Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Windows 8: gambali.dll und gambali64.dll in Systemverzeichnissen (https://www.trojaner-board.de/169158-windows-8-gambali-dll-gambali64-dll-systemverzeichnissen.html)

sbie 29.07.2015 21:49

Windows 8: gambali.dll und gambali64.dll in Systemverzeichnissen
 
Moin Team Trojaner-board.de,

da viel Werbung im Browser kam, habe ich mal den adwcleaner laufen lassen.

Aber adwcleaner_4.112 kann diese dlls nicht vom System putzen:
c:\window\syswow64\gambali.dll
c:\window\system32\gambali64.dll

Bitte hiermit um Unterstützung.

Zusätzlich bleibt dieser Registrierungsschlüssel stehen:
hkcu\software\microssoft\windows\currentversion\internet Settings

adw Logfiles dazu nächster Beitrag .
vorher die Standardlogfiles:

defogger_disable
Code:

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 08:27 on 29/07/2015 (Jana)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-

FRST
Code:

Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:26-07-2015
durchgeführt von jana_2 (ATTENTION: der angemeldete Benutzer ist kein Administrator) auf LAPPI (29-07-2015 08:36:49)
Gestartet von C:\Users\jana_2\Desktop
Geladene Profile: Jana & jana_2 (Verfügbare Profile: Jana & jana_2)
Platform: Windows 8 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 10 (Standard-Browser: IE)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

konnte nicht auf den Prozess zugreifen -> smss.exe
konnte nicht auf den Prozess zugreifen -> csrss.exe
konnte nicht auf den Prozess zugreifen -> wininit.exe
konnte nicht auf den Prozess zugreifen -> csrss.exe
konnte nicht auf den Prozess zugreifen -> winlogon.exe
konnte nicht auf den Prozess zugreifen -> services.exe
konnte nicht auf den Prozess zugreifen -> lsass.exe
konnte nicht auf den Prozess zugreifen -> svchost.exe
konnte nicht auf den Prozess zugreifen -> svchost.exe
konnte nicht auf den Prozess zugreifen -> svchost.exe
konnte nicht auf den Prozess zugreifen -> svchost.exe
konnte nicht auf den Prozess zugreifen -> svchost.exe
konnte nicht auf den Prozess zugreifen -> svchost.exe
konnte nicht auf den Prozess zugreifen -> dwm.exe
konnte nicht auf den Prozess zugreifen -> svchost.exe
konnte nicht auf den Prozess zugreifen -> spoolsv.exe
konnte nicht auf den Prozess zugreifen -> sched.exe
konnte nicht auf den Prozess zugreifen -> svchost.exe
konnte nicht auf den Prozess zugreifen -> avguard.exe
konnte nicht auf den Prozess zugreifen -> AppleMobileDeviceService.exe
konnte nicht auf den Prozess zugreifen -> AdminService.exe
konnte nicht auf den Prozess zugreifen -> mDNSResponder.exe
konnte nicht auf den Prozess zugreifen -> CCDMonitorService.exe
konnte nicht auf den Prozess zugreifen -> dasHost.exe
konnte nicht auf den Prozess zugreifen -> dsiwmis.exe
konnte nicht auf den Prozess zugreifen -> ETDService.exe
konnte nicht auf den Prozess zugreifen -> ExpressCache.exe
konnte nicht auf den Prozess zugreifen -> FFSService.exe
konnte nicht auf den Prozess zugreifen -> nsm59BB.tmpfs
konnte nicht auf den Prozess zugreifen -> HeciServer.exe
konnte nicht auf den Prozess zugreifen -> Jhi_service.exe
konnte nicht auf den Prozess zugreifen -> LavasoftTcpService.exe
konnte nicht auf den Prozess zugreifen -> NOBuAgent.exe
konnte nicht auf den Prozess zugreifen -> RfBtnSvc64.exe
konnte nicht auf den Prozess zugreifen -> Lavasoft.SearchProtect.WinService.exe
konnte nicht auf den Prozess zugreifen -> svchost.exe
konnte nicht auf den Prozess zugreifen -> TuneUpUtilitiesService64.exe
konnte nicht auf den Prozess zugreifen -> Avira.ServiceHost.exe
konnte nicht auf den Prozess zugreifen -> WmiPrvSE.exe
konnte nicht auf den Prozess zugreifen -> unsecapp.exe
konnte nicht auf den Prozess zugreifen -> avshadow.exe
konnte nicht auf den Prozess zugreifen -> svchost.exe
konnte nicht auf den Prozess zugreifen -> svchost.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
konnte nicht auf den Prozess zugreifen -> LMutilps32.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDTouch.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesApp64.exe
konnte nicht auf den Prozess zugreifen -> unsecapp.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe\LiveComm.exe
konnte nicht auf den Prozess zugreifen -> SearchIndexer.exe
(Atheros Communications) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe
() C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Dolby Laboratories Inc.) C:\Dolby PCEE4\pcee4.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
konnte nicht auf den Prozess zugreifen -> ePowerSvc.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
konnte nicht auf den Prozess zugreifen -> ePowerEvent.exe
konnte nicht auf den Prozess zugreifen -> RIconMan.exe
konnte nicht auf den Prozess zugreifen -> LMS.exe
konnte nicht auf den Prozess zugreifen -> NASvc.exe
(CyberLink) C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
konnte nicht auf den Prozess zugreifen -> UNS.exe
konnte nicht auf den Prozess zugreifen -> wmpnetwk.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
konnte nicht auf den Prozess zugreifen -> SDWSCSvc.exe
konnte nicht auf den Prozess zugreifen -> SDUpdSvc.exe
konnte nicht auf den Prozess zugreifen -> dllhost.exe
() C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe
() C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Theft Shield\USecuAppClient.exe
konnte nicht auf den Prozess zugreifen -> taskhost.exe
konnte nicht auf den Prozess zugreifen -> SDFSSvc.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
konnte nicht auf den Prozess zugreifen -> SearchFilterHost.exe
konnte nicht auf den Prozess zugreifen -> SearchProtocolHost.exe


==================== Registry (Nicht auf der Ausnahmeliste) ==================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2876304 2013-01-18] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12937872 2012-07-27] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1214608 2012-07-10] (Realtek Semiconductor)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-04-07] (Apple Inc.)
HKLM-x32\...\Run: [Dolby Home Theater v4] => C:\Dolby PCEE4\pcee4.exe [508656 2012-07-25] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [2994880 2012-08-15] (Symantec Corporation)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [782008 2015-07-27] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe [134368 2015-06-02] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [132736 2013-01-28] (Atheros Communications)
HKU\S-1-5-21-4169945393-979611324-1072499311-1005\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2015-04-26] (Apple Inc.)
HKU\S-1-5-21-4169945393-979611324-1072499311-1005\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
BootExecute: autocheck autochk * sdnclean64.exe
CHR HKLM\SOFTWARE\Policies\Google: Richtlinienbeschränkung <======= ATTENTION

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt..)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKU\S-1-5-21-4169945393-979611324-1072499311-1005\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKU\S-1-5-21-4169945393-979611324-1072499311-1005\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com
URLSearchHook: [S-1-5-21-4169945393-979611324-1072499311-1001] ATTENTION ==> Standard URLSearchHook fehlt
SearchScopes: HKLM -> {B8380493-B7BF-4FBC-AB65-2EA61B7993D0} URL = hxxp://www.startseite24.net/?q={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-4169945393-979611324-1072499311-1005 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-4169945393-979611324-1072499311-1005 -> {B8380493-B7BF-4FBC-AB65-2EA61B7993D0} URL =
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\IEPlugIn.dll [2013-01-28] (Qualcomm Atheros Commnucations)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} -  Keine Datei
Winsock: Catalog9 01 C:\Windows\SysWOW64\LavasoftTcpService.dll [325944 2015-03-09] (Lavasoft Limited)
Winsock: Catalog9 02 C:\Windows\SysWOW64\LavasoftTcpService.dll [325944 2015-03-09] (Lavasoft Limited)
Winsock: Catalog9 03 C:\Windows\SysWOW64\LavasoftTcpService.dll [325944 2015-03-09] (Lavasoft Limited)
Winsock: Catalog9 04 C:\Windows\SysWOW64\LavasoftTcpService.dll [325944 2015-03-09] (Lavasoft Limited)
Winsock: Catalog9 05 C:\Windows\SysWOW64\Gambali.dll [318784 2015-03-01] (Gambali OEM Software)
Winsock: Catalog9 06 C:\Windows\SysWOW64\Gambali.dll [318784 2015-03-01] (Gambali OEM Software)
Winsock: Catalog9 07 C:\Windows\SysWOW64\Gambali.dll [318784 2015-03-01] (Gambali OEM Software)
Winsock: Catalog9 08 C:\Windows\SysWOW64\Gambali.dll [318784 2015-03-01] (Gambali OEM Software)
Winsock: Catalog9 20 C:\Windows\SysWOW64\Gambali.dll [318784 2015-03-01] (Gambali OEM Software)
Winsock: Catalog9 21 C:\Windows\SysWOW64\LavasoftTcpService.dll [325944 2015-03-09] (Lavasoft Limited)
Winsock: Catalog9-x64 01 C:\Windows\system32\LavasoftTcpService64.dll [372248 2015-03-09] (Lavasoft Limited)
Winsock: Catalog9-x64 02 C:\Windows\system32\LavasoftTcpService64.dll [372248 2015-03-09] (Lavasoft Limited)
Winsock: Catalog9-x64 03 C:\Windows\system32\LavasoftTcpService64.dll [372248 2015-03-09] (Lavasoft Limited)
Winsock: Catalog9-x64 04 C:\Windows\system32\LavasoftTcpService64.dll [372248 2015-03-09] (Lavasoft Limited)
Winsock: Catalog9-x64 05 C:\Windows\system32\Gambali64.dll [364120 2015-03-01] (Gambali OEM Software)
Winsock: Catalog9-x64 06 C:\Windows\system32\Gambali64.dll [364120 2015-03-01] (Gambali OEM Software)
Winsock: Catalog9-x64 07 C:\Windows\system32\Gambali64.dll [364120 2015-03-01] (Gambali OEM Software)
Winsock: Catalog9-x64 08 C:\Windows\system32\Gambali64.dll [364120 2015-03-01] (Gambali OEM Software)
Winsock: Catalog9-x64 20 C:\Windows\system32\Gambali64.dll [364120 2015-03-01] (Gambali OEM Software)
Winsock: Catalog9-x64 21 C:\Windows\system32\LavasoftTcpService64.dll [372248 2015-03-09] (Lavasoft Limited)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{B6055372-0939-4C4A-A80C-6D0BD911458D}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{CDF19CD9-9B77-4465-A844-D4F85F9468B7}: [DhcpNameServer] 10.57.1.1
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2012-10-12] ()

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx

==================== Services (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [887128 2015-07-27] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [461672 2015-07-27] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [461672 2015-07-27] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1213072 2015-07-27] (Avira Operations GmbH & Co. KG)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [227456 2013-01-28] (Qualcomm Atheros Commnucations) [Datei ist nicht signiert]
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [217280 2015-06-02] (Avira Operations GmbH & Co. KG)
R2 CCDMonitorService; C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe [2615368 2013-02-19] (Acer Incorporated)
S3 DeviceFastLaneService; C:\Program Files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe [469648 2012-11-16] (Acer Incorporated)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [662088 2013-03-15] (Acer Incorporated)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [100752 2013-01-18] (ELAN Microelectronics Corp.)
R2 ExpressCache; C:\Program Files\Condusiv Technologies\ExpressCache\ExpressCache.exe [107944 2013-01-08] (Condusiv Technologies)
R2 FFSOpzSvc; C:\Program Files\Acer\Acer Instant Service\Sleep Memory Optimizer\FFSService.exe [161384 2012-03-12] (Acer Incorporated)
S3 irstrtsv; C:\Windows\SysWOW64\irstrtsv.exe [193576 2012-07-19] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
R2 LavasoftTcpService; C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.3.0\LavasoftTcpService.exe [836984 2015-03-02] (Lavasoft Limited)
R2 lmhosts; C:\Windows\system32\svchost.exe [29696 2012-09-20] (Microsoft Corporation)
R2 lmhosts; C:\Windows\SysWOW64\svchost.exe [23040 2012-09-20] (Microsoft Corporation)
R2 NlaSvc; C:\Windows\System32\svchost.exe [29696 2012-09-20] (Microsoft Corporation)
R2 NlaSvc; C:\Windows\SysWOW64\svchost.exe [23040 2012-09-20] (Microsoft Corporation)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [3943104 2012-08-15] (Symantec Corporation)
R2 nsi; C:\Windows\system32\svchost.exe [29696 2012-09-20] (Microsoft Corporation)
R2 nsi; C:\Windows\SysWOW64\svchost.exe [23040 2012-09-20] (Microsoft Corporation)
R2 RfButtonDriverService; C:\Windows\RfBtnSvc64.exe [93296 2015-02-20] (Dritek System INC.)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 SearchProtectionService; C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe [17768 2015-03-02] ()
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [2145080 2014-07-16] (TuneUp Software)
S3 USecuAppSvc; C:\Program Files\Acer\Acer Theft Shield\USecuAppSvc.exe [345744 2012-11-12] (Acer Incorporated)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16024 2015-01-31] (Microsoft Corporation)
R2 fuzefyby; C:\Users\Jana\AppData\Roaming\12345678-1425234414-5678-90AB-CDDEEFAABBCC\nsm59BB.tmpfs [X]

==================== Drivers (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [137288 2015-07-27] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [148632 2015-07-27] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2014-11-24] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [43576 2015-03-05] (Avira Operations GmbH & Co. KG)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-01-28] (Qualcomm Atheros)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
R1 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0401000.00E\ccSetx64.sys [168608 2012-05-26] (Symantec Corporation)
R1 excfs; C:\Windows\System32\DRIVERS\excfs.sys [26024 2013-01-08] (Condusiv Technologies)
R0 excsd; C:\Windows\System32\DRIVERS\excsd.sys [112552 2013-01-08] (Condusiv Technologies)
R3 irstrtdv; C:\Windows\System32\drivers\irstrtdv.sys [43800 2012-07-20] (Intel Corporation)
S3 mfencrk; C:\Windows\system32\DRIVERS\mfencrk.sys [96600 2014-09-19] (McAfee, Inc.)
R3 Ps2Kb2Hid; C:\Windows\System32\drivers\aPs2Kb2Hid.sys [26736 2015-02-20] (Dritek System Inc.)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [14112 2014-06-23] (TuneUp Software)

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2015-07-29 08:36 - 2015-07-29 08:36 - 00020103 _____ C:\Users\jana_2\Desktop\FRST.txt
2015-07-29 08:36 - 2015-07-29 08:36 - 00000000 ____D C:\FRST
2015-07-29 08:35 - 2015-07-29 08:35 - 02146816 _____ (Farbar) C:\Users\jana_2\Desktop\FRST64.exe
2015-07-29 08:32 - 2015-07-29 08:32 - 00000000 ___SH C:\DkHyperbootSync
2015-07-29 08:27 - 2015-07-29 08:27 - 00000470 _____ C:\Users\jana_2\Desktop\defogger_disable.log
2015-07-29 08:26 - 2015-07-29 08:26 - 00050477 _____ C:\Users\jana_2\Desktop\Defogger.exe
2015-07-28 22:43 - 2015-07-28 22:43 - 00000000 ____D C:\Program Files\Common Files\AV
2015-07-28 22:43 - 2015-07-28 17:52 - 00821920 _____ (Safer-Networking Ltd. ) C:\Users\Public\Desktop\Post Win10 Spybot-install.exe
2015-07-28 22:27 - 2015-07-28 22:27 - 00001395 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2015-07-28 22:27 - 2015-07-28 22:27 - 00001383 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2015-07-28 22:27 - 2015-07-28 22:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2015-07-28 22:27 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2015-07-28 22:16 - 2015-07-28 22:58 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2015-07-28 22:16 - 2015-07-28 22:56 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-07-28 22:16 - 2015-07-28 22:16 - 00000656 _____ C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job
2015-07-28 22:16 - 2015-07-28 22:16 - 00000628 _____ C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2015-07-28 22:16 - 2015-07-28 22:16 - 00000458 _____ C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job
2015-07-28 21:40 - 2015-07-28 22:07 - 00000135 _____ C:\Users\jana_2\Desktop\gambali64.dll.txt
2015-07-28 21:32 - 2015-07-28 21:32 - 00000804 _____ C:\Users\jana_2\Desktop\adwcleaner_4.112.lnk
2015-07-26 18:54 - 2015-07-26 18:54 - 00000000 ____D C:\Users\jana_2\Documents\Electronic Arts
2015-07-26 18:36 - 2015-07-28 22:22 - 00000085 _____ C:\Windows\wininit.ini
2015-07-26 18:36 - 2015-07-26 18:36 - 00001147 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA Download Manager.lnk
2015-07-26 18:36 - 2015-07-26 18:36 - 00001135 _____ C:\Users\Public\Desktop\EA Download Manager.lnk
2015-07-26 18:36 - 2015-07-26 18:36 - 00000195 _____ C:\Windows\DirectX.log
2015-07-26 18:36 - 2015-07-26 18:36 - 00000000 ____D C:\Program Files (x86)\Microsoft WSE
2015-07-26 18:36 - 2008-09-04 20:17 - 00447752 ____R (On2.com) C:\Windows\SysWOW64\vp6vfw.dll
2015-07-26 18:35 - 2015-07-26 18:35 - 00002086 _____ C:\Users\Public\Desktop\Die*Sims™*3.lnk
2015-07-26 18:35 - 2006-09-28 16:05 - 03977496 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_31.dll
2015-07-26 18:35 - 2006-09-28 16:05 - 02414360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_31.dll
2015-07-26 18:17 - 2015-07-26 18:36 - 00000000 ____D C:\Program Files (x86)\Electronic Arts
2015-07-21 08:28 - 2015-07-14 22:11 - 00035328 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-07-21 08:28 - 2015-07-14 22:09 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-07-21 08:28 - 2015-07-14 21:43 - 00366592 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-07-21 08:28 - 2015-07-14 21:43 - 00304128 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-07-15 18:47 - 2015-06-29 18:18 - 00026288 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-07-15 18:47 - 2015-06-29 15:28 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-07-15 18:47 - 2015-06-29 15:27 - 01084928 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-07-15 18:47 - 2015-06-29 15:27 - 00764928 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-07-15 18:47 - 2015-06-29 15:27 - 00433152 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-07-15 18:47 - 2015-06-29 15:27 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-07-15 18:47 - 2015-06-29 15:27 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-07-15 18:47 - 2015-06-26 15:07 - 01145856 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-07-15 18:47 - 2015-04-30 15:44 - 00478296 _____ C:\Windows\SysWOW64\locale.nls
2015-07-15 18:47 - 2015-04-30 15:44 - 00478296 _____ C:\Windows\system32\locale.nls
2015-07-15 18:47 - 2015-04-21 15:53 - 01174528 _____ (Microsoft Corporation) C:\Windows\system32\sppobjs.dll
2015-07-15 18:46 - 2015-05-07 15:05 - 00410739 _____ C:\Windows\system32\ApnDatabase.xml
2015-07-14 22:39 - 2015-06-27 18:36 - 00171352 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-07-14 22:39 - 2015-06-27 15:56 - 00452608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SHCore.dll
2015-07-14 22:39 - 2015-06-27 15:55 - 00668160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-07-14 22:39 - 2015-06-27 15:55 - 00273920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-07-14 22:39 - 2015-06-27 15:46 - 01314816 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-07-14 22:39 - 2015-06-27 15:46 - 00829952 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-07-14 22:39 - 2015-06-27 15:46 - 00588800 _____ (Microsoft Corporation) C:\Windows\system32\SHCore.dll
2015-07-14 22:39 - 2015-06-27 15:46 - 00318464 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-07-14 22:39 - 2015-06-27 15:23 - 00694784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-07-14 22:39 - 2015-06-25 20:29 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-07-14 22:39 - 2015-06-25 20:27 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-07-14 22:38 - 2015-07-02 22:31 - 19291136 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-07-14 22:38 - 2015-07-02 21:15 - 14384640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-07-14 22:38 - 2015-06-27 15:55 - 02865152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-07-14 22:38 - 2015-06-27 15:46 - 03960320 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-07-14 22:38 - 2015-01-07 06:25 - 00403456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-07-14 22:37 - 2015-06-15 17:22 - 13771264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-07-14 22:37 - 2015-06-15 17:22 - 02056704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-07-14 22:37 - 2015-06-15 17:22 - 01763328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-07-14 22:37 - 2015-06-15 17:22 - 01181696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-07-14 22:37 - 2015-06-15 17:22 - 00737280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-07-14 22:37 - 2015-06-15 17:22 - 00690176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-07-14 22:37 - 2015-06-15 17:22 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-07-14 22:37 - 2015-06-15 17:22 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-07-14 22:37 - 2015-06-15 17:22 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-07-14 22:37 - 2015-06-15 17:22 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-07-14 22:37 - 2015-06-15 17:22 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-07-14 22:37 - 2015-06-15 17:22 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-07-14 22:37 - 2015-06-15 17:20 - 15415296 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-07-14 22:37 - 2015-06-15 17:20 - 02656768 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-07-14 22:37 - 2015-06-15 17:20 - 02237440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-07-14 22:37 - 2015-06-15 17:20 - 01409024 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-07-14 22:37 - 2015-06-15 17:20 - 00949760 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-07-14 22:37 - 2015-06-15 17:20 - 00856064 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-07-14 22:37 - 2015-06-15 17:20 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-07-14 22:37 - 2015-06-15 17:20 - 00601600 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-07-14 22:37 - 2015-06-15 17:20 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-07-14 22:37 - 2015-06-15 17:20 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-07-14 22:37 - 2015-06-15 17:19 - 01509376 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-07-14 22:37 - 2015-06-15 17:19 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-07-14 22:36 - 2015-06-25 03:54 - 04064768 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-07-14 22:36 - 2015-06-17 16:13 - 01150264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2015-07-14 22:36 - 2015-06-17 15:44 - 01567560 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2015-07-14 22:36 - 2015-06-15 17:22 - 08858112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2015-07-14 22:36 - 2015-06-15 17:22 - 02416640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2015-07-14 22:36 - 2015-06-15 17:22 - 02037760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-07-14 22:36 - 2015-06-15 17:22 - 00062976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2015-07-14 22:36 - 2015-06-15 17:21 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2015-07-14 22:36 - 2015-06-15 17:20 - 10116608 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2015-07-14 22:36 - 2015-06-15 17:20 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-07-14 22:36 - 2015-06-15 17:19 - 02307072 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-07-14 22:36 - 2015-06-11 22:29 - 01302528 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-07-14 22:36 - 2015-06-11 18:27 - 01024000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-07-14 22:36 - 2015-06-09 15:57 - 03248640 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-06-30 23:46 - 2015-06-30 23:46 - 06162288 _____ ( ) C:\Users\jana_2\Downloads\adblockplusie-1.4.exe
2015-06-30 23:41 - 2015-06-30 23:41 - 01198368 _____ C:\Users\jana_2\Downloads\adblockplusie-1.4 - CHIP-Installer.exe

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2015-07-29 08:27 - 2015-02-23 19:17 - 00000000 ____D C:\Users\Jana
2015-07-29 08:00 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\system32\sru
2015-07-28 23:11 - 2015-02-20 20:55 - 00753134 _____ C:\Windows\system32\perfh007.dat
2015-07-28 23:11 - 2015-02-20 20:55 - 00155826 _____ C:\Windows\system32\perfc007.dat
2015-07-28 23:11 - 2012-07-26 09:28 - 01745416 _____ C:\Windows\system32\PerfStringBackup.INI
2015-07-28 22:24 - 2012-07-26 09:22 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-28 22:24 - 2012-07-26 07:39 - 00535730 _____ C:\Windows\PFRO.log
2015-07-28 21:14 - 2012-07-26 09:21 - 00550714 _____ C:\Windows\setupact.log
2015-07-27 16:40 - 2015-02-20 12:13 - 01627708 _____ C:\Windows\WindowsUpdate.log
2015-07-27 00:06 - 2015-03-03 12:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-07-27 00:05 - 2015-03-03 12:35 - 00148632 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-07-27 00:05 - 2015-03-03 12:35 - 00137288 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-07-26 23:54 - 2015-06-24 23:05 - 00002159 _____ C:\Windows\system32\ScanResults.xml
2015-07-26 23:51 - 2015-06-24 23:02 - 00000464 _____ C:\Windows\system32\ScannerSettings
2015-07-26 23:32 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\rescache
2015-07-26 18:17 - 2012-07-26 11:06 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-07-26 13:23 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\AUInstallAgent
2015-07-26 00:11 - 2015-04-01 21:12 - 00307896 _____ C:\Windows\system32\FNTCACHE.DAT
2015-07-22 10:39 - 2015-03-11 21:09 - 00000000 ____D C:\Users\jana_2\AppData\Local\CrashDumps
2015-07-21 22:42 - 2012-07-26 09:59 - 00000000 ____D C:\Windows\CbsTemp
2015-07-20 09:21 - 2015-04-18 19:57 - 00000000 ____D C:\Users\jana_2\Documents\Bewerbungsvorlagen
2015-07-19 13:29 - 2015-03-04 00:57 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-07-19 13:29 - 2015-03-04 00:57 - 00000000 ____D C:\Windows\system32\appraiser
2015-07-19 13:29 - 2015-03-04 00:17 - 00000000 ____D C:\Windows\system32\MRT
2015-07-19 13:29 - 2012-07-26 10:12 - 00000000 ___RD C:\Windows\ToastData
2015-07-13 23:22 - 2015-03-03 12:26 - 00792032 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-07-13 23:22 - 2015-03-03 12:26 - 00177632 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-07-07 21:43 - 2015-06-11 02:54 - 00001124 _____ C:\Users\Public\Desktop\Avira.lnk
2015-07-07 21:43 - 2015-03-03 12:30 - 00000000 ____D C:\Program Files (x86)\Avira
2015-07-07 21:43 - 2015-03-03 12:17 - 00000000 ____D C:\ProgramData\Package Cache
2015-07-03 08:43 - 2015-03-04 00:17 - 130333168 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2015-02-20 12:27 - 2015-02-20 12:27 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Einige Dateien in TEMP:
====================
C:\Users\jana_2\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap Check =================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\Windows\System32\winlogon.exe => Datei ist digital signiert
C:\Windows\System32\wininit.exe => Datei ist digital signiert
C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert
C:\Windows\System32\svchost.exe => Datei ist digital signiert
C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert
C:\Windows\System32\services.exe => Datei ist digital signiert
C:\Windows\System32\User32.dll => Datei ist digital signiert
C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert
C:\Windows\System32\userinit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert
C:\Windows\System32\rpcss.dll => Datei ist digital signiert
C:\Windows\System32\Drivers\volsnap.sys => Datei ist digital signiert

==================== Ende von log ============================

Addition
Code:

Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:26-07-2015
durchgeführt von jana_2 an 2015-07-29 08:37:18
Gestartet von C:\Users\jana_2\Desktop
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-4169945393-979611324-1072499311-500 - Administrator - Disabled)
Gast (S-1-5-21-4169945393-979611324-1072499311-501 - Limited - Disabled)
Jana (S-1-5-21-4169945393-979611324-1072499311-1001 - Administrator - Enabled) => C:\Users\Jana
jana_2 (S-1-5-21-4169945393-979611324-1072499311-1005 - Limited - Enabled) => C:\Users\jana_2

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

Acer Device Fast-lane (HKLM\...\{3F62D2FD-13C1-49A2-8B5D-47623D9460D7}) (Version: 1.00.3011 - Acer Incorporated)
Acer Instant Update Service (HKLM\...\{81C6F800-A69B-4E70-9DC0-74732F8B00E7}) (Version: 1.00.3015 - Acer Incorporated)
Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.3013 - Acer Incorporated)
Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.3016 - Acer Incorporated)
Acer Theft Shield (HKLM\...\{8ADB0CD2-4E5A-452F-BB3B-3A2984CAC749}) (Version: 1.01.3006 - Acer Incorporated)
Acer USB Charge Manager (HKLM\...\{07E867C5-0C48-40FF-A013-DDAF4565AD47}) (Version: 2.00.3003 - Acer Incorporated)
AcerCloud Docs (HKLM-x32\...\{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}) (Version: 1.01.2008 - Acer Incorporated)
AcerCloud Portal (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 2.02.2021 - Acer Incorporated)
Ad-Aware Web Companion (x32 Version: 1.1.908.1803 - Lavasoft) Hidden
Apple Application Support (32-Bit) (HKLM-x32\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
Apple Application Support (64-Bit) (HKLM\...\{D7B824DE-DA32-4772-9E5E-39C5158136A7}) (Version: 3.1.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avira (HKLM-x32\...\{8467e01f-0496-42ce-b247-88ef205b4880}) (Version: 1.1.40.29239 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.40.29239 - Avira Operations GmbH & Co. KG) Hidden
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.12.408 - Avira Operations GmbH & Co. KG)
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
clear.fi Media (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 2.02.2012 - Acer Incorporated)
clear.fi Photo (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 2.02.2016 - Acer Incorporated)
clear.fi SDK - Video 2 (x32 Version: 2.1.2606 - CyberLink Corp.) Hidden
clear.fi SDK- Movie 2 (x32 Version: 2.1.2606 - CyberLink Corp.) Hidden
CyberLink MediaEspresso 6.5 (HKLM-x32\...\InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}) (Version: 6.5.3729_45993 - CyberLink Corp.)
Delicious: Emily's Childhood Memories Premium Edition (x32 Version: 3.0.2.32 - WildTangent) Hidden
Die*Sims™*3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.0.631 - Electronic Arts)
Dolby Home Theater v4 (HKLM-x32\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.8000.16 - Dolby Laboratories Inc)
EA Download Manager (HKLM-x32\...\EADM) (Version: 5.0.0.255 - Electronic Arts, Inc.)
eBay Worldwide (HKLM-x32\...\{91589413-6675-4C27-8AFC-EFB9103B90A5}) (Version: 2.4.0105 - OEM)
ETDWare PS/2-X64 11.6.19.204_WHQL (HKLM\...\Elantech) (Version: 11.6.19.204 - ELAN Microelectronic Corp.)
ExpressCache (HKLM\...\{C123584F-9C84-45E8-AE5F-522328BB79A0}) (Version: 1.0.100.0 - Condusiv Technologies)
Free YouTube to MP3 Converter version 3.12.56.301 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.56.301 - DVDVideoSoft Ltd.)
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
iCloud (HKLM\...\{709A2D23-C25E-47B5-9268-CB6FEE648504}) (Version: 4.1.1.53 - Apple Inc.)
Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.3006 - Acer Incorporated)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2867 - Intel Corporation)
Intel(R) Rapid Start Technology (HKLM-x32\...\3D073343-CEEB-4ce7-85AC-A69A7631B5D6) (Version: 2.1.0.1002 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.4.1001 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
iTunes (HKLM\...\{93F2A022-6C37-48B8-B241-FFABD9F60C30}) (Version: 12.1.2.27 - Apple Inc.)
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
Launch Manager (HKLM-x32\...\LManager) (Version: 7.0.10 - Acer Inc.)
LavasoftTcpService (x32 Version: 2.3.3.0 - Lavasoft) Hidden
Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.3010 - Acer Incorporated)
Magic Academy (x32 Version: 2.2.0.98 - WildTangent) Hidden
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Nero BackItUp 12 Essentials OEM.a01 (HKLM-x32\...\{4CA8F973-6377-4ABF-9ED5-CC2323B3C000}) (Version: 12.5.00500 - Nero AG)
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.2.3.51r2 - Symantec Corporation)
Norton Online Backup ARA (x32 Version: 4.1.0.14 - Symantec Corporation) Hidden
Office Addin (HKLM-x32\...\{6D2BBE1D-E600-4695-BA37-0B0E605542CC}) (Version: 2.02.2008 - Acer)
Office Addin 2003 (HKLM-x32\...\{1FCC073B-CC01-4443-AD20-E559F66E6E83}) (Version: 2.02.2008 - Acer)
OpenOffice 4.1.1 (HKLM-x32\...\{ACD0FFF9-6B35-43C1-82DB-9FF6990E8602}) (Version: 4.11.9775 - Apache Software Foundation)
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
Prerequisite installer (x32 Version: 12.0.0003 - Nero AG) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.220 - Qualcomm Atheros Communications)
Qualcomm Atheros WLAN and Bluetooth Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 11.41 - Qualcomm Atheros)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6695 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.2.8400.28124 - Realtek Semiconductor Corp.)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Sleep Memory Optimizer (HKLM\...\{A10FCEC8-5523-4C2D-8B42-091B48EDEB55}) (Version: 1.01.3000 - Acer Incorporated)
Smart Timer (HKLM-x32\...\{89DB52FC-EA72-468F-A0C7-150AF8B7AB74}) (Version: 1.00.3007 - Acer Incorporated)
Spotify (HKLM-x32\...\Spotify) (Version: 0.8.4.99.ga249b5f1 - Spotify AB)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden
TuneUp Utilities 2014 (de-DE) (x32 Version: 14.0.1000.340 - TuneUp Software) Hidden
TuneUp Utilities 2014 (HKLM-x32\...\TuneUp Utilities) (Version: 14.0.1000.340 - TuneUp Software)
TuneUp Utilities 2014 (x32 Version: 14.0.1000.340 - TuneUp Software) Hidden
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Visual Studio 2005 Tools for Office Second Edition Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version:  - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version:  - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)
Web Companion (HKLM-x32\...\{AB75B78F-CFFA-4027-A8DC-94357F2F77EE}_WebCompanion) (Version: 1.1.908.1803 - Lavasoft)
Websuche (HKLM-x32\...\Websuche) (Version:  - Websuche)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (x32 Version: 4.0.10.5 - WildTangent) Hidden

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Wiederherstellungspunkte =========================

ATTENTION: Systemwiederherstellung ist deaktiviert
Überprüfen Sie den "winmgmt" Dienst oder reparieren Sie den WMI.


==================== Hosts Inhalt: ===============================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2012-07-26 07:26 - 2012-07-26 07:26 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job =>
Task: C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job =>
Task: C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job =>

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2012-07-26 08:16 - 2013-01-02 08:55 - 00175008 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe\ModernShared\ErrorReporting\ErrorReporting.dll
2013-01-28 15:45 - 2013-01-28 15:45 - 00011264 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2013-01-28 15:42 - 2013-01-28 15:42 - 00084992 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\Map\MAP.dll
2013-01-28 15:47 - 2013-01-28 15:47 - 00012928 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
2012-07-26 08:12 - 2012-10-23 05:37 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-02-08 23:24 - 2013-02-08 23:24 - 00025672 _____ () C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe
2013-02-08 23:24 - 2013-02-08 23:24 - 00044616 _____ () C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)


==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Gambali => ""="service"

==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer trusted/restricted ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)


==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-4169945393-979611324-1072499311-1005\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\acer01.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "Norton Online Backup"
HKLM\...\StartupApproved\Run32: => "QuickTime Task"

==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{9E9D23D0-F011-45E9-83B3-85B64A500DA7}] => (Allow) C:\Program Files\Acer\Acer Theft Shield\USecuAppClient.exe
FirewallRules: [{2FF2B3A5-BCDD-41F5-9FD8-8ED4FEFDBDAC}] => (Allow) C:\Program Files (x86)\Nero\Nero 12\Nero BackItUp\BackItUp.exe
FirewallRules: [{406F23DA-0FA5-4E58-B756-9DB136CC6E52}] => (Allow) C:\Program Files (x86)\Nero\Nero 12\Nero BackItUp\BackItUp.exe
FirewallRules: [{B62F9311-BA93-4448-AF14-E570A581062C}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [{4385B1D2-6D6D-4D9B-B318-6E521C6506C6}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [{8D735DDF-C6E5-414F-890B-605C61CFAAB3}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{F02A9E74-62FE-4F1D-A948-D0D37BC7EF19}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{EAF6DC99-34E6-4062-8CF6-5A8241D640CE}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\DMCDaemon.exe
FirewallRules: [{0006A0BF-04E5-4AB5-BEBA-450FAC98142C}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\DMCDaemon.exe
FirewallRules: [{26D21E3A-BCFD-4AE1-ABBB-DC97474B8BAB}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\WindowsUpnpMV.exe
FirewallRules: [{D8141F09-BA8C-4C02-967F-1690838ED757}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\WindowsUpnpMV.exe
FirewallRules: [{6DA718DA-6F8E-414A-8B89-FCE3244979A9}] => (Allow) C:\Program Files (x86)\Acer\clear.fi SDK21\Video\VideoPlayer.exe
FirewallRules: [{5BF580FF-3C09-4DF0-9551-3C61EDE2DA22}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\DMCDaemon.exe
FirewallRules: [{092A534A-92BF-432F-8676-29C189AD2AF9}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\DMCDaemon.exe
FirewallRules: [{4DA492AC-497F-4419-9010-C45A70DB743F}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\WindowsUpnp.exe
FirewallRules: [{FE790E46-152C-45BE-994F-FC77A8229A84}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\WindowsUpnp.exe
FirewallRules: [{1E3C2853-29C0-4B4C-BE11-D6F89D86A4DF}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\ccd.exe
FirewallRules: [{946B30D0-C1A7-474A-863B-AE02230EB63E}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\ccd.exe
FirewallRules: [{39562E16-F435-4E8A-B238-BD6CFDF96BDF}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\Sdd.exe
FirewallRules: [{46FF6E56-6F64-41E1-910B-4F254FD616E7}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\Sdd.exe
FirewallRules: [{A530BDA9-5701-4570-B669-07561B804619}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\virtualdrive.exe
FirewallRules: [{B5DC16D3-D43B-4695-AA27-64A5ABF093AE}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\virtualdrive.exe
FirewallRules: [{2D99B99F-5F0E-4FFC-A511-0BEBAD1A39DA}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{36AB55F8-80D3-446F-AD17-2326D629F66D}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{29CAA79F-AAEC-48B9-BDE8-F621CAEB390E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{B435C2E1-E817-43CB-9810-523FD00745BC}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{E0B2C091-3AFA-4EB1-B757-EAD447AB749B}] => (Allow) C:\Program Files\iTunes\iTunes.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Fehlerhafte Geräte im Gerätemanager =============

Name: Bluetooth USB Module
Description: Bluetooth USB Module
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: Qualcomm Atheros Communications
Service: BTHUSB
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (07/25/2015 11:51:21 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15500

Error: (07/25/2015 11:51:21 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15500

Error: (07/23/2015 11:36:23 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/22/2015 10:39:24 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 10.0.9200.17377, Zeitstempel: 0x55663e2e
Name des fehlerhaften Moduls: AdblockPlus32.dll, Version: 1.4.0.0, Zeitstempel: 0x54edf8a0
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0001c9d3
ID des fehlerhaften Prozesses: 0x3c80
Startzeit der fehlerhaften Anwendung: 0xIEXPLORE.EXE0
Pfad der fehlerhaften Anwendung: IEXPLORE.EXE1
Pfad des fehlerhaften Moduls: IEXPLORE.EXE2
Berichtskennung: IEXPLORE.EXE3
Vollständiger Name des fehlerhaften Pakets: IEXPLORE.EXE4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: IEXPLORE.EXE5

Error: (07/20/2015 09:39:36 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 665141

Error: (07/20/2015 09:39:36 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 665141

Error: (07/20/2015 09:39:36 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/20/2015 08:53:03 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 31561360

Error: (07/20/2015 08:53:03 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 31561360

Error: (07/20/2015 08:53:03 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


Systemfehler:
=============
Error: (07/28/2015 10:21:36 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Spybot-S&D 2 Scanner Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053

Error: (07/28/2015 10:21:36 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Spybot-S&D 2 Scanner Service erreicht.

Error: (07/28/2015 10:20:59 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Spybot-S&D 2 Scanner Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053

Error: (07/28/2015 10:20:59 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Spybot-S&D 2 Scanner Service erreicht.

Error: (07/28/2015 10:19:50 PM) (Source: DCOM) (EventID: 10005) (User: Lappi)
Description: 1084ShellHWDetectionNicht verfügbar{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (07/28/2015 10:19:14 PM) (Source: DCOM) (EventID: 10005) (User: Lappi)
Description: 1084ShellHWDetectionNicht verfügbar{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (07/28/2015 10:19:08 PM) (Source: DCOM) (EventID: 10005) (User: Lappi)
Description: 1084ShellHWDetectionNicht verfügbar{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (07/28/2015 10:19:00 PM) (Source: DCOM) (EventID: 10005) (User: Lappi)
Description: 1068netprofmNicht verfügbar{A47979D2-C419-11D9-A5B4-001185AD2B89}

Error: (07/28/2015 10:19:00 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068

Error: (07/28/2015 10:19:00 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "NLA (Network Location Awareness)" ist vom Dienst "DHCP-Client" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068


Microsoft Office:
=========================
Error: (07/25/2015 11:51:21 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15500

Error: (07/25/2015 11:51:21 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15500

Error: (07/23/2015 11:36:23 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/22/2015 10:39:24 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE10.0.9200.1737755663e2eAdblockPlus32.dll1.4.0.054edf8a0c00000050001c9d33c8001d0c459cf00d1a1C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Program Files\Adblock Plus for IE\AdblockPlus32.dll272a8acb-304d-11e5-be96-4c72b9a2fada

Error: (07/20/2015 09:39:36 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 665141

Error: (07/20/2015 09:39:36 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 665141

Error: (07/20/2015 09:39:36 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/20/2015 08:53:03 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 31561360

Error: (07/20/2015 08:53:03 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 31561360

Error: (07/20/2015 08:53:03 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


==================== Speicherinformationen ===========================

Processor: Intel(R) Core(TM) i3-3217U CPU @ 1.80GHz
Percentage of memory in use: 46%
Total physical RAM: 5959.27 MB
Available physical RAM: 3215.11 MB
Total Virtual: 12359.27 MB
Available Virtual: 8941.54 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:222.43 GB) (Free:126.48 GB) NTFS
Drive d: (DATA) (Fixed) (Total:222.43 GB) (Free:222.11 GB) NTFS

==================== MBR & Partition Table ==================

==================== Ende von log ============================

gmer
Code:

GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-07-29 22:00:33
Windows 6.2.9200  x64 \Device\Harddisk0\DR0 -> \Device\00000039 ST500LT012-9WS142 rev.0001SDM1 465,76GB
Running: itkcgws0.exe; Driver: C:\Users\Jana\AppData\Local\Temp\agloapoc.sys


---- User code sections - GMER 2.1 ----

.text    C:\Windows\Explorer.EXE[5476] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690                                                                                                                                                  000007f8c9ca1532 4 bytes [CA, C9, F8, 07]
.text    C:\Windows\Explorer.EXE[5476] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698                                                                                                                                                  000007f8c9ca153a 4 bytes [CA, C9, F8, 07]
.text    C:\Windows\Explorer.EXE[5476] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246                                                                                                                                                000007f8c9ca165a 4 bytes [CA, C9, F8, 07]
.text    C:\Windows\system32\igfxsrvc.exe[1252] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690                                                                                                                                        000007f8c9ca1532 4 bytes [CA, C9, F8, 07]
.text    C:\Windows\system32\igfxsrvc.exe[1252] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698                                                                                                                                        000007f8c9ca153a 4 bytes [CA, C9, F8, 07]
.text    C:\Windows\system32\igfxsrvc.exe[1252] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246                                                                                                                                      000007f8c9ca165a 4 bytes [CA, C9, F8, 07]

---- Threads - GMER 2.1 ----

Thread  C:\Windows\system32\csrss.exe [640:664]                                                                                                                                                                                          fffff960009505e8
Thread  C:\Windows\system32\services.exe [716:4272]                                                                                                                                                                                      000000e9d0a8f210
Thread  C:\Windows\system32\services.exe [716:4276]                                                                                                                                                                                      000000e9d0a8f210
Thread  C:\Windows\system32\services.exe [716:4280]                                                                                                                                                                                      000000e9d0a8f210
Thread  C:\Windows\system32\services.exe [716:4284]                                                                                                                                                                                      000000e9d0a8f210
Thread  C:\Windows\system32\services.exe [716:4288]                                                                                                                                                                                      000000e9d0efef60
Thread  C:\Windows\system32\services.exe [716:4292]                                                                                                                                                                                      000000e9d0efef60
Thread  C:\Windows\system32\services.exe [716:4296]                                                                                                                                                                                      000000e9d0efef60
Thread  C:\Windows\system32\services.exe [716:4300]                                                                                                                                                                                      000000e9d0efef60
Thread  C:\Windows\system32\svchost.exe [912:948]                                                                                                                                                                                        000000e86195f210
Thread  C:\Windows\system32\svchost.exe [912:952]                                                                                                                                                                                        000000e86195f210
Thread  C:\Windows\system32\svchost.exe [912:956]                                                                                                                                                                                        000000e86195f210
Thread  C:\Windows\system32\svchost.exe [912:960]                                                                                                                                                                                        000000e86195f210
Thread  C:\Windows\system32\svchost.exe [912:964]                                                                                                                                                                                        000000e862abef60
Thread  C:\Windows\system32\svchost.exe [912:968]                                                                                                                                                                                        000000e862abef60
Thread  C:\Windows\system32\svchost.exe [912:972]                                                                                                                                                                                        000000e862abef60
Thread  C:\Windows\system32\svchost.exe [912:976]                                                                                                                                                                                        000000e862abef60
Thread  C:\Windows\System32\svchost.exe [1004:1224]                                                                                                                                                                                      000007f8c7ee9970
Thread  C:\Windows\System32\svchost.exe [1004:1232]                                                                                                                                                                                      000007f8c7e2c0f0
Thread  C:\Windows\System32\svchost.exe [1004:1292]                                                                                                                                                                                      000007f8c74eba00
Thread  C:\Windows\System32\svchost.exe [1004:1296]                                                                                                                                                                                      000007f8c7e6c570
Thread  C:\Windows\System32\svchost.exe [1004:3700]                                                                                                                                                                                      000007f8ccc51c20
Thread  C:\Windows\System32\svchost.exe [1004:3732]                                                                                                                                                                                      000007f8c170d594
Thread  C:\Windows\System32\svchost.exe [1004:3740]                                                                                                                                                                                      000007f8c1704150
Thread  C:\Windows\System32\svchost.exe [1004:1128]                                                                                                                                                                                      000007f8cb047240
Thread  C:\Windows\system32\svchost.exe [344:1328]                                                                                                                                                                                        000000ff019ef210
Thread  C:\Windows\system32\svchost.exe [344:1332]                                                                                                                                                                                        000000ff019ef210
Thread  C:\Windows\system32\svchost.exe [344:1336]                                                                                                                                                                                        000000ff019ef210
Thread  C:\Windows\system32\svchost.exe [344:1340]                                                                                                                                                                                        000000ff019ef210
Thread  C:\Windows\system32\svchost.exe [344:1356]                                                                                                                                                                                        000000ff01faef60
Thread  C:\Windows\system32\svchost.exe [344:1360]                                                                                                                                                                                        000000ff01faef60
Thread  C:\Windows\system32\svchost.exe [344:1364]                                                                                                                                                                                        000000ff01faef60
Thread  C:\Windows\system32\svchost.exe [344:1368]                                                                                                                                                                                        000000ff01faef60
Thread  C:\Windows\system32\svchost.exe [344:3968]                                                                                                                                                                                        000007f8bf631824
Thread  C:\Windows\system32\svchost.exe [344:5356]                                                                                                                                                                                        000007f8c5365c38
Thread  C:\Windows\system32\svchost.exe [344:8008]                                                                                                                                                                                        000007f8be6a16b0
Thread  C:\Windows\System32\spoolsv.exe [1456:5108]                                                                                                                                                                                      00000000018bf210
Thread  C:\Windows\System32\spoolsv.exe [1456:4668]                                                                                                                                                                                      00000000018bf210
Thread  C:\Windows\System32\spoolsv.exe [1456:4264]                                                                                                                                                                                      00000000018bf210
Thread  C:\Windows\System32\spoolsv.exe [1456:4892]                                                                                                                                                                                      00000000018bf210
Thread  C:\Windows\System32\spoolsv.exe [1456:4304]                                                                                                                                                                                      00000000025cef60
Thread  C:\Windows\System32\spoolsv.exe [1456:4172]                                                                                                                                                                                      00000000025cef60
Thread  C:\Windows\System32\spoolsv.exe [1456:3516]                                                                                                                                                                                      00000000025cef60
Thread  C:\Windows\System32\spoolsv.exe [1456:4168]                                                                                                                                                                                      00000000025cef60
Thread  C:\Windows\System32\spoolsv.exe [1456:4360]                                                                                                                                                                                      000007f8c19c54c0
Thread  C:\Windows\System32\spoolsv.exe [1456:3936]                                                                                                                                                                                      000007f8c17630ec
Thread  C:\Windows\System32\spoolsv.exe [1456:5076]                                                                                                                                                                                      000007f8bcaf5798
Thread  C:\Windows\System32\spoolsv.exe [1456:4648]                                                                                                                                                                                      000007f8bcb404ac
Thread  C:\Windows\system32\svchost.exe [1564:1652]                                                                                                                                                                                      000000306db6f210
Thread  C:\Windows\system32\svchost.exe [1564:1656]                                                                                                                                                                                      000000306db6f210
Thread  C:\Windows\system32\svchost.exe [1564:1660]                                                                                                                                                                                      000000306db6f210
Thread  C:\Windows\system32\svchost.exe [1564:1664]                                                                                                                                                                                      000000306db6f210
Thread  C:\Windows\system32\svchost.exe [1564:1668]                                                                                                                                                                                      000000306dadef60
Thread  C:\Windows\system32\svchost.exe [1564:1672]                                                                                                                                                                                      000000306dadef60
Thread  C:\Windows\system32\svchost.exe [1564:1676]                                                                                                                                                                                      000000306dadef60
Thread  C:\Windows\system32\svchost.exe [1564:1680]                                                                                                                                                                                      000000306dadef60
Thread  C:\Windows\system32\svchost.exe [1564:2032]                                                                                                                                                                                      000007f8c5b031a0
Thread  C:\Windows\system32\svchost.exe [1564:4404]                                                                                                                                                                                      000007f8c5b09c68
Thread  C:\Windows\system32\svchost.exe [1564:4484]                                                                                                                                                                                      000007f8beb724e8
Thread  C:\Windows\system32\svchost.exe [1564:4504]                                                                                                                                                                                      000007f8beb41544
Thread  C:\Windows\system32\svchost.exe [1564:4536]                                                                                                                                                                                      000007f8bea955dc
Thread  C:\Windows\system32\svchost.exe [1564:6096]                                                                                                                                                                                      000007f8ba7d4910
Thread  C:\Windows\system32\svchost.exe [1564:5848]                                                                                                                                                                                      000007f8ba7d1044
Thread  C:\Windows\system32\dashost.exe [2024:5036]                                                                                                                                                                                      000000b0ed16f210
Thread  C:\Windows\system32\dashost.exe [2024:5040]                                                                                                                                                                                      000000b0ed16f210
Thread  C:\Windows\system32\dashost.exe [2024:5044]                                                                                                                                                                                      000000b0ed16f210
Thread  C:\Windows\system32\dashost.exe [2024:5048]                                                                                                                                                                                      000000b0ed16f210
Thread  C:\Windows\system32\dashost.exe [2024:5056]                                                                                                                                                                                      000000b0ed18ec50
Thread  C:\Windows\system32\dashost.exe [2024:5060]                                                                                                                                                                                      000000b0ed0bef60
Thread  C:\Windows\system32\dashost.exe [2024:5064]                                                                                                                                                                                      000000b0ed0bef60
Thread  C:\Windows\system32\dashost.exe [2024:5068]                                                                                                                                                                                      000000b0ed0bef60
Thread  C:\Windows\system32\dashost.exe [2024:5072]                                                                                                                                                                                      000000b0ed0bef60
Thread  C:\Windows\system32\dashost.exe [2024:5080]                                                                                                                                                                                      000000b0ed0de3e0
Thread  C:\Windows\system32\dashost.exe [2024:5116]                                                                                                                                                                                      000000b0ed18ec50
Thread  C:\Windows\system32\dashost.exe [2024:4184]                                                                                                                                                                                      000000b0ed0de3e0
Thread  C:\Windows\System32\svchost.exe [4848:4944]                                                                                                                                                                                      000000e80c31f210
Thread  C:\Windows\System32\svchost.exe [4848:4948]                                                                                                                                                                                      000000e80c31f210
Thread  C:\Windows\System32\svchost.exe [4848:4952]                                                                                                                                                                                      000000e80c31f210
Thread  C:\Windows\System32\svchost.exe [4848:4956]                                                                                                                                                                                      000000e80c31f210
Thread  C:\Windows\System32\svchost.exe [4848:4960]                                                                                                                                                                                      000000e80cd5ef60
Thread  C:\Windows\System32\svchost.exe [4848:4964]                                                                                                                                                                                      000000e80cd5ef60
Thread  C:\Windows\System32\svchost.exe [4848:4968]                                                                                                                                                                                      000000e80cd5ef60
Thread  C:\Windows\System32\svchost.exe [4848:4972]                                                                                                                                                                                      000000e80cd5ef60
Thread  C:\Windows\Explorer.EXE [5476:6132]                                                                                                                                                                                              000000000b7af210
Thread  C:\Windows\Explorer.EXE [5476:6136]                                                                                                                                                                                              000000000b7af210
Thread  C:\Windows\Explorer.EXE [5476:6140]                                                                                                                                                                                              000000000b7af210
Thread  C:\Windows\Explorer.EXE [5476:3560]                                                                                                                                                                                              000000000b7af210
Thread  C:\Windows\Explorer.EXE [5476:5152]                                                                                                                                                                                              000000000b7cec50
Thread  C:\Windows\Explorer.EXE [5476:5124]                                                                                                                                                                                              000000000b6eef60
Thread  C:\Windows\Explorer.EXE [5476:5176]                                                                                                                                                                                              000000000b6eef60
Thread  C:\Windows\Explorer.EXE [5476:5180]                                                                                                                                                                                              000000000b6eef60
Thread  C:\Windows\Explorer.EXE [5476:5172]                                                                                                                                                                                              000000000b6eef60
Thread  C:\Windows\Explorer.EXE [5476:5132]                                                                                                                                                                                              000000000b70e3e0
Thread  C:\Windows\Explorer.EXE [5476:4708]                                                                                                                                                                                              000000000b7cec50
Thread  C:\Windows\Explorer.EXE [5476:2988]                                                                                                                                                                                              000000000b70e3e0
Thread  C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe [7296:7456]                                                                                                                                        000000005e0730df
Thread  C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe [7296:7468]                                                                                                                                        000000005e110b23
Thread  C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe [7296:7484]                                                                                                                                        0000000077294f27
Thread  C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe [7296:7596]                                                                                                                                        0000000069fb97fe
Thread  C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe [7296:6216]                                                                                                                                        0000000077294f27
Thread  C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe [7296:7736]                                                                                                                                        0000000077294f27
Thread  C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe [7304:7452]                                                                                                                                      000000005e0730df
Thread  C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe [7304:7472]                                                                                                                                      000000005e110b23
Thread  C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe [7304:7492]                                                                                                                                      0000000077294f27
Thread  C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe [7304:7592]                                                                                                                                      0000000069fb97fe
Thread  C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe [7304:5320]                                                                                                                                      0000000077294f27
Thread  C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe [7304:4032]                                                                                                                                      0000000077294f27
---- Processes - GMER 2.1 ----

Process  C:\Users\Jana\AppData\Roaming\12345678-1425234414-5678-90AB-CDDEEFAABBCC\nsm59BB.tmpfs (*** suspicious ***) @ C:\Users\Jana\AppData\Roaming\12345678-1425234414-5678-90AB-CDDEEFAABBCC\nsm59BB.tmpfs [1752](2015-03-01 17:27:10)  00000000001c0000

---- Disk sectors - GMER 2.1 ----

Disk    \Device\Harddisk0\DR0                                                                                                                                                                                                            unknown MBR code

---- EOF - GMER 2.1 ----


Gruß
Stefan

sbie 29.07.2015 21:50

Moin,
hier die adw Logfiles:
Logfile adwcleaner
[CODE]########## EOF - \AdwCleaner\AdwCleaner[R0].txt - [3778 Bytes] ##########AdwCleaner Logfile:
Code:

# AdwCleaner v4.112 - Bericht erstellt 28/07/2015 um 21:18:51
# Aktualisiert 09/03/2015 von Xplode
# Datenbank : 2015-07-26.2 [Server]
# Betriebssystem : Windows 8  (x64)
# Benutzername : Jana - LAPPI
# Gestarted von : D:\adwcleaner_4.112.exe
# Option : Suchlauf

***** [ Dienste ] *****

Dienst Gefunden : Gambali
Dienst Gefunden : ReimageRealTimeProtector
Dienst Gefunden : FlashBeat

***** [ Dateien / Ordner ] *****

Datei Gefunden : C:\Users\Jana\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Goodgame Empire.lnk
Datei Gefunden : C:\Users\Jana\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Goodgame Empire.lnk
Datei Gefunden : C:\Users\Public\Desktop\PC Scan & Repair by Reimage.lnk
Datei Gefunden : C:\Windows\Reimage.ini
Datei Gefunden : C:\Windows\System32\Gambali64.dll
Datei Gefunden : C:\Windows\System32\GambaliOff.ini
Datei Gefunden : C:\Windows\SysWOW64\Gambali.dll
Datei Gefunden : C:\Windows\SysWOW64\Gambali.ini
Datei Gefunden : C:\Windows\SysWOW64\GambaliOff.ini
Ordner Gefunden : C:\Program Files (x86)\Roll Around
Ordner Gefunden : C:\Program Files\Reimage
Ordner Gefunden : C:\ProgramData\FlashBeat
Ordner Gefunden : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\reimage repair
Ordner Gefunden : C:\ProgramData\Reimage Protector
Ordner Gefunden : C:\Users\Jana\AppData\Local\WSE_Binkiland
Ordner Gefunden : C:\Users\Jana\AppData\Roaming\RHEng
Ordner Gefunden : C:\Users\Jana\AppData\Roaming\WSE_Binkiland

***** [ Geplante Tasks ] *****

Task Gefunden : Optimizer Pro Schedule
Task Gefunden : Reimage Reminder
Task Gefunden : ReimageUpdater

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Daten Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local
Schlüssel Gefunden : HKCU\Software\AnyProtect
Schlüssel Gefunden : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gefunden : HKCU\Software\Binkiland
Schlüssel Gefunden : HKCU\Software\Binkiland Browser
Schlüssel Gefunden : HKCU\Software\Ciuvo
Schlüssel Gefunden : HKCU\Software\Classes\Applications\inetstat.exe
Schlüssel Gefunden : HKCU\Software\InetStat
Schlüssel Gefunden : HKCU\Software\InstallCore
Schlüssel Gefunden : HKCU\Software\MICROSOFT\INTERNET EXPLORER\DOMSTORAGE\superfish.com
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{E733165D-CBCF-4FDA-883E-ADEF965B476C}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{10ECCE17-29B5-4880-A8F5-EAD298611484}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\InetStat
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Price Fountain
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\PriceFountain
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\WSE_Binkiland
Schlüssel Gefunden : HKCU\Software\OCS
Schlüssel Gefunden : HKCU\Software\Optimizer Pro
Schlüssel Gefunden : HKCU\Software\PriceFountain
Schlüssel Gefunden : HKCU\Software\PRODUCTSETUP
Schlüssel Gefunden : HKCU\Software\Reimage
Schlüssel Gefunden : HKCU\Software\WSE_Binkiland
Schlüssel Gefunden : [x64] HKCU\Software\AnyProtect
Schlüssel Gefunden : [x64] HKCU\Software\Binkiland
Schlüssel Gefunden : [x64] HKCU\Software\Binkiland Browser
Schlüssel Gefunden : [x64] HKCU\Software\Ciuvo
Schlüssel Gefunden : [x64] HKCU\Software\InetStat
Schlüssel Gefunden : [x64] HKCU\Software\InstallCore
Schlüssel Gefunden : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C}
Schlüssel Gefunden : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{E733165D-CBCF-4FDA-883E-ADEF965B476C}
Schlüssel Gefunden : [x64] HKCU\Software\OCS
Schlüssel Gefunden : [x64] HKCU\Software\Optimizer Pro
Schlüssel Gefunden : [x64] HKCU\Software\PriceFountain
Schlüssel Gefunden : [x64] HKCU\Software\PRODUCTSETUP
Schlüssel Gefunden : [x64] HKCU\Software\Reimage
Schlüssel Gefunden : [x64] HKCU\Software\WSE_Binkiland
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{A5BBB804-8009-4246-BED3-2D3335981EF6}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\REI_AxControl.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{B853E835-9F24-4F4B-B55C-E554D15CCCD2}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{F83D1872-D9FF-47F8-B5A0-49CC51E24EE8}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{22E9CC7A-04B2-4558-A993-763395274E42}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\REI_AxControl.ReiEngine
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\REI_AxControl.ReiEngine.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}
Schlüssel Gefunden : HKLM\SOFTWARE\FlashBeat
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Reimage.exe
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FlashBeat
Schlüssel Gefunden : HKLM\SOFTWARE\RollAround
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\CLSID\{10ECCE17-29B5-4880-A8F5-EAD298611484}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\CLSID\{801B440B-1EE3-49B0-B05D-2AB076D4E8CB}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{22E9CC7A-04B2-4558-A993-763395274E42}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\FlashBeat
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0b4d26f6-61a8-4463-99dd-5f2fe0400fa6}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Reimage Repair
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Reimage

***** [ Internetbrowser ] *****

-\\ Internet Explorer v10.0.9200.17377

Einstellung Gefunden : HKCU\Software\Microsoft\Internet Explorer\Main [Search Page] - hxxp://www.key-find.com/web/?type=dspp&ts=1425230640&from=cvs&uid=ST500LT012-9WS142_W0VGAG14XXXXW0VGAG14&q={searchTerms}
Einstellung Gefunden : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL] - hxxp://www.key-find.com/?type=hppp&ts=1425230640&from=cvs&uid=ST500LT012-9WS142_W0VGAG14XXXXW0VGAG14
Einstellung Gefunden : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Search_URL] - hxxp://www.key-find.com/web/?type=dspp&ts=1425230640&from=cvs&uid=ST500LT012-9WS142_W0VGAG14XXXXW0VGAG14&q={searchTerms}
Einstellung Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL] - hxxp://www.key-find.com/web/?type=ds&ts=1425230632&from=cvs&uid=ST500LT012-9WS142_W0VGAG14XXXXW0VGAG14&q={searchTerms}
Einstellung Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL] - hxxp://www.key-find.com/?type=hppp&ts=1425230640&from=cvs&uid=ST500LT012-9WS142_W0VGAG14XXXXW0VGAG14
Einstellung Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] - hxxp://www.key-find.com/?type=hppp&ts=1425230640&from=cvs&uid=ST500LT012-9WS142_W0VGAG14XXXXW0VGAG14
Einstellung Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page] - hxxp://www.key-find.com/web/?type=ds&ts=1425230632&from=cvs&uid=ST500LT012-9WS142_W0VGAG14XXXXW0VGAG14&q={searchTerms}
Einstellung Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL] - hxxp://www.key-find.com/web/?type=ds&ts=1425230632&from=cvs&uid=ST500LT012-9WS142_W0VGAG14XXXXW0VGAG14&q={searchTerms}
Einstellung Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL] - hxxp://www.key-find.com/?type=hppp&ts=1425230640&from=cvs&uid=ST500LT012-9WS142_W0VGAG14XXXXW0VGAG14
Einstellung Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] - hxxp://www.key-find.com/?type=hppp&ts=1425230640&from=cvs&uid=ST500LT012-9WS142_W0VGAG14XXXXW0VGAG14
Einstellung Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page] - hxxp://www.key-find.com/web/?type=ds&ts=1425230632&from=cvs&uid=ST500LT012-9WS142_W0VGAG14XXXXW0VGAG14&q={searchTerms}

-\\ Mozilla Firefox v

*************************

AdwCleaner[R0].txt - [13446 Bytes] - [28/07/2015 21:15:09]
AdwCleaner[R1].txt - [275 Bytes] - [28/07/2015 21:15:09]
AdwCleaner[S0].txt - [3802 Bytes] - [28/07/2015 21:15:09]

########## EOF - \AdwCleaner\AdwCleaner[R0].txt - [13623 Bytes] ##########

--- --- ---


Logfile Quarantine
Code:

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WajNEnhance\Settings.lnk->\AdwCleaner\Quarantine\C\ProgramData\Microsoft\Windows\Start Menu\Programs\WajNEnhance\Settings.lnk.vir
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WajNEnhance\SignIn with Facebook.lnk->\AdwCleaner\Quarantine\C\ProgramData\Microsoft\Windows\Start Menu\Programs\WajNEnhance\SignIn with Facebook.lnk.vir
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WajNEnhance\SignIn with Twitter.lnk->\AdwCleaner\Quarantine\C\ProgramData\Microsoft\Windows\Start Menu\Programs\WajNEnhance\SignIn with Twitter.lnk.vir
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WajNEnhance\Wajam Website.lnk->\AdwCleaner\Quarantine\C\ProgramData\Microsoft\Windows\Start Menu\Programs\WajNEnhance\Wajam Website.lnk.vir
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WajNEnhance\Uninstall Wajam\uninstall.lnk->\AdwCleaner\Quarantine\C\ProgramData\Microsoft\Windows\Start Menu\Programs\WajNEnhance\Uninstall Wajam\uninstall.lnk.vir
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WajNEnhance\Explore Social Shopping\Amazon.lnk->\AdwCleaner\Quarantine\C\ProgramData\Microsoft\Windows\Start Menu\Programs\WajNEnhance\Explore Social Shopping\Amazon.lnk.vir
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WajNEnhance\Explore Social Shopping\Argos.lnk->\AdwCleaner\Quarantine\C\ProgramData\Microsoft\Windows\Start Menu\Programs\WajNEnhance\Explore Social Shopping\Argos.lnk.vir
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WajNEnhance\Explore Social Shopping\Ebay.lnk->\AdwCleaner\Quarantine\C\ProgramData\Microsoft\Windows\Start Menu\Programs\WajNEnhance\Explore Social Shopping\Ebay.lnk.vir
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WajNEnhance\Explore Social Shopping\Etsy.lnk->\AdwCleaner\Quarantine\C\ProgramData\Microsoft\Windows\Start Menu\Programs\WajNEnhance\Explore Social Shopping\Etsy.lnk.vir
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WajNEnhance\Explore Social Shopping\HomeDepot.lnk->\AdwCleaner\Quarantine\C\ProgramData\Microsoft\Windows\Start Menu\Programs\WajNEnhance\Explore Social Shopping\HomeDepot.lnk.vir
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WajNEnhance\Explore Social Shopping\Ikea.lnk->\AdwCleaner\Quarantine\C\ProgramData\Microsoft\Windows\Start Menu\Programs\WajNEnhance\Explore Social Shopping\Ikea.lnk.vir
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WajNEnhance\Explore Social Shopping\Lowe's.lnk->\AdwCleaner\Quarantine\C\ProgramData\Microsoft\Windows\Start Menu\Programs\WajNEnhance\Explore Social Shopping\Lowe's.lnk.vir
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WajNEnhance\Explore Social Shopping\Mercadolivre.lnk->\AdwCleaner\Quarantine\C\ProgramData\Microsoft\Windows\Start Menu\Programs\WajNEnhance\Explore Social Shopping\Mercadolivre.lnk.vir
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WajNEnhance\Explore Social Shopping\MyShopping.lnk->\AdwCleaner\Quarantine\C\ProgramData\Microsoft\Windows\Start Menu\Programs\WajNEnhance\Explore Social Shopping\MyShopping.lnk.vir
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WajNEnhance\Explore Social Shopping\Sears.lnk->\AdwCleaner\Quarantine\C\ProgramData\Microsoft\Windows\Start Menu\Programs\WajNEnhance\Explore Social Shopping\Sears.lnk.vir
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WajNEnhance\Explore Social Shopping\Target.lnk->\AdwCleaner\Quarantine\C\ProgramData\Microsoft\Windows\Start Menu\Programs\WajNEnhance\Explore Social Shopping\Target.lnk.vir
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WajNEnhance\Explore Social Shopping\Tesco.lnk->\AdwCleaner\Quarantine\C\ProgramData\Microsoft\Windows\Start Menu\Programs\WajNEnhance\Explore Social Shopping\Tesco.lnk.vir
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WajNEnhance\Explore Social Shopping\Walmart.lnk->\AdwCleaner\Quarantine\C\ProgramData\Microsoft\Windows\Start Menu\Programs\WajNEnhance\Explore Social Shopping\Walmart.lnk.vir
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WajNEnhance\Explore Social Shopping\Zalando.lnk->\AdwCleaner\Quarantine\C\ProgramData\Microsoft\Windows\Start Menu\Programs\WajNEnhance\Explore Social Shopping\Zalando.lnk.vir
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WajNEnhance\Explore Social Search\Ask.lnk->\AdwCleaner\Quarantine\C\ProgramData\Microsoft\Windows\Start Menu\Programs\WajNEnhance\Explore Social Search\Ask.lnk.vir
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WajNEnhance\Explore Social Search\Google.lnk->\AdwCleaner\Quarantine\C\ProgramData\Microsoft\Windows\Start Menu\Programs\WajNEnhance\Explore Social Search\Google.lnk.vir
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WajNEnhance\Explore Social Search\IMDb.lnk->\AdwCleaner\Quarantine\C\ProgramData\Microsoft\Windows\Start Menu\Programs\WajNEnhance\Explore Social Search\IMDb.lnk.vir
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WajNEnhance\Explore Social Search\Shopping.com.lnk->\AdwCleaner\Quarantine\C\ProgramData\Microsoft\Windows\Start Menu\Programs\WajNEnhance\Explore Social Search\Shopping.com.lnk.vir
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WajNEnhance\Explore Social Search\TripAdvisor.lnk->\AdwCleaner\Quarantine\C\ProgramData\Microsoft\Windows\Start Menu\Programs\WajNEnhance\Explore Social Search\TripAdvisor.lnk.vir
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WajNEnhance\Explore Social Search\Wikipedia.lnk->\AdwCleaner\Quarantine\C\ProgramData\Microsoft\Windows\Start Menu\Programs\WajNEnhance\Explore Social Search\Wikipedia.lnk.vir
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WajNEnhance\Explore Social Search\Yahoo!.lnk->\AdwCleaner\Quarantine\C\ProgramData\Microsoft\Windows\Start Menu\Programs\WajNEnhance\Explore Social Search\Yahoo!.lnk.vir
C:\Program Files (x86)\WajNEnhance\uninstall.exe->\AdwCleaner\Quarantine\C\Program Files (x86)\WajNEnhance\uninstall.exe.vir
C:\Program Files (x86)\WajNEnhance\WajNEnhance Internet Enhancer\0bbe0f7fca7a091f277f63e2ef308126->\AdwCleaner\Quarantine\C\Program Files (x86)\WajNEnhance\WajNEnhance Internet Enhancer\0bbe0f7fca7a091f277f63e2ef308126.vir
C:\Program Files (x86)\WajNEnhance\WajNEnhance Internet Enhancer\142491539eebc781966db6c803d5d73c->\AdwCleaner\Quarantine\C\Program Files (x86)\WajNEnhance\WajNEnhance Internet Enhancer\142491539eebc781966db6c803d5d73c.vir
C:\Program Files (x86)\WajNEnhance\WajNEnhance Internet Enhancer\23c0f3cec6dd41ad74fe0987c83b93db->\AdwCleaner\Quarantine\C\Program Files (x86)\WajNEnhance\WajNEnhance Internet Enhancer\23c0f3cec6dd41ad74fe0987c83b93db.vir
C:\Program Files (x86)\WajNEnhance\WajNEnhance Internet Enhancer\5b670487ab99709972c43a2cc11199c2->\AdwCleaner\Quarantine\C\Program Files (x86)\WajNEnhance\WajNEnhance Internet Enhancer\5b670487ab99709972c43a2cc11199c2.vir
C:\Program Files (x86)\WajNEnhance\WajNEnhance Internet Enhancer\6cb8e27f6736613be7ac3fefd415f7dd->\AdwCleaner\Quarantine\C\Program Files (x86)\WajNEnhance\WajNEnhance Internet Enhancer\6cb8e27f6736613be7ac3fefd415f7dd.vir
C:\Program Files (x86)\WajNEnhance\WajNEnhance Internet Enhancer\6d5633efb63014a1ef75984d40362a07->\AdwCleaner\Quarantine\C\Program Files (x86)\WajNEnhance\WajNEnhance Internet Enhancer\6d5633efb63014a1ef75984d40362a07.vir
C:\Program Files (x86)\WajNEnhance\WajNEnhance Internet Enhancer\804e890578126f23fdb0ffb66b1a31bc->\AdwCleaner\Quarantine\C\Program Files (x86)\WajNEnhance\WajNEnhance Internet Enhancer\804e890578126f23fdb0ffb66b1a31bc.vir
C:\Program Files (x86)\WajNEnhance\WajNEnhance Internet Enhancer\89c16c82c917fda4a896149e243da00d->\AdwCleaner\Quarantine\C\Program Files (x86)\WajNEnhance\WajNEnhance Internet Enhancer\89c16c82c917fda4a896149e243da00d.vir
C:\Program Files (x86)\WajNEnhance\WajNEnhance Internet Enhancer\8de768db33dd90cd8e273c6bbb0aea4d->\AdwCleaner\Quarantine\C\Program Files (x86)\WajNEnhance\WajNEnhance Internet Enhancer\8de768db33dd90cd8e273c6bbb0aea4d.vir
C:\Program Files (x86)\WajNEnhance\WajNEnhance Internet Enhancer\ApiHandlr.dll->\AdwCleaner\Quarantine\C\Program Files (x86)\WajNEnhance\WajNEnhance Internet Enhancer\ApiHandlr.dll.vir
C:\Program Files (x86)\WajNEnhance\WajNEnhance Internet Enhancer\e36168f0f3afc2188c97ad3aab364282->\AdwCleaner\Quarantine\C\Program Files (x86)\WajNEnhance\WajNEnhance Internet Enhancer\e36168f0f3afc2188c97ad3aab364282.vir
C:\Program Files (x86)\WajNEnhance\WajNEnhance Internet Enhancer\eeabbf7716a9e045015b29de1ce75200->\AdwCleaner\Quarantine\C\Program Files (x86)\WajNEnhance\WajNEnhance Internet Enhancer\eeabbf7716a9e045015b29de1ce75200.vir
C:\Program Files (x86)\WajNEnhance\WajNEnhance Internet Enhancer\f26ee66a3429d3a3e1de93197af2be0d->\AdwCleaner\Quarantine\C\Program Files (x86)\WajNEnhance\WajNEnhance Internet Enhancer\f26ee66a3429d3a3e1de93197af2be0d.vir
C:\Program Files (x86)\WajNEnhance\WajNEnhance Internet Enhancer\f85dad7eb09037f10d56e6a34a7e1534->\AdwCleaner\Quarantine\C\Program Files (x86)\WajNEnhance\WajNEnhance Internet Enhancer\f85dad7eb09037f10d56e6a34a7e1534.vir
C:\Program Files (x86)\WajNEnhance\WajNEnhance Internet Enhancer\fd6b5fc2dd93cfcec16d18f48a3156f9->\AdwCleaner\Quarantine\C\Program Files (x86)\WajNEnhance\WajNEnhance Internet Enhancer\fd6b5fc2dd93cfcec16d18f48a3156f9.vir
C:\Program Files (x86)\WajNEnhance\WajNEnhance Internet Enhancer\FiddlerCore.dll->\AdwCleaner\Quarantine\C\Program Files (x86)\WajNEnhance\WajNEnhance Internet Enhancer\FiddlerCore.dll.vir
C:\Program Files (x86)\WajNEnhance\WajNEnhance Internet Enhancer\HtmlAgilityPack.dll->\AdwCleaner\Quarantine\C\Program Files (x86)\WajNEnhance\WajNEnhance Internet Enhancer\HtmlAgilityPack.dll.vir
C:\Program Files (x86)\WajNEnhance\WajNEnhance Internet Enhancer\InternetEnhancer.exe->\AdwCleaner\Quarantine\C\Program Files (x86)\WajNEnhance\WajNEnhance Internet Enhancer\InternetEnhancer.exe.vir
C:\Program Files (x86)\WajNEnhance\WajNEnhance Internet Enhancer\makecert.exe->\AdwCleaner\Quarantine\C\Program Files (x86)\WajNEnhance\WajNEnhance Internet Enhancer\makecert.exe.vir
C:\Program Files (x86)\WajNEnhance\WajNEnhance Internet Enhancer\Newtonsoft.Json.dll->\AdwCleaner\Quarantine\C\Program Files (x86)\WajNEnhance\WajNEnhance Internet Enhancer\Newtonsoft.Json.dll.vir
C:\Program Files (x86)\WajNEnhance\WajNEnhance Internet Enhancer\WHttpServer.exe->\AdwCleaner\Quarantine\C\Program Files (x86)\WajNEnhance\WajNEnhance Internet Enhancer\WHttpServer.exe.vir
C:\Program Files (x86)\WajNEnhance\WajNEnhance Internet Enhancer\wie->\AdwCleaner\Quarantine\C\Program Files (x86)\WajNEnhance\WajNEnhance Internet Enhancer\wie.vir
C:\Program Files (x86)\WajNEnhance\WajNEnhance Internet Enhancer\WJManifest->\AdwCleaner\Quarantine\C\Program Files (x86)\WajNEnhance\WajNEnhance Internet Enhancer\WJManifest.vir
C:\Program Files (x86)\WajNEnhance\Logos\amazon.ico->\AdwCleaner\Quarantine\C\Program Files (x86)\WajNEnhance\Logos\amazon.ico.vir
C:\Program Files (x86)\WajNEnhance\Logos\argos.ico->\AdwCleaner\Quarantine\C\Program Files (x86)\WajNEnhance\Logos\argos.ico.vir
C:\Program Files (x86)\WajNEnhance\Logos\ask.ico->\AdwCleaner\Quarantine\C\Program Files (x86)\WajNEnhance\Logos\ask.ico.vir
C:\Program Files (x86)\WajNEnhance\Logos\bestbuy.ico->\AdwCleaner\Quarantine\C\Program Files (x86)\WajNEnhance\Logos\bestbuy.ico.vir
C:\Program Files (x86)\WajNEnhance\Logos\ebay.ico->\AdwCleaner\Quarantine\C\Program Files (x86)\WajNEnhance\Logos\ebay.ico.vir
C:\Program Files (x86)\WajNEnhance\Logos\etsy.ico->\AdwCleaner\Quarantine\C\Program Files (x86)\WajNEnhance\Logos\etsy.ico.vir
C:\Program Files (x86)\WajNEnhance\Logos\facebook.ico->\AdwCleaner\Quarantine\C\Program Files (x86)\WajNEnhance\Logos\facebook.ico.vir
C:\Program Files (x86)\WajNEnhance\Logos\favicon.ico->\AdwCleaner\Quarantine\C\Program Files (x86)\WajNEnhance\Logos\favicon.ico.vir
C:\Program Files (x86)\WajNEnhance\Logos\google.ico->\AdwCleaner\Quarantine\C\Program Files (x86)\WajNEnhance\Logos\google.ico.vir
C:\Program Files (x86)\WajNEnhance\Logos\homedepot.ico->\AdwCleaner\Quarantine\C\Program Files (x86)\WajNEnhance\Logos\homedepot.ico.vir
C:\Program Files (x86)\WajNEnhance\Logos\ikea.ico->\AdwCleaner\Quarantine\C\Program Files (x86)\WajNEnhance\Logos\ikea.ico.vir
C:\Program Files (x86)\WajNEnhance\Logos\imdb.ico->\AdwCleaner\Quarantine\C\Program Files (x86)\WajNEnhance\Logos\imdb.ico.vir
C:\Program Files (x86)\WajNEnhance\Logos\lowes.ico->\AdwCleaner\Quarantine\C\Program Files (x86)\WajNEnhance\Logos\lowes.ico.vir
C:\Program Files (x86)\WajNEnhance\Logos\mercado.ico->\AdwCleaner\Quarantine\C\Program Files (x86)\WajNEnhance\Logos\mercado.ico.vir
C:\Program Files (x86)\WajNEnhance\Logos\mysearchweb.ico->\AdwCleaner\Quarantine\C\Program Files (x86)\WajNEnhance\Logos\mysearchweb.ico.vir
C:\Program Files (x86)\WajNEnhance\Logos\myshopping.ico->\AdwCleaner\Quarantine\C\Program Files (x86)\WajNEnhance\Logos\myshopping.ico.vir
C:\Program Files (x86)\WajNEnhance\Logos\searchresult.ico->\AdwCleaner\Quarantine\C\Program Files (x86)\WajNEnhance\Logos\searchresult.ico.vir
C:\Program Files (x86)\WajNEnhance\Logos\sears.ico->\AdwCleaner\Quarantine\C\Program Files (x86)\WajNEnhance\Logos\sears.ico.vir
C:\Program Files (x86)\WajNEnhance\Logos\setting.ico->\AdwCleaner\Quarantine\C\Program Files (x86)\WajNEnhance\Logos\setting.ico.vir
C:\Program Files (x86)\WajNEnhance\Logos\settings.ico->\AdwCleaner\Quarantine\C\Program Files (x86)\WajNEnhance\Logos\settings.ico.vir
C:\Program Files (x86)\WajNEnhance\Logos\shopping.ico->\AdwCleaner\Quarantine\C\Program Files (x86)\WajNEnhance\Logos\shopping.ico.vir
C:\Program Files (x86)\WajNEnhance\Logos\target.ico->\AdwCleaner\Quarantine\C\Program Files (x86)\WajNEnhance\Logos\target.ico.vir
C:\Program Files (x86)\WajNEnhance\Logos\tesco.ico->\AdwCleaner\Quarantine\C\Program Files (x86)\WajNEnhance\Logos\tesco.ico.vir
C:\Program Files (x86)\WajNEnhance\Logos\tripadvisor.ico->\AdwCleaner\Quarantine\C\Program Files (x86)\WajNEnhance\Logos\tripadvisor.ico.vir
C:\Program Files (x86)\WajNEnhance\Logos\twitter.ico->\AdwCleaner\Quarantine\C\Program Files (x86)\WajNEnhance\Logos\twitter.ico.vir
C:\Program Files (x86)\WajNEnhance\Logos\wajam.ico->\AdwCleaner\Quarantine\C\Program Files (x86)\WajNEnhance\Logos\wajam.ico.vir
C:\Program Files (x86)\WajNEnhance\Logos\walmart.ico->\AdwCleaner\Quarantine\C\Program Files (x86)\WajNEnhance\Logos\walmart.ico.vir
C:\Program Files (x86)\WajNEnhance\Logos\wiki.ico->\AdwCleaner\Quarantine\C\Program Files (x86)\WajNEnhance\Logos\wiki.ico.vir
C:\Program Files (x86)\WajNEnhance\Logos\yahoo.ico->\AdwCleaner\Quarantine\C\Program Files (x86)\WajNEnhance\Logos\yahoo.ico.vir
C:\Program Files (x86)\WajNEnhance\Logos\zalando.ico->\AdwCleaner\Quarantine\C\Program Files (x86)\WajNEnhance\Logos\zalando.ico.vir
C:\Program Files (x86)\couponnppeaK\X5XadEp8o2WHwX.dat->\AdwCleaner\Quarantine\C\Program Files (x86)\couponnppeaK\X5XadEp8o2WHwX.dat.vir
C:\Program Files (x86)\couponnppeaK\X5XadEp8o2WHwX.tlb->\AdwCleaner\Quarantine\C\Program Files (x86)\couponnppeaK\X5XadEp8o2WHwX.tlb.vir
C:\Program Files (x86)\deeAl4oMe\fuukZjmVX897IC.dat->\AdwCleaner\Quarantine\C\Program Files (x86)\deeAl4oMe\fuukZjmVX897IC.dat.vir
C:\Program Files (x86)\deeAl4oMe\fuukZjmVX897IC.tlb->\AdwCleaner\Quarantine\C\Program Files (x86)\deeAl4oMe\fuukZjmVX897IC.tlb.vir
C:\Program Files (x86)\FineDeaalSoFt\FineDeaalSoFt.dat->\AdwCleaner\Quarantine\C\Program Files (x86)\FineDeaalSoFt\FineDeaalSoFt.dat.vir
C:\Users\Tore\AppData\LocalLow\mySecureSurfer\IE\JsBHO.dll.log->\AdwCleaner\Quarantine\C\Users\Tore\AppData\LocalLow\mySecureSurfer\IE\JsBHO.dll.log.vir
C:\Users\Tore\AppData\LocalLow\mySecureSurfer\IE\mySecureSurfer.dll->\AdwCleaner\Quarantine\C\Users\Tore\AppData\LocalLow\mySecureSurfer\IE\mySecureSurfer.dll.vir
C:\Users\Tore\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_istart.webssearches.com_0.localstorage->\AdwCleaner\Quarantine\C\Users\Tore\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_istart.webssearches.com_0.localstorage.vir
C:\Users\Tore\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_istart.webssearches.com_0.localstorage-journal->\AdwCleaner\Quarantine\C\Users\Tore\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_istart.webssearches.com_0.localstorage-journal.vir
C:\ProgramData\Reimage Protector\cfl.rei->\AdwCleaner\Quarantine\C\ProgramData\Reimage Protector\cfl.rei.vir
C:\ProgramData\Reimage Protector\Results\ProtectorPackage.log->\AdwCleaner\Quarantine\C\ProgramData\Reimage Protector\Results\ProtectorPackage.log.vir
C:\ProgramData\Reimage Protector\Results\ProtectorUpdater.log->\AdwCleaner\Quarantine\C\ProgramData\Reimage Protector\Results\ProtectorUpdater.log.vir
C:\ProgramData\Reimage Protector\Results\ScanAgent.log->\AdwCleaner\Quarantine\C\ProgramData\Reimage Protector\Results\ScanAgent.log.vir
C:\ProgramData\Reimage Protector\Results\ScanAgentDebugRepair.log->\AdwCleaner\Quarantine\C\ProgramData\Reimage Protector\Results\ScanAgentDebugRepair.log.vir
C:\ProgramData\FlashBeat\FlashBeat.exe->\AdwCleaner\Quarantine\C\ProgramData\FlashBeat\FlashBeat.exe.vir
C:\ProgramData\FlashBeat\freebl3.dll->\AdwCleaner\Quarantine\C\ProgramData\FlashBeat\freebl3.dll.vir
C:\ProgramData\FlashBeat\Gambali.dll->\AdwCleaner\Quarantine\C\ProgramData\FlashBeat\Gambali.dll.vir
C:\ProgramData\FlashBeat\Gambali.exe->\AdwCleaner\Quarantine\C\ProgramData\FlashBeat\Gambali.exe.vir
C:\ProgramData\FlashBeat\Gambali.tlb->\AdwCleaner\Quarantine\C\ProgramData\FlashBeat\Gambali.tlb.vir
C:\ProgramData\FlashBeat\Gambali64.dll->\AdwCleaner\Quarantine\C\ProgramData\FlashBeat\Gambali64.dll.vir
C:\ProgramData\FlashBeat\GambaliCrt.dll->\AdwCleaner\Quarantine\C\ProgramData\FlashBeat\GambaliCrt.dll.vir
C:\ProgramData\FlashBeat\libnspr4.dll->\AdwCleaner\Quarantine\C\ProgramData\FlashBeat\libnspr4.dll.vir
C:\ProgramData\FlashBeat\libplc4.dll->\AdwCleaner\Quarantine\C\ProgramData\FlashBeat\libplc4.dll.vir
C:\ProgramData\FlashBeat\libplds4.dll->\AdwCleaner\Quarantine\C\ProgramData\FlashBeat\libplds4.dll.vir
C:\ProgramData\FlashBeat\nss3.dll->\AdwCleaner\Quarantine\C\ProgramData\FlashBeat\nss3.dll.vir
C:\ProgramData\FlashBeat\nssckbi.dll->\AdwCleaner\Quarantine\C\ProgramData\FlashBeat\nssckbi.dll.vir
C:\ProgramData\FlashBeat\nssdbm3.dll->\AdwCleaner\Quarantine\C\ProgramData\FlashBeat\nssdbm3.dll.vir
C:\ProgramData\FlashBeat\nssutil3.dll->\AdwCleaner\Quarantine\C\ProgramData\FlashBeat\nssutil3.dll.vir
C:\ProgramData\FlashBeat\RfndNSIS.dll->\AdwCleaner\Quarantine\C\ProgramData\FlashBeat\RfndNSIS.dll.vir
C:\ProgramData\FlashBeat\RgsBTMedia.exe->\AdwCleaner\Quarantine\C\ProgramData\FlashBeat\RgsBTMedia.exe.vir
C:\ProgramData\FlashBeat\RgsBTMedia.ini->\AdwCleaner\Quarantine\C\ProgramData\FlashBeat\RgsBTMedia.ini.vir
C:\ProgramData\FlashBeat\RgsBTMedia64.exe->\AdwCleaner\Quarantine\C\ProgramData\FlashBeat\RgsBTMedia64.exe.vir
C:\ProgramData\FlashBeat\smime3.dll->\AdwCleaner\Quarantine\C\ProgramData\FlashBeat\smime3.dll.vir
C:\ProgramData\FlashBeat\softokn3.dll->\AdwCleaner\Quarantine\C\ProgramData\FlashBeat\softokn3.dll.vir
C:\ProgramData\FlashBeat\sqlite3.dll->\AdwCleaner\Quarantine\C\ProgramData\FlashBeat\sqlite3.dll.vir
C:\ProgramData\FlashBeat\ssl3.dll->\AdwCleaner\Quarantine\C\ProgramData\FlashBeat\ssl3.dll.vir
C:\ProgramData\FlashBeat\uninstall.exe->\AdwCleaner\Quarantine\C\ProgramData\FlashBeat\uninstall.exe.vir
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\reimage repair\Reimage Repair.lnk->\AdwCleaner\Quarantine\C\ProgramData\Microsoft\Windows\Start Menu\Programs\reimage repair\Reimage Repair.lnk.vir
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\reimage repair\Run in safe mode.lnk->\AdwCleaner\Quarantine\C\ProgramData\Microsoft\Windows\Start Menu\Programs\reimage repair\Run in safe mode.lnk.vir
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\reimage repair\Website.lnk->\AdwCleaner\Quarantine\C\ProgramData\Microsoft\Windows\Start Menu\Programs\reimage repair\Website.lnk.vir
C:\Program Files (x86)\Roll Around\7za.exe->\AdwCleaner\Quarantine\C\Program Files (x86)\Roll Around\7za.exe.vir
C:\Program Files\Reimage\Reimage Repair\LZMA.EXE->\AdwCleaner\Quarantine\C\Program Files\Reimage\Reimage Repair\LZMA.EXE.vir
C:\Program Files\Reimage\Reimage Repair\Reimage Repair.url->\AdwCleaner\Quarantine\C\Program Files\Reimage\Reimage Repair\Reimage Repair.url.vir
C:\Program Files\Reimage\Reimage Repair\Reimage.exe->\AdwCleaner\Quarantine\C\Program Files\Reimage\Reimage Repair\Reimage.exe.vir
C:\Program Files\Reimage\Reimage Repair\Reimageicon.ico->\AdwCleaner\Quarantine\C\Program Files\Reimage\Reimage Repair\Reimageicon.ico.vir
C:\Program Files\Reimage\Reimage Repair\ReimageReminder.exe->\AdwCleaner\Quarantine\C\Program Files\Reimage\Reimage Repair\ReimageReminder.exe.vir
C:\Program Files\Reimage\Reimage Repair\ReimageRepair.exe->\AdwCleaner\Quarantine\C\Program Files\Reimage\Reimage Repair\ReimageRepair.exe.vir
C:\Program Files\Reimage\Reimage Repair\ReimageSafeMode.exe->\AdwCleaner\Quarantine\C\Program Files\Reimage\Reimage Repair\ReimageSafeMode.exe.vir
C:\Program Files\Reimage\Reimage Repair\Reimage_SafeMode.ico->\AdwCleaner\Quarantine\C\Program Files\Reimage\Reimage Repair\Reimage_SafeMode.ico.vir
C:\Program Files\Reimage\Reimage Repair\Reimage_uninstall.ico->\AdwCleaner\Quarantine\C\Program Files\Reimage\Reimage Repair\Reimage_uninstall.ico.vir
C:\Program Files\Reimage\Reimage Repair\Reimage_website.ico->\AdwCleaner\Quarantine\C\Program Files\Reimage\Reimage Repair\Reimage_website.ico.vir
C:\Program Files\Reimage\Reimage Repair\REI_AVIRA.exe->\AdwCleaner\Quarantine\C\Program Files\Reimage\Reimage Repair\REI_AVIRA.exe.vir
C:\Program Files\Reimage\Reimage Repair\REI_Axcontrol.dll->\AdwCleaner\Quarantine\C\Program Files\Reimage\Reimage Repair\REI_Axcontrol.dll.vir
C:\Program Files\Reimage\Reimage Repair\REI_AxControl.inf->\AdwCleaner\Quarantine\C\Program Files\Reimage\Reimage Repair\REI_AxControl.inf.vir
C:\Program Files\Reimage\Reimage Repair\REI_Axcontrol.lza->\AdwCleaner\Quarantine\C\Program Files\Reimage\Reimage Repair\REI_Axcontrol.lza.vir
C:\Program Files\Reimage\Reimage Repair\REI_Engine.dll->\AdwCleaner\Quarantine\C\Program Files\Reimage\Reimage Repair\REI_Engine.dll.vir
C:\Program Files\Reimage\Reimage Repair\REI_Engine.lza->\AdwCleaner\Quarantine\C\Program Files\Reimage\Reimage Repair\REI_Engine.lza.vir
C:\Program Files\Reimage\Reimage Repair\REI_SupportInfoTool.exe->\AdwCleaner\Quarantine\C\Program Files\Reimage\Reimage Repair\REI_SupportInfoTool.exe.vir
C:\Program Files\Reimage\Reimage Repair\savapi3.dll->\AdwCleaner\Quarantine\C\Program Files\Reimage\Reimage Repair\savapi3.dll.vir
C:\Program Files\Reimage\Reimage Repair\uninst.exe->\AdwCleaner\Quarantine\C\Program Files\Reimage\Reimage Repair\uninst.exe.vir
C:\Program Files\Reimage\Reimage Repair\version.rei->\AdwCleaner\Quarantine\C\Program Files\Reimage\Reimage Repair\version.rei.vir
C:\Program Files\Reimage\Reimage Repair\Microsoft.VC90.CRT\Microsoft.VC90.CRT.manifest->\AdwCleaner\Quarantine\C\Program Files\Reimage\Reimage Repair\Microsoft.VC90.CRT\Microsoft.VC90.CRT.manifest.vir
C:\Program Files\Reimage\Reimage Repair\Microsoft.VC90.CRT\msvcr90.dll->\AdwCleaner\Quarantine\C\Program Files\Reimage\Reimage Repair\Microsoft.VC90.CRT\msvcr90.dll.vir
C:\Program Files\Reimage\Reimage Protector\ProtectorUpdater.exe->\AdwCleaner\Quarantine\C\Program Files\Reimage\Reimage Protector\ProtectorUpdater.exe.vir
C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe->\AdwCleaner\Quarantine\C\Program Files\Reimage\Reimage Protector\ReiGuard.exe.vir
C:\Program Files\Reimage\Reimage Protector\ReiProtectorM.exe->\AdwCleaner\Quarantine\C\Program Files\Reimage\Reimage Protector\ReiProtectorM.exe.vir
C:\Program Files\Reimage\Reimage Protector\ReiScanner.exe->\AdwCleaner\Quarantine\C\Program Files\Reimage\Reimage Protector\ReiScanner.exe.vir
C:\Program Files\Reimage\Reimage Protector\ReiSystem.exe->\AdwCleaner\Quarantine\C\Program Files\Reimage\Reimage Protector\ReiSystem.exe.vir
C:\Users\Jana\AppData\Local\WSE_Binkiland\config.dat->\AdwCleaner\Quarantine\C\Users\Jana\AppData\Local\WSE_Binkiland\config.dat.vir
C:\Users\Jana\AppData\Local\WSE_Binkiland\Sqlite3.dll->\AdwCleaner\Quarantine\C\Users\Jana\AppData\Local\WSE_Binkiland\Sqlite3.dll.vir
C:\Users\Jana\AppData\Local\WSE_Binkiland\uninst.dat->\AdwCleaner\Quarantine\C\Users\Jana\AppData\Local\WSE_Binkiland\uninst.dat.vir
C:\Users\Jana\AppData\Local\WSE_Binkiland\uninstall.exe->\AdwCleaner\Quarantine\C\Users\Jana\AppData\Local\WSE_Binkiland\uninstall.exe.vir
C:\Users\Jana\AppData\Roaming\RHEng\E90E2D878BAD4E3197021738B244651A\setup0213.exe->\AdwCleaner\Quarantine\C\Users\Jana\AppData\Roaming\RHEng\E90E2D878BAD4E3197021738B244651A\setup0213.exe.vir
C:\Users\Jana\AppData\Roaming\RHEng\CE7D5A79A4184BBC9E638A8D11931CB4\WebCompanionInstaller.exe->\AdwCleaner\Quarantine\C\Users\Jana\AppData\Roaming\RHEng\CE7D5A79A4184BBC9E638A8D11931CB4\WebCompanionInstaller.exe.vir
C:\Users\Jana\AppData\Roaming\RHEng\2D5AF79F6C8B4C2680CA685250829EDC\TuneUpUtilities2014_de-DE_2200564.exe->\AdwCleaner\Quarantine\C\Users\Jana\AppData\Roaming\RHEng\2D5AF79F6C8B4C2680CA685250829EDC\TuneUpUtilities2014_de-DE_2200564.exe.vir
C:\Users\Jana\AppData\Roaming\WSE_Binkiland\UpdateProc\bkup.dat->\AdwCleaner\Quarantine\C\Users\Jana\AppData\Roaming\WSE_Binkiland\UpdateProc\bkup.dat.vir
C:\Users\Jana\AppData\Roaming\WSE_Binkiland\UpdateProc\config.dat->\AdwCleaner\Quarantine\C\Users\Jana\AppData\Roaming\WSE_Binkiland\UpdateProc\config.dat.vir
C:\Users\Jana\AppData\Roaming\WSE_Binkiland\UpdateProc\info.dat->\AdwCleaner\Quarantine\C\Users\Jana\AppData\Roaming\WSE_Binkiland\UpdateProc\info.dat.vir
C:\Users\Public\Desktop\PC Scan & Repair by Reimage.lnk->\AdwCleaner\Quarantine\C\Users\Public\Desktop\PC Scan & Repair by Reimage.lnk.vir
C:\Windows\Reimage.ini->\AdwCleaner\Quarantine\C\Windows\Reimage.ini.vir
C:\Windows\SysWOW64\Gambali.dll->\AdwCleaner\Quarantine\C\Windows\SysWOW64\Gambali.dll.vir
C:\Windows\SysWOW64\Gambali.ini->\AdwCleaner\Quarantine\C\Windows\SysWOW64\Gambali.ini.vir
C:\Windows\SysWOW64\GambaliOff.ini->\AdwCleaner\Quarantine\C\Windows\SysWOW64\GambaliOff.ini.vir
C:\Windows\System32\Gambali64.dll->\AdwCleaner\Quarantine\C\Windows\System32\Gambali64.dll.vir
C:\Windows\System32\GambaliOff.ini->\AdwCleaner\Quarantine\C\Windows\System32\GambaliOff.ini.vir
C:\Users\Jana\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Goodgame Empire.lnk->\AdwCleaner\Quarantine\C\Users\Jana\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Goodgame Empire.lnk.vir
C:\Users\Jana\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Goodgame Empire.lnk->\AdwCleaner\Quarantine\C\Users\Jana\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Goodgame Empire.lnk.vir
C:\Users\Jana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk->\AdwCleaner\Quarantine\C\Users\Jana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk.vir
C:\Users\Jana\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk->\AdwCleaner\Quarantine\C\Users\Jana\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk.vir
C:\Windows\SysWOW64\Gambali.dll->\AdwCleaner\Quarantine\C\Windows\SysWOW64\Gambali.dll.vir
C:\Windows\System32\Gambali64.dll->\AdwCleaner\Quarantine\C\Windows\System32\Gambali64.dll.vir


cosinus 29.07.2015 23:45

Hi,

bitte erstelle neue FRST-Logs mit Adminrechten, die letzten Logs mit FRST hast du ohne Adminrechte gemacht.

sbie 30.07.2015 06:45

Moin Cosinus,
vielen Dank das Du Dich kümmerst.

Hier das FRST Admin log:
Code:

Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:28-07-2015
durchgeführt von Jana (Administrator) auf LAPPI (30-07-2015 07:33:49)
Gestartet von C:\Users\jana_2\Desktop
Geladene Profile: Jana & jana_2 (Verfügbare Profile: Jana & jana_2)
Platform: Windows 8 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 10 (Standard-Browser: IE)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Condusiv Technologies) C:\Program Files\Condusiv Technologies\ExpressCache\ExpressCache.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Instant Service\Sleep Memory Optimizer\FFSService.exe
() C:\Users\Jana\AppData\Roaming\12345678-1425234414-5678-90AB-CDDEEFAABBCC\nsm59BB.tmpfs
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Lavasoft Limited) C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.3.0\LavasoftTcpService.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(Dritek System INC.) C:\Windows\RfBtnSvc64.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
() C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesApp64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDTouch.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe\LiveComm.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Atheros Communications) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe
() C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Dolby Laboratories Inc.) C:\Dolby PCEE4\pcee4.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe
(CyberLink) C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Nicht auf der Ausnahmeliste) ==================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2876304 2013-01-18] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12937872 2012-07-27] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1214608 2012-07-10] (Realtek Semiconductor)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-04-07] (Apple Inc.)
HKLM-x32\...\Run: [Dolby Home Theater v4] => C:\Dolby PCEE4\pcee4.exe [508656 2012-07-25] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [2994880 2012-08-15] (Symantec Corporation)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [782008 2015-07-27] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe [134368 2015-06-02] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [132736 2013-01-28] (Atheros Communications)
HKU\S-1-5-21-4169945393-979611324-1072499311-1001\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe [1300288 2015-03-02] (Lavasoft)
HKU\S-1-5-21-4169945393-979611324-1072499311-1001\...\Run: [EA Core] => C:\Program Files (x86)\Electronic Arts\EADM\Core.exe [3325952 2009-03-28] (Electronic Arts)
HKU\S-1-5-21-4169945393-979611324-1072499311-1001\...\RunOnce: [Wse_binkiland] => C:\Windows\SysWOW64\wscript.exe /E:vbscript /B "C:\Users\Jana\AppData\Roaming\Wse_binkiland\UpdateProc\bkup.dat"
HKU\S-1-5-21-4169945393-979611324-1072499311-1001\...\RunOnce: [Report] => \AdwCleaner\AdwCleaner[S1].txt
HKU\S-1-5-21-4169945393-979611324-1072499311-1001\...\RunOnce: [Install Spybot - Search & Destroy] => D:\spybot-2.4.exe [46525608 2015-07-28] (Safer-Networking Ltd.                                      )
HKU\S-1-5-21-4169945393-979611324-1072499311-1005\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2015-04-26] (Apple Inc.)
HKU\S-1-5-21-4169945393-979611324-1072499311-1005\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
BootExecute: autocheck autochk * sdnclean64.exe
CHR HKLM\SOFTWARE\Policies\Google: Richtlinienbeschränkung <======= ATTENTION

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt..)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKU\S-1-5-21-4169945393-979611324-1072499311-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com/?pc=COSP&ptag=D030915-ABA01A7CCEB2146F8A7F&form=CONMHP&conlogo=CT3330961
HKU\S-1-5-21-4169945393-979611324-1072499311-1005\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKU\S-1-5-21-4169945393-979611324-1072499311-1005\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com
SearchScopes: HKLM -> {B8380493-B7BF-4FBC-AB65-2EA61B7993D0} URL = hxxp://www.startseite24.net/?q={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-4169945393-979611324-1072499311-1001 -> {0b4d26f6-61a8-4463-99dd-5f2fe0400fa6} URL =
SearchScopes: HKU\S-1-5-21-4169945393-979611324-1072499311-1001 -> {549ACEEB-8AAF-4B73-8784-49F75651DB6C} URL =
SearchScopes: HKU\S-1-5-21-4169945393-979611324-1072499311-1001 -> {B8380493-B7BF-4FBC-AB65-2EA61B7993D0} URL = hxxp://www.startseite24.net/?q={searchTerms}
SearchScopes: HKU\S-1-5-21-4169945393-979611324-1072499311-1005 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-4169945393-979611324-1072499311-1005 -> {B8380493-B7BF-4FBC-AB65-2EA61B7993D0} URL =
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\IEPlugIn.dll [2013-01-28] (Qualcomm Atheros Commnucations)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} -  Keine Datei
Winsock: Catalog9 01 C:\Windows\SysWOW64\LavasoftTcpService.dll [325944 2015-03-09] (Lavasoft Limited)
Winsock: Catalog9 02 C:\Windows\SysWOW64\LavasoftTcpService.dll [325944 2015-03-09] (Lavasoft Limited)
Winsock: Catalog9 03 C:\Windows\SysWOW64\LavasoftTcpService.dll [325944 2015-03-09] (Lavasoft Limited)
Winsock: Catalog9 04 C:\Windows\SysWOW64\LavasoftTcpService.dll [325944 2015-03-09] (Lavasoft Limited)
Winsock: Catalog9 05 C:\Windows\SysWOW64\Gambali.dll [318784 2015-03-01] (Gambali OEM Software)
Winsock: Catalog9 06 C:\Windows\SysWOW64\Gambali.dll [318784 2015-03-01] (Gambali OEM Software)
Winsock: Catalog9 07 C:\Windows\SysWOW64\Gambali.dll [318784 2015-03-01] (Gambali OEM Software)
Winsock: Catalog9 08 C:\Windows\SysWOW64\Gambali.dll [318784 2015-03-01] (Gambali OEM Software)
Winsock: Catalog9 20 C:\Windows\SysWOW64\Gambali.dll [318784 2015-03-01] (Gambali OEM Software)
Winsock: Catalog9 21 C:\Windows\SysWOW64\LavasoftTcpService.dll [325944 2015-03-09] (Lavasoft Limited)
Winsock: Catalog9-x64 01 C:\Windows\system32\LavasoftTcpService64.dll [372248 2015-03-09] (Lavasoft Limited)
Winsock: Catalog9-x64 02 C:\Windows\system32\LavasoftTcpService64.dll [372248 2015-03-09] (Lavasoft Limited)
Winsock: Catalog9-x64 03 C:\Windows\system32\LavasoftTcpService64.dll [372248 2015-03-09] (Lavasoft Limited)
Winsock: Catalog9-x64 04 C:\Windows\system32\LavasoftTcpService64.dll [372248 2015-03-09] (Lavasoft Limited)
Winsock: Catalog9-x64 05 C:\Windows\system32\Gambali64.dll [364120 2015-03-01] (Gambali OEM Software)
Winsock: Catalog9-x64 06 C:\Windows\system32\Gambali64.dll [364120 2015-03-01] (Gambali OEM Software)
Winsock: Catalog9-x64 07 C:\Windows\system32\Gambali64.dll [364120 2015-03-01] (Gambali OEM Software)
Winsock: Catalog9-x64 08 C:\Windows\system32\Gambali64.dll [364120 2015-03-01] (Gambali OEM Software)
Winsock: Catalog9-x64 20 C:\Windows\system32\Gambali64.dll [364120 2015-03-01] (Gambali OEM Software)
Winsock: Catalog9-x64 21 C:\Windows\system32\LavasoftTcpService64.dll [372248 2015-03-09] (Lavasoft Limited)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{B6055372-0939-4C4A-A80C-6D0BD911458D}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{CDF19CD9-9B77-4465-A844-D4F85F9468B7}: [DhcpNameServer] 10.57.1.1
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\Jana\AppData\Roaming\Mozilla\Firefox\Profiles\RnIIPMza.default
FF Homepage: hxxp://www.bing.com/?pc=COSP&ptag=D030915-ABA01A7CCEB2146F8A7F&form=CONMHP&conlogo=CT3330961
FF DefaultSearchEngine: Bing
FF SelectedSearchEngine: Bing
FF NewTab: hxxp://www.bing.com/?pc=COSP&ptag=D030915-ABA01A7CCEB2146F8A7F&form=CONMHP&conlogo=CT3330961
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2012-10-12] ()
FF Extension: Avira Browser Safety - C:\Users\Jana\AppData\Roaming\Mozilla\Firefox\Profiles\RnIIPMza.default\Extensions\abs@avira.com [2015-03-03]
FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Users\Jana\AppData\Roaming\Mozilla\Firefox\Profiles\RnIIPMza.default\Extensions\{B64D9B05-48E1-4CEB-BF58-E0643994E900}.xpi [2015-03-09]
FF HKU\S-1-5-21-4169945393-979611324-1072499311-1001\...\Firefox\Extensions: [{ba2c82b0-7fa8-11e4-b4a9-0800200c9a66}] - C:\Users\Jana\AppData\Local\Temp\search.xpi

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx

==================== Services (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [887128 2015-07-27] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [461672 2015-07-27] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [461672 2015-07-27] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1213072 2015-07-27] (Avira Operations GmbH & Co. KG)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [227456 2013-01-28] (Qualcomm Atheros Commnucations) [Datei ist nicht signiert]
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [217280 2015-06-02] (Avira Operations GmbH & Co. KG)
R2 CCDMonitorService; C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe [2615368 2013-02-19] (Acer Incorporated)
S3 DeviceFastLaneService; C:\Program Files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe [469648 2012-11-16] (Acer Incorporated)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [662088 2013-03-15] (Acer Incorporated)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [100752 2013-01-18] (ELAN Microelectronics Corp.)
R2 ExpressCache; C:\Program Files\Condusiv Technologies\ExpressCache\ExpressCache.exe [107944 2013-01-08] (Condusiv Technologies)
R2 FFSOpzSvc; C:\Program Files\Acer\Acer Instant Service\Sleep Memory Optimizer\FFSService.exe [161384 2012-03-12] (Acer Incorporated)
S3 irstrtsv; C:\Windows\SysWOW64\irstrtsv.exe [193576 2012-07-19] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
R2 LavasoftTcpService; C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.3.0\LavasoftTcpService.exe [836984 2015-03-02] (Lavasoft Limited)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [3943104 2012-08-15] (Symantec Corporation)
R2 RfButtonDriverService; C:\Windows\RfBtnSvc64.exe [93296 2015-02-20] (Dritek System INC.)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 SearchProtectionService; C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe [17768 2015-03-02] ()
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [2145080 2014-07-16] (TuneUp Software)
S3 USecuAppSvc; C:\Program Files\Acer\Acer Theft Shield\USecuAppSvc.exe [345744 2012-11-12] (Acer Incorporated)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16024 2015-01-31] (Microsoft Corporation)
R2 fuzefyby; C:\Users\Jana\AppData\Roaming\12345678-1425234414-5678-90AB-CDDEEFAABBCC\nsm59BB.tmpfs [X]

==================== Drivers (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [137288 2015-07-27] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [148632 2015-07-27] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2014-11-24] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [43576 2015-03-05] (Avira Operations GmbH & Co. KG)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-01-28] (Qualcomm Atheros)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
R1 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0401000.00E\ccSetx64.sys [168608 2012-05-26] (Symantec Corporation)
R1 excfs; C:\Windows\System32\DRIVERS\excfs.sys [26024 2013-01-08] (Condusiv Technologies)
R0 excsd; C:\Windows\System32\DRIVERS\excsd.sys [112552 2013-01-08] (Condusiv Technologies)
R3 irstrtdv; C:\Windows\System32\drivers\irstrtdv.sys [43800 2012-07-20] (Intel Corporation)
S3 mfencrk; C:\Windows\system32\DRIVERS\mfencrk.sys [96600 2014-09-19] (McAfee, Inc.)
R3 Ps2Kb2Hid; C:\Windows\System32\drivers\aPs2Kb2Hid.sys [26736 2015-02-20] (Dritek System Inc.)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [14112 2014-06-23] (TuneUp Software)

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2015-07-30 07:33 - 2015-07-30 07:33 - 00020457 _____ C:\Users\jana_2\Desktop\FRST.txt
2015-07-30 07:33 - 2015-07-30 07:33 - 00000000 ____D C:\Users\jana_2\Desktop\FRST-OlderVersion
2015-07-29 22:00 - 2015-07-29 22:00 - 00029682 _____ C:\Users\jana_2\Desktop\gmer.txt
2015-07-29 21:50 - 2015-07-29 21:50 - 00031258 _____ C:\Users\jana_2\Desktop\gmer nach Start.log
2015-07-29 21:47 - 2015-07-29 21:54 - 00000296 _____ C:\Users\jana_2\Desktop\gmer Meldungen.txt
2015-07-29 21:30 - 2015-07-29 21:30 - 00380416 _____ C:\Users\jana_2\Desktop\itkcgws0.exe
2015-07-29 08:37 - 2015-07-29 08:37 - 00026426 _____ C:\Users\jana_2\Desktop\Addition.txt
2015-07-29 08:36 - 2015-07-30 07:33 - 00000000 ____D C:\FRST
2015-07-29 08:36 - 2015-07-29 08:37 - 00035524 _____ C:\Users\jana_2\Desktop\FRST ohne Adminrechte.txt
2015-07-29 08:35 - 2015-07-30 07:33 - 02169856 _____ (Farbar) C:\Users\jana_2\Desktop\FRST64.exe
2015-07-29 08:27 - 2015-07-29 08:27 - 00000470 _____ C:\Users\jana_2\Desktop\defogger_disable.log
2015-07-29 08:27 - 2015-07-29 08:27 - 00000000 _____ C:\Users\Jana\defogger_reenable
2015-07-29 08:26 - 2015-07-29 08:26 - 00050477 _____ C:\Users\jana_2\Desktop\Defogger.exe
2015-07-28 22:43 - 2015-07-28 22:43 - 00000000 ____D C:\Program Files\Common Files\AV
2015-07-28 22:43 - 2015-07-28 17:52 - 00821920 _____ (Safer-Networking Ltd. ) C:\Users\Public\Desktop\Post Win10 Spybot-install.exe
2015-07-28 22:27 - 2015-07-28 22:27 - 00001395 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2015-07-28 22:27 - 2015-07-28 22:27 - 00001383 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2015-07-28 22:27 - 2015-07-28 22:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2015-07-28 22:27 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2015-07-28 22:22 - 2015-07-28 22:22 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2015-07-28 22:16 - 2015-07-28 22:58 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2015-07-28 22:16 - 2015-07-28 22:56 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-07-28 22:16 - 2015-07-28 22:16 - 00000656 _____ C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job
2015-07-28 22:16 - 2015-07-28 22:16 - 00000628 _____ C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2015-07-28 22:16 - 2015-07-28 22:16 - 00000458 _____ C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job
2015-07-28 21:40 - 2015-07-28 22:07 - 00000135 _____ C:\Users\jana_2\Desktop\gambali64.dll.txt
2015-07-28 21:32 - 2015-07-28 21:32 - 00000804 _____ C:\Users\jana_2\Desktop\adwcleaner_4.112.lnk
2015-07-26 18:54 - 2015-07-26 18:54 - 00000000 ____D C:\Users\jana_2\Documents\Electronic Arts
2015-07-26 18:36 - 2015-07-28 22:22 - 00000085 _____ C:\Windows\wininit.ini
2015-07-26 18:36 - 2015-07-26 18:36 - 00001147 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA Download Manager.lnk
2015-07-26 18:36 - 2015-07-26 18:36 - 00001135 _____ C:\Users\Public\Desktop\EA Download Manager.lnk
2015-07-26 18:36 - 2015-07-26 18:36 - 00000195 _____ C:\Windows\DirectX.log
2015-07-26 18:36 - 2015-07-26 18:36 - 00000000 ____D C:\Program Files (x86)\Microsoft WSE
2015-07-26 18:36 - 2008-09-04 20:17 - 00447752 ____R (On2.com) C:\Windows\SysWOW64\vp6vfw.dll
2015-07-26 18:35 - 2015-07-26 18:35 - 00002086 _____ C:\Users\Public\Desktop\Die*Sims™*3.lnk
2015-07-26 18:35 - 2006-09-28 16:05 - 03977496 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_31.dll
2015-07-26 18:35 - 2006-09-28 16:05 - 02414360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_31.dll
2015-07-26 18:17 - 2015-07-26 18:36 - 00000000 ____D C:\Program Files (x86)\Electronic Arts
2015-07-21 08:28 - 2015-07-14 22:11 - 00035328 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-07-21 08:28 - 2015-07-14 22:09 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-07-21 08:28 - 2015-07-14 21:43 - 00366592 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-07-21 08:28 - 2015-07-14 21:43 - 00304128 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-07-15 18:47 - 2015-06-29 18:18 - 00026288 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-07-15 18:47 - 2015-06-29 15:28 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-07-15 18:47 - 2015-06-29 15:27 - 01084928 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-07-15 18:47 - 2015-06-29 15:27 - 00764928 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-07-15 18:47 - 2015-06-29 15:27 - 00433152 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-07-15 18:47 - 2015-06-29 15:27 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-07-15 18:47 - 2015-06-29 15:27 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-07-15 18:47 - 2015-06-26 15:07 - 01145856 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-07-15 18:47 - 2015-04-30 15:44 - 00478296 _____ C:\Windows\SysWOW64\locale.nls
2015-07-15 18:47 - 2015-04-30 15:44 - 00478296 _____ C:\Windows\system32\locale.nls
2015-07-15 18:47 - 2015-04-21 15:53 - 01174528 _____ (Microsoft Corporation) C:\Windows\system32\sppobjs.dll
2015-07-15 18:46 - 2015-05-07 15:05 - 00410739 _____ C:\Windows\system32\ApnDatabase.xml
2015-07-14 22:39 - 2015-06-27 18:36 - 00171352 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-07-14 22:39 - 2015-06-27 15:56 - 00452608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SHCore.dll
2015-07-14 22:39 - 2015-06-27 15:55 - 00668160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-07-14 22:39 - 2015-06-27 15:55 - 00273920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-07-14 22:39 - 2015-06-27 15:46 - 01314816 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-07-14 22:39 - 2015-06-27 15:46 - 00829952 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-07-14 22:39 - 2015-06-27 15:46 - 00588800 _____ (Microsoft Corporation) C:\Windows\system32\SHCore.dll
2015-07-14 22:39 - 2015-06-27 15:46 - 00318464 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-07-14 22:39 - 2015-06-27 15:23 - 00694784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-07-14 22:39 - 2015-06-25 20:29 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-07-14 22:39 - 2015-06-25 20:27 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-07-14 22:38 - 2015-07-02 22:31 - 19291136 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-07-14 22:38 - 2015-07-02 21:15 - 14384640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-07-14 22:38 - 2015-06-27 15:55 - 02865152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-07-14 22:38 - 2015-06-27 15:46 - 03960320 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-07-14 22:38 - 2015-01-07 06:25 - 00403456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-07-14 22:37 - 2015-06-15 17:22 - 13771264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-07-14 22:37 - 2015-06-15 17:22 - 02056704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-07-14 22:37 - 2015-06-15 17:22 - 01763328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-07-14 22:37 - 2015-06-15 17:22 - 01181696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-07-14 22:37 - 2015-06-15 17:22 - 00737280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-07-14 22:37 - 2015-06-15 17:22 - 00690176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-07-14 22:37 - 2015-06-15 17:22 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-07-14 22:37 - 2015-06-15 17:22 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-07-14 22:37 - 2015-06-15 17:22 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-07-14 22:37 - 2015-06-15 17:22 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-07-14 22:37 - 2015-06-15 17:22 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-07-14 22:37 - 2015-06-15 17:22 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-07-14 22:37 - 2015-06-15 17:20 - 15415296 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-07-14 22:37 - 2015-06-15 17:20 - 02656768 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-07-14 22:37 - 2015-06-15 17:20 - 02237440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-07-14 22:37 - 2015-06-15 17:20 - 01409024 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-07-14 22:37 - 2015-06-15 17:20 - 00949760 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-07-14 22:37 - 2015-06-15 17:20 - 00856064 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-07-14 22:37 - 2015-06-15 17:20 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-07-14 22:37 - 2015-06-15 17:20 - 00601600 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-07-14 22:37 - 2015-06-15 17:20 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-07-14 22:37 - 2015-06-15 17:20 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-07-14 22:37 - 2015-06-15 17:19 - 01509376 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-07-14 22:37 - 2015-06-15 17:19 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-07-14 22:36 - 2015-06-25 03:54 - 04064768 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-07-14 22:36 - 2015-06-17 16:13 - 01150264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2015-07-14 22:36 - 2015-06-17 15:44 - 01567560 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2015-07-14 22:36 - 2015-06-15 17:22 - 08858112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2015-07-14 22:36 - 2015-06-15 17:22 - 02416640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2015-07-14 22:36 - 2015-06-15 17:22 - 02037760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-07-14 22:36 - 2015-06-15 17:22 - 00062976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2015-07-14 22:36 - 2015-06-15 17:21 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2015-07-14 22:36 - 2015-06-15 17:20 - 10116608 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2015-07-14 22:36 - 2015-06-15 17:20 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-07-14 22:36 - 2015-06-15 17:19 - 02307072 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-07-14 22:36 - 2015-06-11 22:29 - 01302528 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-07-14 22:36 - 2015-06-11 18:27 - 01024000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-07-14 22:36 - 2015-06-09 15:57 - 03248640 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-06-30 23:46 - 2015-06-30 23:46 - 06162288 _____ ( ) C:\Users\jana_2\Downloads\adblockplusie-1.4.exe
2015-06-30 23:42 - 2015-06-30 23:42 - 00002319 _____ C:\Users\Jana\Desktop\Adblock Plus für Internet Explorer - CHIP Downloader.lnk
2015-06-30 23:41 - 2015-06-30 23:41 - 01198368 _____ C:\Users\jana_2\Downloads\adblockplusie-1.4 - CHIP-Installer.exe

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2015-07-30 07:32 - 2012-07-26 09:22 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-29 22:13 - 2015-02-20 12:13 - 01736430 _____ C:\Windows\WindowsUpdate.log
2015-07-29 22:08 - 2015-02-20 20:55 - 00753134 _____ C:\Windows\system32\perfh007.dat
2015-07-29 22:08 - 2015-02-20 20:55 - 00155826 _____ C:\Windows\system32\perfc007.dat
2015-07-29 22:08 - 2012-07-26 09:28 - 01745416 _____ C:\Windows\system32\PerfStringBackup.INI
2015-07-29 22:00 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\system32\sru
2015-07-29 21:43 - 2015-03-04 19:01 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4169945393-979611324-1072499311-1005
2015-07-29 08:27 - 2015-02-23 19:17 - 00000000 ____D C:\Users\Jana
2015-07-28 22:24 - 2012-07-26 07:39 - 00535730 _____ C:\Windows\PFRO.log
2015-07-28 21:21 - 2015-02-23 19:18 - 00001013 _____ C:\Users\Jana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-07-28 21:14 - 2012-07-26 09:21 - 00550714 _____ C:\Windows\setupact.log
2015-07-27 00:06 - 2015-03-03 12:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-07-27 00:05 - 2015-03-03 12:35 - 00148632 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-07-27 00:05 - 2015-03-03 12:35 - 00137288 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-07-26 23:54 - 2015-06-24 23:05 - 00002159 _____ C:\Windows\system32\ScanResults.xml
2015-07-26 23:51 - 2015-06-24 23:02 - 00000464 _____ C:\Windows\system32\ScannerSettings
2015-07-26 23:32 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\rescache
2015-07-26 20:03 - 2012-07-26 07:26 - 00524288 ___SH C:\Windows\system32\config\BBI
2015-07-26 18:17 - 2012-07-26 11:06 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-07-26 13:23 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\AUInstallAgent
2015-07-26 00:11 - 2015-04-01 21:12 - 00307896 _____ C:\Windows\system32\FNTCACHE.DAT
2015-07-22 10:39 - 2015-03-11 21:09 - 00000000 ____D C:\Users\jana_2\AppData\Local\CrashDumps
2015-07-21 22:42 - 2012-07-26 09:59 - 00000000 ____D C:\Windows\CbsTemp
2015-07-20 09:21 - 2015-04-18 19:57 - 00000000 ____D C:\Users\jana_2\Documents\Bewerbungsvorlagen
2015-07-19 13:29 - 2015-03-04 00:57 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-07-19 13:29 - 2015-03-04 00:57 - 00000000 ____D C:\Windows\system32\appraiser
2015-07-19 13:29 - 2015-03-04 00:17 - 00000000 ____D C:\Windows\system32\MRT
2015-07-19 13:29 - 2012-07-26 10:12 - 00000000 ___RD C:\Windows\ToastData
2015-07-13 23:22 - 2015-03-03 12:26 - 00792032 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-07-13 23:22 - 2015-03-03 12:26 - 00177632 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-07-07 21:43 - 2015-06-11 02:54 - 00001124 _____ C:\Users\Public\Desktop\Avira.lnk
2015-07-07 21:43 - 2015-03-03 12:30 - 00000000 ____D C:\Program Files (x86)\Avira
2015-07-07 21:43 - 2015-03-03 12:17 - 00000000 ____D C:\ProgramData\Package Cache
2015-07-03 08:43 - 2015-03-04 00:17 - 130333168 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2015-03-03 11:24 - 2015-03-04 08:25 - 0000067 _____ () C:\Users\Jana\AppData\Roaming\WB.CFG
2015-02-20 12:27 - 2015-02-20 12:27 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Einige Dateien in TEMP:
====================
C:\Users\Jana\AppData\Local\Temp\avgnt.exe
C:\Users\Jana\AppData\Local\Temp\ReimagePackage.exe
C:\Users\Jana\AppData\Local\Temp\ReiSysUpdate.exe
C:\Users\jana_2\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap Check =================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\Windows\System32\winlogon.exe => Datei ist digital signiert
C:\Windows\System32\wininit.exe => Datei ist digital signiert
C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert
C:\Windows\System32\svchost.exe => Datei ist digital signiert
C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert
C:\Windows\System32\services.exe => Datei ist digital signiert
C:\Windows\System32\User32.dll => Datei ist digital signiert
C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert
C:\Windows\System32\userinit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert
C:\Windows\System32\rpcss.dll => Datei ist digital signiert
C:\Windows\System32\Drivers\volsnap.sys => Datei ist digital signiert


LastRegBack: 2015-07-26 23:22

==================== Ende von log ============================

Gruß
Stefan

cosinus 30.07.2015 08:18

Zitat:

Platform: Windows 8 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 10 (Standard-Browser: IE)
Warum fehlen denn da Updates der letzten Jahre?? :wtf:
Windows 8.1 kam vor fast 2 Jahren raus! Windows 8 wir mW auch ganicht mehr supportet. Und der IE10 ist ebenfalls veraltet. Und bitte nicht als Ausrede nehmen "den verwende ich nicht" - denn der IE ist eine Systemkomponente und muss immer so aktuell wie möglich sein.



JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


sbie 30.07.2015 08:54

Moin

upps, fehlende Updates .. war mir nicht bewusst....
Heute abend bin ich wieder an dem besagtem Laptop und führe JRT aus.

Bitte teile mir den Zeitpunkt mit, an welchen ich den Laptop aktualisieren kann.
Einfach sofort oder am Ende dieser Bereinigung oder zwischendurch ....

Gruß
Stefan

cosinus 30.07.2015 09:02

Nee machen wir ganz am Ende :) wollte nur mal drauf hinweisen wie weit dieses System mit den Updates schon zurück liegt :kaffee:

sbie 30.07.2015 16:46

Hallo,
hier das jrt log

Code:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.5.4 (07.27.2015:1)
OS: Windows 8 x64
Ran by Jana on 30.07.2015 at 17:27:07,92
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services

Successfully deleted: [Service] fuzefyby [Reboot required]



~~~ Tasks

Successfully deleted: [Task] C:\Windows\system32\tasks\BTWCPDOQED
Successfully deleted: [Task] C:\Windows\system32\tasks\iuBrowserIEAgent



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{4858E7D9-8E12-45a3-B6A3-1CD128C9D403}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\TuneUp Undelete
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shellex\ContextMenuHandlers\TuneUp Shredder Shell Extension
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Directory\shellex\ContextMenuHandlers\TuneUp Disk Space Explorer Shell Extension
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Directory\shellex\ContextMenuHandlers\TuneUp Shredder Shell Extension



~~~ Files

Failed to delete: [File] C:\Windows\SysWOW64\gambali.dll
Successfully deleted: [File] C:\Users\Public\Desktop\tuneup utilities 2014.lnk



~~~ Folders

Failed to delete: [Folder] C:\Users\Jana\AppData\Roaming\12345678-1425234414-5678-90AB-CDDEEFAABBCC
Successfully deleted: [Folder] C:\Program Files (x86)\lavasoft\web companion
Successfully deleted: [Folder] C:\ProgramData\lavasoft\web companion
Successfully deleted: [Folder] C:\Users\Jana\AppData\Roaming\lavasoft\web companion
Successfully deleted: [Folder] C:\ProgramData\768b55fec0eb44aaa722b940d122aa0a
Successfully deleted: [Folder] C:\Users\Jana\Appdata\Local\12345678-1425234474-5678-90AB-CDDEEFAABBCC





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 30.07.2015 at 17:29:57,88
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Gruß
Stefan

cosinus 30.07.2015 21:28

Ok, frische FRST Logs bitte. Denk an an den Haken bei additions.txt - sonst wird das Log nicht neu erstellt.

sbie 30.07.2015 21:48

Moin,
kein Problem

FRST.log
Code:

Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:30-07-2015
durchgeführt von Jana (Administrator) auf LAPPI (30-07-2015 22:41:05)
Gestartet von C:\Users\jana_2\Desktop
Geladene Profile: Jana & jana_2 (Verfügbare Profile: Jana & jana_2)
Platform: Windows 8 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 10 (Standard-Browser: IE)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Condusiv Technologies) C:\Program Files\Condusiv Technologies\ExpressCache\ExpressCache.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Instant Service\Sleep Memory Optimizer\FFSService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(Dritek System INC.) C:\Windows\RfBtnSvc64.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDTouch.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe\LiveComm.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesApp64.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Atheros Communications) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
() C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Dolby Laboratories Inc.) C:\Dolby PCEE4\pcee4.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe
(CyberLink) C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
() C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Theft Shield\USecuAppClient.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17280_none_6224eed751126779\TiWorker.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Nicht auf der Ausnahmeliste) ==================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2876304 2013-01-18] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12937872 2012-07-27] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1214608 2012-07-10] (Realtek Semiconductor)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-04-07] (Apple Inc.)
HKLM-x32\...\Run: [Dolby Home Theater v4] => C:\Dolby PCEE4\pcee4.exe [508656 2012-07-25] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [2994880 2012-08-15] (Symantec Corporation)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [782008 2015-07-27] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe [134368 2015-07-02] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [132736 2013-01-28] (Atheros Communications)
HKU\S-1-5-21-4169945393-979611324-1072499311-1001\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize
HKU\S-1-5-21-4169945393-979611324-1072499311-1001\...\Run: [EA Core] => C:\Program Files (x86)\Electronic Arts\EADM\Core.exe [3325952 2009-03-28] (Electronic Arts)
HKU\S-1-5-21-4169945393-979611324-1072499311-1001\...\RunOnce: [Wse_binkiland] => C:\Windows\SysWOW64\wscript.exe /E:vbscript /B "C:\Users\Jana\AppData\Roaming\Wse_binkiland\UpdateProc\bkup.dat"
HKU\S-1-5-21-4169945393-979611324-1072499311-1001\...\RunOnce: [Report] => \AdwCleaner\AdwCleaner[S1].txt
HKU\S-1-5-21-4169945393-979611324-1072499311-1001\...\RunOnce: [Install Spybot - Search & Destroy] => D:\spybot-2.4.exe [46525608 2015-07-28] (Safer-Networking Ltd.                                      )
HKU\S-1-5-21-4169945393-979611324-1072499311-1005\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2015-04-26] (Apple Inc.)
HKU\S-1-5-21-4169945393-979611324-1072499311-1005\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
BootExecute: autocheck autochk * sdnclean64.exe
CHR HKLM\SOFTWARE\Policies\Google: Richtlinienbeschränkung <======= ACHTUNG

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt..)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKU\S-1-5-21-4169945393-979611324-1072499311-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com/?pc=COSP&ptag=D030915-ABA01A7CCEB2146F8A7F&form=CONMHP&conlogo=CT3330961
HKU\S-1-5-21-4169945393-979611324-1072499311-1005\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKU\S-1-5-21-4169945393-979611324-1072499311-1005\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com
SearchScopes: HKLM -> {B8380493-B7BF-4FBC-AB65-2EA61B7993D0} URL = hxxp://www.startseite24.net/?q={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-4169945393-979611324-1072499311-1001 -> {0b4d26f6-61a8-4463-99dd-5f2fe0400fa6} URL =
SearchScopes: HKU\S-1-5-21-4169945393-979611324-1072499311-1001 -> {549ACEEB-8AAF-4B73-8784-49F75651DB6C} URL =
SearchScopes: HKU\S-1-5-21-4169945393-979611324-1072499311-1001 -> {B8380493-B7BF-4FBC-AB65-2EA61B7993D0} URL = hxxp://www.startseite24.net/?q={searchTerms}
SearchScopes: HKU\S-1-5-21-4169945393-979611324-1072499311-1005 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-4169945393-979611324-1072499311-1005 -> {B8380493-B7BF-4FBC-AB65-2EA61B7993D0} URL =
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\IEPlugIn.dll [2013-01-28] (Qualcomm Atheros Commnucations)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} -  Keine Datei
Winsock: Catalog9 01 C:\Windows\SysWOW64\LavasoftTcpService.dll [325944 2015-03-09] (Lavasoft Limited)
Winsock: Catalog9 02 C:\Windows\SysWOW64\LavasoftTcpService.dll [325944 2015-03-09] (Lavasoft Limited)
Winsock: Catalog9 03 C:\Windows\SysWOW64\LavasoftTcpService.dll [325944 2015-03-09] (Lavasoft Limited)
Winsock: Catalog9 04 C:\Windows\SysWOW64\LavasoftTcpService.dll [325944 2015-03-09] (Lavasoft Limited)
Winsock: Catalog9 05 C:\Windows\SysWOW64\Gambali.dll [318784 2015-03-01] (Gambali OEM Software)
Winsock: Catalog9 06 C:\Windows\SysWOW64\Gambali.dll [318784 2015-03-01] (Gambali OEM Software)
Winsock: Catalog9 07 C:\Windows\SysWOW64\Gambali.dll [318784 2015-03-01] (Gambali OEM Software)
Winsock: Catalog9 08 C:\Windows\SysWOW64\Gambali.dll [318784 2015-03-01] (Gambali OEM Software)
Winsock: Catalog9 20 C:\Windows\SysWOW64\Gambali.dll [318784 2015-03-01] (Gambali OEM Software)
Winsock: Catalog9 21 C:\Windows\SysWOW64\LavasoftTcpService.dll [325944 2015-03-09] (Lavasoft Limited)
Winsock: Catalog9-x64 01 C:\Windows\system32\LavasoftTcpService64.dll [372248 2015-03-09] (Lavasoft Limited)
Winsock: Catalog9-x64 02 C:\Windows\system32\LavasoftTcpService64.dll [372248 2015-03-09] (Lavasoft Limited)
Winsock: Catalog9-x64 03 C:\Windows\system32\LavasoftTcpService64.dll [372248 2015-03-09] (Lavasoft Limited)
Winsock: Catalog9-x64 04 C:\Windows\system32\LavasoftTcpService64.dll [372248 2015-03-09] (Lavasoft Limited)
Winsock: Catalog9-x64 05 C:\Windows\system32\Gambali64.dll [364120 2015-03-01] (Gambali OEM Software)
Winsock: Catalog9-x64 06 C:\Windows\system32\Gambali64.dll [364120 2015-03-01] (Gambali OEM Software)
Winsock: Catalog9-x64 07 C:\Windows\system32\Gambali64.dll [364120 2015-03-01] (Gambali OEM Software)
Winsock: Catalog9-x64 08 C:\Windows\system32\Gambali64.dll [364120 2015-03-01] (Gambali OEM Software)
Winsock: Catalog9-x64 20 C:\Windows\system32\Gambali64.dll [364120 2015-03-01] (Gambali OEM Software)
Winsock: Catalog9-x64 21 C:\Windows\system32\LavasoftTcpService64.dll [372248 2015-03-09] (Lavasoft Limited)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{B6055372-0939-4C4A-A80C-6D0BD911458D}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{CDF19CD9-9B77-4465-A844-D4F85F9468B7}: [DhcpNameServer] 10.57.1.1
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\Jana\AppData\Roaming\Mozilla\Firefox\Profiles\RnIIPMza.default
FF Homepage: hxxp://www.bing.com/?pc=COSP&ptag=D030915-ABA01A7CCEB2146F8A7F&form=CONMHP&conlogo=CT3330961
FF DefaultSearchEngine: Bing
FF SelectedSearchEngine: Bing
FF NewTab: hxxp://www.bing.com/?pc=COSP&ptag=D030915-ABA01A7CCEB2146F8A7F&form=CONMHP&conlogo=CT3330961
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2012-10-12] ()
FF Extension: Avira Browser Safety - C:\Users\Jana\AppData\Roaming\Mozilla\Firefox\Profiles\RnIIPMza.default\Extensions\abs@avira.com [2015-03-03]
FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Users\Jana\AppData\Roaming\Mozilla\Firefox\Profiles\RnIIPMza.default\Extensions\{B64D9B05-48E1-4CEB-BF58-E0643994E900}.xpi [2015-03-09]
FF HKU\S-1-5-21-4169945393-979611324-1072499311-1001\...\Firefox\Extensions: [{ba2c82b0-7fa8-11e4-b4a9-0800200c9a66}] - C:\Users\Jana\AppData\Local\Temp\search.xpi

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [887128 2015-07-27] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [461672 2015-07-27] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [461672 2015-07-27] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1213072 2015-07-27] (Avira Operations GmbH & Co. KG)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [227456 2013-01-28] (Qualcomm Atheros Commnucations) [Datei ist nicht signiert]
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [218816 2015-07-02] (Avira Operations GmbH & Co. KG)
R2 CCDMonitorService; C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe [2615368 2013-02-19] (Acer Incorporated)
S3 DeviceFastLaneService; C:\Program Files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe [469648 2012-11-16] (Acer Incorporated)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [662088 2013-03-15] (Acer Incorporated)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [100752 2013-01-18] (ELAN Microelectronics Corp.)
R2 ExpressCache; C:\Program Files\Condusiv Technologies\ExpressCache\ExpressCache.exe [107944 2013-01-08] (Condusiv Technologies)
R2 FFSOpzSvc; C:\Program Files\Acer\Acer Instant Service\Sleep Memory Optimizer\FFSService.exe [161384 2012-03-12] (Acer Incorporated)
S3 irstrtsv; C:\Windows\SysWOW64\irstrtsv.exe [193576 2012-07-19] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [3943104 2012-08-15] (Symantec Corporation)
R2 RfButtonDriverService; C:\Windows\RfBtnSvc64.exe [93296 2015-02-20] (Dritek System INC.)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [2145080 2014-07-16] (TuneUp Software)
S3 USecuAppSvc; C:\Program Files\Acer\Acer Theft Shield\USecuAppSvc.exe [345744 2012-11-12] (Acer Incorporated)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16024 2015-01-31] (Microsoft Corporation)
S2 LavasoftTcpService; C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.3.0\LavasoftTcpService.exe [X]
S2 SearchProtectionService; "C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe" [X]

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [137288 2015-07-27] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [148632 2015-07-27] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2014-11-24] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [43576 2015-03-05] (Avira Operations GmbH & Co. KG)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-01-28] (Qualcomm Atheros)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
R1 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0401000.00E\ccSetx64.sys [168608 2012-05-26] (Symantec Corporation)
R1 excfs; C:\Windows\System32\DRIVERS\excfs.sys [26024 2013-01-08] (Condusiv Technologies)
R0 excsd; C:\Windows\System32\DRIVERS\excsd.sys [112552 2013-01-08] (Condusiv Technologies)
R3 irstrtdv; C:\Windows\System32\drivers\irstrtdv.sys [43800 2012-07-20] (Intel Corporation)
S3 mfencrk; C:\Windows\system32\DRIVERS\mfencrk.sys [96600 2014-09-19] (McAfee, Inc.)
R3 Ps2Kb2Hid; C:\Windows\System32\drivers\aPs2Kb2Hid.sys [26736 2015-02-20] (Dritek System Inc.)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [14112 2014-06-23] (TuneUp Software)

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2015-07-30 22:41 - 2015-07-30 22:41 - 00020704 _____ C:\Users\jana_2\Desktop\FRST.txt
2015-07-30 17:29 - 2015-07-30 17:29 - 00002104 _____ C:\Users\Jana\Desktop\JRT.txt
2015-07-30 17:25 - 2015-07-30 17:25 - 01798176 _____ (Malwarebytes Corporation) C:\Users\jana_2\Desktop\JRT.exe
2015-07-30 07:33 - 2015-07-30 22:40 - 00000000 ____D C:\Users\jana_2\Desktop\FRST-OlderVersion
2015-07-30 07:33 - 2015-07-30 07:34 - 00037449 _____ C:\Users\jana_2\Desktop\FRST_alt.txt
2015-07-29 22:00 - 2015-07-29 22:00 - 00029682 _____ C:\Users\jana_2\Desktop\gmer.txt
2015-07-29 21:50 - 2015-07-29 21:50 - 00031258 _____ C:\Users\jana_2\Desktop\gmer nach Start.log
2015-07-29 21:47 - 2015-07-29 21:54 - 00000296 _____ C:\Users\jana_2\Desktop\gmer Meldungen.txt
2015-07-29 21:30 - 2015-07-29 21:30 - 00380416 _____ C:\Users\jana_2\Desktop\itkcgws0.exe
2015-07-29 08:37 - 2015-07-29 08:37 - 00026426 _____ C:\Users\jana_2\Desktop\Addition.txt
2015-07-29 08:36 - 2015-07-30 22:41 - 00000000 ____D C:\FRST
2015-07-29 08:36 - 2015-07-29 08:37 - 00035524 _____ C:\Users\jana_2\Desktop\FRST ohne Adminrechte.txt
2015-07-29 08:35 - 2015-07-30 22:40 - 02168832 _____ (Farbar) C:\Users\jana_2\Desktop\FRST64.exe
2015-07-29 08:27 - 2015-07-29 08:27 - 00000470 _____ C:\Users\jana_2\Desktop\defogger_disable.log
2015-07-29 08:27 - 2015-07-29 08:27 - 00000000 _____ C:\Users\Jana\defogger_reenable
2015-07-29 08:26 - 2015-07-29 08:26 - 00050477 _____ C:\Users\jana_2\Desktop\Defogger.exe
2015-07-28 22:43 - 2015-07-28 22:43 - 00000000 ____D C:\Program Files\Common Files\AV
2015-07-28 22:43 - 2015-07-28 17:52 - 00821920 _____ (Safer-Networking Ltd. ) C:\Users\Public\Desktop\Post Win10 Spybot-install.exe
2015-07-28 22:27 - 2015-07-28 22:27 - 00001395 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2015-07-28 22:27 - 2015-07-28 22:27 - 00001383 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2015-07-28 22:27 - 2015-07-28 22:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2015-07-28 22:27 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2015-07-28 22:22 - 2015-07-28 22:22 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2015-07-28 22:16 - 2015-07-28 22:58 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2015-07-28 22:16 - 2015-07-28 22:56 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-07-28 22:16 - 2015-07-28 22:16 - 00000656 _____ C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job
2015-07-28 22:16 - 2015-07-28 22:16 - 00000628 _____ C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2015-07-28 22:16 - 2015-07-28 22:16 - 00000458 _____ C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job
2015-07-28 21:40 - 2015-07-28 22:07 - 00000135 _____ C:\Users\jana_2\Desktop\gambali64.dll.txt
2015-07-28 21:32 - 2015-07-28 21:32 - 00000804 _____ C:\Users\jana_2\Desktop\adwcleaner_4.112.lnk
2015-07-26 18:54 - 2015-07-26 18:54 - 00000000 ____D C:\Users\jana_2\Documents\Electronic Arts
2015-07-26 18:36 - 2015-07-28 22:22 - 00000085 _____ C:\Windows\wininit.ini
2015-07-26 18:36 - 2015-07-26 18:36 - 00001147 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA Download Manager.lnk
2015-07-26 18:36 - 2015-07-26 18:36 - 00001135 _____ C:\Users\Public\Desktop\EA Download Manager.lnk
2015-07-26 18:36 - 2015-07-26 18:36 - 00000195 _____ C:\Windows\DirectX.log
2015-07-26 18:36 - 2015-07-26 18:36 - 00000000 ____D C:\Program Files (x86)\Microsoft WSE
2015-07-26 18:36 - 2008-09-04 20:17 - 00447752 ____R (On2.com) C:\Windows\SysWOW64\vp6vfw.dll
2015-07-26 18:35 - 2015-07-26 18:35 - 00002086 _____ C:\Users\Public\Desktop\Die*Sims™*3.lnk
2015-07-26 18:35 - 2006-09-28 16:05 - 03977496 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_31.dll
2015-07-26 18:35 - 2006-09-28 16:05 - 02414360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_31.dll
2015-07-26 18:17 - 2015-07-26 18:36 - 00000000 ____D C:\Program Files (x86)\Electronic Arts
2015-07-21 08:28 - 2015-07-14 22:11 - 00035328 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-07-21 08:28 - 2015-07-14 22:09 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-07-21 08:28 - 2015-07-14 21:43 - 00366592 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-07-21 08:28 - 2015-07-14 21:43 - 00304128 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-07-15 18:47 - 2015-06-29 18:18 - 00026288 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-07-15 18:47 - 2015-06-29 15:28 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-07-15 18:47 - 2015-06-29 15:27 - 01084928 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-07-15 18:47 - 2015-06-29 15:27 - 00764928 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-07-15 18:47 - 2015-06-29 15:27 - 00433152 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-07-15 18:47 - 2015-06-29 15:27 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-07-15 18:47 - 2015-06-29 15:27 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-07-15 18:47 - 2015-06-26 15:07 - 01145856 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-07-15 18:47 - 2015-04-30 15:44 - 00478296 _____ C:\Windows\SysWOW64\locale.nls
2015-07-15 18:47 - 2015-04-30 15:44 - 00478296 _____ C:\Windows\system32\locale.nls
2015-07-15 18:47 - 2015-04-21 15:53 - 01174528 _____ (Microsoft Corporation) C:\Windows\system32\sppobjs.dll
2015-07-15 18:46 - 2015-05-07 15:05 - 00410739 _____ C:\Windows\system32\ApnDatabase.xml
2015-07-14 22:39 - 2015-06-27 18:36 - 00171352 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-07-14 22:39 - 2015-06-27 15:56 - 00452608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SHCore.dll
2015-07-14 22:39 - 2015-06-27 15:55 - 00668160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-07-14 22:39 - 2015-06-27 15:55 - 00273920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-07-14 22:39 - 2015-06-27 15:46 - 01314816 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-07-14 22:39 - 2015-06-27 15:46 - 00829952 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-07-14 22:39 - 2015-06-27 15:46 - 00588800 _____ (Microsoft Corporation) C:\Windows\system32\SHCore.dll
2015-07-14 22:39 - 2015-06-27 15:46 - 00318464 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-07-14 22:39 - 2015-06-27 15:23 - 00694784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-07-14 22:39 - 2015-06-25 20:29 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-07-14 22:39 - 2015-06-25 20:27 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-07-14 22:38 - 2015-07-02 22:31 - 19291136 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-07-14 22:38 - 2015-07-02 21:15 - 14384640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-07-14 22:38 - 2015-06-27 15:55 - 02865152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-07-14 22:38 - 2015-06-27 15:46 - 03960320 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-07-14 22:38 - 2015-01-07 06:25 - 00403456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-07-14 22:37 - 2015-06-15 17:22 - 13771264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-07-14 22:37 - 2015-06-15 17:22 - 02056704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-07-14 22:37 - 2015-06-15 17:22 - 01763328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-07-14 22:37 - 2015-06-15 17:22 - 01181696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-07-14 22:37 - 2015-06-15 17:22 - 00737280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-07-14 22:37 - 2015-06-15 17:22 - 00690176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-07-14 22:37 - 2015-06-15 17:22 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-07-14 22:37 - 2015-06-15 17:22 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-07-14 22:37 - 2015-06-15 17:22 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-07-14 22:37 - 2015-06-15 17:22 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-07-14 22:37 - 2015-06-15 17:22 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-07-14 22:37 - 2015-06-15 17:22 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-07-14 22:37 - 2015-06-15 17:20 - 15415296 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-07-14 22:37 - 2015-06-15 17:20 - 02656768 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-07-14 22:37 - 2015-06-15 17:20 - 02237440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-07-14 22:37 - 2015-06-15 17:20 - 01409024 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-07-14 22:37 - 2015-06-15 17:20 - 00949760 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-07-14 22:37 - 2015-06-15 17:20 - 00856064 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-07-14 22:37 - 2015-06-15 17:20 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-07-14 22:37 - 2015-06-15 17:20 - 00601600 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-07-14 22:37 - 2015-06-15 17:20 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-07-14 22:37 - 2015-06-15 17:20 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-07-14 22:37 - 2015-06-15 17:19 - 01509376 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-07-14 22:37 - 2015-06-15 17:19 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-07-14 22:36 - 2015-06-25 03:54 - 04064768 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-07-14 22:36 - 2015-06-17 16:13 - 01150264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2015-07-14 22:36 - 2015-06-17 15:44 - 01567560 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2015-07-14 22:36 - 2015-06-15 17:22 - 08858112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2015-07-14 22:36 - 2015-06-15 17:22 - 02416640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2015-07-14 22:36 - 2015-06-15 17:22 - 02037760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-07-14 22:36 - 2015-06-15 17:22 - 00062976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2015-07-14 22:36 - 2015-06-15 17:21 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2015-07-14 22:36 - 2015-06-15 17:20 - 10116608 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2015-07-14 22:36 - 2015-06-15 17:20 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-07-14 22:36 - 2015-06-15 17:19 - 02307072 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-07-14 22:36 - 2015-06-11 22:29 - 01302528 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-07-14 22:36 - 2015-06-11 18:27 - 01024000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-07-14 22:36 - 2015-06-09 15:57 - 03248640 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-06-30 23:46 - 2015-06-30 23:46 - 06162288 _____ ( ) C:\Users\jana_2\Downloads\adblockplusie-1.4.exe
2015-06-30 23:42 - 2015-06-30 23:42 - 00002319 _____ C:\Users\Jana\Desktop\Adblock Plus für Internet Explorer - CHIP Downloader.lnk
2015-06-30 23:41 - 2015-06-30 23:41 - 01198368 _____ C:\Users\jana_2\Downloads\adblockplusie-1.4 - CHIP-Installer.exe

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2015-07-30 22:40 - 2015-02-20 12:13 - 01801071 _____ C:\Windows\WindowsUpdate.log
2015-07-30 22:39 - 2015-06-11 02:54 - 00001124 _____ C:\Users\Public\Desktop\Avira.lnk
2015-07-30 22:39 - 2015-03-03 12:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-07-30 22:39 - 2015-03-03 12:17 - 00000000 ____D C:\ProgramData\Package Cache
2015-07-30 22:37 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\system32\sru
2015-07-30 20:01 - 2015-02-20 20:55 - 00753134 _____ C:\Windows\system32\perfh007.dat
2015-07-30 20:01 - 2015-02-20 20:55 - 00155826 _____ C:\Windows\system32\perfc007.dat
2015-07-30 20:01 - 2012-07-26 09:28 - 01745416 _____ C:\Windows\system32\PerfStringBackup.INI
2015-07-30 19:53 - 2012-07-26 09:22 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-30 17:28 - 2015-03-09 20:49 - 00000000 ____D C:\Program Files (x86)\Lavasoft
2015-07-30 17:28 - 2015-03-09 20:48 - 00000000 ____D C:\Users\Jana\AppData\Roaming\Lavasoft
2015-07-30 17:28 - 2015-03-09 20:48 - 00000000 ____D C:\ProgramData\Lavasoft
2015-07-30 17:28 - 2015-03-01 19:26 - 00000000 ____D C:\Users\Jana\AppData\Roaming\12345678-1425234414-5678-90AB-CDDEEFAABBCC
2015-07-29 21:43 - 2015-03-04 19:01 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4169945393-979611324-1072499311-1005
2015-07-29 08:27 - 2015-02-23 19:17 - 00000000 ____D C:\Users\Jana
2015-07-28 22:24 - 2012-07-26 07:39 - 00535730 _____ C:\Windows\PFRO.log
2015-07-28 21:21 - 2015-02-23 19:18 - 00001013 _____ C:\Users\Jana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-07-28 21:14 - 2012-07-26 09:21 - 00550714 _____ C:\Windows\setupact.log
2015-07-27 00:05 - 2015-03-03 12:35 - 00148632 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-07-27 00:05 - 2015-03-03 12:35 - 00137288 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-07-26 23:54 - 2015-06-24 23:05 - 00002159 _____ C:\Windows\system32\ScanResults.xml
2015-07-26 23:51 - 2015-06-24 23:02 - 00000464 _____ C:\Windows\system32\ScannerSettings
2015-07-26 23:32 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\rescache
2015-07-26 20:03 - 2012-07-26 07:26 - 00524288 ___SH C:\Windows\system32\config\BBI
2015-07-26 18:17 - 2012-07-26 11:06 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-07-26 13:23 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\AUInstallAgent
2015-07-26 00:11 - 2015-04-01 21:12 - 00307896 _____ C:\Windows\system32\FNTCACHE.DAT
2015-07-22 10:39 - 2015-03-11 21:09 - 00000000 ____D C:\Users\jana_2\AppData\Local\CrashDumps
2015-07-21 22:42 - 2012-07-26 09:59 - 00000000 ____D C:\Windows\CbsTemp
2015-07-20 09:21 - 2015-04-18 19:57 - 00000000 ____D C:\Users\jana_2\Documents\Bewerbungsvorlagen
2015-07-19 13:29 - 2015-03-04 00:57 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-07-19 13:29 - 2015-03-04 00:57 - 00000000 ____D C:\Windows\system32\appraiser
2015-07-19 13:29 - 2015-03-04 00:17 - 00000000 ____D C:\Windows\system32\MRT
2015-07-19 13:29 - 2012-07-26 10:12 - 00000000 ___RD C:\Windows\ToastData
2015-07-13 23:22 - 2015-03-03 12:26 - 00792032 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-07-13 23:22 - 2015-03-03 12:26 - 00177632 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-07-07 21:43 - 2015-03-03 12:30 - 00000000 ____D C:\Program Files (x86)\Avira
2015-07-03 08:43 - 2015-03-04 00:17 - 130333168 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2015-03-03 11:24 - 2015-03-04 08:25 - 0000067 _____ () C:\Users\Jana\AppData\Roaming\WB.CFG
2015-02-20 12:27 - 2015-02-20 12:27 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Einige Dateien in TEMP:
====================
C:\Users\Jana\AppData\Local\Temp\avgnt.exe
C:\Users\Jana\AppData\Local\Temp\ReimagePackage.exe
C:\Users\Jana\AppData\Local\Temp\ReiSysUpdate.exe
C:\Users\jana_2\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap Check =================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\Windows\System32\winlogon.exe => Datei ist digital signiert
C:\Windows\System32\wininit.exe => Datei ist digital signiert
C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert
C:\Windows\System32\svchost.exe => Datei ist digital signiert
C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert
C:\Windows\System32\services.exe => Datei ist digital signiert
C:\Windows\System32\User32.dll => Datei ist digital signiert
C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert
C:\Windows\System32\userinit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert
C:\Windows\System32\rpcss.dll => Datei ist digital signiert
C:\Windows\System32\Drivers\volsnap.sys => Datei ist digital signiert


LastRegBack: 2015-07-26 23:22

==================== Ende von log ============================

und additions
Code:

Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:30-07-2015
durchgeführt von Jana (2015-07-30 22:41:39)
Gestartet von C:\Users\jana_2\Desktop
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-4169945393-979611324-1072499311-500 - Administrator - Disabled)
Gast (S-1-5-21-4169945393-979611324-1072499311-501 - Limited - Disabled)
Jana (S-1-5-21-4169945393-979611324-1072499311-1001 - Administrator - Enabled) => C:\Users\Jana
jana_2 (S-1-5-21-4169945393-979611324-1072499311-1005 - Limited - Enabled) => C:\Users\jana_2

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

Acer Device Fast-lane (HKLM\...\{3F62D2FD-13C1-49A2-8B5D-47623D9460D7}) (Version: 1.00.3011 - Acer Incorporated)
Acer Instant Update Service (HKLM\...\{81C6F800-A69B-4E70-9DC0-74732F8B00E7}) (Version: 1.00.3015 - Acer Incorporated)
Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.3013 - Acer Incorporated)
Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.3016 - Acer Incorporated)
Acer Theft Shield (HKLM\...\{8ADB0CD2-4E5A-452F-BB3B-3A2984CAC749}) (Version: 1.01.3006 - Acer Incorporated)
Acer USB Charge Manager (HKLM\...\{07E867C5-0C48-40FF-A013-DDAF4565AD47}) (Version: 2.00.3003 - Acer Incorporated)
AcerCloud Docs (HKLM-x32\...\{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}) (Version: 1.01.2008 - Acer Incorporated)
AcerCloud Portal (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 2.02.2021 - Acer Incorporated)
Ad-Aware Web Companion (x32 Version: 1.1.908.1803 - Lavasoft) Hidden
Apple Application Support (32-Bit) (HKLM-x32\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
Apple Application Support (64-Bit) (HKLM\...\{D7B824DE-DA32-4772-9E5E-39C5158136A7}) (Version: 3.1.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avira (HKLM-x32\...\{a5e00a72-db4a-4f77-8874-d1265b8fcd7e}) (Version: 1.1.42.10415 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.42.10415 - Avira Operations GmbH & Co. KG) Hidden
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.12.408 - Avira Operations GmbH & Co. KG)
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
clear.fi Media (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 2.02.2012 - Acer Incorporated)
clear.fi Photo (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 2.02.2016 - Acer Incorporated)
clear.fi SDK - Video 2 (x32 Version: 2.1.2606 - CyberLink Corp.) Hidden
clear.fi SDK- Movie 2 (x32 Version: 2.1.2606 - CyberLink Corp.) Hidden
CyberLink MediaEspresso 6.5 (HKLM-x32\...\InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}) (Version: 6.5.3729_45993 - CyberLink Corp.)
Delicious: Emily's Childhood Memories Premium Edition (x32 Version: 3.0.2.32 - WildTangent) Hidden
Die*Sims™*3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.0.631 - Electronic Arts)
Dolby Home Theater v4 (HKLM-x32\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.8000.16 - Dolby Laboratories Inc)
EA Download Manager (HKLM-x32\...\EADM) (Version: 5.0.0.255 - Electronic Arts, Inc.)
eBay Worldwide (HKLM-x32\...\{91589413-6675-4C27-8AFC-EFB9103B90A5}) (Version: 2.4.0105 - OEM)
ETDWare PS/2-X64 11.6.19.204_WHQL (HKLM\...\Elantech) (Version: 11.6.19.204 - ELAN Microelectronic Corp.)
ExpressCache (HKLM\...\{C123584F-9C84-45E8-AE5F-522328BB79A0}) (Version: 1.0.100.0 - Condusiv Technologies)
Free YouTube to MP3 Converter version 3.12.56.301 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.56.301 - DVDVideoSoft Ltd.)
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
iCloud (HKLM\...\{709A2D23-C25E-47B5-9268-CB6FEE648504}) (Version: 4.1.1.53 - Apple Inc.)
Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.3006 - Acer Incorporated)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2867 - Intel Corporation)
Intel(R) Rapid Start Technology (HKLM-x32\...\3D073343-CEEB-4ce7-85AC-A69A7631B5D6) (Version: 2.1.0.1002 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.4.1001 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
iTunes (HKLM\...\{93F2A022-6C37-48B8-B241-FFABD9F60C30}) (Version: 12.1.2.27 - Apple Inc.)
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
Launch Manager (HKLM-x32\...\LManager) (Version: 7.0.10 - Acer Inc.)
LavasoftTcpService (x32 Version: 2.3.3.0 - Lavasoft) Hidden
Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.3010 - Acer Incorporated)
Magic Academy (x32 Version: 2.2.0.98 - WildTangent) Hidden
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Nero BackItUp 12 Essentials OEM.a01 (HKLM-x32\...\{4CA8F973-6377-4ABF-9ED5-CC2323B3C000}) (Version: 12.5.00500 - Nero AG)
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.2.3.51r2 - Symantec Corporation)
Norton Online Backup ARA (x32 Version: 4.1.0.14 - Symantec Corporation) Hidden
Office Addin (HKLM-x32\...\{6D2BBE1D-E600-4695-BA37-0B0E605542CC}) (Version: 2.02.2008 - Acer)
Office Addin 2003 (HKLM-x32\...\{1FCC073B-CC01-4443-AD20-E559F66E6E83}) (Version: 2.02.2008 - Acer)
OpenOffice 4.1.1 (HKLM-x32\...\{ACD0FFF9-6B35-43C1-82DB-9FF6990E8602}) (Version: 4.11.9775 - Apache Software Foundation)
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
Prerequisite installer (x32 Version: 12.0.0003 - Nero AG) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.220 - Qualcomm Atheros Communications)
Qualcomm Atheros WLAN and Bluetooth Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 11.41 - Qualcomm Atheros)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6695 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.2.8400.28124 - Realtek Semiconductor Corp.)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Sleep Memory Optimizer (HKLM\...\{A10FCEC8-5523-4C2D-8B42-091B48EDEB55}) (Version: 1.01.3000 - Acer Incorporated)
Smart Timer (HKLM-x32\...\{89DB52FC-EA72-468F-A0C7-150AF8B7AB74}) (Version: 1.00.3007 - Acer Incorporated)
Spotify (HKLM-x32\...\Spotify) (Version: 0.8.4.99.ga249b5f1 - Spotify AB)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden
TuneUp Utilities 2014 (de-DE) (x32 Version: 14.0.1000.340 - TuneUp Software) Hidden
TuneUp Utilities 2014 (HKLM-x32\...\TuneUp Utilities) (Version: 14.0.1000.340 - TuneUp Software)
TuneUp Utilities 2014 (x32 Version: 14.0.1000.340 - TuneUp Software) Hidden
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Visual Studio 2005 Tools for Office Second Edition Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version:  - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version:  - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)
Web Companion (HKLM-x32\...\{AB75B78F-CFFA-4027-A8DC-94357F2F77EE}_WebCompanion) (Version: 1.1.908.1803 - Lavasoft)
Websuche (HKLM-x32\...\Websuche) (Version:  - Websuche)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (x32 Version: 4.0.10.5 - WildTangent) Hidden

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Wiederherstellungspunkte =========================

10-07-2015 23:04:45 Windows Update
14-07-2015 23:33:23 Windows Update
19-07-2015 13:26:10 Windows Update
26-07-2015 16:50:29 Geplanter Prüfpunkt
28-07-2015 22:46:20 Removed Adblock Plus für IE (32-Bit- und 64-Bit)
30-07-2015 17:27:09 JRT Pre-Junkware Removal

==================== Hosts Inhalt: ===============================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2012-07-26 07:26 - 2012-07-26 07:26 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {06E59483-40C7-4718-9959-F4C7047C2A3C} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {152FA708-89B9-45EE-A274-67A1F933C837} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
Task: {1F07A8B5-C294-4D4F-B957-D781844C3C84} - \Binkiland fara No Task File <==== ACHTUNG
Task: {2327618B-C95D-432F-B110-A4182FC4B16D} - System32\Tasks\Theft Shield\AcerTheftShieldTask => C:\Program Files\Acer\Acer Theft Shield\USecuAppLauncher.exe [2012-11-12] (Acer Incorporated)
Task: {2EA09E34-6F4F-4311-ABCA-3D56A86F7372} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-07-03] (Microsoft Corporation)
Task: {346682C3-8791-4B44-BE6D-0ACF1F915017} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {3BB4D62C-CA47-4C58-9ECC-D0802AB0D672} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTray.exe [2013-03-15] (Acer Incorporated)
Task: {451EEAC3-D663-4720-B446-46B73C4CB2A9} - System32\Tasks\DeviceDetector => C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe [2013-02-08] (CyberLink)
Task: {539C2416-AA1E-48D6-8642-5DF6C289DC65} - System32\Tasks\ALU => C:\Program Files (x86)\Acer\Live Updater\updater.exe [2013-03-13] ()
Task: {53BFDC1B-20FB-4D94-AA3C-C2359EF731F0} - System32\Tasks\Smart Timer Task Scheduler => C:\Program Files\Smart Timer\Smart_Timer.exe [2012-06-22] (Acer Incorporated)
Task: {598004A5-58C7-43A3-8DB5-261A7A160C8D} - System32\Tasks\Recovery Management\Notification => C:\Program Files\Acer\Acer Recovery Management\Notification\Notification.exe [2013-01-23] (Acer Incorporated)
Task: {676B01E3-0DAF-4644-B566-7CF8AEF4E019} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {9B4AA929-C6AA-43FC-AA6E-C5898616E75F} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Acer\Live Updater\liveupdater_agent.exe [2013-01-22] ()
Task: {C737C8AC-632D-4FFF-8DBD-A12780A04E9E} - System32\Tasks\iuEmailOutlookAgent => C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe [2013-02-08] ()

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job => 0x02060100B7CB792724623143951DEDDC408332D746005E020000000000000000200000000014730F000000000313040000248005000000000000000000000000000000000000400043003A005C00500072006F006700720061006D002000460069006C00650073002000280078003800360029005C0053007000790062006F00740020002D002000530065006100720063006800200026002000440065007300740072006F007900200032005C00530044005500700064006100740065002E0065007800650000002B002F006100750074006F0075007000640061007400650020002F00730069006C0065006E00740020002F006100750074006F0063006C006F007300650020002F006200610063006B00670072006F0075006E006400000000001C0053007000790062006F00740020002D002000530065006100720063006800200026002000440065007300740072006F0079002000320000007A00540068006900730020007400610073006B002000770069006C006C00200072006500670075006C00610072006C007900200063006800650063006B00200066006F007200200073006F00660074007700610072006500200075007000640061007400650073002C00200061006E006400200069006E007300740061006C006C00200061006E007900200061007600610069006C00610062006C006500200075007000640061007400650073002C00200074006F00200065006E007300750072006500200079006F00750020006100720065002000770065006C006C002D00700072006F007400650063007400650064002E000000000008000313040000000000010030000000DF0707001C000000000000001600100000000000000000000000000007000000010000000000000000000000
Task: C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job => 0x020601003767733BC09E28419F45C69E615C5CBA460042020000000000000000200000000014730F000000000313040000208001000000000000000000000000000000000000420043003A005C00500072006F006700720061006D002000460069006C00650073002000280078003800360029005C0053007000790062006F00740020002D002000530065006100720063006800200026002000440065007300740072006F007900200032005C005300440049006D006D0075006E0069007A0065002E0065007800650000001D002F0069006D006D0075006E0069007A00650020002F00730069006C0065006E00740020002F006100750074006F0063006C006F0073006500000000001C0053007000790062006F00740020002D002000530065006100720063006800200026002000440065007300740072006F0079002000320000007800540068006900730020007400610073006B002000770069006C006C002000750070006400610074006500200079006F0075007200200069006D006D0075006E0069007A006100740069006F006E002C0020006B0065006500700069006E006700200079006F00750072002000620072006F00770073006500720073002000700072006F00740065006300740065006400200061006700610069006E007300740020006B006E006F0077006E0020006D0061006C0077006100720065002000730069007400650073002C00200063006F006F006B00690065007300200061006E00640020006D006F00720065002E000000000008000313040000000000010030000000DF0707001C0000000000000000001E0000000000000000000000000002000000010008000000000000000000
Task: C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job => 0x020601001C3EA65BA0A6164F93BAF53EEA8DA23C460098010000000000000000200000000014730F0000000003130400C02080010000000000000000000000000000000000003E0043003A005C00500072006F006700720061006D002000460069006C00650073002000280078003800360029005C0053007000790062006F00740020002D002000530065006100720063006800200026002000440065007300740072006F007900200032005C00530044005300630061006E002E00650078006500000012002F007300630061006E0020002F0063006C00650061006E0063006C006F0073006500000000001C0053007000790062006F00740020002D002000530065006100720063006800200026002000440065007300740072006F007900200032000000320041002000660075006C006C002000730079007300740065006D0020007300630061006E0020006900730020007200650063006F006D006D0065006E0064006500640020006F006E0063006500200070006500720020006D006F006E00740068002E000000000008000313040000000000010030000000DF0707001C0000000000000000001E000000000000000000000000000300000001000000FF0F000000000000

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2015-02-13 04:20 - 2015-02-13 04:20 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-02-13 04:20 - 2015-02-13 04:20 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-07-16 11:24 - 2014-07-16 11:24 - 00699704 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\avgrepliba.dll
2012-07-26 08:16 - 2013-01-02 08:55 - 00175008 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe\ModernShared\ErrorReporting\ErrorReporting.dll
2013-01-28 15:45 - 2013-01-28 15:45 - 00011264 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2013-01-28 15:42 - 2013-01-28 15:42 - 00084992 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\Map\MAP.dll
2013-01-28 15:47 - 2013-01-28 15:47 - 00012928 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
2012-07-26 08:12 - 2012-10-23 05:37 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-02-08 23:24 - 2013-02-08 23:24 - 00025672 _____ () C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe
2015-07-28 22:27 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2015-07-28 22:27 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2015-07-28 22:27 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2015-07-28 22:27 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2015-07-28 22:27 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2015-02-20 12:21 - 2012-06-25 04:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2015-02-13 04:20 - 2015-02-13 04:20 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)


==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Gambali => ""="service"

==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer trusted/restricted ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)


==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-4169945393-979611324-1072499311-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Jana\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\internet explorer wallpaper.bmp
HKU\S-1-5-21-4169945393-979611324-1072499311-1005\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\acer01.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "Norton Online Backup"
HKLM\...\StartupApproved\Run32: => "QuickTime Task"
HKU\S-1-5-21-4169945393-979611324-1072499311-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_07DA3CE883BD1F9841CD364530C0BE12"
HKU\S-1-5-21-4169945393-979611324-1072499311-1001\...\StartupApproved\Run: => "InetStat"
HKU\S-1-5-21-4169945393-979611324-1072499311-1001\...\StartupApproved\Run: => "Optimizer Pro"

==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{9E9D23D0-F011-45E9-83B3-85B64A500DA7}] => (Allow) C:\Program Files\Acer\Acer Theft Shield\USecuAppClient.exe
FirewallRules: [{2FF2B3A5-BCDD-41F5-9FD8-8ED4FEFDBDAC}] => (Allow) C:\Program Files (x86)\Nero\Nero 12\Nero BackItUp\BackItUp.exe
FirewallRules: [{406F23DA-0FA5-4E58-B756-9DB136CC6E52}] => (Allow) C:\Program Files (x86)\Nero\Nero 12\Nero BackItUp\BackItUp.exe
FirewallRules: [{B62F9311-BA93-4448-AF14-E570A581062C}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [{4385B1D2-6D6D-4D9B-B318-6E521C6506C6}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [{8D735DDF-C6E5-414F-890B-605C61CFAAB3}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{F02A9E74-62FE-4F1D-A948-D0D37BC7EF19}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{EAF6DC99-34E6-4062-8CF6-5A8241D640CE}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\DMCDaemon.exe
FirewallRules: [{0006A0BF-04E5-4AB5-BEBA-450FAC98142C}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\DMCDaemon.exe
FirewallRules: [{26D21E3A-BCFD-4AE1-ABBB-DC97474B8BAB}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\WindowsUpnpMV.exe
FirewallRules: [{D8141F09-BA8C-4C02-967F-1690838ED757}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\WindowsUpnpMV.exe
FirewallRules: [{6DA718DA-6F8E-414A-8B89-FCE3244979A9}] => (Allow) C:\Program Files (x86)\Acer\clear.fi SDK21\Video\VideoPlayer.exe
FirewallRules: [{5BF580FF-3C09-4DF0-9551-3C61EDE2DA22}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\DMCDaemon.exe
FirewallRules: [{092A534A-92BF-432F-8676-29C189AD2AF9}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\DMCDaemon.exe
FirewallRules: [{4DA492AC-497F-4419-9010-C45A70DB743F}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\WindowsUpnp.exe
FirewallRules: [{FE790E46-152C-45BE-994F-FC77A8229A84}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\WindowsUpnp.exe
FirewallRules: [{1E3C2853-29C0-4B4C-BE11-D6F89D86A4DF}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\ccd.exe
FirewallRules: [{946B30D0-C1A7-474A-863B-AE02230EB63E}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\ccd.exe
FirewallRules: [{39562E16-F435-4E8A-B238-BD6CFDF96BDF}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\Sdd.exe
FirewallRules: [{46FF6E56-6F64-41E1-910B-4F254FD616E7}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\Sdd.exe
FirewallRules: [{A530BDA9-5701-4570-B669-07561B804619}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\virtualdrive.exe
FirewallRules: [{B5DC16D3-D43B-4695-AA27-64A5ABF093AE}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\virtualdrive.exe
FirewallRules: [{2D99B99F-5F0E-4FFC-A511-0BEBAD1A39DA}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{36AB55F8-80D3-446F-AD17-2326D629F66D}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{29CAA79F-AAEC-48B9-BDE8-F621CAEB390E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{B435C2E1-E817-43CB-9810-523FD00745BC}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{E0B2C091-3AFA-4EB1-B757-EAD447AB749B}] => (Allow) C:\Program Files\iTunes\iTunes.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Fehlerhafte Geräte im Gerätemanager =============

Name: Bluetooth USB Module
Description: Bluetooth USB Module
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: Qualcomm Atheros Communications
Service: BTHUSB
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (07/29/2015 09:59:12 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm itkcgws0.exe, Version 2.1.19357.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: e18

Startzeit: 01d0ca38b91b3554

Endzeit: 16

Anwendungspfad: C:\Users\jana_2\Desktop\itkcgws0.exe

Berichts-ID: 45d08762-362c-11e5-bea1-4c72b9a2fada

Vollständiger Name des fehlerhaften Pakets:

Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (07/25/2015 11:51:21 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15500

Error: (07/25/2015 11:51:21 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15500

Error: (07/23/2015 11:36:23 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/22/2015 10:39:24 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 10.0.9200.17377, Zeitstempel: 0x55663e2e
Name des fehlerhaften Moduls: AdblockPlus32.dll, Version: 1.4.0.0, Zeitstempel: 0x54edf8a0
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0001c9d3
ID des fehlerhaften Prozesses: 0x3c80
Startzeit der fehlerhaften Anwendung: 0xIEXPLORE.EXE0
Pfad der fehlerhaften Anwendung: IEXPLORE.EXE1
Pfad des fehlerhaften Moduls: IEXPLORE.EXE2
Berichtskennung: IEXPLORE.EXE3
Vollständiger Name des fehlerhaften Pakets: IEXPLORE.EXE4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: IEXPLORE.EXE5

Error: (07/20/2015 09:39:36 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 665141

Error: (07/20/2015 09:39:36 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 665141

Error: (07/20/2015 09:39:36 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/20/2015 08:53:03 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 31561360

Error: (07/20/2015 08:53:03 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 31561360


Systemfehler:
=============
Error: (07/30/2015 07:53:58 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "LavasoftTcpService" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error: (07/30/2015 05:40:02 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "LavasoftTcpService" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error: (07/30/2015 05:28:43 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "LavasoftTcpService" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error: (07/30/2015 05:27:46 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (07/30/2015 05:27:46 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel(R) Management and Security Application User Notification Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (07/30/2015 05:27:46 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Nero Update" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (07/30/2015 05:27:46 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "IconMan_R" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (07/30/2015 05:27:45 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "ePower Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (07/30/2015 05:27:44 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Spybot-S&D 2 Security Center Service" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (07/30/2015 05:27:43 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Avira Service Host" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.


Microsoft Office:
=========================
Error: (07/29/2015 09:59:12 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: itkcgws0.exe2.1.19357.0e1801d0ca38b91b355416C:\Users\jana_2\Desktop\itkcgws0.exe45d08762-362c-11e5-bea1-4c72b9a2fada

Error: (07/25/2015 11:51:21 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15500

Error: (07/25/2015 11:51:21 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15500

Error: (07/23/2015 11:36:23 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/22/2015 10:39:24 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE10.0.9200.1737755663e2eAdblockPlus32.dll1.4.0.054edf8a0c00000050001c9d33c8001d0c459cf00d1a1C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Program Files\Adblock Plus for IE\AdblockPlus32.dll272a8acb-304d-11e5-be96-4c72b9a2fada

Error: (07/20/2015 09:39:36 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 665141

Error: (07/20/2015 09:39:36 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 665141

Error: (07/20/2015 09:39:36 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/20/2015 08:53:03 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 31561360

Error: (07/20/2015 08:53:03 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 31561360


==================== Speicherinformationen ===========================

Processor: Intel(R) Core(TM) i3-3217U CPU @ 1.80GHz
Percentage of memory in use: 44%
Total physical RAM: 5959.27 MB
Available physical RAM: 3328.59 MB
Total Virtual: 12359.27 MB
Available Virtual: 9218.56 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:222.43 GB) (Free:126.14 GB) NTFS
Drive d: (DATA) (Fixed) (Total:222.43 GB) (Free:222.11 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: B8F3BD3E)

Partition: GPT Partition Type.

========================================================
Disk: 1 (Size: 18.6 GB) (Disk ID: 0D231EBB)

Partition: GPT Partition Type.

==================== Ende von log ============================

Gruß
Stefan, der sich frag, was alles so nebenbei auf dem Laptop geladen wurde....

sbie 01.08.2015 08:15

Zitat:

Zitat von cosinus (Beitrag 1494763)
Ok, frische FRST Logs bitte. Denk an an den Haken bei additions.txt - sonst wird das Log nicht neu erstellt.

Moin,
logs sind da.
Gruß
Stefan

cosinus 01.08.2015 15:52

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

Winsock: Catalog9 05 C:\Windows\SysWOW64\Gambali.dll [318784 2015-03-01] (Gambali OEM Software)
Winsock: Catalog9 06 C:\Windows\SysWOW64\Gambali.dll [318784 2015-03-01] (Gambali OEM Software)
Winsock: Catalog9 07 C:\Windows\SysWOW64\Gambali.dll [318784 2015-03-01] (Gambali OEM Software)
Winsock: Catalog9 08 C:\Windows\SysWOW64\Gambali.dll [318784 2015-03-01] (Gambali OEM Software)
Winsock: Catalog9 20 C:\Windows\SysWOW64\Gambali.dll [318784 2015-03-01] (Gambali OEM Software)
Winsock: Catalog9-x64 05 C:\Windows\system32\Gambali64.dll [364120 2015-03-01] (Gambali OEM Software)
Winsock: Catalog9-x64 06 C:\Windows\system32\Gambali64.dll [364120 2015-03-01] (Gambali OEM Software)
Winsock: Catalog9-x64 07 C:\Windows\system32\Gambali64.dll [364120 2015-03-01] (Gambali OEM Software)
Winsock: Catalog9-x64 08 C:\Windows\system32\Gambali64.dll [364120 2015-03-01] (Gambali OEM Software)
Winsock: Catalog9-x64 20 C:\Windows\system32\Gambali64.dll [364120 2015-03-01] (Gambali OEM Software)
FF Extension: Avira Browser Safety - C:\Users\Jana\AppData\Roaming\Mozilla\Firefox\Profiles\RnIIPMza.default\Extensions\abs@avira.com
FF HKU\S-1-5-21-4169945393-979611324-1072499311-1001\...\Firefox\Extensions: [{ba2c82b0-7fa8-11e4-b4a9-0800200c9a66}] - C:\Users\Jana\AppData\Local\Temp\search.xpi
CHR HKLM\SOFTWARE\Policies\Google: Richtlinienbeschränkung <======= ACHTUNG
C:\Users\Jana\Desktop\Adblock Plus für Internet Explorer - CHIP Downloader.lnk
C:\Users\jana_2\Downloads\adblockplusie-1.4 - CHIP-Installer.exe
C:\Users\Jana\AppData\Roaming\12345678-1425234414-5678-90AB-CDDEEFAABBCC
C:\Windows\SysWOW64\Gambali.dll
C:\Windows\system32\Gambali64.dll
Task: {1F07A8B5-C294-4D4F-B957-D781844C3C84} - \Binkiland fara No Task File <==== ACHTUNG
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Gambali => ""="service"
EmptyTemp:


Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.


sbie 02.08.2015 06:27

Moin,
habe die fixlist.txt erstellt, frst gestartet, entfernen geklickt.
Programm lief durch.
log wurde erstellt. Habe dann den verlangten Neustart ausgeführt weil ich den IE nicht mehr nutzen konnte.
Laptop startete sehr langsam.
Dann start Internet Explorer.
Der startet nun seit 30 Minuten.

Kann nichts mehr machen.

Schreibe dies hier von einem anderen Laptop.

Gruß
Stefan

Moin,
Laptop lief die ganze Nacht, allerdings war der Bildschirm blau, Statusleiste war grau ohne Inhalt.
Konnte den Laptop Neustarten, habe mich dann als Admin angemeldet, laptop ist sehr langsan, Windows 8 Oberfläche erscheint. Klick auf Desktop Kachel, lange warten, Desktop erscheint. Nun ist Spybot - Search & Destroy gestartet, sieht jedenfalls so aus, in der Statusleiste (Taskleiste?) ist es mit Admin Kennzeichen aufgeführt. Klick darauf und wieder passiert nichts, Bildschirm ist diesmal Rotbraun, Statusleiste ist leer (ausser Spannungsversorgung und Lautsprecher Icons).
Taskmananger läßt sich nicht aufrufen.

Was ist zu tun?

Gruß
Stefan

cosinus 02.08.2015 20:42

Ich brauch das Fixlog und neue FRST-Logs.

sbie 03.08.2015 12:30

Moin,
unten das fixlog, erstellt durch frst64 mit fixlist, ausgeführt als admin.
Neue frst logs kann ich nicht erstellen.
Auf dem Desktop passiert nichts mehr bei Rechts oder Doppelklick.
Wollte das frst über cmd Fenster starten, Meldung dann "Anforderung wurde wegen Zeitüberschreitung zurückgegeben".

Code:

Entferungsergebnis von Farbar Recovery Scan Tool (x64) Version:30-07-2015
durchgeführt von Jana (2015-08-01 22:06:57) Run:1
Gestartet von C:\Users\jana_2\Desktop
Geladene Profile: Jana & jana_2 (Verfügbare Profile: Jana & jana_2)
Start-Modus: Normal
==============================================

fixlist Inhalt:
*****************
Winsock: Catalog9 05 C:\Windows\SysWOW64\Gambali.dll [318784 2015-03-01] (Gambali OEM Software)
Winsock: Catalog9 06 C:\Windows\SysWOW64\Gambali.dll [318784 2015-03-01] (Gambali OEM Software)
Winsock: Catalog9 07 C:\Windows\SysWOW64\Gambali.dll [318784 2015-03-01] (Gambali OEM Software)
Winsock: Catalog9 08 C:\Windows\SysWOW64\Gambali.dll [318784 2015-03-01] (Gambali OEM Software)
Winsock: Catalog9 20 C:\Windows\SysWOW64\Gambali.dll [318784 2015-03-01] (Gambali OEM Software)
Winsock: Catalog9-x64 05 C:\Windows\system32\Gambali64.dll [364120 2015-03-01] (Gambali OEM Software)
Winsock: Catalog9-x64 06 C:\Windows\system32\Gambali64.dll [364120 2015-03-01] (Gambali OEM Software)
Winsock: Catalog9-x64 07 C:\Windows\system32\Gambali64.dll [364120 2015-03-01] (Gambali OEM Software)
Winsock: Catalog9-x64 08 C:\Windows\system32\Gambali64.dll [364120 2015-03-01] (Gambali OEM Software)
Winsock: Catalog9-x64 20 C:\Windows\system32\Gambali64.dll [364120 2015-03-01] (Gambali OEM Software)
FF Extension: Avira Browser Safety - C:\Users\Jana\AppData\Roaming\Mozilla\Firefox\Profiles\RnIIPMza.default\Extensions\abs@avira.com
FF HKU\S-1-5-21-4169945393-979611324-1072499311-1001\...\Firefox\Extensions: [{ba2c82b0-7fa8-11e4-b4a9-0800200c9a66}] - C:\Users\Jana\AppData\Local\Temp\search.xpi
CHR HKLM\SOFTWARE\Policies\Google: Richtlinienbeschränkung <======= ACHTUNG
C:\Users\Jana\Desktop\Adblock Plus für Internet Explorer - CHIP Downloader.lnk
C:\Users\jana_2\Downloads\adblockplusie-1.4 - CHIP-Installer.exe
C:\Users\Jana\AppData\Roaming\12345678-1425234414-5678-90AB-CDDEEFAABBCC
C:\Windows\SysWOW64\Gambali.dll
C:\Windows\system32\Gambali64.dll
Task: {1F07A8B5-C294-4D4F-B957-D781844C3C84} - \Binkiland fara No Task File <==== ACHTUNG
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Gambali => ""="service"
EmptyTemp:

*****************

Winsock: Catalog entry 000000000005 => erfolgreich entfernt
Winsock: Catalog entry 000000000006 => erfolgreich entfernt
Winsock: Catalog entry 000000000007 => erfolgreich entfernt
Winsock: Catalog entry 000000000008 => erfolgreich entfernt
Winsock: Catalog entry 000000000020 => erfolgreich entfernt
Winsock: Catalog entry 000000000005 => erfolgreich entfernt
Winsock: Catalog entry 000000000006 => erfolgreich entfernt
Winsock: Catalog entry 000000000007 => erfolgreich entfernt
Winsock: Catalog entry 000000000008 => erfolgreich entfernt
Winsock: Catalog entry 000000000020 => erfolgreich entfernt
FF Extension: Avira Browser Safety - C:\Users\Jana\AppData\Roaming\Mozilla\Firefox\Profiles\RnIIPMza.default\Extensions\abs@avira.com nicht gefunden.
HKU\S-1-5-21-4169945393-979611324-1072499311-1001\Software\Mozilla\Firefox\Extensions\\{ba2c82b0-7fa8-11e4-b4a9-0800200c9a66} => Wert erfolgreich entfernt
"HKLM\SOFTWARE\Policies\Google" => Schlüssel erfolgreich entfernt
C:\Users\Jana\Desktop\Adblock Plus für Internet Explorer - CHIP Downloader.lnk => erfolgreich verschoben.
C:\Users\jana_2\Downloads\adblockplusie-1.4 - CHIP-Installer.exe => erfolgreich verschoben.
C:\Users\Jana\AppData\Roaming\12345678-1425234414-5678-90AB-CDDEEFAABBCC => erfolgreich verschoben.
C:\Windows\SysWOW64\Gambali.dll => erfolgreich verschoben.
C:\Windows\system32\Gambali64.dll => erfolgreich verschoben.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1F07A8B5-C294-4D4F-B957-D781844C3C84}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1F07A8B5-C294-4D4F-B957-D781844C3C84}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Binkiland fara" => Schlüssel erfolgreich entfernt
"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\Gambali" => Schlüssel erfolgreich entfernt
EmptyTemp: => 2.7 GB temporäre Dateien entfernt.


Das System musste neu gestartet werden..

==== Ende von Fixlog 22:07:25 ====



Alle Zeitangaben in WEZ +1. Es ist jetzt 22:25 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132