Trojaner-Board - mozilla firefox-viele fenster (v.a. werbung für spiele) öffnen sich automatisch

Trojaner-Board (https://www.trojaner-board.de/)

- Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)

- - mozilla firefox-viele fenster (v.a. werbung für spiele) öffnen sich automatisch (https://www.trojaner-board.de/154696-mozilla-firefox-viele-fenster-v-a-werbung-spiele-oeffnen-automatisch.html)

mozilla firefox-viele fenster (v.a. werbung für spiele) öffnen sich automatisch

hallo

seit einiger zeit öffnen sich bei einem klick im internet manchmal viele neu fenster, darunter hauptsächlich werbungen für spiele.
regcleanpro und advanced system protector habe ich so deinstalliert, wie es hier ( http://www.trojaner-board.de/139837-...clean-pro.html ) angegeben war. jedoch habe ich nur den ersten akt, der in dem link beschrieben war, durchgeführt.(deinstallation und neustart + download adwcleaner; also alles, bis zu der ersten antwort von gegenschreiber)
gerade habe ich malwarebytes anti-malware von chip runtergeladen und es wurden einige gefährliche quellen gefunden. habe jetzt alles in quarantäne verschoben.
in der rechten unteren ecke scheint nun (wieder/immer noch) ein fenster auf: 5,2 GB Data Not Backed Up! 949 files are unprotected (documents 97, pictures 501, music 343, videos 4, ebooks 4)..jetzt könnte ich ein free backup durchführen..keine ahnung was alles auf meinem pc lebt :wtf:

ich hoffe, dass mir jemand helfen kann

danke im voraus - nadine

hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-06-2014 01

Ran by Nadine (administrator) on NADINE-PC on 02-06-2014 19:20:55

Running from C:\Users\Nadine\Downloads

Platform: Windows 7 Home Premium (X64) OS Language: German Standard

Internet Explorer Version 8

Boot Mode: Normal
 
 

==================== Processes (Whitelisted) =================
 

(AMD) C:\Windows\System32\atiesrxx.exe

(AMD) C:\Windows\System32\atieclxx.exe

(Microsoft Corporation) C:\Windows\System32\wlanext.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

(APN LLC.) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe

(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe

(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe

(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe

() C:\Windows\SysWOW64\PnkBstrA.exe

() C:\Windows\SysWOW64\PnkBstrB.exe

(Systweak) C:\Program Files (x86)\Right Backup\RightBackup.exe

(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe

(Egis Technology Inc.) C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe

(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe

(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApMsgFwd.exe

(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe

(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApntEx.exe

(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Hidfind.exe

(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe

(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

(APN) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe

(Nuance Communications, Inc.) C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe

(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe

(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe

(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe

(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe

(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\ControlCenter3\BrccMCtl.exe

(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe

(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfcMon.exe

(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe

(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe

(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe

(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe

(Systweak) C:\Program Files (x86)\Right Backup\RBClientService.exe

(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE

(Microsoft Corporation) C:\Windows\splwow64.exe

() C:\Program Files (x86)\Chiavetta Internet TM201\UIMain.exe

(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\POWERPNT.EXE
 
 

==================== Registry (Whitelisted) ==================
 

HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [323584 2009-09-23] (Alcor Micro Corp.)

HKLM\...\Run: [mwlDaemon] => C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe [349552 2010-02-01] (Egis Technology Inc.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [9643552 2009-12-11] (Realtek Semiconductor)

HKLM\...\Run: [Apoint] => C:\Program Files\Apoint2K\Apoint.exe [325120 2009-10-22] (Alps Electric Co., Ltd.)

HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [861216 2010-04-23] (Acer Incorporated)

HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [260608 2010-03-09] (NewTech Infosystems, Inc.)

HKLM-x32\...\Run: [SuiteTray] => C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [337264 2010-02-01] (Egis Technology Inc.)

HKLM-x32\...\Run: [EgisUpdate] => C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [201512 2009-12-25] (Egis Technology Inc.)

HKLM-x32\...\Run: [EgisTecPMMUpdate] => C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [401192 2009-12-25] (Egis Technology Inc.)

HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-01-22] (Advanced Micro Devices, Inc.)

HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [908368 2010-04-08] (Dritek System Inc.)

HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-20] (Avira Operations GmbH & Co. KG)

HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)

HKLM-x32\...\Run: [ApnTBMon] => C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1935824 2014-05-16] (APN)

HKLM-x32\...\Run: [SSBkgdUpdate] => C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [210472 2006-10-25] (Nuance Communications, Inc.)

HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe [29984 2008-07-10] (Nuance Communications, Inc.)

HKLM-x32\...\Run: [IndexSearch] => C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe [46368 2008-07-10] (Nuance Communications, Inc.)

HKLM-x32\...\Run: [PPort11reminder] => C:\Program Files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe [328992 2007-08-31] (Nuance Communications, Inc.)

HKLM-x32\...\Run: [BrMfcWnd] => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1159168 2009-05-26] (Brother Industries, Ltd.)

HKLM-x32\...\Run: [ControlCenter3] => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)

HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)

HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3814736 2014-04-15] (LogMeIn Inc.)

HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] - "C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe" "C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware" [54072 2014-05-12] (Malwarebytes Corporation)

HKU\S-1-5-21-2528630756-1155624373-988283130-1000\...\MountPoints2: {6a541d9c-227e-11e3-aa11-806e6f6e6963} - D:\start.exe

HKU\S-1-5-21-2528630756-1155624373-988283130-1000\...\MountPoints2: {8a538d68-76f4-11e3-bd9e-4c0f6e785fc0} - F:\Autorun.exe

HKU\S-1-5-21-2528630756-1155624373-988283130-1000\...\MountPoints2: {d09dc8b4-2511-11e3-9d25-4c0f6e785fc0} - E:\Windows\AutoRun.exe

HKU\S-1-5-21-2528630756-1155624373-988283130-1000\...\MountPoints2: {d09dc8c6-2511-11e3-9d25-4c0f6e785fc0} - E:\Windows\AutoRun.exe

HKU\S-1-5-21-2528630756-1155624373-988283130-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {6a541d9c-227e-11e3-aa11-806e6f6e6963} - D:\start.exe

HKU\S-1-5-21-2528630756-1155624373-988283130-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {8a538d68-76f4-11e3-bd9e-4c0f6e785fc0} - F:\Autorun.exe

HKU\S-1-5-21-2528630756-1155624373-988283130-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {d09dc8b4-2511-11e3-9d25-4c0f6e785fc0} - E:\Windows\AutoRun.exe

HKU\S-1-5-21-2528630756-1155624373-988283130-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {d09dc8c6-2511-11e3-9d25-4c0f6e785fc0} - E:\Windows\AutoRun.exe

HKU\S-1-5-21-2528630756-1155624373-988283130-1001-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\Run: [Pokki] => C:\Windows\system32\rundll32.exe "%LOCALAPPDATA%\Pokki\Engine\Launcher.dll",RunLaunchPlatform

HKU\S-1-5-21-2528630756-1155624373-988283130-1001-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3672384 2012-04-11] (DT Soft Ltd)

HKU\S-1-5-21-2528630756-1155624373-988283130-1001-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\MountPoints2: {8a538d68-76f4-11e3-bd9e-4c0f6e785fc0} - F:\Autorun.exe

HKU\S-1-5-21-2528630756-1155624373-988283130-1001-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\MountPoints2: {b0478c14-c98f-11e3-a32b-206a8a159833} - E:\Startme.exe

HKU\S-1-5-21-2528630756-1155624373-988283130-1001-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\MountPoints2: {d09dc8c6-2511-11e3-9d25-4c0f6e785fc0} - E:\Windows\AutoRun.exe

HKU\S-1-5-21-2528630756-1155624373-988283130-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Pokki] => C:\Windows\system32\rundll32.exe "%LOCALAPPDATA%\Pokki\Engine\Launcher.dll",RunLaunchPlatform

HKU\S-1-5-21-2528630756-1155624373-988283130-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3672384 2012-04-11] (DT Soft Ltd)

HKU\S-1-5-21-2528630756-1155624373-988283130-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {8a538d68-76f4-11e3-bd9e-4c0f6e785fc0} - F:\Autorun.exe

HKU\S-1-5-21-2528630756-1155624373-988283130-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {b0478c14-c98f-11e3-a32b-206a8a159833} - E:\Startme.exe

HKU\S-1-5-21-2528630756-1155624373-988283130-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {d09dc8c6-2511-11e3-9d25-4c0f6e785fc0} - E:\Windows\AutoRun.exe

HKU\S-1-5-21-2528630756-1155624373-988283130-1002-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\MountPoints2: {d09dc8c6-2511-11e3-9d25-4c0f6e785fc0} - E:\Windows\AutoRun.exe

HKU\S-1-5-21-2528630756-1155624373-988283130-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {d09dc8c6-2511-11e3-9d25-4c0f6e785fc0} - E:\Windows\AutoRun.exe

GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
 

==================== Internet (Whitelisted) ====================
 

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_7741&r=27360913i106l0448z145t4781o97s

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_7741&r=27360913i106l0448z145t4781o97s

StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe

SearchScopes: HKLM-x32 - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW

SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = 

SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 

BHO: Systweak Toolbar for Internet Explorer - {F0D6F486-7230-3139-1997-CB2FBCF4E080} - C:\Program Files\Systweak Toolbar\systweak-64.dll (Systweak Software)

BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File

BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO-x32: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

BHO-x32: Systweak Toolbar for Internet Explorer - {F0D6F486-7230-3139-1997-CB2FBCF4E080} - C:\Program Files\Systweak Toolbar\systweak-32.dll (Systweak Software)

Toolbar: HKLM - Systweak Toolbar for Internet Explorer - {F0D6F486-7230-3139-1997-CB2FBCF4E080} - C:\Program Files\Systweak Toolbar\systweak-64.dll (Systweak Software)

Toolbar: HKLM-x32 - Systweak Toolbar for Internet Explorer - {F0D6F486-7230-3139-1997-CB2FBCF4E080} - C:\Program Files\Systweak Toolbar\systweak-32.dll (Systweak Software)

Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)

Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)

Tcpip\..\Interfaces\{05363EDC-6544-420D-AEBB-6B8CA2B15F0F}: [NameServer]10.207.43.46 10.206.56.132
 

FireFox:

========

FF ProfilePath: C:\Users\Nadine\AppData\Roaming\Mozilla\Firefox\Profiles\8kfzxwdu.default

FF SearchEngineOrder.1: Ask Search

FF Homepage: chrome://fastdial/content/fastdial.html

FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()

FF Plugin: @videolan.org/vlc,version=2.0.6 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF Plugin: @videolan.org/vlc,version=2.0.8 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()

FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF Plugin-x32: @java.com/DTPlugin,version=10.40.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=10.40.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\3.0.40624.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml

FF Extension: Fast Dial - C:\Users\Nadine\AppData\Roaming\Mozilla\Firefox\Profiles\8kfzxwdu.default\Extensions\fastdial@telega.phpnet.us [2013-09-21]
 

==================== Services (Whitelisted) =================
 

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)

R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)

S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1017424 2014-02-20] (Avira Operations GmbH & Co. KG)

R2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [166352 2014-05-16] (APN LLC.)

R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [377616 2014-04-08] (LogMeIn, Inc.)

R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)

R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)

S3 MWLService; C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [305520 2010-02-01] (Egis Technology Inc.)

R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-03-09] ()

R2 PnkBstrB; C:\Windows\SysWOW64\PnkBstrB.exe [189104 2014-03-29] ()

R2 RBClientService; C:\Program Files (x86)\Right Backup\RBClientService.exe [48472 2014-04-24] (Systweak)
 

==================== Drivers (Whitelisted) ====================
 

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2014-01-17] (Avira Operations GmbH & Co. KG)

R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2014-01-17] (Avira Operations GmbH & Co. KG)

R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-01-17] (Avira Operations GmbH & Co. KG)

R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2014-01-06] (DT Soft Ltd)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)

R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-06-02] (Malwarebytes Corporation)

R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)

U0 oncaiiio; C:\Windows\System32\drivers\icgjtcb.sys [79064 2014-06-02] (Malwarebytes Corporation)

R3 onda_cdc_acm; C:\Windows\System32\DRIVERS\onda_cdc_acm.sys [79872 2012-01-25] (ONDA)

R3 onda_cdc_ecm; C:\Windows\System32\DRIVERS\onda_cdc_ecm.sys [60416 2012-01-25] (ONDA)

R3 onda_ecm_enum; C:\Windows\System32\DRIVERS\onda_ecm_enum.sys [56832 2012-01-25] (ONDA)

R3 onda_ecm_enum_filter; C:\Windows\System32\DRIVERS\onda_ecm_enum_filter.sys [56832 2012-01-25] (ONDA)

S3 onda_wcpo; C:\Windows\System32\DRIVERS\onda_wcpo.sys [10752 2012-01-25] (ONDA)
 

==================== NetSvcs (Whitelisted) ===================
 
 

==================== One Month Created Files and Folders ========
 

2014-06-02 17:26 - 2014-06-02 17:26 - 00079064 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\icgjtcb.sys

2014-06-02 17:05 - 2014-06-02 17:06 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-06-02 17:04 - 2014-06-02 17:04 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-06-02 17:04 - 2014-06-02 17:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2014-06-02 17:04 - 2014-06-02 17:04 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-06-02 17:04 - 2014-06-02 17:04 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-06-02 17:04 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2014-06-02 17:04 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2014-06-02 17:04 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2014-06-02 17:03 - 2014-06-02 17:04 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Nadine\Downloads\mbam-setup-2.0.2.1012.exe

2014-06-02 16:53 - 2014-06-02 16:53 - 00027345 _____ () C:\Users\Nadine\Downloads\Addition.txt

2014-06-02 16:52 - 2014-06-02 19:20 - 00019758 _____ () C:\Users\Nadine\Downloads\FRST.txt

2014-06-02 16:52 - 2014-06-02 19:20 - 00000000 ____D () C:\FRST

2014-06-02 16:51 - 2014-06-02 16:52 - 02067456 _____ (Farbar) C:\Users\Nadine\Downloads\FRST64.exe

2014-06-02 16:51 - 2014-06-02 16:51 - 01058304 _____ (Farbar) C:\Users\Nadine\Downloads\FRST(2).exe

2014-06-02 16:49 - 2014-06-02 16:49 - 01058304 _____ (Farbar) C:\Users\Nadine\Downloads\FRST(1).exe

2014-06-02 16:48 - 2014-06-02 16:48 - 01058304 _____ (Farbar) C:\Users\Nadine\Downloads\FRST.exe

2014-06-02 16:43 - 2014-06-02 16:43 - 00000000 ____D () C:\Users\Nadine\AppData\Roaming\Systweak

2014-06-02 16:43 - 2014-06-02 16:43 - 00000000 ____D () C:\ProgramData\Systweak

2014-06-02 16:37 - 2014-06-02 16:41 - 00000000 ____D () C:\AdwCleaner

2014-06-02 16:37 - 2014-06-02 16:37 - 01327971 _____ () C:\Users\Nadine\Downloads\adwcleaner_3.211(1).exe

2014-06-02 16:35 - 2014-06-02 16:36 - 01327971 _____ () C:\Users\Nadine\Downloads\adwcleaner_3.211.exe

2014-06-02 16:34 - 2014-06-02 16:34 - 00001162 _____ () C:\Users\Nadine\Desktop\Live PC Help.lnk

2014-06-01 18:34 - 2014-06-01 19:04 - 00224300 _____ () C:\Users\Domo\Desktop\zeichnung dach.dwg

2014-05-18 19:25 - 2014-05-18 19:25 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

2014-05-08 18:47 - 2014-05-08 18:47 - 00008495 _____ () C:\Users\Domo\Documents\Mappe1.xlsx

2014-05-07 19:46 - 2014-05-07 19:46 - 00000000 ____D () C:\Users\Verena&Ali\AppData\Roaming\Apple Computer

2014-05-03 20:14 - 2014-05-03 20:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi

2014-05-03 20:14 - 2014-05-03 20:14 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi

2014-05-03 20:12 - 2014-06-02 08:29 - 00001426 _____ () C:\Users\Domo\Desktop\Registry kostenlos entrümpeln!.lnk
 

==================== One Month Modified Files and Folders =======
 

2014-06-02 19:21 - 2014-06-02 16:52 - 00019758 _____ () C:\Users\Nadine\Downloads\FRST.txt

2014-06-02 19:21 - 2013-09-21 07:37 - 00000000 ____D () C:\Users\Nadine\AppData\Local\Temp

2014-06-02 19:20 - 2014-06-02 16:52 - 00000000 ____D () C:\FRST

2014-06-02 19:11 - 2013-09-21 20:29 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2014-06-02 18:46 - 2013-10-18 16:43 - 00000000 ____D () C:\Users\Nadine\Documents\Facharbeit

2014-06-02 18:39 - 2014-04-24 15:23 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-06-02 18:39 - 2014-04-24 15:23 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-06-02 18:00 - 2013-09-24 14:10 - 00000000 ____D () C:\Program Files (x86)\Chiavetta Internet TM201

2014-06-02 17:26 - 2014-06-02 17:26 - 00079064 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\icgjtcb.sys

2014-06-02 17:26 - 2013-09-21 20:56 - 00000000 ____D () C:\Users\Domo\AppData\Local\Temp

2014-06-02 17:26 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\Help

2014-06-02 17:06 - 2014-06-02 17:05 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-06-02 17:04 - 2014-06-02 17:04 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-06-02 17:04 - 2014-06-02 17:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2014-06-02 17:04 - 2014-06-02 17:04 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-06-02 17:04 - 2014-06-02 17:04 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-06-02 17:04 - 2014-06-02 17:03 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Nadine\Downloads\mbam-setup-2.0.2.1012.exe

2014-06-02 16:53 - 2014-06-02 16:53 - 00027345 _____ () C:\Users\Nadine\Downloads\Addition.txt

2014-06-02 16:52 - 2014-06-02 16:51 - 02067456 _____ (Farbar) C:\Users\Nadine\Downloads\FRST64.exe

2014-06-02 16:51 - 2014-06-02 16:51 - 01058304 _____ (Farbar) C:\Users\Nadine\Downloads\FRST(2).exe

2014-06-02 16:51 - 2009-07-14 06:45 - 00017376 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-06-02 16:51 - 2009-07-14 06:45 - 00017376 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-06-02 16:49 - 2014-06-02 16:49 - 01058304 _____ (Farbar) C:\Users\Nadine\Downloads\FRST(1).exe

2014-06-02 16:48 - 2014-06-02 16:48 - 01058304 _____ (Farbar) C:\Users\Nadine\Downloads\FRST.exe

2014-06-02 16:47 - 2013-09-21 07:39 - 01280324 _____ () C:\Windows\WindowsUpdate.log

2014-06-02 16:44 - 2014-04-24 14:36 - 00003068 _____ () C:\Windows\System32\Tasks\Right Backup_startup

2014-06-02 16:43 - 2014-06-02 16:43 - 00000000 ____D () C:\Users\Nadine\AppData\Roaming\Systweak

2014-06-02 16:43 - 2014-06-02 16:43 - 00000000 ____D () C:\ProgramData\Systweak

2014-06-02 16:43 - 2013-10-06 20:28 - 00000000 ____D () C:\Users\Nadine\AppData\Local\LogMeIn Hamachi

2014-06-02 16:42 - 2010-05-07 01:36 - 00166464 _____ () C:\Windows\PFRO.log

2014-06-02 16:42 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-06-02 16:42 - 2009-07-14 06:51 - 00089569 _____ () C:\Windows\setupact.log

2014-06-02 16:41 - 2014-06-02 16:37 - 00000000 ____D () C:\AdwCleaner

2014-06-02 16:41 - 2013-09-21 20:56 - 00000000 ___RD () C:\Users\Domo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

2014-06-02 16:41 - 2013-09-21 20:25 - 00000815 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk

2014-06-02 16:37 - 2014-06-02 16:37 - 01327971 _____ () C:\Users\Nadine\Downloads\adwcleaner_3.211(1).exe

2014-06-02 16:36 - 2014-06-02 16:35 - 01327971 _____ () C:\Users\Nadine\Downloads\adwcleaner_3.211.exe

2014-06-02 16:34 - 2014-06-02 16:34 - 00001162 _____ () C:\Users\Nadine\Desktop\Live PC Help.lnk

2014-06-02 08:34 - 2013-09-21 21:02 - 00000000 ____D () C:\Users\Domo\AppData\Local\Autodesk

2014-06-02 08:29 - 2014-05-03 20:12 - 00001426 _____ () C:\Users\Domo\Desktop\Registry kostenlos entrümpeln!.lnk

2014-06-02 08:28 - 2013-10-05 16:36 - 00000000 ____D () C:\Users\Domo\AppData\Local\LogMeIn Hamachi

2014-06-01 19:04 - 2014-06-01 18:34 - 00224300 _____ () C:\Users\Domo\Desktop\zeichnung dach.dwg

2014-05-27 15:38 - 2013-10-01 22:32 - 00000000 ____D () C:\Users\Verena&Ali\AppData\Local\Temp

2014-05-27 15:36 - 2013-10-12 17:44 - 00000000 ____D () C:\Users\Verena&Ali\AppData\Local\LogMeIn Hamachi

2014-05-25 18:55 - 2013-09-21 10:13 - 00647376 _____ () C:\Windows\system32\perfh007.dat

2014-05-25 18:55 - 2013-09-21 10:13 - 00127404 _____ () C:\Windows\system32\perfc007.dat

2014-05-25 18:55 - 2009-07-14 07:13 - 01480666 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-05-22 18:45 - 2013-09-21 20:25 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service

2014-05-19 20:11 - 2013-10-02 18:40 - 00011668 _____ () C:\Users\Verena&Ali\Documents\bankdaten.xlsx

2014-05-18 19:25 - 2014-05-18 19:25 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

2014-05-18 19:11 - 2013-09-21 20:29 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2014-05-18 19:11 - 2013-09-21 20:29 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2014-05-18 19:11 - 2013-09-21 20:29 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater

2014-05-12 07:26 - 2014-06-02 17:04 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2014-05-12 07:26 - 2014-06-02 17:04 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2014-05-12 07:25 - 2014-06-02 17:04 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2014-05-11 18:34 - 2014-04-24 15:23 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA

2014-05-11 18:34 - 2014-04-24 15:23 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

2014-05-08 18:47 - 2014-05-08 18:47 - 00008495 _____ () C:\Users\Domo\Documents\Mappe1.xlsx

2014-05-07 19:46 - 2014-05-07 19:46 - 00000000 ____D () C:\Users\Verena&Ali\AppData\Roaming\Apple Computer

2014-05-03 20:56 - 2014-04-24 14:46 - 00000000 ____D () C:\Users\Domo\AppData\Roaming\.minecraft

2014-05-03 20:14 - 2014-05-03 20:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi

2014-05-03 20:14 - 2014-05-03 20:14 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi
 

Files to move or delete:

====================

C:\Users\Public\AlexaNSISPlugin.3972.dll
 
 

Some content of TEMP:

====================

C:\Users\Domo\AppData\Local\Temp\AcDeltree.exe

C:\Users\Domo\AppData\Local\Temp\APNSetup.exe

C:\Users\Domo\AppData\Local\Temp\AutoRun.exe

C:\Users\Domo\AppData\Local\Temp\AutoRunGUI.dll

C:\Users\Domo\AppData\Local\Temp\avgnt.exe

C:\Users\Domo\AppData\Local\Temp\BackupSetup.exe

C:\Users\Domo\AppData\Local\Temp\eauninstall.exe

C:\Users\Domo\AppData\Local\Temp\octE035.tmp.exe

C:\Users\Domo\AppData\Local\Temp\The Battle for Middle-earth II_uninst.exe

C:\Users\Domo\AppData\Local\Temp\vcredist_x64.exe

C:\Users\Nadine\AppData\Local\Temp\avgnt.exe

C:\Users\Nadine\AppData\Local\Temp\FNP_ACT_InstallerCA.dll

C:\Users\Nadine\AppData\Local\Temp\Quarantine.exe

C:\Users\Nadine\AppData\Local\Temp\vlc-2.0.8-win64.exe

C:\Users\Nadine\AppData\Local\Temp\_isE717.exe

C:\Users\Nadine\AppData\Local\Temp\_isFC6B.exe

C:\Users\Verena&Ali\AppData\Local\Temp\avgnt.exe
 
 

==================== Bamital & volsnap Check =================
 

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\rpcss.dll => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 

LastRegBack: 2014-05-29 16:10
 

==================== End Of Log ============================

--- --- ---

Code:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-06-2014 01

Ran by Nadine at 2014-06-02 19:29:18

Running from C:\Users\Nadine\Downloads

Boot Mode: Normal

==========================================================
 
 

==================== Security Center ========================
 

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}

AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}

AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 

==================== Installed Programs ======================
 

Acer Backup Manager (HKLM-x32\...\InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}) (Version: 2.0.0.60 - NewTech Infosystems)

Acer Crystal Eye webcam (HKLM-x32\...\{51F026FA-5146-4232-A8BA-1364740BD053}) (Version: 1.0.3.5 - Liteon)

Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 5.00.3004 - Acer Incorporated)

Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3011 - Acer Incorporated)

Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.0423.2010 - Acer Incorporated)

Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)

Adobe AIR (x32 Version: 1.5.0.7220 - Adobe Systems Inc.) Hidden

Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)

Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)

Adobe Reader X (10.1.1) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.1 - Adobe Systems Incorporated)

Alcor Micro USB Card Reader (HKLM-x32\...\InstallShield_{6030FCD7-8F1A-427D-AF05-8DD1A2EA2ABA}) (Version: 1.5.17.05094 - Alcor Micro Corp.)

Alcor Micro USB Card Reader (x32 Version: 1.5.17.05094 - Alcor Micro Corp.) Hidden

ALPS Touch Pad Driver (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.105.2015.1107 - Alps Electric)

Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)

Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)

Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)

Ask Toolbar (HKLM-x32\...\{4F524A2D-5637-006A-76A7-A758B70C0C02}) (Version: 12.12.2.82 - APN, LLC) <==== ATTENTION

ATI Catalyst Install Manager (HKLM\...\{8B79B3A9-6E49-5FFB-2017-A822BBDC4992}) (Version: 3.0.758.0 - ATI Technologies, Inc.)

AutoCAD 2011 - Deutsch (HKLM\...\AutoCAD 2011 - Deutsch) (Version: 18.1.49.0 - Autodesk)

AutoCAD 2011 - Deutsch (Version: 18.1.49.0 - Autodesk) Hidden

AutoCAD 2011 Language Pack - Deutsch (Version: 18.1.49.0 - Autodesk) Hidden

Autodesk Material Library 2011 (HKLM-x32\...\{9DEABCB6-B759-4D52-92F8-51B34A2B4D40}) (Version: 2.0.0.49 - Autodesk)

Autodesk Material Library 2011 Base Image library (HKLM-x32\...\{CD1E078C-A6B9-47DA-B035-6365C85C7832}) (Version: 2.0.0.49 - Autodesk)

Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.3.350 - Avira)

awesomehp uninstaller (HKLM-x32\...\awesomehp uninstaller) (Version:  - awesomehp) <==== ATTENTION

Backup Manager Basic (x32 Version: 2.0.0.60 - NewTech Infosystems) Hidden

Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)

Broadcom Gigabit NetLink Controller (HKLM\...\{A84DB02B-9C2B-4272-9D2D-A80E00A56513}) (Version: 12.52.03 - Broadcom Corporation)

Brother MFL-Pro Suite DCP-195C (HKLM-x32\...\{6BF66AED-3EA4-4106-B240-5CE96C9B76B0}) (Version: 1.0.1.0 - Brother Industries, Ltd.)

Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden

Catalyst Control Center Core Implementation (x32 Version: 2010.0122.858.16002 - ATI) Hidden

Catalyst Control Center Graphics Full Existing (x32 Version: 2010.0122.858.16002 - ATI) Hidden

Catalyst Control Center Graphics Full New (x32 Version: 2010.0122.858.16002 - ATI) Hidden

Catalyst Control Center Graphics Light (x32 Version: 2010.0122.858.16002 - ATI) Hidden

Catalyst Control Center Graphics Previews Vista (x32 Version: 2010.0122.858.16002 - ATI) Hidden

Catalyst Control Center InstallProxy (x32 Version: 2010.0122.858.16002 - ATI Technologies, Inc.) Hidden

Catalyst Control Center Localization All (x32 Version: 2010.0122.858.16002 - ATI) Hidden

CCC Help Chinese Standard (x32 Version: 2010.0122.0857.16002 - ATI) Hidden

CCC Help Chinese Traditional (x32 Version: 2010.0122.0857.16002 - ATI) Hidden

CCC Help Czech (x32 Version: 2010.0122.0857.16002 - ATI) Hidden

CCC Help Danish (x32 Version: 2010.0122.0857.16002 - ATI) Hidden

CCC Help Dutch (x32 Version: 2010.0122.0857.16002 - ATI) Hidden

CCC Help English (x32 Version: 2010.0122.0857.16002 - ATI) Hidden

CCC Help Finnish (x32 Version: 2010.0122.0857.16002 - ATI) Hidden

CCC Help French (x32 Version: 2010.0122.0857.16002 - ATI) Hidden

CCC Help German (x32 Version: 2010.0122.0857.16002 - ATI) Hidden

CCC Help Greek (x32 Version: 2010.0122.0857.16002 - ATI) Hidden

CCC Help Hungarian (x32 Version: 2010.0122.0857.16002 - ATI) Hidden

CCC Help Italian (x32 Version: 2010.0122.0857.16002 - ATI) Hidden

CCC Help Japanese (x32 Version: 2010.0122.0857.16002 - ATI) Hidden

CCC Help Korean (x32 Version: 2010.0122.0857.16002 - ATI) Hidden

CCC Help Norwegian (x32 Version: 2010.0122.0857.16002 - ATI) Hidden

CCC Help Polish (x32 Version: 2010.0122.0857.16002 - ATI) Hidden

CCC Help Portuguese (x32 Version: 2010.0122.0857.16002 - ATI) Hidden

CCC Help Russian (x32 Version: 2010.0122.0857.16002 - ATI) Hidden

CCC Help Spanish (x32 Version: 2010.0122.0857.16002 - ATI) Hidden

CCC Help Swedish (x32 Version: 2010.0122.0857.16002 - ATI) Hidden

CCC Help Thai (x32 Version: 2010.0122.0857.16002 - ATI) Hidden

CCC Help Turkish (x32 Version: 2010.0122.0857.16002 - ATI) Hidden

ccc-core-static (x32 Version: 2010.0122.858.16002 - Ihr Firmenname) Hidden

ccc-utility64 (Version: 2010.0122.858.16002 - ATI) Hidden

Chiavetta Internet TM201 (HKLM-x32\...\{93D34EE3-99B3-4DB1-8B0A-0A657466F90D}) (Version: 1.0.0.1 - Onda Communication S.p.a.)

CyberLink PowerDVD 9 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.0.2529.50 - CyberLink Corp.)

CyberLink PowerDVD 9 (x32 Version: 9.0.2529.50 - CyberLink Corp.) Hidden

DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.45.4.0314 - DT Soft Ltd)

Default (x32 Version: 1.0.0.1 - Onda Communication S.p.a.) Hidden

Die Schlacht um Mittelerde™ II (HKLM-x32\...\{2A9F95AB-65A3-432c-8631-B8BC5BF7477A}) (Version:  - )

FARO LS 1.1.406.58 (HKLM-x32\...\{951B0F30-9F1A-4BF6-B3DA-99EB0E917B1C}) (Version: 4.6.58.2 - FARO Scanner Production)

Free YouTube Download version 3.2.16.1030 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.2.16.1030 - DVDVideoSoft Ltd.)

GIMP 2.8.4 (HKLM\...\GIMP-2_is1) (Version: 2.8.4 - The GIMP Team)

Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden

Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)

Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.0.1014 - Intel Corporation)

iTunes (HKLM\...\{B8BA155B-1E75-405F-9CB4-8A99615D09DC}) (Version: 11.1.5.5 - Apple Inc.)

Java 7 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217040FF}) (Version: 7.0.400 - Oracle)

Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden

Junk Mail filter update (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden

Launch Manager (HKLM-x32\...\LManager) (Version: 4.0.8 - Acer Inc.)

LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.188 - LogMeIn, Inc.)

LogMeIn Hamachi (x32 Version: 2.2.0.188 - LogMeIn, Inc.) Hidden

Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)

Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden

Microsoft Choice Guard (x32 Version: 2.0.48.0 - Microsoft Corporation) Hidden

Microsoft Office Access MUI (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden

Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)

Microsoft Office Enterprise 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden

Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden

Microsoft Office Groove MUI (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden

Microsoft Office InfoPath MUI (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden

Microsoft Office Office 64-bit Components 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden

Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden

Microsoft Office Outlook MUI (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden

Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden

Microsoft Office Proof (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden

Microsoft Office Proof (French) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden

Microsoft Office Proof (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden

Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden

Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden

Microsoft Office Publisher MUI (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden

Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden

Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden

Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden

Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 3.0.40624.0 - Microsoft Corporation)

Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Mozilla Firefox 29.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 29.0.1 (x86 de)) (Version: 29.0.1 - Mozilla)

Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)

MSVCRT (x32 Version: 14.0.1468.721 - Microsoft) Hidden

MyWinLocker (x32 Version: 3.1.206.0 - Egis Technology Inc.) Hidden

MyWinLocker Suite (HKLM-x32\...\InstallShield_{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}) (Version: 3.1.206.0 - Egis Technology Inc.)

MyWinLocker Suite (x32 Version: 3.1.206.0 - Egis Technology Inc.) Hidden

PaperPort Image Printer 64-bit (HKLM\...\{ABA4FAF1-6389-45F9-92CE-3914A4E5C471}) (Version: 1.00.0000 - Nuance Communications, Inc.)

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6000 - Realtek Semiconductor Corp.)

Re-markit (HKLM-x32\...\dd1903ed-c792-40ac-bf09-4daa274cacb4) (Version:  - Re-markit Software) <==== ATTENTION

Right Backup (HKLM-x32\...\980124D4-3D52-4c2d-AD41-9E90BDF4C031_Systweak_Ri~01F2B2E8_is1) (Version: 2.1.1000.3797 - Systweak Software)

ScanSoft PaperPort 11 (HKLM-x32\...\{02570AE0-BEE0-4A6C-BE3F-D806E9F2EA17}) (Version: 11.2.0000 - Nuance Communications, Inc.)

Shredder (Version: 2.0.5.0 - Egis Technology Inc.) Hidden

Shredder (x32 Version: 2.0.5.0 - Egis Technology Inc.) Hidden

Systweak Toolbar (HKLM-x32\...\Systweak Toolbar) (Version: 1.0.1.8 - Systweak Software)

VLC media player 2.0.8 (HKLM\...\VLC media player) (Version: 2.0.8 - VideoLAN)

Windows Live Anmelde-Assistent (HKLM-x32\...\{52B97218-98CB-4B8B-9283-D213C85E1AA4}) (Version: 5.000.818.5 - Microsoft Corporation)

Windows Live Call (x32 Version: 14.0.8064.0206 - Microsoft Corporation) Hidden

Windows Live Communications Platform (x32 Version: 14.0.8064.206 - Microsoft Corporation) Hidden

Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)

Windows Live Essentials (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden

Windows Live Fotogalerie (x32 Version: 14.0.8081.709 - Microsoft Corporation) Hidden

Windows Live Mail (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden

Windows Live Messenger (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden

Windows Live Movie Maker (x32 Version: 14.0.8091.0730 - Microsoft Corporation) Hidden

Windows Live Sync (HKLM-x32\...\{76618402-179D-4699-A66B-D351C59436BC}) (Version: 14.0.8089.726 - Microsoft Corporation)

Windows Live Writer (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden

Windows Live-Uploadtool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
 

==================== Restore Points  =========================
 

24-04-2014 12:36:51 RegClean Pro Do, Apr 24, 14  14:36

24-04-2014 13:06:27 Removed LogMeIn Hamachi

24-04-2014 13:22:07 Installed LogMeIn Hamachi

27-04-2014 19:40:34 Installed iTunes

06-05-2014 15:45:50 Geplanter Prüfpunkt

25-05-2014 17:28:34 Geplanter Prüfpunkt
 

==================== Hosts content: ==========================
 

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 

==================== Scheduled Tasks (whitelisted) =============
 

Task: {00F2930F-BB38-44F5-8BD7-029574A84CCD} - \media enhance-updater No Task File <==== ATTENTION

Task: {0CA9FE11-7829-4ABB-99C6-90658272C1B7} - System32\Tasks\{5C9FFB23-7AF1-470A-9904-91F5E99E1805} => Firefox.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&amp;ver=4.1.0.179.367&amp;LastError=12007

Task: {11E8A008-2F00-4B00-8168-622D0EE47598} - \Re-markit_wd No Task File <==== ATTENTION

Task: {1B55AB10-854E-4AF4-9977-5F92F00AEA91} - \HDTotalS-enabler No Task File <==== ATTENTION

Task: {24C62AEA-65D1-46A3-B570-2DB559F540B8} - \APSnotifierPP1 No Task File <==== ATTENTION

Task: {3871CD21-4112-4FBF-A0C8-6647E45BF763} - \APSnotifierPP2 No Task File <==== ATTENTION

Task: {399FB1D9-2F6E-4186-B387-065B0CF466DC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-24] (Google Inc.)

Task: {4A68628D-C347-47E3-8DA3-7A731C3E0BF2} - \media enhance-enabler No Task File <==== ATTENTION

Task: {61E34A48-971C-4681-BE0D-1DCC24EE79E8} - \media enhance-codedownloader No Task File <==== ATTENTION

Task: {727C79E2-AD9F-47DA-BFE3-6DA4329FD4BA} - \Re-markit Update No Task File <==== ATTENTION

Task: {75F9876B-D3B1-4BE0-9015-72AE7603046E} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)

Task: {765195AD-BF3C-452D-9118-AB8C40A7C724} - \HDTotalS-codedownloader No Task File <==== ATTENTION

Task: {7B7A094A-08F1-4469-BBB7-EDCD42A131AD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-24] (Google Inc.)

Task: {7B7DE1E7-1D5B-4F32-BECD-84C02C783C7F} - System32\Tasks\Right Backup_startup => C:\Program Files (x86)\Right Backup\RightBackup.exe [2014-04-24] (Systweak)

Task: {85A549A6-6A5E-435E-B9FC-1BC8E5315F68} - \media enhance-chromeinstaller No Task File <==== ATTENTION

Task: {8A1EFCCE-E000-40EA-8B48-4C604B886B9E} - \APSnotifierPP3 No Task File <==== ATTENTION

Task: {9953CE62-093E-4370-AAC1-410FB2F13A19} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-18] (Adobe Systems Incorporated)

Task: {A3E0D757-4018-43CF-A37D-D9982A4BF113} - \HDTotalS-chromeinstaller No Task File <==== ATTENTION

Task: {B20F884E-A239-4EC0-BB7D-E0C86EC65B8F} - \HDTotalS-firefoxinstaller No Task File <==== ATTENTION

Task: {B4F63FBA-64EE-4CD4-9B55-14F411A715F7} - \media enhance-firefoxinstaller No Task File <==== ATTENTION

Task: {F31D4C4B-8551-4531-8C5C-23CDF4E2B195} - \HDTotalS-updater No Task File <==== ATTENTION

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 

==================== Loaded Modules (whitelisted) =============
 

2013-10-04 22:29 - 2014-03-09 12:24 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe

2013-10-04 22:29 - 2014-03-29 13:08 - 00189104 _____ () C:\Windows\SysWOW64\PnkBstrB.exe

2010-01-07 14:42 - 2010-01-07 14:42 - 00016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll

2013-09-21 07:42 - 2013-09-21 07:42 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll

2013-09-24 14:11 - 2012-04-27 09:50 - 07878056 _____ () C:\Program Files (x86)\Chiavetta Internet TM201\UIMain.exe

2013-09-21 19:20 - 2013-07-18 08:02 - 00394824 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll

2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

2014-02-12 20:58 - 2014-02-12 20:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

2010-03-09 02:18 - 2010-03-09 02:18 - 00465576 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll

2010-03-09 02:13 - 2010-03-09 02:13 - 01081600 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\ACE.dll

2014-04-25 18:11 - 2013-08-02 19:21 - 00886272 _____ () C:\Program Files (x86)\Right Backup\System.Data.SQLite.dll

2013-09-21 10:03 - 2009-05-21 00:02 - 00072200 _____ () C:\Program Files (x86)\Launch Manager\CdDirIo.dll

2013-12-02 18:14 - 2009-02-27 17:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll

2006-10-26 13:56 - 2006-10-26 13:56 - 00757008 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL

2013-09-24 14:11 - 2012-04-27 09:50 - 01188280 _____ () C:\Program Files (x86)\Chiavetta Internet TM201\WAITINGFORM.DLL

2013-09-24 14:11 - 2012-04-27 09:50 - 01042360 _____ () C:\Program Files (x86)\Chiavetta Internet TM201\DLL_NETCARD_R.DLL

2009-07-13 23:03 - 2009-07-14 03:15 - 00364544 _____ () C:\Windows\SysWOW64\msjetoledb40.dll

2013-09-24 14:11 - 2012-04-27 09:50 - 00013224 _____ () C:\Program Files (x86)\Chiavetta Internet TM201\rasdll.dll

2014-05-18 19:25 - 2014-05-18 19:25 - 03839088 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
 

==================== Alternate Data Streams (whitelisted) =========
 

AlternateDataStreams: C:\ProgramData\Temp:0B9176C0
 

==================== Safe Mode (whitelisted) ===================
 

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"
 

==================== EXE Association (whitelisted) =============
 
 

==================== Disabled items from MSCONFIG ==============
 
 

==================== Faulty Device Manager Devices =============
 
 

==================== Event log errors: =========================
 

Application errors:

==================

Error: (06/01/2014 06:24:17 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Name der fehlerhaften Anwendung: WSCommCntr2.exe, Version: 3.0.267.0, Zeitstempel: 0x4b71796a

Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16385, Zeitstempel: 0x4a5be02b

Ausnahmecode: 0xc0000005

Fehleroffset: 0x000000000004d174

ID des fehlerhaften Prozesses: 0x1ed0

Startzeit der fehlerhaften Anwendung: 0xWSCommCntr2.exe0

Pfad der fehlerhaften Anwendung: WSCommCntr2.exe1

Pfad des fehlerhaften Moduls: WSCommCntr2.exe2

Berichtskennung: WSCommCntr2.exe3
 

Error: (06/01/2014 06:23:24 PM) (Source: Application Hang) (EventID: 1002) (User: )

Description: Programm acad.exe, Version 24.1.49.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
 

Prozess-ID: f24
 

Startzeit: 01cf7db57a91a4d1
 

Endzeit: 0
 

Anwendungspfad: C:\Program Files\Autodesk\AutoCAD 2011\acad.exe
 

Berichts-ID: faa73ea3-e9a8-11e3-9ce9-206a8a159833
 

Error: (05/27/2014 03:31:30 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Name der fehlerhaften Anwendung: iexplore.exe, Version: 8.0.7600.16385, Zeitstempel: 0x4a5bc69e

Name des fehlerhaften Moduls: urlmon.dll, Version: 8.0.7600.16535, Zeitstempel: 0x4b838917

Ausnahmecode: 0xc0000005

Fehleroffset: 0x0002127c

ID des fehlerhaften Prozesses: 0xdf0

Startzeit der fehlerhaften Anwendung: 0xiexplore.exe0

Pfad der fehlerhaften Anwendung: iexplore.exe1

Pfad des fehlerhaften Moduls: iexplore.exe2

Berichtskennung: iexplore.exe3
 

Error: (05/25/2014 07:24:02 PM) (Source: SideBySide) (EventID: 35) (User: )

Description: Fehler beim Generieren des Aktivierungskontextes für "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1". Fehler in Manifest- oder Richtliniendatei "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" in Zeile  WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.

Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein.

Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".

Definition: WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".

Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose.
 

Error: (05/25/2014 07:23:18 PM) (Source: SideBySide) (EventID: 63) (User: )

Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.

Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 

Error: (05/24/2014 07:29:20 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 11622
 

Error: (05/24/2014 07:29:20 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledEvent 11622
 

Error: (05/24/2014 07:29:20 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: Continuously busy for more than a second
 

Error: (05/24/2014 07:29:19 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 10593
 

Error: (05/24/2014 07:29:19 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledEvent 10593
 
 

System errors:

=============

Error: (06/02/2014 06:09:51 PM) (Source: bowser) (EventID: 8003) (User: )

Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "OLIVOTTO",

der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{B0EB1E8F-5975-4695-A744-09C6203A9C4F}-Transport zu sein scheint.

Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.
 

Error: (06/02/2014 04:43:35 PM) (Source: Service Control Manager) (EventID: 7009) (User: )

Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst RBClientService erreicht.
 

Error: (06/02/2014 04:10:44 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: Der Dienst "Computer Backup (MyPC Backup)" wurde aufgrund folgenden Fehlers nicht gestartet: 

%%1053
 

Error: (06/02/2014 04:10:44 PM) (Source: Service Control Manager) (EventID: 7009) (User: )

Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Computer Backup (MyPC Backup) erreicht.
 

Error: (06/02/2014 08:28:08 AM) (Source: Service Control Manager) (EventID: 7009) (User: )

Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst RBClientService erreicht.
 

Error: (06/02/2014 08:27:35 AM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: Der Dienst "Computer Backup (MyPC Backup)" wurde aufgrund folgenden Fehlers nicht gestartet: 

%%1053
 

Error: (06/02/2014 08:27:35 AM) (Source: Service Control Manager) (EventID: 7009) (User: )

Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Computer Backup (MyPC Backup) erreicht.
 

Error: (05/29/2014 03:40:06 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: Der Dienst "Computer Backup (MyPC Backup)" wurde aufgrund folgenden Fehlers nicht gestartet: 

%%1053
 

Error: (05/29/2014 03:40:06 PM) (Source: Service Control Manager) (EventID: 7009) (User: )

Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Computer Backup (MyPC Backup) erreicht.
 

Error: (05/27/2014 03:36:30 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: Der Dienst "Computer Backup (MyPC Backup)" wurde aufgrund folgenden Fehlers nicht gestartet: 

%%1053
 
 

Microsoft Office Sessions:

=========================
 

==================== Memory info =========================== 
 

Percentage of memory in use: 48%

Total physical RAM: 3956.5 MB

Available physical RAM: 2057.34 MB

Total Pagefile: 7911.14 MB

Available Pagefile: 5409.42 MB

Total Virtual: 8192 MB

Available Virtual: 8191.84 MB
 

==================== Drives ================================
 

Drive c: (ACER) (Fixed) (Total:452.48 GB) (Free:382.09 GB) NTFS

Drive e: (ONDA TM201) (CDROM) (Total:0.03 GB) (Free:0 GB) CDFS
 

==================== MBR & Partition Table ==================
 

========================================================

Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 466 GB) (Disk ID: D68CD68C)

Partition 1: (Not Active) - (Size=13 GB) - (Type=27)

Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=452 GB) - (Type=07 NTFS)
 

==================== End Of Log ============================

was ich nicht deinstalliert habe, war das java..auf meinem computer ist java 7 update 40 installiert

Adware & Co. deinstallieren

Lade Dir bitte von hier http://deeprybka.trojaner-board.de/b...ninstaller.pngRevo Uninstaller herunter.
Installiere und starte das Programm.
Suche im Uninstallerfeld nach den Programmen, die unter:
http://deeprybka.trojaner-board.de/b.../revo/add1.png
diesen Zusatz haben:
http://deeprybka.trojaner-board.de/b...e/revo/att.PNG
Wähle die Programme nacheinander aus und klicke jedesmal auf Uninstall.
Wähle anschließend den Modus "Moderat" aus.
http://deeprybka.trojaner-board.de/b.../uninstall.PNG http://deeprybka.trojaner-board.de/b...o/moderat2.PNG
Reste löschen:
Klicke auf http://deeprybka.trojaner-board.de/b.../selectall.PNG dann auf http://deeprybka.trojaner-board.de/b...evo/delete.PNG und dann auf http://deeprybka.trojaner-board.de/b...evo/weiter.PNG.

Solltest Du ein Programm nicht finden oder nicht deinstallieren können, mache bitte mit dem nächsten Schritt weiter:

Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

und ein frisches FRST log bitte.

Code:

Malwarebytes Anti-Malware

www.malwarebytes.org
 

Suchlauf Datum: 03.06.2014

Suchlauf-Zeit: 20:00:30

Logdatei: mbam.txt

Administrator: Ja
 

Version: 2.00.2.1012

Malware Datenbank: v2014.06.03.06

Rootkit Datenbank: v2014.06.02.01

Lizenz: Testversion

Malware Schutz: Aktiviert

Bösartiger Webseiten Schutz: Aktiviert

Self-protection: Deaktiviert
 

Betriebssystem: Windows 7

CPU: x64

Dateisystem: NTFS

Benutzer: Nadine
 

Suchlauf-Art: Bedrohungs-Suchlauf

Ergebnis: Abgeschlossen

Durchsuchte Objekte: 350494

Verstrichene Zeit: 12 Min, 51 Sek
 

Speicher: Aktiviert

Autostart: Aktiviert

Dateisystem: Aktiviert

Archive: Aktiviert

Rootkits: Deaktiviert

Heuristics: Aktiviert

PUP: Aktiviert

PUM: Aktiviert
 

Prozesse: 0

(No malicious items detected)
 

Module: 0

(No malicious items detected)
 

Registrierungsschlüssel: 0

(No malicious items detected)
 

Registrierungswerte: 0

(No malicious items detected)
 

Registrierungsdaten: 0

(No malicious items detected)
 

Ordner: 0

(No malicious items detected)
 

Dateien: 0

(No malicious items detected)
 

Physische Sektoren: 0

(No malicious items detected)
 
 

(end)

Code:

# AdwCleaner v3.211 - Bericht erstellt am 03/06/2014 um 20:21:17

# Aktualisiert 26/05/2014 von Xplode

# Betriebssystem : Windows 7 Home Premium  (64 bits)

# Benutzername : Nadine - NADINE-PC

# Gestartet von : C:\Users\Nadine\Downloads\adwcleaner_3.211(2).exe

# Option : Löschen
 

***** [ Dienste ] *****
 
 

***** [ Dateien / Ordner ] *****
 

[!] Ordner Gelöscht : C:\ProgramData\Systweak

[!] Ordner Gelöscht : C:\Users\Nadine\AppData\Roaming\Systweak
 

***** [ Verknüpfungen ] *****
 
 

***** [ Registrierungsdatenbank ] *****
 

Schlüssel Gelöscht : HKCU\Software\systweak

Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software

Schlüssel Gelöscht : HKLM\Software\systweak
 

***** [ Browser ] *****
 

-\\ Internet Explorer v8.0.7600.16385
 
 

-\\ Mozilla Firefox v29.0.1 (de)
 

[ Datei : C:\Users\Domo\AppData\Roaming\Mozilla\Firefox\Profiles\tcw8pe6j.default\prefs.js ]
 
 

[ Datei : C:\Users\Nadine\AppData\Roaming\Mozilla\Firefox\Profiles\8kfzxwdu.default\prefs.js ]
 
 

*************************
 

AdwCleaner[R1].txt - [1205 octets] - [03/06/2014 20:20:27]

AdwCleaner[S1].txt - [1083 octets] - [03/06/2014 20:21:17]
 

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1143 octets] ##########

Code:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.1.4 (04.06.2014:1)

OS: Windows 7 Home Premium x64

Ran by Nadine on 03.06.2014 at 20:30:30,13

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 

~~~ Services
 
 
 

~~~ Registry Values
 

Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\apntbmon
 
 
 

~~~ Registry Keys
 

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\systweak

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\systweak

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\babylontc.gingerapplication
 
 
 

~~~ Files
 
 
 

~~~ Folders
 

Successfully deleted: [Folder] "C:\ProgramData\apn"

Successfully deleted: [Folder] "C:\ProgramData\boost_interprocess"

Successfully deleted: [Folder] "C:\ProgramData\systweak"

Successfully deleted: [Folder] "C:\Users\Nadine\AppData\Roaming\systweak"
 
 
 

~~~ FireFox
 

Emptied folder: C:\Users\Nadine\AppData\Roaming\mozilla\firefox\profiles\8kfzxwdu.default\minidumps [53 files]
 
 
 

~~~ Event Viewer Logs were cleared
 
 
 
 
 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on 03.06.2014 at 20:41:51,37

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-06-2014

Ran by Nadine (administrator) on NADINE-PC on 03-06-2014 20:39:27

Running from C:\Users\Nadine\Downloads

Platform: Windows 7 Home Premium (X64) OS Language: German Standard

Internet Explorer Version 8

Boot Mode: Normal
 
 

==================== Processes (Whitelisted) =================
 

(AMD) C:\Windows\System32\atiesrxx.exe

(AMD) C:\Windows\System32\atieclxx.exe

(Microsoft Corporation) C:\Windows\System32\wlanext.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

(APN LLC.) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe

(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe

(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe

(Systweak) C:\Program Files (x86)\Right Backup\RightBackup.exe

(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe

(Egis Technology Inc.) C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe

(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe

(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApMsgFwd.exe

(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApntEx.exe

(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Hidfind.exe

(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe

(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe

(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

(APN) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe

(Nuance Communications, Inc.) C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe

(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe

(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe

(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe

(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe

(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe

(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\ControlCenter3\BrccMCtl.exe

(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfcMon.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe

(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe

(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe

() C:\Windows\SysWOW64\PnkBstrA.exe

() C:\Windows\SysWOW64\PnkBstrB.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe

(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

() C:\Program Files (x86)\Chiavetta Internet TM201\UIMain.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe

(Thisisu) C:\Users\Nadine\Downloads\JRT.exe

(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe

(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe

(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe

(Systweak) C:\Program Files (x86)\Right Backup\RBClientService.exe
 
 

==================== Registry (Whitelisted) ==================
 

HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [323584 2009-09-23] (Alcor Micro Corp.)

HKLM\...\Run: [mwlDaemon] => C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe [349552 2010-02-01] (Egis Technology Inc.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [9643552 2009-12-11] (Realtek Semiconductor)

HKLM\...\Run: [Apoint] => C:\Program Files\Apoint2K\Apoint.exe [325120 2009-10-22] (Alps Electric Co., Ltd.)

HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [861216 2010-04-23] (Acer Incorporated)

HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [260608 2010-03-09] (NewTech Infosystems, Inc.)

HKLM-x32\...\Run: [SuiteTray] => C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [337264 2010-02-01] (Egis Technology Inc.)

HKLM-x32\...\Run: [EgisUpdate] => C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [201512 2009-12-25] (Egis Technology Inc.)

HKLM-x32\...\Run: [EgisTecPMMUpdate] => C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [401192 2009-12-25] (Egis Technology Inc.)

HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-01-22] (Advanced Micro Devices, Inc.)

HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [908368 2010-04-08] (Dritek System Inc.)

HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-20] (Avira Operations GmbH & Co. KG)

HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)

HKLM-x32\...\Run: [SSBkgdUpdate] => C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [210472 2006-10-25] (Nuance Communications, Inc.)

HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe [29984 2008-07-10] (Nuance Communications, Inc.)

HKLM-x32\...\Run: [IndexSearch] => C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe [46368 2008-07-10] (Nuance Communications, Inc.)

HKLM-x32\...\Run: [PPort11reminder] => C:\Program Files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe [328992 2007-08-31] (Nuance Communications, Inc.)

HKLM-x32\...\Run: [BrMfcWnd] => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1159168 2009-05-26] (Brother Industries, Ltd.)

HKLM-x32\...\Run: [ControlCenter3] => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)

HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)

HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3814736 2014-04-15] (LogMeIn Inc.)

HKU\S-1-5-21-2528630756-1155624373-988283130-1000\...\MountPoints2: {6a541d9c-227e-11e3-aa11-806e6f6e6963} - D:\start.exe

HKU\S-1-5-21-2528630756-1155624373-988283130-1000\...\MountPoints2: {8a538d68-76f4-11e3-bd9e-4c0f6e785fc0} - F:\Autorun.exe

HKU\S-1-5-21-2528630756-1155624373-988283130-1000\...\MountPoints2: {d09dc8b4-2511-11e3-9d25-4c0f6e785fc0} - E:\Windows\AutoRun.exe

HKU\S-1-5-21-2528630756-1155624373-988283130-1000\...\MountPoints2: {d09dc8c6-2511-11e3-9d25-4c0f6e785fc0} - E:\Windows\AutoRun.exe

GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
 

==================== Internet (Whitelisted) ====================
 

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_7741&r=27360913i106l0448z145t4781o97s

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_7741&r=27360913i106l0448z145t4781o97s

StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe

SearchScopes: HKLM-x32 - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW

SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = 

SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 

BHO: Systweak Toolbar for Internet Explorer - {F0D6F486-7230-3139-1997-CB2FBCF4E080} - C:\Program Files\Systweak Toolbar\systweak-64.dll (Systweak Software)

BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File

BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO-x32: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

BHO-x32: Systweak Toolbar for Internet Explorer - {F0D6F486-7230-3139-1997-CB2FBCF4E080} - C:\Program Files\Systweak Toolbar\systweak-32.dll (Systweak Software)

Toolbar: HKLM - Systweak Toolbar for Internet Explorer - {F0D6F486-7230-3139-1997-CB2FBCF4E080} - C:\Program Files\Systweak Toolbar\systweak-64.dll (Systweak Software)

Toolbar: HKLM-x32 - Systweak Toolbar for Internet Explorer - {F0D6F486-7230-3139-1997-CB2FBCF4E080} - C:\Program Files\Systweak Toolbar\systweak-32.dll (Systweak Software)

Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)

Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)

Tcpip\..\Interfaces\{F1724213-A2EF-4690-B760-C00A768CC68B}: [NameServer]10.207.43.46 10.206.56.132
 

FireFox:

========

FF ProfilePath: C:\Users\Nadine\AppData\Roaming\Mozilla\Firefox\Profiles\8kfzxwdu.default

FF SearchEngineOrder.1: Ask Search

FF Homepage: chrome://fastdial/content/fastdial.html

FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()

FF Plugin: @videolan.org/vlc,version=2.0.6 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF Plugin: @videolan.org/vlc,version=2.0.8 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()

FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF Plugin-x32: @java.com/DTPlugin,version=10.40.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=10.40.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\3.0.40624.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml

FF Extension: Fast Dial - C:\Users\Nadine\AppData\Roaming\Mozilla\Firefox\Profiles\8kfzxwdu.default\Extensions\fastdial@telega.phpnet.us [2013-09-21]
 

==================== Services (Whitelisted) =================
 

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)

R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)

S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1017424 2014-02-20] (Avira Operations GmbH & Co. KG)

R2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [166352 2014-05-16] (APN LLC.)

R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [377616 2014-04-08] (LogMeIn, Inc.)

R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)

R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)

S3 MWLService; C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [305520 2010-02-01] (Egis Technology Inc.)

R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-03-09] ()

R2 PnkBstrB; C:\Windows\SysWOW64\PnkBstrB.exe [189104 2014-03-29] ()

R2 RBClientService; C:\Program Files (x86)\Right Backup\RBClientService.exe [48472 2014-04-24] (Systweak)
 

==================== Drivers (Whitelisted) ====================
 

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2014-01-17] (Avira Operations GmbH & Co. KG)

R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2014-01-17] (Avira Operations GmbH & Co. KG)

R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-01-17] (Avira Operations GmbH & Co. KG)

R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2014-01-06] (DT Soft Ltd)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)

R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-06-03] (Malwarebytes Corporation)

R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)

R3 onda_cdc_acm; C:\Windows\System32\DRIVERS\onda_cdc_acm.sys [79872 2012-01-25] (ONDA)

R3 onda_cdc_ecm; C:\Windows\System32\DRIVERS\onda_cdc_ecm.sys [60416 2012-01-25] (ONDA)

R3 onda_ecm_enum; C:\Windows\System32\DRIVERS\onda_ecm_enum.sys [56832 2012-01-25] (ONDA)

R3 onda_ecm_enum_filter; C:\Windows\System32\DRIVERS\onda_ecm_enum_filter.sys [56832 2012-01-25] (ONDA)

S3 onda_wcpo; C:\Windows\System32\DRIVERS\onda_wcpo.sys [10752 2012-01-25] (ONDA)
 

==================== NetSvcs (Whitelisted) ===================
 
 

==================== One Month Created Files and Folders ========
 

2014-06-03 20:34 - 2014-06-03 20:34 - 00000000 ____D () C:\ProgramData\Systweak

2014-06-03 20:30 - 2014-06-03 20:30 - 00000000 ____D () C:\Windows\ERUNT

2014-06-03 20:29 - 2014-06-03 20:30 - 01016261 _____ (Thisisu) C:\Users\Nadine\Downloads\JRT.exe

2014-06-03 20:20 - 2014-06-03 20:21 - 00000000 ____D () C:\AdwCleaner

2014-06-03 20:16 - 2014-06-03 20:16 - 01327971 _____ () C:\Users\Nadine\Downloads\adwcleaner_3.211(2).exe

2014-06-03 20:15 - 2014-06-03 20:15 - 00001143 _____ () C:\Users\Nadine\Desktop\mbam.txt

2014-06-03 19:56 - 2014-06-03 19:57 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Nadine\Downloads\mbam-setup-2.0.2.1012(1).exe

2014-06-03 19:49 - 2014-06-03 19:49 - 00001380 _____ () C:\Users\Nadine\Desktop\FRST64 - Verknüpfung.lnk

2014-06-03 19:49 - 2014-06-03 19:49 - 00000000 ____D () C:\Users\Nadine\Downloads\FRST-OlderVersion

2014-06-03 19:44 - 2014-06-03 19:44 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Nadine\Downloads\revosetup95.exe

2014-06-03 19:44 - 2014-06-03 19:44 - 00001268 _____ () C:\Users\Nadine\Desktop\Revo Uninstaller.lnk

2014-06-03 19:44 - 2014-06-03 19:44 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group

2014-06-02 17:05 - 2014-06-03 20:26 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-06-02 17:04 - 2014-06-03 19:58 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-06-02 17:04 - 2014-06-03 19:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2014-06-02 17:04 - 2014-06-03 19:58 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-06-02 17:04 - 2014-06-02 17:04 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-06-02 17:04 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2014-06-02 17:04 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2014-06-02 17:04 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2014-06-02 17:03 - 2014-06-02 17:04 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Nadine\Downloads\mbam-setup-2.0.2.1012.exe

2014-06-02 16:53 - 2014-06-02 19:29 - 00027647 _____ () C:\Users\Nadine\Downloads\Addition.txt

2014-06-02 16:52 - 2014-06-03 20:39 - 00016197 _____ () C:\Users\Nadine\Downloads\FRST.txt

2014-06-02 16:52 - 2014-06-03 20:39 - 00000000 ____D () C:\FRST

2014-06-02 16:51 - 2014-06-03 19:49 - 02068992 _____ (Farbar) C:\Users\Nadine\Downloads\FRST64.exe

2014-06-02 16:37 - 2014-06-02 16:41 - 00000000 ____D () C:\Users\Nadine\Desktop\AdwCleaner

2014-06-02 16:37 - 2014-06-02 16:37 - 01327971 _____ () C:\Users\Nadine\Downloads\adwcleaner_3.211(1).exe

2014-06-02 16:35 - 2014-06-02 16:36 - 01327971 _____ () C:\Users\Nadine\Downloads\adwcleaner_3.211.exe

2014-06-02 16:34 - 2014-06-02 16:34 - 00001162 _____ () C:\Users\Nadine\Desktop\Live PC Help.lnk

2014-06-01 18:34 - 2014-06-01 19:04 - 00224300 _____ () C:\Users\Domo\Desktop\zeichnung dach.dwg

2014-05-18 19:25 - 2014-05-18 19:25 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

2014-05-08 18:47 - 2014-05-08 18:47 - 00008495 _____ () C:\Users\Domo\Documents\Mappe1.xlsx

2014-05-07 19:46 - 2014-05-07 19:46 - 00000000 ____D () C:\Users\Verena&Ali\AppData\Roaming\Apple Computer
 

==================== One Month Modified Files and Folders =======
 

2014-06-03 20:39 - 2014-06-02 16:52 - 00016197 _____ () C:\Users\Nadine\Downloads\FRST.txt

2014-06-03 20:39 - 2014-06-02 16:52 - 00000000 ____D () C:\FRST

2014-06-03 20:39 - 2014-04-24 15:23 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-06-03 20:39 - 2013-09-21 07:37 - 00000000 ____D () C:\Users\Nadine\AppData\Local\Temp

2014-06-03 20:34 - 2014-06-03 20:34 - 00000000 ____D () C:\ProgramData\Systweak

2014-06-03 20:33 - 2009-07-14 06:45 - 00017376 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-06-03 20:33 - 2009-07-14 06:45 - 00017376 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-06-03 20:30 - 2014-06-03 20:30 - 00000000 ____D () C:\Windows\ERUNT

2014-06-03 20:30 - 2014-06-03 20:29 - 01016261 _____ (Thisisu) C:\Users\Nadine\Downloads\JRT.exe

2014-06-03 20:26 - 2014-06-02 17:05 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-06-03 20:26 - 2014-04-24 14:36 - 00003066 _____ () C:\Windows\System32\Tasks\Right Backup_startup

2014-06-03 20:26 - 2013-09-24 14:10 - 00000000 ____D () C:\Program Files (x86)\Chiavetta Internet TM201

2014-06-03 20:25 - 2013-10-06 20:28 - 00000000 ____D () C:\Users\Nadine\AppData\Local\LogMeIn Hamachi

2014-06-03 20:22 - 2014-04-24 15:23 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-06-03 20:22 - 2010-05-07 01:36 - 00173256 _____ () C:\Windows\PFRO.log

2014-06-03 20:22 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-06-03 20:22 - 2009-07-14 06:51 - 00089793 _____ () C:\Windows\setupact.log

2014-06-03 20:21 - 2014-06-03 20:20 - 00000000 ____D () C:\AdwCleaner

2014-06-03 20:21 - 2013-09-21 07:39 - 01294654 _____ () C:\Windows\WindowsUpdate.log

2014-06-03 20:16 - 2014-06-03 20:16 - 01327971 _____ () C:\Users\Nadine\Downloads\adwcleaner_3.211(2).exe

2014-06-03 20:15 - 2014-06-03 20:15 - 00001143 _____ () C:\Users\Nadine\Desktop\mbam.txt

2014-06-03 20:11 - 2013-09-21 20:29 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2014-06-03 19:58 - 2014-06-02 17:04 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-06-03 19:58 - 2014-06-02 17:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2014-06-03 19:58 - 2014-06-02 17:04 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-06-03 19:57 - 2014-06-03 19:56 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Nadine\Downloads\mbam-setup-2.0.2.1012(1).exe

2014-06-03 19:49 - 2014-06-03 19:49 - 00001380 _____ () C:\Users\Nadine\Desktop\FRST64 - Verknüpfung.lnk

2014-06-03 19:49 - 2014-06-03 19:49 - 00000000 ____D () C:\Users\Nadine\Downloads\FRST-OlderVersion

2014-06-03 19:49 - 2014-06-02 16:51 - 02068992 _____ (Farbar) C:\Users\Nadine\Downloads\FRST64.exe

2014-06-03 19:44 - 2014-06-03 19:44 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Nadine\Downloads\revosetup95.exe

2014-06-03 19:44 - 2014-06-03 19:44 - 00001268 _____ () C:\Users\Nadine\Desktop\Revo Uninstaller.lnk

2014-06-03 19:44 - 2014-06-03 19:44 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group

2014-06-03 17:24 - 2013-10-18 16:43 - 00000000 ____D () C:\Users\Nadine\Documents\Facharbeit

2014-06-03 17:10 - 2013-09-21 10:13 - 00647376 _____ () C:\Windows\system32\perfh007.dat

2014-06-03 17:10 - 2013-09-21 10:13 - 00127404 _____ () C:\Windows\system32\perfc007.dat

2014-06-03 17:10 - 2009-07-14 07:13 - 01480666 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-06-02 20:23 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\Help

2014-06-02 19:29 - 2014-06-02 16:53 - 00027647 _____ () C:\Users\Nadine\Downloads\Addition.txt

2014-06-02 17:26 - 2013-09-21 20:56 - 00000000 ____D () C:\Users\Domo\AppData\Local\Temp

2014-06-02 17:04 - 2014-06-02 17:04 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-06-02 17:04 - 2014-06-02 17:03 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Nadine\Downloads\mbam-setup-2.0.2.1012.exe

2014-06-02 16:41 - 2014-06-02 16:37 - 00000000 ____D () C:\Users\Nadine\Desktop\AdwCleaner

2014-06-02 16:41 - 2013-09-21 20:56 - 00000000 ___RD () C:\Users\Domo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

2014-06-02 16:41 - 2013-09-21 20:25 - 00000815 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk

2014-06-02 16:37 - 2014-06-02 16:37 - 01327971 _____ () C:\Users\Nadine\Downloads\adwcleaner_3.211(1).exe

2014-06-02 16:36 - 2014-06-02 16:35 - 01327971 _____ () C:\Users\Nadine\Downloads\adwcleaner_3.211.exe

2014-06-02 16:34 - 2014-06-02 16:34 - 00001162 _____ () C:\Users\Nadine\Desktop\Live PC Help.lnk

2014-06-02 08:34 - 2013-09-21 21:02 - 00000000 ____D () C:\Users\Domo\AppData\Local\Autodesk

2014-06-02 08:29 - 2014-05-03 20:12 - 00001426 _____ () C:\Users\Domo\Desktop\Registry kostenlos entrümpeln!.lnk

2014-06-02 08:28 - 2013-10-05 16:36 - 00000000 ____D () C:\Users\Domo\AppData\Local\LogMeIn Hamachi

2014-06-01 19:04 - 2014-06-01 18:34 - 00224300 _____ () C:\Users\Domo\Desktop\zeichnung dach.dwg

2014-05-27 15:38 - 2013-10-01 22:32 - 00000000 ____D () C:\Users\Verena&Ali\AppData\Local\Temp

2014-05-27 15:36 - 2013-10-12 17:44 - 00000000 ____D () C:\Users\Verena&Ali\AppData\Local\LogMeIn Hamachi

2014-05-22 18:45 - 2013-09-21 20:25 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service

2014-05-19 20:11 - 2013-10-02 18:40 - 00011668 _____ () C:\Users\Verena&Ali\Documents\bankdaten.xlsx

2014-05-18 19:25 - 2014-05-18 19:25 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

2014-05-18 19:11 - 2013-09-21 20:29 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2014-05-18 19:11 - 2013-09-21 20:29 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2014-05-18 19:11 - 2013-09-21 20:29 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater

2014-05-12 07:26 - 2014-06-02 17:04 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2014-05-12 07:26 - 2014-06-02 17:04 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2014-05-12 07:25 - 2014-06-02 17:04 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2014-05-11 18:34 - 2014-04-24 15:23 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA

2014-05-11 18:34 - 2014-04-24 15:23 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

2014-05-08 18:47 - 2014-05-08 18:47 - 00008495 _____ () C:\Users\Domo\Documents\Mappe1.xlsx

2014-05-07 19:46 - 2014-05-07 19:46 - 00000000 ____D () C:\Users\Verena&Ali\AppData\Roaming\Apple Computer
 

Files to move or delete:

====================

C:\Users\Public\AlexaNSISPlugin.3972.dll
 
 

Some content of TEMP:

====================

C:\Users\Domo\AppData\Local\Temp\AcDeltree.exe

C:\Users\Domo\AppData\Local\Temp\APNSetup.exe

C:\Users\Domo\AppData\Local\Temp\AutoRun.exe

C:\Users\Domo\AppData\Local\Temp\AutoRunGUI.dll

C:\Users\Domo\AppData\Local\Temp\avgnt.exe

C:\Users\Domo\AppData\Local\Temp\BackupSetup.exe

C:\Users\Domo\AppData\Local\Temp\eauninstall.exe

C:\Users\Domo\AppData\Local\Temp\octE035.tmp.exe

C:\Users\Domo\AppData\Local\Temp\The Battle for Middle-earth II_uninst.exe

C:\Users\Domo\AppData\Local\Temp\vcredist_x64.exe

C:\Users\Nadine\AppData\Local\Temp\avgnt.exe

C:\Users\Nadine\AppData\Local\Temp\FNP_ACT_InstallerCA.dll

C:\Users\Nadine\AppData\Local\Temp\Quarantine.exe

C:\Users\Nadine\AppData\Local\Temp\vlc-2.0.8-win64.exe

C:\Users\Nadine\AppData\Local\Temp\_isE717.exe

C:\Users\Nadine\AppData\Local\Temp\_isFC6B.exe

C:\Users\Verena&Ali\AppData\Local\Temp\avgnt.exe
 
 

==================== Bamital & volsnap Check =================
 

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\rpcss.dll => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 

LastRegBack: 2014-05-29 16:10
 

==================== End Of Log ============================

--- --- ---

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)

Code:

C:\$Recycle.Bin\S-1-5-21-2528630756-1155624373-988283130-1000\$R8YM42S\Quarantine\C\Program Files (x86)\Amazon Browser Bar\search_protect.exe.vir        Win32/Distromatic.B evtl. unerwünschte Anwendung

C:\$Recycle.Bin\S-1-5-21-2528630756-1155624373-988283130-1000\$R8YM42S\Quarantine\C\Program Files (x86)\AnyProtectEx\AnyProtectTrayIcon.exe.vir        Variante von Win32/AnyProtect.D evtl. unerwünschte Anwendung

C:\$Recycle.Bin\S-1-5-21-2528630756-1155624373-988283130-1000\$R8YM42S\Quarantine\C\Program Files (x86)\HDTotalS\53172.crx.vir        JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung

C:\$Recycle.Bin\S-1-5-21-2528630756-1155624373-988283130-1000\$R8YM42S\Quarantine\C\Program Files (x86)\HDTotalS\53172.xpi.vir        JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung

C:\$Recycle.Bin\S-1-5-21-2528630756-1155624373-988283130-1000\$R8YM42S\Quarantine\C\Program Files (x86)\HDTotalS\HDTotalS-bg.exe.vir        Variante von Win32/Toolbar.CrossRider.AA evtl. unerwünschte Anwendung

C:\$Recycle.Bin\S-1-5-21-2528630756-1155624373-988283130-1000\$R8YM42S\Quarantine\C\Program Files (x86)\HDTotalS\HDTotalS-bho.dll.vir        Variante von Win32/Toolbar.CrossRider.AF evtl. unerwünschte Anwendung

C:\$Recycle.Bin\S-1-5-21-2528630756-1155624373-988283130-1000\$R8YM42S\Quarantine\C\Program Files (x86)\HDTotalS\HDTotalS-bho64.dll.vir        Variante von Win64/Toolbar.Crossrider.D evtl. unerwünschte Anwendung

C:\$Recycle.Bin\S-1-5-21-2528630756-1155624373-988283130-1000\$R8YM42S\Quarantine\C\Program Files (x86)\HDTotalS\utils.exe.vir        Win32/Toolbar.CrossRider.AB evtl. unerwünschte Anwendung

C:\$Recycle.Bin\S-1-5-21-2528630756-1155624373-988283130-1000\$R8YM42S\Quarantine\C\Program Files (x86)\media enhance\44150.crx.vir        JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung

C:\$Recycle.Bin\S-1-5-21-2528630756-1155624373-988283130-1000\$R8YM42S\Quarantine\C\Program Files (x86)\media enhance\44150.xpi.vir        JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung

C:\$Recycle.Bin\S-1-5-21-2528630756-1155624373-988283130-1000\$R8YM42S\Quarantine\C\Program Files (x86)\media enhance\media enhance-bg.exe.vir        Variante von Win32/Toolbar.CrossRider.AA evtl. unerwünschte Anwendung

C:\$Recycle.Bin\S-1-5-21-2528630756-1155624373-988283130-1000\$R8YM42S\Quarantine\C\Program Files (x86)\media enhance\media enhance-bho64.dll.vir        Variante von Win64/Toolbar.Crossrider.D evtl. unerwünschte Anwendung

C:\$Recycle.Bin\S-1-5-21-2528630756-1155624373-988283130-1000\$R8YM42S\Quarantine\C\Program Files (x86)\media enhance\media enhance-codedownloader.exe.vir        Variante von Win32/Toolbar.CrossRider.AA evtl. unerwünschte Anwendung

C:\$Recycle.Bin\S-1-5-21-2528630756-1155624373-988283130-1000\$R8YM42S\Quarantine\C\Program Files (x86)\media enhance\media enhance-enabler.exe.vir        Variante von Win32/Toolbar.CrossRider.AC evtl. unerwünschte Anwendung

C:\$Recycle.Bin\S-1-5-21-2528630756-1155624373-988283130-1000\$R8YM42S\Quarantine\C\Program Files (x86)\media enhance\media enhance-updater.exe.vir        Variante von Win32/Toolbar.CrossRider.AC evtl. unerwünschte Anwendung

C:\$Recycle.Bin\S-1-5-21-2528630756-1155624373-988283130-1000\$R8YM42S\Quarantine\C\Program Files (x86)\media enhance\utils.exe.vir        Win32/Toolbar.CrossRider.AB evtl. unerwünschte Anwendung

C:\Users\Domo\AppData\Local\nsn67C2.tmp        Variante von Win32/AnyProtect.D evtl. unerwünschte Anwendung

C:\Users\Domo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V3A9Y17A\monetizationLoader[1].js        JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung

C:\Users\Domo\AppData\Local\Mozilla\Firefox\Profiles\tcw8pe6j.default\Cache\1\6F\6CC7Bd01        JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung

C:\Users\Domo\AppData\Local\Temp\jkiDFEA.tmp        Variante von MSIL/DomaIQ.X evtl. unerwünschte Anwendung

C:\Users\Domo\AppData\Local\Temp\nsn67C2.tmp        Variante von Win32/AnyProtect.D evtl. unerwünschte Anwendung

C:\Users\Domo\AppData\Local\Temp\92009763-1644-4b1c-bc6b-5735c9938d8b\software\Cloud_Backup_Setup.exe        Win32/MyPCBackup.A evtl. unerwünschte Anwendung

C:\Users\Domo\AppData\Local\Temp\92009763-1644-4b1c-bc6b-5735c9938d8b\software\Re-markit_2040-2082.exe        Variante von Win32/AdWare.AddLyrics.AH Anwendung

C:\Users\Domo\AppData\Local\Temp\is45637729\27129928_stp\AnyProtectScannerSetup.exe        Variante von Win32/AnyProtect.D evtl. unerwünschte Anwendung

C:\Users\Domo\AppData\Local\Temp\is45637729\27130070_stp\wajam_validate.exe        Win32/Wajam.F evtl. unerwünschte Anwendung

C:\Users\Domo\AppData\Local\Temp\is45637729\28332680_stp\AnyProtectScannerSetup.exe        Variante von Win32/AnyProtect.D evtl. unerwünschte Anwendung

C:\Users\Domo\AppData\Local\Temp\is45637729\28332705_stp\wajam_validate.exe        Win32/Wajam.F evtl. unerwünschte Anwendung

C:\Users\Domo\AppData\Local\Temp\is45637729\29534924_stp\AnyProtectScannerSetup.exe        Variante von Win32/AnyProtect.D evtl. unerwünschte Anwendung

C:\Users\Domo\AppData\Local\Temp\is45637729\30739308_stp\AnyProtectScannerSetup.exe        Variante von Win32/AnyProtect.D evtl. unerwünschte Anwendung

C:\Users\Domo\AppData\Local\Temp\is45637729\30739343_stp\wajam_validate.exe        Win32/Wajam.F evtl. unerwünschte Anwendung

C:\Users\Domo\Downloads\rcpsaymgcam_smg2526500.exe        Win32/Systweak.B evtl. unerwünschte Anwendung

C:\Users\Nadine\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2WNY10VX\monetizationLoader[1].js        JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung

C:\Users\Nadine\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EMNMXY5S\monetizationLoader[1].js        JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung

C:\Users\Nadine\AppData\Local\Temp\nsa8402.tmp\zplugins.dll        Win32/Distromatic.B evtl. unerwünschte Anwendung

C:\Users\Nadine\Desktop\AdwCleaner\Quarantine\C\Program Files (x86)\Amazon Browser Bar\search_protect.exe.vir        Win32/Distromatic.B evtl. unerwünschte Anwendung

C:\Users\Nadine\Desktop\AdwCleaner\Quarantine\C\Program Files (x86)\AnyProtectEx\AnyProtectTrayIcon.exe.vir        Variante von Win32/AnyProtect.D evtl. unerwünschte Anwendung

C:\Users\Nadine\Desktop\AdwCleaner\Quarantine\C\Program Files (x86)\HDTotalS\53172.crx.vir        JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung

C:\Users\Nadine\Desktop\AdwCleaner\Quarantine\C\Program Files (x86)\HDTotalS\53172.xpi.vir        JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung

C:\Users\Nadine\Desktop\AdwCleaner\Quarantine\C\Program Files (x86)\HDTotalS\HDTotalS-bg.exe.vir        Variante von Win32/Toolbar.CrossRider.AA evtl. unerwünschte Anwendung

C:\Users\Nadine\Desktop\AdwCleaner\Quarantine\C\Program Files (x86)\HDTotalS\HDTotalS-bho.dll.vir        Variante von Win32/Toolbar.CrossRider.AF evtl. unerwünschte Anwendung

C:\Users\Nadine\Desktop\AdwCleaner\Quarantine\C\Program Files (x86)\HDTotalS\HDTotalS-bho64.dll.vir        Variante von Win64/Toolbar.Crossrider.D evtl. unerwünschte Anwendung

C:\Users\Nadine\Desktop\AdwCleaner\Quarantine\C\Program Files (x86)\HDTotalS\utils.exe.vir        Win32/Toolbar.CrossRider.AB evtl. unerwünschte Anwendung

C:\Users\Nadine\Desktop\AdwCleaner\Quarantine\C\Program Files (x86)\media enhance\44150.crx.vir        JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung

C:\Users\Nadine\Desktop\AdwCleaner\Quarantine\C\Program Files (x86)\media enhance\44150.xpi.vir        JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung

C:\Users\Nadine\Desktop\AdwCleaner\Quarantine\C\Program Files (x86)\media enhance\media enhance-bg.exe.vir        Variante von Win32/Toolbar.CrossRider.AA evtl. unerwünschte Anwendung

C:\Users\Nadine\Desktop\AdwCleaner\Quarantine\C\Program Files (x86)\media enhance\media enhance-bho64.dll.vir        Variante von Win64/Toolbar.Crossrider.D evtl. unerwünschte Anwendung

C:\Users\Nadine\Desktop\AdwCleaner\Quarantine\C\Program Files (x86)\media enhance\media enhance-codedownloader.exe.vir        Variante von Win32/Toolbar.CrossRider.AA evtl. unerwünschte Anwendung

C:\Users\Nadine\Desktop\AdwCleaner\Quarantine\C\Program Files (x86)\media enhance\media enhance-enabler.exe.vir        Variante von Win32/Toolbar.CrossRider.AC evtl. unerwünschte Anwendung

C:\Users\Nadine\Desktop\AdwCleaner\Quarantine\C\Program Files (x86)\media enhance\media enhance-updater.exe.vir        Variante von Win32/Toolbar.CrossRider.AC evtl. unerwünschte Anwendung

C:\Users\Nadine\Desktop\AdwCleaner\Quarantine\C\Program Files (x86)\media enhance\utils.exe.vir        Win32/Toolbar.CrossRider.AB evtl. unerwünschte Anwendung

C:\Users\Nadine\Desktop\AdwCleaner\Quarantine\C\Program Files (x86)\Re-markit-soft\Re-markit157.exe.vir        Variante von Win32/AdWare.AddLyrics.AK Anwendung

C:\Users\Nadine\Desktop\AdwCleaner\Quarantine\C\Program Files (x86)\Re-markit-soft\Re-markit_wd.exe.vir        Variante von Win32/AdWare.AddLyrics.AJ Anwendung

C:\Users\Nadine\Desktop\AdwCleaner\Quarantine\C\Program Files (x86)\Re-markit-soft\ReMar.exe.vir        Variante von Win32/AdWare.AddLyrics.AI Anwendung

C:\Users\Nadine\Desktop\AdwCleaner\Quarantine\C\Program Files (x86)\Re-markit-soft\Uninstall.exe.vir        Variante von Win32/AdWare.AddLyrics.AH Anwendung

C:\Users\Nadine\Desktop\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SupIePluginServiceUpdate.exe.vir        Variante von Win32/ELEX.AD evtl. unerwünschte Anwendung

C:\Users\Nadine\Desktop\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SupTab.dll.vir        Variante von Win32/Thinknice.B evtl. unerwünschte Anwendung

C:\Users\Nadine\Desktop\AdwCleaner\Quarantine\C\Program Files (x86)\Uninstaller\Uninstall.exe.vir        Variante von MSIL/DomaIQ.A evtl. unerwünschte Anwendung

C:\Users\Nadine\Desktop\AdwCleaner\Quarantine\C\ProgramData\IePluginService\PluginService.exe.vir        Variante von Win32/ELEX.AD evtl. unerwünschte Anwendung

C:\Users\Nadine\Desktop\AdwCleaner\Quarantine\C\ProgramData\WPM\wprotectmanager.exe.vir        Variante von Win32/ELEX.AE evtl. unerwünschte Anwendung

C:\Users\Nadine\Desktop\AdwCleaner\Quarantine\C\Users\Domo\AppData\Roaming\Mozilla\Firefox\Profiles\tcw8pe6j.default\Extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\plugins\91.js.vir        JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung

C:\Users\Nadine\Desktop\AdwCleaner\Quarantine\C\Users\Domo\AppData\Roaming\Mozilla\Firefox\Profiles\tcw8pe6j.default\Extensions\ee5ad154-f909-4cc0-aa51-d7e94e3fb0af@36204afd-f43e-4917-9c71-8384e2e4d3ad.com\extensionData\plugins\91_monetizationLoader.js.js.vir        JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung

C:\Users\Nadine\Desktop\AdwCleaner\Quarantine\C\Users\Domo\AppData\Roaming\SupTab\SupTab.dll.vir        Variante von Win32/Thinknice.B evtl. unerwünschte Anwendung

C:\Users\Nadine\Desktop\AdwCleaner\Quarantine\C\Users\Domo\AppData\Roaming\VOPackage\VOPackage.exe.vir        Win32/VOPackage.D evtl. unerwünschte Anwendung

C:\Users\Nadine\Desktop\AdwCleaner\Quarantine\C\Users\Nadine\AppData\Roaming\Mozilla\Firefox\Profiles\8kfzxwdu.default\Extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\plugins\91.js.vir        JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung

C:\Users\Nadine\Desktop\AdwCleaner\Quarantine\C\Users\Nadine\AppData\Roaming\Mozilla\Firefox\Profiles\8kfzxwdu.default\Extensions\ee5ad154-f909-4cc0-aa51-d7e94e3fb0af@36204afd-f43e-4917-9c71-8384e2e4d3ad.com\extensionData\plugins\266_icm_ws_m.js.vir        JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung

C:\Users\Nadine\Desktop\AdwCleaner\Quarantine\C\Users\Nadine\AppData\Roaming\Mozilla\Firefox\Profiles\8kfzxwdu.default\Extensions\ee5ad154-f909-4cc0-aa51-d7e94e3fb0af@36204afd-f43e-4917-9c71-8384e2e4d3ad.com\extensionData\plugins\91_monetizationLoader.js.js.vir        JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung

Code:

 Results of screen317's Security Check version 0.99.83  

 Windows 7  x64 (UAC is disabled!)  

 Out of date service pack!! 
 ``````````````Antivirus/Firewall Check:`````````````` 

 WMI entry may not exist for antivirus; attempting automatic update. 
 `````````Anti-malware/Other Utilities Check:````````` 

 Java 7 Update 40  

 Java version out of Date! 

 Adobe Flash Player 13.0.0.214  

 Adobe Reader 10.1.1 Adobe Reader out of Date!  

 Mozilla Firefox (29.0.1) 
 ````````Process Check: objlist.exe by Laurent````````  

 Malwarebytes Anti-Malware mbamservice.exe  

 Malwarebytes Anti-Malware mbam.exe  

 Malwarebytes Anti-Malware mbamscheduler.exe   
 `````````````````System Health check````````````````` 

 Total Fragmentation on Drive C:  
 ````````````````````End of Log``````````````````````

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-06-2014

Ran by Nadine (administrator) on NADINE-PC on 05-06-2014 16:02:52

Running from C:\Users\Nadine\Downloads

Platform: Windows 7 Home Premium (X64) OS Language: German Standard

Internet Explorer Version 8

Boot Mode: Normal
 
 

==================== Processes (Whitelisted) =================
 

(AMD) C:\Windows\System32\atiesrxx.exe

(Microsoft Corporation) C:\Windows\System32\wlanext.exe

(AMD) C:\Windows\System32\atieclxx.exe

(APN LLC.) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe

(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe

(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe

(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe

() C:\Windows\SysWOW64\PnkBstrA.exe

() C:\Windows\SysWOW64\PnkBstrB.exe

(Systweak) C:\Program Files (x86)\Right Backup\RBClientService.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe

(Egis Technology Inc.) C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe

(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe

(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApMsgFwd.exe

(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Hidfind.exe

(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApntEx.exe

(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe

(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe

(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe

(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

(Nuance Communications, Inc.) C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe

(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe

(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe

(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe

(Systweak) C:\Program Files (x86)\Right Backup\RightBackup.exe

(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe

(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\ControlCenter3\BrccMCtl.exe

(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe

(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfcMon.exe

(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe

(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe

(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

() C:\Program Files (x86)\Chiavetta Internet TM201\UIMain.exe

(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe

(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe

(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe

(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
 
 

==================== Registry (Whitelisted) ==================
 

HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [323584 2009-09-23] (Alcor Micro Corp.)

HKLM\...\Run: [mwlDaemon] => C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe [349552 2010-02-01] (Egis Technology Inc.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [9643552 2009-12-11] (Realtek Semiconductor)

HKLM\...\Run: [Apoint] => C:\Program Files\Apoint2K\Apoint.exe [325120 2009-10-22] (Alps Electric Co., Ltd.)

HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [861216 2010-04-23] (Acer Incorporated)

HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [260608 2010-03-09] (NewTech Infosystems, Inc.)

HKLM-x32\...\Run: [SuiteTray] => C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [337264 2010-02-01] (Egis Technology Inc.)

HKLM-x32\...\Run: [EgisUpdate] => C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [201512 2009-12-25] (Egis Technology Inc.)

HKLM-x32\...\Run: [EgisTecPMMUpdate] => C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [401192 2009-12-25] (Egis Technology Inc.)

HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-01-22] (Advanced Micro Devices, Inc.)

HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [908368 2010-04-08] (Dritek System Inc.)

HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)

HKLM-x32\...\Run: [SSBkgdUpdate] => C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [210472 2006-10-25] (Nuance Communications, Inc.)

HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe [29984 2008-07-10] (Nuance Communications, Inc.)

HKLM-x32\...\Run: [IndexSearch] => C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe [46368 2008-07-10] (Nuance Communications, Inc.)

HKLM-x32\...\Run: [PPort11reminder] => C:\Program Files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe [328992 2007-08-31] (Nuance Communications, Inc.)

HKLM-x32\...\Run: [BrMfcWnd] => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1159168 2009-05-26] (Brother Industries, Ltd.)

HKLM-x32\...\Run: [ControlCenter3] => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)

HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)

HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3814736 2014-04-15] (LogMeIn Inc.)

HKU\S-1-5-21-2528630756-1155624373-988283130-1000\...\MountPoints2: {6a541d9c-227e-11e3-aa11-806e6f6e6963} - D:\start.exe

HKU\S-1-5-21-2528630756-1155624373-988283130-1000\...\MountPoints2: {8a538d68-76f4-11e3-bd9e-4c0f6e785fc0} - F:\Autorun.exe

HKU\S-1-5-21-2528630756-1155624373-988283130-1000\...\MountPoints2: {d09dc8b4-2511-11e3-9d25-4c0f6e785fc0} - E:\Windows\AutoRun.exe

HKU\S-1-5-21-2528630756-1155624373-988283130-1000\...\MountPoints2: {d09dc8c6-2511-11e3-9d25-4c0f6e785fc0} - E:\Windows\AutoRun.exe

GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
 

==================== Internet (Whitelisted) ====================
 

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_7741&r=27360913i106l0448z145t4781o97s

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_7741&r=27360913i106l0448z145t4781o97s

StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe

SearchScopes: HKLM-x32 - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW

SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = 

SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 

BHO: Systweak Toolbar for Internet Explorer - {F0D6F486-7230-3139-1997-CB2FBCF4E080} - C:\Program Files\Systweak Toolbar\systweak-64.dll (Systweak Software)

BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File

BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO-x32: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

BHO-x32: Systweak Toolbar for Internet Explorer - {F0D6F486-7230-3139-1997-CB2FBCF4E080} - C:\Program Files\Systweak Toolbar\systweak-32.dll (Systweak Software)

Toolbar: HKLM - Systweak Toolbar for Internet Explorer - {F0D6F486-7230-3139-1997-CB2FBCF4E080} - C:\Program Files\Systweak Toolbar\systweak-64.dll (Systweak Software)

Toolbar: HKLM-x32 - Systweak Toolbar for Internet Explorer - {F0D6F486-7230-3139-1997-CB2FBCF4E080} - C:\Program Files\Systweak Toolbar\systweak-32.dll (Systweak Software)

Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)

Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)

Tcpip\..\Interfaces\{BE7A9438-6A04-4F99-9618-CBC1D1789426}: [NameServer]10.207.43.46 10.206.56.132
 

FireFox:

========

FF ProfilePath: C:\Users\Nadine\AppData\Roaming\Mozilla\Firefox\Profiles\8kfzxwdu.default

FF SearchEngineOrder.1: Ask Search

FF Homepage: chrome://fastdial/content/fastdial.html

FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()

FF Plugin: @videolan.org/vlc,version=2.0.6 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF Plugin: @videolan.org/vlc,version=2.0.8 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()

FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF Plugin-x32: @java.com/DTPlugin,version=10.40.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=10.40.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\3.0.40624.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml

FF Extension: Fast Dial - C:\Users\Nadine\AppData\Roaming\Mozilla\Firefox\Profiles\8kfzxwdu.default\Extensions\fastdial@telega.phpnet.us [2013-09-21]
 

==================== Services (Whitelisted) =================
 

R2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [166352 2014-05-16] (APN LLC.)

R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [377616 2014-04-08] (LogMeIn, Inc.)

R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)

R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)

S3 MWLService; C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [305520 2010-02-01] (Egis Technology Inc.)

R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-03-09] ()

R2 PnkBstrB; C:\Windows\SysWOW64\PnkBstrB.exe [189104 2014-03-29] ()

R2 RBClientService; C:\Program Files (x86)\Right Backup\RBClientService.exe [48472 2014-04-24] (Systweak)

S4 AntiVirWebService; "C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE" [X]
 

==================== Drivers (Whitelisted) ====================
 

R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2014-01-06] (DT Soft Ltd)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)

R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-06-05] (Malwarebytes Corporation)

R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)

R3 onda_cdc_acm; C:\Windows\System32\DRIVERS\onda_cdc_acm.sys [79872 2012-01-25] (ONDA)

R3 onda_cdc_ecm; C:\Windows\System32\DRIVERS\onda_cdc_ecm.sys [60416 2012-01-25] (ONDA)

R3 onda_ecm_enum; C:\Windows\System32\DRIVERS\onda_ecm_enum.sys [56832 2012-01-25] (ONDA)

R3 onda_ecm_enum_filter; C:\Windows\System32\DRIVERS\onda_ecm_enum_filter.sys [56832 2012-01-25] (ONDA)

S3 onda_wcpo; C:\Windows\System32\DRIVERS\onda_wcpo.sys [10752 2012-01-25] (ONDA)
 

==================== NetSvcs (Whitelisted) ===================
 
 

==================== One Month Created Files and Folders ========
 

2014-06-05 15:59 - 2014-06-05 15:59 - 00854367 _____ () C:\Users\Nadine\Downloads\SecurityCheck.exe

2014-06-05 15:32 - 2014-06-05 15:32 - 00011498 _____ () C:\Users\Nadine\Desktop\eset.txt

2014-06-04 19:56 - 2014-06-04 19:56 - 00275104 _____ () C:\Windows\Minidump\060414-24211-01.dmp

2014-06-04 19:56 - 2014-06-04 19:56 - 00000000 ____D () C:\Windows\Minidump

2014-06-04 19:55 - 2014-06-04 19:55 - 412830470 _____ () C:\Windows\MEMORY.DMP

2014-06-04 19:45 - 2014-06-04 19:45 - 00000000 ____D () C:\Program Files (x86)\ESET

2014-06-04 19:44 - 2014-06-04 19:44 - 02347384 _____ (ESET) C:\Users\Nadine\Downloads\esetsmartinstaller_deu.exe

2014-06-04 19:36 - 2014-06-04 19:36 - 00000000 ____D () C:\Users\Nadine\AppData\Roaming\Systweak

2014-06-03 20:41 - 2014-06-03 20:41 - 00001385 _____ () C:\Users\Nadine\Desktop\JRT.txt

2014-06-03 20:34 - 2014-06-03 20:34 - 00000000 ____D () C:\ProgramData\Systweak

2014-06-03 20:30 - 2014-06-03 20:30 - 00000000 ____D () C:\Windows\ERUNT

2014-06-03 20:29 - 2014-06-03 20:30 - 01016261 _____ (Thisisu) C:\Users\Nadine\Downloads\JRT.exe

2014-06-03 20:20 - 2014-06-03 20:21 - 00000000 ____D () C:\AdwCleaner

2014-06-03 20:16 - 2014-06-03 20:16 - 01327971 _____ () C:\Users\Nadine\Downloads\adwcleaner_3.211(2).exe

2014-06-03 20:15 - 2014-06-03 20:15 - 00001143 _____ () C:\Users\Nadine\Desktop\mbam.txt

2014-06-03 19:56 - 2014-06-03 19:57 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Nadine\Downloads\mbam-setup-2.0.2.1012(1).exe

2014-06-03 19:49 - 2014-06-03 19:49 - 00001380 _____ () C:\Users\Nadine\Desktop\FRST64 - Verknüpfung.lnk

2014-06-03 19:49 - 2014-06-03 19:49 - 00000000 ____D () C:\Users\Nadine\Downloads\FRST-OlderVersion

2014-06-03 19:44 - 2014-06-03 19:44 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Nadine\Downloads\revosetup95.exe

2014-06-03 19:44 - 2014-06-03 19:44 - 00001268 _____ () C:\Users\Nadine\Desktop\Revo Uninstaller.lnk

2014-06-03 19:44 - 2014-06-03 19:44 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group

2014-06-02 17:05 - 2014-06-05 14:56 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-06-02 17:04 - 2014-06-03 19:58 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-06-02 17:04 - 2014-06-03 19:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2014-06-02 17:04 - 2014-06-03 19:58 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-06-02 17:04 - 2014-06-02 17:04 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-06-02 17:04 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2014-06-02 17:04 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2014-06-02 17:04 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2014-06-02 17:03 - 2014-06-02 17:04 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Nadine\Downloads\mbam-setup-2.0.2.1012.exe

2014-06-02 16:53 - 2014-06-02 19:29 - 00027647 _____ () C:\Users\Nadine\Downloads\Addition.txt

2014-06-02 16:52 - 2014-06-05 16:02 - 00015140 _____ () C:\Users\Nadine\Downloads\FRST.txt

2014-06-02 16:52 - 2014-06-05 16:02 - 00000000 ____D () C:\FRST

2014-06-02 16:51 - 2014-06-03 19:49 - 02068992 _____ (Farbar) C:\Users\Nadine\Downloads\FRST64.exe

2014-06-02 16:37 - 2014-06-02 16:41 - 00000000 ____D () C:\Users\Nadine\Desktop\AdwCleaner

2014-06-02 16:37 - 2014-06-02 16:37 - 01327971 _____ () C:\Users\Nadine\Downloads\adwcleaner_3.211(1).exe

2014-06-02 16:35 - 2014-06-02 16:36 - 01327971 _____ () C:\Users\Nadine\Downloads\adwcleaner_3.211.exe

2014-06-02 16:34 - 2014-06-02 16:34 - 00001162 _____ () C:\Users\Nadine\Desktop\Live PC Help.lnk

2014-06-01 18:34 - 2014-06-01 19:04 - 00224300 _____ () C:\Users\Domo\Desktop\zeichnung dach.dwg

2014-05-18 19:25 - 2014-05-18 19:25 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

2014-05-08 18:47 - 2014-05-08 18:47 - 00008495 _____ () C:\Users\Domo\Documents\Mappe1.xlsx

2014-05-07 19:46 - 2014-05-07 19:46 - 00000000 ____D () C:\Users\Verena&Ali\AppData\Roaming\Apple Computer
 

==================== One Month Modified Files and Folders =======
 

2014-06-05 16:02 - 2014-06-02 16:52 - 00015140 _____ () C:\Users\Nadine\Downloads\FRST.txt

2014-06-05 16:02 - 2014-06-02 16:52 - 00000000 ____D () C:\FRST

2014-06-05 16:02 - 2013-09-21 07:37 - 00000000 ____D () C:\Users\Nadine\AppData\Local\Temp

2014-06-05 15:59 - 2014-06-05 15:59 - 00854367 _____ () C:\Users\Nadine\Downloads\SecurityCheck.exe

2014-06-05 15:39 - 2014-04-24 15:23 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-06-05 15:32 - 2014-06-05 15:32 - 00011498 _____ () C:\Users\Nadine\Desktop\eset.txt

2014-06-05 15:11 - 2013-09-21 20:29 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2014-06-05 15:03 - 2014-04-24 15:23 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-06-05 14:56 - 2014-06-02 17:05 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-06-05 14:05 - 2009-07-14 06:45 - 00017376 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-06-05 14:05 - 2009-07-14 06:45 - 00017376 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-06-05 14:01 - 2013-09-21 07:39 - 01310318 _____ () C:\Windows\WindowsUpdate.log

2014-06-05 13:58 - 2014-04-24 14:36 - 00003068 _____ () C:\Windows\System32\Tasks\Right Backup_startup

2014-06-05 13:58 - 2013-10-06 20:28 - 00000000 ____D () C:\Users\Nadine\AppData\Local\LogMeIn Hamachi

2014-06-05 13:58 - 2013-09-24 14:10 - 00000000 ____D () C:\Program Files (x86)\Chiavetta Internet TM201

2014-06-05 13:57 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-06-05 13:57 - 2009-07-14 06:51 - 00090017 _____ () C:\Windows\setupact.log

2014-06-04 19:56 - 2014-06-04 19:56 - 00275104 _____ () C:\Windows\Minidump\060414-24211-01.dmp

2014-06-04 19:56 - 2014-06-04 19:56 - 00000000 ____D () C:\Windows\Minidump

2014-06-04 19:55 - 2014-06-04 19:55 - 412830470 _____ () C:\Windows\MEMORY.DMP

2014-06-04 19:45 - 2014-06-04 19:45 - 00000000 ____D () C:\Program Files (x86)\ESET

2014-06-04 19:44 - 2014-06-04 19:44 - 02347384 _____ (ESET) C:\Users\Nadine\Downloads\esetsmartinstaller_deu.exe

2014-06-04 19:40 - 2010-05-07 01:36 - 00173590 _____ () C:\Windows\PFRO.log

2014-06-04 19:39 - 2013-09-21 19:19 - 00000000 ____D () C:\ProgramData\Avira

2014-06-04 19:36 - 2014-06-04 19:36 - 00000000 ____D () C:\Users\Nadine\AppData\Roaming\Systweak

2014-06-03 20:41 - 2014-06-03 20:41 - 00001385 _____ () C:\Users\Nadine\Desktop\JRT.txt

2014-06-03 20:34 - 2014-06-03 20:34 - 00000000 ____D () C:\ProgramData\Systweak

2014-06-03 20:30 - 2014-06-03 20:30 - 00000000 ____D () C:\Windows\ERUNT

2014-06-03 20:30 - 2014-06-03 20:29 - 01016261 _____ (Thisisu) C:\Users\Nadine\Downloads\JRT.exe

2014-06-03 20:21 - 2014-06-03 20:20 - 00000000 ____D () C:\AdwCleaner

2014-06-03 20:16 - 2014-06-03 20:16 - 01327971 _____ () C:\Users\Nadine\Downloads\adwcleaner_3.211(2).exe

2014-06-03 20:15 - 2014-06-03 20:15 - 00001143 _____ () C:\Users\Nadine\Desktop\mbam.txt

2014-06-03 19:58 - 2014-06-02 17:04 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-06-03 19:58 - 2014-06-02 17:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2014-06-03 19:58 - 2014-06-02 17:04 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-06-03 19:57 - 2014-06-03 19:56 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Nadine\Downloads\mbam-setup-2.0.2.1012(1).exe

2014-06-03 19:49 - 2014-06-03 19:49 - 00001380 _____ () C:\Users\Nadine\Desktop\FRST64 - Verknüpfung.lnk

2014-06-03 19:49 - 2014-06-03 19:49 - 00000000 ____D () C:\Users\Nadine\Downloads\FRST-OlderVersion

2014-06-03 19:49 - 2014-06-02 16:51 - 02068992 _____ (Farbar) C:\Users\Nadine\Downloads\FRST64.exe

2014-06-03 19:44 - 2014-06-03 19:44 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Nadine\Downloads\revosetup95.exe

2014-06-03 19:44 - 2014-06-03 19:44 - 00001268 _____ () C:\Users\Nadine\Desktop\Revo Uninstaller.lnk

2014-06-03 19:44 - 2014-06-03 19:44 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group

2014-06-03 17:24 - 2013-10-18 16:43 - 00000000 ____D () C:\Users\Nadine\Documents\Facharbeit

2014-06-03 17:10 - 2013-09-21 10:13 - 00647376 _____ () C:\Windows\system32\perfh007.dat

2014-06-03 17:10 - 2013-09-21 10:13 - 00127404 _____ () C:\Windows\system32\perfc007.dat

2014-06-03 17:10 - 2009-07-14 07:13 - 01480666 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-06-02 20:23 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\Help

2014-06-02 19:29 - 2014-06-02 16:53 - 00027647 _____ () C:\Users\Nadine\Downloads\Addition.txt

2014-06-02 17:26 - 2013-09-21 20:56 - 00000000 ____D () C:\Users\Domo\AppData\Local\Temp

2014-06-02 17:04 - 2014-06-02 17:04 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-06-02 17:04 - 2014-06-02 17:03 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Nadine\Downloads\mbam-setup-2.0.2.1012.exe

2014-06-02 16:41 - 2014-06-02 16:37 - 00000000 ____D () C:\Users\Nadine\Desktop\AdwCleaner

2014-06-02 16:41 - 2013-09-21 20:56 - 00000000 ___RD () C:\Users\Domo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

2014-06-02 16:41 - 2013-09-21 20:25 - 00000815 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk

2014-06-02 16:37 - 2014-06-02 16:37 - 01327971 _____ () C:\Users\Nadine\Downloads\adwcleaner_3.211(1).exe

2014-06-02 16:36 - 2014-06-02 16:35 - 01327971 _____ () C:\Users\Nadine\Downloads\adwcleaner_3.211.exe

2014-06-02 16:34 - 2014-06-02 16:34 - 00001162 _____ () C:\Users\Nadine\Desktop\Live PC Help.lnk

2014-06-02 08:34 - 2013-09-21 21:02 - 00000000 ____D () C:\Users\Domo\AppData\Local\Autodesk

2014-06-02 08:29 - 2014-05-03 20:12 - 00001426 _____ () C:\Users\Domo\Desktop\Registry kostenlos entrümpeln!.lnk

2014-06-02 08:28 - 2013-10-05 16:36 - 00000000 ____D () C:\Users\Domo\AppData\Local\LogMeIn Hamachi

2014-06-01 19:04 - 2014-06-01 18:34 - 00224300 _____ () C:\Users\Domo\Desktop\zeichnung dach.dwg

2014-05-27 15:38 - 2013-10-01 22:32 - 00000000 ____D () C:\Users\Verena&Ali\AppData\Local\Temp

2014-05-27 15:36 - 2013-10-12 17:44 - 00000000 ____D () C:\Users\Verena&Ali\AppData\Local\LogMeIn Hamachi

2014-05-22 18:45 - 2013-09-21 20:25 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service

2014-05-19 20:11 - 2013-10-02 18:40 - 00011668 _____ () C:\Users\Verena&Ali\Documents\bankdaten.xlsx

2014-05-18 19:25 - 2014-05-18 19:25 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

2014-05-18 19:11 - 2013-09-21 20:29 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2014-05-18 19:11 - 2013-09-21 20:29 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2014-05-18 19:11 - 2013-09-21 20:29 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater

2014-05-12 07:26 - 2014-06-02 17:04 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2014-05-12 07:26 - 2014-06-02 17:04 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2014-05-12 07:25 - 2014-06-02 17:04 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2014-05-11 18:34 - 2014-04-24 15:23 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA

2014-05-11 18:34 - 2014-04-24 15:23 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

2014-05-08 18:47 - 2014-05-08 18:47 - 00008495 _____ () C:\Users\Domo\Documents\Mappe1.xlsx

2014-05-07 19:46 - 2014-05-07 19:46 - 00000000 ____D () C:\Users\Verena&Ali\AppData\Roaming\Apple Computer
 

Files to move or delete:

====================

C:\Users\Public\AlexaNSISPlugin.3972.dll
 
 

Some content of TEMP:

====================

C:\Users\Domo\AppData\Local\Temp\AcDeltree.exe

C:\Users\Domo\AppData\Local\Temp\APNSetup.exe

C:\Users\Domo\AppData\Local\Temp\AutoRun.exe

C:\Users\Domo\AppData\Local\Temp\AutoRunGUI.dll

C:\Users\Domo\AppData\Local\Temp\avgnt.exe

C:\Users\Domo\AppData\Local\Temp\BackupSetup.exe

C:\Users\Domo\AppData\Local\Temp\eauninstall.exe

C:\Users\Domo\AppData\Local\Temp\octE035.tmp.exe

C:\Users\Domo\AppData\Local\Temp\The Battle for Middle-earth II_uninst.exe

C:\Users\Domo\AppData\Local\Temp\vcredist_x64.exe

C:\Users\Nadine\AppData\Local\Temp\avgnt.exe

C:\Users\Nadine\AppData\Local\Temp\FNP_ACT_InstallerCA.dll

C:\Users\Nadine\AppData\Local\Temp\Quarantine.exe

C:\Users\Nadine\AppData\Local\Temp\vlc-2.0.8-win64.exe

C:\Users\Nadine\AppData\Local\Temp\_isE717.exe

C:\Users\Nadine\AppData\Local\Temp\_isFC6B.exe

C:\Users\Verena&Ali\AppData\Local\Temp\avgnt.exe
 
 

==================== Bamital & volsnap Check =================
 

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\rpcss.dll => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 

LastRegBack: 2014-05-29 16:10
 

==================== End Of Log ============================

--- --- ---

(die meisten programme werden bei mir unter DOWNLOADS gespeichert, deshalb habe ich ESET manuell in den Downloads und im Papierkorb gelöscht, weil es unter installierte programme nicht aufscheint)

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

C:\$Recycle.Bin

GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Downloade Dir bitte TFC ( von Oldtimer ) und speichere die Datei auf dem Desktop.
Schließe nun alle offenen Programme und trenne Dich von dem Internet.
Doppelklick auf die TFC.exe und drücke auf Start.
Sollte TFC nicht alle Dateien löschen können wird es einen Neustart verlangen. Dies bitte zulassen.

Java, Adobe und unbedingt Windows updaten, da fehlt ein ganzes Servicepack.

Fertig :)

Die Reihenfolge ist hier entscheidend.

Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
- Windowstaste + R > Combofix /Uninstall (eingeben) > OK
- Alternative: Combofix.exe in uninstall.exe umbenennen und starten
- Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
Downloade Dir bitte auf jeden Fall DelFix auf deinen Desktop:
- Schließe alle offenen Programme.
- Starte die delfix.exe mit einem Doppelklick.
- Setze vor jede Funktion ein Häkchen.
- Klicke auf Start.
- Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
- Starte deinen Rechner abschließend neu.
Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.

Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun :)

Hier noch ein paar Tipps zur Absicherung deines Systems.

Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.

Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
Windows Updates
- Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
- Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
Gehe sicher das die automatischen Updates aktiviert sind.
Software Updates
Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.

Anti- Viren Software

Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.

Zusätzlicher Schutz

MalwareBytes Anti Malware
Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
Ein Tutorial zur Verwendung findest Du hier.
WinPatrol
Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.

Sicheres Browsen

SpywareBlaster
Eine kurze Einführung findest du Hier
MVPs hosts file
Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
WOT (Web of trust)
Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.

Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.

Opera
Mozilla Firefox.
- Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
- NoScript
  Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
- AdblockPlus
  Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
  Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )

Don'ts

Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe

Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.

Code:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 06-06-2014

Ran by Nadine at 2014-06-08 13:53:12 Run:1

Running from C:\Users\Nadine\Downloads

Boot Mode: Normal

==============================================
 

Content of fixlist:

*****************

C:\$Recycle.Bin

GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

*****************
 

C:\$Recycle.Bin => Moved successfully.

"C:\Windows\system32\GroupPolicy\Machine" => File/Directory not found.
 

==== End of Fixlog ====

habe jetzt alles so gemacht=) keine werbung mehr=) danke..sehr einfache und gut beschriebene anleitung. zudem schnelle hilfe/antworten. alles super.