Trojaner-Board - werde permanent mit Werbung zugebombt und auf eine andere Seite weitergeleitet

Trojaner-Board (https://www.trojaner-board.de/)

- Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)

- - werde permanent mit Werbung zugebombt und auf eine andere Seite weitergeleitet (https://www.trojaner-board.de/161467-permanent-werbung-zugebombt-andere-seite-weitergeleitet.html)

werde permanent mit Werbung zugebombt und auf eine andere Seite weitergeleitet

Guten Tag mir wurde gesagt dass, mir hier eventuell geholfen werden kann. Ich habe folgendes Problem. Seit geraumer Zeit kann ich keine Seite mehr besuchen ohne dass, ich zugemüllt werde, mit einem Haufen von Werbung. Zudem wechselt mein Browser immer nach gewisser Zeit die Seite und verlangt von mir meinen Adobe Flash Player zu aktualisieren und dazu bringt er mir dann als noch folgende Meldung.

DieSeite auf om.flvupdate.com meldet:
It is recommended that you update Flash to the latest version to view tgis page. Please update to continue

hoffe ihr könnt mir irgendwie weiterhelfen mfg

:hallo:

Mein Name ist Sandra und ich werde Dir bei Deinem Problem behilflich sein.

Bitte arbeite alle Schritte der Reihe nach ab.
Lese die Anleitungen sorgfältig durch bevor Du beginnst. Wenn es Probleme gibt oder Du etwas nicht verstehst, dann stoppe mit Deiner Ausführung und beschreibe mir das Problem
Führe bitte nur Scans durch zu denen Du von mir aufgefordert wirst.
Bitte kein Crossposting ( posten in mehreren Foren).
Installiere oder deinstalliere während der Bereinigung keine Software, ausser Du wurdest dazu aufgefordert.
Poste die Logfiles direkt in deinen Thread in Code-Tags.
Bedenke, dass wir hier alle während unserer Freizeit tätig sind, wenn du innerhalb von 2 Tagen nichts von mir hörst, dann schreibe mir bitte eine PM.

Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der schnellere und bei einem Befall durch Malware immer der sicherste Weg. Adware lässt sich in den allermeisten Fällen problemlos entfernen.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis Dir jemand vom Team sagt, dass Du clean bist.

Posten in Code Tags
Bitte füge die Logs immer in Code-Tags ein. Wenn Du das nicht machst, erschwert es mir sehr das Auswerten. Danke.
Dazu:

Klicke über dem Antwortfenster auf die Raute #, dann steht dort in eckigen Klammern [] CODE /CODE.
Zwischen den beiden code-Bausteinen fügst Du dann deine Logfiles ein. Also CODE Logfile /CODE
Wenn die Logs zu lang sein sollten, dann teile sie bitte auf und poste sie dann hier in Deinem Thread, notfalls in mehreren Antworten.

Schritt 1
Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

FRST Logfile:

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 02-12-2014 01

Ran by Valued (administrator) on VALUED-PC on 03-12-2014 01:38:21

Running from C:\Users\Valued\Downloads

Loaded Profile: Valued (Available profiles: Valued)

Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)

Internet Explorer Version 11

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 

==================== Processes (Whitelisted) =================
 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe

() C:\Users\Valued\AppData\Roaming\HTThread\hb.exe

(Nero AG) C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe

(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe

(Nero AG) C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe

(Nero AG) C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe

(Nero AG) C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe

(Blizzard Entertainment) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe

(Blizzard Entertainment) C:\Program Files\Battle.net\Battle.net.5325\Battle.net.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
 
 

==================== Registry (Whitelisted) ==================
 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 

HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)

HKLM\...\Run: [NeroFilterCheck] => C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe [153136 2007-03-01] (Nero AG)

HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)

HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [974432 2014-08-22] (Microsoft Corporation)

HKU\S-1-5-21-696682072-1263834437-1863564307-1000\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe [202024 2007-10-15] (Nero AG)

HKU\S-1-5-21-696682072-1263834437-1863564307-1000\...\Run: [Battle.net] => C:\Program Files\Battle.net\Battle.net Launcher.exe [2864688 2014-12-02] (Blizzard Entertainment)

HKU\S-1-5-21-696682072-1263834437-1863564307-1000\...\MountPoints2: {add2a79b-0e58-11e4-bdf3-806e6f6e6963} - D:\Autorun.exe

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk

ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 

==================== Internet (Whitelisted) ====================
 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 

HKU\S-1-5-21-696682072-1263834437-1863564307-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.giga.de/

SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 

SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

BHO: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)

BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_71-windows-i586.cab

DPF: {CAFEEFAC-0017-0000-0071-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_71-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_71-windows-i586.cab

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 192.168.0.2
 

FireFox:

========

FF ProfilePath: C:\Users\Valued\AppData\Roaming\Mozilla\Firefox\Profiles\xyoietf1.default

FF SelectedSearchEngine: StartWeb

FF Homepage: 

FF SelectedSearchEngine: 

FF DefaultSearchEngine: 

FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_239.dll ()

FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF Plugin: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll No File

FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

FF Plugin: @pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)

FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)

FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Plugin HKU\S-1-5-21-696682072-1263834437-1863564307-1000: pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\omiga-plus.xml

FF Extension: antmarkantcom - C:\Users\Valued\AppData\Roaming\Mozilla\Firefox\Profiles\xyoietf1.default\Extensions\antmark@ant.com [2014-10-29]

FF Extension: Foxy-Secure v7 - C:\Users\Valued\AppData\Roaming\Mozilla\Firefox\Profiles\xyoietf1.default\Extensions\fox@foxy.sec.com [2014-09-14]

FF Extension: Adblock Plus - C:\Users\Valued\AppData\Roaming\Mozilla\Firefox\Profiles\xyoietf1.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-07-18]

FF HKU\S-1-5-21-696682072-1263834437-1863564307-1000\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi

FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]

FF Extension: No Name - C:\Users\Valued\AppData\Roaming\Mozilla\Firefox\Profiles\xyoietf1.default\extensions\faststartff@gmail.com [Not Found]

FF Extension: No Name - C:\Users\Valued\AppData\Roaming\Mozilla\Firefox\Profiles\xyoietf1.default\extensions\wrigtdamon@yahoo.com [Not Found]
 

Chrome: 

=======

CHR dev: Chrome dev build detected! <======= ATTENTION

CHR Profile: C:\Users\Valued\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (annmcneienljahlbfoaomcfghmomhfho) - C:\Users\Valued\AppData\Local\Google\Chrome\User Data\Default\Extensions\annmcneienljahlbfoaomcfghmomhfho [2014-10-28]

CHR Extension: (Google Docs) - C:\Users\Valued\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-09-15]

CHR Extension: (Google Drive) - C:\Users\Valued\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-09-15]

CHR Extension: (YouTube) - C:\Users\Valued\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-09-15]

CHR Extension: (topbuyer) - C:\Users\Valued\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcgppoehhninggfjpddhchoeknonfgmm [2014-10-27]

CHR Extension: (Jailbreak the Patriarchy) - C:\Users\Valued\AppData\Local\Google\Chrome\User Data\Default\Extensions\fiidcfoaaciclafodoficaofidfencgd [2014-10-27]

CHR Extension: (Vichrome) - C:\Users\Valued\AppData\Local\Google\Chrome\User Data\Default\Extensions\gghkfhpblkcmlkmpcpgaajbbiikbhpdi [2014-11-22]

CHR Extension: (Click counter) - C:\Users\Valued\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmchhjebhfcmpjfjlgihgpgfgacoiokk [2014-10-23]

CHR Extension: (Google Wallet) - C:\Users\Valued\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-09-15]

CHR Extension: (Google Mail) - C:\Users\Valued\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-09-15]
 

========================== Services (Whitelisted) =================
 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 

R2 HTService; C:\Users\Valued\AppData\Roaming\HTThread\hb.exe [628736 2014-08-28] () [File not signed]

S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [235696 2014-04-09] (McAfee, Inc.)

R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22192 2014-08-22] (Microsoft Corporation)

R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [288120 2014-08-22] (Microsoft Corporation)

S3 npggsvc; C:\Windows\system32\GameMon.des [3040008 2014-06-12] (INCA Internet Co., Ltd.)
 

==================== Drivers (Whitelisted) ====================
 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 

R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231800 2014-07-17] (Microsoft Corporation)
 

==================== NetSvcs (Whitelisted) ===================
 
 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 

==================== One Month Created Files and Folders ========
 

(If an entry is included in the fixlist, the file\folder will be moved.)
 

2014-12-03 01:38 - 2014-12-03 01:39 - 00011023 _____ () C:\Users\Valued\Downloads\FRST.txt

2014-12-03 01:38 - 2014-12-03 01:38 - 00000000 ____D () C:\FRST

2014-12-03 01:37 - 2014-12-03 01:37 - 01108992 _____ (Farbar) C:\Users\Valued\Downloads\FRST.exe

2014-12-03 01:35 - 2014-12-03 01:36 - 02117120 _____ (Farbar) C:\Users\Valued\Downloads\FRST64.exe

2014-12-03 01:35 - 2014-12-03 01:35 - 00076240 _____ () C:\Users\Valued\Downloads\FLVPlayer-Chrome.exe

2014-12-03 00:34 - 2014-12-03 00:34 - 01115088 _____ () C:\Users\Valued\Downloads\Setup (55).exe

2014-12-03 00:28 - 2014-12-03 00:28 - 01115072 _____ () C:\Users\Valued\Downloads\Setup (54).exe

2014-12-03 00:08 - 2014-12-03 00:08 - 01115088 _____ () C:\Users\Valued\Downloads\Setup (53).exe

2014-12-03 00:06 - 2014-12-03 00:06 - 00002175 _____ () C:\Users\Valued\Desktop\JRT.txt

2014-12-03 00:05 - 2014-12-03 00:05 - 00000000 ____D () C:\Windows\ERUNT

2014-12-03 00:04 - 2014-12-03 00:04 - 01707646 _____ (Thisisu) C:\Users\Valued\Downloads\JRT.exe

2014-12-02 23:53 - 2014-12-02 23:56 - 00000000 ____D () C:\AdwCleaner

2014-12-02 23:53 - 2014-12-02 23:53 - 02154496 _____ () C:\Users\Valued\Downloads\AdwCleaner_4.103.exe

2014-12-02 23:51 - 2014-12-02 23:51 - 00783352 _____ (Elex do Brasil Participações Ltda) C:\Users\Valued\Downloads\yet_another_cleaner_kwo (2).exe

2014-12-02 23:51 - 2014-12-02 23:51 - 00783352 _____ (Elex do Brasil Participações Ltda) C:\Users\Valued\Downloads\yet_another_cleaner_kwo (1).exe

2014-12-02 23:49 - 2014-12-02 23:49 - 00783352 _____ (Elex do Brasil Participações Ltda) C:\Users\Valued\Downloads\yet_another_cleaner_kwo.exe

2014-12-02 22:29 - 2014-12-02 22:29 - 01115064 _____ () C:\Users\Valued\Downloads\Setup (52).exe

2014-12-02 22:27 - 2014-12-02 22:27 - 01115072 _____ () C:\Users\Valued\Downloads\Setup (51).exe

2014-12-02 22:26 - 2014-12-02 22:26 - 01115072 _____ () C:\Users\Valued\Downloads\Setup (50).exe

2014-12-02 22:26 - 2014-12-02 22:26 - 01115072 _____ () C:\Users\Valued\Downloads\Setup (49).exe

2014-12-02 22:23 - 2014-12-02 22:23 - 01115080 _____ () C:\Users\Valued\Downloads\Setup (48).exe

2014-12-02 22:23 - 2014-12-02 22:23 - 01115072 _____ () C:\Users\Valued\Downloads\Setup (47).exe

2014-11-19 13:47 - 2014-11-19 13:47 - 00000000 __SHD () C:\Users\Valued\AppData\Local\EmieBrowserModeList

2014-11-19 13:45 - 2014-11-11 03:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll

2014-11-19 13:45 - 2014-11-11 03:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll

2014-11-19 00:12 - 2014-11-19 00:12 - 00384888 _____ (Premium Installer ) C:\Users\Valued\Downloads\setup (46).exe

2014-11-14 03:38 - 2014-11-14 03:38 - 00247152 _____ (Premium Installer ) C:\Users\Valued\Downloads\setup (45).exe

2014-11-14 03:36 - 2014-11-14 03:36 - 00247152 _____ (Premium Installer ) C:\Users\Valued\Downloads\setup (44).exe

2014-11-14 03:35 - 2014-11-14 03:35 - 00079216 _____ (Premium Installer ) C:\Users\Valued\Downloads\setup (43).exe

2014-11-12 11:00 - 2014-11-07 20:23 - 00341168 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll

2014-11-12 11:00 - 2014-11-06 04:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-11-12 11:00 - 2014-11-06 04:28 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll

2014-11-12 11:00 - 2014-11-06 04:13 - 00501248 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2014-11-12 11:00 - 2014-11-06 04:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2014-11-12 11:00 - 2014-11-06 04:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll

2014-11-12 11:00 - 2014-11-06 04:10 - 19781632 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-11-12 11:00 - 2014-11-06 04:10 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll

2014-11-12 11:00 - 2014-11-06 04:05 - 02277376 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2014-11-12 11:00 - 2014-11-06 04:04 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2014-11-12 11:00 - 2014-11-06 04:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2014-11-12 11:00 - 2014-11-06 04:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2014-11-12 11:00 - 2014-11-06 03:59 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2014-11-12 11:00 - 2014-11-06 03:59 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe

2014-11-12 11:00 - 2014-11-06 03:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll

2014-11-12 11:00 - 2014-11-06 03:51 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe

2014-11-12 11:00 - 2014-11-06 03:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2014-11-12 11:00 - 2014-11-06 03:42 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll

2014-11-12 11:00 - 2014-11-06 03:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2014-11-12 11:00 - 2014-11-06 03:36 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2014-11-12 11:00 - 2014-11-06 03:34 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2014-11-12 11:00 - 2014-11-06 03:22 - 00688640 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2014-11-12 11:00 - 2014-11-06 03:22 - 00683008 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2014-11-12 11:00 - 2014-11-06 03:21 - 04298240 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2014-11-12 11:00 - 2014-11-06 03:21 - 02051072 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2014-11-12 11:00 - 2014-11-06 03:20 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll

2014-11-12 11:00 - 2014-11-06 03:03 - 12819456 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2014-11-12 11:00 - 2014-11-06 02:52 - 01892864 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2014-11-12 11:00 - 2014-11-06 02:48 - 01310208 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2014-11-12 11:00 - 2014-11-06 02:47 - 00708096 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2014-11-12 11:00 - 2014-11-05 18:50 - 00254464 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll

2014-11-12 11:00 - 2014-11-05 18:50 - 00203776 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll

2014-11-12 11:00 - 2014-11-05 18:47 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll

2014-11-12 11:00 - 2014-10-25 02:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll

2014-11-12 11:00 - 2014-10-18 02:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll

2014-11-12 11:00 - 2014-10-14 02:56 - 00136632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys

2014-11-12 11:00 - 2014-10-14 02:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll

2014-11-12 11:00 - 2014-10-14 02:50 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll

2014-11-12 11:00 - 2014-10-14 02:50 - 00523776 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll

2014-11-12 11:00 - 2014-10-14 02:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll

2014-11-12 11:00 - 2014-10-14 02:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll

2014-11-12 11:00 - 2014-10-10 01:45 - 02379264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2014-11-12 11:00 - 2014-10-03 02:44 - 00475136 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll

2014-11-12 11:00 - 2014-10-03 02:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll

2014-11-12 11:00 - 2014-10-03 02:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll

2014-11-12 11:00 - 2014-10-03 02:44 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll

2014-11-12 11:00 - 2014-10-03 02:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll

2014-11-12 11:00 - 2014-09-19 10:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll

2014-11-12 11:00 - 2014-09-19 10:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll

2014-11-12 11:00 - 2014-09-19 10:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll

2014-11-12 11:00 - 2014-09-19 10:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll

2014-11-12 11:00 - 2014-09-19 10:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll

2014-11-12 11:00 - 2014-09-19 10:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll

2014-11-12 11:00 - 2014-08-21 07:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll

2014-11-12 11:00 - 2014-08-21 07:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll

2014-11-12 11:00 - 2014-08-12 02:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL

2014-11-12 02:59 - 2014-11-12 02:59 - 00079216 _____ (Premium Installer ) C:\Users\Valued\Downloads\setup (42).exe

2014-11-12 02:36 - 2014-11-12 02:36 - 00081264 _____ (Premium Installer ) C:\Users\Valued\Downloads\setup (41).exe

2014-11-07 15:24 - 2014-11-07 15:24 - 02306048 _____ (Free Flash Plugins company) C:\Users\Valued\Downloads\DownloadFileSetup_150ex.exe

2014-11-07 15:16 - 2014-11-07 15:16 - 02306048 _____ (Free Flash Plugins company) C:\Users\Valued\Downloads\DownloadFileSetup_05Ox3.exe

2014-11-06 01:21 - 2014-11-06 01:21 - 00082800 _____ (Premium Installer ) C:\Users\Valued\Downloads\setup (40).exe

2014-11-06 01:17 - 2014-11-06 01:17 - 00082800 _____ (Premium Installer ) C:\Users\Valued\Downloads\setup (39).exe

2014-11-06 01:12 - 2014-11-06 01:12 - 02293760 _____ (Free Flash Plugin company) C:\Users\Valued\Downloads\DownloadFileSetup_71qRA.exe

2014-11-03 14:08 - 2014-11-03 14:08 - 01294784 _____ () C:\Users\Valued\Downloads\Setup (38).exe
 

==================== One Month Modified Files and Folders =======
 

(If an entry is included in the fixlist, the file\folder will be moved.)
 

2014-12-03 01:37 - 2014-07-29 17:55 - 00000000 ____D () C:\Users\Valued\AppData\Local\Battle.net

2014-12-03 01:15 - 2014-07-19 19:50 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2014-12-03 01:04 - 2009-07-14 05:34 - 00028128 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-12-03 01:04 - 2009-07-14 05:34 - 00028128 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-12-03 01:02 - 2010-11-20 22:01 - 01618320 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-12-03 01:01 - 2014-07-18 09:54 - 01670525 _____ () C:\Windows\WindowsUpdate.log

2014-12-03 01:00 - 2014-09-15 01:55 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-12-03 00:57 - 2014-09-15 01:55 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-12-03 00:57 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-12-03 00:57 - 2009-07-14 05:39 - 00039194 _____ () C:\Windows\setupact.log

2014-12-02 23:58 - 2014-07-29 17:55 - 00000000 ____D () C:\Program Files\Battle.net

2014-12-02 23:57 - 2010-11-20 22:48 - 00019178 _____ () C:\Windows\PFRO.log

2014-12-02 23:25 - 2014-07-24 21:13 - 00000000 ____D () C:\Users\Valued\AppData\Roaming\uTorrent

2014-12-02 21:07 - 2014-09-14 16:16 - 00000000 ____D () C:\Program Files\ShotOnline

2014-12-02 03:56 - 2014-10-19 16:48 - 00000000 ____D () C:\Users\Valued\AppData\Roaming\temp

2014-11-30 19:02 - 2014-10-17 12:56 - 00000000 ____D () C:\Users\Valued\AppData\Local\PokerStars.EU

2014-11-30 19:01 - 2014-10-17 12:55 - 00000000 ____D () C:\Program Files\PokerStars.EU

2014-11-27 22:46 - 2014-10-15 23:50 - 00000743 _____ () C:\Users\Valued\Desktop\Anime Pirates Client.lnk

2014-11-26 00:15 - 2014-07-19 19:50 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe

2014-11-26 00:15 - 2014-07-18 10:11 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl

2014-11-24 11:17 - 2014-10-19 16:47 - 00000000 ____D () C:\Users\Valued\Documents\FM 07

2014-11-19 23:50 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\NDF

2014-11-13 12:33 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\rescache

2014-11-13 12:03 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Microsoft.NET

2014-11-13 11:35 - 2009-07-14 05:33 - 00406304 _____ () C:\Windows\system32\FNTCACHE.DAT

2014-11-13 11:34 - 2014-07-18 12:52 - 00000000 ___SD () C:\Windows\system32\CompatTel

2014-11-13 11:34 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\de-DE

2014-11-12 22:27 - 2014-07-18 10:24 - 00000000 ____D () C:\ProgramData\Microsoft Help

2014-11-12 22:24 - 2014-07-18 11:18 - 00000000 ____D () C:\Windows\system32\MRT

2014-11-12 22:20 - 2014-07-18 11:18 - 100445232 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2014-11-03 21:31 - 2014-07-29 17:56 - 00000000 ____D () C:\Program Files\World of Warcraft
 

Some content of TEMP:

====================

C:\Users\Valued\AppData\Local\Temp\APNSetup.exe

C:\Users\Valued\AppData\Local\Temp\AutoRun.exe

C:\Users\Valued\AppData\Local\Temp\AutoRunGUI.dll

C:\Users\Valued\AppData\Local\Temp\BackupSetup.exe

C:\Users\Valued\AppData\Local\Temp\drm_dyndata_7270012.dll

C:\Users\Valued\AppData\Local\Temp\Fx6_FF_IE_Setup-Softonic.exe

C:\Users\Valued\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe

C:\Users\Valued\AppData\Local\Temp\LlGJ3.exe

C:\Users\Valued\AppData\Local\Temp\nsu84CE.exe

C:\Users\Valued\AppData\Local\Temp\nsuB14E.exe

C:\Users\Valued\AppData\Local\Temp\optprosetup.exe

C:\Users\Valued\AppData\Local\Temp\Quarantine.exe

C:\Users\Valued\AppData\Local\Temp\sdanircmdc.exe

C:\Users\Valued\AppData\Local\Temp\sdapskill.exe

C:\Users\Valued\AppData\Local\Temp\sdaspwn.exe

C:\Users\Valued\AppData\Local\Temp\SnJe0.dll

C:\Users\Valued\AppData\Local\Temp\SnJe0.exe

C:\Users\Valued\AppData\Local\Temp\sqlite3.dll

C:\Users\Valued\AppData\Local\Temp\swt-win32-3349.dll

C:\Users\Valued\AppData\Local\Temp\uttB1BA.tmp.exe

C:\Users\Valued\AppData\Local\Temp\vcredist_x86.exe
 
 

==================== Bamital & volsnap Check =================
 

(There is no automatic fix for files that do not pass verification.)
 

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\system32\winlogon.exe => File is digitally signed

C:\Windows\system32\wininit.exe => File is digitally signed

C:\Windows\system32\svchost.exe => File is digitally signed

C:\Windows\system32\services.exe => File is digitally signed

C:\Windows\system32\User32.dll => File is digitally signed

C:\Windows\system32\userinit.exe => File is digitally signed

C:\Windows\system32\rpcss.dll => File is digitally signed

C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 

LastRegBack: 2014-11-25 03:12
 

==================== End Of Log ============================

--- --- ---

--- --- ---
ich befürchte dass das so nicht richtig ist aber ich weiss nicht wie ich das anders dazwischen setzen soll

Code:

C:\Users\Valued\Desktop

Hallo,

doch, das war zu 50 % richtig. Bitte poste mir auch die addition.txt in Code-Tags. Hast du vom Adwarecleaner ein Log? Wenn ja bitte posten. Danke.

Code:

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 02-12-2014 01

Ran by Valued at 2014-12-03 01:40:03

Running from C:\Users\Valued\Downloads

Boot Mode: Normal

==========================================================
 
 

==================== Security Center ========================
 

(If an entry is included in the fixlist, it will be removed.)
 

AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}

AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 

==================== Installed Programs ======================
 

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 

µTorrent (HKU\S-1-5-21-696682072-1263834437-1863564307-1000\...\uTorrent) (Version: 3.4.2.32549 - BitTorrent Inc.)

Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.239 - Adobe Systems Incorporated)

Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.239 - Adobe Systems Incorporated)

Adobe Reader XI (11.0.09) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)

Adobe Shockwave Player 11.5 (HKLM\...\Adobe Shockwave Player) (Version: 11.5.9.620 - Adobe Systems, Inc.)

Battle.net (HKLM\...\Battle.net) (Version:  - Blizzard Entertainment)

FUSSBALL MANAGER 07 (HKLM\...\{3EE2F527-F306-49E9-0086-662C337ADD3B}) (Version:  - )

Google Chrome (HKLM\...\Google Chrome) (Version: 35.0.1916.114 - Google Inc.)

Google Update Helper (Version: 1.3.24.7 - Google Inc.) Hidden

Java 7 Update 71 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)

McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)

Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)

Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)

Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)

Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)

Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)

Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)

Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Mozilla Firefox 32.0.1 (x86 de) (HKLM\...\Mozilla Firefox 32.0.1 (x86 de)) (Version: 32.0.1 - Mozilla)

Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)

MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)

MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)

Nero 8 Essentials (HKLM\...\{DFF2C5A9-833C-4459-8494-D93D00F21031}) (Version: 8.10.129 - Nero AG)

Pando Media Booster (HKLM\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.7 - Pando Networks Inc.)

PokerStars.eu (HKLM\...\PokerStars.eu) (Version:  - PokerStars.eu)

Ragnarök Online (HKLM\...\{55725CAB-ED4D-4169-A22E-20249EFCF2B5}) (Version: 14.1 - Gravity)

ShotOnline (HKLM\...\ShotOnline) (Version: 1.0 - OnNet)

TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.15 - TeamSpeak Systems GmbH)

Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)

Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)

Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version:  - Microsoft)

Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)

Update für Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)

VCRedistSetup (Version: 1.0.0 - Nero AG) Hidden

WinRAR archiver (HKLM\...\WinRAR archiver) (Version:  - )

World of Warcraft (HKLM\...\World of Warcraft) (Version:  - Blizzard Entertainment)
 

==================== Custom CLSID (selected items): ==========================
 

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 

CustomCLSID: HKU\S-1-5-21-696682072-1263834437-1863564307-1000_Classes\CLSID\{31261F21-2B16-45EE-BEAB-07C4CFA18B65}\InprocServer32 -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 

==================== Restore Points  =========================
 

16-11-2014 00:56:44 Windows Update

19-11-2014 12:50:51 Windows Update

20-11-2014 00:48:44 Windows Update

23-11-2014 19:33:53 Windows Update

26-11-2014 23:33:46 Windows Update

30-11-2014 13:02:37 Windows Update
 

==================== Hosts content: ==========================
 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 

2009-07-14 03:04 - 2009-06-10 22:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 

==================== Scheduled Tasks (whitelisted) =============
 

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 

Task: {24077FE8-B7DB-4105-A0E7-727031B78A83} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-09-15] (Google Inc.)

Task: {C67125D9-DF29-46A5-AA6C-F2480610326B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-09-15] (Google Inc.)

Task: {CA2C21F1-9026-4B41-9EE5-EF486353E9D7} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-26] (Adobe Systems Incorporated)
 

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
 

==================== Loaded Modules (whitelisted) =============
 

2014-09-14 17:57 - 2014-08-28 08:16 - 00628736 _____ () C:\Users\Valued\AppData\Roaming\HTThread\hb.exe

2014-09-14 17:57 - 2014-09-14 17:57 - 00374272 _____ () C:\Users\Valued\AppData\Roaming\HTThread\sub\default.dll

2014-12-02 21:05 - 2014-12-02 21:05 - 26065408 _____ () C:\Program Files\Battle.net\Battle.net.5325\libcef.dll

2014-12-02 21:05 - 2014-12-02 21:05 - 00739840 _____ () C:\Program Files\Battle.net\Battle.net.5325\libGLESv2.dll

2014-12-02 21:05 - 2014-12-02 21:05 - 00907264 _____ () C:\Program Files\Battle.net\Battle.net.5325\platforms\qwindows.dll

2014-12-02 21:05 - 2014-12-02 21:05 - 00130048 _____ () C:\Program Files\Battle.net\Battle.net.5325\libEGL.dll

2014-12-02 21:05 - 2014-12-02 21:05 - 00020992 _____ () C:\Program Files\Battle.net\Battle.net.5325\imageformats\qgif.dll

2014-12-02 21:05 - 2014-12-02 21:05 - 00021504 _____ () C:\Program Files\Battle.net\Battle.net.5325\imageformats\qico.dll

2014-12-02 21:05 - 2014-12-02 21:05 - 00205312 _____ () C:\Program Files\Battle.net\Battle.net.5325\imageformats\qjpeg.dll

2014-12-02 21:05 - 2014-12-02 21:05 - 00225792 _____ () C:\Program Files\Battle.net\Battle.net.5325\imageformats\qmng.dll

2014-12-02 21:05 - 2014-12-02 21:05 - 00015872 _____ () C:\Program Files\Battle.net\Battle.net.5325\imageformats\qsvg.dll

2014-12-02 21:05 - 2014-12-02 21:05 - 00312832 _____ () C:\Program Files\Battle.net\Battle.net.5325\imageformats\qtiff.dll

2014-12-02 21:05 - 2014-12-02 21:05 - 00010240 _____ () C:\Program Files\Battle.net\Battle.net.5325\qml\QtQuick.2\qtquick2plugin.dll

2014-12-02 21:05 - 2014-12-02 21:05 - 00054272 _____ () C:\Program Files\Battle.net\Battle.net.5325\qml\QtQuick\Layouts\qquicklayoutsplugin.dll

2014-12-02 21:05 - 2014-12-02 21:05 - 00010240 _____ () C:\Program Files\Battle.net\Battle.net.5325\qml\QtQml\Models.2\modelsplugin.dll

2014-11-26 00:15 - 2014-11-26 00:15 - 16841392 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_239.dll

2014-09-15 01:55 - 2014-05-14 00:40 - 00716616 _____ () C:\Program Files\Google\Chrome\Application\35.0.1916.114\libglesv2.dll

2014-09-15 01:55 - 2014-05-14 00:40 - 00126280 _____ () C:\Program Files\Google\Chrome\Application\35.0.1916.114\libegl.dll

2014-09-15 01:55 - 2014-05-14 00:40 - 04217672 _____ () C:\Program Files\Google\Chrome\Application\35.0.1916.114\pdf.dll

2014-09-15 01:55 - 2014-05-14 00:40 - 00414536 _____ () C:\Program Files\Google\Chrome\Application\35.0.1916.114\ppGoogleNaClPluginChrome.dll

2014-09-15 01:55 - 2014-05-14 00:40 - 01732424 _____ () C:\Program Files\Google\Chrome\Application\35.0.1916.114\ffmpegsumo.dll

2014-09-15 01:55 - 2014-05-14 00:40 - 13695816 _____ () C:\Program Files\Google\Chrome\Application\35.0.1916.114\PepperFlash\pepflashplayer.dll
 

==================== Alternate Data Streams (whitelisted) =========
 

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 

==================== Safe Mode (whitelisted) ===================
 

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 

==================== EXE Association (whitelisted) =============
 

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 

==================== MSCONFIG/TASK MANAGER disabled items =========
 

(Currently there is no automatic fix for this section.)
 
 

========================= Accounts: ==========================
 

Administrator (S-1-5-21-696682072-1263834437-1863564307-500 - Administrator - Disabled)

Gast (S-1-5-21-696682072-1263834437-1863564307-501 - Limited - Disabled)

HomeGroupUser$ (S-1-5-21-696682072-1263834437-1863564307-1002 - Limited - Enabled)

Valued (S-1-5-21-696682072-1263834437-1863564307-1000 - Administrator - Enabled) => C:\Users\Valued
 

==================== Faulty Device Manager Devices =============
 
 

==================== Event log errors: =========================
 

Application errors:

==================

Error: (12/03/2014 00:59:06 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 

System errors:

=============
 

Microsoft Office Sessions:

=========================
 

==================== Memory info =========================== 
 

Processor: AMD Athlon(tm) X2 240 Processor

Percentage of memory in use: 51%

Total physical RAM: 3455.18 MB

Available physical RAM: 1662.3 MB

Total Pagefile: 6908.65 MB

Available Pagefile: 4887.82 MB

Total Virtual: 2047.88 MB

Available Virtual: 1899.76 MB
 

==================== Drives ================================
 

Drive c: () (Fixed) (Total:146.5 GB) (Free:76.53 GB) NTFS

Drive d: (MANAGER07) (CDROM) (Total:3.56 GB) (Free:0 GB) UDF

Drive j: (Volume) (Fixed) (Total:319.16 GB) (Free:319.06 GB) NTFS
 

==================== MBR & Partition Table ==================
 

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 70089CC6)

Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=146.5 GB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=319.2 GB) - (Type=07 NTFS)
 

==================== End Of Log ============================

Hallo

was sind das für Setupdateien in deinem Downloadordner?

Bitte zukünftig nichts mehr von softonic laden, bei Chip aufpassen, was du lädst und ohne Installer, immer vom Hersteller und genau lesen, was du runterlädst und was in den Nutzungsbedingungen steht.

Wie sieht es nach diesen Schritten aus?

Schritt 1

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

HKU\S-1-5-21-696682072-1263834437-1863564307-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.giga.de/

FF Extension: antmarkantcom - C:\Users\Valued\AppData\Roaming\Mozilla\Firefox\Profiles\xyoietf1.default\Extensions\antmark@ant.com [2014-10-29]

FF Extension: Foxy-Secure v7 - C:\Users\Valued\AppData\Roaming\Mozilla\Firefox\Profiles\xyoietf1.default\Extensions\fox@foxy.sec.com [2014-09-14]

CHR Extension: (topbuyer) - C:\Users\Valued\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcgppoehhninggfjpddhchoeknonfgmm [2014-10-27]

emptytemp:

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Schritt 2
Downloade Dir bitte Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad.
Starte Malwarebytes' Anti-Malware (MBAM).
Sollte die Benutzeroberfläche noch in Englisch sein, klicke auf Settings und wähle bei Language Deutsch aus.
Klicke im Anschluss auf Suchlauf, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf jetzt starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Aktionen anwenden.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Suchlauf-Protokoll aus und klicke auf Ansicht. Wähle Exportieren auf Textdatei (.txt) und speichere die Datei als mbam.txt auf dem Desktop ab.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Schritt 3
Starte noch einmal FRST.

Ändere keine der Voreinstellungen und drücke auf Scan.
Wenn der Scan abgeschlossen ist, wird ein neues Logfile FRST.txt erstellt und auf dem Desktop gespeichert.
Poste den Inhalt dieses Logfiles bitte hier in deinen Thread.

Code:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 03-12-2014

Ran by Valued at 2014-12-04 00:55:13 Run:1

Running from C:\Users\Valued\Downloads\FRST-OlderVersion

Loaded Profile: Valued (Available profiles: Valued)

Boot Mode: Normal
 

==============================================
 

Content of fixlist:

*****************

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

HKU\S-1-5-21-696682072-1263834437-1863564307-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.giga.de/

FF Extension: antmarkantcom - C:\Users\Valued\AppData\Roaming\Mozilla\Firefox\Profiles\xyoietf1.default\Extensions\antmark@ant.com [2014-10-29]

FF Extension: Foxy-Secure v7 - C:\Users\Valued\AppData\Roaming\Mozilla\Firefox\Profiles\xyoietf1.default\Extensions\fox@foxy.sec.com [2014-09-14]

CHR Extension: (topbuyer) - C:\Users\Valued\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcgppoehhninggfjpddhchoeknonfgmm [2014-10-27]

emptytemp:

*****************
 

"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.

HKU\S-1-5-21-696682072-1263834437-1863564307-1000\Software\Microsoft\Internet Explorer\Main\\Secondary Start Pages => value deleted successfully.

C:\Users\Valued\AppData\Roaming\Mozilla\Firefox\Profiles\xyoietf1.default\Extensions\antmark@ant.com => Moved successfully.

C:\Users\Valued\AppData\Roaming\Mozilla\Firefox\Profiles\xyoietf1.default\Extensions\fox@foxy.sec.com => Moved successfully.

C:\Users\Valued\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcgppoehhninggfjpddhchoeknonfgmm => Moved successfully.

EmptyTemp: => Removed 993.9 MB temporary data.
 
 

The system needed a reboot. 
 

==== End of Fixlog ====

Code:

Malwarebytes Anti-Malware

www.malwarebytes.org
 
 

Protection, 04.12.2014 01:06:55, SYSTEM, VALUED-PC, Protection, Malware Protection, Starting, 

Protection, 04.12.2014 01:06:55, SYSTEM, VALUED-PC, Protection, Malware Protection, Started, 

Protection, 04.12.2014 01:06:56, SYSTEM, VALUED-PC, Protection, Malicious Website Protection, Starting, 

Update, 04.12.2014 01:06:57, SYSTEM, VALUED-PC, Manual, Rootkit Database, 2014.11.18.1, 2014.12.3.1, 

Update, 04.12.2014 01:06:58, SYSTEM, VALUED-PC, Manual, Malware Database, 2014.11.20.6, 2014.12.3.13, 

Protection, 04.12.2014 01:06:58, SYSTEM, VALUED-PC, Protection, Refresh, Starting, 

Protection, 04.12.2014 01:07:25, SYSTEM, VALUED-PC, Protection, Malicious Website Protection, Started, 

Protection, 04.12.2014 01:07:25, SYSTEM, VALUED-PC, Protection, Malicious Website Protection, Stopping, 

Protection, 04.12.2014 01:07:25, SYSTEM, VALUED-PC, Protection, Malicious Website Protection, Stopped, 

Protection, 04.12.2014 01:07:31, SYSTEM, VALUED-PC, Protection, Refresh, Success, 

Protection, 04.12.2014 01:07:31, SYSTEM, VALUED-PC, Protection, Malicious Website Protection, Starting, 

Protection, 04.12.2014 01:07:31, SYSTEM, VALUED-PC, Protection, Malicious Website Protection, Started, 

Scan, 04.12.2014 01:18:04, SYSTEM, VALUED-PC, Manual, Start: % 1 "% 2", Dauer: % 1 min 9 Sekunden, Bedrohungs-Suchlauf, Abgeschlossen, 0 Malwareerkennung, 64-Malwareerkennung, 

Protection, 04.12.2014 01:20:44, SYSTEM, VALUED-PC, Protection, Malware Protection, Starting, 

Protection, 04.12.2014 01:20:44, SYSTEM, VALUED-PC, Protection, Malware Protection, Started, 

Protection, 04.12.2014 01:20:44, SYSTEM, VALUED-PC, Protection, Malicious Website Protection, Starting, 

Protection, 04.12.2014 01:21:16, SYSTEM, VALUED-PC, Protection, Malicious Website Protection, Started, 

Detection, 04.12.2014 01:21:43, SYSTEM, VALUED-PC, Protection, Malicious Website Protection, IP, 5.153.38.134, unc.yaarop.com, 49341, Outbound, C:\Program Files\Google\Chrome\Application\chrome.exe, 

Detection, 04.12.2014 01:21:43, SYSTEM, VALUED-PC, Protection, Malicious Website Protection, IP, 5.153.38.134, unc.yaarop.com, 49341, Outbound, C:\Program Files\Google\Chrome\Application\chrome.exe, 

Detection, 04.12.2014 01:21:44, SYSTEM, VALUED-PC, Protection, Malicious Website Protection, IP, 5.153.38.134, unc.yaarop.com, 49342, Outbound, C:\Program Files\Google\Chrome\Application\chrome.exe, 

Detection, 04.12.2014 01:21:44, SYSTEM, VALUED-PC, Protection, Malicious Website Protection, IP, 5.153.38.134, unc.yaarop.com, 49343, Outbound, C:\Program Files\Google\Chrome\Application\chrome.exe, 

Detection, 04.12.2014 01:21:44, SYSTEM, VALUED-PC, Protection, Malicious Website Protection, IP, 5.153.38.134, unc.yaarop.com, 49361, Outbound, C:\Program Files\Google\Chrome\Application\chrome.exe, 

Detection, 04.12.2014 01:22:09, SYSTEM, VALUED-PC, Protection, Malicious Website Protection, IP, 5.153.38.134, unc.yaarop.com, 49538, Outbound, C:\Program Files\Google\Chrome\Application\chrome.exe, 

Detection, 04.12.2014 01:22:10, SYSTEM, VALUED-PC, Protection, Malicious Website Protection, IP, 5.153.38.134, unc.yaarop.com, 49539, Outbound, C:\Program Files\Google\Chrome\Application\chrome.exe, 

Detection, 04.12.2014 01:22:12, SYSTEM, VALUED-PC, Protection, Malicious Website Protection, IP, 5.153.38.134, unc.yaarop.com, 49555, Outbound, C:\Program Files\Google\Chrome\Application\chrome.exe, 

Detection, 04.12.2014 01:22:13, SYSTEM, VALUED-PC, Protection, Malicious Website Protection, IP, 5.153.38.134, unc.yaarop.com, 49556, Outbound, C:\Program Files\Google\Chrome\Application\chrome.exe, 

Detection, 04.12.2014 01:22:13, SYSTEM, VALUED-PC, Protection, Malicious Website Protection, IP, 5.153.38.134, unc.yaarop.com, 49557, Outbound, C:\Program Files\Google\Chrome\Application\chrome.exe, 

Detection, 04.12.2014 01:22:13, SYSTEM, VALUED-PC, Protection, Malicious Website Protection, IP, 5.153.38.134, unc.yaarop.com, 49558, Outbound, C:\Program Files\Google\Chrome\Application\chrome.exe, 

Detection, 04.12.2014 01:22:21, SYSTEM, VALUED-PC, Protection, Malicious Website Protection, IP, 54.148.19.170, sunusadirgrab.com, 49605, Outbound, C:\Program Files\Google\Chrome\Application\chrome.exe, 

Detection, 04.12.2014 01:22:22, SYSTEM, VALUED-PC, Protection, Malicious Website Protection, IP, 54.148.19.170, sunusadirgrab.com, 49605, Outbound, C:\Program Files\Google\Chrome\Application\chrome.exe, 

Detection, 04.12.2014 01:22:22, SYSTEM, VALUED-PC, Protection, Malicious Website Protection, IP, 54.148.19.170, sunusadirgrab.com, 49606, Outbound, C:\Program Files\Google\Chrome\Application\chrome.exe, 

Detection, 04.12.2014 01:22:22, SYSTEM, VALUED-PC, Protection, Malicious Website Protection, IP, 54.148.19.170, sunusadirgrab.com, 49607, Outbound, C:\Program Files\Google\Chrome\Application\chrome.exe, 

Detection, 04.12.2014 01:22:22, SYSTEM, VALUED-PC, Protection, Malicious Website Protection, IP, 54.148.19.170, sunusadirgrab.com, 49608, Outbound, C:\Program Files\Google\Chrome\Application\chrome.exe, 

Detection, 04.12.2014 01:22:24, SYSTEM, VALUED-PC, Protection, Malicious Website Protection, IP, 54.148.19.170, sunusadirgrab.com, 49629, Outbound, C:\Program Files\Google\Chrome\Application\chrome.exe, 

Detection, 04.12.2014 01:22:25, SYSTEM, VALUED-PC, Protection, Malicious Website Protection, IP, 54.148.19.170, sunusadirgrab.com, 49642, Outbound, C:\Program Files\Google\Chrome\Application\chrome.exe, 
 

(end)

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 03-12-2014

Ran by Valued (administrator) on VALUED-PC on 04-12-2014 01:27:21

Running from C:\Users\Valued\Downloads\FRST-OlderVersion

Loaded Profile: Valued (Available profiles: Valued)

Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)

Internet Explorer Version 11

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 

==================== Processes (Whitelisted) =================
 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe

() C:\Users\Valued\AppData\Roaming\HTThread\hb.exe

(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe

(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe

(Nero AG) C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe

(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe

(Nero AG) C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe

(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe

(Blizzard Entertainment) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe

(Blizzard Entertainment) C:\Program Files\Battle.net\Battle.net.5325\Battle.net.exe

(Nero AG) C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

(Nero AG) C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 

==================== Registry (Whitelisted) ==================
 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 

HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)

HKLM\...\Run: [NeroFilterCheck] => C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe [153136 2007-03-01] (Nero AG)

HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)

HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [974432 2014-08-22] (Microsoft Corporation)

HKU\S-1-5-21-696682072-1263834437-1863564307-1000\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe [202024 2007-10-15] (Nero AG)

HKU\S-1-5-21-696682072-1263834437-1863564307-1000\...\Run: [Battle.net] => C:\Program Files\Battle.net\Battle.net Launcher.exe [2864688 2014-12-02] (Blizzard Entertainment)

HKU\S-1-5-21-696682072-1263834437-1863564307-1000\...\MountPoints2: {add2a79b-0e58-11e4-bdf3-806e6f6e6963} - D:\Autorun.exe

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk

ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
 

==================== Internet (Whitelisted) ====================
 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 

SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

BHO: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)

BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_71-windows-i586.cab

DPF: {CAFEEFAC-0017-0000-0071-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_71-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_71-windows-i586.cab

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 192.168.0.2
 

FireFox:

========

FF ProfilePath: C:\Users\Valued\AppData\Roaming\Mozilla\Firefox\Profiles\xyoietf1.default

FF SelectedSearchEngine: StartWeb

FF Homepage: 

FF SelectedSearchEngine: 

FF DefaultSearchEngine: 

FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_239.dll ()

FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF Plugin: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll No File

FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

FF Plugin: @pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Plugin HKU\S-1-5-21-696682072-1263834437-1863564307-1000: pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF Extension: Adblock Plus - C:\Users\Valued\AppData\Roaming\Mozilla\Firefox\Profiles\xyoietf1.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-07-18]

FF HKU\S-1-5-21-696682072-1263834437-1863564307-1000\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi

FF Extension: No Name - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]

FF Extension: No Name - C:\Users\Valued\AppData\Roaming\Mozilla\Firefox\Profiles\xyoietf1.default\extensions\fox@foxy.sec.com [Not Found]

FF Extension: No Name - C:\Users\Valued\AppData\Roaming\Mozilla\Firefox\Profiles\xyoietf1.default\extensions\faststartff@gmail.com [Not Found]

FF Extension: No Name - C:\Users\Valued\AppData\Roaming\Mozilla\Firefox\Profiles\xyoietf1.default\extensions\wrigtdamon@yahoo.com [Not Found]

FF Extension: No Name - C:\Users\Valued\AppData\Roaming\Mozilla\Firefox\Profiles\xyoietf1.default\extensions\antmark@ant.com [Not Found]
 

Chrome: 

=======

CHR dev: Chrome dev build detected! <======= ATTENTION

CHR HomePage: Default -> 

CHR Profile: C:\Users\Valued\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Valued\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-12-04]

CHR Extension: (Google Wallet) - C:\Users\Valued\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-09-15]

CHR Extension: (No Name) - C:\Users\Valued\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-09-15]
 

========================== Services (Whitelisted) =================
 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 

R2 HTService; C:\Users\Valued\AppData\Roaming\HTThread\hb.exe [628736 2014-08-28] () [File not signed]

R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)

R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)

S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [235696 2014-04-09] (McAfee, Inc.)

R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22192 2014-08-22] (Microsoft Corporation)

R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [288120 2014-08-22] (Microsoft Corporation)

S3 npggsvc; C:\Windows\system32\GameMon.des [3040008 2014-06-12] (INCA Internet Co., Ltd.)
 

==================== Drivers (Whitelisted) ====================
 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-11-21] (Malwarebytes Corporation)

R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2014-12-04] (Malwarebytes Corporation)

R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-11-21] (Malwarebytes Corporation)

R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231800 2014-07-17] (Microsoft Corporation)
 

==================== NetSvcs (Whitelisted) ===================
 
 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 

==================== One Month Created Files and Folders ========
 

(If an entry is included in the fixlist, the file\folder will be moved.)
 

2014-12-04 01:25 - 2014-12-04 01:25 - 00005486 _____ () C:\Users\Valued\Desktop\mbam.txt

2014-12-04 01:06 - 2014-12-04 01:21 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-12-04 01:06 - 2014-12-04 01:06 - 00001060 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-12-04 01:06 - 2014-12-04 01:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2014-12-04 01:06 - 2014-12-04 01:06 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-12-04 01:06 - 2014-12-04 01:06 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware

2014-12-04 01:06 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2014-12-04 01:06 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2014-12-04 01:06 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2014-12-04 01:05 - 2014-12-04 01:05 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Valued\Downloads\mbam-setup-2.0.4.1028.exe

2014-12-04 00:51 - 2014-12-04 00:51 - 01110016 _____ (Farbar) C:\Users\Valued\Downloads\FRST (1).exe

2014-12-04 00:46 - 2014-12-04 01:27 - 00000000 ____D () C:\Users\Valued\Downloads\FRST-OlderVersion

2014-12-03 01:40 - 2014-12-03 01:40 - 00013146 _____ () C:\Users\Valued\Desktop\Addition.txt

2014-12-03 01:38 - 2014-12-04 01:27 - 00000000 ____D () C:\FRST

2014-12-03 01:38 - 2014-12-03 01:40 - 00026469 _____ () C:\Users\Valued\Desktop\FRST.txt

2014-12-03 01:37 - 2014-12-04 00:46 - 01110016 _____ (Farbar) C:\Users\Valued\Downloads\FRST.exe

2014-12-03 01:35 - 2014-12-03 01:35 - 00076240 _____ () C:\Users\Valued\Downloads\FLVPlayer-Chrome.exe

2014-12-03 00:34 - 2014-12-03 00:34 - 01115088 _____ () C:\Users\Valued\Downloads\Setup (55).exe

2014-12-03 00:28 - 2014-12-03 00:28 - 01115072 _____ () C:\Users\Valued\Downloads\Setup (54).exe

2014-12-03 00:08 - 2014-12-03 00:08 - 01115088 _____ () C:\Users\Valued\Downloads\Setup (53).exe

2014-12-03 00:06 - 2014-12-03 00:06 - 00002175 _____ () C:\Users\Valued\Desktop\JRT.txt

2014-12-03 00:05 - 2014-12-03 00:05 - 00000000 ____D () C:\Windows\ERUNT

2014-12-03 00:04 - 2014-12-03 00:04 - 01707646 _____ (Thisisu) C:\Users\Valued\Downloads\JRT.exe

2014-12-02 23:53 - 2014-12-02 23:56 - 00000000 ____D () C:\AdwCleaner

2014-12-02 23:53 - 2014-12-02 23:53 - 02154496 _____ () C:\Users\Valued\Downloads\AdwCleaner_4.103.exe

2014-12-02 23:51 - 2014-12-02 23:51 - 00783352 _____ (Elex do Brasil Participações Ltda) C:\Users\Valued\Downloads\yet_another_cleaner_kwo (2).exe

2014-12-02 23:51 - 2014-12-02 23:51 - 00783352 _____ (Elex do Brasil Participações Ltda) C:\Users\Valued\Downloads\yet_another_cleaner_kwo (1).exe

2014-12-02 23:49 - 2014-12-02 23:49 - 00783352 _____ (Elex do Brasil Participações Ltda) C:\Users\Valued\Downloads\yet_another_cleaner_kwo.exe

2014-12-02 22:29 - 2014-12-02 22:29 - 01115064 _____ () C:\Users\Valued\Downloads\Setup (52).exe

2014-12-02 22:27 - 2014-12-02 22:27 - 01115072 _____ () C:\Users\Valued\Downloads\Setup (51).exe

2014-12-02 22:26 - 2014-12-02 22:26 - 01115072 _____ () C:\Users\Valued\Downloads\Setup (50).exe

2014-12-02 22:26 - 2014-12-02 22:26 - 01115072 _____ () C:\Users\Valued\Downloads\Setup (49).exe

2014-12-02 22:23 - 2014-12-02 22:23 - 01115080 _____ () C:\Users\Valued\Downloads\Setup (48).exe

2014-12-02 22:23 - 2014-12-02 22:23 - 01115072 _____ () C:\Users\Valued\Downloads\Setup (47).exe

2014-11-19 13:47 - 2014-11-19 13:47 - 00000000 __SHD () C:\Users\Valued\AppData\Local\EmieBrowserModeList

2014-11-19 13:45 - 2014-11-11 03:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll

2014-11-19 13:45 - 2014-11-11 03:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll

2014-11-12 11:00 - 2014-11-07 20:23 - 00341168 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll

2014-11-12 11:00 - 2014-11-06 04:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-11-12 11:00 - 2014-11-06 04:28 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll

2014-11-12 11:00 - 2014-11-06 04:13 - 00501248 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2014-11-12 11:00 - 2014-11-06 04:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2014-11-12 11:00 - 2014-11-06 04:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll

2014-11-12 11:00 - 2014-11-06 04:10 - 19781632 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-11-12 11:00 - 2014-11-06 04:10 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll

2014-11-12 11:00 - 2014-11-06 04:05 - 02277376 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2014-11-12 11:00 - 2014-11-06 04:04 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2014-11-12 11:00 - 2014-11-06 04:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2014-11-12 11:00 - 2014-11-06 04:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2014-11-12 11:00 - 2014-11-06 03:59 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2014-11-12 11:00 - 2014-11-06 03:59 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe

2014-11-12 11:00 - 2014-11-06 03:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll

2014-11-12 11:00 - 2014-11-06 03:51 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe

2014-11-12 11:00 - 2014-11-06 03:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2014-11-12 11:00 - 2014-11-06 03:42 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll

2014-11-12 11:00 - 2014-11-06 03:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2014-11-12 11:00 - 2014-11-06 03:36 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2014-11-12 11:00 - 2014-11-06 03:34 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2014-11-12 11:00 - 2014-11-06 03:22 - 00688640 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2014-11-12 11:00 - 2014-11-06 03:22 - 00683008 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2014-11-12 11:00 - 2014-11-06 03:21 - 04298240 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2014-11-12 11:00 - 2014-11-06 03:21 - 02051072 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2014-11-12 11:00 - 2014-11-06 03:20 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll

2014-11-12 11:00 - 2014-11-06 03:03 - 12819456 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2014-11-12 11:00 - 2014-11-06 02:52 - 01892864 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2014-11-12 11:00 - 2014-11-06 02:48 - 01310208 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2014-11-12 11:00 - 2014-11-06 02:47 - 00708096 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2014-11-12 11:00 - 2014-11-05 18:50 - 00254464 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll

2014-11-12 11:00 - 2014-11-05 18:50 - 00203776 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll

2014-11-12 11:00 - 2014-11-05 18:47 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll

2014-11-12 11:00 - 2014-10-25 02:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll

2014-11-12 11:00 - 2014-10-18 02:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll

2014-11-12 11:00 - 2014-10-14 02:56 - 00136632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys

2014-11-12 11:00 - 2014-10-14 02:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll

2014-11-12 11:00 - 2014-10-14 02:50 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll

2014-11-12 11:00 - 2014-10-14 02:50 - 00523776 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll

2014-11-12 11:00 - 2014-10-14 02:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll

2014-11-12 11:00 - 2014-10-14 02:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll

2014-11-12 11:00 - 2014-10-10 01:45 - 02379264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2014-11-12 11:00 - 2014-10-03 02:44 - 00475136 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll

2014-11-12 11:00 - 2014-10-03 02:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll

2014-11-12 11:00 - 2014-10-03 02:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll

2014-11-12 11:00 - 2014-10-03 02:44 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll

2014-11-12 11:00 - 2014-10-03 02:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll

2014-11-12 11:00 - 2014-09-19 10:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll

2014-11-12 11:00 - 2014-09-19 10:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll

2014-11-12 11:00 - 2014-09-19 10:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll

2014-11-12 11:00 - 2014-09-19 10:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll

2014-11-12 11:00 - 2014-09-19 10:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll

2014-11-12 11:00 - 2014-09-19 10:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll

2014-11-12 11:00 - 2014-08-21 07:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll

2014-11-12 11:00 - 2014-08-21 07:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll

2014-11-12 11:00 - 2014-08-12 02:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
 

==================== One Month Modified Files and Folders =======
 

(If an entry is included in the fixlist, the file\folder will be moved.)
 

2014-12-04 01:27 - 2014-07-29 17:55 - 00000000 ____D () C:\Users\Valued\AppData\Local\Battle.net

2014-12-04 01:25 - 2010-11-20 22:01 - 01618320 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-12-04 01:24 - 2014-07-18 09:54 - 01731442 _____ () C:\Windows\WindowsUpdate.log

2014-12-04 01:20 - 2014-09-15 01:55 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-12-04 01:20 - 2010-11-20 22:48 - 00033964 _____ () C:\Windows\PFRO.log

2014-12-04 01:20 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-12-04 01:20 - 2009-07-14 05:52 - 00000000 ____D () C:\Windows\Offline Web Pages

2014-12-04 01:20 - 2009-07-14 05:39 - 00039306 _____ () C:\Windows\setupact.log

2014-12-04 01:15 - 2014-07-19 19:50 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2014-12-04 01:04 - 2014-09-15 01:55 - 00002121 _____ () C:\Users\Public\Desktop\Google Chrome.lnk

2014-12-04 01:04 - 2014-09-15 01:55 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-12-04 01:04 - 2009-07-14 05:34 - 00028128 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-12-04 01:04 - 2009-07-14 05:34 - 00028128 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-12-03 20:37 - 2014-07-29 17:56 - 00000000 ____D () C:\Program Files\World of Warcraft

2014-12-03 19:24 - 2014-10-17 12:56 - 00000000 ____D () C:\Users\Valued\AppData\Local\PokerStars.EU

2014-12-03 17:21 - 2014-09-14 16:16 - 00000000 ____D () C:\Program Files\ShotOnline

2014-12-03 17:15 - 2014-10-19 16:48 - 00000000 ____D () C:\Users\Valued\AppData\Roaming\temp

2014-12-03 01:47 - 2014-09-15 01:54 - 00000000 ____D () C:\Users\Valued\AppData\Local\Adobe

2014-12-02 23:58 - 2014-07-29 17:55 - 00000000 ____D () C:\Program Files\Battle.net

2014-12-02 23:25 - 2014-07-24 21:13 - 00000000 ____D () C:\Users\Valued\AppData\Roaming\uTorrent

2014-11-30 19:01 - 2014-10-17 12:55 - 00000000 ____D () C:\Program Files\PokerStars.EU

2014-11-27 22:46 - 2014-10-15 23:50 - 00000743 _____ () C:\Users\Valued\Desktop\Anime Pirates Client.lnk

2014-11-26 00:15 - 2014-07-19 19:50 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe

2014-11-26 00:15 - 2014-07-18 10:11 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl

2014-11-24 11:17 - 2014-10-19 16:47 - 00000000 ____D () C:\Users\Valued\Documents\FM 07

2014-11-19 23:50 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\NDF

2014-11-13 12:33 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\rescache

2014-11-13 12:03 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Microsoft.NET

2014-11-13 11:35 - 2009-07-14 05:33 - 00406304 _____ () C:\Windows\system32\FNTCACHE.DAT

2014-11-13 11:34 - 2014-07-18 12:52 - 00000000 ___SD () C:\Windows\system32\CompatTel

2014-11-13 11:34 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\de-DE

2014-11-12 22:27 - 2014-07-18 10:24 - 00000000 ____D () C:\ProgramData\Microsoft Help

2014-11-12 22:24 - 2014-07-18 11:18 - 00000000 ____D () C:\Windows\system32\MRT

2014-11-12 22:20 - 2014-07-18 11:18 - 100445232 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
 

==================== Bamital & volsnap Check =================
 

(There is no automatic fix for files that do not pass verification.)
 

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\system32\winlogon.exe => File is digitally signed

C:\Windows\system32\wininit.exe => File is digitally signed

C:\Windows\system32\svchost.exe => File is digitally signed

C:\Windows\system32\services.exe => File is digitally signed

C:\Windows\system32\User32.dll => File is digitally signed

C:\Windows\system32\userinit.exe => File is digitally signed

C:\Windows\system32\rpcss.dll => File is digitally signed

C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 

LastRegBack: 2014-11-25 03:12
 

==================== End Of Log ============================

--- --- ---

Hallo Giroux86,

das ist das Protektionslog von Malwarebytes, bitte poste mir das SuchlaufloG:

Starte Malwarebytes
Gehe nun oben auf Verlauf
links findest du nun die Auswahl Quarantäne und Anwendungsprotokolle
Gehe auf Anwendungsprotokolle
suche hier das letzte Suchlaufsprotokoll und wähle das aus
nun gehe oben auf Ansicht, das Protokoll öffnet sich
unten links steht exportieren, wähle das aus und klicke auf Textdatei
speichere nun das Log unter mbam.txt ab
öffne das Log mit deinem Texteditor
poste mir den Inhalt

Code:

Malwarebytes Anti-Malware

www.malwarebytes.org
 
 

Protection, 05.12.2014 14:25:51, SYSTEM, VALUED-PC, Protection, Malware Protection, Starting, 

Protection, 05.12.2014 14:25:51, SYSTEM, VALUED-PC, Protection, Malware Protection, Started, 

Protection, 05.12.2014 14:25:51, SYSTEM, VALUED-PC, Protection, Malicious Website Protection, Starting, 

Protection, 05.12.2014 14:26:24, SYSTEM, VALUED-PC, Protection, Malicious Website Protection, Started, 

Update, 05.12.2014 15:19:16, SYSTEM, VALUED-PC, Scheduler, Malware Database, 2014.12.4.11, 2014.12.5.5, 

Protection, 05.12.2014 15:19:16, SYSTEM, VALUED-PC, Protection, Refresh, Starting, 

Protection, 05.12.2014 15:19:16, SYSTEM, VALUED-PC, Protection, Malicious Website Protection, Stopping, 

Protection, 05.12.2014 15:19:16, SYSTEM, VALUED-PC, Protection, Malicious Website Protection, Stopped, 

Protection, 05.12.2014 15:19:25, SYSTEM, VALUED-PC, Protection, Refresh, Success, 

Protection, 05.12.2014 15:19:25, SYSTEM, VALUED-PC, Protection, Malicious Website Protection, Starting, 

Protection, 05.12.2014 15:19:25, SYSTEM, VALUED-PC, Protection, Malicious Website Protection, Started, 

Update, 05.12.2014 16:31:17, SYSTEM, VALUED-PC, Scheduler, Malware Database, 2014.12.5.5, 2014.12.5.6, 

Protection, 05.12.2014 16:31:17, SYSTEM, VALUED-PC, Protection, Refresh, Starting, 

Protection, 05.12.2014 16:31:17, SYSTEM, VALUED-PC, Protection, Malicious Website Protection, Stopping, 

Protection, 05.12.2014 16:31:17, SYSTEM, VALUED-PC, Protection, Malicious Website Protection, Stopped, 

Protection, 05.12.2014 16:31:23, SYSTEM, VALUED-PC, Protection, Refresh, Success, 

Protection, 05.12.2014 16:31:23, SYSTEM, VALUED-PC, Protection, Malicious Website Protection, Starting, 

Protection, 05.12.2014 16:31:23, SYSTEM, VALUED-PC, Protection, Malicious Website Protection, Started, 

Update, 05.12.2014 17:31:19, SYSTEM, VALUED-PC, Scheduler, Malware Database, 2014.12.5.6, 2014.12.5.7, 

Protection, 05.12.2014 17:31:19, SYSTEM, VALUED-PC, Protection, Refresh, Starting, 

Protection, 05.12.2014 17:31:19, SYSTEM, VALUED-PC, Protection, Malicious Website Protection, Stopping, 

Protection, 05.12.2014 17:31:19, SYSTEM, VALUED-PC, Protection, Malicious Website Protection, Stopped, 

Protection, 05.12.2014 17:31:25, SYSTEM, VALUED-PC, Protection, Refresh, Success, 

Protection, 05.12.2014 17:31:25, SYSTEM, VALUED-PC, Protection, Malicious Website Protection, Starting, 

Protection, 05.12.2014 17:31:25, SYSTEM, VALUED-PC, Protection, Malicious Website Protection, Started, 
 

(end)

ich hab grad bemerkt dass ich keine werbung mehr erhalte und mein PC nicht mehr auf andere seiten wechselt ist das problem etwa schon behoben?

Hallo,

um das zu sagen würd ich gerne ein Suchlauflog sehen, das ist wieder ein Protektionslog. Liegt dort keins rum, was Suchlaufsprotokoll heißt?

Code:

Malwarebytes Anti-Malware

www.malwarebytes.org
 

Suchlauf Datum: 06.12.2014

Suchlauf-Zeit: 09:30:09

Logdatei: mbam.txt

Administrator: Ja
 

Version: 0.00.0.0000

Malware Datenbank: v2014.12.06.05

Rootkit Datenbank: v2014.12.03.01

Lizenz: Testversion

Malware Schutz: Aktiviert

Bösartiger Webseiten Schutz: Aktiviert

Selbstschutz: Deaktiviert
 

Betriebssystem: Windows 7 Service Pack 1

CPU: x86

Dateisystem: NTFS

Benutzer: Valued
 

Suchlauf-Art: Bedrohungs-Suchlauf

Ergebnis: Abgeschlossen

Durchsuchte Objekte: 290303

Verstrichene Zeit: 8 Min, 48 Sek
 

Speicher: Aktiviert

Autostart: Aktiviert

Dateisystem: Aktiviert

Archive: Aktiviert

Rootkits: Deaktiviert

Heuristik: Aktiviert

PUP: Aktiviert

PUM: Aktiviert
 

Prozesse: 0

(Keine schädliche Elemente erkannt)
 

Module: 0

(Keine schädliche Elemente erkannt)
 

Registrierungsschlüssel: 0

(Keine schädliche Elemente erkannt)
 

Registrierungswerte: 0

(Keine schädliche Elemente erkannt)
 

Registrierungsdaten: 0

(Keine schädliche Elemente erkannt)
 

Ordner: 0

(Keine schädliche Elemente erkannt)
 

Dateien: 0

(Keine schädliche Elemente erkannt)
 

Physische Sektoren: 0

(Keine schädliche Elemente erkannt)
 
 

(end)

Hallo,

danke :)

Was war denn nun mit den unzähligen Setupdateien in deinem Downloadordner?

Schritt 1

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

FF SelectedSearchEngine: StartWeb

FF Homepage: 

FF SelectedSearchEngine: 

FF DefaultSearchEngine: 

FF Extension: No Name - C:\Users\Valued\AppData\Roaming\Mozilla\Firefox\Profiles\xyoietf1.default\extensions\fox@foxy.sec.com [Not Found]

FF Extension: No Name - C:\Users\Valued\AppData\Roaming\Mozilla\Firefox\Profiles\xyoietf1.default\extensions\faststartff@gmail.com [Not Found]

FF Extension: No Name - C:\Users\Valued\AppData\Roaming\Mozilla\Firefox\Profiles\xyoietf1.default\extensions\wrigtdamon@yahoo.com [Not Found]

FF Extension: No Name - C:\Users\Valued\AppData\Roaming\Mozilla\Firefox\Profiles\xyoietf1.default\extensions\antmark@ant.com [Not Found]

CHR Extension: (No Name) - C:\Users\Valued\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-09-15]

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Schritt 2
Da der Scan mit Eset sehr gründlich ist, kann er unter Umständen mehrere Stunden dauern :kaffee:

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Schritt 3
Starte noch einmal FRST.

Setze den Haken bei addition.txt und drücke auf Scan.
Wenn der Scan abgeschlossen ist, werden zwei neue Logfiles FRST.txt und addition.txt erstellt und auf dem Desktop (oder in dem Verzeichnis in dem FRST liegt) gespeichert.
Poste den Inhalt dieser Logfiles bitte hier in deinen Thread.