmond.exe
FirewallRules: [{98E0B3BC-E288-498B-B3A4-578CE05808E8}] => (Allow) C:\Program Files (x86)\Rising\RAV\ravmond.exe
FirewallRules: [{21A5AA21-61CA-4320-83DE-399BA6221F46}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\QQPCmgrInstallGuide.exe
FirewallRules: [{2602B83B-1568-40C5-A807-3D8B187937BD}] => (Allow) C:\program files (x86)\common files\tencent\qqdownload\130\tencentdl.exe
FirewallRules: [{40CE0218-73D9-4A4F-91FC-8A5DE007F6A6}] => (Allow) C:\program files (x86)\common files\tencent\qqdownload\130\bugreport_xf.exe
FirewallRules: [{AC4607BC-E257-44B8-9CB1-BE57E67263FF}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\QQPCTray.exe
FirewallRules: [{6C6F446B-5DCF-41D0-B111-4466031A7A9C}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\QQPCMgr.exe
FirewallRules: [{C0947541-CF29-4751-A887-F4BCD33EDCAA}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\QQPCRTP.exe
FirewallRules: [{DC2A925D-A8D1-407A-86B8-2D2E9280DBEA}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\QMDL.exe
FirewallRules: [{81EF5DF4-68DE-429A-9E3D-B43C6BAF0CAA}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\bugreport.exe
FirewallRules: [{7F1A03C7-2D48-4FA2-8D26-3D9A19FB1F14}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\QQPCFileOpen.exe
FirewallRules: [{112B5B9F-E5D2-48F7-ADD1-457835463309}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\QQPCLeakScan.exe
FirewallRules: [{CBF8034A-63AF-41DC-BD89-0BD3024078AE}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\QQPConfig.exe
FirewallRules: [{2E84B329-707E-4707-BDF6-F69283F8898B}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\QQPCSoftMgr.exe
FirewallRules: [{B412D22A-BC2C-4B33-BFDE-637399E97679}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\plugins\QMNetMon\QQPCNetFlow.exe
FirewallRules: [{BA6450E5-CC5F-4446-BE3F-B9DEE93C1854}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\QQPCBTU.exe
FirewallRules: [{FAA11A10-0A48-4E71-BDD2-488DA3454B94}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\QQPCClinic.exe
FirewallRules: [{97D14ABF-BF44-43B2-BE3B-536DEEC0F6C2}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\QQPCLaunch.exe
FirewallRules: [{BD948B14-8C19-4799-B2A4-D7904DF21CF5}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\QMUpdate\QQPCMgrUpdate.exe
FirewallRules: [{FBB344B2-584B-4308-A2F2-CE70AB3D968C}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\QQPCSoftGame.exe
FirewallRules: [{1CD34930-42E6-4A4C-B569-3D7926CCED2D}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\QQPCSysOptimize.exe
FirewallRules: [{65251F91-D874-48BD-B251-1874D834E5BE}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\QQPCUpdateAVLib.exe
FirewallRules: [{A8A802BB-5C55-45B0-B4D1-703FBB22C0FF}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\QQRepair.exe
FirewallRules: [{D31B42DD-FD8B-4D94-AE62-BB9F46539659}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\Uninst.exe
FirewallRules: [{9A32480F-FA3E-4286-99F5-FC3BDC41DE33}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\QQPCPatch.exe
FirewallRules: [{CAFF155D-2F2E-4355-BF76-9EC6DD49C97C}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\TpkUpdate.exe
FirewallRules: [{8C13F7E8-00D4-4215-98A3-09ED996C24D0}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\QMRouterMgr.exe
FirewallRules: [{25C46C94-E505-4199-B70A-08C91E15345C}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\QMAccountProtection.exe
FirewallRules: [{F367AF67-BF06-4DC1-B514-C57A7B023FED}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\QMAdBlock.exe

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Bluetooth-Peripheriegerät
Description: Bluetooth-Peripheriegerät
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Bluetooth-Peripheriegerät
Description: Bluetooth-Peripheriegerät
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (06/17/2015 10:54:19 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Nur zur Information.
Product registration is corrupted for {90140011-0066-0407-0000-0000000FF1CE}

Error: (06/17/2015 10:54:19 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Nur zur Information.
Error: Product {90140011-0066-0407-0000-0000000FF1CE} found in the registry but SoftGrid doesn't know about it, skipping...

Error: (06/17/2015 10:45:09 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/17/2015 10:44:14 AM) (Source: Application Virtualization Client) (EventID: 3008) (User: )
Description: {hap=12:app=OfficeVirt 9014006604070000:tid=CC4}
Der Client konnte keine Verbindung mit Application Virtualization Server herstellen (Rückgabecode 24604E0A-40000194).

Error: (06/17/2015 10:44:14 AM) (Source: Application Virtualization Client) (EventID: 5009) (User: )
Description: {hap=12:app=OfficeVirt 9014006604070000:tid=CC4}
Application Virtualization Client konnte keine Verbindung mit der Datenstrom-URL 'http://c2r.microsoft.com/ConsumerC2R/de-de/14.0.4763.1000/ConsumerC2R.de-de_14.0.6117.5005.sft' herstellen (Rückgabecode 24604E0A-40000194, ursprünglicher Rückgabecode 24604E0A-40000194).

Error: (06/16/2015 00:20:18 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/16/2015 00:20:10 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Nur zur Information.
(Stream product id=0x0066): Streaming Failed

Error: (06/16/2015 00:20:10 PM) (Source: Application Virtualization Client) (EventID: 5009) (User: )
Description: {tid=234}
Application Virtualization Client konnte keine Verbindung mit der Datenstrom-URL 'http://c2r.microsoft.com/ConsumerC2R/de-de/14.0.4763.1000/ConsumerC2R.de-de_14.0.6117.5005.sft' herstellen (Rückgabecode 24604E0A-40000194, ursprünglicher Rückgabecode 24604E0A-40000194).

Error: (06/16/2015 00:20:10 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Nur zur Information.
Too many failures while downloading ranges: 2

Error: (06/16/2015 00:20:10 PM) (Source: Application Virtualization Client) (EventID: 5009) (User: )
Description: {tid=234}
Application Virtualization Client konnte keine Verbindung mit der Datenstrom-URL 'http://c2r.microsoft.com/ConsumerC2R/de-de/14.0.4763.1000/ConsumerC2R.de-de_14.0.6117.5005.sft' herstellen (Rückgabecode 24604E0A-40000194, ursprünglicher Rückgabecode 24604E0A-40000194).


System errors:
=============
Error: (06/17/2015 10:52:41 AM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Windows Modules Installer" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler: 
%%1056

Error: (06/17/2015 10:50:46 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (06/17/2015 10:50:45 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel(R) Management & Security Application User Notification Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (06/17/2015 10:50:43 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Application Virtualization Client" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (06/17/2015 10:50:41 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Modules Installer" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (06/17/2015 10:50:41 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Software Protection" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (06/17/2015 10:50:40 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Application Virtualization Service Agent" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (06/17/2015 10:50:40 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "PowerSavingUtilityService" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (06/17/2015 10:50:40 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "PFNService" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (06/17/2015 10:50:40 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Nero BackItUp Scheduler 4.0" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 500 Millisekunden durchgeführt: Neustart des Diensts.


Microsoft Office:
=========================
Error: (06/17/2015 10:54:19 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Product registration is corrupted for {90140011-0066-0407-0000-0000000FF1CE}

Error: (06/17/2015 10:54:19 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Error: Product {90140011-0066-0407-0000-0000000FF1CE} found in the registry but SoftGrid doesn't know about it, skipping...

Error: (06/17/2015 10:45:09 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/17/2015 10:44:14 AM) (Source: Application Virtualization Client) (EventID: 3008) (User: )
Description: {hap=12:app=OfficeVirt 9014006604070000:tid=CC4}
24604E0A-40000194

Error: (06/17/2015 10:44:14 AM) (Source: Application Virtualization Client) (EventID: 5009) (User: )
Description: {hap=12:app=OfficeVirt 9014006604070000:tid=CC4}
http://c2r.microsoft.com/ConsumerC2R/de-de/14.0.4763.1000/ConsumerC2R.de-de_14.0.6117.5005.sft24604E0A-4000019424604E0A-40000194

Error: (06/16/2015 00:20:18 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/16/2015 00:20:10 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: (Stream product id=0x0066): Streaming Failed

Error: (06/16/2015 00:20:10 PM) (Source: Application Virtualization Client) (EventID: 5009) (User: )
Description: {tid=234}
http://c2r.microsoft.com/ConsumerC2R/de-de/14.0.4763.1000/ConsumerC2R.de-de_14.0.6117.5005.sft24604E0A-4000019424604E0A-40000194

Error: (06/16/2015 00:20:10 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Too many failures while downloading ranges: 2

Error: (06/16/2015 00:20:10 PM) (Source: Application Virtualization Client) (EventID: 5009) (User: )
Description: {tid=234}
http://c2r.microsoft.com/ConsumerC2R/de-de/14.0.4763.1000/ConsumerC2R.de-de_14.0.6117.5005.sft24604E0A-4000019424604E0A-40000194


CodeIntegrity Errors:
===================================
  Date: 2013-06-27 13:08:33.046
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-06-27 13:08:32.968
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info =========================== 

Processor: Intel(R) Pentium(R) CPU P6200 @ 2.13GHz
Percentage of memory in use: 43%
Total physical RAM: 3892.55 MB
Available physical RAM: 2181.91 MB
Total Pagefile: 7783.3 MB
Available Pagefile: 5498.83 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (System) (Fixed) (Total:463.76 GB) (Free:250 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: B477DB1C)
Partition 1: (Active) - (Size=2 GB) - (Type=27)
Partition 2: (Not Active) - (Size=463.8 GB) - (Type=07 NTFS)

==================== End of log ============================

--- --- ---

cosinus · 17.06.2015, 19:49

Zitat:

AV: 电脑管家系统防护 (Enabled - Up to date) {6F9C3F92-B625-0E47-F0B1-447602EC65F5}
AV: Rising Antivirus (Enabled - Up to date) {DBC966C2-BD90-87CD-5A01-4DFB1D2EC867}

Mal ganzehrlich, du wunderst dich über chinesische Zeichen nachdem du dir einen Virenscanner eines chinesischen Unternehmens installiert hast?

Wenn der dich stört deinstalliere ihn einfach...

Penelope8282 · 17.06.2015, 20:01

naja, es wurde irgendwo mitinstalliert, jedenfalls wusste ich nichts davon und nicht was es ist. Habs jetzt deiinstalliert bzw bin dabei.
Ist der Laptop denn jetzt sauber?

16.06.2015, 11:11	#4
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	infizierter Laptop, Adware, Oursurfing, chinesische Dateien, Virus? Was ist mit meiner Frage nach bisherigen Funden und wenn es welche gab, den Logs dazu? __________________ Logfiles bitte immer in CODE-Tags posten

17.06.2015, 15:11	#12
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	infizierter Laptop, Adware, Oursurfing, chinesische Dateien, Virus? Bitte auch ne neue Addition.txt erstellen, dazu FRST starten und einen Haken setzen bei Addition.txt, dann auf Scan klicken. __________________ Logfiles bitte immer in CODE-Tags posten

infizierter Laptop, Adware, Oursurfing, chinesische Dateien, Virus?

Plagegeister aller Art und deren Bekämpfung: infizierter Laptop, Adware, Oursurfing, chinesische Dateien, Virus?