Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Win7: TrojanDownloader:Win32/Nymaim.C (https://www.trojaner-board.de/152189-win7-trojandownloader-win32-nymaim-c.html)

Sunny Blue 08.04.2014 09:16
Win7: TrojanDownloader:Win32/Nymaim.C
 
Hallo,

also ich habe eine Email bekommen, in der 1. Aprilwoche 2014, dass die Paypal Zahlung nicht überwiesen wurde. Bestellt habe ich nichts und den Empfänger kenne ich auch nicht. Leider habe ich aus Naivität den Anhang geöffnet, es war eine Zip Datei. Nun sagt bei jedem Start des PC's Microsoft Essential "Erkannnte Bedrohungen wurden bereinigt. Keine Aktion erforderlich." Allerdings finde ich im Verlauf: Unter Quarantäne gestellte Elemente: TrojanDownloader:Win32/Nymaim.C
Und gestern konnte ich mich nicht in meine Mail-Postfächer einloggen, da hieß es Ihre IP-Adresse wäre bedroht, ich müsse mich über mein Smart-Phone autorisieren, indem ich die Handy-Nummer eingebe und dann würde ich eine sms mit einem Link erhalten, was aber nicht passiert ist. (Handynr.eingegeben aber keine sms erhalten,wie ich jetzt weiß zum Glück!)
Bis jetzt habe ich nichts weiter unternommen, außer Eure Webseite gefunden, mich registriert, die Regeln gelesen und vom Punkt 2.Informationen zusammenstellen Schritt 1 und 2 gemacht (allersdings habe ich noch nicht die FRST.txt&Addition.txt gepostet)und dieses Thema eröffnet.
Nun Bitte ich um professionelle Hilfe, wie ich weiter vorgehen soll.
Danke schon mal.

schrauber 08.04.2014 09:33
hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)


Sunny Blue 08.04.2014 09:43
Hier die FRST.txt:
FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2014  01 (ATTENTION: ====> FRST version is 26 days old and could be outdated)
Ran by bluejvkeyes (administrator) on BLUEJVKEYES-PC on 08-04-2014 09:28:51
Running from C:\Users\bluejvkeyes\Downloads
Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
(TomTom) C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
(MAGIX AG) C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.23.9\GoogleCrashHandler.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(CyberLink) C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
(CyberLink Corp.) C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(CANON INC.) C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
(SweetIM Technologies Ltd.) C:\Program Files\SweetIM\Messenger\SweetIM.exe
(Ask) C:\Program Files\Ask.com\Updater\Updater.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [IAAnotif] - C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-04] (Intel Corporation)
HKLM\...\Run: [CLMLServer] - C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe [103720 2008-12-24] (CyberLink)
HKLM\...\Run: [UpdateP2GoShortCut] - C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [218408 2009-02-25] (CyberLink Corp.)
HKLM\...\Run: [RemoteControl8] - C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe [91432 2009-04-15] (CyberLink Corp.)
HKLM\...\Run: [PDVD8LanguageShortcut] - C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe [50472 2009-04-15] (CyberLink Corp.)
HKLM\...\Run: [UpdatePPShortCut] - C:\Program Files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe [218408 2008-12-03] (CyberLink Corp.)
HKLM\...\Run: [UpdatePSTShortCut] - C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe [210216 2009-03-12] (CyberLink Corp.)
HKLM\...\Run: [CanonSolutionMenu] - C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [689488 2008-03-10] (CANON INC.)
HKLM\...\Run: [CanonMyPrinter] - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [1848648 2008-03-17] (CANON INC.)
HKLM\...\Run: [IJNetworkScanUtility] - C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE [128352 2007-11-19] (CANON INC.)
HKLM\...\Run: [SweetIM] - C:\Program Files\SweetIM\Messenger\SweetIM.exe [111928 2010-06-07] (SweetIM Technologies Ltd.)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-06] (Apple Inc.)
HKLM\...\Run: [] - [X]
HKLM\...\Run: [ApnUpdater] - C:\Program Files\Ask.com\Updater\Updater.exe [1646216 2013-01-24] (Ask)
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [951576 2014-03-11] (Microsoft Corporation)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2012-04-18] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [Logitech Download Assistant] - C:\Windows\System32\LogiLDA.dll [1425208 2012-09-20] (Logitech, Inc.)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKU\S-1-5-21-39800961-588471803-1280384396-1001\...\Run: [Sony PC Companion] - C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe [449760 2013-10-31] (Sony)
HKU\S-1-5-21-39800961-588471803-1280384396-1001\...\Run: [TomTomHOME.exe] - C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe [248208 2013-07-02] (TomTom)
HKU\S-1-5-21-39800961-588471803-1280384396-1001\...\Run: [zhhhxeja] - C:\Users\bluejvkeyes\AppData\Local\Eiepxwigmy\omxlcrbxeja.exe [207872 2014-04-03] ()
HKU\S-1-5-21-39800961-588471803-1280384396-1001\...\Run: [{b000cf3a-cf3a-xxx}] - C:\Users\bluejvkeyes\AppData\Local\Temp\{b000cf3a-cf3a-xxx}.exe [207360 2014-04-08] () <===== ATTENTION
HKU\S-1-5-21-39800961-588471803-1280384396-1001\...\Run: [Power2GoExpress] - [X]
HKU\S-1-5-21-39800961-588471803-1280384396-1001\...\RunOnce: [rhi7sus] - C:\ProgramData\jonjldu\lpcq.exe [275968 2014-04-07] (Zone Labs, LLC)
HKU\S-1-5-21-39800961-588471803-1280384396-1001\...\RunOnce: [g10jsu] - C:\ProgramData\goo\btwtcsd.exe [279040 2014-04-03] (Zone Labs, LLC)
HKU\S-1-5-21-39800961-588471803-1280384396-1001\...\RunOnce: [f2dea] - C:\ProgramData\gbr\ljlneyx.exe [275456 2014-04-08] (Zone Labs, LLC)
HKU\S-1-5-21-39800961-588471803-1280384396-1001\...\RunOnce: [uikt5] - C:\ProgramData\ptmm\aqxfmpi.exe [274944 2014-04-08] (Zone Labs, LLC)
HKU\S-1-5-21-39800961-588471803-1280384396-1001\...\MountPoints2: {893cb3c7-73c0-11df-9251-001377fe3bd6} - E:\LaunchU3.exe -a
HKU\S-1-5-21-39800961-588471803-1280384396-1001\...\MountPoints2: {acf2bd71-700c-11df-af71-806e6f6e6963} - F:\Msetup4.exe
HKU\S-1-5-21-39800961-588471803-1280384396-1001\...\Winlogon: [Shell] C:\ProgramData\rtyeusg\otptq.exe,explorer.exe <==== ATTENTION
HKU\S-1-5-21-39800961-588471803-1280384396-1001\...0c966feabec1\InprocServer32: [Default-shell32]  ATTENTION! ====> ZeroAccess?

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.ask.com/?l=dis&o=15768
URLSearchHook: HKCU - UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
URLSearchHook: HKCU - SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll (SweetIM Technologies Ltd.)
SearchScopes: HKCU - {D2CFDF74-1C1D-44E9-B0C1-574357A25D5A} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=NDV&o=15765&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=NY&apn_dtid=YYYYYYYYDE&apn_uid=C4C5BF5F-37E9-4C0E-98F3-FC9EC7EFE4B9&apn_sauid=8A40E3A2-9FFD-4F42-987A-333930C93164
BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: SweetIM Toolbar Helper - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
BHO: Yahoo! Toolbar - {EF2D6E36-5C05-4F40-B861-9E909B5BAE09} - C:\Users\bluejvkeyes\AppData\Roaming\YahooToolbar\IE\YahooToolbar.dll (Yahoo! Inc.)
Toolbar: HKLM - SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
Toolbar: HKLM - Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
Toolbar: HKCU - SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
Toolbar: HKCU - Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\bluejvkeyes\AppData\Roaming\Mozilla\Firefox\Profiles\ah294i5n.default
FF user.js: detected! => C:\Users\bluejvkeyes\AppData\Roaming\Mozilla\Firefox\Profiles\ah294i5n.default\user.js
FF SearchEngineOrder.1: Ask.com
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.berlinerhaie.com/index.php
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @canon.com/MycameraPlugin - C:\Program Files\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @google.com/npPicasa3,version=3.0.0 - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.15.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.15.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @playstation.com/PsndlCheck,version=1.00 - C:\Program Files\Sony\PLAYSTATION Network Downloader\nppsndl.dll (Sony Computer Entertainment Inc.)
FF Plugin: @SonyCreativeSoftware.com/Media Go,version=1.0 - C:\Program Files\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF SearchPlugin: C:\Users\bluejvkeyes\AppData\Roaming\Mozilla\Firefox\Profiles\ah294i5n.default\searchplugins\askcom.xml
FF SearchPlugin: C:\Users\bluejvkeyes\AppData\Roaming\Mozilla\Firefox\Profiles\ah294i5n.default\searchplugins\askcomsearch.xml
FF SearchPlugin: C:\Users\bluejvkeyes\AppData\Roaming\Mozilla\Firefox\Profiles\ah294i5n.default\searchplugins\sweetim.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Ask Toolbar - C:\Users\bluejvkeyes\AppData\Roaming\Mozilla\Firefox\Profiles\ah294i5n.default\Extensions\toolbar@ask.com [2012-03-10]
FF Extension: Microsoft .NET Framework Assistant - C:\Users\bluejvkeyes\AppData\Roaming\Mozilla\Firefox\Profiles\ah294i5n.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010-07-02]
FF Extension: Yahoo! Toolbar - C:\Program Files\Mozilla Firefox\extensions\{52c732b8-d108-4aae-b327-4b16b66dda26} [2014-03-29]
FF Extension: Skype extension for Firefox - C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2014-03-29]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2014-03-29]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-03-29]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2014-03-29]

========================== Services (Whitelisted) =================

R2 Fabs; C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe [1858048 2012-01-23] (MAGIX AG)
S3 FirebirdServerMAGIXInstance; C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe [2702848 2011-04-26] (MAGIX®)
R2 IJPLMSVC; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [103808 2008-01-22] ()
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2014-03-11] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [279776 2014-03-11] (Microsoft Corporation)
S3 Sony PC Companion; C:\Program Files\Sony\Sony PC Companion\PCCService.exe [155824 2013-02-04] (Avanquest Software)

==================== Drivers (Whitelisted) ====================

R3 Afc; C:\Windows\System32\drivers\Afc.sys [11776 2005-02-23] (Arcsoft, Inc.)
R2 KMDFMEMIO; C:\Windows\System32\DRIVERS\kmdfmemio.sys [13312 2007-06-01] (SAMSUNG ELECTRONICS CO., LTD.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231960 2014-01-25] (Microsoft Corporation)
S3 NuidFltr; C:\Windows\System32\DRIVERS\NuidFltr.sys [14736 2009-05-09] (Microsoft Corporation)
S3 usbser32; C:\Windows\System32\DRIVERS\usbser.sys [27648 2010-11-20] (Microsoft Corporation)
S3 w800bus; C:\Windows\System32\DRIVERS\w800bus.sys [60768 2005-06-13] (MCCI)
S3 w800mdfl; C:\Windows\System32\DRIVERS\w800mdfl.sys [9264 2005-06-13] (MCCI)
S3 w800mdm; C:\Windows\System32\DRIVERS\w800mdm.sys [96224 2005-06-13] (MCCI)
S3 w800mgmt; C:\Windows\System32\DRIVERS\w800mgmt.sys [87792 2005-06-13] (MCCI)
S3 w800obex; C:\Windows\System32\DRIVERS\w800obex.sys [85664 2005-06-13] (MCCI)
R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x86.sys [315392 2009-09-28] ()

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-08 09:28 - 2014-04-08 09:29 - 00016363 _____ () C:\Users\bluejvkeyes\Downloads\FRST.txt
2014-04-08 09:28 - 2014-04-08 09:28 - 01145856 _____ (Farbar) C:\Users\bluejvkeyes\Downloads\FRST.exe
2014-04-08 09:28 - 2014-04-08 09:28 - 00000000 ____D () C:\FRST
2014-04-08 09:23 - 2014-04-08 09:23 - 00000484 _____ () C:\Users\bluejvkeyes\Downloads\defogger_disable.log
2014-04-08 09:23 - 2014-04-08 09:23 - 00000000 _____ () C:\Users\bluejvkeyes\defogger_reenable
2014-04-08 09:21 - 2014-04-08 09:21 - 00050477 _____ () C:\Users\bluejvkeyes\Downloads\Defogger.exe
2014-04-08 09:01 - 2014-04-08 09:01 - 00000000 ____D () C:\ProgramData\ptmm
2014-04-08 09:01 - 2014-04-08 09:01 - 00000000 ____D () C:\ProgramData\igr
2014-04-08 09:01 - 2014-04-08 09:01 - 00000000 ____D () C:\ProgramData\dykawl
2014-04-08 08:59 - 2014-04-08 08:59 - 00000000 ____D () C:\ProgramData\xci
2014-04-08 08:34 - 2014-04-08 09:00 - 00000000 ____D () C:\ProgramData\dmbh
2014-04-08 08:34 - 2014-04-08 08:34 - 00000000 ____D () C:\ProgramData\tjlt
2014-04-08 08:34 - 2014-04-08 08:34 - 00000000 ____D () C:\ProgramData\gbr
2014-04-08 08:31 - 2014-04-08 08:31 - 00000000 ____D () C:\ProgramData\xpe
2014-04-07 11:04 - 2014-04-08 08:59 - 00000000 ____D () C:\ProgramData\mfgo
2014-04-07 11:04 - 2014-04-07 11:09 - 00000000 ____D () C:\ProgramData\dpypj
2014-04-07 11:04 - 2014-04-07 11:04 - 00000000 ____D () C:\ProgramData\muemw
2014-04-07 11:04 - 2014-04-07 11:04 - 00000000 ____D () C:\ProgramData\jonjldu
2014-04-04 13:13 - 2014-04-07 11:09 - 00000000 ____D () C:\ProgramData\bxaoqa
2014-04-04 13:13 - 2014-04-07 11:04 - 00000000 ____D () C:\ProgramData\jyr
2014-04-04 13:13 - 2014-04-04 13:14 - 00000000 ____D () C:\ProgramData\qmccg
2014-04-03 13:32 - 2014-04-08 09:06 - 00000000 ____D () C:\ProgramData\gylokkk
2014-04-03 13:32 - 2014-04-08 08:59 - 00000000 ____D () C:\ProgramData\vxdg
2014-04-03 13:32 - 2014-04-03 13:32 - 00000000 ____D () C:\ProgramData\rtyeusg
2014-04-03 13:32 - 2014-04-03 13:32 - 00000000 ____D () C:\ProgramData\ouan
2014-04-03 13:32 - 2014-04-03 13:32 - 00000000 ____D () C:\ProgramData\goo
2014-04-03 13:29 - 2014-04-08 09:01 - 00000000 ____D () C:\ProgramData\nhvfg
2014-04-03 13:28 - 2014-04-03 13:28 - 00000000 ___HD () C:\Users\bluejvkeyes\AppData\Local\Eiepxwigmy
2014-04-03 13:25 - 2014-04-03 13:25 - 00000000 ___HD () C:\Users\bluejvkeyes\AppData\Roaming\Qaywk
2014-04-03 13:24 - 2014-04-03 13:24 - 00000000 ___HD () C:\Users\bluejvkeyes\AppData\Local\Lbovygvrj
2014-03-29 22:46 - 2014-03-29 22:46 - 00000000 ____D () C:\Users\bluejvkeyes\AppData\Roaming\RavensburgerTipToi
2014-03-29 22:45 - 2014-03-29 22:46 - 00000000 ____D () C:\ProgramData\RavensburgerTipToi
2014-03-29 22:45 - 2014-03-29 22:45 - 00001026 _____ () C:\Users\bluejvkeyes\Desktop\tiptoi.lnk
2014-03-29 22:45 - 2014-03-29 22:45 - 00000000 ____D () C:\Users\bluejvkeyes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\tiptoi® Manager
2014-03-29 22:45 - 2014-03-29 22:45 - 00000000 ____D () C:\Program Files\Ravensburger tiptoi
2014-03-29 08:59 - 2014-03-29 09:00 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-03-29 08:22 - 2014-03-29 08:22 - 00002170 _____ () C:\Users\Public\Desktop\Google Earth.lnk
2014-03-29 08:17 - 2014-03-29 08:18 - 00847824 _____ (Google Inc.) C:\Users\bluejvkeyes\Downloads\GoogleEarthSetup.exe
2014-03-29 08:12 - 2014-03-29 08:13 - 00848000 _____ (Google Inc.) C:\Users\bluejvkeyes\Downloads\googleupdatesetup(3).exe
2014-03-29 08:10 - 2014-03-29 08:10 - 00848000 _____ (Google Inc.) C:\Users\bluejvkeyes\Downloads\googleupdatesetup(2).exe
2014-03-29 08:09 - 2014-03-29 08:09 - 00848000 _____ (Google Inc.) C:\Users\bluejvkeyes\Downloads\googleupdatesetup(1).exe
2014-03-28 15:50 - 2014-03-28 15:50 - 00024598 _____ () C:\Users\bluejvkeyes\Downloads\Kinder-(3)
2014-03-28 15:46 - 2014-03-28 15:46 - 00023286 _____ () C:\Users\bluejvkeyes\Downloads\Kinder-(2)
2014-03-28 15:44 - 2014-03-28 15:44 - 00023046 _____ () C:\Users\bluejvkeyes\Downloads\Kinder-(1)
2014-03-28 15:16 - 2014-03-28 15:16 - 00008256 _____ () C:\Windows\DPINST.LOG
2014-03-24 22:25 - 2014-03-24 22:25 - 00001753 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-03-24 22:23 - 2014-03-24 22:25 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-03-24 22:23 - 2014-03-24 22:25 - 00000000 ____D () C:\Program Files\iTunes
2014-03-24 22:23 - 2014-03-24 22:23 - 00000000 ____D () C:\Program Files\iPod
2014-03-21 14:45 - 2014-03-25 00:42 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2014-03-18 13:28 - 2014-04-07 11:09 - 00000000 ____D () C:\Users\bluejvkeyes\Documents\aufbauanleitungen playmobil
2014-03-18 10:41 - 2014-04-08 08:45 - 00001861 _____ () C:\Windows\setupact.log
2014-03-18 10:41 - 2014-03-18 10:41 - 00000000 _____ () C:\Windows\setuperr.log
2014-03-14 13:52 - 2014-03-01 06:10 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-14 13:52 - 2014-03-01 05:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-14 13:52 - 2014-03-01 05:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-14 13:52 - 2014-03-01 05:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-14 13:52 - 2014-03-01 05:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-14 13:52 - 2014-03-01 05:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-14 13:52 - 2014-03-01 05:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-14 13:52 - 2014-03-01 05:38 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-14 13:52 - 2014-03-01 05:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-14 13:52 - 2014-03-01 05:31 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-14 13:52 - 2014-03-01 04:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-14 13:52 - 2014-03-01 04:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-14 13:51 - 2014-03-01 06:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-14 13:51 - 2014-03-01 06:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-14 13:51 - 2014-03-01 05:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-14 13:51 - 2014-03-01 05:25 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-14 13:51 - 2014-03-01 05:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-14 13:51 - 2014-03-01 05:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-14 13:51 - 2014-03-01 05:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-14 13:51 - 2014-03-01 05:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-14 13:51 - 2014-03-01 04:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-14 13:51 - 2014-03-01 04:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-14 13:51 - 2014-02-07 03:07 - 02349056 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-14 13:51 - 2014-02-04 04:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-14 13:51 - 2014-01-28 04:07 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-03-14 13:50 - 2014-02-04 04:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-03-14 13:50 - 2014-01-29 04:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-12 14:19 - 2014-03-12 14:19 - 00005686 _____ () C:\Users\bluejvkeyes\Downloads\Kinder-

==================== One Month Modified Files and Folders =======

2014-04-08 09:29 - 2014-04-08 09:28 - 00016363 _____ () C:\Users\bluejvkeyes\Downloads\FRST.txt
2014-04-08 09:28 - 2014-04-08 09:28 - 01145856 _____ (Farbar) C:\Users\bluejvkeyes\Downloads\FRST.exe
2014-04-08 09:28 - 2014-04-08 09:28 - 00000000 ____D () C:\FRST
2014-04-08 09:24 - 2012-03-13 00:25 - 00001108 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-08 09:23 - 2014-04-08 09:23 - 00000484 _____ () C:\Users\bluejvkeyes\Downloads\defogger_disable.log
2014-04-08 09:23 - 2014-04-08 09:23 - 00000000 _____ () C:\Users\bluejvkeyes\defogger_reenable
2014-04-08 09:23 - 2010-06-04 21:21 - 00000000 ____D () C:\Users\bluejvkeyes
2014-04-08 09:21 - 2014-04-08 09:21 - 00050477 _____ () C:\Users\bluejvkeyes\Downloads\Defogger.exe
2014-04-08 09:10 - 2009-07-14 06:34 - 00014928 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-08 09:10 - 2009-07-14 06:34 - 00014928 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-08 09:06 - 2014-04-03 13:32 - 00000000 ____D () C:\ProgramData\gylokkk
2014-04-08 09:01 - 2014-04-08 09:01 - 00000000 ____D () C:\ProgramData\ptmm
2014-04-08 09:01 - 2014-04-08 09:01 - 00000000 ____D () C:\ProgramData\igr
2014-04-08 09:01 - 2014-04-08 09:01 - 00000000 ____D () C:\ProgramData\dykawl
2014-04-08 09:01 - 2014-04-03 13:29 - 00000000 ____D () C:\ProgramData\nhvfg
2014-04-08 09:00 - 2014-04-08 08:34 - 00000000 ____D () C:\ProgramData\dmbh
2014-04-08 08:59 - 2014-04-08 08:59 - 00000000 ____D () C:\ProgramData\xci
2014-04-08 08:59 - 2014-04-07 11:04 - 00000000 ____D () C:\ProgramData\mfgo
2014-04-08 08:59 - 2014-04-03 13:32 - 00000000 ____D () C:\ProgramData\vxdg
2014-04-08 08:59 - 2012-03-13 00:25 - 00001104 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-08 08:59 - 2010-06-11 21:22 - 00000000 ____D () C:\Users\bluejvkeyes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite
2014-04-08 08:59 - 2010-06-05 00:45 - 00120472 _____ () C:\Users\bluejvkeyes\AppData\Local\GDIPFONTCACHEV1.DAT
2014-04-08 08:52 - 2012-08-08 22:41 - 01283011 _____ () C:\Windows\WindowsUpdate.log
2014-04-08 08:50 - 2010-06-04 21:21 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-08 08:48 - 2012-08-08 13:43 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-08 08:45 - 2014-03-18 10:41 - 00001861 _____ () C:\Windows\setupact.log
2014-04-08 08:45 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-08 08:45 - 2009-07-14 06:33 - 00424416 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-04-08 08:40 - 2010-06-11 22:52 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-04-08 08:34 - 2014-04-08 08:34 - 00000000 ____D () C:\ProgramData\tjlt
2014-04-08 08:34 - 2014-04-08 08:34 - 00000000 ____D () C:\ProgramData\gbr
2014-04-08 08:31 - 2014-04-08 08:31 - 00000000 ____D () C:\ProgramData\xpe
2014-04-07 11:09 - 2014-04-07 11:04 - 00000000 ____D () C:\ProgramData\dpypj
2014-04-07 11:09 - 2014-04-04 13:13 - 00000000 ____D () C:\ProgramData\bxaoqa
2014-04-07 11:09 - 2014-03-18 13:28 - 00000000 ____D () C:\Users\bluejvkeyes\Documents\aufbauanleitungen playmobil
2014-04-07 11:04 - 2014-04-07 11:04 - 00000000 ____D () C:\ProgramData\muemw
2014-04-07 11:04 - 2014-04-07 11:04 - 00000000 ____D () C:\ProgramData\jonjldu
2014-04-07 11:04 - 2014-04-04 13:13 - 00000000 ____D () C:\ProgramData\jyr
2014-04-04 13:14 - 2014-04-04 13:13 - 00000000 ____D () C:\ProgramData\qmccg
2014-04-03 14:11 - 2011-01-26 22:43 - 00001912 _____ () C:\Windows\epplauncher.mif
2014-04-03 14:11 - 2011-01-26 22:42 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-04-03 13:32 - 2014-04-03 13:32 - 00000000 ____D () C:\ProgramData\rtyeusg
2014-04-03 13:32 - 2014-04-03 13:32 - 00000000 ____D () C:\ProgramData\ouan
2014-04-03 13:32 - 2014-04-03 13:32 - 00000000 ____D () C:\ProgramData\goo
2014-04-03 13:28 - 2014-04-03 13:28 - 00000000 ___HD () C:\Users\bluejvkeyes\AppData\Local\Eiepxwigmy
2014-04-03 13:25 - 2014-04-03 13:25 - 00000000 ___HD () C:\Users\bluejvkeyes\AppData\Roaming\Qaywk
2014-04-03 13:24 - 2014-04-03 13:24 - 00000000 ___HD () C:\Users\bluejvkeyes\AppData\Local\Lbovygvrj
2014-04-02 12:20 - 2012-09-02 21:45 - 00000000 ____D () C:\Users\bluejvkeyes\Documents\pippifax
2014-04-01 14:19 - 2010-06-11 23:20 - 00000000 ____D () C:\ProgramData\CanonIJPLM
2014-04-01 11:07 - 2010-06-14 22:10 - 00000000 ____D () C:\Users\bluejvkeyes\AppData\Roaming\ZoomBrowser EX
2014-04-01 11:04 - 2010-06-11 22:33 - 00000000 ____D () C:\ProgramData\ZoomBrowser
2014-03-30 21:26 - 2012-05-09 21:28 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-03-29 22:46 - 2014-03-29 22:46 - 00000000 ____D () C:\Users\bluejvkeyes\AppData\Roaming\RavensburgerTipToi
2014-03-29 22:46 - 2014-03-29 22:45 - 00000000 ____D () C:\ProgramData\RavensburgerTipToi
2014-03-29 22:45 - 2014-03-29 22:45 - 00001026 _____ () C:\Users\bluejvkeyes\Desktop\tiptoi.lnk
2014-03-29 22:45 - 2014-03-29 22:45 - 00000000 ____D () C:\Users\bluejvkeyes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\tiptoi® Manager
2014-03-29 22:45 - 2014-03-29 22:45 - 00000000 ____D () C:\Program Files\Ravensburger tiptoi
2014-03-29 09:00 - 2014-03-29 08:59 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-03-29 08:22 - 2014-03-29 08:22 - 00002170 _____ () C:\Users\Public\Desktop\Google Earth.lnk
2014-03-29 08:21 - 2010-06-11 21:41 - 00000000 ____D () C:\Users\bluejvkeyes\AppData\Local\Google
2014-03-29 08:21 - 2010-06-11 21:41 - 00000000 ____D () C:\Program Files\Google
2014-03-29 08:18 - 2014-03-29 08:17 - 00847824 _____ (Google Inc.) C:\Users\bluejvkeyes\Downloads\GoogleEarthSetup.exe
2014-03-29 08:13 - 2014-03-29 08:12 - 00848000 _____ (Google Inc.) C:\Users\bluejvkeyes\Downloads\googleupdatesetup(3).exe
2014-03-29 08:10 - 2014-03-29 08:10 - 00848000 _____ (Google Inc.) C:\Users\bluejvkeyes\Downloads\googleupdatesetup(2).exe
2014-03-29 08:09 - 2014-03-29 08:09 - 00848000 _____ (Google Inc.) C:\Users\bluejvkeyes\Downloads\googleupdatesetup(1).exe
2014-03-28 15:50 - 2014-03-28 15:50 - 00024598 _____ () C:\Users\bluejvkeyes\Downloads\Kinder-(3)
2014-03-28 15:46 - 2014-03-28 15:46 - 00023286 _____ () C:\Users\bluejvkeyes\Downloads\Kinder-(2)
2014-03-28 15:44 - 2014-03-28 15:44 - 00023046 _____ () C:\Users\bluejvkeyes\Downloads\Kinder-(1)
2014-03-28 15:16 - 2014-03-28 15:16 - 00008256 _____ () C:\Windows\DPINST.LOG
2014-03-28 15:16 - 2014-01-16 14:01 - 00001972 _____ () C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
2014-03-28 15:15 - 2010-06-09 14:20 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-03-25 00:42 - 2014-03-21 14:45 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2014-03-24 22:25 - 2014-03-24 22:25 - 00001753 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-03-24 22:25 - 2014-03-24 22:23 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-03-24 22:25 - 2014-03-24 22:23 - 00000000 ____D () C:\Program Files\iTunes
2014-03-24 22:23 - 2014-03-24 22:23 - 00000000 ____D () C:\Program Files\iPod
2014-03-24 22:23 - 2010-08-08 21:02 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-03-18 14:52 - 2013-08-16 00:19 - 00000000 ____D () C:\Windows\system32\MRT
2014-03-18 14:50 - 2010-06-04 21:32 - 87350280 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-03-18 14:45 - 2010-08-04 13:29 - 00000000 ____D () C:\ProgramData\CanonIJ
2014-03-18 10:41 - 2014-03-18 10:41 - 00000000 _____ () C:\Windows\setuperr.log
2014-03-17 21:18 - 2009-07-14 06:53 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-03-12 22:48 - 2012-04-10 22:18 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-03-12 22:48 - 2011-07-06 09:24 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-03-12 14:19 - 2014-03-12 14:19 - 00005686 _____ () C:\Users\bluejvkeyes\Downloads\Kinder-
2014-03-12 11:47 - 2010-06-11 22:09 - 00000000 ____D () C:\ProgramData\tmp
2014-03-11 09:52 - 2010-10-24 22:25 - 00104264 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\NisDrvWFP.sys

Files to move or delete:
====================
C:\Users\bluejvkeyes\AppData\Local\Temp\{b000cf3a-cf3a-xxx}.exe


Some content of TEMP:
====================
C:\Users\bluejvkeyes\AppData\Local\Temp\tiptoi-install.exe
C:\Users\bluejvkeyes\AppData\Local\Temp\{b000cf3a-cf3a-xxx}.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-03-07 00:12

==================== End Of Log ============================
--- --- ---

Und auch die Addition.txt.:FRST Additions Logfile:
Code:
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 13-03-2014  01
Ran by bluejvkeyes at 2014-04-08 09:29:33
Running from C:\Users\bluejvkeyes\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

==================== Installed Programs ======================

7-Zip 4.65 (HKLM\...\7-Zip) (Version:  - )
Adobe Flash Player 12 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
Apple Application Support (HKLM\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{18D47FA1-0440-48D3-A7E0-DA09537FF471}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Ask Toolbar (HKLM\...\{86D4B82A-ABED-442A-BE86-96357B70F4FE}) (Version: 1.15.15.0 - Ask.com) <==== ATTENTION
Ask Toolbar Updater (HKCU\...\{79A765E1-C399-405B-85AF-466F52E918B0}) (Version: 1.2.4.35882 - Ask.com) <==== ATTENTION
Avanquest update (HKLM\...\{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}) (Version: 1.30 - Avanquest Software)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Canon IJ Network Scan Utility (HKLM\...\Canon_IJ_Network_Scan_UTILITY) (Version:  - )
Canon IJ Network Tool (HKLM\...\Canon_IJ_Network_UTILITY) (Version:  - )
CANON iMAGE GATEWAY Task for ZoomBrowser EX (HKLM\...\CANON iMAGE GATEWAY Task) (Version: 1.7.2.11 - Canon Inc.)
Canon Internet Library for ZoomBrowser EX (HKLM\...\Canon Internet Library for ZoomBrowser EX) (Version: 1.6.3.9 - Canon Inc.)
Canon MOV Decoder (HKLM\...\Canon MOV Decoder) (Version: 1.5.0.7 - Canon Inc.)
Canon MOV Encoder (HKLM\...\Canon MOV Encoder) (Version: 1.3.1.3 - Canon Inc.)
Canon MovieEdit Task for ZoomBrowser EX (HKLM\...\MovieEditTask) (Version: 3.4.1.9 - Canon Inc.)
Canon MP Navigator EX 2.0 (HKLM\...\MP Navigator EX 2.0) (Version:  - )
Canon MP620 series Benutzerregistrierung (HKLM\...\Canon MP620 series Benutzerregistrierung) (Version:  - )
Canon MP620 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP620_series) (Version:  - )
Canon Utilities Digital Photo Professional 3.8 (HKLM\...\DPP) (Version: 3.8.0.0 - Canon Inc.)
Canon Utilities Easy-PhotoPrint EX (HKLM\...\Easy-PhotoPrint EX) (Version:  - )
Canon Utilities EOS Utility (HKLM\...\EOS Utility) (Version: 2.8.0.2 - Canon Inc.)
Canon Utilities My Printer (HKLM\...\CanonMyPrinter) (Version:  - )
Canon Utilities Original Data Security Tools (HKLM\...\Original Data Security Tools) (Version: 1.8.0.1 - Canon Inc.)
Canon Utilities PhotoStitch (HKLM\...\PhotoStitch) (Version: 3.1.22.46 - Canon Inc.)
Canon Utilities Picture Style Editor (HKLM\...\Picture Style Editor) (Version: 1.7.0.0 - Canon Inc.)
Canon Utilities Solution Menu (HKLM\...\CanonSolutionMenu) (Version:  - )
Canon Utilities WFT Utility (HKLM\...\WFTK) (Version: 3.5.1.1 - Canon Inc.)
Canon Utilities ZoomBrowser EX (HKLM\...\ZoomBrowser EX) (Version: 6.5.0.14 - Canon Inc.)
Canon ZoomBrowser EX Memory Card Utility (HKLM\...\ZoomBrowser EX Memory Card Utility) (Version: 1.3.0.4 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 3.00 - Piriform)
CyberLink DVD Suite (HKLM\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 6.0.2604 - CyberLink Corp.)
CyberLink DVD Suite (Version: 6.0.2604 - CyberLink Corp.) Hidden
CyberLink Power2Go (HKLM\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.2809 - CyberLink Corp.)
CyberLink Power2Go (Version: 6.0.2809 - CyberLink Corp.) Hidden
CyberLink PowerDVD 8 (HKLM\...\InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}) (Version: 8.0.2815 - CyberLink Corp.)
CyberLink PowerDVD 8 (Version: 8.0.2815 - CyberLink Corp.) Hidden
CyberLink PowerProducer (HKLM\...\InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}) (Version: 5.0.1.1410 - CyberLink Corp.)
CyberLink PowerProducer (Version: 5.0.1.1410 - CyberLink Corp.) Hidden
dm-Fotowelt (HKLM\...\dm-Fotowelt) (Version: 5.1.3 - CEWE Stiftung u Co. KGaA)
ElsterFormular (HKLM\...\ElsterFormular 13.1.1.8479p) (Version: 14.1.11318 - Landesfinanzdirektion Thüringen)
Firebird SQL Server - MAGIX Edition (HKLM\...\{39AB2E37-1A55-4292-A5D3-971E9F70D0F8}) (Version: 2.1.32.0 - MAGIX AG)
Foto Paradies (HKLM\...\Foto Paradies) (Version:  - )
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.23.9 - Google Inc.) Hidden
Hama Photo Suite Deluxe (HKLM\...\{023DD453-E305-4112-8C6B-CBD10475486C}) (Version:  - ArcSoft)
Inkjet Printer/Scanner Extended Survey Program (HKLM\...\CANONIJPLM100) (Version:  - )
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
iTunes (HKLM\...\{2F21564D-DE05-4C6D-B21E-08B9D313FAB3}) (Version: 11.1.5.5 - Apple Inc.)
Japanese Fonts Support For Adobe Reader 9 (HKLM\...\{AC76BA86-7AD7-5760-0000-900000000003}) (Version: 9.0.0 - Adobe Systems Incorporated)
Java 7 Update 15 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217015FF}) (Version: 7.0.150 - Oracle)
Java Auto Updater (Version: 2.1.9.0 - Sun Microsystems, Inc.) Hidden
Kobold VR-Updater (HKLM\...\{D3E2B714-EE85-44A7-80E9-BF0FF21E7F02}) (Version: 1.0.1 - Vorwerk)
KODAK Create@Home Software (für dm) (HKLM\...\{FCAED3DC-05AE-484E-8DAE-8CAA719BF8D7}) (Version: 7.3.8392 - Digilabs)
MAGIX Speed burnR (MSI) (HKLM\...\MAGIX_{87DCF176-32A1-4BC2-B86B-AAEB2CF7DA15}) (Version: 7.0.2.6 - MAGIX AG)
MAGIX Speed burnR (MSI) (Version: 7.0.2.6 - MAGIX AG) Hidden
MAGIX Video deluxe 2013 (HKLM\...\MAGIX_{8C73E551-5AFA-42EE-B76E-64821590BCD3}) (Version: 12.0.2.2 - MAGIX AG)
MAGIX Video deluxe 2013 (Version: 12.0.2.2 - MAGIX AG) Hidden
Media Go (HKLM\...\{167A1F6A-9BF2-4B24-83DB-C6D659F680EA}) (Version: 2.0.317 - Sony)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Antimalware Service DE-DE Language Pack (Version: 3.0.8402.2 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Choice Guard (Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden
Microsoft Security Client DE-DE Language Pack (Version: 2.1.1116.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{09298F26-A95C-31E2-9D95-2C60F586F075}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MozBackup 1.4.9 (HKLM\...\MozBackup) (Version:  - Pavel Cvrcek)
Mozilla Firefox 28.0 (x86 de) (HKLM\...\Mozilla Firefox 28.0 (x86 de)) (Version: 28.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
Mozilla Thunderbird 24.4.0 (x86 de) (HKLM\...\Mozilla Thunderbird 24.4.0 (x86 de)) (Version: 24.4.0 - Mozilla)
MSVCRT (Version: 14.0.1468.721 - Microsoft) Hidden
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
OpenOffice 4.0.0 (HKLM\...\{B28DBCBA-60F8-40ED-B35B-F510C327946C}) (Version: 4.00.9702 - Apache Software Foundation)
PDF Split And Merge Basic (HKLM\...\{C91B24F6-1629-11E2-B696-21676188709B}) (Version: 2.2.2 - Andrea Vacondio)
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PlayStation(R)Network Downloader (HKLM\...\{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}) (Version: 2.07.00849 - Sony Computer Entertainment Inc.)
PlayStation(R)Store (HKLM\...\{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}) (Version: 4.5.16.13625 - Sony Computer Entertainment Inc.)
QuickTime (HKLM\...\{0E64B098-8018-4256-BA23-C316A43AD9B0}) (Version: 7.72.80.56 - Apple Inc.)
Ravensburger tiptoi (HKLM\...\Ravensburger tiptoi) (Version:  - )
Skype Toolbars (HKLM\...\{981029E0-7FC9-4CF3-AB39-6F133621921A}) (Version: 1.0.4051 - Skype Technologies S.A.)
Skype™ 6.11 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Sony Ericsson W800 Software (HKLM\...\Sony Ericsson W800) (Version:  - )
Sony Mobile Update Engine (HKLM\...\Update Engine) (Version: 2.14.2.201401231410 - Sony Mobile Communications AB)
Sony PC Companion 2.10.197 (HKLM\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.197 - Sony)
SweetIM for Messenger 3.2 (HKLM\...\{08ED8855-4C2E-429B-A878-F129E1F624FA}) (Version: 3.2.0004 - SweetIM Technologies Ltd.) <==== ATTENTION
SweetIM Toolbar for Internet Explorer 3.9 (HKLM\...\{A6CC2CA2-2779-4F10-88BF-A3C9EB874C24}) (Version: 3.9.0007 - SweetIM Technologies Ltd.) <==== ATTENTION
TomTom HOME (HKLM\...\{99072AB4-D795-44D5-9D65-E3C9F8322C97}) (Version: 2.9.6 - Ihr Firmenname)
TomTom HOME Visual Studio Merge Modules (HKLM\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
VLC media player 1.1.3 (HKLM\...\VLC media player) (Version: 1.1.3 - VideoLAN)
Windows Live Anmelde-Assistent (HKLM\...\{52B97218-98CB-4B8B-9283-D213C85E1AA4}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Call (Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Communications Platform (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live Essentials (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Messenger (Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live OneCare safety scanner (HKLM\...\Windows Live OneCare safety scanner) (Version:  - Microsoft Corporation)
Windows Live OneCare safety scanner (Version: 1.0.0.0 - Microsoft Corporation) Hidden
Windows Live-Uploadtool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)

==================== Restore Points  =========================

25-02-2014 11:50:52 Windows-Sicherung
26-02-2014 08:55:02 Windows Update
02-03-2014 21:26:30 Windows Update
02-03-2014 21:33:19 Windows-Sicherung
04-03-2014 13:23:45 Windows Update
10-03-2014 10:45:45 Windows Update
14-03-2014 11:53:19 Windows Update
14-03-2014 13:04:47 Windows Update
18-03-2014 11:26:43 Windows Update
18-03-2014 12:50:35 Windows Update
24-03-2014 19:52:14 Windows Update
28-03-2014 13:23:42 Windows Update
29-03-2014 06:11:45 Removed Google Earth Plug-in.
02-04-2014 10:00:45 Windows Update
03-04-2014 12:10:34 Windows Update
07-04-2014 09:14:53 Windows Update
08-04-2014 06:35:37 Removed Adobe Photoshop Elements 8.0.

==================== Hosts content: ==========================

2009-07-14 04:04 - 2010-07-28 14:14 - 00001350 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1      localhost
127.0.0.1 activate.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 3dns-3.adobe.com
127.0.0.1 3dns-2.adobe.com
127.0.0.1 activate.adobe.com
127.0.0.1 activate.adobe.com:443
127.0.0.1 activate-sea.adobe.com
127.0.0.1 activate-sjc0.adobe.com
127.0.0.1 activate.wip3.adobe.com
127.0.0.1 192.150.18.108
127.0.0.1 adobeereg.com
127.0.0.1 adobe-dns.adobe.com
127.0.0.1 adobe-dns-2.adobe.com
127.0.0.1 adobe-dns-3.adobe.com
127.0.0.1 ereg.wip3.adobe.com
127.0.0.1 ereg.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 wip3.adobe.com
127.0.0.1 wwis-dubc1-vip60.adobe.com


==================== Scheduled Tasks (whitelisted) =============

Task: {0146BDD8-ED99-4C0C-B500-25FEF5CE98BC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-03-13] (Google Inc.)
Task: {23CFBD29-EECB-475C-BB2C-7158EE58E8BA} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files\Ask.com\UpdateTask.exe [2013-01-24] () <==== ATTENTION
Task: {2F34326A-2737-463D-9C29-79CDA9247B2F} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {7FF160B0-E2EE-4554-907C-07403C884598} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {C7A366BF-A2F2-4E8E-8958-FD5307C7D489} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-12] (Adobe Systems Incorporated)
Task: {CC6AE252-0880-43B9-8594-4493ECC062BC} - System32\Tasks\{F9E612F6-8EE9-4E71-BDAD-CDA35BE2E2C6} => E:\Install\setup.exe
Task: {DFEB4846-CADC-4E11-ADF2-ADDC5CA8C868} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-03-13] (Google Inc.)
Task: {E3CDA550-4F7A-4D4B-9A9C-EB3E8E398FA7} - System32\Tasks\{C3913F9C-BD0A-40EA-81D4-7C232F4967D7} => C:\Program Files\Skype\Phone\Skype.exe [2013-11-14] (Skype Technologies S.A.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-02-06 01:52 - 2014-02-06 01:52 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-06 01:52 - 2014-02-06 01:52 - 01044808 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2010-06-11 23:20 - 2008-01-22 10:35 - 00103808 _____ () C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
2008-12-24 12:29 - 2008-12-24 12:29 - 00619816 ____N () C:\Program Files\CyberLink\Power2Go\CLMediaLibrary.dll
2008-12-24 12:30 - 2008-12-24 12:30 - 00013096 ____N () C:\Program Files\CyberLink\Power2Go\CLMLSvcPS.dll
2014-03-29 08:59 - 2014-03-29 09:00 - 03642480 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============

Name: TSSTcorp CDDVDW TS-L633B
Description: CD-ROM-Laufwerk
Class Guid: {4d36e965-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard-CD-ROM-Laufwerke)
Service: cdrom
Problem: : A driver (service) for this device has been disabled. An alternate driver may be providing this functionality (Code 32)
Resolution: The start type for this driver is set to disabled in the registry.
Uninstall the driver from Device Manager, and then scan for new hardware to install the driver again. If this does not work, you might have to change the device start type parameter in the registry.


==================== Event log errors: =========================

Application errors:
==================
Error: (04/08/2014 08:59:24 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7601.17567, Zeitstempel: 0x4d6727a7
Name des fehlerhaften Moduls: MSCTF.dll, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bda69
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000487cd
ID des fehlerhaften Prozesses: 0x95c
Startzeit der fehlerhaften Anwendung: 0xExplorer.EXE0
Pfad der fehlerhaften Anwendung: Explorer.EXE1
Pfad des fehlerhaften Moduls: Explorer.EXE2
Berichtskennung: Explorer.EXE3

Error: (04/07/2014 00:57:39 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1715793

Error: (04/07/2014 00:57:39 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1715793

Error: (04/07/2014 00:57:39 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (04/07/2014 00:57:37 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1714186

Error: (04/07/2014 00:57:37 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1714186

Error: (04/07/2014 00:57:37 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (04/07/2014 00:29:07 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3479

Error: (04/07/2014 00:29:07 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3479

Error: (04/07/2014 00:29:07 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


System errors:
=============
Error: (04/08/2014 08:45:31 AM) (Source: atikmdag) (User: )
Description: Display is not active

Error: (04/08/2014 08:45:31 AM) (Source: atikmdag) (User: )
Description: CPLIB :: General - Invalid Parameter

Error: (04/08/2014 08:31:01 AM) (Source: atikmdag) (User: )
Description: Display is not active

Error: (04/08/2014 08:31:01 AM) (Source: atikmdag) (User: )
Description: CPLIB :: General - Invalid Parameter

Error: (04/07/2014 00:57:36 PM) (Source: atikmdag) (User: )
Description: Display is not active

Error: (04/07/2014 11:04:44 AM) (Source: DCOM) (User: )
Description: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}

Error: (04/07/2014 11:04:18 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "iPod-Dienst" wurde mit folgendem Fehler beendet:
%%-2147417831

Error: (04/07/2014 11:02:44 AM) (Source: atikmdag) (User: )
Description: Display is not active

Error: (04/07/2014 11:02:44 AM) (Source: atikmdag) (User: )
Description: CPLIB :: General - Invalid Parameter

Error: (04/04/2014 04:26:03 PM) (Source: atikmdag) (User: )
Description: Display is not active


Microsoft Office Sessions:
=========================
Error: (04/08/2014 08:59:24 AM) (Source: Application Error)(User: )
Description: Explorer.EXE6.1.7601.175674d6727a7MSCTF.dll6.1.7600.163854a5bda69c0000005000487cd95c01cf52f80adde536C:\Windows\Explorer.EXEC:\Windows\system32\MSCTF.dll50957663-beeb-11e3-b3d5-001377fe3bd6

Error: (04/07/2014 00:57:39 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1715793

Error: (04/07/2014 00:57:39 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1715793

Error: (04/07/2014 00:57:39 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (04/07/2014 00:57:37 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1714186

Error: (04/07/2014 00:57:37 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1714186

Error: (04/07/2014 00:57:37 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (04/07/2014 00:29:07 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3479

Error: (04/07/2014 00:29:07 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3479

Error: (04/07/2014 00:29:07 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second


==================== Memory info ===========================

Percentage of memory in use: 36%
Total physical RAM: 3036.61 MB
Available physical RAM: 1928.25 MB
Total Pagefile: 6069.46 MB
Available Pagefile: 4777.35 MB
Total Virtual: 2047.88 MB
Available Virtual: 1903.96 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:200.1 GB) (Free:22.96 GB) NTFS
Drive d: () (Fixed) (Total:97.89 GB) (Free:97.8 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: 218993E6)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=200 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=98 GB) - (Type=07 NTFS)

==================== End Of Log ============================
--- --- ---

schrauber 09.04.2014 08:20
hi,

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Sunny Blue 09.04.2014 10:31
Hi, vielen DANK!
Hier kommt die Combofix.txt
Einen Computer Neustart habe ich bis jetzt nicht extra gemacht. Es hat nur Combofix gearbeitet. Nichts gemeckert und auch keine Fehlermeldung bis jetzt gewesen. Antivirensoftware sowie Malware/Spyware Scanner sind noch ausgeschaltet.
LG

C:\Combofix.txt:

Combofix Logfile:
Code:
ComboFix 14-04-08.01 - bluejvkeyes 09.04.2014  10:46:56.1.2 - x86
Microsoft Windows 7 Home Premium  6.1.7601.1.1252.49.1031.18.3037.1948 [GMT 2:00]
ausgeführt von:: c:\users\bluejvkeyes\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\programdata\uwpado
c:\programdata\uwpado\alnces.exe
c:\users\bluejvkeyes\AppData\Local\TempDIR
.
.
(((((((((((((((((((((((  Dateien erstellt von 2014-03-09 bis 2014-04-09  ))))))))))))))))))))))))))))))
.
.
2014-04-09 08:54 . 2014-04-09 08:54        --------        d-----w-        c:\users\bluejvkeyes\AppData\Local\temp
2014-04-09 08:54 . 2014-04-09 08:54        --------        d-----w-        c:\users\Default\AppData\Local\temp
2014-04-09 08:33 . 2014-04-09 08:33        62576        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{935C1AA8-7218-4761-BB0E-0E6CCA986686}\offreg.dll
2014-04-09 08:25 . 2014-03-07 04:35        7969936        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{935C1AA8-7218-4761-BB0E-0E6CCA986686}\mpengine.dll
2014-04-09 08:20 . 2014-04-09 08:20        --------        d-----w-        c:\programdata\pkx
2014-04-09 08:20 . 2014-04-09 08:20        --------        d-----w-        c:\programdata\jfp
2014-04-09 08:20 . 2014-04-09 08:20        --------        d-----w-        c:\programdata\icppmw
2014-04-08 07:28 . 2014-04-08 07:30        --------        d-----w-        C:\FRST
2014-04-08 07:01 . 2014-04-09 08:20        --------        d-----w-        c:\programdata\dykawl
2014-04-08 07:01 . 2014-04-08 07:01        --------        d-----w-        c:\programdata\ptmm
2014-04-08 07:01 . 2014-04-08 07:01        --------        d-----w-        c:\programdata\igr
2014-04-08 06:59 . 2014-04-08 06:59        --------        d-----w-        c:\programdata\xci
2014-04-08 06:34 . 2014-04-08 06:34        --------        d-----w-        c:\programdata\gbr
2014-04-08 06:34 . 2014-04-09 08:46        --------        d-----w-        c:\programdata\dmbh
2014-04-08 06:34 . 2014-04-08 06:34        --------        d-----w-        c:\programdata\tjlt
2014-04-08 06:31 . 2014-04-08 06:31        --------        d-----w-        c:\programdata\xpe
2014-04-07 09:17 . 2014-03-07 04:35        7969936        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-04-07 09:04 . 2014-04-09 08:18        --------        d-----w-        c:\programdata\mfgo
2014-04-07 09:04 . 2014-04-07 09:04        --------        d-----w-        c:\programdata\jonjldu
2014-04-07 09:04 . 2014-04-07 09:04        --------        d-----w-        c:\programdata\muemw
2014-04-07 09:04 . 2014-04-07 09:09        --------        d-----w-        c:\programdata\dpypj
2014-04-04 12:03 . 2014-02-20 09:42        765968        ------w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B2E181D4-13F0-487F-B86C-F78C01A67D83}\gapaengine.dll
2014-04-04 11:13 . 2014-04-07 09:09        --------        d-----w-        c:\programdata\bxaoqa
2014-04-04 11:13 . 2014-04-07 09:04        --------        d-----w-        c:\programdata\jyr
2014-04-04 11:13 . 2014-04-04 11:14        --------        d-----w-        c:\programdata\qmccg
2014-04-03 11:32 . 2014-04-09 08:43        --------        d-----w-        c:\programdata\gylokkk
2014-04-03 11:32 . 2014-04-09 08:46        --------        d-----w-        c:\programdata\vxdg
2014-04-03 11:32 . 2014-04-03 11:32        --------        d-----w-        c:\programdata\rtyeusg
2014-04-03 11:32 . 2014-04-03 11:32        --------        d-----w-        c:\programdata\goo
2014-04-03 11:32 . 2014-04-03 11:32        --------        d-----w-        c:\programdata\ouan
2014-04-03 11:29 . 2014-04-09 08:46        --------        d-----w-        c:\programdata\nhvfg
2014-04-03 11:28 . 2014-04-09 08:35        --------        d--h--w-        c:\users\bluejvkeyes\AppData\Local\Eiepxwigmy
2014-04-03 11:25 . 2014-04-03 11:25        --------        d--h--w-        c:\users\bluejvkeyes\AppData\Roaming\Qaywk
2014-04-03 11:24 . 2014-04-03 11:24        --------        d--h--w-        c:\users\bluejvkeyes\AppData\Local\Lbovygvrj
2014-03-29 20:46 . 2014-03-29 20:46        --------        d-----w-        c:\users\bluejvkeyes\AppData\Roaming\RavensburgerTipToi
2014-03-29 20:45 . 2014-03-29 20:46        --------        d-----w-        c:\programdata\RavensburgerTipToi
2014-03-29 20:45 . 2014-03-29 20:45        --------        d-----w-        c:\program files\Ravensburger tiptoi
2014-03-24 20:23 . 2014-03-24 20:23        --------        d-----w-        c:\program files\iPod
2014-03-24 20:23 . 2014-03-24 20:25        --------        d-----w-        c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-03-24 20:23 . 2014-03-24 20:25        --------        d-----w-        c:\program files\iTunes
2014-03-21 12:45 . 2014-03-24 22:42        --------        d-----w-        c:\program files\Mozilla Thunderbird
2014-03-14 11:50 . 2014-02-04 02:04        1230336        ----a-w-        c:\windows\system32\WindowsCodecs.dll
2014-03-14 11:50 . 2014-01-29 02:06        381440        ----a-w-        c:\windows\system32\wer.dll
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-03-12 20:48 . 2012-04-10 20:18        692616        ----a-w-        c:\windows\system32\FlashPlayerApp.exe
2014-03-12 20:48 . 2011-07-06 07:24        71048        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl
2014-03-11 07:52 . 2010-10-24 20:25        104264        ----a-w-        c:\windows\system32\drivers\NisDrvWFP.sys
2014-02-20 09:42 . 2011-03-25 21:30        765968        ------w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2014-01-24 23:19 . 2014-01-24 23:19        231960        ----a-w-        c:\windows\system32\drivers\MpFilter.sys
2014-01-19 07:32 . 2010-06-04 19:30        231584        ------w-        c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2013-01-24 1521800]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{EF2D6E36-5C05-4F40-B861-9E909B5BAE09}]
2010-07-16 09:13        201728        ----a-w-        c:\users\bluejvkeyes\AppData\Roaming\YahooToolbar\IE\YahooToolbar.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"Sony PC Companion"="c:\program files\Sony\Sony PC Companion\PCCompanion.exe" [2013-10-31 449760]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2013-07-02 248208]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"f2dea"="c:\programdata\gbr\ljlneyx.exe" [2014-04-08 275456]
"g10jsu"="c:\programdata\goo\btwtcsd.exe" [2014-04-03 279040]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-04 186904]
"CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2008-12-24 103720]
"UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-02-25 218408]
"RemoteControl8"="c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2009-04-15 91432]
"PDVD8LanguageShortcut"="c:\program files\CyberLink\PowerDVD8\Language\Language.exe" [2009-04-15 50472]
"UpdatePPShortCut"="c:\program files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408]
"UpdatePSTShortCut"="c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2009-03-12 210216]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2008-03-10 689488]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2008-03-17 1848648]
"IJNetworkScanUtility"="c:\program files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE" [2007-11-19 128352]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2010-06-07 111928]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-02-05 43848]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2013-01-24 1646216]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-03-11 951576]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-18 421888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2012-09-20 1425208]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2014-02-21 152392]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\winlogon]
"shell"="c:\programdata\xci\gcwhf.exe,explorer.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-10-23 172192]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\Common Files\MAGIX Services\Database\bin\fbserver.exe [2011-04-26 2702848]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2012-07-20 12400]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2014-03-01 108032]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2014-03-11 104264]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe [2014-03-11 279776]
R3 Sony PC Companion;Sony PC Companion;c:\program files\Sony\Sony PC Companion\PCCService.exe [2013-02-04 155824]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 usbser32;Neato Robotics USB Driver;c:\windows\system32\DRIVERS\usbser.sys [2010-11-20 27648]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-18 176128]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\Common Files\MAGIX Services\Database\bin\FABS.exe [2012-01-23 1858048]
S2 KMDFMEMIO;SAMSUNG Kernel Driver;c:\windows\system32\DRIVERS\kmdfmemio.sys [2007-06-01 13312]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [2013-07-02 93072]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-09-28 315392]
.
.
Inhalt des "geplante Tasks" Ordners
.
2014-04-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-10 20:48]
.
2014-04-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-03-12 22:24]
.
2014-04-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-03-12 22:24]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://de.ask.com/?l=dis&o=15768
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\bluejvkeyes\AppData\Roaming\Mozilla\Firefox\Profiles\ah294i5n.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.berlinerhaie.com/index.php
FF - user.js: yahoo.homepage.dontask - true
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKCU-Run-Power2GoExpress - (no file)
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2014-04-09  10:56:55
ComboFix-quarantined-files.txt  2014-04-09 08:56
.
Vor Suchlauf: 8 Verzeichnis(se), 24.391.831.552 Bytes frei
Nach Suchlauf: 11 Verzeichnis(se), 24.329.097.216 Bytes frei
.
- - End Of File - - F40F2D71113D62BC7B55BE417F36048F
--- --- ---
A36C5E4F47E84449FF07ED3517B43A31

schrauber 10.04.2014 08:01
Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.

Sunny Blue 10.04.2014 09:54
So alles erledigt:-)
Geht echt alles fix & reibungslos, toll!!! (ich meine die Dowloads, Scans usw.)
Danke!!!

C:\ mbam.txt :


Suchlauf Datum: 10.04.2014
Suchlauf-Zeit: 10:10:05
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.1.1004
Malware Datenbank: v2014.04.10.03
Rootkit Datenbank: v2014.03.27.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Chameleon: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x86
Dateisystem: NTFS
Benutzer: bluejvkeyes

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 240319
Verstrichene Zeit: 18 Min, 4 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Shuriken: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 6
Trojan.Agent.ZT, C:\ProgramData\xci\gcwhf.exe, 2556, Löschen bei Neustart, [847cbf4144bc07f9bb1573d7f50ce11f]
PUP.Optional.SweetIM, C:\Program Files\SweetIM\Messenger\SweetIM.exe, 3256, Löschen bei Neustart, [04fc1de30df3827ed3a04cf2f1137b85]
Trojan.Agent.ZT, C:\ProgramData\goo\btwtcsd.exe, 3592, Löschen bei Neustart, [a35d24dc9c647f812ba5e16921e0e41c]
Trojan.Agent.ZT, C:\ProgramData\goo\btwtcsd.exe, 5064, Löschen bei Neustart, [a35d24dc9c647f812ba5e16921e0e41c]
Trojan.Agent.ZT, C:\ProgramData\gbr\ljlneyx.exe, 3624, Löschen bei Neustart, [966a847c748c669a983864e6df22be42]
Trojan.Agent.ZT, C:\ProgramData\gbr\ljlneyx.exe, 5100, Löschen bei Neustart, [966a847c748c669a983864e6df22be42]

Module: 23
PUP.Optional.SweetIM, C:\Program Files\SweetIM\Messenger\mgAdaptersProxy.dll, Löschen bei Neustart, [8f7124dcd52b43bd93e0b589a65e728e],
PUP.Optional.SweetIM, C:\Program Files\SweetIM\Messenger\mgAdaptersProxy.dll, Löschen bei Neustart, [8f7124dcd52b43bd93e0b589a65e728e],
PUP.Optional.SweetIM, C:\Program Files\SweetIM\Messenger\mgAdaptersProxy.dll, Löschen bei Neustart, [8f7124dcd52b43bd93e0b589a65e728e],
PUP.Optional.SweetIM, C:\Program Files\SweetIM\Messenger\mgAdaptersProxy.dll, Löschen bei Neustart, [8f7124dcd52b43bd93e0b589a65e728e],
PUP.Optional.SweetIM, C:\Program Files\SweetIM\Messenger\mgAdaptersProxy.dll, Löschen bei Neustart, [8f7124dcd52b43bd93e0b589a65e728e],
PUP.Optional.SweetIM, C:\Program Files\SweetIM\Messenger\mgAdaptersProxy.dll, Löschen bei Neustart, [8f7124dcd52b43bd93e0b589a65e728e],
PUP.Optional.SweetIM, C:\Program Files\SweetIM\Messenger\mgAdaptersProxy.dll, Löschen bei Neustart, [8f7124dcd52b43bd93e0b589a65e728e],
PUP.Optional.SweetIM, C:\Program Files\SweetIM\Messenger\mgAdaptersProxy.dll, Löschen bei Neustart, [8f7124dcd52b43bd93e0b589a65e728e],
PUP.Optional.SweetIM, C:\Program Files\SweetIM\Messenger\mgAdaptersProxy.dll, Löschen bei Neustart, [8f7124dcd52b43bd93e0b589a65e728e],
PUP.Optional.SweetIM, C:\Program Files\SweetIM\Messenger\mgAdaptersProxy.dll, Löschen bei Neustart, [8f7124dcd52b43bd93e0b589a65e728e],
PUP.Optional.SweetIM, C:\Program Files\SweetIM\Messenger\mgAdaptersProxy.dll, Löschen bei Neustart, [8f7124dcd52b43bd93e0b589a65e728e],
PUP.Optional.SweetIM, C:\Program Files\SweetIM\Messenger\mgAdaptersProxy.dll, Löschen bei Neustart, [8f7124dcd52b43bd93e0b589a65e728e],
PUP.Optional.SweetIM, C:\Program Files\SweetIM\Messenger\mgAdaptersProxy.dll, Löschen bei Neustart, [8f7124dcd52b43bd93e0b589a65e728e],
PUP.Optional.SweetIM, C:\Program Files\SweetIM\Messenger\mgAdaptersProxy.dll, Löschen bei Neustart, [8f7124dcd52b43bd93e0b589a65e728e],
PUP.Optional.SweetIM, C:\Program Files\SweetIM\Messenger\mgAdaptersProxy.dll, Löschen bei Neustart, [8f7124dcd52b43bd93e0b589a65e728e],
PUP.Optional.SweetIM, C:\Program Files\SweetIM\Messenger\mgAdaptersProxy.dll, Löschen bei Neustart, [8f7124dcd52b43bd93e0b589a65e728e],
PUP.Optional.SweetIM, C:\Program Files\SweetIM\Messenger\mgUpdateSupport.dll, Löschen bei Neustart, [b44c01ff27d94eb2670c0a3446beac54],
PUP.Optional.SweetIM, C:\Program Files\SweetIM\Messenger\mgcommunication.dll, Löschen bei Neustart, [08f84fb1926e03fd9ad92b1320e4fe02],
PUP.Optional.SweetIM, C:\Program Files\SweetIM\Messenger\mgIEPlayer.dll, Löschen bei Neustart, [03fde719946cc43cbcb762dcf70d16ea],
PUP.Optional.SweetIM, C:\Program Files\SweetIM\Messenger\mgcommon.dll, Löschen bei Neustart, [8c7409f7a25ef20e4e257ec04bb926da],
PUP.Optional.SweetIM, C:\Program Files\SweetIM\Messenger\mghooking.dll, Löschen bei Neustart, [e61a0ff1f709956bb7bc0b3307fd04fc],
PUP.Optional.SweetIM, C:\Program Files\SweetIM\Messenger\mgxml_wrapper.dll, Löschen bei Neustart, [fa06e818a9571fe153203ffff311b64a],
PUP.Optional.SweetIM, C:\Program Files\SweetIM\Messenger\mgconfig.dll, Löschen bei Neustart, [758b43bda25e12ee1c573fff11f31be5],

Registrierungsschlüssel: 2
PUP.Optional.SweetIM.A, HKLM\SOFTWARE\SWEETIM, In Quarantäne, [f50b1fe12dd3e0205083dfabb350d42c],
PUP.Optional.SweetIM.A, HKU\S-1-5-21-39800961-588471803-1280384396-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SWEETIM, In Quarantäne, [17e9fe02c7391de35f730a80e71c7b85],

Registrierungswerte: 9
PUP.Optional.SweetIM, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|SweetIM, C:\Program Files\SweetIM\Messenger\SweetIM.exe, In Quarantäne, [04fc1de30df3827ed3a04cf2f1137b85]
Trojan.Agent.ZT, HKU\S-1-5-21-39800961-588471803-1280384396-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE|g10jsu, C:\ProgramData\goo\btwtcsd.exe, In Quarantäne, [a35d24dc9c647f812ba5e16921e0e41c]
Trojan.Agent.ZT, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE|f2dea, C:\ProgramData\gbr\ljlneyx.exe, In Quarantäne, [966a847c748c669a983864e6df22be42]
Trojan.Agent.ZT, HKU\S-1-5-21-39800961-588471803-1280384396-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE|f2dea, C:\ProgramData\gbr\ljlneyx.exe, In Quarantäne, [966a847c748c669a983864e6df22be42]
Trojan.Agent.ZT, HKU\.DEFAULT\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE|f2dea, C:\ProgramData\gbr\ljlneyx.exe, In Quarantäne, [966a847c748c669a983864e6df22be42]
PUP.Optional.SweetIM.A, HKLM\SOFTWARE\SWEETIM|simapp_id, {CC3E70DE-982E-11DF-B9BF-001377FE3BD6}, In Quarantäne, [f50b1fe12dd3e0205083dfabb350d42c]
PUP.Optional.SweetIM.A, HKU\S-1-5-21-39800961-588471803-1280384396-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SWEETIM|simapp_id, {CC3E70DE-982E-11DF-B9BF-001377FE3BD6}, In Quarantäne, [17e9fe02c7391de35f730a80e71c7b85]
PUP.Optional.SweetIM.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\SHAREDDLLS|C:\PROGRAM FILES\SWEETIM\TOOLBARS\INTERNET EXPLORER\MGHELPERAPP.EXE, 1, In Quarantäne, [27d9d32d04fca9574f52be9a9a689b65]
PUP.Optional.SweetIM.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\SHAREDDLLS|C:\PROGRAM FILES\SWEETIM\TOOLBARS\INTERNET EXPLORER\MGTOOLBARPROXY.DLL, 1, In Quarantäne, [27d9d32d04fca9574f52be9a9a689b65]

Registrierungsdaten: 0
(No malicious items detected)

Ordner: 5
PUP.Optional.SweetIM.A, C:\Program Files\SweetIM\Toolbars, In Quarantäne, [27d9d32d04fca9574f52be9a9a689b65],
PUP.Optional.SweetIM.A, C:\Program Files\SweetIM\Toolbars\Internet Explorer, In Quarantäne, [27d9d32d04fca9574f52be9a9a689b65],
PUP.Optional.SweetIM.A, C:\Program Files\SweetIM\Toolbars\Internet Explorer\conf, In Quarantäne, [27d9d32d04fca9574f52be9a9a689b65],
PUP.Optional.SweetIM.A, C:\Program Files\SweetIM\Toolbars\Internet Explorer\Microsoft.VC90.CRT, In Quarantäne, [27d9d32d04fca9574f52be9a9a689b65],
PUP.Optional.SweetIM.A, C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources, In Quarantäne, [27d9d32d04fca9574f52be9a9a689b65],

Dateien: 79
PUP.Optional.SweetIM, C:\Program Files\SweetIM\Messenger\mgAdaptersProxy.dll, Löschen bei Neustart, [8f7124dcd52b43bd93e0b589a65e728e],
Trojan.Agent.ZT, C:\ProgramData\xci\gcwhf.exe, Löschen bei Neustart, [847cbf4144bc07f9bb1573d7f50ce11f],
PUP.Optional.SweetIM, C:\Program Files\SweetIM\Messenger\SweetIM.exe, Löschen bei Neustart, [04fc1de30df3827ed3a04cf2f1137b85],
PUP.Optional.SweetIM, C:\Program Files\SweetIM\Messenger\mgUpdateSupport.dll, Löschen bei Neustart, [b44c01ff27d94eb2670c0a3446beac54],
PUP.Optional.SweetIM, C:\Program Files\SweetIM\Messenger\mgcommunication.dll, Löschen bei Neustart, [08f84fb1926e03fd9ad92b1320e4fe02],
PUP.Optional.SweetIM, C:\Program Files\SweetIM\Messenger\mgIEPlayer.dll, Löschen bei Neustart, [03fde719946cc43cbcb762dcf70d16ea],
PUP.Optional.SweetIM, C:\Program Files\SweetIM\Messenger\mgcommon.dll, Löschen bei Neustart, [8c7409f7a25ef20e4e257ec04bb926da],
PUP.Optional.SweetIM, C:\Program Files\SweetIM\Messenger\mghooking.dll, Löschen bei Neustart, [e61a0ff1f709956bb7bc0b3307fd04fc],
PUP.Optional.SweetIM, C:\Program Files\SweetIM\Messenger\mgxml_wrapper.dll, Löschen bei Neustart, [fa06e818a9571fe153203ffff311b64a],
PUP.Optional.SweetIM, C:\Program Files\SweetIM\Messenger\mgconfig.dll, Löschen bei Neustart, [758b43bda25e12ee1c573fff11f31be5],
Trojan.Agent.ZT, C:\ProgramData\goo\btwtcsd.exe, Löschen bei Neustart, [a35d24dc9c647f812ba5e16921e0e41c],
Trojan.Agent.ZT, C:\ProgramData\gbr\ljlneyx.exe, Löschen bei Neustart, [966a847c748c669a983864e6df22be42],
Trojan.Agent.ZT, C:\ProgramData\jfp\lbekyaq.exe, In Quarantäne, [a060ce3299679a6627a91f2b31d07789],
Trojan.Agent.ZT, C:\ProgramData\jonjldu\lpcq.exe, In Quarantäne, [f20e966a04fc28d8d5fb97b35aa7e61a],
Trojan.Agent.ZT, C:\ProgramData\xpe\mvtna.exe, In Quarantäne, [b54b8a768e727f817d5352f82ed3a957],
Trojan.Agent.ZT, C:\ProgramData\ptmm\aqxfmpi.exe, In Quarantäne, [d92726da01ffb94708c8ee5ca35e03fd],
Trojan.Agent.ZT, C:\ProgramData\rtyeusg\otptq.exe, In Quarantäne, [59a7b44c3fc12ad6c10f252530d17090],
Trojan.Agent.ED, C:\Users\bluejvkeyes\AppData\Roaming\Qaywk\tjgdsxeja.exe, In Quarantäne, [d828cf31be42dd230d71fb63c43d7c84],
Trojan.Agent.ED, C:\Users\bluejvkeyes\AppData\Local\Lbovygvrj\fsundfxeja.exe, In Quarantäne, [0cf415ebb848da2669153b2340c1f010],
PUP.Optional.SweetIM, C:\Windows\Installer\3e6232.msi, In Quarantäne, [eb15758bcc3432ce5c17d46aa65ef50b],
PUP.Optional.SweetIM, C:\Windows\Installer\3e6238.msi, In Quarantäne, [c23edb2512ee0cf4442f76c8f50fc040],
PUP.Optional.SweetIM.A, C:\Program Files\SweetIM\Toolbars\Internet Explorer\ClearHist.exe, In Quarantäne, [27d9d32d04fca9574f52be9a9a689b65],
PUP.Optional.SweetIM.A, C:\Program Files\SweetIM\Toolbars\Internet Explorer\default.xml, In Quarantäne, [27d9d32d04fca9574f52be9a9a689b65],
PUP.Optional.SweetIM.A, C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgcommon.dll, In Quarantäne, [27d9d32d04fca9574f52be9a9a689b65],
PUP.Optional.SweetIM.A, C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgconfig.dll, In Quarantäne, [27d9d32d04fca9574f52be9a9a689b65],
PUP.Optional.SweetIM.A, C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll, In Quarantäne, [27d9d32d04fca9574f52be9a9a689b65],
PUP.Optional.SweetIM.A, C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelperApp.exe, In Quarantäne, [27d9d32d04fca9574f52be9a9a689b65],
PUP.Optional.SweetIM.A, C:\Program Files\SweetIM\Toolbars\Internet Explorer\mghooking.dll, In Quarantäne, [27d9d32d04fca9574f52be9a9a689b65],
PUP.Optional.SweetIM.A, C:\Program Files\SweetIM\Toolbars\Internet Explorer\mglogger.dll, In Quarantäne, [27d9d32d04fca9574f52be9a9a689b65],
PUP.Optional.SweetIM.A, C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgsimcommon.dll, In Quarantäne, [27d9d32d04fca9574f52be9a9a689b65],
PUP.Optional.SweetIM.A, C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll, In Quarantäne, [27d9d32d04fca9574f52be9a9a689b65],
PUP.Optional.SweetIM.A, C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarProxy.dll, In Quarantäne, [27d9d32d04fca9574f52be9a9a689b65],
PUP.Optional.SweetIM.A, C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgxml_wrapper.dll, In Quarantäne, [27d9d32d04fca9574f52be9a9a689b65],
PUP.Optional.SweetIM.A, C:\Program Files\SweetIM\Toolbars\Internet Explorer\conf\logger.xml, In Quarantäne, [27d9d32d04fca9574f52be9a9a689b65],
PUP.Optional.SweetIM.A, C:\Program Files\SweetIM\Toolbars\Internet Explorer\Microsoft.VC90.CRT\Microsoft.VC90.CRT.manifest, In Quarantäne, [27d9d32d04fca9574f52be9a9a689b65],
PUP.Optional.SweetIM.A, C:\Program Files\SweetIM\Toolbars\Internet Explorer\Microsoft.VC90.CRT\msvcm90.dll, In Quarantäne, [27d9d32d04fca9574f52be9a9a689b65],
PUP.Optional.SweetIM.A, C:\Program Files\SweetIM\Toolbars\Internet Explorer\Microsoft.VC90.CRT\msvcp90.dll, In Quarantäne, [27d9d32d04fca9574f52be9a9a689b65],
PUP.Optional.SweetIM.A, C:\Program Files\SweetIM\Toolbars\Internet Explorer\Microsoft.VC90.CRT\msvcr90.dll, In Quarantäne, [27d9d32d04fca9574f52be9a9a689b65],
PUP.Optional.SweetIM.A, C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\eye_icon_over.png, In Quarantäne, [27d9d32d04fca9574f52be9a9a689b65],
PUP.Optional.SweetIM.A, C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\logo_about.png, In Quarantäne, [27d9d32d04fca9574f52be9a9a689b65],
PUP.Optional.SweetIM.A, C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\about.html, In Quarantäne, [27d9d32d04fca9574f52be9a9a689b65],
PUP.Optional.SweetIM.A, C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\affid.dat, In Quarantäne, [27d9d32d04fca9574f52be9a9a689b65],
PUP.Optional.SweetIM.A, C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\basis.xml, In Quarantäne, [27d9d32d04fca9574f52be9a9a689b65],
PUP.Optional.SweetIM.A, C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\bing.png, In Quarantäne, [27d9d32d04fca9574f52be9a9a689b65],
PUP.Optional.SweetIM.A, C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\clear-history.png, In Quarantäne, [27d9d32d04fca9574f52be9a9a689b65],
PUP.Optional.SweetIM.A, C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\content-notifier-anim-over.gif, In Quarantäne, [27d9d32d04fca9574f52be9a9a689b65],
PUP.Optional.SweetIM.A, C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\content-notifier-anim.gif, In Quarantäne, [27d9d32d04fca9574f52be9a9a689b65],
PUP.Optional.SweetIM.A, C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\content-notifier.js, In Quarantäne, [27d9d32d04fca9574f52be9a9a689b65],
PUP.Optional.SweetIM.A, C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\dating.png, In Quarantäne, [27d9d32d04fca9574f52be9a9a689b65],
PUP.Optional.SweetIM.A, C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\dictionary.png, In Quarantäne, [27d9d32d04fca9574f52be9a9a689b65],
PUP.Optional.SweetIM.A, C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\eye_icon.png, In Quarantäne, [27d9d32d04fca9574f52be9a9a689b65],
PUP.Optional.SweetIM.A, C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\e_cards.png, In Quarantäne, [27d9d32d04fca9574f52be9a9a689b65],
PUP.Optional.SweetIM.A, C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\find.png, In Quarantäne, [27d9d32d04fca9574f52be9a9a689b65],
PUP.Optional.SweetIM.A, C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\free_stuff.png, In Quarantäne, [27d9d32d04fca9574f52be9a9a689b65],
PUP.Optional.SweetIM.A, C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\games.png, In Quarantäne, [27d9d32d04fca9574f52be9a9a689b65],
PUP.Optional.SweetIM.A, C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\glitter.png, In Quarantäne, [27d9d32d04fca9574f52be9a9a689b65],
PUP.Optional.SweetIM.A, C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\google.png, In Quarantäne, [27d9d32d04fca9574f52be9a9a689b65],
PUP.Optional.SweetIM.A, C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\help.png, In Quarantäne, [27d9d32d04fca9574f52be9a9a689b65],
PUP.Optional.SweetIM.A, C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\highlight.png, In Quarantäne, [27d9d32d04fca9574f52be9a9a689b65],
PUP.Optional.SweetIM.A, C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\locales.xml, In Quarantäne, [27d9d32d04fca9574f52be9a9a689b65],
PUP.Optional.SweetIM.A, C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\logo_16x16.png, In Quarantäne, [27d9d32d04fca9574f52be9a9a689b65],
PUP.Optional.SweetIM.A, C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\logo_21x18.png, In Quarantäne, [27d9d32d04fca9574f52be9a9a689b65],
PUP.Optional.SweetIM.A, C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\logo_32x32.png, In Quarantäne, [27d9d32d04fca9574f52be9a9a689b65],
PUP.Optional.SweetIM.A, C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\more-search-providers.png, In Quarantäne, [27d9d32d04fca9574f52be9a9a689b65],
PUP.Optional.SweetIM.A, C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\music.png, In Quarantäne, [27d9d32d04fca9574f52be9a9a689b65],
PUP.Optional.SweetIM.A, C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\news.png, In Quarantäne, [27d9d32d04fca9574f52be9a9a689b65],
PUP.Optional.SweetIM.A, C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\options.html, In Quarantäne, [27d9d32d04fca9574f52be9a9a689b65],
PUP.Optional.SweetIM.A, C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\photos.png, In Quarantäne, [27d9d32d04fca9574f52be9a9a689b65],
PUP.Optional.SweetIM.A, C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\search-current-site.png, In Quarantäne, [27d9d32d04fca9574f52be9a9a689b65],
PUP.Optional.SweetIM.A, C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\shopping.png, In Quarantäne, [27d9d32d04fca9574f52be9a9a689b65],
PUP.Optional.SweetIM.A, C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\SmileySmile.png, In Quarantäne, [27d9d32d04fca9574f52be9a9a689b65],
PUP.Optional.SweetIM.A, C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\SmileyWink.png, In Quarantäne, [27d9d32d04fca9574f52be9a9a689b65],
PUP.Optional.SweetIM.A, C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\sweetim_text.png, In Quarantäne, [27d9d32d04fca9574f52be9a9a689b65],
PUP.Optional.SweetIM.A, C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\toolbar.xml, In Quarantäne, [27d9d32d04fca9574f52be9a9a689b65],
PUP.Optional.SweetIM.A, C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\version.txt, In Quarantäne, [27d9d32d04fca9574f52be9a9a689b65],
PUP.Optional.SweetIM.A, C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\video.png, In Quarantäne, [27d9d32d04fca9574f52be9a9a689b65],
PUP.Optional.SweetIM.A, C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\web-search.png, In Quarantäne, [27d9d32d04fca9574f52be9a9a689b65],
PUP.Optional.SweetIM.A, C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\web-toolbar.js, In Quarantäne, [27d9d32d04fca9574f52be9a9a689b65],
PUP.Optional.SweetIM.A, C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\yahoo.png, In Quarantäne, [27d9d32d04fca9574f52be9a9a689b65],

Physische Sektoren: 0
(No malicious items detected)


(end)


C:\ Adwcleaner.txt :

AdwCleaner Logfile:
Code:
# AdwCleaner v3.023 - Bericht erstellt am 10/04/2014 um 10:27:29
# Aktualisiert 01/04/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (32 bits)
# Benutzername : bluejvkeyes - BLUEJVKEYES-PC
# Gestartet von : C:\Users\bluejvkeyes\Downloads\adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\Ask
Ordner Gelöscht : C:\ProgramData\SweetIM
Ordner Gelöscht : C:\Program Files\Ask.com
Ordner Gelöscht : C:\Program Files\SweetIM
Ordner Gelöscht : C:\Windows\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}
Ordner Gelöscht : C:\Users\bluejvkeyes\AppData\Local\OpenCandy
Ordner Gelöscht : C:\Users\bluejvkeyes\AppData\LocalLow\AskToolbar
Ordner Gelöscht : C:\Users\bluejvkeyes\AppData\LocalLow\SweetIM
Ordner Gelöscht : C:\Users\bluejvkeyes\AppData\Roaming\uniblue
Ordner Gelöscht : C:\Users\bluejvkeyes\AppData\Roaming\Mozilla\Firefox\Profiles\ah294i5n.default\Extensions\toolbar@ask.com
Datei Gelöscht : C:\Users\bluejvkeyes\AppData\Roaming\Mozilla\Firefox\Profiles\ah294i5n.default\searchplugins\Askcom.xml
Datei Gelöscht : C:\Users\bluejvkeyes\AppData\Roaming\Mozilla\Firefox\Profiles\ah294i5n.default\searchplugins\askcomsearch.xml
Datei Gelöscht : C:\Users\bluejvkeyes\AppData\Roaming\Mozilla\Firefox\Profiles\ah294i5n.default\searchplugins\SweetIm.xml
Datei Gelöscht : C:\Users\bluejvkeyes\AppData\Roaming\Mozilla\Firefox\Profiles\ah294i5n.default\user.js
Datei Gelöscht : C:\Windows\System32\Tasks\Scheduled Update for Ask Toolbar

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

[#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{23CFBD29-EECB-475C-BB2C-7158EE58E8BA}
[#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{23CFBD29-EECB-475C-BB2C-7158EE58E8BA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\sweetim_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\sweetim_rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\sweetimsetup_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\sweetimsetup_rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\SweetIM.exe
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{50F7F0BE-31BA-4145-BD8B-6B0DECFED804}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{82AC53B4-164C-4B07-A016-437A8388B81A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A4A0CB15-8465-4F58-A7E5-73084EA2A064}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A439801C-961D-452C-AB42-7848E9CBD289}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F4EBB1E2-21F3-4786-8CF4-16EC5925867F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4D3B167E-5FD8-4276-8FD7-9DF19C1E4D19}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]
Schlüssel Gelöscht : HKCU\Software\APN
Schlüssel Gelöscht : HKCU\Software\Ask.com
Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\AskToolbar
Schlüssel Gelöscht : HKLM\Software\APN
Schlüssel Gelöscht : HKLM\Software\AskToolbar
Schlüssel Gelöscht : HKLM\Software\Uniblue
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{08ED8855-4C2E-429B-A878-F129E1F624FA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A6CC2CA2-2779-4F10-88BF-A3C9EB874C24}
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\02F47BF73B948514FAACADD8CBBDF37D
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\07D5290CDBDAE4242926B8E6CA650501
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\080D9F5E1E95FEE4794CE438E635239E
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08E33F7B61DEFF24BB9673ED7D467636
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E3D8A5B48622A445A7DF73FEFF32C3F
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1E264E0A5959A1C46BA9175A878B12EA
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2E6768B6932D112438F047C54D180635
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\34EDDB1BFB3A2D448845F3EFD0F15A43
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\351716A953E21214898904032EAE2E81
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\397C771A7BCAC904697C3EC629ED33ED
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\427EA997C413D1D47907CBFC7B2DB432
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4318DF19719275242801CBE292063A4C
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\45FC115D1FEAEF849A4E1610D6EC8BF0
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\46A5861A389ADB844AF89E31BC9DF0A1
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49B0E1A6FF50BBE4289E4E23DE6EA0C7
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4CCCAC049F34D0540AAC13011398BEDB
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5C4389D0BFB302C479DE4178BD5D9EBA
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5D2B09BDEF4FE54418E6F3373CDBC7AC
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\61B65D3397A1FBF4CB1571B5E4F6B5B0
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E8A05C60DD9254591DBD16C94EDDBF
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\697E782CF574CC34CBB9566440BA12BC
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\69D6A6B2ED56AF24EA6335EAD6E91CA4
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AE27A8613CF7EA4782F2886F67295E5
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7CE172051F585E04187BCB97570BFA74
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7FFA128C2B0FF414D805FC5627883401
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86A901BA5265452499DCBF719C378EE3
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\88ABD1CD5C40EC84789A7F6EF86DAC5E
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\97C3D0F82E712E241A2F969F45E3351C
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\980289C22F80A7C4BB9323DC61255E4E
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\98CC8BF5A4A6E6C4ABF7051DDAB8B058
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9A4B7EF3789F871419D9302583B20C15
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A189D17A469616C4688D23E192996267
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A6C53B0F76C44004A8F36716213017DB
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B59F2D8189784CC46A4597F2842480B0
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BD746FB95FB8E5B45BF66BE54D5FD91F
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BF4F885EDEE45644EB1E0C99E0162399
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CCF399FCD6D2D3F46BF02A1378654FC9
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D149C1355C98DE24E82CEFBD996FE06A
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D15DAF33C220F91468A1D7D57C31ACD7
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D3BA76A44C779424889063D5098ED2D6
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D6D0EB9FDBD90C04D92A7E729058F10D
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB59FDB786388EA4D897F3EE715683AC
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB8DAD19CFBCC2049A4477183787E8C5
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E1C820A74ED67374BA048B52CB3C3804
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E4748F9A4181FCE46A23C13B517B9420
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EC65F200D112357449C8B1BC3CFA03D0
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F327D0C73C0973644A21E8CC852267A0
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F754C503375A13344B22388E18DFE87E
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FA96423FE2B98E248A3B23548D1E22D9
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\789034A89BAC50E4782F0A7BDBF75632
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\A97CEC23332751B47BA4B95BAA50C9D0
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.16521

Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]

-\\ Mozilla Firefox v28.0 (de)

[ Datei : C:\Users\bluejvkeyes\AppData\Roaming\Mozilla\Firefox\Profiles\ah294i5n.default\prefs.js ]

Zeile gelöscht : user_pref("browser.search.defaultengine", "Ask.com");
Zeile gelöscht : user_pref("browser.search.order.1", "Ask.com");
Zeile gelöscht : user_pref("extensions.asktb.ff-original-keyword-url", "");

*************************

AdwCleaner[R0].txt - [17431 octets] - [10/04/2014 10:24:45]
AdwCleaner[S0].txt - [17357 octets] - [10/04/2014 10:27:29]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [17418 octets] ##########
--- --- ---


C:\ JRT.txt :

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x86
Ran by bluejvkeyes on 10.04.2014 at 10:34:33,31
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-39800961-588471803-1280384396-1001\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{D2CFDF74-1C1D-44E9-B0C1-574357A25D5A}
Successfully deleted: [Registry Key] "hkey_current_user\software\microsoft\internet explorer\low rights\elevationpolicy\{a5aa24ea-11b8-4113-95ae-9ed71deaf12a}"

~~~ Files

~~~ Folders

~~~ FireFox

Emptied folder: C:\Users\bluejvkeyes\AppData\Roaming\mozilla\firefox\profiles\ah294i5n.default\minidumps [138 files]

~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 10.04.2014 at 10:37:39,61
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

C:\ FRST.txt :

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2014  01 (ATTENTION: ====> FRST version is 28 days old and could be outdated)
Ran by bluejvkeyes (administrator) on BLUEJVKEYES-PC on 10-04-2014 10:39:58
Running from C:\Users\bluejvkeyes\Desktop
Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
(TomTom) C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.23.9\GoogleCrashHandler.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(CyberLink) C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
(CyberLink Corp.) C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(CANON INC.) C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Sony) C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe
(TomTom) C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
() C:\Program Files\Sony\Sony PC Companion\PCCompanionInfo.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(MAGIX AG) C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
(Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [IAAnotif] - C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-04] (Intel Corporation)
HKLM\...\Run: [CLMLServer] - C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe [103720 2008-12-24] (CyberLink)
HKLM\...\Run: [UpdateP2GoShortCut] - C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [218408 2009-02-25] (CyberLink Corp.)
HKLM\...\Run: [RemoteControl8] - C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe [91432 2009-04-15] (CyberLink Corp.)
HKLM\...\Run: [PDVD8LanguageShortcut] - C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe [50472 2009-04-15] (CyberLink Corp.)
HKLM\...\Run: [UpdatePPShortCut] - C:\Program Files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe [218408 2008-12-03] (CyberLink Corp.)
HKLM\...\Run: [UpdatePSTShortCut] - C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe [210216 2009-03-12] (CyberLink Corp.)
HKLM\...\Run: [CanonSolutionMenu] - C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [689488 2008-03-10] (CANON INC.)
HKLM\...\Run: [CanonMyPrinter] - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [1848648 2008-03-17] (CANON INC.)
HKLM\...\Run: [IJNetworkScanUtility] - C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE [128352 2007-11-19] (CANON INC.)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-06] (Apple Inc.)
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [951576 2014-03-11] (Microsoft Corporation)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2012-04-18] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [Logitech Download Assistant] - C:\Windows\System32\LogiLDA.dll [1425208 2012-09-20] (Logitech, Inc.)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKU\.DEFAULT\...\Winlogon: [Shell] C:\ProgramData\xci\gcwhf.exe,explorer.exe <==== ATTENTION
HKU\S-1-5-21-39800961-588471803-1280384396-1001\...\Run: [Sony PC Companion] - C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe [449760 2013-10-31] (Sony)
HKU\S-1-5-21-39800961-588471803-1280384396-1001\...\Run: [TomTomHOME.exe] - C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe [248208 2013-07-02] (TomTom)
HKU\S-1-5-21-39800961-588471803-1280384396-1001\...\Run: [Power2GoExpress] - [X]
HKU\S-1-5-21-39800961-588471803-1280384396-1001\...\Winlogon: [Shell] C:\ProgramData\rtyeusg\otptq.exe,explorer.exe <==== ATTENTION

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM - DefaultScope value is missing.
BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: Yahoo! Toolbar - {EF2D6E36-5C05-4F40-B861-9E909B5BAE09} - C:\Users\bluejvkeyes\AppData\Roaming\YahooToolbar\IE\YahooToolbar.dll (Yahoo! Inc.)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\bluejvkeyes\AppData\Roaming\Mozilla\Firefox\Profiles\ah294i5n.default
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.berlinerhaie.com/index.php
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @canon.com/MycameraPlugin - C:\Program Files\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @google.com/npPicasa3,version=3.0.0 - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.15.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.15.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @playstation.com/PsndlCheck,version=1.00 - C:\Program Files\Sony\PLAYSTATION Network Downloader\nppsndl.dll (Sony Computer Entertainment Inc.)
FF Plugin: @SonyCreativeSoftware.com/Media Go,version=1.0 - C:\Program Files\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Microsoft .NET Framework Assistant - C:\Users\bluejvkeyes\AppData\Roaming\Mozilla\Firefox\Profiles\ah294i5n.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010-07-02]
FF Extension: Yahoo! Toolbar - C:\Program Files\Mozilla Firefox\extensions\{52c732b8-d108-4aae-b327-4b16b66dda26} [2014-03-29]
FF Extension: Skype extension for Firefox - C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2014-03-29]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2014-03-29]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-03-29]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2014-03-29]

========================== Services (Whitelisted) =================

R2 Fabs; C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe [1858048 2012-01-23] (MAGIX AG)
S3 FirebirdServerMAGIXInstance; C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe [2702848 2011-04-26] (MAGIX®)
R2 IJPLMSVC; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [103808 2008-01-22] ()
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2014-03-11] (Microsoft Corporation)
S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [279776 2014-03-11] (Microsoft Corporation)
S3 Sony PC Companion; C:\Program Files\Sony\Sony PC Companion\PCCService.exe [155824 2013-02-04] (Avanquest Software)

==================== Drivers (Whitelisted) ====================

S3 Afc; C:\Windows\System32\drivers\Afc.sys [11776 2005-02-23] (Arcsoft, Inc.)
R2 KMDFMEMIO; C:\Windows\System32\DRIVERS\kmdfmemio.sys [13312 2007-06-01] (SAMSUNG ELECTRONICS CO., LTD.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231960 2014-01-25] (Microsoft Corporation)
S3 NuidFltr; C:\Windows\System32\DRIVERS\NuidFltr.sys [14736 2009-05-09] (Microsoft Corporation)
S3 usbser32; C:\Windows\System32\DRIVERS\usbser.sys [27648 2010-11-20] (Microsoft Corporation)
S3 w800bus; C:\Windows\System32\DRIVERS\w800bus.sys [60768 2005-06-13] (MCCI)
S3 w800mdfl; C:\Windows\System32\DRIVERS\w800mdfl.sys [9264 2005-06-13] (MCCI)
S3 w800mdm; C:\Windows\System32\DRIVERS\w800mdm.sys [96224 2005-06-13] (MCCI)
S3 w800mgmt; C:\Windows\System32\DRIVERS\w800mgmt.sys [87792 2005-06-13] (MCCI)
S3 w800obex; C:\Windows\System32\DRIVERS\w800obex.sys [85664 2005-06-13] (MCCI)
R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x86.sys [315392 2009-09-28] ()
U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\Users\BLUEJV~1\AppData\Local\Temp\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-10 10:37 - 2014-04-10 10:37 - 00001393 _____ () C:\Users\bluejvkeyes\Desktop\JRT.txt
2014-04-10 10:34 - 2014-04-10 10:34 - 00000000 ____D () C:\Windows\ERUNT
2014-04-10 10:33 - 2014-04-10 10:33 - 01016261 _____ (Thisisu) C:\Users\bluejvkeyes\Desktop\JRT.exe
2014-04-10 10:30 - 2014-04-10 10:30 - 00017499 _____ () C:\Users\bluejvkeyes\Desktop\AdwCleaner[S0].txt
2014-04-10 10:24 - 2014-04-10 10:27 - 00000000 ____D () C:\AdwCleaner
2014-04-10 10:22 - 2014-04-10 10:22 - 01426178 _____ () C:\Users\bluejvkeyes\Downloads\adwcleaner.exe
2014-04-10 10:19 - 2014-04-10 10:19 - 00018998 _____ () C:\Users\bluejvkeyes\Desktop\mbam.txt
2014-04-10 09:48 - 2014-04-10 10:17 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-10 09:47 - 2014-04-10 09:47 - 00001056 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-10 09:47 - 2014-04-10 09:47 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-10 09:47 - 2014-04-10 09:47 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-04-10 09:47 - 2014-04-03 09:51 - 00073432 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-10 09:47 - 2014-04-03 09:51 - 00051416 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-10 09:47 - 2014-04-03 09:50 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-10 09:43 - 2014-04-10 09:44 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\bluejvkeyes\Downloads\mbam-setup-2.0.1.1004.exe
2014-04-10 09:36 - 2014-04-10 10:11 - 00023428 _____ () C:\Windows\PFRO.log
2014-04-09 10:56 - 2014-04-09 10:56 - 00012637 _____ () C:\ComboFix.txt
2014-04-09 10:43 - 2014-04-09 10:56 - 00000000 ____D () C:\Qoobox
2014-04-09 10:43 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-04-09 10:43 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-04-09 10:43 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-04-09 10:43 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-04-09 10:43 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-04-09 10:43 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-04-09 10:43 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-04-09 10:43 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-04-09 10:42 - 2014-04-09 10:55 - 00000000 ____D () C:\Windows\erdnt
2014-04-09 10:24 - 2014-04-09 10:24 - 05194596 ____R (Swearware) C:\Users\bluejvkeyes\Desktop\ComboFix.exe
2014-04-09 10:20 - 2014-04-10 10:10 - 00000000 ____D () C:\ProgramData\jfp
2014-04-09 10:20 - 2014-04-09 10:20 - 00000000 ____D () C:\ProgramData\pkx
2014-04-09 10:20 - 2014-04-09 10:20 - 00000000 ____D () C:\ProgramData\icppmw
2014-04-08 09:29 - 2014-04-08 09:30 - 00023005 _____ () C:\Users\bluejvkeyes\Desktop\Addition.txt
2014-04-08 09:28 - 2014-04-10 10:39 - 00013096 _____ () C:\Users\bluejvkeyes\Desktop\FRST.txt
2014-04-08 09:28 - 2014-04-10 10:39 - 00000000 ____D () C:\FRST
2014-04-08 09:28 - 2014-04-08 09:28 - 01145856 _____ (Farbar) C:\Users\bluejvkeyes\Desktop\FRST.exe
2014-04-08 09:23 - 2014-04-08 09:23 - 00000484 _____ () C:\Users\bluejvkeyes\Downloads\defogger_disable.log
2014-04-08 09:23 - 2014-04-08 09:23 - 00000000 _____ () C:\Users\bluejvkeyes\defogger_reenable
2014-04-08 09:21 - 2014-04-08 09:21 - 00050477 _____ () C:\Users\bluejvkeyes\Downloads\Defogger.exe
2014-04-08 09:01 - 2014-04-10 10:10 - 00000000 ____D () C:\ProgramData\ptmm
2014-04-08 09:01 - 2014-04-09 10:20 - 00000000 ____D () C:\ProgramData\dykawl
2014-04-08 09:01 - 2014-04-08 09:01 - 00000000 ____D () C:\ProgramData\igr
2014-04-08 08:59 - 2014-04-10 10:11 - 00000000 ____D () C:\ProgramData\xci
2014-04-08 08:34 - 2014-04-10 10:11 - 00000000 ____D () C:\ProgramData\gbr
2014-04-08 08:34 - 2014-04-10 10:10 - 00000000 ____D () C:\ProgramData\dmbh
2014-04-08 08:34 - 2014-04-08 08:34 - 00000000 ____D () C:\ProgramData\tjlt
2014-04-08 08:31 - 2014-04-10 10:10 - 00000000 ____D () C:\ProgramData\xpe
2014-04-07 11:04 - 2014-04-10 10:10 - 00000000 ____D () C:\ProgramData\jonjldu
2014-04-07 11:04 - 2014-04-09 10:18 - 00000000 ____D () C:\ProgramData\mfgo
2014-04-07 11:04 - 2014-04-07 11:09 - 00000000 ____D () C:\ProgramData\dpypj
2014-04-07 11:04 - 2014-04-07 11:04 - 00000000 ____D () C:\ProgramData\muemw
2014-04-04 13:13 - 2014-04-07 11:09 - 00000000 ____D () C:\ProgramData\bxaoqa
2014-04-04 13:13 - 2014-04-07 11:04 - 00000000 ____D () C:\ProgramData\jyr
2014-04-04 13:13 - 2014-04-04 13:14 - 00000000 ____D () C:\ProgramData\qmccg
2014-04-03 13:32 - 2014-04-10 10:11 - 00000000 ____D () C:\ProgramData\rtyeusg
2014-04-03 13:32 - 2014-04-10 10:11 - 00000000 ____D () C:\ProgramData\goo
2014-04-03 13:32 - 2014-04-10 09:39 - 00000000 ____D () C:\ProgramData\vxdg
2014-04-03 13:32 - 2014-04-10 09:39 - 00000000 ____D () C:\ProgramData\gylokkk
2014-04-03 13:32 - 2014-04-03 13:32 - 00000000 ____D () C:\ProgramData\ouan
2014-04-03 13:29 - 2014-04-10 10:10 - 00000000 ____D () C:\ProgramData\nhvfg
2014-04-03 13:28 - 2014-04-09 10:35 - 00000000 ___HD () C:\Users\bluejvkeyes\AppData\Local\Eiepxwigmy
2014-04-03 13:25 - 2014-04-10 10:10 - 00000000 ___HD () C:\Users\bluejvkeyes\AppData\Roaming\Qaywk
2014-04-03 13:24 - 2014-04-10 10:10 - 00000000 ___HD () C:\Users\bluejvkeyes\AppData\Local\Lbovygvrj
2014-03-29 22:46 - 2014-03-29 22:46 - 00000000 ____D () C:\Users\bluejvkeyes\AppData\Roaming\RavensburgerTipToi
2014-03-29 22:45 - 2014-03-29 22:46 - 00000000 ____D () C:\ProgramData\RavensburgerTipToi
2014-03-29 22:45 - 2014-03-29 22:45 - 00001026 _____ () C:\Users\bluejvkeyes\Desktop\tiptoi.lnk
2014-03-29 22:45 - 2014-03-29 22:45 - 00000000 ____D () C:\Users\bluejvkeyes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\tiptoi® Manager
2014-03-29 22:45 - 2014-03-29 22:45 - 00000000 ____D () C:\Program Files\Ravensburger tiptoi
2014-03-29 08:59 - 2014-03-29 09:00 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-03-29 08:22 - 2014-03-29 08:22 - 00002170 _____ () C:\Users\Public\Desktop\Google Earth.lnk
2014-03-29 08:17 - 2014-03-29 08:18 - 00847824 _____ (Google Inc.) C:\Users\bluejvkeyes\Downloads\GoogleEarthSetup.exe
2014-03-29 08:12 - 2014-03-29 08:13 - 00848000 _____ (Google Inc.) C:\Users\bluejvkeyes\Downloads\googleupdatesetup(3).exe
2014-03-29 08:10 - 2014-03-29 08:10 - 00848000 _____ (Google Inc.) C:\Users\bluejvkeyes\Downloads\googleupdatesetup(2).exe
2014-03-29 08:09 - 2014-03-29 08:09 - 00848000 _____ (Google Inc.) C:\Users\bluejvkeyes\Downloads\googleupdatesetup(1).exe
2014-03-28 15:50 - 2014-03-28 15:50 - 00024598 _____ () C:\Users\bluejvkeyes\Downloads\Kinder-(3)
2014-03-28 15:46 - 2014-03-28 15:46 - 00023286 _____ () C:\Users\bluejvkeyes\Downloads\Kinder-(2)
2014-03-28 15:44 - 2014-03-28 15:44 - 00023046 _____ () C:\Users\bluejvkeyes\Downloads\Kinder-(1)
2014-03-28 15:16 - 2014-04-10 09:40 - 00013244 _____ () C:\Windows\DPINST.LOG
2014-03-24 22:25 - 2014-03-24 22:25 - 00001753 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-03-24 22:23 - 2014-03-24 22:25 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-03-24 22:23 - 2014-03-24 22:25 - 00000000 ____D () C:\Program Files\iTunes
2014-03-24 22:23 - 2014-03-24 22:23 - 00000000 ____D () C:\Program Files\iPod
2014-03-21 14:45 - 2014-03-25 00:42 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2014-03-18 13:28 - 2014-04-07 11:09 - 00000000 ____D () C:\Users\bluejvkeyes\Documents\aufbauanleitungen playmobil
2014-03-18 10:41 - 2014-04-10 10:28 - 00002085 _____ () C:\Windows\setupact.log
2014-03-18 10:41 - 2014-03-18 10:41 - 00000000 _____ () C:\Windows\setuperr.log
2014-03-14 13:52 - 2014-03-01 06:10 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-14 13:52 - 2014-03-01 05:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-14 13:52 - 2014-03-01 05:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-14 13:52 - 2014-03-01 05:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-14 13:52 - 2014-03-01 05:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-14 13:52 - 2014-03-01 05:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-14 13:52 - 2014-03-01 05:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-14 13:52 - 2014-03-01 05:38 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-14 13:52 - 2014-03-01 05:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-14 13:52 - 2014-03-01 05:31 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-14 13:52 - 2014-03-01 04:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-14 13:52 - 2014-03-01 04:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-14 13:51 - 2014-03-01 06:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-14 13:51 - 2014-03-01 06:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-14 13:51 - 2014-03-01 05:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-14 13:51 - 2014-03-01 05:25 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-14 13:51 - 2014-03-01 05:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-14 13:51 - 2014-03-01 05:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-14 13:51 - 2014-03-01 05:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-14 13:51 - 2014-03-01 05:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-14 13:51 - 2014-03-01 04:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-14 13:51 - 2014-03-01 04:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-14 13:51 - 2014-02-07 03:07 - 02349056 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-14 13:51 - 2014-02-04 04:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-14 13:51 - 2014-01-28 04:07 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-03-14 13:50 - 2014-02-04 04:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-03-14 13:50 - 2014-01-29 04:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-12 14:19 - 2014-03-12 14:19 - 00005686 _____ () C:\Users\bluejvkeyes\Downloads\Kinder-

==================== One Month Modified Files and Folders =======

2014-04-10 10:40 - 2014-04-08 09:28 - 00013096 _____ () C:\Users\bluejvkeyes\Desktop\FRST.txt
2014-04-10 10:39 - 2014-04-08 09:28 - 00000000 ____D () C:\FRST
2014-04-10 10:39 - 2012-08-08 22:41 - 01503634 _____ () C:\Windows\WindowsUpdate.log
2014-04-10 10:37 - 2014-04-10 10:37 - 00001393 _____ () C:\Users\bluejvkeyes\Desktop\JRT.txt
2014-04-10 10:36 - 2009-07-14 06:34 - 00014928 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-10 10:36 - 2009-07-14 06:34 - 00014928 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-10 10:34 - 2014-04-10 10:34 - 00000000 ____D () C:\Windows\ERUNT
2014-04-10 10:33 - 2014-04-10 10:33 - 01016261 _____ (Thisisu) C:\Users\bluejvkeyes\Desktop\JRT.exe
2014-04-10 10:33 - 2010-06-04 21:21 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-10 10:30 - 2014-04-10 10:30 - 00017499 _____ () C:\Users\bluejvkeyes\Desktop\AdwCleaner[S0].txt
2014-04-10 10:29 - 2012-03-13 00:25 - 00001104 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-10 10:29 - 2010-06-11 21:22 - 00000000 ____D () C:\Users\bluejvkeyes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite
2014-04-10 10:29 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-10 10:28 - 2014-03-18 10:41 - 00002085 _____ () C:\Windows\setupact.log
2014-04-10 10:27 - 2014-04-10 10:24 - 00000000 ____D () C:\AdwCleaner
2014-04-10 10:24 - 2012-03-13 00:25 - 00001108 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-10 10:22 - 2014-04-10 10:22 - 01426178 _____ () C:\Users\bluejvkeyes\Downloads\adwcleaner.exe
2014-04-10 10:19 - 2014-04-10 10:19 - 00018998 _____ () C:\Users\bluejvkeyes\Desktop\mbam.txt
2014-04-10 10:17 - 2014-04-10 09:48 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-10 10:11 - 2014-04-10 09:36 - 00023428 _____ () C:\Windows\PFRO.log
2014-04-10 10:11 - 2014-04-08 08:59 - 00000000 ____D () C:\ProgramData\xci
2014-04-10 10:11 - 2014-04-08 08:34 - 00000000 ____D () C:\ProgramData\gbr
2014-04-10 10:11 - 2014-04-03 13:32 - 00000000 ____D () C:\ProgramData\rtyeusg
2014-04-10 10:11 - 2014-04-03 13:32 - 00000000 ____D () C:\ProgramData\goo
2014-04-10 10:10 - 2014-04-09 10:20 - 00000000 ____D () C:\ProgramData\jfp
2014-04-10 10:10 - 2014-04-08 09:01 - 00000000 ____D () C:\ProgramData\ptmm
2014-04-10 10:10 - 2014-04-08 08:34 - 00000000 ____D () C:\ProgramData\dmbh
2014-04-10 10:10 - 2014-04-08 08:31 - 00000000 ____D () C:\ProgramData\xpe
2014-04-10 10:10 - 2014-04-07 11:04 - 00000000 ____D () C:\ProgramData\jonjldu
2014-04-10 10:10 - 2014-04-03 13:29 - 00000000 ____D () C:\ProgramData\nhvfg
2014-04-10 10:10 - 2014-04-03 13:25 - 00000000 ___HD () C:\Users\bluejvkeyes\AppData\Roaming\Qaywk
2014-04-10 10:10 - 2014-04-03 13:24 - 00000000 ___HD () C:\Users\bluejvkeyes\AppData\Local\Lbovygvrj
2014-04-10 10:10 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\registration
2014-04-10 09:48 - 2012-08-08 13:43 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-10 09:47 - 2014-04-10 09:47 - 00001056 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-10 09:47 - 2014-04-10 09:47 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-10 09:47 - 2014-04-10 09:47 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-04-10 09:44 - 2014-04-10 09:43 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\bluejvkeyes\Downloads\mbam-setup-2.0.1.1004.exe
2014-04-10 09:40 - 2014-03-28 15:16 - 00013244 _____ () C:\Windows\DPINST.LOG
2014-04-10 09:39 - 2014-04-03 13:32 - 00000000 ____D () C:\ProgramData\vxdg
2014-04-10 09:39 - 2014-04-03 13:32 - 00000000 ____D () C:\ProgramData\gylokkk
2014-04-09 10:56 - 2014-04-09 10:56 - 00012637 _____ () C:\ComboFix.txt
2014-04-09 10:56 - 2014-04-09 10:43 - 00000000 ____D () C:\Qoobox
2014-04-09 10:56 - 2009-07-14 04:37 - 00000000 ___RD () C:\Users\Public
2014-04-09 10:55 - 2014-04-09 10:42 - 00000000 ____D () C:\Windows\erdnt
2014-04-09 10:54 - 2009-07-14 04:04 - 00000215 _____ () C:\Windows\system.ini
2014-04-09 10:35 - 2014-04-03 13:28 - 00000000 ___HD () C:\Users\bluejvkeyes\AppData\Local\Eiepxwigmy
2014-04-09 10:24 - 2014-04-09 10:24 - 05194596 ____R (Swearware) C:\Users\bluejvkeyes\Desktop\ComboFix.exe
2014-04-09 10:20 - 2014-04-09 10:20 - 00000000 ____D () C:\ProgramData\pkx
2014-04-09 10:20 - 2014-04-09 10:20 - 00000000 ____D () C:\ProgramData\icppmw
2014-04-09 10:20 - 2014-04-08 09:01 - 00000000 ____D () C:\ProgramData\dykawl
2014-04-09 10:18 - 2014-04-07 11:04 - 00000000 ____D () C:\ProgramData\mfgo
2014-04-08 09:30 - 2014-04-08 09:29 - 00023005 _____ () C:\Users\bluejvkeyes\Desktop\Addition.txt
2014-04-08 09:28 - 2014-04-08 09:28 - 01145856 _____ (Farbar) C:\Users\bluejvkeyes\Desktop\FRST.exe
2014-04-08 09:23 - 2014-04-08 09:23 - 00000484 _____ () C:\Users\bluejvkeyes\Downloads\defogger_disable.log
2014-04-08 09:23 - 2014-04-08 09:23 - 00000000 _____ () C:\Users\bluejvkeyes\defogger_reenable
2014-04-08 09:23 - 2010-06-04 21:21 - 00000000 ____D () C:\Users\bluejvkeyes
2014-04-08 09:21 - 2014-04-08 09:21 - 00050477 _____ () C:\Users\bluejvkeyes\Downloads\Defogger.exe
2014-04-08 09:01 - 2014-04-08 09:01 - 00000000 ____D () C:\ProgramData\igr
2014-04-08 08:59 - 2010-06-05 00:45 - 00120472 _____ () C:\Users\bluejvkeyes\AppData\Local\GDIPFONTCACHEV1.DAT
2014-04-08 08:45 - 2009-07-14 06:33 - 00424416 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-04-08 08:40 - 2010-06-11 22:52 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-04-08 08:34 - 2014-04-08 08:34 - 00000000 ____D () C:\ProgramData\tjlt
2014-04-07 11:09 - 2014-04-07 11:04 - 00000000 ____D () C:\ProgramData\dpypj
2014-04-07 11:09 - 2014-04-04 13:13 - 00000000 ____D () C:\ProgramData\bxaoqa
2014-04-07 11:09 - 2014-03-18 13:28 - 00000000 ____D () C:\Users\bluejvkeyes\Documents\aufbauanleitungen playmobil
2014-04-07 11:04 - 2014-04-07 11:04 - 00000000 ____D () C:\ProgramData\muemw
2014-04-07 11:04 - 2014-04-04 13:13 - 00000000 ____D () C:\ProgramData\jyr
2014-04-04 13:14 - 2014-04-04 13:13 - 00000000 ____D () C:\ProgramData\qmccg
2014-04-03 14:11 - 2011-01-26 22:43 - 00001912 _____ () C:\Windows\epplauncher.mif
2014-04-03 14:11 - 2011-01-26 22:42 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-04-03 13:32 - 2014-04-03 13:32 - 00000000 ____D () C:\ProgramData\ouan
2014-04-03 09:51 - 2014-04-10 09:47 - 00073432 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-03 09:51 - 2014-04-10 09:47 - 00051416 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-03 09:50 - 2014-04-10 09:47 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-02 12:20 - 2012-09-02 21:45 - 00000000 ____D () C:\Users\bluejvkeyes\Documents\pippifax
2014-04-01 14:19 - 2010-06-11 23:20 - 00000000 ____D () C:\ProgramData\CanonIJPLM
2014-04-01 11:07 - 2010-06-14 22:10 - 00000000 ____D () C:\Users\bluejvkeyes\AppData\Roaming\ZoomBrowser EX
2014-04-01 11:04 - 2010-06-11 22:33 - 00000000 ____D () C:\ProgramData\ZoomBrowser
2014-03-30 21:26 - 2012-05-09 21:28 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-03-29 22:46 - 2014-03-29 22:46 - 00000000 ____D () C:\Users\bluejvkeyes\AppData\Roaming\RavensburgerTipToi
2014-03-29 22:46 - 2014-03-29 22:45 - 00000000 ____D () C:\ProgramData\RavensburgerTipToi
2014-03-29 22:45 - 2014-03-29 22:45 - 00001026 _____ () C:\Users\bluejvkeyes\Desktop\tiptoi.lnk
2014-03-29 22:45 - 2014-03-29 22:45 - 00000000 ____D () C:\Users\bluejvkeyes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\tiptoi® Manager
2014-03-29 22:45 - 2014-03-29 22:45 - 00000000 ____D () C:\Program Files\Ravensburger tiptoi
2014-03-29 09:00 - 2014-03-29 08:59 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-03-29 08:22 - 2014-03-29 08:22 - 00002170 _____ () C:\Users\Public\Desktop\Google Earth.lnk
2014-03-29 08:21 - 2010-06-11 21:41 - 00000000 ____D () C:\Users\bluejvkeyes\AppData\Local\Google
2014-03-29 08:21 - 2010-06-11 21:41 - 00000000 ____D () C:\Program Files\Google
2014-03-29 08:18 - 2014-03-29 08:17 - 00847824 _____ (Google Inc.) C:\Users\bluejvkeyes\Downloads\GoogleEarthSetup.exe
2014-03-29 08:13 - 2014-03-29 08:12 - 00848000 _____ (Google Inc.) C:\Users\bluejvkeyes\Downloads\googleupdatesetup(3).exe
2014-03-29 08:10 - 2014-03-29 08:10 - 00848000 _____ (Google Inc.) C:\Users\bluejvkeyes\Downloads\googleupdatesetup(2).exe
2014-03-29 08:09 - 2014-03-29 08:09 - 00848000 _____ (Google Inc.) C:\Users\bluejvkeyes\Downloads\googleupdatesetup(1).exe
2014-03-28 15:50 - 2014-03-28 15:50 - 00024598 _____ () C:\Users\bluejvkeyes\Downloads\Kinder-(3)
2014-03-28 15:46 - 2014-03-28 15:46 - 00023286 _____ () C:\Users\bluejvkeyes\Downloads\Kinder-(2)
2014-03-28 15:44 - 2014-03-28 15:44 - 00023046 _____ () C:\Users\bluejvkeyes\Downloads\Kinder-(1)
2014-03-28 15:16 - 2014-01-16 14:01 - 00001972 _____ () C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
2014-03-28 15:15 - 2010-06-09 14:20 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-03-25 00:42 - 2014-03-21 14:45 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2014-03-24 22:25 - 2014-03-24 22:25 - 00001753 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-03-24 22:25 - 2014-03-24 22:23 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-03-24 22:25 - 2014-03-24 22:23 - 00000000 ____D () C:\Program Files\iTunes
2014-03-24 22:23 - 2014-03-24 22:23 - 00000000 ____D () C:\Program Files\iPod
2014-03-24 22:23 - 2010-08-08 21:02 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-03-18 14:52 - 2013-08-16 00:19 - 00000000 ____D () C:\Windows\system32\MRT
2014-03-18 14:50 - 2010-06-04 21:32 - 87350280 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-03-18 14:45 - 2010-08-04 13:29 - 00000000 ____D () C:\ProgramData\CanonIJ
2014-03-18 10:41 - 2014-03-18 10:41 - 00000000 _____ () C:\Windows\setuperr.log
2014-03-17 21:18 - 2009-07-14 06:53 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-03-12 22:48 - 2012-04-10 22:18 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-03-12 22:48 - 2011-07-06 09:24 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-03-12 14:19 - 2014-03-12 14:19 - 00005686 _____ () C:\Users\bluejvkeyes\Downloads\Kinder-
2014-03-12 11:47 - 2010-06-11 22:09 - 00000000 ____D () C:\ProgramData\tmp
2014-03-11 09:52 - 2010-10-24 22:25 - 00104264 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\NisDrvWFP.sys

Some content of TEMP:
====================
C:\Users\bluejvkeyes\AppData\Local\temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-03-07 00:12

==================== End Of Log ============================
--- --- ---

--- --- ---

schrauber 11.04.2014 06:35

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)

Sunny Blue 12.04.2014 08:12
Hi,
das dauerte diesmal ein bißchen ;-) (Ich habe 5 Festplatten)
Der Online Scanner sagte: 3 Funde!!?? Was heißt das denn jetzt? Es wirkt ja so, als wenn die Säuberung am Ende wäre, sicherlich sagst du mir noch was von den Programmen wieder deinstalliert wird oder?! Security Programme wie Microsoft Essentials und Firewall kann ich sicherlich auch wieder einschalten, richtig??
Gruß Sunny Blue:daumenhoc

C:\ Eset Smartinstaller V3txt.:

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=59cf97a6212d3e42a7dec055dc200750
# engine=17850
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-04-12 02:02:00
# local_time=2014-04-12 04:02:00 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 23696060 148899311 0 0
# scanned=348395
# found=3
# cleaned=0
# scan_time=29098
sh=9BB2660096A4DCEA240C5607A1B1DA76F58BDA85 ft=1 fh=f381f43bbbe56b36 vn="a variant of Win32/Kryptik.BZID trojan" ac=I fn="C:\Qoobox\Quarantine\C\ProgramData\uwpado\alnces.exe.vir"
sh=7E70FB727C771B688C4DA32A43D6CA3BB4DC33BC ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\Users\bluejvkeyes\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6\620a886-3805f74b"
sh=C935A4857EEB9DCD6E1AAA5D6DD90299CDDED786 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="H:\BLUEJVKEYES-PC\Backup Set 2014-01-03 111801\Backup Files 2014-01-03 111801\Backup files 22.zip"

C:\ checkup.txt:

Results of screen317's Security Check version 0.99.81
Windows 7 Service Pack 1 x86 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Microsoft Security Essentials
(On Access scanning disabled!)
Error obtaining update status for antivirus!
`````````Anti-malware/Other Utilities Check:`````````
CCleaner
Java 7 Update 15
Java version out of Date!
Adobe Flash Player 12.0.0.77
Adobe Reader 9
Adobe Reader XI
Mozilla Firefox (28.0)
Mozilla Thunderbird (24.4.0)
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials msseces.exe
Windows Defender MSMpEng.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````

C:\ FRST.txt:
FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2014  01 (ATTENTION: ====> FRST version is 30 days old and could be outdated)
Ran by bluejvkeyes (administrator) on BLUEJVKEYES-PC on 12-04-2014 08:58:22
Running from C:\Users\bluejvkeyes\Desktop
Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\system32\atiesrxx.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
(TomTom) C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.23.9\GoogleCrashHandler.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(CyberLink) C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
(CyberLink Corp.) C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(CANON INC.) C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Sony) C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe
(TomTom) C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
() C:\Program Files\Sony\Sony PC Companion\PCCompanionInfo.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(MAGIX AG) C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
(Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [IAAnotif] - C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-04] (Intel Corporation)
HKLM\...\Run: [CLMLServer] - C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe [103720 2008-12-24] (CyberLink)
HKLM\...\Run: [UpdateP2GoShortCut] - C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [218408 2009-02-25] (CyberLink Corp.)
HKLM\...\Run: [RemoteControl8] - C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe [91432 2009-04-15] (CyberLink Corp.)
HKLM\...\Run: [PDVD8LanguageShortcut] - C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe [50472 2009-04-15] (CyberLink Corp.)
HKLM\...\Run: [UpdatePPShortCut] - C:\Program Files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe [218408 2008-12-03] (CyberLink Corp.)
HKLM\...\Run: [UpdatePSTShortCut] - C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe [210216 2009-03-12] (CyberLink Corp.)
HKLM\...\Run: [CanonSolutionMenu] - C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [689488 2008-03-10] (CANON INC.)
HKLM\...\Run: [CanonMyPrinter] - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [1848648 2008-03-17] (CANON INC.)
HKLM\...\Run: [IJNetworkScanUtility] - C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE [128352 2007-11-19] (CANON INC.)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-06] (Apple Inc.)
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [951576 2014-03-11] (Microsoft Corporation)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2012-04-18] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [Logitech Download Assistant] - C:\Windows\System32\LogiLDA.dll [1425208 2012-09-20] (Logitech, Inc.)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKU\.DEFAULT\...\Winlogon: [Shell] C:\ProgramData\xci\gcwhf.exe,explorer.exe <==== ATTENTION
HKU\S-1-5-21-39800961-588471803-1280384396-1001\...\Run: [Sony PC Companion] - C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe [449760 2013-10-31] (Sony)
HKU\S-1-5-21-39800961-588471803-1280384396-1001\...\Run: [TomTomHOME.exe] - C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe [248208 2013-07-02] (TomTom)
HKU\S-1-5-21-39800961-588471803-1280384396-1001\...\Run: [Power2GoExpress] - [X]
HKU\S-1-5-21-39800961-588471803-1280384396-1001\...\Winlogon: [Shell] C:\ProgramData\rtyeusg\otptq.exe,explorer.exe <==== ATTENTION

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM - DefaultScope value is missing.
BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: Yahoo! Toolbar - {EF2D6E36-5C05-4F40-B861-9E909B5BAE09} - C:\Users\bluejvkeyes\AppData\Roaming\YahooToolbar\IE\YahooToolbar.dll (Yahoo! Inc.)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\bluejvkeyes\AppData\Roaming\Mozilla\Firefox\Profiles\ah294i5n.default
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.berlinerhaie.com/index.php
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @canon.com/MycameraPlugin - C:\Program Files\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @google.com/npPicasa3,version=3.0.0 - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.15.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.15.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @playstation.com/PsndlCheck,version=1.00 - C:\Program Files\Sony\PLAYSTATION Network Downloader\nppsndl.dll (Sony Computer Entertainment Inc.)
FF Plugin: @SonyCreativeSoftware.com/Media Go,version=1.0 - C:\Program Files\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Microsoft .NET Framework Assistant - C:\Users\bluejvkeyes\AppData\Roaming\Mozilla\Firefox\Profiles\ah294i5n.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010-07-02]
FF Extension: Yahoo! Toolbar - C:\Program Files\Mozilla Firefox\extensions\{52c732b8-d108-4aae-b327-4b16b66dda26} [2014-03-29]
FF Extension: Skype extension for Firefox - C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2014-03-29]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2014-03-29]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-03-29]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2014-03-29]

========================== Services (Whitelisted) =================

R2 Fabs; C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe [1858048 2012-01-23] (MAGIX AG)
S3 FirebirdServerMAGIXInstance; C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe [2702848 2011-04-26] (MAGIX®)
R2 IJPLMSVC; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [103808 2008-01-22] ()
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2014-03-11] (Microsoft Corporation)
S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [279776 2014-03-11] (Microsoft Corporation)
S3 Sony PC Companion; C:\Program Files\Sony\Sony PC Companion\PCCService.exe [155824 2013-02-04] (Avanquest Software)

==================== Drivers (Whitelisted) ====================

S3 Afc; C:\Windows\System32\drivers\Afc.sys [11776 2005-02-23] (Arcsoft, Inc.)
R2 KMDFMEMIO; C:\Windows\System32\DRIVERS\kmdfmemio.sys [13312 2007-06-01] (SAMSUNG ELECTRONICS CO., LTD.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231960 2014-01-25] (Microsoft Corporation)
S3 NuidFltr; C:\Windows\System32\DRIVERS\NuidFltr.sys [14736 2009-05-09] (Microsoft Corporation)
S3 usbser32; C:\Windows\System32\DRIVERS\usbser.sys [27648 2010-11-20] (Microsoft Corporation)
S3 w800bus; C:\Windows\System32\DRIVERS\w800bus.sys [60768 2005-06-13] (MCCI)
S3 w800mdfl; C:\Windows\System32\DRIVERS\w800mdfl.sys [9264 2005-06-13] (MCCI)
S3 w800mdm; C:\Windows\System32\DRIVERS\w800mdm.sys [96224 2005-06-13] (MCCI)
S3 w800mgmt; C:\Windows\System32\DRIVERS\w800mgmt.sys [87792 2005-06-13] (MCCI)
S3 w800obex; C:\Windows\System32\DRIVERS\w800obex.sys [85664 2005-06-13] (MCCI)
R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x86.sys [315392 2009-09-28] ()
U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\Users\BLUEJV~1\AppData\Local\Temp\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-12 08:55 - 2014-04-12 08:55 - 00987448 _____ () C:\Users\bluejvkeyes\Desktop\SecurityCheck.exe
2014-04-11 14:18 - 2014-04-11 14:18 - 02347384 _____ (ESET) C:\Users\bluejvkeyes\Downloads\esetsmartinstaller_enu.exe
2014-04-11 14:12 - 2014-03-06 10:02 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-04-11 14:12 - 2014-03-06 09:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-04-11 14:11 - 2014-03-06 11:19 - 17387008 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-11 14:11 - 2014-03-06 10:32 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-11 14:11 - 2014-03-06 10:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-04-11 14:11 - 2014-03-06 10:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-04-11 14:11 - 2014-03-06 10:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-04-11 14:11 - 2014-03-06 09:47 - 02178048 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-04-11 14:11 - 2014-03-06 09:46 - 04254720 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-04-11 14:11 - 2014-03-06 09:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-04-11 14:11 - 2014-03-06 09:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-04-11 14:11 - 2014-03-06 09:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-04-11 14:11 - 2014-03-06 09:38 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-04-11 14:11 - 2014-03-06 09:36 - 00592896 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-04-11 14:11 - 2014-03-06 09:28 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-04-11 14:11 - 2014-03-06 09:22 - 00367616 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-04-11 14:11 - 2014-03-06 09:18 - 00575488 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-04-11 14:11 - 2014-03-06 09:13 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-04-11 14:11 - 2014-03-06 09:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-04-11 14:11 - 2014-03-06 09:01 - 00244224 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-04-11 14:11 - 2014-03-06 08:46 - 00524288 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-04-11 14:11 - 2014-03-06 08:40 - 01967104 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-04-11 14:11 - 2014-03-06 08:36 - 11745792 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-04-11 14:11 - 2014-03-06 07:43 - 00704512 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-04-11 14:11 - 2014-03-06 07:41 - 01789440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-04-11 14:11 - 2014-03-06 07:36 - 01143808 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-04-10 10:37 - 2014-04-10 10:37 - 00001393 _____ () C:\Users\bluejvkeyes\Desktop\JRT.txt
2014-04-10 10:34 - 2014-04-10 10:34 - 00000000 ____D () C:\Windows\ERUNT
2014-04-10 10:33 - 2014-04-10 10:33 - 01016261 _____ (Thisisu) C:\Users\bluejvkeyes\Desktop\JRT.exe
2014-04-10 10:30 - 2014-04-10 10:30 - 00017499 _____ () C:\Users\bluejvkeyes\Desktop\AdwCleaner[S0].txt
2014-04-10 10:24 - 2014-04-10 10:27 - 00000000 ____D () C:\AdwCleaner
2014-04-10 10:22 - 2014-04-10 10:22 - 01426178 _____ () C:\Users\bluejvkeyes\Downloads\adwcleaner.exe
2014-04-10 10:19 - 2014-04-10 10:19 - 00018998 _____ () C:\Users\bluejvkeyes\Desktop\mbam.txt
2014-04-10 09:48 - 2014-04-10 10:17 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-10 09:47 - 2014-04-10 09:47 - 00001056 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-10 09:47 - 2014-04-10 09:47 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-10 09:47 - 2014-04-10 09:47 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-04-10 09:47 - 2014-04-03 09:51 - 00073432 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-10 09:47 - 2014-04-03 09:51 - 00051416 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-10 09:47 - 2014-04-03 09:50 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-10 09:47 - 2014-03-04 11:17 - 00868352 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-04-10 09:47 - 2014-02-04 04:07 - 00234432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2014-04-10 09:47 - 2014-02-04 04:07 - 00149440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-04-10 09:47 - 2014-02-04 04:07 - 00027072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2014-04-10 09:47 - 2014-02-04 04:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
2014-04-10 09:47 - 2014-01-24 04:18 - 01212352 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-04-10 09:43 - 2014-04-10 09:44 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\bluejvkeyes\Downloads\mbam-setup-2.0.1.1004.exe
2014-04-10 09:36 - 2014-04-10 10:11 - 00023428 _____ () C:\Windows\PFRO.log
2014-04-09 10:56 - 2014-04-09 10:56 - 00012637 _____ () C:\ComboFix.txt
2014-04-09 10:43 - 2014-04-09 10:56 - 00000000 ____D () C:\Qoobox
2014-04-09 10:43 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-04-09 10:43 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-04-09 10:43 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-04-09 10:43 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-04-09 10:43 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-04-09 10:43 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-04-09 10:43 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-04-09 10:43 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-04-09 10:42 - 2014-04-09 10:55 - 00000000 ____D () C:\Windows\erdnt
2014-04-09 10:24 - 2014-04-09 10:24 - 05194596 ____R (Swearware) C:\Users\bluejvkeyes\Desktop\ComboFix.exe
2014-04-09 10:20 - 2014-04-10 10:10 - 00000000 ____D () C:\ProgramData\jfp
2014-04-09 10:20 - 2014-04-09 10:20 - 00000000 ____D () C:\ProgramData\pkx
2014-04-09 10:20 - 2014-04-09 10:20 - 00000000 ____D () C:\ProgramData\icppmw
2014-04-08 09:29 - 2014-04-08 09:30 - 00023005 _____ () C:\Users\bluejvkeyes\Desktop\Addition.txt
2014-04-08 09:28 - 2014-04-12 08:58 - 00012934 _____ () C:\Users\bluejvkeyes\Desktop\FRST.txt
2014-04-08 09:28 - 2014-04-12 08:58 - 00000000 ____D () C:\FRST
2014-04-08 09:28 - 2014-04-08 09:28 - 01145856 _____ (Farbar) C:\Users\bluejvkeyes\Desktop\FRST.exe
2014-04-08 09:23 - 2014-04-08 09:23 - 00000484 _____ () C:\Users\bluejvkeyes\Downloads\defogger_disable.log
2014-04-08 09:23 - 2014-04-08 09:23 - 00000000 _____ () C:\Users\bluejvkeyes\defogger_reenable
2014-04-08 09:21 - 2014-04-08 09:21 - 00050477 _____ () C:\Users\bluejvkeyes\Downloads\Defogger.exe
2014-04-08 09:01 - 2014-04-10 10:10 - 00000000 ____D () C:\ProgramData\ptmm
2014-04-08 09:01 - 2014-04-09 10:20 - 00000000 ____D () C:\ProgramData\dykawl
2014-04-08 09:01 - 2014-04-08 09:01 - 00000000 ____D () C:\ProgramData\igr
2014-04-08 08:59 - 2014-04-10 10:11 - 00000000 ____D () C:\ProgramData\xci
2014-04-08 08:34 - 2014-04-10 10:11 - 00000000 ____D () C:\ProgramData\gbr
2014-04-08 08:34 - 2014-04-10 10:10 - 00000000 ____D () C:\ProgramData\dmbh
2014-04-08 08:34 - 2014-04-08 08:34 - 00000000 ____D () C:\ProgramData\tjlt
2014-04-08 08:31 - 2014-04-10 10:10 - 00000000 ____D () C:\ProgramData\xpe
2014-04-07 11:04 - 2014-04-10 10:10 - 00000000 ____D () C:\ProgramData\jonjldu
2014-04-07 11:04 - 2014-04-09 10:18 - 00000000 ____D () C:\ProgramData\mfgo
2014-04-07 11:04 - 2014-04-07 11:09 - 00000000 ____D () C:\ProgramData\dpypj
2014-04-07 11:04 - 2014-04-07 11:04 - 00000000 ____D () C:\ProgramData\muemw
2014-04-04 13:13 - 2014-04-07 11:09 - 00000000 ____D () C:\ProgramData\bxaoqa
2014-04-04 13:13 - 2014-04-07 11:04 - 00000000 ____D () C:\ProgramData\jyr
2014-04-04 13:13 - 2014-04-04 13:14 - 00000000 ____D () C:\ProgramData\qmccg
2014-04-03 13:32 - 2014-04-10 10:11 - 00000000 ____D () C:\ProgramData\rtyeusg
2014-04-03 13:32 - 2014-04-10 10:11 - 00000000 ____D () C:\ProgramData\goo
2014-04-03 13:32 - 2014-04-10 09:39 - 00000000 ____D () C:\ProgramData\vxdg
2014-04-03 13:32 - 2014-04-10 09:39 - 00000000 ____D () C:\ProgramData\gylokkk
2014-04-03 13:32 - 2014-04-03 13:32 - 00000000 ____D () C:\ProgramData\ouan
2014-04-03 13:29 - 2014-04-10 10:10 - 00000000 ____D () C:\ProgramData\nhvfg
2014-04-03 13:28 - 2014-04-09 10:35 - 00000000 ___HD () C:\Users\bluejvkeyes\AppData\Local\Eiepxwigmy
2014-04-03 13:25 - 2014-04-10 10:10 - 00000000 ___HD () C:\Users\bluejvkeyes\AppData\Roaming\Qaywk
2014-04-03 13:24 - 2014-04-10 10:10 - 00000000 ___HD () C:\Users\bluejvkeyes\AppData\Local\Lbovygvrj
2014-03-29 22:46 - 2014-03-29 22:46 - 00000000 ____D () C:\Users\bluejvkeyes\AppData\Roaming\RavensburgerTipToi
2014-03-29 22:45 - 2014-03-29 22:46 - 00000000 ____D () C:\ProgramData\RavensburgerTipToi
2014-03-29 22:45 - 2014-03-29 22:45 - 00001026 _____ () C:\Users\bluejvkeyes\Desktop\tiptoi.lnk
2014-03-29 22:45 - 2014-03-29 22:45 - 00000000 ____D () C:\Users\bluejvkeyes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\tiptoi® Manager
2014-03-29 22:45 - 2014-03-29 22:45 - 00000000 ____D () C:\Program Files\Ravensburger tiptoi
2014-03-29 08:59 - 2014-03-29 09:00 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-03-29 08:22 - 2014-03-29 08:22 - 00002170 _____ () C:\Users\Public\Desktop\Google Earth.lnk
2014-03-29 08:17 - 2014-03-29 08:18 - 00847824 _____ (Google Inc.) C:\Users\bluejvkeyes\Downloads\GoogleEarthSetup.exe
2014-03-29 08:12 - 2014-03-29 08:13 - 00848000 _____ (Google Inc.) C:\Users\bluejvkeyes\Downloads\googleupdatesetup(3).exe
2014-03-29 08:10 - 2014-03-29 08:10 - 00848000 _____ (Google Inc.) C:\Users\bluejvkeyes\Downloads\googleupdatesetup(2).exe
2014-03-29 08:09 - 2014-03-29 08:09 - 00848000 _____ (Google Inc.) C:\Users\bluejvkeyes\Downloads\googleupdatesetup(1).exe
2014-03-28 15:50 - 2014-03-28 15:50 - 00024598 _____ () C:\Users\bluejvkeyes\Downloads\Kinder-(3)
2014-03-28 15:46 - 2014-03-28 15:46 - 00023286 _____ () C:\Users\bluejvkeyes\Downloads\Kinder-(2)
2014-03-28 15:44 - 2014-03-28 15:44 - 00023046 _____ () C:\Users\bluejvkeyes\Downloads\Kinder-(1)
2014-03-28 15:16 - 2014-04-10 09:40 - 00013244 _____ () C:\Windows\DPINST.LOG
2014-03-24 22:25 - 2014-03-24 22:25 - 00001753 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-03-24 22:23 - 2014-03-24 22:25 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-03-24 22:23 - 2014-03-24 22:25 - 00000000 ____D () C:\Program Files\iTunes
2014-03-24 22:23 - 2014-03-24 22:23 - 00000000 ____D () C:\Program Files\iPod
2014-03-21 14:45 - 2014-03-25 00:42 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2014-03-18 13:28 - 2014-04-07 11:09 - 00000000 ____D () C:\Users\bluejvkeyes\Documents\aufbauanleitungen playmobil
2014-03-18 10:41 - 2014-04-11 19:22 - 00002253 _____ () C:\Windows\setupact.log
2014-03-18 10:41 - 2014-03-18 10:41 - 00000000 _____ () C:\Windows\setuperr.log
2014-03-14 13:51 - 2014-02-07 03:07 - 02349056 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-14 13:51 - 2014-02-04 04:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-14 13:51 - 2014-01-28 04:07 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-03-14 13:50 - 2014-02-04 04:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-03-14 13:50 - 2014-01-29 04:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll

==================== One Month Modified Files and Folders =======

2014-04-12 08:58 - 2014-04-08 09:28 - 00012934 _____ () C:\Users\bluejvkeyes\Desktop\FRST.txt
2014-04-12 08:58 - 2014-04-08 09:28 - 00000000 ____D () C:\FRST
2014-04-12 08:55 - 2014-04-12 08:55 - 00987448 _____ () C:\Users\bluejvkeyes\Desktop\SecurityCheck.exe
2014-04-12 08:48 - 2012-08-08 13:43 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-12 08:47 - 2012-03-13 00:25 - 00001108 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-11 19:55 - 2010-06-04 21:21 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-11 19:29 - 2012-08-08 22:41 - 01628034 _____ () C:\Windows\WindowsUpdate.log
2014-04-11 19:29 - 2009-07-14 06:34 - 00014928 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-11 19:29 - 2009-07-14 06:34 - 00014928 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-11 19:25 - 2012-03-13 00:25 - 00001104 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-11 19:25 - 2010-06-11 21:22 - 00000000 ____D () C:\Users\bluejvkeyes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite
2014-04-11 19:24 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-11 19:22 - 2014-03-18 10:41 - 00002253 _____ () C:\Windows\setupact.log
2014-04-11 18:29 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\de-DE
2014-04-11 14:18 - 2014-04-11 14:18 - 02347384 _____ (ESET) C:\Users\bluejvkeyes\Downloads\esetsmartinstaller_enu.exe
2014-04-11 14:11 - 2013-08-16 00:19 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-11 14:08 - 2010-06-04 21:32 - 88028728 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-04-10 13:05 - 2012-09-02 21:45 - 00000000 ____D () C:\Users\bluejvkeyes\Documents\pippifax
2014-04-10 10:37 - 2014-04-10 10:37 - 00001393 _____ () C:\Users\bluejvkeyes\Desktop\JRT.txt
2014-04-10 10:34 - 2014-04-10 10:34 - 00000000 ____D () C:\Windows\ERUNT
2014-04-10 10:33 - 2014-04-10 10:33 - 01016261 _____ (Thisisu) C:\Users\bluejvkeyes\Desktop\JRT.exe
2014-04-10 10:30 - 2014-04-10 10:30 - 00017499 _____ () C:\Users\bluejvkeyes\Desktop\AdwCleaner[S0].txt
2014-04-10 10:27 - 2014-04-10 10:24 - 00000000 ____D () C:\AdwCleaner
2014-04-10 10:22 - 2014-04-10 10:22 - 01426178 _____ () C:\Users\bluejvkeyes\Downloads\adwcleaner.exe
2014-04-10 10:19 - 2014-04-10 10:19 - 00018998 _____ () C:\Users\bluejvkeyes\Desktop\mbam.txt
2014-04-10 10:17 - 2014-04-10 09:48 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-10 10:11 - 2014-04-10 09:36 - 00023428 _____ () C:\Windows\PFRO.log
2014-04-10 10:11 - 2014-04-08 08:59 - 00000000 ____D () C:\ProgramData\xci
2014-04-10 10:11 - 2014-04-08 08:34 - 00000000 ____D () C:\ProgramData\gbr
2014-04-10 10:11 - 2014-04-03 13:32 - 00000000 ____D () C:\ProgramData\rtyeusg
2014-04-10 10:11 - 2014-04-03 13:32 - 00000000 ____D () C:\ProgramData\goo
2014-04-10 10:11 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\registration
2014-04-10 10:10 - 2014-04-09 10:20 - 00000000 ____D () C:\ProgramData\jfp
2014-04-10 10:10 - 2014-04-08 09:01 - 00000000 ____D () C:\ProgramData\ptmm
2014-04-10 10:10 - 2014-04-08 08:34 - 00000000 ____D () C:\ProgramData\dmbh
2014-04-10 10:10 - 2014-04-08 08:31 - 00000000 ____D () C:\ProgramData\xpe
2014-04-10 10:10 - 2014-04-07 11:04 - 00000000 ____D () C:\ProgramData\jonjldu
2014-04-10 10:10 - 2014-04-03 13:29 - 00000000 ____D () C:\ProgramData\nhvfg
2014-04-10 10:10 - 2014-04-03 13:25 - 00000000 ___HD () C:\Users\bluejvkeyes\AppData\Roaming\Qaywk
2014-04-10 10:10 - 2014-04-03 13:24 - 00000000 ___HD () C:\Users\bluejvkeyes\AppData\Local\Lbovygvrj
2014-04-10 09:47 - 2014-04-10 09:47 - 00001056 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-10 09:47 - 2014-04-10 09:47 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-10 09:47 - 2014-04-10 09:47 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-04-10 09:44 - 2014-04-10 09:43 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\bluejvkeyes\Downloads\mbam-setup-2.0.1.1004.exe
2014-04-10 09:40 - 2014-03-28 15:16 - 00013244 _____ () C:\Windows\DPINST.LOG
2014-04-10 09:39 - 2014-04-03 13:32 - 00000000 ____D () C:\ProgramData\vxdg
2014-04-10 09:39 - 2014-04-03 13:32 - 00000000 ____D () C:\ProgramData\gylokkk
2014-04-09 10:56 - 2014-04-09 10:56 - 00012637 _____ () C:\ComboFix.txt
2014-04-09 10:56 - 2014-04-09 10:43 - 00000000 ____D () C:\Qoobox
2014-04-09 10:56 - 2009-07-14 04:37 - 00000000 ___RD () C:\Users\Public
2014-04-09 10:55 - 2014-04-09 10:42 - 00000000 ____D () C:\Windows\erdnt
2014-04-09 10:54 - 2009-07-14 04:04 - 00000215 _____ () C:\Windows\system.ini
2014-04-09 10:35 - 2014-04-03 13:28 - 00000000 ___HD () C:\Users\bluejvkeyes\AppData\Local\Eiepxwigmy
2014-04-09 10:24 - 2014-04-09 10:24 - 05194596 ____R (Swearware) C:\Users\bluejvkeyes\Desktop\ComboFix.exe
2014-04-09 10:20 - 2014-04-09 10:20 - 00000000 ____D () C:\ProgramData\pkx
2014-04-09 10:20 - 2014-04-09 10:20 - 00000000 ____D () C:\ProgramData\icppmw
2014-04-09 10:20 - 2014-04-08 09:01 - 00000000 ____D () C:\ProgramData\dykawl
2014-04-09 10:18 - 2014-04-07 11:04 - 00000000 ____D () C:\ProgramData\mfgo
2014-04-08 09:30 - 2014-04-08 09:29 - 00023005 _____ () C:\Users\bluejvkeyes\Desktop\Addition.txt
2014-04-08 09:28 - 2014-04-08 09:28 - 01145856 _____ (Farbar) C:\Users\bluejvkeyes\Desktop\FRST.exe
2014-04-08 09:23 - 2014-04-08 09:23 - 00000484 _____ () C:\Users\bluejvkeyes\Downloads\defogger_disable.log
2014-04-08 09:23 - 2014-04-08 09:23 - 00000000 _____ () C:\Users\bluejvkeyes\defogger_reenable
2014-04-08 09:23 - 2010-06-04 21:21 - 00000000 ____D () C:\Users\bluejvkeyes
2014-04-08 09:21 - 2014-04-08 09:21 - 00050477 _____ () C:\Users\bluejvkeyes\Downloads\Defogger.exe
2014-04-08 09:01 - 2014-04-08 09:01 - 00000000 ____D () C:\ProgramData\igr
2014-04-08 08:59 - 2010-06-05 00:45 - 00120472 _____ () C:\Users\bluejvkeyes\AppData\Local\GDIPFONTCACHEV1.DAT
2014-04-08 08:45 - 2009-07-14 06:33 - 00424416 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-04-08 08:40 - 2010-06-11 22:52 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-04-08 08:34 - 2014-04-08 08:34 - 00000000 ____D () C:\ProgramData\tjlt
2014-04-07 11:09 - 2014-04-07 11:04 - 00000000 ____D () C:\ProgramData\dpypj
2014-04-07 11:09 - 2014-04-04 13:13 - 00000000 ____D () C:\ProgramData\bxaoqa
2014-04-07 11:09 - 2014-03-18 13:28 - 00000000 ____D () C:\Users\bluejvkeyes\Documents\aufbauanleitungen playmobil
2014-04-07 11:04 - 2014-04-07 11:04 - 00000000 ____D () C:\ProgramData\muemw
2014-04-07 11:04 - 2014-04-04 13:13 - 00000000 ____D () C:\ProgramData\jyr
2014-04-04 13:14 - 2014-04-04 13:13 - 00000000 ____D () C:\ProgramData\qmccg
2014-04-03 14:11 - 2011-01-26 22:43 - 00001912 _____ () C:\Windows\epplauncher.mif
2014-04-03 14:11 - 2011-01-26 22:42 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-04-03 13:32 - 2014-04-03 13:32 - 00000000 ____D () C:\ProgramData\ouan
2014-04-03 09:51 - 2014-04-10 09:47 - 00073432 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-03 09:51 - 2014-04-10 09:47 - 00051416 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-03 09:50 - 2014-04-10 09:47 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-01 14:19 - 2010-06-11 23:20 - 00000000 ____D () C:\ProgramData\CanonIJPLM
2014-04-01 11:07 - 2010-06-14 22:10 - 00000000 ____D () C:\Users\bluejvkeyes\AppData\Roaming\ZoomBrowser EX
2014-04-01 11:04 - 2010-06-11 22:33 - 00000000 ____D () C:\ProgramData\ZoomBrowser
2014-03-30 21:26 - 2012-05-09 21:28 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-03-29 22:46 - 2014-03-29 22:46 - 00000000 ____D () C:\Users\bluejvkeyes\AppData\Roaming\RavensburgerTipToi
2014-03-29 22:46 - 2014-03-29 22:45 - 00000000 ____D () C:\ProgramData\RavensburgerTipToi
2014-03-29 22:45 - 2014-03-29 22:45 - 00001026 _____ () C:\Users\bluejvkeyes\Desktop\tiptoi.lnk
2014-03-29 22:45 - 2014-03-29 22:45 - 00000000 ____D () C:\Users\bluejvkeyes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\tiptoi® Manager
2014-03-29 22:45 - 2014-03-29 22:45 - 00000000 ____D () C:\Program Files\Ravensburger tiptoi
2014-03-29 09:00 - 2014-03-29 08:59 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-03-29 08:22 - 2014-03-29 08:22 - 00002170 _____ () C:\Users\Public\Desktop\Google Earth.lnk
2014-03-29 08:21 - 2010-06-11 21:41 - 00000000 ____D () C:\Users\bluejvkeyes\AppData\Local\Google
2014-03-29 08:21 - 2010-06-11 21:41 - 00000000 ____D () C:\Program Files\Google
2014-03-29 08:18 - 2014-03-29 08:17 - 00847824 _____ (Google Inc.) C:\Users\bluejvkeyes\Downloads\GoogleEarthSetup.exe
2014-03-29 08:13 - 2014-03-29 08:12 - 00848000 _____ (Google Inc.) C:\Users\bluejvkeyes\Downloads\googleupdatesetup(3).exe
2014-03-29 08:10 - 2014-03-29 08:10 - 00848000 _____ (Google Inc.) C:\Users\bluejvkeyes\Downloads\googleupdatesetup(2).exe
2014-03-29 08:09 - 2014-03-29 08:09 - 00848000 _____ (Google Inc.) C:\Users\bluejvkeyes\Downloads\googleupdatesetup(1).exe
2014-03-28 15:50 - 2014-03-28 15:50 - 00024598 _____ () C:\Users\bluejvkeyes\Downloads\Kinder-(3)
2014-03-28 15:46 - 2014-03-28 15:46 - 00023286 _____ () C:\Users\bluejvkeyes\Downloads\Kinder-(2)
2014-03-28 15:44 - 2014-03-28 15:44 - 00023046 _____ () C:\Users\bluejvkeyes\Downloads\Kinder-(1)
2014-03-28 15:16 - 2014-01-16 14:01 - 00001972 _____ () C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
2014-03-28 15:15 - 2010-06-09 14:20 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-03-25 00:42 - 2014-03-21 14:45 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2014-03-24 22:25 - 2014-03-24 22:25 - 00001753 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-03-24 22:25 - 2014-03-24 22:23 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-03-24 22:25 - 2014-03-24 22:23 - 00000000 ____D () C:\Program Files\iTunes
2014-03-24 22:23 - 2014-03-24 22:23 - 00000000 ____D () C:\Program Files\iPod
2014-03-24 22:23 - 2010-08-08 21:02 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-03-18 14:45 - 2010-08-04 13:29 - 00000000 ____D () C:\ProgramData\CanonIJ
2014-03-18 10:41 - 2014-03-18 10:41 - 00000000 _____ () C:\Windows\setuperr.log
2014-03-17 21:18 - 2009-07-14 06:53 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT

Some content of TEMP:
====================
C:\Users\bluejvkeyes\AppData\Local\temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-04-10 11:23

==================== End Of Log ============================
--- --- ---

--- --- ---

schrauber 13.04.2014 16:44
Java updaten. Das Backup auf H löschen.


Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
HKU\.DEFAULT\...\Winlogon: [Shell] C:\ProgramData\xci\gcwhf.exe,explorer.exe <==== ATTENTION
HKU\S-1-5-21-39800961-588471803-1280384396-1001\...\Winlogon: [Shell] C:\ProgramData\rtyeusg\otptq.exe,explorer.exe <==== ATTENTION
2014-04-09 10:20 - 2014-04-10 10:10 - 00000000 ____D () C:\ProgramData\jfp
2014-04-09 10:20 - 2014-04-09 10:20 - 00000000 ____D () C:\ProgramData\pkx
2014-04-09 10:20 - 2014-04-09 10:20 - 00000000 ____D () C:\ProgramData\icppmw
2014-04-08 09:01 - 2014-04-10 10:10 - 00000000 ____D () C:\ProgramData\ptmm
2014-04-08 09:01 - 2014-04-09 10:20 - 00000000 ____D () C:\ProgramData\dykawl
2014-04-08 09:01 - 2014-04-08 09:01 - 00000000 ____D () C:\ProgramData\igr
2014-04-08 08:59 - 2014-04-10 10:11 - 00000000 ____D () C:\ProgramData\xci
2014-04-08 08:34 - 2014-04-10 10:11 - 00000000 ____D () C:\ProgramData\gbr
2014-04-08 08:34 - 2014-04-10 10:10 - 00000000 ____D () C:\ProgramData\dmbh
2014-04-08 08:34 - 2014-04-08 08:34 - 00000000 ____D () C:\ProgramData\tjlt
2014-04-08 08:31 - 2014-04-10 10:10 - 00000000 ____D () C:\ProgramData\xpe
2014-04-07 11:04 - 2014-04-10 10:10 - 00000000 ____D () C:\ProgramData\jonjldu
2014-04-07 11:04 - 2014-04-09 10:18 - 00000000 ____D () C:\ProgramData\mfgo
2014-04-07 11:04 - 2014-04-07 11:09 - 00000000 ____D () C:\ProgramData\dpypj
2014-04-07 11:04 - 2014-04-07 11:04 - 00000000 ____D () C:\ProgramData\muemw
2014-04-04 13:13 - 2014-04-07 11:09 - 00000000 ____D () C:\ProgramData\bxaoqa
2014-04-04 13:13 - 2014-04-07 11:04 - 00000000 ____D () C:\ProgramData\jyr
2014-04-04 13:13 - 2014-04-04 13:14 - 00000000 ____D () C:\ProgramData\qmccg
2014-04-03 13:32 - 2014-04-10 10:11 - 00000000 ____D () C:\ProgramData\rtyeusg
2014-04-03 13:32 - 2014-04-10 10:11 - 00000000 ____D () C:\ProgramData\goo
2014-04-03 13:32 - 2014-04-10 09:39 - 00000000 ____D () C:\ProgramData\vxdg
2014-04-03 13:32 - 2014-04-10 09:39 - 00000000 ____D () C:\ProgramData\gylokkk
2014-04-03 13:32 - 2014-04-03 13:32 - 00000000 ____D () C:\ProgramData\ouan
2014-04-03 13:29 - 2014-04-10 10:10 - 00000000 ____D () C:\ProgramData\nhvfg
2014-04-03 13:28 - 2014-04-09 10:35 - 00000000 ___HD () C:\Users\bluejvkeyes\AppData\Local\Eiepxwigmy
2014-04-03 13:25 - 2014-04-10 10:10 - 00000000 ___HD () C:\Users\bluejvkeyes\AppData\Roaming\Qaywk
2014-04-03 13:24 - 2014-04-10 10:10 - 00000000 ___HD () C:\Users\bluejvkeyes\AppData\Local\Lbovygvrj

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.






Downloade Dir bitte TFC ( von Oldtimer ) und speichere die Datei auf dem Desktop.
Schließe nun alle offenen Programme und trenne Dich von dem Internet.
Doppelklick auf die TFC.exe und drücke auf Start.
Sollte TFC nicht alle Dateien löschen können wird es einen Neustart verlangen. Dies bitte zulassen.



Frisches FRST log bitte.

Sunny Blue 13.04.2014 20:13
So Java ist auf dem neuestem Stand, Backup ist gelöscht, ein anderes hab ich jetzt auch nicht mehr, also Bitte nicht doch noch auf den letzten Metern sagen, ich müßte den Rechner platt machen....aber bis jetzt bin ich weiterhin optimistisch !!!
!!!DANK EUCH!!!

Fixlog.txt:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 13-04-2014
Ran by bluejvkeyes at 2014-04-13 20:47:07 Run:1
Running from C:\Users\bluejvkeyes\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
HKU\.DEFAULT\...\Winlogon: [Shell] C:\ProgramData\xci\gcwhf.exe,explorer.exe <==== ATTENTION
HKU\S-1-5-21-39800961-588471803-1280384396-1001\...\Winlogon: [Shell] C:\ProgramData\rtyeusg\otptq.exe,explorer.exe <==== ATTENTION
2014-04-09 10:20 - 2014-04-10 10:10 - 00000000 ____D () C:\ProgramData\jfp
2014-04-09 10:20 - 2014-04-09 10:20 - 00000000 ____D () C:\ProgramData\pkx
2014-04-09 10:20 - 2014-04-09 10:20 - 00000000 ____D () C:\ProgramData\icppmw
2014-04-08 09:01 - 2014-04-10 10:10 - 00000000 ____D () C:\ProgramData\ptmm
2014-04-08 09:01 - 2014-04-09 10:20 - 00000000 ____D () C:\ProgramData\dykawl
2014-04-08 09:01 - 2014-04-08 09:01 - 00000000 ____D () C:\ProgramData\igr
2014-04-08 08:59 - 2014-04-10 10:11 - 00000000 ____D () C:\ProgramData\xci
2014-04-08 08:34 - 2014-04-10 10:11 - 00000000 ____D () C:\ProgramData\gbr
2014-04-08 08:34 - 2014-04-10 10:10 - 00000000 ____D () C:\ProgramData\dmbh
2014-04-08 08:34 - 2014-04-08 08:34 - 00000000 ____D () C:\ProgramData\tjlt
2014-04-08 08:31 - 2014-04-10 10:10 - 00000000 ____D () C:\ProgramData\xpe
2014-04-07 11:04 - 2014-04-10 10:10 - 00000000 ____D () C:\ProgramData\jonjldu
2014-04-07 11:04 - 2014-04-09 10:18 - 00000000 ____D () C:\ProgramData\mfgo
2014-04-07 11:04 - 2014-04-07 11:09 - 00000000 ____D () C:\ProgramData\dpypj
2014-04-07 11:04 - 2014-04-07 11:04 - 00000000 ____D () C:\ProgramData\muemw
2014-04-04 13:13 - 2014-04-07 11:09 - 00000000 ____D () C:\ProgramData\bxaoqa
2014-04-04 13:13 - 2014-04-07 11:04 - 00000000 ____D () C:\ProgramData\jyr
2014-04-04 13:13 - 2014-04-04 13:14 - 00000000 ____D () C:\ProgramData\qmccg
2014-04-03 13:32 - 2014-04-10 10:11 - 00000000 ____D () C:\ProgramData\rtyeusg
2014-04-03 13:32 - 2014-04-10 10:11 - 00000000 ____D () C:\ProgramData\goo
2014-04-03 13:32 - 2014-04-10 09:39 - 00000000 ____D () C:\ProgramData\vxdg
2014-04-03 13:32 - 2014-04-10 09:39 - 00000000 ____D () C:\ProgramData\gylokkk
2014-04-03 13:32 - 2014-04-03 13:32 - 00000000 ____D () C:\ProgramData\ouan
2014-04-03 13:29 - 2014-04-10 10:10 - 00000000 ____D () C:\ProgramData\nhvfg
2014-04-03 13:28 - 2014-04-09 10:35 - 00000000 ___HD () C:\Users\bluejvkeyes\AppData\Local\Eiepxwigmy
2014-04-03 13:25 - 2014-04-10 10:10 - 00000000 ___HD () C:\Users\bluejvkeyes\AppData\Roaming\Qaywk
2014-04-03 13:24 - 2014-04-10 10:10 - 00000000 ___HD () C:\Users\bluejvkeyes\AppData\Local\Lbovygvrj

*****************

HKU\.DEFAULT\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value deleted successfully.
HKU\S-1-5-21-39800961-588471803-1280384396-1001\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value deleted successfully.
C:\ProgramData\jfp => Moved successfully.
C:\ProgramData\pkx => Moved successfully.
C:\ProgramData\icppmw => Moved successfully.
C:\ProgramData\ptmm => Moved successfully.
C:\ProgramData\dykawl => Moved successfully.
C:\ProgramData\igr => Moved successfully.
C:\ProgramData\xci => Moved successfully.
C:\ProgramData\gbr => Moved successfully.
C:\ProgramData\dmbh => Moved successfully.
C:\ProgramData\tjlt => Moved successfully.
C:\ProgramData\xpe => Moved successfully.
C:\ProgramData\jonjldu => Moved successfully.
C:\ProgramData\mfgo => Moved successfully.
C:\ProgramData\dpypj => Moved successfully.
C:\ProgramData\muemw => Moved successfully.
C:\ProgramData\bxaoqa => Moved successfully.
C:\ProgramData\jyr => Moved successfully.
C:\ProgramData\qmccg => Moved successfully.
C:\ProgramData\rtyeusg => Moved successfully.
C:\ProgramData\goo => Moved successfully.
C:\ProgramData\vxdg => Moved successfully.
C:\ProgramData\gylokkk => Moved successfully.
C:\ProgramData\ouan => Moved successfully.
C:\ProgramData\nhvfg => Moved successfully.
C:\Users\bluejvkeyes\AppData\Local\Eiepxwigmy => Moved successfully.
C:\Users\bluejvkeyes\AppData\Roaming\Qaywk => Moved successfully.
C:\Users\bluejvkeyes\AppData\Local\Lbovygvrj => Moved successfully.

==== End of Fixlog ====

TFC.exe habe ich ausgeführt.

Frisch:
C:\FRST.txt
FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-04-2014
Ran by bluejvkeyes (administrator) on BLUEJVKEYES-PC on 13-04-2014 21:03:16
Running from C:\Users\bluejvkeyes\Desktop
Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: Downloading Farbar Recovery Scan Tool
Download link for 64-Bit Version: Downloading Farbar Recovery Scan Tool
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
(TomTom) C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.23.9\GoogleCrashHandler.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(CyberLink) C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
(CyberLink Corp.) C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(CANON INC.) C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Sony) C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe
(TomTom) C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
() C:\Program Files\Sony\Sony PC Companion\PCCompanionInfo.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(MAGIX AG) C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-04] (Intel Corporation)
HKLM\...\Run: [CLMLServer] => C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe [103720 2008-12-24] (CyberLink)
HKLM\...\Run: [UpdateP2GoShortCut] => C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [218408 2009-02-25] (CyberLink Corp.)
HKLM\...\Run: [RemoteControl8] => C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe [91432 2009-04-15] (CyberLink Corp.)
HKLM\...\Run: [PDVD8LanguageShortcut] => C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe [50472 2009-04-15] (CyberLink Corp.)
HKLM\...\Run: [UpdatePPShortCut] => C:\Program Files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe [218408 2008-12-03] (CyberLink Corp.)
HKLM\...\Run: [UpdatePSTShortCut] => C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe [210216 2009-03-12] (CyberLink Corp.)
HKLM\...\Run: [CanonSolutionMenu] => C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [689488 2008-03-10] (CANON INC.)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [1848648 2008-03-17] (CANON INC.)
HKLM\...\Run: [IJNetworkScanUtility] => C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE [128352 2007-11-19] (CANON INC.)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-06] (Apple Inc.)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [951576 2014-03-11] (Microsoft Corporation)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2012-04-18] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [1425208 2012-09-20] (Logitech, Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKU\S-1-5-21-39800961-588471803-1280384396-1001\...\Run: [Sidebar] => C:\Program Files\Windows Sidebar\sidebar.exe [1174016 2010-11-20] (Microsoft Corporation)
HKU\S-1-5-21-39800961-588471803-1280384396-1001\...\Run: [Sony PC Companion] => C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe [449760 2013-10-31] (Sony)
HKU\S-1-5-21-39800961-588471803-1280384396-1001\...\Run: [TomTomHOME.exe] => C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe [248208 2013-07-02] (TomTom)
HKU\S-1-5-21-39800961-588471803-1280384396-1001\...\Run: [Power2GoExpress] => [X]

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Sign In
SearchScopes: HKLM - DefaultScope value is missing.
BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: Yahoo! Toolbar - {EF2D6E36-5C05-4F40-B861-9E909B5BAE09} - C:\Users\bluejvkeyes\AppData\Roaming\YahooToolbar\IE\YahooToolbar.dll (Yahoo! Inc.)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\bluejvkeyes\AppData\Roaming\Mozilla\Firefox\Profiles\ah294i5n.default
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.berlinerhaie.com/index.php
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_182.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @canon.com/MycameraPlugin - C:\Program Files\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @google.com/npPicasa3,version=3.0.0 - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @playstation.com/PsndlCheck,version=1.00 - C:\Program Files\Sony\PLAYSTATION Network Downloader\nppsndl.dll (Sony Computer Entertainment Inc.)
FF Plugin: @SonyCreativeSoftware.com/Media Go,version=1.0 - C:\Program Files\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Microsoft .NET Framework Assistant - C:\Users\bluejvkeyes\AppData\Roaming\Mozilla\Firefox\Profiles\ah294i5n.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010-07-02]
FF Extension: Yahoo! Toolbar - C:\Program Files\Mozilla Firefox\extensions\{52c732b8-d108-4aae-b327-4b16b66dda26} [2014-03-29]
FF Extension: Skype extension for Firefox - C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2014-03-29]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2014-03-29]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-03-29]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2014-03-29]

========================== Services (Whitelisted) =================

R2 Fabs; C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe [1858048 2012-01-23] (MAGIX AG)
S3 FirebirdServerMAGIXInstance; C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe [2702848 2011-04-26] (MAGIX®)
R2 IJPLMSVC; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [103808 2008-01-22] ()
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2014-03-11] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [279776 2014-03-11] (Microsoft Corporation)
S3 Sony PC Companion; C:\Program Files\Sony\Sony PC Companion\PCCService.exe [155824 2013-02-04] (Avanquest Software)

==================== Drivers (Whitelisted) ====================

S3 Afc; C:\Windows\System32\drivers\Afc.sys [11776 2005-02-23] (Arcsoft, Inc.)
R2 KMDFMEMIO; C:\Windows\System32\DRIVERS\kmdfmemio.sys [13312 2007-06-01] (SAMSUNG ELECTRONICS CO., LTD.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231960 2014-01-25] (Microsoft Corporation)
S3 NuidFltr; C:\Windows\System32\DRIVERS\NuidFltr.sys [14736 2009-05-09] (Microsoft Corporation)
S3 usbser32; C:\Windows\System32\DRIVERS\usbser.sys [27648 2010-11-20] (Microsoft Corporation)
S3 w800bus; C:\Windows\System32\DRIVERS\w800bus.sys [60768 2005-06-13] (MCCI)
S3 w800mdfl; C:\Windows\System32\DRIVERS\w800mdfl.sys [9264 2005-06-13] (MCCI)
S3 w800mdm; C:\Windows\System32\DRIVERS\w800mdm.sys [96224 2005-06-13] (MCCI)
S3 w800mgmt; C:\Windows\System32\DRIVERS\w800mgmt.sys [87792 2005-06-13] (MCCI)
S3 w800obex; C:\Windows\System32\DRIVERS\w800obex.sys [85664 2005-06-13] (MCCI)
R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x86.sys [315392 2009-09-28] ()
U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\Users\BLUEJV~1\AppData\Local\Temp\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-13 20:48 - 2014-04-13 20:48 - 00448512 _____ (OldTimer Tools) C:\Users\bluejvkeyes\Desktop\TFC.exe
2014-04-13 20:46 - 2014-04-13 20:46 - 00000000 ____D () C:\Users\bluejvkeyes\Desktop\FRST-OlderVersion
2014-04-13 20:36 - 2014-04-13 20:36 - 00921000 _____ (Oracle Corporation) C:\Users\bluejvkeyes\Downloads\jxpiinstall(1).exe
2014-04-13 20:26 - 2014-04-13 20:26 - 00000000 ____D () C:\ProgramData\Oracle
2014-04-13 20:26 - 2014-04-13 20:26 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-04-13 20:25 - 2014-04-13 20:25 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-04-13 20:25 - 2014-04-13 20:25 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-04-13 20:25 - 2014-04-13 20:25 - 00174504 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-04-13 20:25 - 2014-04-13 20:25 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-04-13 20:23 - 2014-04-13 20:23 - 00921000 _____ (Oracle Corporation) C:\Users\bluejvkeyes\Downloads\jxpiinstall.exe
2014-04-12 08:55 - 2014-04-12 08:55 - 00987448 _____ () C:\Users\bluejvkeyes\Desktop\SecurityCheck.exe
2014-04-11 14:18 - 2014-04-11 14:18 - 02347384 _____ (ESET) C:\Users\bluejvkeyes\Downloads\esetsmartinstaller_enu.exe
2014-04-11 14:12 - 2014-03-06 10:02 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-04-11 14:12 - 2014-03-06 09:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-04-11 14:11 - 2014-03-06 11:19 - 17387008 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-11 14:11 - 2014-03-06 10:32 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-11 14:11 - 2014-03-06 10:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-04-11 14:11 - 2014-03-06 10:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-04-11 14:11 - 2014-03-06 10:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-04-11 14:11 - 2014-03-06 09:47 - 02178048 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-04-11 14:11 - 2014-03-06 09:46 - 04254720 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-04-11 14:11 - 2014-03-06 09:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-04-11 14:11 - 2014-03-06 09:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-04-11 14:11 - 2014-03-06 09:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-04-11 14:11 - 2014-03-06 09:38 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-04-11 14:11 - 2014-03-06 09:36 - 00592896 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-04-11 14:11 - 2014-03-06 09:28 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-04-11 14:11 - 2014-03-06 09:22 - 00367616 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-04-11 14:11 - 2014-03-06 09:18 - 00575488 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-04-11 14:11 - 2014-03-06 09:13 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-04-11 14:11 - 2014-03-06 09:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-04-11 14:11 - 2014-03-06 09:01 - 00244224 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-04-11 14:11 - 2014-03-06 08:46 - 00524288 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-04-11 14:11 - 2014-03-06 08:40 - 01967104 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-04-11 14:11 - 2014-03-06 08:36 - 11745792 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-04-11 14:11 - 2014-03-06 07:43 - 00704512 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-04-11 14:11 - 2014-03-06 07:41 - 01789440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-04-11 14:11 - 2014-03-06 07:36 - 01143808 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-04-10 10:37 - 2014-04-10 10:37 - 00001393 _____ () C:\Users\bluejvkeyes\Desktop\JRT.txt
2014-04-10 10:34 - 2014-04-10 10:34 - 00000000 ____D () C:\Windows\ERUNT
2014-04-10 10:33 - 2014-04-10 10:33 - 01016261 _____ (Thisisu) C:\Users\bluejvkeyes\Desktop\JRT.exe
2014-04-10 10:30 - 2014-04-10 10:30 - 00017499 _____ () C:\Users\bluejvkeyes\Desktop\AdwCleaner[S0].txt
2014-04-10 10:24 - 2014-04-10 10:27 - 00000000 ____D () C:\AdwCleaner
2014-04-10 10:22 - 2014-04-10 10:22 - 01426178 _____ () C:\Users\bluejvkeyes\Downloads\adwcleaner.exe
2014-04-10 10:19 - 2014-04-10 10:19 - 00018998 _____ () C:\Users\bluejvkeyes\Desktop\mbam.txt
2014-04-10 09:48 - 2014-04-10 10:17 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-10 09:47 - 2014-04-10 09:47 - 00001056 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-10 09:47 - 2014-04-10 09:47 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-10 09:47 - 2014-04-10 09:47 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-04-10 09:47 - 2014-04-03 09:51 - 00073432 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-10 09:47 - 2014-04-03 09:51 - 00051416 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-10 09:47 - 2014-04-03 09:50 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-10 09:47 - 2014-03-04 11:17 - 00868352 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-04-10 09:47 - 2014-02-04 04:07 - 00234432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2014-04-10 09:47 - 2014-02-04 04:07 - 00149440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-04-10 09:47 - 2014-02-04 04:07 - 00027072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2014-04-10 09:47 - 2014-02-04 04:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
2014-04-10 09:47 - 2014-01-24 04:18 - 01212352 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-04-10 09:43 - 2014-04-10 09:44 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\bluejvkeyes\Downloads\mbam-setup-2.0.1.1004.exe
2014-04-10 09:36 - 2014-04-13 19:50 - 00024226 _____ () C:\Windows\PFRO.log
2014-04-09 10:56 - 2014-04-09 10:56 - 00012637 _____ () C:\ComboFix.txt
2014-04-09 10:43 - 2014-04-09 10:56 - 00000000 ____D () C:\Qoobox
2014-04-09 10:43 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-04-09 10:43 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-04-09 10:43 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-04-09 10:43 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-04-09 10:43 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-04-09 10:43 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-04-09 10:43 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-04-09 10:43 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-04-09 10:42 - 2014-04-09 10:55 - 00000000 ____D () C:\Windows\erdnt
2014-04-09 10:24 - 2014-04-09 10:24 - 05194596 ____R (Swearware) C:\Users\bluejvkeyes\Desktop\ComboFix.exe
2014-04-08 09:29 - 2014-04-08 09:30 - 00023005 _____ () C:\Users\bluejvkeyes\Desktop\Addition.txt
2014-04-08 09:28 - 2014-04-13 21:03 - 00012714 _____ () C:\Users\bluejvkeyes\Desktop\FRST.txt
2014-04-08 09:28 - 2014-04-13 21:03 - 00000000 ____D () C:\FRST
2014-04-08 09:28 - 2014-04-13 20:46 - 01146368 _____ (Farbar) C:\Users\bluejvkeyes\Desktop\FRST.exe
2014-04-08 09:23 - 2014-04-08 09:23 - 00000484 _____ () C:\Users\bluejvkeyes\Downloads\defogger_disable.log
2014-04-08 09:23 - 2014-04-08 09:23 - 00000000 _____ () C:\Users\bluejvkeyes\defogger_reenable
2014-04-08 09:21 - 2014-04-08 09:21 - 00050477 _____ () C:\Users\bluejvkeyes\Downloads\Defogger.exe
2014-03-29 22:46 - 2014-03-29 22:46 - 00000000 ____D () C:\Users\bluejvkeyes\AppData\Roaming\RavensburgerTipToi
2014-03-29 22:45 - 2014-03-29 22:46 - 00000000 ____D () C:\ProgramData\RavensburgerTipToi
2014-03-29 22:45 - 2014-03-29 22:45 - 00001026 _____ () C:\Users\bluejvkeyes\Desktop\tiptoi.lnk
2014-03-29 22:45 - 2014-03-29 22:45 - 00000000 ____D () C:\Users\bluejvkeyes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\tiptoi® Manager
2014-03-29 22:45 - 2014-03-29 22:45 - 00000000 ____D () C:\Program Files\Ravensburger tiptoi
2014-03-29 08:59 - 2014-03-29 09:00 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-03-29 08:22 - 2014-03-29 08:22 - 00002170 _____ () C:\Users\Public\Desktop\Google Earth.lnk
2014-03-29 08:17 - 2014-03-29 08:18 - 00847824 _____ (Google Inc.) C:\Users\bluejvkeyes\Downloads\GoogleEarthSetup.exe
2014-03-29 08:12 - 2014-03-29 08:13 - 00848000 _____ (Google Inc.) C:\Users\bluejvkeyes\Downloads\googleupdatesetup(3).exe
2014-03-29 08:10 - 2014-03-29 08:10 - 00848000 _____ (Google Inc.) C:\Users\bluejvkeyes\Downloads\googleupdatesetup(2).exe
2014-03-29 08:09 - 2014-03-29 08:09 - 00848000 _____ (Google Inc.) C:\Users\bluejvkeyes\Downloads\googleupdatesetup(1).exe
2014-03-28 15:50 - 2014-03-28 15:50 - 00024598 _____ () C:\Users\bluejvkeyes\Downloads\Kinder-(3)
2014-03-28 15:46 - 2014-03-28 15:46 - 00023286 _____ () C:\Users\bluejvkeyes\Downloads\Kinder-(2)
2014-03-28 15:44 - 2014-03-28 15:44 - 00023046 _____ () C:\Users\bluejvkeyes\Downloads\Kinder-(1)
2014-03-28 15:16 - 2014-04-10 09:40 - 00013244 _____ () C:\Windows\DPINST.LOG
2014-03-24 22:25 - 2014-03-24 22:25 - 00001753 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-03-24 22:23 - 2014-03-24 22:25 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-03-24 22:23 - 2014-03-24 22:25 - 00000000 ____D () C:\Program Files\iTunes
2014-03-24 22:23 - 2014-03-24 22:23 - 00000000 ____D () C:\Program Files\iPod
2014-03-21 14:45 - 2014-03-25 00:42 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2014-03-18 13:28 - 2014-04-07 11:09 - 00000000 ____D () C:\Users\bluejvkeyes\Documents\aufbauanleitungen playmobil
2014-03-18 10:41 - 2014-04-13 20:55 - 00002365 _____ () C:\Windows\setupact.log
2014-03-18 10:41 - 2014-03-18 10:41 - 00000000 _____ () C:\Windows\setuperr.log
2014-03-14 13:51 - 2014-02-07 03:07 - 02349056 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-14 13:51 - 2014-02-04 04:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-14 13:51 - 2014-01-28 04:07 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-03-14 13:50 - 2014-02-04 04:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-03-14 13:50 - 2014-01-29 04:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll

==================== One Month Modified Files and Folders =======

2014-04-13 21:03 - 2014-04-08 09:28 - 00012714 _____ () C:\Users\bluejvkeyes\Desktop\FRST.txt
2014-04-13 21:03 - 2014-04-08 09:28 - 00000000 ____D () C:\FRST
2014-04-13 21:02 - 2009-07-14 06:34 - 00014928 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-13 21:02 - 2009-07-14 06:34 - 00014928 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-13 20:59 - 2010-06-04 21:21 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-13 20:55 - 2014-03-18 10:41 - 00002365 _____ () C:\Windows\setupact.log
2014-04-13 20:55 - 2012-03-13 00:25 - 00001104 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-13 20:55 - 2010-06-11 21:22 - 00000000 ____D () C:\Users\bluejvkeyes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite
2014-04-13 20:55 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-13 20:53 - 2012-08-08 22:41 - 01674427 _____ () C:\Windows\WindowsUpdate.log
2014-04-13 20:48 - 2014-04-13 20:48 - 00448512 _____ (OldTimer Tools) C:\Users\bluejvkeyes\Desktop\TFC.exe
2014-04-13 20:48 - 2012-08-08 13:43 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-13 20:46 - 2014-04-13 20:46 - 00000000 ____D () C:\Users\bluejvkeyes\Desktop\FRST-OlderVersion
2014-04-13 20:46 - 2014-04-08 09:28 - 01146368 _____ (Farbar) C:\Users\bluejvkeyes\Desktop\FRST.exe
2014-04-13 20:36 - 2014-04-13 20:36 - 00921000 _____ (Oracle Corporation) C:\Users\bluejvkeyes\Downloads\jxpiinstall(1).exe
2014-04-13 20:34 - 2010-06-11 22:51 - 00000000 ____D () C:\Users\bluejvkeyes\AppData\Local\Adobe
2014-04-13 20:28 - 2012-04-10 22:18 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-04-13 20:28 - 2011-07-06 09:24 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-04-13 20:26 - 2014-04-13 20:26 - 00000000 ____D () C:\ProgramData\Oracle
2014-04-13 20:26 - 2014-04-13 20:26 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-04-13 20:25 - 2014-04-13 20:25 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-04-13 20:25 - 2014-04-13 20:25 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-04-13 20:25 - 2014-04-13 20:25 - 00174504 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-04-13 20:25 - 2014-04-13 20:25 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-04-13 20:25 - 2010-08-26 09:42 - 00000000 ____D () C:\Program Files\Java
2014-04-13 20:24 - 2012-03-13 00:25 - 00001108 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-13 20:23 - 2014-04-13 20:23 - 00921000 _____ (Oracle Corporation) C:\Users\bluejvkeyes\Downloads\jxpiinstall.exe
2014-04-13 19:50 - 2014-04-10 09:36 - 00024226 _____ () C:\Windows\PFRO.log
2014-04-12 09:44 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\rescache
2014-04-12 08:55 - 2014-04-12 08:55 - 00987448 _____ () C:\Users\bluejvkeyes\Desktop\SecurityCheck.exe
2014-04-11 18:29 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\de-DE
2014-04-11 14:18 - 2014-04-11 14:18 - 02347384 _____ (ESET) C:\Users\bluejvkeyes\Downloads\esetsmartinstaller_enu.exe
2014-04-11 14:11 - 2013-08-16 00:19 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-11 14:08 - 2010-06-04 21:32 - 88028728 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-04-10 13:05 - 2012-09-02 21:45 - 00000000 ____D () C:\Users\bluejvkeyes\Documents\pippifax
2014-04-10 10:37 - 2014-04-10 10:37 - 00001393 _____ () C:\Users\bluejvkeyes\Desktop\JRT.txt
2014-04-10 10:34 - 2014-04-10 10:34 - 00000000 ____D () C:\Windows\ERUNT
2014-04-10 10:33 - 2014-04-10 10:33 - 01016261 _____ (Thisisu) C:\Users\bluejvkeyes\Desktop\JRT.exe
2014-04-10 10:30 - 2014-04-10 10:30 - 00017499 _____ () C:\Users\bluejvkeyes\Desktop\AdwCleaner[S0].txt
2014-04-10 10:27 - 2014-04-10 10:24 - 00000000 ____D () C:\AdwCleaner
2014-04-10 10:22 - 2014-04-10 10:22 - 01426178 _____ () C:\Users\bluejvkeyes\Downloads\adwcleaner.exe
2014-04-10 10:19 - 2014-04-10 10:19 - 00018998 _____ () C:\Users\bluejvkeyes\Desktop\mbam.txt
2014-04-10 10:17 - 2014-04-10 09:48 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-10 10:11 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\registration
2014-04-10 09:47 - 2014-04-10 09:47 - 00001056 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-10 09:47 - 2014-04-10 09:47 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-10 09:47 - 2014-04-10 09:47 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-04-10 09:44 - 2014-04-10 09:43 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\bluejvkeyes\Downloads\mbam-setup-2.0.1.1004.exe
2014-04-10 09:40 - 2014-03-28 15:16 - 00013244 _____ () C:\Windows\DPINST.LOG
2014-04-09 10:56 - 2014-04-09 10:56 - 00012637 _____ () C:\ComboFix.txt
2014-04-09 10:56 - 2014-04-09 10:43 - 00000000 ____D () C:\Qoobox
2014-04-09 10:56 - 2009-07-14 04:37 - 00000000 ___RD () C:\Users\Public
2014-04-09 10:55 - 2014-04-09 10:42 - 00000000 ____D () C:\Windows\erdnt
2014-04-09 10:54 - 2009-07-14 04:04 - 00000215 _____ () C:\Windows\system.ini
2014-04-09 10:24 - 2014-04-09 10:24 - 05194596 ____R (Swearware) C:\Users\bluejvkeyes\Desktop\ComboFix.exe
2014-04-08 09:30 - 2014-04-08 09:29 - 00023005 _____ () C:\Users\bluejvkeyes\Desktop\Addition.txt
2014-04-08 09:23 - 2014-04-08 09:23 - 00000484 _____ () C:\Users\bluejvkeyes\Downloads\defogger_disable.log
2014-04-08 09:23 - 2014-04-08 09:23 - 00000000 _____ () C:\Users\bluejvkeyes\defogger_reenable
2014-04-08 09:23 - 2010-06-04 21:21 - 00000000 ____D () C:\Users\bluejvkeyes
2014-04-08 09:21 - 2014-04-08 09:21 - 00050477 _____ () C:\Users\bluejvkeyes\Downloads\Defogger.exe
2014-04-08 08:59 - 2010-06-05 00:45 - 00120472 _____ () C:\Users\bluejvkeyes\AppData\Local\GDIPFONTCACHEV1.DAT
2014-04-08 08:45 - 2009-07-14 06:33 - 00424416 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-04-08 08:40 - 2010-06-11 22:52 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-04-07 11:09 - 2014-03-18 13:28 - 00000000 ____D () C:\Users\bluejvkeyes\Documents\aufbauanleitungen playmobil
2014-04-03 14:11 - 2011-01-26 22:43 - 00001912 _____ () C:\Windows\epplauncher.mif
2014-04-03 14:11 - 2011-01-26 22:42 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-04-03 09:51 - 2014-04-10 09:47 - 00073432 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-03 09:51 - 2014-04-10 09:47 - 00051416 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-03 09:50 - 2014-04-10 09:47 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-01 14:19 - 2010-06-11 23:20 - 00000000 ____D () C:\ProgramData\CanonIJPLM
2014-04-01 11:07 - 2010-06-14 22:10 - 00000000 ____D () C:\Users\bluejvkeyes\AppData\Roaming\ZoomBrowser EX
2014-04-01 11:04 - 2010-06-11 22:33 - 00000000 ____D () C:\ProgramData\ZoomBrowser
2014-03-30 21:26 - 2012-05-09 21:28 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-03-29 22:46 - 2014-03-29 22:46 - 00000000 ____D () C:\Users\bluejvkeyes\AppData\Roaming\RavensburgerTipToi
2014-03-29 22:46 - 2014-03-29 22:45 - 00000000 ____D () C:\ProgramData\RavensburgerTipToi
2014-03-29 22:45 - 2014-03-29 22:45 - 00001026 _____ () C:\Users\bluejvkeyes\Desktop\tiptoi.lnk
2014-03-29 22:45 - 2014-03-29 22:45 - 00000000 ____D () C:\Users\bluejvkeyes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\tiptoi® Manager
2014-03-29 22:45 - 2014-03-29 22:45 - 00000000 ____D () C:\Program Files\Ravensburger tiptoi
2014-03-29 09:00 - 2014-03-29 08:59 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-03-29 08:22 - 2014-03-29 08:22 - 00002170 _____ () C:\Users\Public\Desktop\Google Earth.lnk
2014-03-29 08:21 - 2010-06-11 21:41 - 00000000 ____D () C:\Users\bluejvkeyes\AppData\Local\Google
2014-03-29 08:21 - 2010-06-11 21:41 - 00000000 ____D () C:\Program Files\Google
2014-03-29 08:18 - 2014-03-29 08:17 - 00847824 _____ (Google Inc.) C:\Users\bluejvkeyes\Downloads\GoogleEarthSetup.exe
2014-03-29 08:13 - 2014-03-29 08:12 - 00848000 _____ (Google Inc.) C:\Users\bluejvkeyes\Downloads\googleupdatesetup(3).exe
2014-03-29 08:10 - 2014-03-29 08:10 - 00848000 _____ (Google Inc.) C:\Users\bluejvkeyes\Downloads\googleupdatesetup(2).exe
2014-03-29 08:09 - 2014-03-29 08:09 - 00848000 _____ (Google Inc.) C:\Users\bluejvkeyes\Downloads\googleupdatesetup(1).exe
2014-03-28 15:50 - 2014-03-28 15:50 - 00024598 _____ () C:\Users\bluejvkeyes\Downloads\Kinder-(3)
2014-03-28 15:46 - 2014-03-28 15:46 - 00023286 _____ () C:\Users\bluejvkeyes\Downloads\Kinder-(2)
2014-03-28 15:44 - 2014-03-28 15:44 - 00023046 _____ () C:\Users\bluejvkeyes\Downloads\Kinder-(1)
2014-03-28 15:16 - 2014-01-16 14:01 - 00001972 _____ () C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
2014-03-28 15:15 - 2010-06-09 14:20 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-03-25 00:42 - 2014-03-21 14:45 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2014-03-24 22:25 - 2014-03-24 22:25 - 00001753 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-03-24 22:25 - 2014-03-24 22:23 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-03-24 22:25 - 2014-03-24 22:23 - 00000000 ____D () C:\Program Files\iTunes
2014-03-24 22:23 - 2014-03-24 22:23 - 00000000 ____D () C:\Program Files\iPod
2014-03-24 22:23 - 2010-08-08 21:02 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-03-18 14:45 - 2010-08-04 13:29 - 00000000 ____D () C:\ProgramData\CanonIJ
2014-03-18 10:41 - 2014-03-18 10:41 - 00000000 _____ () C:\Windows\setuperr.log
2014-03-17 21:18 - 2009-07-14 06:53 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-04-10 11:23

==================== End Of Log ============================
--- --- ---
Im Übrigen finde ich das der Rechner sehr langsam hochfährt, weiß nur nicht ob dies "gefühlt" auch schon vorher da war, bevor ich Euch kontaktierte.
Dann ist seit dem "Trojaner Entfernungsstart" immer eine Meldung nach dem Sart von Windows, von meinem Power2GoExpress Programm:
"Im Moment ist kein Brenner verfügbar, oder Sie sind nicht berechtigt, auf den Brenner zuzugreifen."
Ist das dann wieder weg, wenn wir fertig sind?

Danke Liebe Grüße
Sunny Blue

schrauber 14.04.2014 15:17
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
HKU\S-1-5-21-39800961-588471803-1280384396-1001\...\Run: [Power2GoExpress] => [X]

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.



PowerToGo bitte mal neu installieren.

Sunny Blue 14.04.2014 18:54
C:\ Fixlog.txt:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 13-04-2014
Ran by bluejvkeyes at 2014-04-14 18:13:05 Run:2
Running from C:\Users\bluejvkeyes\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
HKU\S-1-5-21-39800961-588471803-1280384396-1001\...\Run: [Power2GoExpress] => [X]
*****************

HKU\S-1-5-21-39800961-588471803-1280384396-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Power2GoExpress => Value deleted successfully.

==== End of Fixlog ====

Hi,
ich habe glaube ich einen Fehler gemacht, ich habe gedacht bevor ich Power2Go neu installiere, muss ich ja erst noch deinstallieren, was ich tat! Ich entschuldige mich nun schonmal dafür!!! Denn jetzt habe ich das Problem, dass ich nicht neu installieren kann.
Das Programm ist auf einer Cd, die dabei war als ich den Laptop gekauft habe. Das Programm läuft anfürsich zuverlässig usw...
Doch nun findet er keine CD im Laufwerk. Unter System und Geräte-Manager habe ich beim CD/DVD Laufwerk ein gelbes Ausrufezeichen und bei Gerätestatus steht:
"Dieses Hardwaregerät kann nicht gestartet werden, da dessen Konfigurationsinformationen (in der Registrierung) unvollständig oder beschädigt sind. (Code 19)"
Im Nachhinein denke ich das dein Code "HKU......" vielleicht ja schon irgendwie dem PC gesagt haben könnte das das Programm deinstalliert sein soll oder ähnlich.
Entschuldige bitte vielmals!!!
Nun weiß ich natürlich wieder nicht weiter.
Gruß Sunny Blue

schrauber 15.04.2014 13:59
Nein, der Fix hat nur den Autostarteintrag des Programmes gelöscht. Rechtsklick auf das Laufwerk im Gerätemanager, Treiber aktualisieren.

Sunny Blue 16.04.2014 10:07
Leider verändert sich nichts, Treiber ist aktuallisiert.
Auch nach einem Neustart nicht. Wenn ich die Cd einlege, arbeitet das Laufwerk, Geräusche wie immer, nur der PC erkennt kein Medium.

schrauber 17.04.2014 09:51
erkennt er denn eine andere CD?

Sunny Blue 17.04.2014 11:48
Nein, leider auch keine andere CD.
Habe mal gegoogelt und das gefunden:

hxxp://www.soklappts.ch/artikel.php?ind=50:

Schritt 1

Starten sie die Registry mit Start -> Ausführen -> Regedit (eintippen).

Schritt 2

Machen Sie eine Sicherheitskopie der Registry! Klicken Sie auf Datei -> Exportieren und geben Sie den gewünschten Namen für die Sicherheitskopie an. Bestätigen Sie mit «Speichern».

Schritt 3

Klicken Sie sich zum Eintrag
HKEY_LOCAL_MACHINE -> SYSTEM -> CurrentControlSet -> Control -> Class -> {4D36E965-E325-11CE-BFC1-08002BE10318}

Schritt 4

Löschen Sie alle Einträge mit Lower- und Upper-Filter (anklicken und Delete drücken).

Schritt 5

Starten Sie den Computer neu.
--------------------------------------
Soll ich das mal ausprobieren?
Oder hast du einen anderen Vorschlag? Ich trau mich nicht ohne zu fragen was zu machen. Ist denn die Bereinigung von dem Trojaner nun abgeschlossen, eigentlich?
Kommt da noch was? Etwa so etwas wie ein "Abschluss"? Kann ich schon meinen PC wieder normal benutzen, bis jetzt hatte ich "die Arbeit" am Pc auf diese Webseite hier beschränkt?!
Gruß Sunny Blue

schrauber 18.04.2014 09:53
Mach mal, mach aber die Sicherung. Rechner ist soweit sauber, kannste normal benutzen :)

Sunny Blue 18.04.2014 19:16
So, die Aktion von der o.g.Webseite hat geklappt, Jippieee!!!
Laufwerk funktioniert wieder!:applaus:
Und Power2Go ist auch wieder funktionsfähig und installiert.

Wie sieht es denn nun aus? Was bleibt den von den installierten Sachen (Eure) drauf, lösche ich alles wieder?

Dann gibt es im Microsoft Security Essentials Verlauf noch folgende Anzeige:
Unter Quarantäne gestellte Elemente:
-VirTool:Win32/Injector.gen!DZ 09.04.2014
-Trojan:Win32/Matsnu.L 09.04.2014
-Trojan:Downloader:Win32/Nymain.C 07.04.2014

und unter alle erkannten Elemente noch viel mehr.....
Bleibt das so stehen entferne ich die Einträge alle???

Schlägst du bessere Security Software vor, die besser oder früher warnen? Bevor ich mir solch "nette Sachen" vielleicht einfange, denn durch das Backup, was infiziert war, zeigt es mir, das ich ja früher ein Trojaner gehabt haben muss, als vor 2 Wochen meine blöde geöffnete Mail, mit Rechnungsanhang. Denn ein Backup nach der Mail hab ich nicht gemacht.
Oder meinst du, mit dem was ich hab an Security reicht es eigentlich auch aus?
Kann ich dann auch schon wieder ein neues Backup machen?
Danke Dir

schrauber 19.04.2014 12:19
Kannste entfernen oder in Quarantäne lassen, dafür ist sie ja da :)

Ich empfehle immer Emsisoft.

Backup kannste machen.


Fertig :)

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.



Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun :)

Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.

Sunny Blue 20.04.2014 11:04
Hallo Schrauber,
ich danke dir herzlichst, ich werde mir die Ratschläge von dir, für die bessere Sicherheit in Ruhe zu Gemüte führen. Ferienbedingt kann ich das erst wieder ab dem 28.4.2014. Es wäre schön wenn du dieses Abo noch nicht löschen würdest bis dahin. Falls doch noch die eine oder andere Frage auftritt. Ich melde mich auf jeden Fall nochmal bei dir dann abschließend !!!
Gruß Sunny Blue
P.S.:Automatische Update's für Win 7 ist und war eingestellt ;-) den Rest werde ich mir zu Herzen nehmen...

schrauber 20.04.2014 18:34
Gern Geschehen :)

Sunny Blue 02.05.2014 14:26
Hallo Schrauber,
mein PC läuft wieder rund! Es gibt keine weiteren Fragen mehr. Vor einem erneuetem Backup wollte der PC noch Schattenkopien der Trojaner (dies hatte ich gegoogelt) entfernt haben, was ich erfolgreich erldigt habe.
Ich danke nochmals für die schnelle zuverlässige Hilfe!
Ich hoffe nicht, das ich Euch wieder so schnell brauche.
Gruß Sunny Blue

schrauber 04.05.2014 06:57
Gern Geschehen :)


Alle Zeitangaben in WEZ +1. Es ist jetzt 15:01 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132