Nach Winrar installation Pop-ups von Coupon Server in IE und Firefox

#0
08.03.2014, 13:24
Member

Beiträge: 15
#1 Hallo,

ich habe vor einer Woche Winrar auf meinem Computer installiert. Leider habe ich nicht aufgepasst und bei allen Dingen immer ja angeklickt. Es wurden also mehrere Begeleitprogrammen installiert. Diese habe ich bereits wieder deinstalliert und kann mich auch nicht an die Namen erinnern.

Seit diesem Zeitpunkt habe ich ständig Pop-Ups und Werbung (in die Seite integriert) von Coupon Server im Internet Explorer und Firefox. Außerderm wurde bei der Inststallation die Startseite in http://www.browse-search.com/?st=nt&q= umgeändert. Vielleicht hilft diese Info. Auch kommen auch ADS von Spyhunter 4 zum Vorschein.

Anbei die OTL.txt File:

Code

 OTL logfile created on: 08.03.2014 11:17:23 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Fiza\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16518)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,86 Gb Total Physical Memory | 1,80 Gb Available Physical Memory | 46,80% Memory free
12,70 Gb Paging File | 1,51 Gb Available in Paging File | 11,89% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 680,54 Gb Total Space | 594,21 Gb Free Space | 87,31% Space Free | Partition Type: NTFS

Computer Name: FIZA-PC | User Name: Fiza | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - C:\Users\Fiza\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Coupon Server\FrameworkEngine.exe ()
PRC - C:\Program Files (x86)\Bench\Wd\wd.exe ()
PRC - C:\Program Files (x86)\Bench\BService\bservice.exe ()
PRC - C:\Program Files (x86)\LPT\srpts.exe ()
PRC - C:\Program Files (x86)\LPT\srptm.exe ()
PRC - C:\Users\Fiza\AppData\Local\Smartbar\Application\Muvic.exe (Smartbar)
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe (Adobe Systems, Inc.)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\WISO\Steuersoftware 2013\mshaktuell.exe ()
PRC - C:\Program Files (x86)\Canon\SELPHY Photo Print\CIC_SPPhelper.exe (Canon Inc.)
PRC - C:\Program Files (x86)\Launch Manager\LMutilps32.exe (Dritek System Inc.)
PRC - C:\Program Files (x86)\Launch Manager\LMworker.exe (Dritek System Inc.)
PRC - C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.)
PRC - C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
PRC - C:\Program Files (x86)\Acer\Registration\GREGsvc.exe (Acer Incorporated)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe (Acer Incorporated)
PRC - C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe (CyberLink Corp.)
PRC - C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe (NTI Corporation)
PRC - C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (NTI Corporation)
PRC - C:\Programme\Acer\Acer Updater\UpdaterService.exe (Acer Incorporated)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe (Realsil Microelectronics Inc.)
PRC - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
PRC - C:\Program Files (x86)\o2\Mobile Connection Manager\ImpWiFiSvc.exe (Telefónica I+D)
PRC - C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe (Acer Incorporated)


[color=#E56717]========== Modules (No Company Name) ==========[/color]

MOD - C:\Windows\assembly\GAC\Microsoft.VisualStudio.OLE.Interop\7.1.40304.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.OLE.Interop.dll ()
MOD - C:\Windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\Interop.SHDocVw\1.1.0.0__84542ff99aed6a4d\Interop.SHDocVw.dll ()
MOD - C:\Program Files (x86)\Coupon Server\FrameworkEngine.exe ()
MOD - C:\Program Files (x86)\Bench\Wd\wd.exe ()
MOD - C:\Program Files (x86)\Bench\BService\bservice.exe ()
MOD - C:\Program Files (x86)\Bench\BService\bhelper.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\d682d06abf8257c72ce11cefd1d74cf5\CustomMarshalers.ni.dll ()
MOD - C:\Users\Fiza\AppData\Local\Smartbar\Application\srut.dll ()
MOD - C:\Users\Fiza\AppData\Local\Smartbar\Application\srsbs.dll ()
MOD - C:\Users\Fiza\AppData\Local\Smartbar\Application\srom.dll ()
MOD - C:\Users\Fiza\AppData\Local\Smartbar\Application\srpdm.dll ()
MOD - C:\Users\Fiza\AppData\Local\Smartbar\Application\srns.dll ()
MOD - C:\Users\Fiza\AppData\Local\Smartbar\Application\srbu.dll ()
MOD - C:\Users\Fiza\AppData\Local\Smartbar\Application\srau.dll ()
MOD - C:\Users\Fiza\AppData\Local\Smartbar\Application\spbl.dll ()
MOD - C:\Users\Fiza\AppData\Local\Smartbar\Application\sppsm.dll ()
MOD - C:\Users\Fiza\AppData\Local\Smartbar\Application\smta.dll ()
MOD - C:\Users\Fiza\AppData\Local\Smartbar\Application\smtu.dll ()
MOD - C:\Users\Fiza\AppData\Local\Smartbar\Application\Smartbar.Resources.LanguageSettings.dll ()
MOD - C:\Users\Fiza\AppData\Local\Smartbar\Application\Smartbar.Resources.SocialNetsSharer.dll ()
MOD - C:\Users\Fiza\AppData\Local\Smartbar\Application\Smartbar.Resources.HistoryAndStatsWrapper.dll ()
MOD - C:\Users\Fiza\AppData\Local\Smartbar\Application\Smartbar.Personalization.Common.dll ()
MOD - C:\Users\Fiza\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Utilities.dll ()
MOD - C:\Users\Fiza\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Plugins.InternetExplorerLocalPlugin.dll ()
MOD - C:\Users\Fiza\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Core.dll ()
MOD - C:\Users\Fiza\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.BusinessEntities.dll ()
MOD - C:\Users\Fiza\AppData\Local\Smartbar\Application\Smartbar.GUI.MainClient.dll ()
MOD - C:\Users\Fiza\AppData\Local\Smartbar\Application\Smartbar.GUI.Controls.dll ()
MOD - C:\Users\Fiza\AppData\Local\Smartbar\Application\Smartbar.GUI.Docking.dll ()
MOD - C:\Users\Fiza\AppData\Local\Smartbar\Application\sgmu.dll ()
MOD - C:\Users\Fiza\AppData\Local\Smartbar\Application\siem.dll ()
MOD - C:\Users\Fiza\AppData\Local\Smartbar\Application\sgml.dll ()
MOD - C:\Users\Fiza\AppData\Local\Smartbar\Application\MACTrackBarLib.dll ()
MOD - C:\Users\Fiza\AppData\Local\Smartbar\Application\de\Smartbar.Resources.LanguageSettings.resources.dll ()
MOD - C:\Users\Fiza\AppData\Local\Smartbar\Application\AxInterop.WMPLib.dll ()
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\b0f9a4f138cc569a7526f97b93808d3e\System.Web.Services.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\4b1795df6372b251625f958595e08d3d\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\8bc548587e91ecf0552a40e47bbf99cc\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5c24d3b0041ebf4f48a93615b9fa3de9\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\217ece46920546d718414291d463bb1c\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\5b6ddf934128d538cd5cd77bf4209b93\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b3a78269847005365001c33870cd121f\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\ede2c6c842840e009f01bcc74fa4c457\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\WISO\Steuersoftware 2013\wkont13.dll ()
MOD - C:\Program Files (x86)\WISO\Steuersoftware 2013\wfabu13.dll ()
MOD - C:\Program Files (x86)\WISO\Steuersoftware 2013\mshaktuell.exe ()
MOD - C:\Program Files (x86)\WISO\Steuersoftware 2013\wmain13.dll ()
MOD - C:\Program Files (x86)\WISO\Steuersoftware 2013\wimp13.dll ()
MOD - C:\Program Files (x86)\WISO\Steuersoftware 2013\wfvie13.dll ()
MOD - C:\Program Files (x86)\WISO\Steuersoftware 2013\rsodbc48.dll ()
MOD - C:\Program Files (x86)\WISO\Steuersoftware 2013\rsdcom48.dll ()
MOD - C:\Program Files (x86)\WISO\Steuersoftware 2013\whau213.dll ()
MOD - C:\Program Files (x86)\WISO\Steuersoftware 2013\wwerb13.dll ()
MOD - C:\Program Files (x86)\WISO\Steuersoftware 2013\wbae413.dll ()
MOD - C:\Program Files (x86)\WISO\Steuersoftware 2013\wbae113.dll ()
MOD - C:\Program Files (x86)\WISO\Steuersoftware 2013\whau113.dll ()
MOD - C:\Program Files (x86)\WISO\Steuersoftware 2013\wbae313.dll ()
MOD - C:\Program Files (x86)\WISO\Steuersoftware 2013\wbae213.dll ()
MOD - C:\Program Files (x86)\WISO\Steuersoftware 2013\wgui13.dll ()
MOD - C:\Program Files (x86)\WISO\Steuersoftware 2013\wreli13.dll ()
MOD - C:\Program Files (x86)\WISO\Steuersoftware 2013\wcore13.dll ()
MOD - C:\Program Files (x86)\WISO\Steuersoftware 2013\wsteu13.dll ()
MOD - C:\Program Files (x86)\WISO\Steuersoftware 2013\rsguiwinapi48.dll ()
MOD - C:\Program Files (x86)\WISO\Steuersoftware 2013\rscorewinapi48.dll ()
MOD - C:\Program Files (x86)\WISO\Steuersoftware 2013\wauff13.dll ()
MOD - C:\Program Files (x86)\WISO\Steuersoftware 2013\clucene-core.dll ()
MOD - C:\Program Files (x86)\WISO\Steuersoftware 2013\clucene-contribs-lib.dll ()
MOD - C:\Program Files (x86)\WISO\Steuersoftware 2013\clucene-shared.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll ()
MOD - C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll ()
MOD - C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Program Files (x86)\Canon\SELPHY Photo Print\EnoJPEG4.dll ()


[color=#E56717]========== Services (SafeList) ==========[/color]

SRV:[b]64bit:[/b] - (IEEtwCollectorService) -- C:\Windows\SysNative\IEEtwCollector.exe (Microsoft Corporation)
SRV:[b]64bit:[/b] - (CxAudMsg) -- C:\Windows\SysNative\CxAudMsg64.exe (Conexant Systems Inc.)
SRV - (LPTSystemUpdater) -- C:\Program Files (x86)\LPT\srpts.exe ()
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (NisSrv) -- c:\Programme\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV - (MsMpSvc) -- c:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (cphs) -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe (Intel Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (DsiWMIService) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.)
SRV - (GREGService) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe (Acer Incorporated)
SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (EvtEng) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
SRV - (MyWiFiDHCPDNS) -- C:\Programme\Intel\WiFi\bin\PanDhcpDns.exe ()
SRV - (RegSrvc) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
SRV - (NTI IScheduleSvc) -- C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe (NTI Corporation)
SRV - (Live Updater Service) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe (Acer Incorporated)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (ePowerSvc) -- C:\Programme\Acer\Acer PowerSmart Manager\ePowerSvc.exe (Acer Incorporated)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (IconMan_R) -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe (Realsil Microelectronics Inc.)
SRV - (btwdins) -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV - (TurboBoost) -- C:\Programme\Intel\TurboBoost\TurboBoost.exe (Intel(R) Corporation)
SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV - (TGCM_ImportWiFiSvc) -- C:\Program Files (x86)\o2\Mobile Connection Manager\ImpWiFiSvc.exe (Telefónica I+D)
SRV - (RS_Service) -- C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe (Acer Incorporated)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV:[b]64bit:[/b] - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:[b]64bit:[/b] - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:[b]64bit:[/b] - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:[b]64bit:[/b] - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:[b]64bit:[/b] - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:[b]64bit:[/b] - (tap0901) -- C:\Windows\SysNative\drivers\tap0901.sys (The OpenVPN Project)
DRV:[b]64bit:[/b] - (iwdbus) -- C:\Windows\SysNative\drivers\iwdbus.sys (Intel Corporation)
DRV:[b]64bit:[/b] - (intaud_WaveExtensible) -- C:\Windows\SysNative\drivers\intelaud.sys (Intel Corporation)
DRV:[b]64bit:[/b] - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:[b]64bit:[/b] - (NETwNs64) -- C:\Windows\SysNative\drivers\NETwNs64.sys (Intel Corporation)
DRV:[b]64bit:[/b] - (CnxtHdAudService) -- C:\Windows\SysNative\drivers\CHDRT64.sys (Conexant Systems Inc.)
DRV:[b]64bit:[/b] - (NTIDrvr) -- C:\Windows\SysNative\drivers\NTIDrvr.sys (NTI Corporation)
DRV:[b]64bit:[/b] - (UBHelper) -- C:\Windows\SysNative\drivers\UBHelper.sys (NTI Corporation)
DRV:[b]64bit:[/b] - (nvpciflt) -- C:\Windows\SysNative\drivers\nvpciflt.sys (NVIDIA Corporation)
DRV:[b]64bit:[/b] - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation)
DRV:[b]64bit:[/b] - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation)
DRV:[b]64bit:[/b] - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:[b]64bit:[/b] - (RSPCIESTOR) -- C:\Windows\SysNative\drivers\RtsPStor.sys (Realtek Semiconductor Corp.)
DRV:[b]64bit:[/b] - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.)
DRV:[b]64bit:[/b] - (BTWAMPFL) -- C:\Windows\SysNative\drivers\btwampfl.sys (Broadcom Corporation.)
DRV:[b]64bit:[/b] - (TurboB) -- C:\Windows\SysNative\drivers\TurboB.sys (Intel(R) Corporation)
DRV:[b]64bit:[/b] - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:[b]64bit:[/b] - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.)
DRV:[b]64bit:[/b] - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:[b]64bit:[/b] - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV:[b]64bit:[/b] - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.)
DRV:[b]64bit:[/b] - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.)
DRV:[b]64bit:[/b] - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.)
DRV:[b]64bit:[/b] - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:[b]64bit:[/b] - (huawei_enumerator) -- C:\Windows\SysNative\drivers\ew_jubusenum.sys (Huawei Technologies Co., Ltd.)
DRV:[b]64bit:[/b] - (ewusbnet) -- C:\Windows\SysNative\drivers\ewusbnet.sys (Huawei Technologies Co., Ltd.)
DRV:[b]64bit:[/b] - (hwdatacard) -- C:\Windows\SysNative\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV:[b]64bit:[/b] - (ew_hwusbdev) -- C:\Windows\SysNative\drivers\ew_hwusbdev.sys (Huawei Technologies Co., Ltd.)
DRV:[b]64bit:[/b] - (silabser) -- C:\Windows\SysNative\drivers\silabser.sys (Silicon Laboratories)
DRV:[b]64bit:[/b] - (silabenm) -- C:\Windows\SysNative\drivers\silabenm.sys (Silicon Laboratories, Inc.)
DRV:[b]64bit:[/b] - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:[b]64bit:[/b] - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:[b]64bit:[/b] - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:[b]64bit:[/b] - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:[b]64bit:[/b] - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:[b]64bit:[/b] - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:[b]64bit:[/b] - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:[b]64bit:[/b] - (ElRawDisk) -- C:\Windows\SysNative\drivers\rsdrvx64.sys (EldoS Corporation)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=169&systemid=406&sr=0&q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.helperbar.com/?p=mKO_AwFzXIpYRbQlzfY2uPTYeQjAjEDkq4w6O7BEwWot70sldsFqghGWL_tj4X0NxUoFAfOSClvKSxrUeGP-aFXxTTD_N7ok41SyLAkAKADSGHHThOXst_EWvGzUVe7N42jFrWixQ4R2-zsIMPh9-VRdUsuGO4urdxf7SN6h2oxWYXuJxDZZioSWizkKcg,,&q={searchTerms}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://feed.helperbar.com/?p=mKO_AwFzXIpYRbQlzfY2uPTYeQjAjEDkq4w6O7BEwWot70sldtD_aU1rclKr7tSZEdvXd9r2BBO4KZL0W3j7vdYuE3W6Ulp993fvl6-Dv0io0Xl74S3R0MBGZoz-tYzwv_nKhjd2x4sprV2F-ZYq3Y1yeh-J5Y6mGgY4ZzIoOU3jAQBsFtE1klv7Nv2I9g,,&q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://feed.helperbar.com/?p=mKO_AwFzXIpYRbQlzfY2uPTYeQjAjEDkq4w6O7BEwWot70sldtD_aU1rclKr7tSZEdvXd9r2BBO4KZL0W3j7vdYuE3W6Ulp993fvl6-Dv0io0Xl74S3R0MBGZoz-tYzwv_nKhjd2x4sprV2F-ZYq3Y1yeh-J5Y6mGgY4ZzIoOU3jAQBsFtE1klv7Nv2I9g,,&q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.helperbar.com/?p=mKO_AwFzXIpYRbQlzfY2uPTYeQjAjEDkq4w6O7BEwWot70sldtD_aU1rclKr7tSZEdvXd9r2BBO4KZL0W3j7vdYuE3W6Ulp993fvl6-Dv0io0Xl74S3R0MBGZoz-tYzwv_nKhjd2x4sprV2F-ZYq3Y1yeh-J5Y6mGgY4ZzIoOU3jAQBsFtE1klv7Nv2I9g,,&q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.helperbar.com/?p=mKO_AwFzXIpYRbQlzfY2uPTYeQjAjEDkq4w6O7BEwWot70sldtD_aU1rclKr7tSZEdvXd9r2BBO4KZL0W3j7vdYuE3W6Ulp993fvl6-Dv0io0Xl74S3R0MBGZoz-tYzwv_nKhjd2x4sprV2F-ZYq3Y1yeh-J5Y6mGgY4ZzIoOU3jAQBsFtE1klv7Nv2I9g,,&q={searchTerms}
IE - HKCU\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKCU\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.helperbar.com/?p=mKO_AwFzXIpYRbQlzfY2uPTYeQjAjEDkq4w6O7BEwWot70sldtD_aU1rclKr7tSZEdvXd9r2BBO4KZL0W3j7vdYuE3W6Ulp993fvl6-Dv0io0Xl74S3R0MBGZoz-tYzwv_nKhjd2x4sprV2F-ZYq3Y1yeh-J5Y6mGgY4ZzIoOU3jAQBsFtE1klv7Nv2I9g,,&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.search.defaultenginename: "Web Search"
FF - prefs.js..browser.search.selectedEngine: "Web Search"
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledAddons: 13c471d9-6cbb-4c08-9dd1-8dc16c66bb1f%40cf5065af-ca24-464a-a637-af7582a82514.com:0.93.9
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:27.0.1
FF - prefs.js..keyword.URL: "http://feed.helperbar.com/?p=mKO_AwFzXIpYRbQlzfY2uPTYeQjAjEDkq4w6O7BEwWot70sldtD_aU1rclKr7tSZEdvXd9r2BBO4KZL0W3j7vdYuE3W6Ulp993fvl6-Dv0io0Xl74S3R0MBGZoz-tYzwv_nKhjd2x4sprV2F-ZYq3Y1yeh-J5Y6mGgY4ZzIoOU3jAQBsFtE1klv7Nv2I9g,,&q="
FF - user.js - File not found

FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_70.dll File not found
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2012.03.03 04:49:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Fiza\AppData\Roaming\mozilla\Extensions
[2014.02.27 22:12:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Fiza\AppData\Roaming\mozilla\Firefox\Profiles\x91fm6qq.default\extensions
[2014.02.27 22:06:00 | 000,000,000 | ---D | M] (Coupon Server) -- C:\Users\Fiza\AppData\Roaming\mozilla\Firefox\Profiles\x91fm6qq.default\extensions\{3C2422B0-C421-8DCF-B2EB-70B9B2B71607}
[2014.02.27 22:12:59 | 000,000,000 | ---D | M] ("HQ-Video-Profession-1.3") -- C:\Users\Fiza\AppData\Roaming\mozilla\Firefox\Profiles\x91fm6qq.default\extensions\13c471d9-6cbb-4c08-9dd1-8dc16c66bb1f@cf5065af-ca24-464a-a637-af7582a82514.com
[2014.03.07 12:03:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Fiza\AppData\Roaming\mozilla\Firefox\Profiles\x91fm6qq.default\extensions\13c471d9-6cbb-4c08-9dd1-8dc16c66bb1f@cf5065af-ca24-464a-a637-af7582a82514.com\extensionData
[2014.03.07 12:03:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Fiza\AppData\Roaming\mozilla\Firefox\Profiles\x91fm6qq.default\extensions\13c471d9-6cbb-4c08-9dd1-8dc16c66bb1f@cf5065af-ca24-464a-a637-af7582a82514.com\extensionData\plugins
[2014.03.07 12:03:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Fiza\AppData\Roaming\mozilla\Firefox\Profiles\x91fm6qq.default\extensions\13c471d9-6cbb-4c08-9dd1-8dc16c66bb1f@cf5065af-ca24-464a-a637-af7582a82514.com\extensionData\userCode
[2014.02.16 20:59:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014.02.16 20:59:52 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:[b]64bit:[/b] - BHO: (HQ-Video-Profession-1.3) - {11111111-1111-1111-1111-110511151178} - C:\Program Files (x86)\HQ-Video-Profession-1.3\HQ-Video-Profession-1.3-bho64.dll (HQ-Video)
O2:[b]64bit:[/b] - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:[b]64bit:[/b] - BHO: (Coupon Server BHO) - {F791D8AE-47E8-40A5-A913-EB2D2AF29602} - C:\Program Files (x86)\Coupon Server\FrameworkBHO64.dll ()
O2 - BHO: (HQ-Video-Profession-1.3) - {11111111-1111-1111-1111-110511151178} - C:\Program Files (x86)\HQ-Video-Profession-1.3\HQ-Video-Profession-1.3-bho.dll (HQ-Video)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Coupon Server BHO) - {F791D8AE-47E8-40A5-A913-EB2D2AF29602} - C:\Program Files (x86)\Coupon Server\FrameworkBHO.dll ()
O3:[b]64bit:[/b] - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3:[b]64bit:[/b] - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:[b]64bit:[/b] - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [IntelPAN] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" File not found
O4:[b]64bit:[/b] - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [Power Management] C:\Programme\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe (Acer Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ArcadeMovieService] C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (NTI Corporation)
O4 - HKLM..\Run: [BService] C:\Program Files (x86)\Bench\BService\bservice.exe ()
O4 - HKLM..\Run: [Dolby Home Theater v4] C:\Dolby PCEE4\pcee4.exe (Dolby Laboratories Inc.)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [mobilegeni daemon] C:\Program Files (x86)\Mobogenie\DaemonProcess.exe File not found
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [Wd] C:\Program Files (x86)\Bench\Wd\wd.exe ()
O4 - HKCU..\Run: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung)
O4 - HKCU..\Run: [Browser Infrastructure Helper] C:\Users\Fiza\AppData\Local\Smartbar\Application\Muvic.exe (Smartbar)
O4 - HKCU..\Run: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup File not found
O4 - HKCU..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung)
O4 - HKCU..\Run: [NextLive] C:\Users\Fiza\AppData\Roaming\newnext.me\nengine.dll (NewNextDotMe)
O4 - HKCU..\Run: [Wondershare Helper Compact.exe] "C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelperSetup.exe" File not found
O4 - HKLM..\RunOnce: [Coupon Server-repairJob] C:\Users\Fiza\AppData\Local\Coupon Server\repair.js  ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:[b]64bit:[/b] - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:[b]64bit:[/b] - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:[b]64bit:[/b] - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:[b]64bit:[/b] - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13[b]64bit:[/b] - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: apemap.com ([]http in Trusted sites)
O16 - DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} http://kitchenplanner.ikea.com/DE/Core/Player/2020PlayerAX_IKEA_Win32.cab (20-20 3D Viewer for IKEA)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8A723335-375D-4346-AADA-42FCB50A289E}: DhcpNameServer = 192.168.1.1
O18:[b]64bit:[/b] - Protocol\Handler\livecall - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\msnim - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\skype4com - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\wlmailhtml - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:[b]64bit:[/b] - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (c:\windows\syswow64\nvinit.dll) - c:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{46f2e0c9-572e-11e1-af1f-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{46f2e0c9-572e-11e1-af1f-806e6f6e6963}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{46f2e0fd-572e-11e1-af1f-081196146620}\Shell - "" = AutoRun
O33 - MountPoints2\{46f2e0fd-572e-11e1-af1f-081196146620}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{46f2e115-572e-11e1-af1f-081196146620}\Shell - "" = AutoRun
O33 - MountPoints2\{46f2e115-572e-11e1-af1f-081196146620}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{a9d325e9-685d-11e1-b22d-b870f4ed025e}\Shell - "" = AutoRun
O33 - MountPoints2\{a9d325e9-685d-11e1-b22d-b870f4ed025e}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %*
O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2014.03.08 11:15:14 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Fiza\Desktop\OTL.exe
[2014.03.03 19:56:21 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\CrashDump
[2014.03.03 19:50:39 | 000,000,000 | ---D | C] -- C:\Windows\LastGood
[2014.02.28 18:20:47 | 000,000,000 | ---D | C] -- C:\Windows\Migration
[2014.02.27 22:32:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Silabs
[2014.02.27 22:31:37 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Silabs
[2014.02.27 22:31:31 | 000,072,192 | ---- | C] (Silicon Laboratories) -- C:\Windows\SysNative\drivers\silabser.sys
[2014.02.27 22:31:30 | 000,052,224 | ---- | C] (Silicon Laboratories, Inc.) -- C:\Windows\SysNative\drivers\silabenm.sys
[2014.02.27 22:31:29 | 000,000,000 | ---D | C] -- C:\SiLabs
[2014.02.27 22:10:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Uninstaller
[2014.02.27 22:10:32 | 000,000,000 | ---D | C] -- C:\Users\Fiza\AppData\Roaming\WinRAR
[2014.02.27 22:10:30 | 000,000,000 | ---D | C] -- C:\Users\Fiza\AppData\Local\SwvUpdater
[2014.02.27 22:10:25 | 000,000,000 | ---D | C] -- C:\Users\Fiza\AppData\Local\cache
[2014.02.27 22:10:24 | 000,000,000 | ---D | C] -- C:\Users\Fiza\AppData\Roaming\newnext.me
[2014.02.27 22:10:24 | 000,000,000 | ---D | C] -- C:\Users\Fiza\Documents\Mobogenie
[2014.02.27 22:10:24 | 000,000,000 | ---D | C] -- C:\Users\Fiza\AppData\Local\Mobogenie
[2014.02.27 22:10:24 | 000,000,000 | ---D | C] -- C:\Users\Fiza\AppData\Local\genienext
[2014.02.27 22:08:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2014.02.27 22:08:21 | 000,000,000 | ---D | C] -- C:\Users\Fiza\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2014.02.27 22:08:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinRAR
[2014.02.27 22:08:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HQ-Video-Profession-1.3
[2014.02.27 22:06:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LPT
[2014.02.27 22:06:51 | 000,000,000 | ---D | C] -- C:\Users\Fiza\Documents\Optimizer Pro
[2014.02.27 22:06:04 | 000,000,000 | ---D | C] -- C:\Users\Fiza\AppData\Local\BenchUpdater
[2014.02.27 22:06:03 | 000,000,000 | ---D | C] -- C:\Users\Fiza\AppData\Local\LPT
[2014.02.27 22:06:01 | 000,000,000 | ---D | C] -- C:\Users\Fiza\AppData\Local\Smartbar
[2014.02.27 22:06:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Coupon Server
[2014.02.27 22:05:55 | 000,000,000 | ---D | C] -- C:\Users\Fiza\AppData\Local\Coupon Server
[2014.02.27 22:05:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bench
[2014.02.27 20:38:44 | 000,000,000 | ---D | C] -- C:\Users\Fiza\AppData\Local\ExpressVPN
[2014.02.27 20:38:26 | 000,000,000 | ---D | C] -- C:\Users\Fiza\AppData\Roaming\ExpressVPN
[2014.02.27 20:38:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ExpressVPN
[2014.02.27 20:38:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ExpressVPN
[2014.02.27 20:23:19 | 000,000,000 | ---D | C] -- C:\Users\Fiza\Desktop\Receiver
[2014.02.26 21:50:59 | 000,000,000 | ---D | C] -- C:\Users\Fiza\Desktop\Router
[2014.02.26 21:38:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Linksys
[2014.02.26 21:24:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Linksys
[2014.02.16 20:59:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2014.02.13 17:35:27 | 000,000,000 | ---D | C] -- C:\Users\Fiza\Documents\Fotobuch-Dateien
[2014.02.13 17:18:02 | 003,495,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_33.dll
[2014.02.13 17:17:05 | 000,000,000 | ---D | C] -- C:\Users\Fiza\AppData\Local\posterXXL Designer
[2014.02.13 17:16:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\posterXXL Designer
[2014.02.13 17:16:00 | 000,000,000 | ---D | C] -- C:\ProgramData\posterXXL Designer
[2014.02.13 17:15:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\posterXXL Designer
[2014.02.13 15:51:35 | 000,548,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2014.02.13 15:50:21 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2014.02.13 15:50:21 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2014.02.13 15:50:21 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2014.02.13 15:50:20 | 000,574,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2014.02.13 15:50:17 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2014.02.13 15:50:17 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2014.02.13 15:50:17 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2014.02.13 15:50:15 | 000,627,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2014.02.13 15:50:14 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2014.02.13 15:50:13 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2014.02.13 15:50:13 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2014.02.13 15:50:13 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2014.02.13 15:50:13 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2014.02.13 15:50:13 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2014.02.13 15:50:13 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2014.02.13 15:50:13 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2014.02.13 15:50:12 | 000,708,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2014.02.13 15:50:12 | 000,553,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2014.02.13 15:50:11 | 000,817,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2014.02.13 15:50:11 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2014.02.13 15:50:07 | 001,964,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2014.02.13 15:50:04 | 002,041,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2014.02.13 15:49:57 | 005,768,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2014.02.12 15:44:28 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll
[2014.02.12 15:44:27 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll
[2014.02.12 15:44:22 | 000,658,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_isv.exe
[2014.02.12 15:44:22 | 000,626,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate.exe
[2014.02.12 15:44:22 | 000,594,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_isv.exe
[2014.02.12 15:44:22 | 000,572,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate.exe
[2014.02.12 15:44:22 | 000,552,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp_isv.exe
[2014.02.12 15:44:22 | 000,508,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp_isv.exe
[2014.02.12 15:44:21 | 000,553,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp.exe
[2014.02.12 15:44:21 | 000,510,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp.exe
[2014.02.12 15:44:20 | 000,485,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_isv.dll
[2014.02.12 15:44:20 | 000,423,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_isv.dll
[2014.02.12 15:44:19 | 000,528,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdrm.dll
[2014.02.12 15:44:19 | 000,488,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc.dll
[2014.02.12 15:44:18 | 000,428,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc.dll
[2014.02.12 15:44:18 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp_isv.dll
[2014.02.12 15:44:18 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp.dll
[2014.02.12 15:44:18 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp_isv.dll
[2014.02.12 15:44:18 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp.dll
[2014.02.12 15:44:13 | 003,928,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2014.02.12 15:44:13 | 002,565,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2014.02.08 21:34:13 | 000,000,000 | ---D | C] -- C:\Users\Fiza\AppData\Local\{2A38BD38-9324-4BF0-AD01-1287B69076F8}
[2014.02.08 08:32:13 | 000,000,000 | ---D | C] -- C:\Users\Fiza\AppData\Local\{3CD3206A-AD34-4345-895E-E662AE75CC68}

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2014.03.08 11:15:15 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Fiza\Desktop\OTL.exe
[2014.03.08 11:07:09 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014.03.08 11:07:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014.03.08 10:13:04 | 000,002,660 | ---- | M] () -- C:\Windows\tasks\HQ-Video-Profession-1.3-firefoxinstaller.job
[2014.03.08 10:09:00 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\bench-S-1-5-21-1527579594-2446364192-1317730462-1001.job
[2014.03.08 10:08:11 | 000,001,578 | ---- | M] () -- C:\Windows\tasks\HQ-Video-Profession-1.3-updater.job
[2014.03.08 10:08:04 | 000,003,138 | ---- | M] () -- C:\Windows\tasks\HQ-Video-Profession-1.3-chromeinstaller.job
[2014.03.08 10:08:01 | 000,001,432 | ---- | M] () -- C:\Windows\tasks\HQ-Video-Profession-1.3-enabler.job
[2014.03.08 10:08:00 | 000,001,534 | ---- | M] () -- C:\Windows\tasks\HQ-Video-Profession-1.3-codedownloader.job
[2014.03.08 09:39:01 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\AmiUpdXp.job
[2014.03.08 09:11:39 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\bench-sys.job
[2014.03.05 19:00:43 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014.03.05 19:00:43 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014.03.04 21:01:27 | 000,000,193 | ---- | M] () -- C:\Windows\WORDPAD.INI
[2014.03.04 18:51:03 | 001,594,964 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2014.03.04 18:51:03 | 000,699,682 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2014.03.04 18:51:03 | 000,654,480 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014.03.04 18:51:03 | 000,149,790 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2014.03.04 18:51:03 | 000,122,352 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014.03.04 18:50:50 | 001,594,964 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014.03.03 20:13:40 | 000,001,970 | ---- | M] () -- C:\Users\Public\Desktop\Samsung Kies (Lite).lnk
[2014.03.01 12:50:13 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl
[2014.03.01 12:49:53 | 3104,722,944 | -HS- | M] () -- C:\hiberfil.sys
[2014.02.28 00:15:00 | 000,000,306 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2014.02.27 22:53:38 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_silabser_01009.Wdf
[2014.02.27 22:02:34 | 000,320,504 | ---- | M] () -- C:\Users\Fiza\Documents\winrar.exe
[2014.02.27 20:38:16 | 000,001,089 | ---- | M] () -- C:\Users\Public\Desktop\ExpressVPN.lnk
[2014.02.13 18:19:53 | 000,073,717 | ---- | M] () -- C:\Users\Fiza\Documents\Fotobuch.pbf
[2014.02.13 17:16:31 | 000,001,033 | ---- | M] () -- C:\Users\Public\Desktop\posterXXL Designer.lnk
[2014.02.06 12:30:12 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2014.02.06 12:07:39 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2014.02.06 12:06:47 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2014.02.06 11:56:03 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2014.02.06 11:52:11 | 000,574,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2014.02.06 11:49:03 | 000,139,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2014.02.06 11:48:45 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2014.02.06 11:48:11 | 000,708,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2014.02.06 11:32:49 | 000,218,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2014.03.04 21:01:27 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2014.02.27 22:53:38 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_silabser_01009.Wdf
[2014.02.27 22:10:30 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\AmiUpdXp.job
[2014.02.27 22:08:20 | 000,001,578 | ---- | C] () -- C:\Windows\tasks\HQ-Video-Profession-1.3-updater.job
[2014.02.27 22:08:18 | 000,001,432 | ---- | C] () -- C:\Windows\tasks\HQ-Video-Profession-1.3-enabler.job
[2014.02.27 22:08:16 | 000,001,534 | ---- | C] () -- C:\Windows\tasks\HQ-Video-Profession-1.3-codedownloader.job
[2014.02.27 22:08:08 | 000,002,660 | ---- | C] () -- C:\Windows\tasks\HQ-Video-Profession-1.3-firefoxinstaller.job
[2014.02.27 22:08:05 | 000,003,138 | ---- | C] () -- C:\Windows\tasks\HQ-Video-Profession-1.3-chromeinstaller.job
[2014.02.27 22:05:56 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\bench-sys.job
[2014.02.27 22:05:56 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\bench-S-1-5-21-1527579594-2446364192-1317730462-1001.job
[2014.02.27 22:05:51 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2014.02.27 22:02:34 | 000,320,504 | ---- | C] () -- C:\Users\Fiza\Documents\winrar.exe
[2014.02.27 20:38:16 | 000,001,089 | ---- | C] () -- C:\Users\Public\Desktop\ExpressVPN.lnk
[2014.02.26 21:38:51 | 000,002,119 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Linksys Connect.lnk
[2014.02.13 17:35:27 | 000,073,717 | ---- | C] () -- C:\Users\Fiza\Documents\Fotobuch.pbf
[2014.02.13 17:16:31 | 000,001,033 | ---- | C] () -- C:\Users\Public\Desktop\posterXXL Designer.lnk
[2013.11.01 18:56:34 | 000,000,631 | ---- | C] () -- C:\Users\Fiza\.swfinfo
[2013.05.20 11:50:55 | 000,000,702 | ---- | C] () -- C:\Windows\wiso.ini
[2013.03.09 12:22:05 | 000,000,600 | ---- | C] () -- C:\Users\Fiza\PUTTY.RND
[2013.02.05 17:52:54 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2013.02.05 17:52:50 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2013.02.05 17:52:50 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2013.02.05 17:52:50 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2013.02.05 17:52:50 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2012.12.10 15:34:37 | 000,000,010 | ---- | C] () -- C:\Windows\WININIT.INI
[2012.04.29 11:09:58 | 001,594,964 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.03.19 22:31:16 | 000,963,912 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2012.03.19 22:31:16 | 000,261,208 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2012.03.19 22:25:58 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012.03.19 21:21:14 | 013,212,672 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll

[color=#E56717]========== ZeroAccess Check ==========[/color]

[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.07.26 03:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.07.26 02:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

[color=#E56717]========== LOP Check ==========[/color]

[2013.05.20 11:50:32 | 000,000,000 | ---D | M] -- C:\Users\Fiza\AppData\Roaming\Buhl Data Service
[2013.03.19 19:30:43 | 000,000,000 | ---D | M] -- C:\Users\Fiza\AppData\Roaming\Canon
[2014.02.27 20:39:16 | 000,000,000 | ---D | M] -- C:\Users\Fiza\AppData\Roaming\ExpressVPN
[2014.03.01 12:50:56 | 000,000,000 | ---D | M] -- C:\Users\Fiza\AppData\Roaming\newnext.me
[2011.12.24 09:39:00 | 000,000,000 | ---D | M] -- C:\Users\Fiza\AppData\Roaming\PowerCinema
[2013.04.14 08:05:17 | 000,000,000 | ---D | M] -- C:\Users\Fiza\AppData\Roaming\Samsung
[2012.02.14 18:09:03 | 000,000,000 | ---D | M] -- C:\Users\Fiza\AppData\Roaming\Telefónica
[2012.08.30 09:50:49 | 000,000,000 | ---D | M] -- C:\Users\Fiza\AppData\Roaming\Windows Live Writer
[2013.10.19 07:37:16 | 000,000,000 | ---D | M] -- C:\Users\Fiza\AppData\Roaming\Wondershare
[2013.11.17 00:59:13 | 000,000,000 | ---D | M] -- C:\Users\Fiza\AppData\Roaming\XBMC

[color=#E56717]========== Purity Check ==========[/color]



< End of report >


Extra.txt File:

Code

 OTL Extras logfile created on: 08.03.2014 11:17:23 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Fiza\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16518)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,86 Gb Total Physical Memory | 1,80 Gb Available Physical Memory | 46,80% Memory free
12,70 Gb Paging File | 1,51 Gb Available in Paging File | 11,89% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 680,54 Gb Total Space | 594,21 Gb Free Space | 87,31% Space Free | Partition Type: NTFS

Computer Name: FIZA-PC | User Name: Fiza | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]


[color=#E56717]========== File Associations ==========[/color]

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[color=#E56717]========== Shell Spawning ==========[/color]

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

[color=#E56717]========== Security Center Settings ==========[/color]

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

[color=#E56717]========== Firewall Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[color=#E56717]========== Authorized Applications List ==========[/color]


[color=#E56717]========== Vista Active Open Ports Exception List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0BAC2830-6FBD-474A-A4CC-6184C160064D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{0C148300-FEB3-4A9B-B9F8-3173C2A9B584}" = rport=139 | protocol=6 | dir=out | app=system |
"{0EC91A47-34FF-4B16-BA8C-914D76CF8D1F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{0F820634-B79C-4B07-B673-30DE67368BA0}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{181093A5-A7EE-4F55-ACD6-5E82CF48172F}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1EB77936-31C9-4AB2-9C65-7B6BFEF950E4}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{23296FBF-8C45-4DE7-82C3-ED1C484D7D00}" = lport=138 | protocol=17 | dir=in | app=system |
"{2591FA92-80B5-43F6-8BDD-58494D440C9F}" = lport=10243 | protocol=6 | dir=in | app=system |
"{4331B9B1-A34C-4B8F-9C20-B0355B205121}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4F41F924-E857-4F17-B6A1-CB47B6B97C4B}" = rport=137 | protocol=17 | dir=out | app=system |
"{54710001-871B-4F81-8F2E-F9208343C3EC}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6625C19F-2AA4-4284-B823-2F473FA99A57}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{75466884-9E3B-4CA9-AEAE-9D95A969314B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{76ADD5F5-2C45-4435-A873-06451E5541D8}" = rport=10243 | protocol=6 | dir=out | app=system |
"{8AC52BE1-4D35-4A08-ABE5-8D883EB2EC6D}" = lport=2869 | protocol=6 | dir=in | app=system |
"{8BC76365-D124-44B1-B780-AE85E30797A7}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{9550F8F7-2909-4D33-94EC-8F5FECB43464}" = rport=138 | protocol=17 | dir=out | app=system |
"{96E79651-7FC3-4D2F-B334-12AFA229EF8D}" = rport=445 | protocol=6 | dir=out | app=system |
"{9992123F-838A-4C42-A961-1CFA64FF64EF}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A2857424-1163-430C-ADB6-9E6F064F003E}" = lport=445 | protocol=6 | dir=in | app=system |
"{C878ECAC-162B-4D26-A99F-9BD3924DA5D8}" = lport=137 | protocol=17 | dir=in | app=system |
"{D67BDE13-4104-4018-8219-F0958B3CCEC4}" = lport=139 | protocol=6 | dir=in | app=system |
"{DFBA5D1F-365E-452D-AAF8-8EA0A0E16603}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{EA540EB2-56BB-4455-ABFF-2A9E3F5AAD7A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{FCF87259-8FB5-41CD-A0C4-DB81770DD0A9}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

[color=#E56717]========== Vista Active Application Exception List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03EE92E0-6133-4EC3-A28A-DA6C63193B31}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{03F66FFB-8654-4C5A-8DC6-DAD4F72C7C2D}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{14121EE5-9995-4E05-812C-D93666EB6887}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2B23C519-5956-4148-8A30-B1854740F501}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\kernel\dmr\dmrengine.exe |
"{2D6E6307-3064-48F3-9F14-D8C81D93CEB5}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe |
"{38389113-AB59-436A-9CEA-408DA0EDFCB3}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{3DF88F81-2A93-451E-95C4-BAFF6E5CBCDF}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{40A74267-F04F-4417-9FD0-13C0CFD19E5A}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{45324651-BF80-4FBC-A3A3-2550C2648032}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{46D85D03-9418-475A-8A14-45FD45B16BBF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{54378BA5-93F7-4F3F-A429-82B7B53F4571}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\clear.fi.exe |
"{5E3EB51E-AE66-4B62-B2C9-7163EDF14AD3}" = protocol=6 | dir=out | app=system |
"{5F65AD97-EA67-4EB1-BB85-30B5D8ED534D}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{6006B635-34AF-4229-9930-B635FF1A3126}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{600E4C49-CF84-4DB0-AA90-4FC4E7CBEFDD}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{65A49373-8538-4D0C-BFE5-C5038D44D8A4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{68632AAB-7A28-4591-9A0F-3C07B743EC59}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6870F30D-927C-4FD2-8C3E-D1D1A8A5AA3C}" = dir=in | app=c:\program files (x86)\acer\acer vcm\rs_service.exe |
"{756257C6-998A-4D38-A008-28926D953232}" = dir=in | app=c:\program files (x86)\acer\clear.fi\movie\touchmovie.exe |
"{767C2000-F63F-49C7-BEB2-A7E6D2306957}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\clear.fiagent.exe |
"{7A4920A0-3C84-4610-8332-48D01F99AAD2}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\kernel\dmr\dmrengine.exe |
"{859B39CE-85A5-47CD-9259-41502F284AFD}" = dir=in | app=c:\program files (x86)\intel corporation\intel widi\widiapp.exe |
"{8787DDBD-15DD-42D7-9478-5A1931CBC483}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{87F8413B-0BFC-43D2-AC13-1DD900378B62}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\kernel\clml\clmlsvc.exe |
"{A1B03DF8-E682-47AF-AF18-06DE9725C972}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{A1BF74EB-CD60-4D9E-ADDD-4DE90E5B46ED}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{A3742F2B-5533-4466-9B1A-64294FB36445}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{A382FFEA-067F-46E9-A580-1228314FD4B6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{A55F4EFA-5978-4F55-A61B-6960F654F3B4}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{ABA21539-BE26-437D-8F04-506147368092}" = protocol=17 | dir=in | app=c:\program files (x86)\windows ilivid toolbar\datamngr\toolbar\dtuser.exe |
"{AE101829-37A4-4A01-90D9-212D0AAADE79}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{B1D30760-2E68-4AFE-834A-AD4ABDE3E549}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{BC731BC6-9729-4AE8-98D0-C97A1E50E4D2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{BD1B2ADA-6780-4E98-BA93-BE30FAAF6C8C}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{C3444715-3100-4184-BFFA-45AB878522F6}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{C41B750B-F118-4771-B7F1-BE6339910AEE}" = protocol=6 | dir=in | app=c:\program files (x86)\windows ilivid toolbar\datamngr\toolbar\dtuser.exe |
"{C4898FAC-B55E-4406-8CDE-DD0FCB66676C}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{CB912F2E-48C9-497B-94E7-266141490571}" = dir=in | app=c:\program files (x86)\acer\clear.fi\movie\touchmovieservice.exe |
"{E11DEF49-E924-41E9-BA52-6C206F778A1B}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{E7BB79BE-3224-4C3D-B7D8-B3E2431275B8}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{E88913EB-366B-4415-A373-5913E744CE18}" = dir=in | app=c:\program files (x86)\acer\acer vcm\vc.exe |
"{E9432CD3-C281-4968-BCFB-A41378807C47}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\kernel\dmr\dmrengine.exe |
"{EA10F544-E00F-4EFD-A993-1A726DBDA727}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{113CB38A-C2D6-4FD9-A117-0FB5D55887FE}C:\users\fiza\desktop\u1301.exe" = protocol=6 | dir=in | app=c:\users\fiza\desktop\u1301.exe |
"TCP Query User{2C506679-F093-4D01-AF5D-A9A19223B971}C:\users\fiza\appdata\local\temp\temp1_u.zip\u1210.exe" = protocol=6 | dir=in | app=c:\users\fiza\appdata\local\temp\temp1_u.zip\u1210.exe |
"TCP Query User{652CC1FE-DEC9-4579-9B57-E7AEDB595479}C:\users\fiza\desktop\receiver\dcc_e2.exe" = protocol=6 | dir=in | app=c:\users\fiza\desktop\receiver\dcc_e2.exe |
"TCP Query User{92A90D64-72F2-4185-858D-5378BD6E26D1}C:\program files (x86)\xbmc\xbmc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\xbmc\xbmc.exe |
"TCP Query User{962A81F4-1E6B-4842-9815-BBEC1E7E75A4}C:\users\fiza\desktop\u1210.exe" = protocol=6 | dir=in | app=c:\users\fiza\desktop\u1210.exe |
"TCP Query User{EF705E8F-DAC5-443F-8E54-5081FB2E6DE9}C:\users\fiza\desktop\u1301.exe" = protocol=6 | dir=in | app=c:\users\fiza\desktop\u1301.exe |
"UDP Query User{0E698CB3-2405-46E8-98BF-02FF3ED76B99}C:\users\fiza\desktop\u1301.exe" = protocol=17 | dir=in | app=c:\users\fiza\desktop\u1301.exe |
"UDP Query User{5E3CB784-7538-446C-9BE4-DA7A44D1DFB1}C:\program files (x86)\xbmc\xbmc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\xbmc\xbmc.exe |
"UDP Query User{62838829-53D8-43E9-8E0F-B2DE7161A35E}C:\users\fiza\desktop\u1210.exe" = protocol=17 | dir=in | app=c:\users\fiza\desktop\u1210.exe |
"UDP Query User{644DD244-7DC7-4562-B7E5-937ABDC8E92C}C:\users\fiza\desktop\u1301.exe" = protocol=17 | dir=in | app=c:\users\fiza\desktop\u1301.exe |
"UDP Query User{87F798DB-DC97-47E2-98CC-9F0756BF797F}C:\users\fiza\desktop\receiver\dcc_e2.exe" = protocol=17 | dir=in | app=c:\users\fiza\desktop\receiver\dcc_e2.exe |
"UDP Query User{B7803934-DB13-4D0C-A0E4-4D0D61E32544}C:\users\fiza\appdata\local\temp\temp1_u.zip\u1210.exe" = protocol=17 | dir=in | app=c:\users\fiza\appdata\local\temp\temp1_u.zip\u1210.exe |

[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0919C44F-F18A-4E3B-A737-03685272CE72}" = Windows Live Remote Service Resources
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP140_series" = Canon MP140 series
"{1553D712-B35F-4A82-BC72-D6B11A94BE3E}" = Windows Live Remote Service Resources
"{1685AE50-97ED-485B-80F6-145071EE14B0}" = Windows Live Remote Service Resources
"{17A4FD95-A507-43F1-BC92-D8572AF8340A}" = Windows Live Remote Service Resources
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{19F09425-3C20-4730-9E2A-FC2E17C9F362}" = Windows Live Remote Service Resources
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{1EB2CFC3-E1C5-4FC4-B1F8-549DD6242C67}" = Windows Live Remote Service Resources
"{22AB5CFD-B3DB-414E-9F99-4D024CCF1DA6}" = Windows Live Remote Client Resources
"{2426E29F-9E8C-4C0B-97FC-0DB690C1ED98}" = Windows Live Remote Client Resources
"{28EF7372-9087-4AC3-9B9F-D9751FCDF830}" = Intel(R) Wireless Display
"{2C1A6191-9804-4FDC-AB01-6F9183C91A13}" = Windows Live Remote Client Resources
"{2F304EF4-0C31-47F4-8557-0641AAE4197C}" = Windows Live Remote Client Resources
"{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support
"{34384A2A-2CA2-4446-AB0E-1F360BA2AAC5}" = Windows Live Remote Service Resources
"{350FD0E7-175A-4F86-84EF-05B77FCD7161}" = Windows Live Remote Service Resources
"{3921492E-82D2-4180-8124-E347AD2F2DB4}" = Windows Live Remote Client Resources
"{3BF6B4CF-E6A1-45B3-9BC5-67213D146CB6}_is1" = Remo Recover for Android
"{3C41721F-AF0F-4086-AA1C-4C7F29076228}" = Intel(R) PROSet/Wireless WiFi-Software
"{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = WIDCOMM Bluetooth Software
"{456FB9B5-AFBC-4761-BBDC-BA6BAFBB818F}" = Windows Live Remote Client Resources
"{480F28F0-8BCE-404A-A52E-0DBB7D1CE2EF}" = Windows Live Remote Service Resources
"{4C2E49C0-9276-4324-841D-774CCCE5DB48}" = Windows Live Remote Client Resources
"{5141AA6E-5FAC-4473-BFFB-BEE69DDC7F2B}" = Windows Live Remote Service Resources
"{5151E2DB-0748-4FD1-86A2-72E2F94F8BE7}" = Windows Live Remote Service Resources
"{57F2BD1C-14A3-4785-8E48-2075B96EB2DF}" = Windows Live Remote Service Resources
"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
"{5F44A3A1-5D24-4708-8776-66B42B174C64}" = Windows Live Remote Client Resources
"{5FCD6EFE-C2E7-4D77-8212-4BA223D8DF8E}" = Windows Live Remote Client Resources
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{5FEAD3E5-A158-4B66-B92B-0C959D7CF838}" = Windows Live Remote Service Resources
"{61407251-7F7D-4303-810D-226A04D5CFF3}" = Windows Live Remote Service Resources
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{692CCE55-9EAE-4F57-A834-092882E7FE0B}" = Windows Live Remote Client Resources
"{6C9D3F1D-DBBE-46F9-96A0-726CC72935AF}" = Windows Live Remote Service Resources
"{6CBFDC3C-CF21-4C02-A6DC-A5A2707FAF55}" = Windows Live Remote Service Resources
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{702A632F-99CE-4E2D-B8F2-BF980E9CF62F}" = Windows Live Remote Client Resources
"{76FF0F03-B707-4332-B5D1-A56C8303514E}" = iTunes
"{7AEC844D-448A-455E-A34E-E1032196BBCD}" = Windows Live Remote Service Resources
"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{825C7D3F-D0B3-49D5-A42B-CBB0FBE85E99}" = Windows Live Remote Client Resources
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{850B8072-2EA7-4EDC-B930-7FE569495E76}" = Windows Live Remote Client Resources
"{8970AE69-40BE-4058-9916-0ACB1B974A3D}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8EB588BD-D398-40D0-ADF7-BE1CEEF7C116}" = Windows Live Remote Client Resources
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031" = Microsoft .NET Framework 4.5.1 (Deutsch)
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97A295A7-8840-4B35-BB61-27A8F4512CA3}" = Windows Live Remote Service Resources
"{9E9C960F-7F47-46D5-A95D-950B354DE2B8}" = Windows Live Remote Service Resources
"{A060182D-CDBE-4AD6-B9B4-860B435D6CBD}" = Windows Live Remote Client Resources
"{A508D5A2-3AC1-4594-A718-A663D6D3CF11}" = Windows Live Remote Service Resources
"{A679FBE4-BA2D-4514-8834-030982C8B31A}" = Windows Live Remote Service Resources
"{B0BF8602-EA52-4B0A-A2BD-EDABB0977030}" = Windows Live Remote Client Resources
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 267.21
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 267.21
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B680A663-1A15-47A5-A07C-7DF9A97558B7}" = Windows Live Remote Client Resources
"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
"{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}" = Überwachungstool für die Intel® Turbo-Boost-Technik 2.0
"{C504EC13-E122-4939-BD6E-EE5A3BAA5FEC}" = Windows Live Remote Client Resources
"{C513739C-5F16-37B5-9ACF-99925FF1C1F3}" = Microsoft .NET Framework 4.5.1 (DEU)
"{C9F05151-95A9-4B9B-B534-1760E2D014A5}" = Windows Live Remote Client Resources
"{CFF3C688-2198-4BC3-A399-598226949C39}" = Windows Live Remote Client Resources
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D1C1556C-7FF3-48A3-A5D6-7126F0FAFB66}" = Windows Live Remote Client Resources
"{D3E4F422-7E0F-49C7-8B00-F42490D7A385}" = Windows Live Remote Service Resources
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DBEDAF67-C5A3-4C91-951D-31F3FE63AF3F}" = Windows Live Remote Client Resources
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E102B843-786A-4F58-AF75-6504570E207B}" = Microsoft Security Client
"{ED421F97-E1C3-4E78-9F54-A53888215D58}" = Windows Live Remote Client Resources
"{EFB20CF5-1A6D-41F3-8895-223346CE6291}" = Windows Live Remote Service Resources
"{F6CB2C5F-B2C1-4DF1-BF44-39D0DC06FE6F}" = Windows Live Remote Service Resources
"{FAA3933C-6F0D-4350-B66B-9D7F7031343E}" = Windows Live Remote Service Resources
"{FAD0EC0B-753B-4A97-AD34-32AC1EC8DB69}" = Windows Live Remote Client Resources
"Canon SELPHY CP810" = Canon SELPHY CP810
"CNXT_AUDIO_HDA" = Conexant HD Audio
"Microsoft Security Client" = Microsoft Security Essentials
"ProInst" = Intel PROSet Wireless
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

[color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"MyFreeCodec" = MyFreeCodec
"XBMC" = XBMC

[color=#E56717]========== Last 20 Event Log Errors ==========[/color]

[ Application Events ]
Error - 09.11.2013 13:42:18 | Computer Name = Fiza-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 9828

Error - 09.11.2013 13:42:18 | Computer Name = Fiza-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 9828

Error - 09.11.2013 20:47:26 | Computer Name = Fiza-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 10.11.2013 03:57:56 | Computer Name = Fiza-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 15569

Error - 10.11.2013 03:57:56 | Computer Name = Fiza-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 15569

Error - 10.11.2013 05:22:32 | Computer Name = Fiza-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 10.0.9200.16720,
Zeitstempel: 0x523cf127  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00000016  ID des fehlerhaften
Prozesses: 0x1bac  Startzeit der fehlerhaften Anwendung: 0x01cedb8bb90e8cde  Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE  Pfad
des fehlerhaften Moduls: unknown  Berichtskennung: a0534549-49e9-11e3-ae1d-b870f4ed025e

Error - 10.11.2013 14:24:49 | Computer Name = Fiza-PC | Source = Application Hang | ID = 1002
Description = Programm XBMC.exe, Version 12.2.0.0 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 5894    Startzeit:
01cede4133d2cb61    Endzeit: 37    Anwendungspfad: C:\Program Files (x86)\XBMC\XBMC.exe

Berichts-ID:
59fa022c-4a35-11e3-ae1d-b870f4ed025e  

Error - 13.11.2013 13:58:54 | Computer Name = Fiza-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 13.11.2013 13:58:57 | Computer Name = Fiza-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 24586756

Error - 13.11.2013 13:58:57 | Computer Name = Fiza-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 24586756

[ System Events ]
Error - 27.02.2014 17:14:05 | Computer Name = Fiza-PC | Source = Service Control Manager | ID = 7030
Description = Der Dienst "MgAssist Service" ist als interaktiver Dienst gekennzeichnet.
Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

Error - 27.02.2014 17:18:26 | Computer Name = Fiza-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   cdrom

Error - 27.02.2014 17:21:37 | Computer Name = Fiza-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "Computer Backup (MyPC Backup)" wurde unerwartet beendet. Dies
ist bereits 1 Mal passiert.

Error - 27.02.2014 17:35:17 | Computer Name = Fiza-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   cdrom

Error - 27.02.2014 20:26:22 | Computer Name = Fiza-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   cdrom

Error - 28.02.2014 13:14:00 | Computer Name = Fiza-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   cdrom

Error - 28.02.2014 13:30:36 | Computer Name = Fiza-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   cdrom

Error - 28.02.2014 14:18:47 | Computer Name = Fiza-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   cdrom

Error - 01.03.2014 01:56:56 | Computer Name = Fiza-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   cdrom

Error - 01.03.2014 07:50:26 | Computer Name = Fiza-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   cdrom


< End of report >


Anbei auch noch die GMER Log:

Code

 GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2014-03-08 13:18:29
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 WDC_WD75 rev.01.0 698,64GB
Running: 0ki650wu.exe; Driver: C:\Users\Fiza\AppData\Local\Temp\kwldypow.sys


---- Kernel code sections - GMER 2.1 ----

INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528                                                                                                                   fffff800033f2000 45 bytes [00, 00, 0D, 02, 4D, 6D, 43, ...]
INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 575                                                                                                                   fffff800033f202f 16 bytes [00, 00, 00, 00, 00, 00, 00, ...]

---- User code sections - GMER 2.1 ----

.text     C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[2236] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                        0000000075301465 2 bytes [30, 75]
.text     C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[2236] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                       00000000753014bb 2 bytes [30, 75]
.text     ...                                                                                                                                                                                  * 2
.text     C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[4276] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                   0000000075301465 2 bytes [30, 75]
.text     C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[4276] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                  00000000753014bb 2 bytes [30, 75]
.text     ...                                                                                                                                                                                  * 2
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4348] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                       0000000075301465 2 bytes [30, 75]
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4348] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                      00000000753014bb 2 bytes [30, 75]
.text     ...                                                                                                                                                                                  * 2
---- Processes - GMER 2.1 ----

Library   C:\Users\Fiza\AppData\Local\Smartbar\Application\AxInterop.WMPLib.dll (*** suspicious ***) @ C:\Users\Fiza\AppData\Local\Smartbar\Application\Muvic.exe [3300](2014-02-25 10:51:04)  000000005e4a0000

---- Registry - GMER 2.1 ----

Reg       HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\9439e598f5b3                                                                                                          
Reg       HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\9439e598f5b3@ec55f950c90e                                                                                             0xEF 0xE4 0xE7 0x74 ...
Reg       HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\9439e598f5b3@f8d0bd40894e                                                                                             0x58 0xFC 0x53 0xDD ...
Reg       HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\9439e598f5b3 (not active ControlSet)                                                                                      
Reg       HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\9439e598f5b3@ec55f950c90e                                                                                                 0xEF 0xE4 0xE7 0x74 ...
Reg       HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\9439e598f5b3@f8d0bd40894e                                                                                                 0x58 0xFC 0x53 0xDD ...

---- EOF - GMER 2.1 ----


Ich hoffe mir kann jemand helfen. Vielen Dank für jede Hilfe schonmal im Voraus.

Viele Grüße,
Seitenanfang Seitenende
08.03.2014, 20:13
Ehrenmitglied
Avatar Argus

Beiträge: 6028
#2 AdwCleaner
Downloade Dir bitte AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser.
Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Suchen und warte, bis der Suchlauf abgeschlossen ist.
Klicke nun auf Löschen.
Bestätige jeweils mit Ok.
Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Sx].txt. (x = fortlaufende Nummer)

Junkware Removal Tool
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.


Downloade Dir bitte Junkware Removal Tool auf deinen Desktop.

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Das Tool wird sich öffnen und mit dem Scan beginnen.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

Malwarebytes Anti-Malware
Downloade Dir bitte Malwarebytes Anti-Malware
Installiere das Programm in den vorgegebenen Pfad.
Windows Vista und höher: mit Rechtsklick "als Administrator starten"
Starte Malwarebytes, klicke auf Aktualisierung --> Suche nach Aktualisierung
Wenn das Update beendet wurde, aktiviere - Vollständigen Suchlauf Durchführen
drücke auf Scannen.
Wenn der Scan beendet ist, klicke auf Ergebnisse anzeigen.
Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
Poste das Logfile, welches sich in Notepad öffnet, hier in den Thread.
Nachträglich kannst du den Bericht unter "Log Dateien" finden
__________
MfG Argus
Seitenanfang Seitenende
09.03.2014, 16:56
Member

Themenstarter

Beiträge: 15
#3 Hallo Argus,

Vielen Dank für die Hilfe. Ich bin den Anweisungen gefolgt und die Programme haben auch einiges gelöscht. Leider kommen die Pop-Ups immer noch zum Vorschein. Anbei die Logs.

AdwCleaner Log 1

Code

 # AdwCleaner v3.020 - Bericht erstellt am 09/03/2014 um 09:51:14
# Aktualisiert 27/02/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Fiza - FIZA-PC
# Gestartet von : C:\Users\Fiza\Desktop\adwcleaner.exe
# Option : Suchen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gefunden C:\Program Files (x86)\Bench
Ordner Gefunden C:\Program Files (x86)\myfree codec
Ordner Gefunden C:\ProgramData\Microsoft\Windows\Start Menu\Programs\myfree codec
Ordner Gefunden C:\Users\Fiza\AppData\Local\genienext
Ordner Gefunden C:\Users\Fiza\AppData\Local\Ilivid Player
Ordner Gefunden C:\Users\Fiza\AppData\Local\Mobogenie
Ordner Gefunden C:\Users\Fiza\AppData\Local\PackageAware
Ordner Gefunden C:\Users\Fiza\AppData\Local\SwvUpdater
Ordner Gefunden C:\Users\Fiza\AppData\LocalLow\searchquband
Ordner Gefunden C:\Users\Fiza\AppData\LocalLow\Smartbar
Ordner Gefunden C:\Users\Fiza\Documents\Mobogenie
Ordner Gefunden C:\Users\Fiza\Documents\Optimizer Pro

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gefunden : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\searchqutoolbar
Schlüssel Gefunden : HKCU\Software\installedbrowserextensions
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyFreeCodec
Schlüssel Gefunden : HKCU\Software\Myfree Codec
Schlüssel Gefunden : HKCU\Software\SmartBar
Schlüssel Gefunden : [x64] HKCU\Software\installedbrowserextensions
Schlüssel Gefunden : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gefunden : [x64] HKCU\Software\Myfree Codec
Schlüssel Gefunden : [x64] HKCU\Software\SmartBar
Schlüssel Gefunden : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gefunden : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Schlüssel Gefunden : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Schlüssel Gefunden : HKLM\Software\Bench
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220522152278}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{5C3B5DAA-0AFF-4808-90FB-0F2F2D760E36}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{FD501041-8EBE-11CE-8183-00AA00577DA2}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\iesmartbar.bandobjectattribute
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\iesmartbar.dockingpanel
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbar
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbarbandobject
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\iesmartbar.smartbardisplaystate
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\iesmartbar.smartbarmenuform
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660566156678}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\Searchqu Toolbar uninstall_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\Searchqu Toolbar uninstall_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Schlüssel Gefunden : HKLM\Software\Myfree Codec
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220522152278}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\CLSID\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660566156678}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\DataMngr
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [mobilegeni daemon]
Wert Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.16518

Einstellung Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default] - hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbQlzfY2uPTYeQjAjEDkq4w6O7BEwWot70sldtD_aU1rclKr7tSZEdvXd9r2BBO4KZL0W3j7vdYuE3W6Ulp993fvl6-Dv0io0Xl74S3R0MBGZoz-tYzwv_nKhjd2x4sprV2F-ZYq3Y1yeh-J5Y6mGgY4ZzIoOU3jAQBsFtE1klv7Nv2I9g,,&q={searchTerms}
Einstellung Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [Default] - hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbQlzfY2uPTYeQjAjEDkq4w6O7BEwWot70sldsFqghGWL_tj4X0NxUoFAfOSClvKSxrUeGP-aFXxTTD_N7ok41SyLAkAKADSGHHThOXst_EWvGzUVe7N42jFrWixQ4R2-zsIMPh9-VRdUsuGO4urdxf7SN6h2oxWYXuJxDZZioSWizkKcg,,&q={searchTerms}

-\\ Mozilla Firefox v27.0.1 (de)

[ Datei : C:\Users\Fiza\AppData\Roaming\Mozilla\Firefox\Profiles\x91fm6qq.default\prefs.js ]

Zeile gefunden : user_pref("browser.newtab.url", "hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbQlzfY2uPTYeQjAjEDkq4w6O7BEwWot70sldtD_aU1rclKr7tSZEdvXd9r2BBO4KZL0W3j7vdYuE3W6Ulp993fvl6-Dv0io0Xl74S3R0MBGZoz-tYz6PBm7MKcs-D[...]
Zeile gefunden : user_pref("browser.search.defaultenginename", "Web Search");
Zeile gefunden : user_pref("browser.search.selectedEngine", "Web Search");
Zeile gefunden : user_pref("extensions.crossrider.bic", "144753252deff2e087a72f668871ee0c");
Zeile gefunden : user_pref("keyword.URL", "hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbQlzfY2uPTYeQjAjEDkq4w6O7BEwWot70sldtD_aU1rclKr7tSZEdvXd9r2BBO4KZL0W3j7vdYuE3W6Ulp993fvl6-Dv0io0Xl74S3R0MBGZoz-tYzwv_nKhjd2x4sprV2F-[...]

*************************

AdwCleaner[R0].txt - [9256 octets] - [09/03/2014 09:51:14]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [9316 octets] ##########

AdwCleaner Log 2

Code

 # AdwCleaner v3.020 - Bericht erstellt am 09/03/2014 um 09:52:15
# Aktualisiert 27/02/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Fiza - FIZA-PC
# Gestartet von : C:\Users\Fiza\Desktop\adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\myfree codec
Ordner Gelöscht : C:\Program Files (x86)\Bench
Ordner Gelöscht : C:\Program Files (x86)\myfree codec
Ordner Gelöscht : C:\Users\Fiza\AppData\Local\genienext
Ordner Gelöscht : C:\Users\Fiza\AppData\Local\Ilivid Player
Ordner Gelöscht : C:\Users\Fiza\AppData\Local\Mobogenie
Ordner Gelöscht : C:\Users\Fiza\AppData\Local\PackageAware
Ordner Gelöscht : C:\Users\Fiza\AppData\Local\SwvUpdater
Ordner Gelöscht : C:\Users\Fiza\AppData\LocalLow\searchquband
Ordner Gelöscht : C:\Users\Fiza\AppData\LocalLow\Smartbar
Ordner Gelöscht : C:\Users\Fiza\Documents\Mobogenie
Ordner Gelöscht : C:\Users\Fiza\Documents\Optimizer Pro

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iesmartbar.bandobjectattribute
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iesmartbar.dockingpanel
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbarbandobject
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iesmartbar.smartbardisplaystate
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iesmartbar.smartbarmenuform
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Searchqu Toolbar uninstall_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Searchqu Toolbar uninstall_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [mobilegeni daemon]
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5C3B5DAA-0AFF-4808-90FB-0F2F2D760E36}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FD501041-8EBE-11CE-8183-00AA00577DA2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220522152278}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660566156678}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220522152278}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660566156678}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Wert Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Schlüssel Gelöscht : HKCU\Software\installedbrowserextensions
Schlüssel Gelöscht : HKCU\Software\Myfree Codec
Schlüssel Gelöscht : HKCU\Software\SmartBar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\searchqutoolbar
Schlüssel Gelöscht : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gelöscht : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Schlüssel Gelöscht : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Schlüssel Gelöscht : HKLM\Software\Bench
Schlüssel Gelöscht : HKLM\Software\Myfree Codec
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyFreeCodec
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\DataMngr

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.16518

Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [Default]

-\\ Mozilla Firefox v27.0.1 (de)

[ Datei : C:\Users\Fiza\AppData\Roaming\Mozilla\Firefox\Profiles\x91fm6qq.default\prefs.js ]

Zeile gelöscht : user_pref("browser.newtab.url", "hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbQlzfY2uPTYeQjAjEDkq4w6O7BEwWot70sldtD_aU1rclKr7tSZEdvXd9r2BBO4KZL0W3j7vdYuE3W6Ulp993fvl6-Dv0io0Xl74S3R0MBGZoz-tYz6PBm7MKcs-D[...]
Zeile gelöscht : user_pref("browser.search.defaultenginename", "Web Search");
Zeile gelöscht : user_pref("browser.search.selectedEngine", "Web Search");
Zeile gelöscht : user_pref("extensions.crossrider.bic", "144753252deff2e087a72f668871ee0c");
Zeile gelöscht : user_pref("keyword.URL", "hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbQlzfY2uPTYeQjAjEDkq4w6O7BEwWot70sldtD_aU1rclKr7tSZEdvXd9r2BBO4KZL0W3j7vdYuE3W6Ulp993fvl6-Dv0io0Xl74S3R0MBGZoz-tYzwv_nKhjd2x4sprV2F-[...]

*************************

AdwCleaner[R0].txt - [9476 octets] - [09/03/2014 09:51:14]
AdwCleaner[S0].txt - [8598 octets] - [09/03/2014 09:52:15]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [8658 octets] ##########

Junkware Removal Tool Log

Code

 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.2 (02.20.2014:1)
OS: Windows 7 Home Premium x64
Ran by Fiza on 09.03.2014 at  9:59:03,31
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Users\Fiza\appdata\locallow\datamngr"
Successfully deleted: [Empty Folder] C:\Users\Fiza\appdata\local\{02A07528-097B-4E86-8CC3-4DC860611702}
Successfully deleted: [Empty Folder] C:\Users\Fiza\appdata\local\{05B6BECD-CF38-41FF-BCAA-6693E4F2C614}
Successfully deleted: [Empty Folder] C:\Users\Fiza\appdata\local\{2A38BD38-9324-4BF0-AD01-1287B69076F8}
Successfully deleted: [Empty Folder] C:\Users\Fiza\appdata\local\{3CD3206A-AD34-4345-895E-E662AE75CC68}
Successfully deleted: [Empty Folder] C:\Users\Fiza\appdata\local\{55DC80D1-C87D-49FA-8C62-9AD7BBCFBFED}
Successfully deleted: [Empty Folder] C:\Users\Fiza\appdata\local\{635A843B-6886-49F1-A326-3859C7FD2187}
Successfully deleted: [Empty Folder] C:\Users\Fiza\appdata\local\{8B80CE37-E5A5-4E06-B442-ECDDED68AA12}
Successfully deleted: [Empty Folder] C:\Users\Fiza\appdata\local\{A931ECC2-43C0-412B-88AF-E16E5AB6A75F}
Successfully deleted: [Empty Folder] C:\Users\Fiza\appdata\local\{AD78615E-32C9-4920-AB63-25484039BF7E}
Successfully deleted: [Empty Folder] C:\Users\Fiza\appdata\local\{B10E5CB5-E6F8-461A-9F4C-CA606BE04C60}
Successfully deleted: [Empty Folder] C:\Users\Fiza\appdata\local\{C5B9AA04-5187-421D-9C16-305C49D0E85E}
Successfully deleted: [Empty Folder] C:\Users\Fiza\appdata\local\{C5BAF088-BE53-47C0-8CEE-8C45DAC973AA}
Successfully deleted: [Empty Folder] C:\Users\Fiza\appdata\local\{DEB6CEA1-0DF3-4856-ACDA-0C3CF26CCC84}
Successfully deleted: [Empty Folder] C:\Users\Fiza\appdata\local\{EA8492D6-6950-43F3-9DE4-9CD87A4F5880}
Successfully deleted: [Empty Folder] C:\Users\Fiza\appdata\local\{ECEE7A49-7C41-49DB-B099-2C733593C8C4}
Successfully deleted: [Empty Folder] C:\Users\Fiza\appdata\local\{EDFC5EC3-E405-49E9-B280-4C30B83A096A}
Successfully deleted: [Empty Folder] C:\Users\Fiza\appdata\local\{F65051C2-7B7E-4B41-8166-BF49B034311C}



~~~ FireFox

Emptied folder: C:\Users\Fiza\AppData\Roaming\mozilla\firefox\profiles\x91fm6qq.default\minidumps [202 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 09.03.2014 at 10:04:54,67
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Malwarebytes Log

Code

 Malwarebytes Anti-Malware (Test) 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2014.03.09.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16518
Fiza :: FIZA-PC [Administrator]

Schutz: Deaktiviert

09.03.2014 10:06:00
mbam-log-2014-03-09 (10-06-00).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 442591
Laufzeit: 2 Stunde(n), 20 Minute(n), 17 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
Seitenanfang Seitenende
09.03.2014, 17:14
Ehrenmitglied
Avatar Argus

Beiträge: 6028
#4 Farbar's Recovery Scan Tool
Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop
32-Bit http://filepony.de/download-frst/
64-Bit http://filepony.de/download-frst64/

Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Scan.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread
__________
MfG Argus
Seitenanfang Seitenende
09.03.2014, 22:00
Member

Themenstarter

Beiträge: 15
#5 Den FRST Scan habe ich durchgeführt.

Anbei die FRST LOG

Code

 Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-03-2014 01
Ran by Fiza (administrator) on FIZA-PC on 09-03-2014 18:40:35
Running from C:\Users\Fiza\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Conexant Systems Inc.) C:\Windows\system32\CxAudMsg64.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
(Telefónica I+D) C:\Program Files (x86)\o2\Mobile Connection Manager\ImpWiFiSvc.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\NisSrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Canon Inc.) C:\Program Files (x86)\Canon\SELPHY Photo Print\CIC_SPPhelper.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
(CyberLink) C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [IntelTBRunOnce] - wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
HKLM\...\Run: [IntelPAN] - C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1935120 2011-05-02] (Intel(R) Corporation)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2538280 2011-01-13] (Synaptics Incorporated)
HKLM\...\Run: [Power Management] - C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe [499304 2011-03-28] (Acer Incorporated)
HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [1266912 2013-10-23] (Microsoft Corporation)
HKLM-x32\...\Run: [NUSB3MON] - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [BackupManagerTray] - C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [297280 2011-04-24] (NTI Corporation)
HKLM-x32\...\Run: [LManager] - C:\Program Files (x86)\Launch Manager\LManager.exe [1103440 2011-07-01] (Dritek System Inc.)
HKLM-x32\...\Run: [Dolby Home Theater v4] - C:\Dolby PCEE4\pcee4.exe [506712 2011-02-03] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [ArcadeMovieService] - C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe [177448 2011-05-09] (CyberLink Corp.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [KiesTrayAgent] - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311616 2014-02-14] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\.DEFAULT\...\RunOnce: [IsMyWinLockerReboot] - msiexec.exe /qn /x{voidguid}
HKU\S-1-5-19\...\RunOnce: [IsMyWinLockerReboot] - msiexec.exe /qn /x{voidguid}
HKU\S-1-5-20\...\RunOnce: [IsMyWinLockerReboot] - msiexec.exe /qn /x{voidguid}
HKU\S-1-5-21-1527579594-2446364192-1317730462-1001\...\Run: [KiesPreload] - C:\Program Files (x86)\Samsung\Kies\Kies.exe [1564992 2014-02-14] (Samsung)
HKU\S-1-5-21-1527579594-2446364192-1317730462-1001\...\Run: [KiesAirMessage] - C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
HKU\S-1-5-21-1527579594-2446364192-1317730462-1001\...\Run: [] - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [845120 2014-02-14] (Samsung)
HKU\S-1-5-21-1527579594-2446364192-1317730462-1001\...\Run: [Wondershare Helper Compact.exe] - "C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelperSetup.exe"
HKU\S-1-5-21-1527579594-2446364192-1317730462-1001\...\MountPoints2: {46f2e0c9-572e-11e1-af1f-806e6f6e6963} - E:\AutoRun.exe
HKU\S-1-5-21-1527579594-2446364192-1317730462-1001\...\MountPoints2: {46f2e0fd-572e-11e1-af1f-081196146620} - E:\AutoRun.exe
HKU\S-1-5-21-1527579594-2446364192-1317730462-1001\...\MountPoints2: {46f2e115-572e-11e1-af1f-081196146620} - E:\AutoRun.exe
HKU\S-1-5-21-1527579594-2446364192-1317730462-1001\...\MountPoints2: {a9d325e9-685d-11e1-b22d-b870f4ed025e} - E:\AutoRun.exe
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [226920 2011-02-21] (NVIDIA Corporation)
AppInit_DLLs-x32: c:\windows\syswow64\nvinit.dll => c:\windows\syswow64\nvinit.dll [192616 2011-02-21] (NVIDIA Corporation)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
SearchScopes: HKLM - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL =
BHO: HQ-Video-Profession-1.3 - {11111111-1111-1111-1111-110511151178} - C:\Program Files (x86)\HQ-Video-Profession-1.3\HQ-Video-Profession-1.3-bho64.dll No File
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Coupon Server BHO - {F791D8AE-47E8-40A5-A913-EB2D2AF29602} - C:\Program Files (x86)\Coupon Server\FrameworkBHO64.dll No File
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {1ABA5FAC-1417-422B-BA82-45C35E2C908B} http://kitchenplanner.ikea.com/DE/Core/Player/2020PlayerAX_IKEA_Win32.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Fiza\AppData\Roaming\Mozilla\Firefox\Profiles\x91fm6qq.default
FF Homepage: www.google.com
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_70.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.17.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.17.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: HQ-Video-Profession-1.3 - C:\Users\Fiza\AppData\Roaming\Mozilla\Firefox\Profiles\x91fm6qq.default\Extensions\13c471d9-6cbb-4c08-9dd1-8dc16c66bb1f@cf5065af-ca24-464a-a637-af7582a82514.com [2014-03-08]
FF Extension: Coupon Server - C:\Users\Fiza\AppData\Roaming\Mozilla\Firefox\Profiles\x91fm6qq.default\Extensions\{3C2422B0-C421-8DCF-B2EB-70B9B2B71607} [2014-02-27]

==================== Services (Whitelisted) =================

R2 ePowerSvc; C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [799848 2011-03-28] (Acer Incorporated)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-10-23] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-05-02] ()
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [348376 2013-10-23] (Microsoft Corporation)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [256832 2011-04-24] (NTI Corporation)
R2 RS_Service; C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe [260640 2010-01-30] (Acer Incorporated)
R2 TGCM_ImportWiFiSvc; C:\Program Files (x86)\o2\Mobile Connection Manager\ImpWiFiSvc.exe [199600 2010-08-02] (Telefónica I+D)

==================== Drivers (Whitelisted) ====================

R1 ElRawDisk; C:\Windows\system32\drivers\rsdrvx64.sys [26024 2009-02-12] (EldoS Corporation)
S3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [250368 2010-04-07] (Huawei Technologies Co., Ltd.)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [248240 2013-09-27] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [134944 2013-09-27] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-09 18:40 - 2014-03-09 18:40 - 00013847 _____ () C:\Users\Fiza\Desktop\FRST.txt
2014-03-09 18:40 - 2014-03-09 18:40 - 00000000 ____D () C:\FRST
2014-03-09 18:39 - 2014-03-09 18:39 - 02156544 _____ (Farbar) C:\Users\Fiza\Desktop\FRST64.exe
2014-03-09 10:04 - 2014-03-09 10:05 - 00002617 _____ () C:\Users\Fiza\Desktop\JRT.txt
2014-03-09 09:59 - 2014-03-09 09:59 - 00000000 ____D () C:\Windows\ERUNT
2014-03-09 09:57 - 2014-03-09 09:57 - 01037734 _____ (Thisisu) C:\Users\Fiza\Desktop\JRT.exe
2014-03-09 09:51 - 2014-03-09 09:52 - 00000000 ____D () C:\AdwCleaner
2014-03-09 09:50 - 2014-03-09 09:50 - 01244192 _____ () C:\Users\Fiza\Desktop\adwcleaner.exe
2014-03-08 13:34 - 2014-03-08 13:34 - 00000000 ____D () C:\Users\Fiza\AppData\Roaming\Malwarebytes
2014-03-08 13:33 - 2014-03-08 13:34 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-08 13:33 - 2014-03-08 13:33 - 00001077 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-03-08 13:33 - 2014-03-08 13:33 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-08 13:33 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-03-08 13:31 - 2014-03-08 13:31 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Fiza\Desktop\mbam-setup-1.75.0.1300.exe
2014-03-08 13:18 - 2014-03-08 13:18 - 00004368 _____ () C:\Users\Fiza\Desktop\gmer.log
2014-03-08 11:37 - 2014-03-08 11:37 - 00380416 _____ () C:\Users\Fiza\Desktop\0ki650wu.exe
2014-03-08 11:30 - 2014-03-08 11:30 - 00060286 _____ () C:\Users\Fiza\Desktop\Extras.Txt
2014-03-08 11:28 - 2014-03-08 11:28 - 00111340 _____ () C:\Users\Fiza\Desktop\OTL.Txt
2014-03-08 11:15 - 2014-03-08 11:15 - 00602112 _____ (OldTimer Tools) C:\Users\Fiza\Desktop\OTL.exe
2014-03-04 21:01 - 2014-03-04 21:01 - 00000193 _____ () C:\Windows\WORDPAD.INI
2014-03-03 19:56 - 2014-03-03 19:56 - 00000000 ____D () C:\Users\Public\Documents\CrashDump
2014-02-27 22:53 - 2014-02-27 22:53 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_silabser_01009.Wdf
2014-02-27 22:32 - 2014-02-27 22:32 - 00000000 ____D () C:\Program Files (x86)\Silabs
2014-02-27 22:31 - 2014-02-27 22:32 - 00000000 ____D () C:\Windows\SysWOW64\Silabs
2014-02-27 22:31 - 2014-02-27 22:31 - 00000000 ____D () C:\SiLabs
2014-02-27 22:31 - 2010-02-24 16:38 - 00072192 _____ (Silicon Laboratories) C:\Windows\system32\Drivers\silabser.sys
2014-02-27 22:31 - 2010-02-24 16:38 - 00052224 _____ (Silicon Laboratories, Inc.) C:\Windows\system32\Drivers\silabenm.sys
2014-02-27 22:10 - 2014-02-27 22:14 - 00000000 ____D () C:\Users\Fiza\AppData\Local\cache
2014-02-27 22:10 - 2014-02-27 22:10 - 00000000 ____D () C:\Users\Fiza\AppData\Roaming\WinRAR
2014-02-27 22:10 - 2014-02-27 22:10 - 00000000 _____ () C:\Users\Fiza\daemonprocess.txt
2014-02-27 22:08 - 2014-02-27 22:08 - 00000000 ____D () C:\Users\Fiza\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-02-27 22:08 - 2014-02-27 22:08 - 00000000 ____D () C:\Program Files (x86)\WinRAR
2014-02-27 22:05 - 2014-02-28 00:15 - 00000306 __RSH () C:\ProgramData\ntuser.pol
2014-02-27 20:38 - 2014-02-27 20:39 - 00000000 ____D () C:\Users\Fiza\AppData\Roaming\ExpressVPN
2014-02-27 20:38 - 2014-02-27 20:38 - 00001089 _____ () C:\Users\Public\Desktop\ExpressVPN.lnk
2014-02-27 20:38 - 2014-02-27 20:38 - 00000000 ____D () C:\Users\Fiza\AppData\Local\ExpressVPN
2014-02-27 20:38 - 2014-02-27 20:38 - 00000000 ____D () C:\Program Files (x86)\ExpressVPN
2014-02-27 20:23 - 2014-03-08 23:50 - 00000000 ____D () C:\Users\Fiza\Desktop\Receiver
2014-02-27 00:11 - 2014-02-27 00:11 - 00007171 _____ () C:\Users\Fiza\Downloads\my_expressvpn_germany_udp.ovpn
2014-02-26 21:50 - 2014-02-27 20:37 - 00000000 ____D () C:\Users\Fiza\Desktop\Router
2014-02-26 21:38 - 2014-02-26 21:38 - 00000000 ____D () C:\Program Files (x86)\Linksys
2014-02-26 21:24 - 2014-02-26 21:24 - 00000000 ____D () C:\ProgramData\Linksys
2014-02-26 21:23 - 2014-02-26 21:23 - 21174896 _____ (Belkin International, Inc.) C:\Users\Fiza\Downloads\LinksysConnect.E1200.1.5.13291.0.exe
2014-02-21 12:56 - 2014-02-21 12:56 - 17858952 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-02-16 20:59 - 2014-02-16 20:59 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-13 17:35 - 2014-02-13 18:19 - 00073717 _____ () C:\Users\Fiza\Documents\Fotobuch.pbf
2014-02-13 17:35 - 2014-02-13 18:19 - 00000000 ____D () C:\Users\Fiza\Documents\Fotobuch-Dateien
2014-02-13 17:18 - 2007-03-12 16:42 - 03495784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_33.dll
2014-02-13 17:17 - 2014-02-13 17:17 - 00000000 ____D () C:\Users\Fiza\AppData\Local\posterXXL Designer
2014-02-13 17:16 - 2014-02-13 17:16 - 00001033 _____ () C:\Users\Public\Desktop\posterXXL Designer.lnk
2014-02-13 17:16 - 2014-02-13 17:16 - 00000000 ____D () C:\ProgramData\posterXXL Designer
2014-02-13 17:15 - 2014-02-13 17:15 - 00000000 ____D () C:\Program Files (x86)\posterXXL Designer
2014-02-13 17:10 - 2014-02-13 17:14 - 121528488 _____ ( ) C:\Users\Fiza\Downloads\posterXXL_v5_2_[xnefrztbb0109kkysbgb2pfgj].exe
2014-02-13 15:51 - 2013-12-21 10:53 - 00548864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-13 15:51 - 2013-12-21 09:56 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-02-13 15:50 - 2014-02-06 13:16 - 23170048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-13 15:50 - 2014-02-06 12:30 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-13 15:50 - 2014-02-06 12:30 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-13 15:50 - 2014-02-06 12:12 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-13 15:50 - 2014-02-06 12:07 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-13 15:50 - 2014-02-06 12:06 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-13 15:50 - 2014-02-06 11:57 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-13 15:50 - 2014-02-06 11:56 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-13 15:50 - 2014-02-06 11:52 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-13 15:50 - 2014-02-06 11:49 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-13 15:50 - 2014-02-06 11:48 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-13 15:50 - 2014-02-06 11:48 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-13 15:50 - 2014-02-06 11:38 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-13 15:50 - 2014-02-06 11:32 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-13 15:50 - 2014-02-06 11:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-13 15:50 - 2014-02-06 11:17 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-13 15:50 - 2014-02-06 11:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-13 15:50 - 2014-02-06 11:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-13 15:50 - 2014-02-06 10:57 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-13 15:50 - 2014-02-06 10:57 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-13 15:50 - 2014-02-06 10:52 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-13 15:50 - 2014-02-06 10:52 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-13 15:50 - 2014-02-06 10:50 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-13 15:50 - 2014-02-06 10:49 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-13 15:50 - 2014-02-06 10:47 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-13 15:50 - 2014-02-06 10:46 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-13 15:50 - 2014-02-06 10:25 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-13 15:50 - 2014-02-06 10:25 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-13 15:50 - 2014-02-06 10:24 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-13 15:50 - 2014-02-06 10:22 - 13051392 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-13 15:50 - 2014-02-06 10:13 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-13 15:50 - 2014-02-06 10:09 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-13 15:50 - 2014-02-06 10:03 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-13 15:50 - 2014-02-06 09:55 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-13 15:50 - 2014-02-06 09:41 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-13 15:50 - 2014-02-06 09:40 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-13 15:50 - 2014-02-06 09:36 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-13 15:50 - 2014-02-06 09:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-13 15:49 - 2014-02-06 11:11 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-12 15:44 - 2014-01-01 00:05 - 00420008 _____ () C:\Windows\SysWOW64\locale.nls
2014-02-12 15:44 - 2014-01-01 00:04 - 00420008 _____ () C:\Windows\system32\locale.nls
2014-02-12 15:44 - 2013-12-25 00:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-02-12 15:44 - 2013-12-24 23:48 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-02-12 15:44 - 2013-12-06 03:30 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-02-12 15:44 - 2013-12-06 03:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-02-12 15:44 - 2013-12-06 03:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-02-12 15:44 - 2013-12-06 03:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-02-12 15:44 - 2013-12-04 03:27 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2014-02-12 15:44 - 2013-12-04 03:27 - 00485888 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2014-02-12 15:44 - 2013-12-04 03:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2014-02-12 15:44 - 2013-12-04 03:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2014-02-12 15:44 - 2013-12-04 03:26 - 00528384 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-02-12 15:44 - 2013-12-04 03:16 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2014-02-12 15:44 - 2013-12-04 03:16 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2014-02-12 15:44 - 2013-12-04 03:16 - 00553984 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2014-02-12 15:44 - 2013-12-04 03:16 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2014-02-12 15:44 - 2013-12-04 03:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll
2014-02-12 15:44 - 2013-12-04 03:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll
2014-02-12 15:44 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll
2014-02-12 15:44 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll
2014-02-12 15:44 - 2013-12-04 03:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll
2014-02-12 15:44 - 2013-12-04 02:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe
2014-02-12 15:44 - 2013-12-04 02:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe
2014-02-12 15:44 - 2013-12-04 02:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe
2014-02-12 15:44 - 2013-12-04 02:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe
2014-02-12 15:44 - 2013-11-26 09:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2014-02-12 15:44 - 2013-11-22 23:48 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll

==================== One Month Modified Files and Folders =======

2014-03-09 18:40 - 2014-03-09 18:40 - 00013847 _____ () C:\Users\Fiza\Desktop\FRST.txt
2014-03-09 18:40 - 2014-03-09 18:40 - 00000000 ____D () C:\FRST
2014-03-09 18:39 - 2014-03-09 18:39 - 02156544 _____ (Farbar) C:\Users\Fiza\Desktop\FRST64.exe
2014-03-09 18:34 - 2011-09-12 21:08 - 01216206 _____ () C:\Windows\WindowsUpdate.log
2014-03-09 18:34 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\tracing
2014-03-09 16:56 - 2012-04-29 10:31 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-09 10:05 - 2014-03-09 10:04 - 00002617 _____ () C:\Users\Fiza\Desktop\JRT.txt
2014-03-09 10:01 - 2009-07-14 05:45 - 00016976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-09 10:01 - 2009-07-14 05:45 - 00016976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-09 09:59 - 2014-03-09 09:59 - 00000000 ____D () C:\Windows\ERUNT
2014-03-09 09:58 - 2013-05-20 11:51 - 00000000 ____D () C:\Users\Fiza\Documents\Mein Steuer-Sparbuch Heute
2014-03-09 09:57 - 2014-03-09 09:57 - 01037734 _____ (Thisisu) C:\Users\Fiza\Desktop\JRT.exe
2014-03-09 09:56 - 2011-12-24 09:30 - 00000000 ____D () C:\ProgramData\clear.fi
2014-03-09 09:53 - 2013-03-09 13:53 - 00065536 _____ () C:\Windows\system32\Ikeext.etl
2014-03-09 09:53 - 2012-04-29 11:10 - 00024660 _____ () C:\Windows\setupact.log
2014-03-09 09:53 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-09 09:52 - 2014-03-09 09:51 - 00000000 ____D () C:\AdwCleaner
2014-03-09 09:50 - 2014-03-09 09:50 - 01244192 _____ () C:\Users\Fiza\Desktop\adwcleaner.exe
2014-03-08 23:50 - 2014-02-27 20:23 - 00000000 ____D () C:\Users\Fiza\Desktop\Receiver
2014-03-08 15:24 - 2010-11-21 04:47 - 01687506 _____ () C:\Windows\PFRO.log
2014-03-08 13:34 - 2014-03-08 13:34 - 00000000 ____D () C:\Users\Fiza\AppData\Roaming\Malwarebytes
2014-03-08 13:34 - 2014-03-08 13:33 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-08 13:33 - 2014-03-08 13:33 - 00001077 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-03-08 13:33 - 2014-03-08 13:33 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-08 13:31 - 2014-03-08 13:31 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Fiza\Desktop\mbam-setup-1.75.0.1300.exe
2014-03-08 13:18 - 2014-03-08 13:18 - 00004368 _____ () C:\Users\Fiza\Desktop\gmer.log
2014-03-08 11:37 - 2014-03-08 11:37 - 00380416 _____ () C:\Users\Fiza\Desktop\0ki650wu.exe
2014-03-08 11:30 - 2014-03-08 11:30 - 00060286 _____ () C:\Users\Fiza\Desktop\Extras.Txt
2014-03-08 11:28 - 2014-03-08 11:28 - 00111340 _____ () C:\Users\Fiza\Desktop\OTL.Txt
2014-03-08 11:15 - 2014-03-08 11:15 - 00602112 _____ (OldTimer Tools) C:\Users\Fiza\Desktop\OTL.exe
2014-03-04 21:01 - 2014-03-04 21:01 - 00000193 _____ () C:\Windows\WORDPAD.INI
2014-03-04 18:51 - 2012-04-29 11:09 - 01594964 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-03-04 18:51 - 2011-09-13 06:57 - 00699682 _____ () C:\Windows\system32\perfh007.dat
2014-03-04 18:51 - 2011-09-13 06:57 - 00149790 _____ () C:\Windows\system32\perfc007.dat
2014-03-04 18:50 - 2009-07-14 06:13 - 01594964 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-03 20:13 - 2013-03-07 13:41 - 00001970 _____ () C:\Users\Public\Desktop\Samsung Kies (Lite).lnk
2014-03-03 19:56 - 2014-03-03 19:56 - 00000000 ____D () C:\Users\Public\Documents\CrashDump
2014-03-01 10:28 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-02-28 00:15 - 2014-02-27 22:05 - 00000306 __RSH () C:\ProgramData\ntuser.pol
2014-02-27 22:53 - 2014-02-27 22:53 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_silabser_01009.Wdf
2014-02-27 22:32 - 2014-02-27 22:32 - 00000000 ____D () C:\Program Files (x86)\Silabs
2014-02-27 22:32 - 2014-02-27 22:31 - 00000000 ____D () C:\Windows\SysWOW64\Silabs
2014-02-27 22:31 - 2014-02-27 22:31 - 00000000 ____D () C:\SiLabs
2014-02-27 22:31 - 2011-08-04 05:01 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-02-27 22:21 - 2011-12-24 09:12 - 00000000 ___RD () C:\Users\Fiza\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-02-27 22:14 - 2014-02-27 22:10 - 00000000 ____D () C:\Users\Fiza\AppData\Local\cache
2014-02-27 22:10 - 2014-02-27 22:10 - 00000000 ____D () C:\Users\Fiza\AppData\Roaming\WinRAR
2014-02-27 22:10 - 2014-02-27 22:10 - 00000000 _____ () C:\Users\Fiza\daemonprocess.txt
2014-02-27 22:10 - 2011-12-24 15:09 - 00000000 ____D () C:\Users\Fiza
2014-02-27 22:08 - 2014-02-27 22:08 - 00000000 ____D () C:\Users\Fiza\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-02-27 22:08 - 2014-02-27 22:08 - 00000000 ____D () C:\Program Files (x86)\WinRAR
2014-02-27 22:05 - 2009-07-14 04:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-02-27 22:05 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2014-02-27 20:39 - 2014-02-27 20:38 - 00000000 ____D () C:\Users\Fiza\AppData\Roaming\ExpressVPN
2014-02-27 20:38 - 2014-02-27 20:38 - 00001089 _____ () C:\Users\Public\Desktop\ExpressVPN.lnk
2014-02-27 20:38 - 2014-02-27 20:38 - 00000000 ____D () C:\Users\Fiza\AppData\Local\ExpressVPN
2014-02-27 20:38 - 2014-02-27 20:38 - 00000000 ____D () C:\Program Files (x86)\ExpressVPN
2014-02-27 20:37 - 2014-02-26 21:50 - 00000000 ____D () C:\Users\Fiza\Desktop\Router
2014-02-27 00:11 - 2014-02-27 00:11 - 00007171 _____ () C:\Users\Fiza\Downloads\my_expressvpn_germany_udp.ovpn
2014-02-26 21:38 - 2014-02-26 21:38 - 00000000 ____D () C:\Program Files (x86)\Linksys
2014-02-26 21:24 - 2014-02-26 21:24 - 00000000 ____D () C:\ProgramData\Linksys
2014-02-26 21:23 - 2014-02-26 21:23 - 21174896 _____ (Belkin International, Inc.) C:\Users\Fiza\Downloads\LinksysConnect.E1200.1.5.13291.0.exe
2014-02-21 12:56 - 2014-02-21 12:56 - 17858952 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-02-21 12:56 - 2012-04-29 10:31 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-02-21 12:56 - 2012-04-29 10:31 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-02-21 12:56 - 2011-08-04 06:11 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-19 21:49 - 2013-05-29 22:20 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-02-19 21:33 - 2013-08-15 10:02 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-19 21:30 - 2012-04-29 11:04 - 88567024 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-02-16 20:59 - 2014-02-16 20:59 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-13 18:19 - 2014-02-13 17:35 - 00073717 _____ () C:\Users\Fiza\Documents\Fotobuch.pbf
2014-02-13 18:19 - 2014-02-13 17:35 - 00000000 ____D () C:\Users\Fiza\Documents\Fotobuch-Dateien
2014-02-13 17:18 - 2011-08-04 05:53 - 00037868 _____ () C:\Windows\DirectX.log
2014-02-13 17:17 - 2014-02-13 17:17 - 00000000 ____D () C:\Users\Fiza\AppData\Local\posterXXL Designer
2014-02-13 17:17 - 2011-12-24 15:09 - 00000000 ____D () C:\Users\Fiza\AppData\Local\VirtualStore
2014-02-13 17:16 - 2014-02-13 17:16 - 00001033 _____ () C:\Users\Public\Desktop\posterXXL Designer.lnk
2014-02-13 17:16 - 2014-02-13 17:16 - 00000000 ____D () C:\ProgramData\posterXXL Designer
2014-02-13 17:15 - 2014-02-13 17:15 - 00000000 ____D () C:\Program Files (x86)\posterXXL Designer
2014-02-13 17:14 - 2014-02-13 17:10 - 121528488 _____ ( ) C:\Users\Fiza\Downloads\posterXXL_v5_2_[xnefrztbb0109kkysbgb2pfgj].exe
2014-02-12 17:35 - 2012-07-29 13:38 - 00000000 ____D () C:\Users\Fiza\AppData\Local\Windows Live

Some content of TEMP:
====================
C:\Users\Fiza\AppData\Local\Temp\BackupSetup.exe
C:\Users\Fiza\AppData\Local\Temp\DataCard_Setup64.exe
C:\Users\Fiza\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\Fiza\AppData\Local\Temp\kqjfraha.dll
C:\Users\Fiza\AppData\Local\Temp\Quarantine.exe
C:\Users\Fiza\AppData\Local\Temp\ResetDevice.exe
C:\Users\Fiza\AppData\Local\Temp\SkypeSetup.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-03-01 10:07

==================== End Of Log ============================


Anbei die Addition Log

Code

 Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-03-2014 01
Ran by Fiza at 2014-03-09 18:41:06
Running from C:\Users\Fiza\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

==================== Installed Programs ======================

Apple Mobile Device Support (HKLM\...\{2F72F540-1F60-4266-9506-952B21D6640D}) (Version: 6.1.0.13 - Apple Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Canon MP140 series (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP140_series) (Version:  - )
Canon SELPHY CP810 (HKLM\...\Canon SELPHY CP810) (Version:  - )
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.54.8.50 - Conexant)
Intel PROSet Wireless (Version:  - ) Hidden
Intel(R) PROSet/Wireless WiFi-Software (HKLM\...\{3C41721F-AF0F-4086-AA1C-4C7F29076228}) (Version: 14.01.1000 - Intel Corporation)
Intel(R) Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version:  - )
iTunes (HKLM\...\{76FF0F03-B707-4332-B5D1-A56C8303514E}) (Version: 11.0.4.4 - Apple Inc.)
Malwarebytes Anti-Malware Version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.4.0304.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.4.304.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
NVIDIA Grafiktreiber 267.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 267.21 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.265.39.0 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 267.21 (Version: 267.21 - NVIDIA Corporation) Hidden
Remo Recover for Android (HKLM\...\{3BF6B4CF-E6A1-45B3-9BC5-67213D146CB6}_is1) (Version: 2.0.0.8 - Remo Software)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.34.0 - SAMSUNG Electronics Co., Ltd.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.2.9.0 - Synaptics Incorporated)
Überwachungstool für die Intel® Turbo-Boost-Technik 2.0 (HKLM\...\{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}) (Version: 2.1.23.0 - Intel)
WIDCOMM Bluetooth Software (HKLM\...\{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}) (Version: 6.3.0.7300 - Broadcom Corporation)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
XBMC (HKCU\...\XBMC) (Version:  - Team XBMC)

==================== Restore Points  =========================

19-02-2014 20:28:04 Windows Update
25-02-2014 20:29:02 Windows Update
27-02-2014 21:31:07 Installed Silicon Laboratories CP210x VCP Drivers for Windows XP;ˆV
28-02-2014 17:17:54 Windows Update
03-03-2014 19:00:20 Windows Update
07-03-2014 11:21:33 Windows Update
08-03-2014 15:07:30 Windows Update
09-03-2014 08:47:47 Windows Update

==================== Hosts content: ==========================

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {03830A1C-F32B-4214-91F0-584B90B5AFDF} - System32\Tasks\Adobe Reader Speed Launcher => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [2013-09-03] (Adobe Systems Incorporated)
Task: {252BF546-09A5-46FD-B1A3-D12A4100BB91} - System32\Tasks\Adobe ARM => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21] (Adobe Systems Incorporated)
Task: {2DA80B27-7B27-4D55-BADA-2AC363B49141} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-21] (Adobe Systems Incorporated)
Task: {2E3AB244-E750-41A5-A754-8A28F7E14A0D} - System32\Tasks\clear.fiAgent => C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe [2011-05-20] (CyberLink Corp.)
Task: {C2C19A81-A6BD-44EA-99AD-12737C59433F} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {CFF51A33-BCC7-41C4-8CD2-C459F5842350} - System32\Tasks\DMREngine => C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe [2011-05-20] (CyberLink)
Task: {F84BCC79-8D9E-4B65-9F18-9DB213E5A202} - System32\Tasks\clear.fi => C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fi.exe [2011-05-20] (Acer Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2011-05-02 12:41 - 2011-05-02 12:41 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2011-05-02 12:41 - 2011-05-02 12:41 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll
2011-08-04 05:46 - 2011-03-26 23:29 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2010-12-10 14:53 - 2010-12-10 14:53 - 00173856 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll
2013-01-28 13:08 - 2013-01-28 13:08 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2013-01-28 13:08 - 2013-01-28 13:08 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2011-04-24 02:29 - 2011-04-24 02:29 - 00465640 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll
2011-04-24 02:29 - 2011-04-24 02:29 - 01081664 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\ACE.dll
2011-04-24 02:29 - 2011-04-24 02:29 - 00125760 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\MailConverter32.dll
2014-02-25 21:33 - 2014-02-25 21:33 - 00172544 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\367540c92c2004ff2c6695778fed5dd6\IsdiInterop.ni.dll
2011-08-04 05:01 - 2011-05-20 09:05 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2006-10-31 18:53 - 2006-10-31 18:53 - 00270336 _____ () C:\Program Files (x86)\Canon\SELPHY Photo Print\EnoJPEG4.dll
2011-05-20 10:13 - 2011-05-20 10:13 - 00206216 _____ () C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\CLNetMediaDMA.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============
Error: (03/09/2014 10:16:32 AM) (Source: DCOM) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}


Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Percentage of memory in use: 41%
Total physical RAM: 3947.86 MB
Available physical RAM: 2319.98 MB
Total Pagefile: 7893.9 MB
Available Pagefile: 6159.96 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:680.54 GB) (Free:598.93 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 699 GB) (Disk ID: 2E06A9DB)
Partition 1: (Not Active) - (Size=18 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=681 GB) - (Type=07 NTFS)

==================== End Of Log ============================


Vielen Dank.
Seitenanfang Seitenende
10.03.2014, 02:39
Ehrenmitglied
Avatar Argus

Beiträge: 6028
#6 Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Zitat

BHO: HQ-Video-Profession-1.3 - {11111111-1111-1111-1111-110511151178} - C:\Program Files (x86)\HQ-Video-Profession-1.3\HQ-Video-Profession-1.3-bho64.dll No File
BHO: Coupon Server BHO - {F791D8AE-47E8-40A5-A913-EB2D2AF29602} - C:\Program Files (x86)\Coupon Server\FrameworkBHO64.dll No File
FF Extension: Coupon Server - C:\Users\Fiza\AppData\Roaming\Mozilla\Firefox\Profiles\x91fm6qq.default\Extensions\{3C2422B0-C421-8DCF-B2EB-70B9B2B71607} [2014-02-27]
Starte nun FRST erneut und klicke den Fix Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Downloade Dir bitte Zoek.exe by smeenk zum Desktop

Bitte deaktiviere während des Scans alle Virenscanner, da sie das Ergebnis beeinflussen.

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.

Nun klicke auf "Run script" und im nächsten Fenster klicke OK.
Und sei geduldig bis das Skript durchläuft.(bis zu eine halbe Stunde)
Wenn das Tool fertig ist wird sich Notepad mit dem Logfile öffnen (ggf. erst nach einem Neustart). Das Log befindet sich aber auch noch unter C:\
Bitte poste mir das ZOEK-Log
__________
MfG Argus
Seitenanfang Seitenende
10.03.2014, 21:21
Member

Themenstarter

Beiträge: 15
#7 Hallo,

habe beide Scans durchgeführt. Bis jetzt keine Pop-Ups. Anbei die Log-Files. Danke schon mal.

Fixlog:

Code

 Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 10-03-2014 01
Ran by Fiza at 2014-03-10 20:50:57 Run:1
Running from C:\Users\Fiza\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
BHO: HQ-Video-Profession-1.3 - {11111111-1111-1111-1111-110511151178} - C:\Program Files (x86)\HQ-Video-Profession-1.3\HQ-Video-Profession-1.3-bho64.dll No File
BHO: Coupon Server BHO - {F791D8AE-47E8-40A5-A913-EB2D2AF29602} - C:\Program Files (x86)\Coupon Server\FrameworkBHO64.dll No File
FF Extension: Coupon Server - C:\Users\Fiza\AppData\Roaming\Mozilla\Firefox\Profiles\x91fm6qq.default\Extensions\{3C2422B0-C421-8DCF-B2EB-70B9B2B71607} [2014-02-27]
*****************

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110511151178} => Key deleted successfully.
HKCR\CLSID\{11111111-1111-1111-1111-110511151178} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F791D8AE-47E8-40A5-A913-EB2D2AF29602} => Key deleted successfully.
HKCR\CLSID\{F791D8AE-47E8-40A5-A913-EB2D2AF29602} => Key deleted successfully.
C:\Users\Fiza\AppData\Roaming\Mozilla\Firefox\Profiles\x91fm6qq.default\Extensions\{3C2422B0-C421-8DCF-B2EB-70B9B2B71607} => Moved successfully.

==== End of Fixlog ====


Zoek Log:

Code

 
Zoek.exe v5.0.0.0 Updated 07-March-2014
Tool run by Fiza on 10.03.2014 at 20:57:28,91.
Microsoft Windows 7 Home Premium  6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Fiza\Desktop\zoek.exe [Scan all users]   [Quick Scan] [Auto Clean]

==== System Restore Info ======================

10.03.2014 20:58:26 Zoek.exe System Restore Point Created Succesfully.

==== Empty Folders Check ======================

C:\Users\Fiza\AppData\Roaming\Windows Live Writer deleted successfully
C:\Users\Fiza\AppData\Local\cache deleted successfully
C:\Users\Fiza\AppData\Local\Intel WiDi deleted successfully

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== FireFox Fix ======================

ProfilePath: C:\Users\Fiza\AppData\Roaming\Mozilla\Firefox\Profiles\x91fm6qq.default

user.js not found
---- Lines a13c471d96cbb4c089dd18dc16c66bb1fcf5065afca24464aa637af7582a82514com51578 removed from prefs.js ----
user_pref("extensions.a13c471d96cbb4c089dd18dc16c66bb1fcf5065afca24464aa637af7582a82514com51578.51578.InstallationThankYouPage", true);
user_pref("extensions.a13c471d96cbb4c089dd18dc16c66bb1fcf5065afca24464aa637af7582a82514com51578.51578.InstallationTime", 1393535275);
user_pref("extensions.a13c471d96cbb4c089dd18dc16c66bb1fcf5065afca24464aa637af7582a82514com51578.51578.a13c471d96cbb4c089dd18dc16c66bb1fcf5065afca24464
user_pref("extensions.a13c471d96cbb4c089dd18dc16c66bb1fcf5065afca24464aa637af7582a82514com51578.51578.a13c471d96cbb4c089dd18dc16c66bb1fcf5065afca24464
user_pref("extensions.a13c471d96cbb4c089dd18dc16c66bb1fcf5065afca24464aa637af7582a82514com51578.51578.active", true);
user_pref("extensions.a13c471d96cbb4c089dd18dc16c66bb1fcf5065afca24464aa637af7582a82514com51578.51578.addressbar", "NA");
user_pref("extensions.a13c471d96cbb4c089dd18dc16c66bb1fcf5065afca24464aa637af7582a82514com51578.51578.addressbarenhanced", "");
user_pref("extensions.a13c471d96cbb4c089dd18dc16c66bb1fcf5065afca24464aa637af7582a82514com51578.51578.asyncdb.was_copied", "true");
user_pref("extensions.a13c471d96cbb4c089dd18dc16c66bb1fcf5065afca24464aa637af7582a82514com51578.51578.asyncdb_dbWasSet", true);
user_pref("extensions.a13c471d96cbb4c089dd18dc16c66bb1fcf5065afca24464aa637af7582a82514com51578.51578.asyncdb_dbWasSet_FF25_FIX", true);
user_pref("extensions.a13c471d96cbb4c089dd18dc16c66bb1fcf5065afca24464aa637af7582a82514com51578.51578.asyncinternaldb.was_copied", "true");
user_pref("extensions.a13c471d96cbb4c089dd18dc16c66bb1fcf5065afca24464aa637af7582a82514com51578.51578.asyncinternaldb_dbWasSet", true);
user_pref("extensions.a13c471d96cbb4c089dd18dc16c66bb1fcf5065afca24464aa637af7582a82514com51578.51578.asyncinternaldb_dbWasSet_FF25_FIX", true);
user_pref("extensions.a13c471d96cbb4c089dd18dc16c66bb1fcf5065afca24464aa637af7582a82514com51578.51578.backgroundver", 1);
user_pref("extensions.a13c471d96cbb4c089dd18dc16c66bb1fcf5065afca24464aa637af7582a82514com51578.51578.certdomaininstaller", "");
user_pref("extensions.a13c471d96cbb4c089dd18dc16c66bb1fcf5065afca24464aa637af7582a82514com51578.51578.changeprevious", false);
user_pref("extensions.a13c471d96cbb4c089dd18dc16c66bb1fcf5065afca24464aa637af7582a82514com51578.51578.cookie.InstallationTime.expiration", "Fri Feb 01
user_pref("extensions.a13c471d96cbb4c089dd18dc16c66bb1fcf5065afca24464aa637af7582a82514com51578.51578.cookie.InstallationTime.value", "%221393535275%2
user_pref("extensions.a13c471d96cbb4c089dd18dc16c66bb1fcf5065afca24464aa637af7582a82514com51578.51578.cookie.InstallerParams.expiration", "Fri Feb 01
user_pref("extensions.a13c471d96cbb4c089dd18dc16c66bb1fcf5065afca24464aa637af7582a82514com51578.51578.cookie.InstallerParams.value", "%7B%22source_id%
user_pref("extensions.a13c471d96cbb4c089dd18dc16c66bb1fcf5065afca24464aa637af7582a82514com51578.51578.cookie.iframe-exists.expiration", "Fri Feb 01 20
user_pref("extensions.a13c471d96cbb4c089dd18dc16c66bb1fcf5065afca24464aa637af7582a82514com51578.51578.cookie.iframe-exists.value", "true");
user_pref("extensions.a13c471d96cbb4c089dd18dc16c66bb1fcf5065afca24464aa637af7582a82514com51578.51578.cookie.jw_token.expiration", "Fri Feb 01 2030 00
user_pref("extensions.a13c471d96cbb4c089dd18dc16c66bb1fcf5065afca24464aa637af7582a82514com51578.51578.cookie.jw_token.value", "%22c66092d2-e182-7ce7-6
user_pref("extensions.a13c471d96cbb4c089dd18dc16c66bb1fcf5065afca24464aa637af7582a82514com51578.51578.cookie.load_balancer.expiration", "Tue Mar 11 20
user_pref("extensions.a13c471d96cbb4c089dd18dc16c66bb1fcf5065afca24464aa637af7582a82514com51578.51578.cookie.load_balancer.value", "%22%7B%20%5C%22Sta
user_pref("extensions.a13c471d96cbb4c089dd18dc16c66bb1fcf5065afca24464aa637af7582a82514com51578.51578.cookie.previous_page.expiration", "Fri Feb 01 20
user_pref("extensions.a13c471d96cbb4c089dd18dc16c66bb1fcf5065afca24464aa637af7582a82514com51578.51578.cookie.previous_page.value", "%22http%3A//board.
user_pref("extensions.a13c471d96cbb4c089dd18dc16c66bb1fcf5065afca24464aa637af7582a82514com51578.51578.cookie.user_id.expiration", "Fri Feb 01 2030 00:
user_pref("extensions.a13c471d96cbb4c089dd18dc16c66bb1fcf5065afca24464aa637af7582a82514com51578.51578.cookie.user_id.value", "%22144753252deff2e087a72
user_pref("extensions.a13c471d96cbb4c089dd18dc16c66bb1fcf5065afca24464aa637af7582a82514com51578.51578.description", "HQ Videos is an add-on for your I
user_pref("extensions.a13c471d96cbb4c089dd18dc16c66bb1fcf5065afca24464aa637af7582a82514com51578.51578.domain", "");
user_pref("extensions.a13c471d96cbb4c089dd18dc16c66bb1fcf5065afca24464aa637af7582a82514com51578.51578.enablesearch", false);
user_pref("extensions.a13c471d96cbb4c089dd18dc16c66bb1fcf5065afca24464aa637af7582a82514com51578.51578.homepage", "");
user_pref("extensions.a13c471d96cbb4c089dd18dc16c66bb1fcf5065afca24464aa637af7582a82514com51578.51578.iframe", false);
user_pref("extensions.a13c471d96cbb4c089dd18dc16c66bb1fcf5065afca24464aa637af7582a82514com51578.51578.internaldb.InstallerIdentifiers.expiration", "Fr
user_pref("extensions.a13c471d96cbb4c089dd18dc16c66bb1fcf5065afca24464aa637af7582a82514com51578.51578.internaldb.InstallerIdentifiers.value", "%7B%22i
user_pref("extensions.a13c471d96cbb4c089dd18dc16c66bb1fcf5065afca24464aa637af7582a82514com51578.51578.internaldb.InstallerParams.expiration", "Fri Feb
user_pref("extensions.a13c471d96cbb4c089dd18dc16c66bb1fcf5065afca24464aa637af7582a82514com51578.51578.internaldb.InstallerParams.value", "%7B%22source
user_pref("extensions.a13c471d96cbb4c089dd18dc16c66bb1fcf5065afca24464aa637af7582a82514com51578.51578.internaldb.InstallerParamsCache.expiration", "Fr
user_pref("extensions.a13c471d96cbb4c089dd18dc16c66bb1fcf5065afca24464aa637af7582a82514com51578.51578.internaldb.InstallerParamsCache.value", "%7B%22s
user_pref("extensions.a13c471d96cbb4c089dd18dc16c66bb1fcf5065afca24464aa637af7582a82514com51578.51578.internaldb.InstallerUserIdentifiersCache.expirat
user_pref("extensions.a13c471d96cbb4c089dd18dc16c66bb1fcf5065afca24464aa637af7582a82514com51578.51578.internaldb.InstallerUserIdentifiersCache.value",
user_pref("extensions.a13c471d96cbb4c089dd18dc16c66bb1fcf5065afca24464aa637af7582a82514com51578.51578.internaldb.Resources_appVer.expiration", "Fri Fe
user_pref("extensions.a13c471d96cbb4c089dd18dc16c66bb1fcf5065afca24464aa637af7582a82514com51578.51578.internaldb.Resources_appVer.value", "23");
user_pref("extensions.a13c471d96cbb4c089dd18dc16c66bb1fcf5065afca24464aa637af7582a82514com51578.51578.internaldb.Resources_lastVersion.expiration", "F
user_pref("extensions.a13c471d96cbb4c089dd18dc16c66bb1fcf5065afca24464aa637af7582a82514com51578.51578.internaldb.Resources_lastVersion.value", "1");
user_pref("extensions.a13c471d96cbb4c089dd18dc16c66bb1fcf5065afca24464aa637af7582a82514com51578.51578.internaldb.Resources_meta.expiration", "Fri Feb
user_pref("extensions.a13c471d96cbb4c089dd18dc16c66bb1fcf5065afca24464aa637af7582a82514com51578.51578.internaldb.Resources_meta.value", "%7B%7D");
user_pref("extensions.a13c471d96cbb4c089dd18dc16c66bb1fcf5065afca24464aa637af7582a82514com51578.51578.internaldb.Resources_nextCheck.expiration", "Tue
user_pref("extensions.a13c471d96cbb4c089dd18dc16c66bb1fcf5065afca24464aa637af7582a82514com51578.51578.internaldb.Resources_nextCheck.value", "true");
user_pref("extensions.a13c471d96cbb4c089dd18dc16c66bb1fcf5065afca24464aa637af7582a82514com51578.51578.internaldb.Resources_queue.expiration", "Fri Feb
user_pref("extensions.a13c471d96cbb4c089dd18dc16c66bb1fcf5065afca24464aa637af7582a82514com51578.51578.internaldb.Resources_queue.value", "%7B%7D");
user_pref("extensions.a13c471d96cbb4c089dd18dc16c66bb1fcf5065afca24464aa637af7582a82514com51578.51578.internaldb.Resources_remote_resources.expiration
user_pref("extensions.a13c471d96cbb4c089dd18dc16c66bb1fcf5065afca24464aa637af7582a82514com51578.51578.internaldb.Resources_remote_resources.value", "%
user_pref("extensions.a13c471d96cbb4c089dd18dc16c66bb1fcf5065afca24464aa637af7582a82514com51578.51578.internaldb.__ICM_DOWNLOADS__global_rules.expirat
user_pref("extensions.a13c471d96cbb4c089dd18dc16c66bb1fcf5065afca24464aa637af7582a82514com51578.51578.internaldb.__ICM_DOWNLOADS__global_rules.value",
user_pref("extensions.a13c471d96cbb4c089dd18dc16c66bb1fcf5065afca24464aa637af7582a82514com51578.51578.internaldb.__ICM_DOWNLOADS__global_rules_verion.
user_pref("extensions.a13c471d96cbb4c089dd18dc16c66bb1fcf5065afca24464aa637af7582a82514com51578.51578.internaldb.__ICM_DOWNLOADS__global_rules_verion.
user_pref("extensions.a13c471d96cbb4c089dd18dc16c66bb1fcf5065afca24464aa637af7582a82514com51578.51578.internaldb.__ICM_DOWNLOADS__is_send_log.expirati
user_pref("extensions.a13c471d96cbb4c089dd18dc16c66bb1fcf5065afca24464aa637af7582a82514com51578.51578.internaldb.__ICM_DOWNLOADS__is_send_log.value",
user_pref("extensions.a13c471d96cbb4c089dd18dc16c66bb1fcf5065afca24464aa637af7582a82514com51578.51578.internaldb.__ICM_DOWNLOADS__last_daily_visit.exp
user_pref("extensions.a13c471d96cbb4c089dd18dc16c66bb1fcf5065afca24464aa637af7582a82514com51578.51578.internaldb.__ICM_DOWNLOADS__last_daily_visit.val
user_pref("extensions.a13c471d96cbb4c089dd18dc16c66bb1fcf5065afca24464aa637af7582a82514com51578.51578.internaldb.__ICM_DOWNLOADS__last_impression_time
user_pref("extensions.a13c471d96cbb4c089dd18dc16c66bb1fcf5065afca24464aa637af7582a82514com51578.51578.internaldb.__ICM_DOWNLOADS__last_impression_time
user_pref("extensions.a13c471d96cbb4c089dd18dc16c66bb1fcf5065afca24464aa637af7582a82514com51578.51578.internaldb.__ICM_DOWNLOADS__marketing_rules.expi
user_pref("extensions.a13c471d96cbb4c089dd18dc16c66bb1fcf5065afca24464aa637af7582a82514com51578.51578.internaldb.__ICM_DOWNLOADS__marketing_rules.valu
user_pref("extensions.a13c471d96cbb4c089dd18dc16c66bb1fcf5065afca24464aa637af7582a82514com51578.51578.internaldb.__ICM_DOWNLOADS__marketing_rules_veri
user_pref("extensions.a13c471d96cbb4c089dd18dc16c66bb1fcf5065afca24464aa637af7582a82514com51578.51578.internaldb.__ICM_DOWNLOADS__marketing_rules_veri
user_pref("extensions.a13c471d96cbb4c089dd18dc16c66bb1fcf5065afca24464aa637af7582a82514com51578.51578.internaldb.__ICM_DOWNLOADS__pages_visited_count.
user_pref("extensions.a13c471d96cbb4c089dd18dc16c66bb1fcf5065afca24464aa637af7582a82514com51578.51578.internaldb.__ICM_DOWNLOADS__pages_visited_count.
user_pref("extensions.a13c471d96cbb4c089dd18dc16c66bb1fcf5065afca24464aa637af7582a82514com51578.51578.internaldb.__ICM_DOWNLOADS__pagevies_count_10.2.
user_pref("extensions.a13c471d96cbb4c089dd18dc16c66bb1fcf5065afca24464aa637af7582a82514com51578.51578.internaldb.__ICM_DOWNLOADS__pagevies_count_10.2.
user_pref("extensions.a13c471d96cbb4c089dd18dc16c66bb1fcf5065afca24464aa637af7582a82514com51578.51578.internaldb.__ICM_DOWNLOADS__pagevies_count_11.2.
user_pref("extensions.a13c471d96cbb4c089dd18dc16c66bb1fcf5065afca24464aa637af7582a82514com51578.51578.internaldb.__ICM_DOWNLOADS__pagevies_count_11.2.
user_pref("extensions.a13c471d96cbb4c089dd18dc16c66bb1fcf5065afca24464aa637af7582a82514com51578.51578.internaldb.__ICM_DOWNLOADS__pagevies_count_8.2.2
user_pref("extensions.a13c471d96cbb4c089dd18dc16c66bb1fcf5065afca24464aa637af7582a82514com51578.51578.internaldb.__ICM_DOWNLOADS__pagevies_count_8.2.2
user_pref("extensions.a13c471d96cbb4c089dd18dc16c66bb1fcf5065afca24464aa637af7582a82514com51578.51578.internaldb.__ICM_DOWNLOADS__pagevies_count_9.2.2
user_pref("extensions.a13c471d96cbb4c089dd18dc16c66bb1fcf5065afca24464aa637af7582a82514com51578.51578.internaldb.__ICM_DOWNLOADS__pagevies_count_9.2.2
user_pref("extensions.a13c471d96cbb4c089dd18dc16c66bb1fcf5065afca24464aa637af7582a82514com51578.51578.internaldb.__ICM_DOWNLOADS__send_log_percent.exp
user_pref("extensions.a13c471d96cbb4c089dd18dc16c66bb1fcf5065afca24464aa637af7582a82514com51578.51578.internaldb.__ICM_DOWNLOADS__send_log_percent.val
user_pref("extensions.a13c471d96cbb4c089dd18dc16c66bb1fcf5065afca24464aa637af7582a82514com51578.51578.internaldb.__ICM_DOWNLOADS__siteunder_protection
user_pref("extensions.a13c471d96cbb4c089dd18dc16c66bb1fcf5065afca24464aa637af7582a82514com51578.51578.internaldb.__ICM_DOWNLOADS__siteunder_protection
user_pref("extensions.a13c471d96cbb4c089dd18dc16c66bb1fcf5065afca24464aa637af7582a82514com51578.51578.internaldb.__ICM_DOWNLOADS__total_impressions_to
user_pref("extensions.a13c471d96cbb4c089dd18dc16c66bb1fcf5065afca24464aa637af7582a82514com51578.51578.internaldb.__ICM_DOWNLOADS__total_impressions_to
user_pref("extensions.a13c471d96cbb4c089dd18dc16c66bb1fcf5065afca24464aa637af7582a82514com51578.51578.internaldb.__ICM_DOWNLOADS__total_impressions_to
user_pref("extensions.a13c471d96cbb4c089dd18dc16c66bb1fcf5065afca24464aa637af7582a82514com51578.51578.internaldb.__ICM_DOWNLOADS__total_impressions_to
user_pref("extensions.a13c471d96cbb4c089dd18dc16c66bb1fcf5065afca24464aa637af7582a82514com51578.51578.internaldb.__ICM_DOWNLOADS__verions_data.expirat
user_pref("extensions.a13c471d96cbb4c089dd18dc16c66bb1fcf5065afca24464aa637af7582a82514com51578.51578.internaldb.__ICM_DOWNLOADS__verions_data.value",
user_pref("extensions.a13c471d96cbb4c089dd18dc16c66bb1fcf5065afca24464aa637af7582a82514com51578.51578.internaldb.__defualt_browser__.expiration", "Fri
user_pref("extensions.a13c471d96cbb4c089dd18dc16c66bb1fcf5065afca24464aa637af7582a82514com51578.51578.internaldb.__defualt_browser__.value", "%22ff%22
user_pref("extensions.a13c471d96cbb4c089dd18dc16c66bb1fcf5065afca24464aa637af7582a82514com51578.51578.internaldb.installer.expiration", "Fri Feb 01 20
user_pref("extensions.a13c471d96cbb4c089dd18dc16c66bb1fcf5065afca24464aa637af7582a82514com51578.51578.internaldb.installer.value", "%7B%22InstallerIde
user_pref("extensions.a13c471d96cbb4c089dd18dc16c66bb1fcf5065afca24464aa637af7582a82514com51578.51578.internaldb.monetization_plugin_bundledUrls.expir
user_pref("extensions.a13c471d96cbb4c089dd18dc16c66bb1fcf5065afca24464aa637af7582a82514com51578.51578.internaldb.monetization_plugin_bundledUrls.value
user_pref("extensions.a13c471d96cbb4c089dd18dc16c66bb1fcf5065afca24464aa637af7582a82514com51578.51578.internaldb.monetization_plugin_bundledWithHash.e
user_pref("extensions.a13c471d96cbb4c089dd18dc16c66bb1fcf5065afca24464aa637af7582a82514com51578.51578.internaldb.monetization_plugin_bundledWithHash.v
user_pref("extensions.a13c471d96cbb4c089dd18dc16c66bb1fcf5065afca24464aa637af7582a82514com51578.51578.internaldb.monetization_plugin_last_executable_r
user_pref("extensions.a13c471d96cbb4c089dd18dc16c66bb1fcf5065afca24464aa637af7582a82514com51578.51578.internaldb.monetization_plugin_last_executable_r
user_pref("extensions.a13c471d96cbb4c089dd18dc16c66bb1fcf5065afca24464aa637af7582a82514com51578.51578.internaldb.monetization_plugin_notBundledArr_.ex
user_pref("extensions.a13c471d96cbb4c089dd18dc16c66bb1fcf5065afca24464aa637af7582a82514com51578.51578.internaldb.monetization_plugin_notBundledArr_.va
user_pref("extensions.a13c471d96cbb4c089dd18dc16c66bb1fcf5065afca24464aa637af7582a82514com51578.51578.lastDailyReport", "1394480867979");
user_pref("extensions.a13c471d96cbb4c089dd18dc16c66bb1fcf5065afca24464aa637af7582a82514com51578.51578.lastUpdate", "1394480868355");
user_pref("extensions.a13c471d96cbb4c089dd18dc16c66bb1fcf5065afca24464aa637af7582a82514com51578.51578.manifesturl", "");
user_pref("extensions.a13c471d96cbb4c089dd18dc16c66bb1fcf5065afca24464aa637af7582a82514com51578.51578.name", "HQ-Video-Profession-1.3");
user_pref("extensions.a13c471d96cbb4c089dd18dc16c66bb1fcf5065afca24464aa637af7582a82514com51578.51578.newtab", "");
user_pref("extensions.a13c471d96cbb4c089dd18dc16c66bb1fcf5065afca24464aa637af7582a82514com51578.51578.opensearch", "");
user_pref("extensions.a13c471d96cbb4c089dd18dc16c66bb1fcf5065afca24464aa637af7582a82514com51578.51578.pluginsurl", "https://w9u6a2p6.ssl.hwcdn.net/plu
user_pref("extensions.a13c471d96cbb4c089dd18dc16c66bb1fcf5065afca24464aa637af7582a82514com51578.51578.pluginsversion", 19);
user_pref("extensions.a13c471d96cbb4c089dd18dc16c66bb1fcf5065afca24464aa637af7582a82514com51578.51578.publisher", "HQ-Video");
user_pref("extensions.a13c471d96cbb4c089dd18dc16c66bb1fcf5065afca24464aa637af7582a82514com51578.51578.searchstatus", 0);
user_pref("extensions.a13c471d96cbb4c089dd18dc16c66bb1fcf5065afca24464aa637af7582a82514com51578.51578.setnewtab", false);
user_pref("extensions.a13c471d96cbb4c089dd18dc16c66bb1fcf5065afca24464aa637af7582a82514com51578.51578.thankyou", "");
user_pref("extensions.a13c471d96cbb4c089dd18dc16c66bb1fcf5065afca24464aa637af7582a82514com51578.51578.updateinterval", 360);
user_pref("extensions.a13c471d96cbb4c089dd18dc16c66bb1fcf5065afca24464aa637af7582a82514com51578.51578.ver", 23);
user_pref("extensions.a13c471d96cbb4c089dd18dc16c66bb1fcf5065afca24464aa637af7582a82514com51578.FilesValidatorDueTime", "1394480923007");
user_pref("extensions.a13c471d96cbb4c089dd18dc16c66bb1fcf5065afca24464aa637af7582a82514com51578.apps", "51578");
user_pref("extensions.a13c471d96cbb4c089dd18dc16c66bb1fcf5065afca24464aa637af7582a82514com51578.bic", "144753252deff2e087a72f668871ee0c");
user_pref("extensions.a13c471d96cbb4c089dd18dc16c66bb1fcf5065afca24464aa637af7582a82514com51578.cid", 51578);
user_pref("extensions.a13c471d96cbb4c089dd18dc16c66bb1fcf5065afca24464aa637af7582a82514com51578.firstrun", false);
user_pref("extensions.a13c471d96cbb4c089dd18dc16c66bb1fcf5065afca24464aa637af7582a82514com51578.hadappinstalled", true);
user_pref("extensions.a13c471d96cbb4c089dd18dc16c66bb1fcf5065afca24464aa637af7582a82514com51578.installationdate", 1393535636);
user_pref("extensions.a13c471d96cbb4c089dd18dc16c66bb1fcf5065afca24464aa637af7582a82514com51578.modetype", "production");
user_pref("extensions.a13c471d96cbb4c089dd18dc16c66bb1fcf5065afca24464aa637af7582a82514com51578.reportInstall", true);
user_pref("extensions.a13c471d96cbb4c089dd18dc16c66bb1fcf5065afca24464aa637af7582a82514com51578.statsDailyCounter", 19);
---- FireFox user.js and prefs.js backups ----

prefs__2105_.backup

==== Deleting Files \ Folders ======================

C:\Users\Fiza\daemonprocess.txt deleted
C:\Users\Fiza\.android deleted
C:\PROGRA~2\Wondershare deleted
C:\PROGRA~2\COMMON~1\Wondershare deleted
C:\Users\Fiza\AppData\Roaming\Wondershare deleted
C:\Users\Fiza\AppData\Local\Wondershare deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare deleted
C:\Windows\WININIT.INI deleted
C:\Users\Fiza\AppData\Roaming\Mozilla\Firefox\Profiles\x91fm6qq.default\extensions\13c471d9-6cbb-4c08-9dd1-8dc16c66bb1f@cf5065af-ca24-464a-a637-af7582a82514.com deleted

==== Files Recently Created / Modified ======================

====== C:\Windows ====
2014-03-04 20:01:27    72F2D357120F95C1E725C22915FE95E1    193    ----a-w-    C:\Windows\WORDPAD.INI
====== C:\Users\Fiza\AppData\Local\Temp ====
2014-03-09 08:58:44    2E0323A94915FAAB10A25F3BABF82584    157696    ----a-w-    C:\Users\Fiza\AppData\Local\Temp\jrt\erunt\ERUNT.EXE
2014-02-27 21:07:57    A3532FE9799F546CA61B0492802D0878    1766784    ----a-w-    C:\Users\Fiza\AppData\Local\Temp\33a2a15c-6ebd-4e42-b0c2-923f3d371710\software\winrar.exe
2014-02-27 21:07:55    2F1972881B7220F83BEAFEC90DEFA735    212977    ----a-w-    C:\Users\Fiza\AppData\Local\Temp\33a2a15c-6ebd-4e42-b0c2-923f3d371710\software\VOPackage.exe
2014-02-27 21:06:28    C6080DD3457A6A21308828614385BE7A    6523413    ----a-w-    C:\Users\Fiza\AppData\Local\Temp\33a2a15c-6ebd-4e42-b0c2-923f3d371710\software\hq-video.exe
2014-02-27 21:06:27    F7DE2118FBF18A8817B83DCCBA3738A7    10365728    ----a-w-    C:\Users\Fiza\AppData\Local\Temp\BackupSetup.exe
2014-02-27 21:06:26    E6BB491A120A0668A551A8C2ED2FEE4F    6602128    ----a-w-    C:\Users\Fiza\AppData\Local\Temp\{36BCE15D-65A3-4F36-AAFA-784D2C034398}\setup.exe
2014-02-27 21:06:26    9416B10237364F2D80BF2DDFB5E1EA0E    73840    ----a-w-    C:\Users\Fiza\AppData\Local\Temp\33a2a15c-6ebd-4e42-b0c2-923f3d371710\software\Cloud_Backup_Setup.exe
2014-02-27 21:05:54    AA5B599B93D66D81B3C2F5C30F0B9C69    6967296    ----a-w-    C:\Users\Fiza\AppData\Local\Temp\33a2a15c-6ebd-4e42-b0c2-923f3d371710\software\OptimizerPro.exe
2014-02-27 21:04:31    FC8A4EC41783CDC740CB7483BAF4614A    10165280    ----a-w-    C:\Users\Fiza\AppData\Local\Temp\33a2a15c-6ebd-4e42-b0c2-923f3d371710\software\Installer.exe
====== Java Cache =====
====== C:\Windows\SysWOW64 =====
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
====== C:\Windows\Sysnative\drivers =====
2014-03-08 12:33:54    0BB97D43299910CBFBA59C461B99B910    25928    ----a-w-    C:\Windows\Sysnative\drivers\mbam.sys
2014-02-27 21:53:38    D41D8CD98F00B204E9800998ECF8427E    0    ---ha-w-    C:\Windows\Sysnative\drivers\Msft_Kernel_silabser_01009.Wdf
2014-02-27 21:31:31    B816D865910E8F5B7E12D593EC584D91    72192    ----a-w-    C:\Windows\Sysnative\drivers\silabser.sys
2014-02-27 21:31:30    75F3C451D41B35089E92D368EE190ACA    52224    ----a-w-    C:\Windows\Sysnative\drivers\silabenm.sys
====== C:\Windows\Tasks ======
====== C:\Windows\Temp ======
======= C:\Program Files =====
======= C:\PROGRA~2 =====
2014-02-27 21:32:21    --------    d-----w-    C:\PROGRA~2\Silabs
2014-02-27 21:10:54    --------    d-----w-    C:\PROGRA~2\Uninstaller
2014-02-27 21:08:17    --------    d-----w-    C:\PROGRA~2\WinRAR
2014-02-27 19:38:14    --------    d-----w-    C:\PROGRA~2\ExpressVPN
2014-02-26 20:38:41    --------    d-----w-    C:\PROGRA~2\Linksys
2014-02-13 16:15:48    --------    d-----w-    C:\PROGRA~2\posterXXL Designer
======= C: =====
====== C:\Users\Fiza\AppData\Roaming ======
2014-02-27 22:00:41    --------    d-----w-    C:\Users\Fiza\AppData\Locallow\{F791D8AE-47E8-40A5-A913-EB2D2AF29602}
2014-02-27 21:10:32    --------    d-----w-    C:\Users\Fiza\AppData\Roaming\WinRAR
2014-02-27 21:08:21    --------    d-----w-    C:\Users\Fiza\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-02-27 19:38:44    --------    d-----w-    C:\Users\Fiza\AppData\Local\ExpressVPN
2014-02-27 19:38:26    --------    d-----w-    C:\Users\Fiza\AppData\Roaming\ExpressVPN
2014-02-13 16:17:05    --------    d-----w-    C:\Users\Fiza\AppData\Local\posterXXL Designer
====== C:\Users\Fiza ======
2014-03-09 17:39:47    F60ACFAD7B587625C756A429D64CCD12    2157056    ----a-w-    C:\Users\Fiza\Desktop\FRST64.exe
2014-03-09 08:57:59    2075EBB7954277A05193412881EC8FDE    1037734    ----a-w-    C:\Users\Fiza\Desktop\JRT.exe
2014-03-09 08:50:04    A845789676F7D2A542E708EB5CAC12C9    1244192    ----a-w-    C:\Users\Fiza\Desktop\adwcleaner.exe
2014-03-08 12:31:52    683FDD3D773C58B262DC07CD0C6CE938    10285040    ----a-w-    C:\Users\Fiza\Desktop\mbam-setup-1.75.0.1300.exe
2014-03-08 10:37:23    9A8336796A7C71E9F33DE848B8320ED3    380416    ----a-w-    C:\Users\Fiza\Desktop\0ki650wu.exe
2014-03-08 10:15:14    4ADCFEE16EE9978F06157634669D36FB    602112    ----a-w-    C:\Users\Fiza\Desktop\OTL.exe
2014-02-27 21:08:22    --------    d-----w-    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-02-27 21:05:51    D02FD9B93B16800F80F77FD2DE49C803    306    --sha-r-    C:\ProgramData\ntuser.pol
2014-02-27 19:38:16    --------    d-----w-    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ExpressVPN
2014-02-26 20:24:06    --------    d-----w-    C:\ProgramData\Linksys
2014-02-26 20:23:04    E17ABF313A9126A4D94395B7C32BEED9    21174896    ----a-w-    C:\Users\Fiza\Downloads\LinksysConnect.E1200.1.5.13291.0.exe
2014-02-13 16:16:31    --------    d-----w-    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\posterXXL Designer
2014-02-13 16:16:00    --------    d-----w-    C:\ProgramData\posterXXL Designer

====== C: exe-files ==
2014-03-10 19:50:55    D41D8CD98F00B204E9800998ECF8427E    0    ----a-w-    C:\Users\Fiza\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BQM908CB\FRST64[1].exe
2014-03-09 17:40:27    F60ACFAD7B587625C756A429D64CCD12    2157056    ----a-w-    C:\Users\Fiza\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KOW5YAJD\FRST64[1].exe
2014-03-09 17:39:47    F60ACFAD7B587625C756A429D64CCD12    2157056    ----a-w-    C:\Users\Fiza\Desktop\FRST64.exe
2014-03-09 17:39:47    6D53BB9C627B79766A7B495C17942276    2156544    ----a-w-    C:\Users\Fiza\Desktop\FRST-OlderVersion\FRST64.exe
2014-03-09 08:58:44    2E0323A94915FAAB10A25F3BABF82584    157696    ----a-w-    C:\Users\Fiza\AppData\Local\Temp\jrt\erunt\ERUNT.EXE
2014-03-09 08:57:59    2075EBB7954277A05193412881EC8FDE    1037734    ----a-w-    C:\Users\Fiza\Desktop\JRT.exe
2014-03-09 08:50:04    A845789676F7D2A542E708EB5CAC12C9    1244192    ----a-w-    C:\Users\Fiza\Desktop\adwcleaner.exe
2014-03-08 12:31:52    683FDD3D773C58B262DC07CD0C6CE938    10285040    ----a-w-    C:\Users\Fiza\Desktop\mbam-setup-1.75.0.1300.exe
2014-03-08 10:37:23    9A8336796A7C71E9F33DE848B8320ED3    380416    ----a-w-    C:\Users\Fiza\Desktop\0ki650wu.exe
2014-03-08 10:15:14    4ADCFEE16EE9978F06157634669D36FB    602112    ----a-w-    C:\Users\Fiza\Desktop\OTL.exe
=== C: other files ==
2014-03-09 08:58:42    F7A2BEBE778DC26187C675948B2CEBAB    16063    ----a-w-    C:\Users\Fiza\AppData\Local\Temp\jrt\get.bat
2014-03-09 08:58:42    CC6C23C02BE66014AD87F2678BBB3A1D    8117    ----a-w-    C:\Users\Fiza\AppData\Local\Temp\jrt\modules.bat
2014-03-09 08:58:42    C9494C05F5248940AEE0D0A8C4EA89D9    152746    ----a-w-    C:\Users\Fiza\AppData\Local\Temp\jrt\firefox.bat
2014-03-09 08:58:42    C4A5476A9D54B400F1623A2EE7DDA5C5    13955    ----a-w-    C:\Users\Fiza\AppData\Local\Temp\jrt\chrome.bat
2014-03-09 08:58:42    B964B792D3692699CD7D4FDB63EE470E    1239    ----a-w-    C:\Users\Fiza\AppData\Local\Temp\jrt\FWPolicy.bat
2014-03-09 08:58:42    B45931E5313CB14CAA0F2BC3DA30E6FC    29648    ----a-w-    C:\Users\Fiza\AppData\Local\Temp\jrt\ask.bat
2014-03-09 08:58:42    B13567DECD03F424239DE6D1ED408C08    10261    ----a-w-    C:\Users\Fiza\AppData\Local\Temp\jrt\JRT.bat
2014-03-09 08:58:42    80D02380F1AC33E459324B088392A1EC    732    ----a-w-    C:\Users\Fiza\AppData\Local\Temp\jrt\ev_clear.bat
2014-03-09 08:58:42    75C9C20DD9839BF287B43B0E179822DC    31414    ----a-w-    C:\Users\Fiza\AppData\Local\Temp\jrt\iexplore.bat
2014-03-09 08:58:42    7178963AEE641F3E47E1CE22416F8A3A    9295    ----a-w-    C:\Users\Fiza\AppData\Local\Temp\jrt\runvalues.bat
2014-03-09 08:58:42    654E9FE74B930A454EE5BDE165794B65    85    ----a-w-    C:\Users\Fiza\AppData\Local\Temp\jrt\delorphans.bat
2014-03-09 08:58:42    58605DA3492FB918D3D40B1FB88046AE    39471    ----a-w-    C:\Users\Fiza\AppData\Local\Temp\jrt\prelim.bat
2014-03-09 08:58:42    3ECC13A08D5F7771A8C8ED15C2B2B6D5    154576    ----a-w-    C:\Users\Fiza\AppData\Local\Temp\jrt\misc.bat
2014-03-09 08:58:42    372EA6F783198102CF5779072EE78C79    24751    ----a-w-    C:\Users\Fiza\AppData\Local\Temp\jrt\searchlnk.bat
2014-03-09 08:58:42    1FBF882AA934A741530741FC134872A3    1243    ----a-w-    C:\Users\Fiza\AppData\Local\Temp\jrt\TDL4.bat
2014-03-09 08:58:42    14D6EE8B672684E2232FB430D8C4A928    18668    ----a-w-    C:\Users\Fiza\AppData\Local\Temp\jrt\medfos.bat
2014-03-09 08:58:42    0768E560CCD86C18F35FAD29DCEA7B80    1820    ----a-w-    C:\Users\Fiza\AppData\Local\Temp\jrt\delfolders.bat
2014-03-08 12:33:54    0BB97D43299910CBFBA59C461B99B910    25928    ----a-w-    C:\Windows\System32\drivers\mbam.sys

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-21-1527579594-2446364192-1317730462-1001\Software\Microsoft\Windows\CurrentVersion\Run]
"KiesPreload"="C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload"
"KiesAirMessage"="C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup"
@="C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe"
"Wondershare Helper Compact.exe"="C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelperSetup.exe"

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"IsMyWinLockerReboot"="msiexec.exe /qn /x{voidguid}"

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"
"IsMyWinLockerReboot"="msiexec.exe /qn /x{voidguid}"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"
"IsMyWinLockerReboot"="msiexec.exe /qn /x{voidguid}"

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"IsMyWinLockerReboot"="msiexec.exe /qn /x{voidguid}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"="C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
"BackupManagerTray"="C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe -h -k"
"LManager"="C:\Program Files (x86)\Launch Manager\LManager.exe"
"Dolby Home Theater v4"="C:\Dolby PCEE4\pcee4.exe -autostart"
"ArcadeMovieService"="C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe"
"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"KiesTrayAgent"="C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe"
"APSDaemon"="C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"iTunesHelper"="C:\Program Files (x86)\iTunes\iTunesHelper.exe"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"KiesPreload"="C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload"
"KiesAirMessage"="C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup"
@="C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe"
"Wondershare Helper Compact.exe"="C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelperSetup.exe"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="c:\\windows\\syswow64\\nvinit.dll"

==== Startup Registry Enabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelTBRunOnce"="wscript.exe //b //nologo C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
"IntelPAN"="C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe /tf Intel PAN Tray"
"Power Management"="C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe"
"MSC"="c:\Program Files\Microsoft Security Client\msseces.exe -hide -runkey"
"IgfxTray"="C:\Windows\system32\igfxtray.exe"
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe"
"Persistence"="C:\Windows\system32\igfxpers.exe"
"SynTPEnh"="%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe "

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="    C:\\Windows\\system32\\nvinitx.dll "

==== Startup Folders ======================

2011-08-04 05:16:25    1782    ----a-w-    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Acer VCM.lnk
2011-09-12 20:20:05    834    ----a-w-    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
2012-12-10 14:36:14    1098    ----a-w-    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SELPHY Photo Print Launcher.lnk
2013-05-20 10:50:54    2095    ----a-w-    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Steuer-Sparbuch heute.lnk

==== Task Scheduler Jobs ======================

C:\Windows\tasks\Adobe Flash Player Updater.job --a------ [Undetermined Task]

==== Other Scheduled Tasks ======================

"C:\Windows\SysNative\tasks\Adobe ARM" ["C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"]
"C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe]
"C:\Windows\SysNative\tasks\Adobe Reader Speed Launcher" ["C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"]
"C:\Windows\SysNative\tasks\clear.fi" ["C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fi.exe"]
"C:\Windows\SysNative\tasks\clear.fiAgent" ["C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe"]
"C:\Windows\SysNative\tasks\DMREngine" ["C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe"]
"C:\Windows\SysNative\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe]

==== Firefox Extensions ======================

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\Fiza\AppData\Roaming\Mozilla\Firefox\Profiles\x91fm6qq.default
D775FA6F1E88B3B99E69E8A0D6C3A819    - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll -    Shockwave Flash
D4BD9F86123C87ECA570418B69326F99    - C:\Windows\SysWOW64\npDeployJava1.dll -    Java Deployment Toolkit 7.0.170.2
15E298B5EC5B89C5994A59863969D9FF    - C:\Windows\SysWOW64\npmproxy.dll -    Microsoft® Windows® Operating System


==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com/"
"Search Page"="http://www.google.com"
"Search Bar"="http://www.google.com"
"Use Search Asst"="yes"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl]
"Default"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\SearchUrl]
"Default"="http://www.google.com"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"Default"="http://www.google.com"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://www.google.com"
"SearchAssistant"="http://www.google.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://www.google.com/"
"Use Search Asst"="no"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google  Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Fiza\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Fiza\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\Fiza\AppData\Local\Temp\acro_rd_dir\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Fiza\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Fiza\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

C:\Users\Fiza\AppData\Local\Mozilla\Firefox\Profiles\x91fm6qq.default\Cache emptied successfully

==== Empty Chrome Cache ======================

No Chrome User Data found

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=347 folders=54 73943379 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Fiza\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Fiza\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on 10.03.2014 at 21:14:44,05 ======================
Seitenanfang Seitenende
11.03.2014, 00:30
Ehrenmitglied
Avatar Argus

Beiträge: 6028
#8 Downloade Dir bitte Delfix auf deinen Desktop.

Schließe alle offenen Programme.
Starte die delfix.exe mit einem Doppelklick.
Setze vor jede Funktion ein Häkchen.
Klicke auf Start.
Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.

Starte deinen Rechner abschließend neu.

Downloade Dir bitte Eset Onlinescanner auf deinen Desktop.
Haken setzen bei YES, I accept the Terms of Use.
Stelle Eset Onlinescanner so ein wie auf dem Bild 1

Klick auf Start.
Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Bild 2 Infektionen
Bild 3 Entfernen
Finish drücken.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen

Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Rechner neu Starten!




__________
MfG Argus
Seitenanfang Seitenende
12.03.2014, 22:04
Member

Themenstarter

Beiträge: 15
#9 Hallo,

Vielen Dank, habe ich alles gemacht. Habe dann den ESET Online scanner deinstalliert. Leider ist jetzt die Log File weg. Kann ich diese noch finden oder soll ich den scan nochmals durchfuehren?

Viele Grüße
Seitenanfang Seitenende
12.03.2014, 23:32
Ehrenmitglied
Avatar Argus

Beiträge: 6028
#10 Klicke das nächste mal nicht überal "ja" klicke auch mal "decline"
Um sicher zugehen ob kein Trojan in eine .exe sitzt kannst du bei Virustotal.com ein tool namens VirusTotal Uploader runterladen und installieren
Dann mit rechtsklick die .exe hochladen

__________
MfG Argus
Seitenanfang Seitenende