Browser wird immer langsamer, Websites melden gehäufte Anfragen

chillmeister · 24.07.2013, 18:23

Hallo zusammen,

ich brauche eure Hilfe!
Seit einiger Zeit habe ich immer größere Probleme mit meinem PC. Grundsätzlich sind die Probleme eher unspezifisch: PC und Browser werden immer langsamer, der PC ist mittlerweile beim Windows-Start, also sobald der Desktop erscheint, unwahrscheinlich langsam. Es kann schonmal ne Minute vergehen, bis alles geladen ist und die Internetverbindung steht.
Manchmal allerdings gibt es auch konkrete Hinweise auf Malware: Vor einigen Tagen zeigte Youtube an, dass von meinem PC ungewöhnlich viele Anfragen ausgehen (hatte ich schonmal, als mein PC "befallen" war. Zudem wird mir, wenn ich bei google etwas suche, manchmal die Ergebnisseite einer wenig vertrauenswürdigen Seite angezeigt statt der Google Ergenisseite. Den Namen der Seite poste ich hier, sobald es wieder passiert. Für Hilfe bzw. eine grundsätzliche Analyse meines Systems hier wäre ich sehr dankbar.

Hinweise:
1. OTL hat keine Extra.txt produziert.
2. Ich konnte den Echtzeitscanner von Antivir nicht beenden, obwohl ich Admin bin (Fehlermeldung, ich habe "keinen Zugriff auf diesen Pfad", die betroffene Datei im Antivir-Ordner heißt ccuac.exe)
3. Ich habe bei GMER den Quick-Scan ausgeführt, hoffe das war richtig.

OTL-Log:

Zitat:

OTL logfile created on: 24.07.2013 17:37:57 - Run 5
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Musemann\Desktop\Media und Tools
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,74 Gb Total Physical Memory | 1,59 Gb Available Physical Memory | 42,51% Memory free
7,49 Gb Paging File | 4,92 Gb Available in Paging File | 65,68% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 280,79 Gb Total Space | 53,99 Gb Free Space | 19,23% Space Free | Partition Type: NTFS
Drive F: | 1,99 Gb Total Space | 1,98 Gb Free Space | 99,50% Space Free | Partition Type: FAT32

Computer Name: MUSEMANNS-HP | User Name: Musemann | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013.07.24 17:07:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Musemann\Desktop\Media und Tools\OTL.exe
PRC - [2013.06.27 16:25:14 | 000,084,024 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2013.06.27 16:24:59 | 000,108,088 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2013.06.27 16:24:58 | 000,345,144 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2013.05.13 13:21:42 | 000,601,928 | ---- | M] (BlueStack Systems, Inc.) -- C:\Program Files (x86)\BlueStacks\HD-Agent.exe
PRC - [2013.05.13 13:20:52 | 000,384,840 | ---- | M] (BlueStack Systems, Inc.) -- C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
PRC - [2013.05.13 13:20:32 | 000,393,032 | ---- | M] (BlueStack Systems, Inc.) -- C:\Program Files (x86)\BlueStacks\HD-Service.exe
PRC - [2013.05.13 13:20:28 | 000,366,408 | ---- | M] (BlueStack Systems) -- C:\Program Files (x86)\BlueStacks\HD-SharedFolder.exe
PRC - [2013.05.13 13:20:20 | 000,260,424 | ---- | M] (BlueStack Systems) -- C:\Program Files (x86)\BlueStacks\HD-BlockDevice.exe
PRC - [2013.05.13 13:20:16 | 000,376,648 | ---- | M] (BlueStack Systems) -- C:\Program Files (x86)\BlueStacks\HD-Network.exe
PRC - [2013.05.10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013.02.13 04:37:16 | 001,263,952 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2012.08.10 16:48:50 | 000,197,536 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2012.03.19 13:38:47 | 002,666,880 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2011.01.17 18:50:34 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2011.01.17 18:50:34 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2010.10.01 14:44:58 | 000,280,120 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe
PRC - [2010.07.30 05:39:24 | 000,013,600 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
PRC - [2010.03.23 14:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\VPN Client\cvpnd.exe
PRC - [2010.03.07 00:39:08 | 000,635,416 | ---- | M] (PDF Complete Inc) -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe

========== Modules (No Company Name) ==========

MOD - [2013.07.12 13:12:13 | 000,155,136 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\JSON\2b2a1dcabd8705d486efe28e04e96fac\JSON.ni.dll
MOD - [2013.07.12 13:12:12 | 014,052,864 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\DevComponents.DotNe#\39ab34f08be3b84e2741e2d1d141325e\DevComponents.DotNetBar2.ni.dll
MOD - [2013.07.12 13:12:02 | 000,650,752 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\HD-Agent\8d46834c241bb276278875f3515d6d31\HD-Agent.ni.exe
MOD - [2013.07.12 13:04:31 | 000,212,992 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\f752f8cf702b7c7eff6c659b2e0c760a\System.ServiceProcess.ni.dll
MOD - [2013.07.12 13:04:20 | 011,914,752 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\484d8900c3d2991677e722b7b849e47f\System.Web.ni.dll
MOD - [2013.07.12 13:03:46 | 012,436,480 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\178644ab40108f3becd8b91049a254c3\System.Windows.Forms.ni.dll
MOD - [2013.07.12 13:03:39 | 001,593,344 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\bfa7a95284aec941f4b03bae0debe07c\System.Drawing.ni.dll
MOD - [2013.07.12 13:03:21 | 000,687,104 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\8a64025f7849664164acd20d3f8dcd7f\System.Security.ni.dll
MOD - [2013.07.12 13:03:18 | 005,464,064 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\32066405eb9ab14056b2af3115d2a6de\System.Xml.ni.dll
MOD - [2013.07.12 13:03:14 | 000,978,432 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\9e24b9ffd816c0c90efc4d3fc9fd745f\System.Configuration.ni.dll
MOD - [2013.07.12 13:03:13 | 007,989,760 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\187c13e8967097d2ed1e5f123e7d890a\System.ni.dll
MOD - [2013.07.12 13:03:08 | 011,499,520 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll
MOD - [2013.02.13 04:38:06 | 000,100,688 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2013.02.13 04:37:16 | 001,263,952 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2013.01.24 13:25:02 | 001,044,480 | ---- | M] () -- c:\progra~2\websea~1\sprote~1.dll
MOD - [2013.01.24 13:16:54 | 001,050,112 | ---- | M] () -- c:\progra~2\contin~1\sprote~1.dll
MOD - [2012.11.28 15:13:52 | 000,087,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012.11.28 15:13:30 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011.09.23 18:25:33 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
MOD - [2011.09.23 18:25:33 | 000,170,496 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxslt.dll
MOD - [2010.11.13 02:08:41 | 000,315,392 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010.11.05 03:58:50 | 000,212,992 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll
MOD - [2010.02.22 21:19:10 | 007,745,536 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
MOD - [2010.02.22 21:19:08 | 002,121,728 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
MOD - [2010.02.22 21:19:08 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll

========== Services (SafeList) ==========

SRV:64bit: - [2013.05.27 07:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2013.05.26 23:32:37 | 000,048,128 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom\Broadcom 802.11\WLTRYSVC.EXE -- (wltrysvc)
SRV:64bit: - [2011.11.22 01:55:34 | 000,271,360 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV:64bit: - [2011.11.22 01:55:33 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2010.08.05 01:22:44 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010.07.30 05:39:24 | 000,951,584 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2010.04.05 21:12:00 | 000,103,992 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe -- (HP Wireless Assistant Service)
SRV:64bit: - [2010.03.23 14:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2013.07.24 13:04:17 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.06.27 16:25:14 | 000,084,024 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013.06.27 16:24:59 | 000,108,088 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2013.06.18 16:21:21 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.06.03 16:54:18 | 000,162,408 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013.05.13 13:20:52 | 000,384,840 | ---- | M] (BlueStack Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe -- (BstHdLogRotatorSvc)
SRV - [2013.05.13 13:20:32 | 000,393,032 | ---- | M] (BlueStack Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\BlueStacks\HD-Service.exe -- (BstHdAndroidSvc)
SRV - [2013.05.10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.09.27 12:55:16 | 000,086,528 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe -- (HP Support Assistant Service)
SRV - [2012.08.10 16:48:50 | 000,197,536 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2012.03.19 13:38:47 | 002,666,880 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2010.10.01 14:44:58 | 000,280,120 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe -- (hpHotkeyMonitor)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.03.07 00:39:08 | 000,635,416 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2013.06.21 03:09:46 | 000,042,184 | ---- | M] (Anchorfree Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\taphss6.sys -- (taphss6)
DRV:64bit: - [2013.05.26 23:32:37 | 000,022,632 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcm42rly.sys -- (BCM42RLY)
DRV:64bit: - [2013.05.26 23:32:27 | 004,747,880 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2013.04.28 12:59:57 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2013.04.28 12:59:57 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2013.04.28 12:59:57 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2012.09.28 11:32:56 | 000,053,760 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012.08.21 14:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.11.22 01:55:36 | 000,515,584 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2011.09.21 11:25:54 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz135_x64.sys -- (cpuz135)
DRV:64bit: - [2011.06.10 06:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.20 12:49:51 | 000,146,432 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rmcast.sys -- (RMCAST)
DRV:64bit: - [2010.11.20 11:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010.08.11 18:43:00 | 000,125,456 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2010.08.05 01:52:36 | 006,859,776 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010.08.05 00:47:20 | 000,264,192 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010.07.20 23:26:42 | 000,102,952 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2010.07.20 23:26:38 | 000,135,720 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2010.07.20 23:26:34 | 000,021,544 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2010.07.14 16:25:38 | 000,344,616 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (btwampfl)
DRV:64bit: - [2010.06.23 00:59:16 | 001,803,904 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC)
DRV:64bit: - [2010.06.04 02:18:56 | 001,379,376 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010.03.23 14:29:46 | 000,304,784 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV:64bit: - [2010.03.19 13:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010.03.09 19:03:52 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie64.sys -- (AtiPcie)
DRV:64bit: - [2010.03.03 00:37:40 | 000,039,464 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2010.02.16 22:24:20 | 000,025,912 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV:64bit: - [2010.02.08 09:32:00 | 000,014,992 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CVirtA64.sys -- (CVirtA)
DRV:64bit: - [2009.12.30 12:21:26 | 000,031,800 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\revoflt.sys -- (Revoflt)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 01:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008.11.16 19:39:44 | 000,157,968 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dne64x.sys -- (DNE)
DRV - [2013.05.13 13:20:44 | 000,070,984 | ---- | M] (BlueStack Systems) [Kernel | Auto | Running] -- C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys -- (BstHdDrv)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2003.04.19 01:32:04 | 000,004,736 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysWOW64\drivers\tandpl.sys -- (tandpl)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://websearch.a-searchpage.info/?pid=658&r=2013/05/31&hid=4092835517&lg=EN&cc=DE&unqvl=18
IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}
IE - HKLM\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = hxxp://websearch.a-searchpage.info/?l=1&q={searchTerms}&pid=658&r=2013/05/31&hid=4092835517&lg=EN&cc=DE&unqvl=18
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010000.10011&barid={C45CE679-57E1-11E2-B22B-CC52AF198575}

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1386174764-3383274687-1770524248-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
IE - HKU\S-1-5-21-1386174764-3383274687-1770524248-1000\..\SearchScopes,DefaultScope = {BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
IE - HKU\S-1-5-21-1386174764-3383274687-1770524248-1000\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = hxxp://websearch.a-searchpage.info/?l=1&q={searchTerms}&pid=658&r=2013/05/31&hid=4092835517&lg=EN&cc=DE&unqvl=18
IE - HKU\S-1-5-21-1386174764-3383274687-1770524248-1000\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010000.10011&barid={C45CE679-57E1-11E2-B22B-CC52AF198575}
IE - HKU\S-1-5-21-1386174764-3383274687-1770524248-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1386174764-3383274687-1770524248-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.defaultenginename,S: S", ""
FF - prefs.js..browser.search.defaultthis.engineName: ""
FF - prefs.js..browser.search.defaulturl: "hxxp://websearch.a-searchpage.info/?pid=658&r=2013/05/31&hid=4092835517&lg=EN&cc=DE&unqvl=18&l=1&q="
FF - prefs.js..browser.search.order.1: "WebSearch"
FF - prefs.js..browser.search.order.1,S: S", "WebSearch"
FF - prefs.js..browser.search.selectedEngine: "WebSearch"
FF - prefs.js..browser.search.selectedEngine,S: S", "WebSearch"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: ""
FF - prefs.js..browser.startup.homepage: "https://www.google.de/"
FF - prefs.js..extensions.enabledAddons: DivXWebPlayer%40divx.com:2.0.2.039
FF - prefs.js..extensions.enabledAddons: facebook%40disconnect.me:2.1.3
FF - prefs.js..extensions.enabledAddons: SciLorsGrooveUnlocker%40scilor.com:0.3.3
FF - prefs.js..extensions.enabledAddons: testpilot%40labs.mozilla.com:1.2.2
FF - prefs.js..extensions.enabledAddons: canitbecheaper%40trafficbroker.co.uk:3.8.28
FF - prefs.js..extensions.enabledAddons: %7Ba0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7%7D:20130515
FF - prefs.js..extensions.enabledAddons: foxmarks%40kei.com:4.2.1
FF - prefs.js..extensions.enabledAddons: %7Bc36177c0-224a-11da-8cd6-0800200c9a91%7D:3.9.81
FF - prefs.js..extensions.enabledAddons: youtubeunblocker%40unblocker.yt:0.4.4
FF - prefs.js..extensions.enabledAddons: stefanvandamme%40stefanvd.net:2.2.0.7
FF - prefs.js..extensions.enabledAddons: ich%40maltegoetz.de:1.5.1
FF - prefs.js..extensions.enabledAddons: toolbar%40web.de:2.6.4
FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.17
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:22.0
FF - prefs.js..keyword.URL: ""
FF - prefs.js..network.proxy.http: "50.22.206.179"
FF - prefs.js..network.proxy.http_port: 8080
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: ""
FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: ""
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: ""

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files\VLC\npvlc.dll (VideoLAN)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VLC\npvlc.dll (VideoLAN)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: C:\Program Files\VLC\npvlc.dll (VideoLAN)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.7: C:\Program Files\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\SysWOW64\Adobe\Director\np32dsw_1167637.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Plus Web Player Plug-In,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013.05.24 02:36:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files\plugins [2012.05.14 04:54:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.7\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.06.26 09:58:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.7\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2013.05.16 15:26:40 | 000,000,000 | ---D | M]

[2011.08.27 17:43:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Musemann\AppData\Roaming\mozilla\Extensions
[2013.07.24 14:21:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Musemann\AppData\Roaming\mozilla\Firefox\Profiles\jkta644v.default\extensions
[2013.05.18 18:05:25 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Musemann\AppData\Roaming\mozilla\Firefox\Profiles\jkta644v.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2013.07.20 14:03:59 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Musemann\AppData\Roaming\mozilla\Firefox\Profiles\jkta644v.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2013.05.21 05:33:00 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Users\Musemann\AppData\Roaming\mozilla\Firefox\Profiles\jkta644v.default\extensions\foxmarks@kei.com
[2013.06.29 18:05:21 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\Musemann\AppData\Roaming\mozilla\Firefox\Profiles\jkta644v.default\extensions\ich@maltegoetz.de
[2013.02.19 06:49:08 | 000,093,072 | ---- | M] () (No name found) -- C:\Users\Musemann\AppData\Roaming\mozilla\firefox\profiles\jkta644v.default\extensions\canitbecheaper@trafficbroker.co.uk.xpi
[2011.10.12 01:27:40 | 000,550,833 | ---- | M] () (No name found) -- C:\Users\Musemann\AppData\Roaming\mozilla\firefox\profiles\jkta644v.default\extensions\DivXWebPlayer@divx.com.xpi
[2012.07.24 03:07:01 | 000,035,735 | ---- | M] () (No name found) -- C:\Users\Musemann\AppData\Roaming\mozilla\firefox\profiles\jkta644v.default\extensions\facebook@disconnect.me.xpi
[2013.07.24 14:21:15 | 000,269,092 | ---- | M] () (No name found) -- C:\Users\Musemann\AppData\Roaming\mozilla\firefox\profiles\jkta644v.default\extensions\jid0-9XfBwUWnvPx4wWsfBWMCm4Jj69E@jetpack.xpi
[2012.05.20 14:59:58 | 000,129,384 | ---- | M] () (No name found) -- C:\Users\Musemann\AppData\Roaming\mozilla\firefox\profiles\jkta644v.default\extensions\SciLorsGrooveUnlocker@scilor.com.xpi
[2013.07.23 14:21:22 | 000,121,779 | ---- | M] () (No name found) -- C:\Users\Musemann\AppData\Roaming\mozilla\firefox\profiles\jkta644v.default\extensions\searchy@searchy.xpi
[2013.06.27 11:10:21 | 000,669,665 | ---- | M] () (No name found) -- C:\Users\Musemann\AppData\Roaming\mozilla\firefox\profiles\jkta644v.default\extensions\stefanvandamme@stefanvd.net.xpi
[2013.01.12 21:35:33 | 000,615,655 | ---- | M] () (No name found) -- C:\Users\Musemann\AppData\Roaming\mozilla\firefox\profiles\jkta644v.default\extensions\testpilot@labs.mozilla.com.xpi
[2013.07.18 02:00:32 | 000,621,019 | ---- | M] () (No name found) -- C:\Users\Musemann\AppData\Roaming\mozilla\firefox\profiles\jkta644v.default\extensions\toolbar@web.de.xpi
[2013.06.04 05:31:34 | 000,187,236 | ---- | M] () (No name found) -- C:\Users\Musemann\AppData\Roaming\mozilla\firefox\profiles\jkta644v.default\extensions\videoresumer@jetpack.xpi
[2013.06.11 01:30:04 | 000,008,025 | ---- | M] () (No name found) -- C:\Users\Musemann\AppData\Roaming\mozilla\firefox\profiles\jkta644v.default\extensions\youtubeunblocker@unblocker.yt.xpi
[2013.05.23 04:51:53 | 000,177,357 | ---- | M] () (No name found) -- C:\Users\Musemann\AppData\Roaming\mozilla\firefox\profiles\jkta644v.default\extensions\{c36177c0-224a-11da-8cd6-0800200c9a91}.xpi
[2013.07.23 14:21:24 | 000,818,491 | ---- | M] () (No name found) -- C:\Users\Musemann\AppData\Roaming\mozilla\firefox\profiles\jkta644v.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.07.18 02:01:07 | 000,001,050 | ---- | M] () -- C:\Users\Musemann\AppData\Roaming\mozilla\firefox\profiles\jkta644v.default\searchplugins\11-suche.xml
[2013.02.18 04:07:06 | 000,001,581 | ---- | M] () -- C:\Users\Musemann\AppData\Roaming\mozilla\firefox\profiles\jkta644v.default\searchplugins\boersebz.xml
[2013.07.18 02:01:08 | 000,002,418 | ---- | M] () -- C:\Users\Musemann\AppData\Roaming\mozilla\firefox\profiles\jkta644v.default\searchplugins\englische-ergebnisse.xml
[2013.07.18 02:01:07 | 000,010,701 | ---- | M] () -- C:\Users\Musemann\AppData\Roaming\mozilla\firefox\profiles\jkta644v.default\searchplugins\gmx-suche.xml
[2013.07.18 02:01:08 | 000,002,432 | ---- | M] () -- C:\Users\Musemann\AppData\Roaming\mozilla\firefox\profiles\jkta644v.default\searchplugins\lastminute.xml
[2013.02.18 04:07:36 | 000,002,109 | ---- | M] () -- C:\Users\Musemann\AppData\Roaming\mozilla\firefox\profiles\jkta644v.default\searchplugins\openstreetmap.xml
[2013.07.18 02:01:05 | 000,005,682 | ---- | M] () -- C:\Users\Musemann\AppData\Roaming\mozilla\firefox\profiles\jkta644v.default\searchplugins\webde-suche.xml
[2013.05.31 03:23:02 | 000,007,847 | ---- | M] () -- C:\Users\Musemann\AppData\Roaming\mozilla\firefox\profiles\jkta644v.default\searchplugins\WebSearch.xml
[2012.06.24 14:00:25 | 000,002,057 | ---- | M] () -- C:\Users\Musemann\AppData\Roaming\mozilla\firefox\profiles\jkta644v.default\searchplugins\youtube-videosuche.xml

O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll File not found
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll File not found
O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll File not found
O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Program Files\Broadcom\Broadcom 802.11\WLTRAY.EXE (Broadcom Corporation)
O4:64bit: - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe ()
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BlueStacks Agent] C:\Program Files (x86)\BlueStacks\HD-Agent.exe (BlueStack Systems, Inc.)
O4 - HKLM..\Run: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe (DivX, LLC)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe (PDF Complete Inc)
O4 - HKLM..\Run: [QLBController] C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Musemann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{57E28CE8-C052-4096-83C7-9FB77639C303}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20 - AppInit_DLLs: (c:\progra~2\contin~1\sprote~1.dll) - c:\progra~2\contin~1\sprote~1.dll ()
O20 - AppInit_DLLs: (c:\progra~2\websea~1\sprote~1.dll) - c:\progra~2\websea~1\sprote~1.dll ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013.07.19 17:12:20 | 000,000,000 | ---D | C] -- C:\Program Files\defaults
[2013.07.19 17:12:20 | 000,000,000 | ---D | C] -- C:\Program Files\browser
[2013.07.18 02:24:28 | 000,000,000 | ---D | C] -- C:\Users\Musemann\dwhelper
[2013.07.18 01:55:26 | 000,000,000 | ---D | C] -- C:\Program Files\extensions
[2013.07.18 01:55:15 | 000,000,000 | ---D | C] -- C:\ProgramData\APN
[2013.07.18 01:55:14 | 000,000,000 | ---D | C] -- C:\ProgramData\YTD Video Downloader
[2013.07.18 01:55:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YTD Video Downloader
[2013.07.18 01:55:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GreenTree Applications
[2013.07.05 08:30:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2013.07.01 12:49:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013.07.01 12:48:33 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013.07.01 12:48:32 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013.07.01 12:48:32 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2013.06.26 09:49:06 | 000,000,000 | ---D | C] -- C:\Program Files\updated
[2013.04.28 10:56:11 | 000,026,520 | ---- | C] (Mozilla Corporation) -- C:\Program Files\plugin-hang-ui.exe
[2012.10.11 01:59:09 | 000,170,232 | ---- | C] (Mozilla Corporation) -- C:\Program Files\webapp-uninstaller.exe
[2012.10.11 01:59:09 | 000,092,056 | ---- | C] (Mozilla Foundation) -- C:\Program Files\webapprt-stub.exe
[2012.08.29 22:48:46 | 000,074,136 | ---- | C] (Mozilla Foundation) -- C:\Program Files\breakpadinjector.dll
[2012.06.06 01:41:56 | 000,770,384 | ---- | C] (Microsoft Corporation) -- C:\Program Files\msvcr100.dll
[2012.06.06 01:41:56 | 000,421,200 | ---- | C] (Microsoft Corporation) -- C:\Program Files\msvcp100.dll
[2012.04.25 19:53:07 | 000,193,824 | ---- | C] (Mozilla Corporation) -- C:\Program Files\maintenanceservice_installer.exe
[2012.04.25 19:53:07 | 000,117,144 | ---- | C] (Mozilla Foundation) -- C:\Program Files\maintenanceservice.exe
[2012.04.15 21:18:17 | 003,407,256 | ---- | C] (Mozilla Foundation) -- C:\Program Files\gkmedias.dll
[2012.04.15 21:18:17 | 000,131,480 | ---- | C] (Mozilla Foundation) -- C:\Program Files\mozglue.dll
[2011.08.27 17:41:36 | 020,132,248 | ---- | C] (Mozilla Foundation) -- C:\Program Files\xul.dll
[2011.08.27 17:41:36 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\Program Files\D3DCompiler_43.dll
[2011.08.27 17:41:36 | 001,916,312 | ---- | C] (Mozilla Foundation) -- C:\Program Files\nss3.dll
[2011.08.27 17:41:36 | 000,920,472 | ---- | C] (Mozilla Corporation) -- C:\Program Files\firefox.exe
[2011.08.27 17:41:36 | 000,478,104 | ---- | C] (Mozilla Foundation) -- C:\Program Files\libGLESv2.dll
[2011.08.27 17:41:36 | 000,375,192 | ---- | C] (Mozilla Foundation) -- C:\Program Files\nssckbi.dll
[2011.08.27 17:41:36 | 000,279,448 | ---- | C] (Mozilla Foundation) -- C:\Program Files\freebl3.dll
[2011.08.27 17:41:36 | 000,272,792 | ---- | C] (Mozilla Foundation) -- C:\Program Files\updater.exe
[2011.08.27 17:41:36 | 000,151,960 | ---- | C] (Mozilla Foundation) -- C:\Program Files\softokn3.dll
[2011.08.27 17:41:36 | 000,116,120 | ---- | C] (Mozilla Foundation) -- C:\Program Files\crashreporter.exe
[2011.08.27 17:41:36 | 000,091,544 | ---- | C] (Mozilla Foundation) -- C:\Program Files\nssdbm3.dll
[2011.08.27 17:41:36 | 000,059,288 | ---- | C] (Mozilla Foundation) -- C:\Program Files\libEGL.dll
[2011.08.27 17:41:36 | 000,017,304 | ---- | C] (Mozilla Corporation) -- C:\Program Files\plugin-container.exe
[2011.08.27 17:41:36 | 000,016,280 | ---- | C] (Mozilla Foundation) -- C:\Program Files\mozalloc.dll
[2011.08.27 17:41:35 | 000,019,352 | ---- | C] (Mozilla Foundation) -- C:\Program Files\AccessibleMarshal.dll

========== Files - Modified Within 30 Days ==========

[2013.07.24 17:34:17 | 000,018,397 | ---- | M] () -- C:\Users\Musemann\Desktop\Kündigung Inter.odt
[2013.07.24 16:52:00 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2013.07.24 16:23:39 | 000,019,760 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.07.24 16:23:39 | 000,019,760 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.07.24 13:58:57 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013.07.24 13:58:54 | 4019,781,632 | -HS- | M] () -- C:\hiberfil.sys
[2013.07.18 18:13:44 | 000,018,941 | ---- | M] () -- C:\Users\Musemann\Desktop\Hausarbeit Guttenberg.odt
[2013.07.18 05:48:48 | 000,010,240 | ---- | M] () -- C:\Users\Musemann\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013.07.12 12:54:20 | 000,306,144 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2013.07.11 18:22:13 | 001,520,734 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2013.07.11 18:22:13 | 000,654,400 | ---- | M] () -- C:\windows\SysNative\perfh007.dat
[2013.07.11 18:22:13 | 000,616,242 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2013.07.11 18:22:13 | 000,130,240 | ---- | M] () -- C:\windows\SysNative\perfc007.dat
[2013.07.11 18:22:13 | 000,106,622 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2013.07.11 03:16:17 | 000,041,320 | ---- | M] () -- C:\Users\Musemann\Desktop\Tagebuch.odt
[2013.07.11 03:04:53 | 000,033,555 | ---- | M] () -- C:\Users\Musemann\Desktop\Essay zur Arbeitskultur Unbehagen.odt
[2013.07.09 19:12:08 | 008,840,993 | ---- | M] () -- C:\Users\Musemann\Desktop\06 Heimat.mp3
[2013.07.09 17:46:03 | 000,012,795 | ---- | M] () -- C:\Users\Musemann\Desktop\Ideensammlung für Jobs, Praktika, Zukunftsplanung.odt
[2013.07.09 05:01:19 | 003,738,943 | ---- | M] () -- C:\Users\Musemann\Desktop\clip_mar_08.wmv
[2013.07.09 05:01:04 | 008,815,292 | ---- | M] () -- C:\Users\Musemann\Desktop\clip_jul_07_new.wmv
[2013.07.09 05:00:47 | 001,774,842 | ---- | M] () -- C:\Users\Musemann\Desktop\frankl_77.wmv
[2013.07.06 16:39:27 | 008,323,926 | ---- | M] () -- C:\Users\Musemann\Desktop\marx_-_oekonomisch-philosophische_manuskripte_1844 - OCRed.pdf
[2013.06.28 16:15:17 | 000,000,344 | ---- | M] () -- C:\windows\tasks\HPCeeScheduleForMusemann.job
[2013.06.27 16:25:17 | 000,083,672 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\windows\SysNative\drivers\avnetflt.sys

========== Files Created - No Company Name ==========

[2013.07.24 17:25:50 | 000,018,397 | ---- | C] () -- C:\Users\Musemann\Desktop\Kündigung Inter.odt
[2013.07.09 19:12:05 | 008,840,993 | ---- | C] () -- C:\Users\Musemann\Desktop\06 Heimat.mp3
[2013.07.09 05:00:26 | 003,738,943 | ---- | C] () -- C:\Users\Musemann\Desktop\clip_mar_08.wmv
[2013.07.09 05:00:18 | 001,774,842 | ---- | C] () -- C:\Users\Musemann\Desktop\frankl_77.wmv
[2013.07.09 05:00:00 | 008,815,292 | ---- | C] () -- C:\Users\Musemann\Desktop\clip_jul_07_new.wmv
[2013.07.06 16:39:08 | 008,323,926 | ---- | C] () -- C:\Users\Musemann\Desktop\marx_-_oekonomisch-philosophische_manuskripte_1844 - OCRed.pdf
[2013.05.27 02:24:15 | 000,645,632 | ---- | C] () -- C:\windows\SysWow64\xvidcore.dll
[2013.05.27 02:24:15 | 000,240,640 | ---- | C] () -- C:\windows\SysWow64\xvidvfw.dll
[2013.01.22 08:39:04 | 000,007,552 | ---- | C] () -- C:\windows\SysWow64\drivers\enodpl.sys
[2013.01.22 08:39:04 | 000,004,736 | ---- | C] () -- C:\windows\SysWow64\drivers\tandpl.sys
[2012.09.22 05:43:30 | 000,010,240 | ---- | C] () -- C:\Users\Musemann\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.09.12 15:29:35 | 000,000,000 | ---- | C] () -- C:\Users\Musemann\defogger_reenable
[2012.07.26 15:24:30 | 000,007,609 | ---- | C] () -- C:\Users\Musemann\AppData\Local\Resmon.ResmonCfg
[2012.06.07 06:40:41 | 000,043,520 | ---- | C] () -- C:\windows\SysWow64\CmdLineExt03.dll
[2012.04.25 19:53:08 | 000,000,137 | ---- | C] () -- C:\Program Files\update-settings.ini
[2012.02.08 18:21:36 | 006,865,771 | ---- | C] () -- C:\Program Files\omni.ja
[2011.10.16 23:03:09 | 000,017,408 | ---- | C] () -- C:\Users\Musemann\AppData\Local\WebpageIcons.db
[2011.08.31 14:29:00 | 004,023,808 | ---- | C] () -- C:\windows\SysWow64\x264vfw.dll
[2011.08.27 17:41:36 | 003,285,912 | ---- | C] () -- C:\Program Files\mozjs.dll
[2011.08.27 17:41:36 | 000,036,638 | ---- | C] () -- C:\Program Files\removed-files
[2011.08.27 17:41:36 | 000,004,284 | ---- | C] () -- C:\Program Files\crashreporter.ini
[2011.08.27 17:41:36 | 000,001,928 | ---- | C] () -- C:\Program Files\precomplete
[2011.08.27 17:41:36 | 000,001,245 | ---- | C] () -- C:\Program Files\updater.ini
[2011.08.27 17:41:36 | 000,000,899 | ---- | C] () -- C:\Program Files\softokn3.chk
[2011.08.27 17:41:36 | 000,000,899 | ---- | C] () -- C:\Program Files\nssdbm3.chk
[2011.08.27 17:41:36 | 000,000,899 | ---- | C] () -- C:\Program Files\freebl3.chk
[2011.08.27 17:41:36 | 000,000,140 | ---- | C] () -- C:\Program Files\platform.ini
[2011.08.27 17:41:36 | 000,000,099 | ---- | C] () -- C:\Program Files\dependentlibs.list
[2011.08.27 17:41:35 | 000,000,633 | ---- | C] () -- C:\Program Files\application.ini

========== ZeroAccess Check ==========

[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012.05.01 18:20:58 | 000,000,000 | ---D | M] -- C:\Users\Musemann\AppData\Roaming\AirportMadness4
[2012.09.22 20:54:43 | 000,000,000 | ---D | M] -- C:\Users\Musemann\AppData\Roaming\Canneverbe Limited
[2013.07.19 19:31:27 | 000,000,000 | ---D | M] -- C:\Users\Musemann\AppData\Roaming\Dropbox
[2013.05.27 03:07:18 | 000,000,000 | ---D | M] -- C:\Users\Musemann\AppData\Roaming\FreeVideoConverter
[2012.07.09 02:23:48 | 000,000,000 | ---D | M] -- C:\Users\Musemann\AppData\Roaming\Gabob.NowBoarding.75EFD321A77FF3E9D3E8C023673644AB2F392162.1
[2011.09.23 19:06:34 | 000,000,000 | ---D | M] -- C:\Users\Musemann\AppData\Roaming\OpenOffice.org
[2013.06.11 05:57:07 | 000,000,000 | ---D | M] -- C:\Users\Musemann\AppData\Roaming\org.kostya.yarDesktop.7EFEB10B09AF84D945E5FE44C420C33DD323B846.1
[2011.09.08 14:48:44 | 000,000,000 | ---D | M] -- C:\Users\Musemann\AppData\Roaming\Shark007
[2011.11.30 20:01:03 | 000,000,000 | ---D | M] -- C:\Users\Musemann\AppData\Roaming\Thunderbird
[2012.01.19 23:25:56 | 000,000,000 | ---D | M] -- C:\Users\Musemann\AppData\Roaming\toolplugin
[2011.09.08 14:37:44 | 000,000,000 | ---D | M] -- C:\Users\Musemann\AppData\Roaming\Win7codecs

========== Purity Check ==========

< End of report >

Gmer Log:

Zitat:

GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-07-24 18:59:15
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 SAMSUNG_HM321HI rev.2AJ10003 298,09GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\Musemann\AppData\Local\Temp\awdcyuob.sys

---- Kernel code sections - GMER 2.1 ----

INITKDBG C:\windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 560 fffff80002da5000 45 bytes [00, 00, 15, 02, 46, 69, 6C, ...]
INITKDBG C:\windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 607 fffff80002da502f 16 bytes [00, 00, 00, 00, 00, 00, 00, ...]

---- User code sections - GMER 2.1 ----

.text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[3204] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000755f1465 2 bytes [5F, 75]
.text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[3204] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000755f14bb 2 bytes [5F, 75]
.text ... * 2
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2412] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000755f1465 2 bytes [5F, 75]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2412] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000755f14bb 2 bytes [5F, 75]
.text ... * 2
.text C:\Program Files (x86)\BlueStacks\HD-Agent.exe[3560] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000755f1465 2 bytes [5F, 75]
.text C:\Program Files (x86)\BlueStacks\HD-Agent.exe[3560] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000755f14bb 2 bytes [5F, 75]
.text ... * 2

---- Threads - GMER 2.1 ----

Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [3844:4148] 000007fefb922a7c

---- Registry - GMER 2.1 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\cc52af198575
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\cc52af198575 (not active ControlSet)

---- EOF - GMER 2.1 ----

schrauber · 24.07.2013, 18:24

hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

chillmeister · 24.07.2013, 23:52

hallo schrauber,

danke, dass du mir helfen willst.
Hier die Logs als Code-Tag, wie von dir vorgeschlagen:

Frst:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-07-2013
Ran by Musemann (administrator) on 25-07-2013 00:47:22
Running from C:\Users\Musemann\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AMD) C:\windows\system32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\STacSV64.exe
(AMD) C:\windows\system32\atieclxx.exe
(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11\WLTRYSVC.EXE
(Microsoft Corporation) C:\windows\system32\WLANExt.exe
(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11\bcmwltry.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Cisco Systems, Inc.) C:\Program Files\VPN Client\cvpnd.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Service.exe
(BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-Network.exe
(BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-BlockDevice.exe
(BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-SharedFolder.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11\WLTRAY.EXE
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Agent.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2174760 2010-06-04] (Synaptics Incorporated)
HKLM\...\Run: [HPWirelessAssistant] - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe [363064 2010-04-05] (Hewlett-Packard)
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [489472 2011-11-22] (IDT, Inc.)
HKLM\...\Run: [Broadcom Wireless Manager UI] - C:\Program Files\Broadcom\Broadcom 802.11\WLTRAY.exe [7177728 2013-05-26] (Broadcom Corporation)
HKCU\...\Run: [LightScribe Control Panel] - C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2010-02-22] (Hewlett-Packard Company)
HKLM-x32\...\Run: [PDF Complete] - C:\Program Files (x86)\PDF Complete\pdfsty.exe [563736 2010-03-07] (PDF Complete Inc)
HKLM-x32\...\Run: [StartCCC] - "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [98304 2010-08-05] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [QLBController] - C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe /start [256056 2010-10-01] (Hewlett-Packard Company)
HKLM-x32\...\Run: [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avgnt] - "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min [345144 2013-06-27] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [amd_dc_opt] - C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
HKLM-x32\...\Run: [APSDaemon] - "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [DivXMediaServer] - C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-04-15] (DivX, LLC)
HKLM-x32\...\Run: [DivXUpdate] - "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [1263952 2013-02-13] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [BlueStacks Agent] - C:\Program Files (x86)\BlueStacks\HD-Agent.exe [601928 2013-05-13] (BlueStack Systems, Inc.)
HKLM-x32\...\Run: [iTunesHelper] - "C:\Program Files\iTunes\iTunesHelper.exe" [152392 2013-05-31] (Apple Inc.)
AppInit_DLLs-x32: c:\progra~2\contin~1\sprote~1.dll c:\progra~2\websea~1\sprote~1.dll [1050112 2013-01-24] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\vpngui.exe.lnk
ShortcutTarget: vpngui.exe.lnk -> C:\windows\Installer\{467D5E81-8349-4892-9E81-C3674ED8E451}\Icon09DB8A851.exe ()
Startup: C:\Users\Musemann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://websearch.a-searchpage.info/?pid=658&r=2013/05/31&hid=4092835517&lg=EN&cc=DE&unqvl=18
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM-x32 - DefaultScope {EEE6C360-6118-11DC-9C72-001320C79847} URL = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010000.10011&barid={C45CE679-57E1-11E2-B22B-CC52AF198575}
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 - {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = hxxp://websearch.a-searchpage.info/?l=1&q={searchTerms}&pid=658&r=2013/05/31&hid=4092835517&lg=EN&cc=DE&unqvl=18
SearchScopes: HKLM-x32 - {EEE6C360-6118-11DC-9C72-001320C79847} URL = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010000.10011&barid={C45CE679-57E1-11E2-B22B-CC52AF198575}
SearchScopes: HKCU - DefaultScope {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = hxxp://websearch.a-searchpage.info/?l=1&q={searchTerms}&pid=658&r=2013/05/31&hid=4092835517&lg=EN&cc=DE&unqvl=18
SearchScopes: HKCU - {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = hxxp://websearch.a-searchpage.info/?l=1&q={searchTerms}&pid=658&r=2013/05/31&hid=4092835517&lg=EN&cc=DE&unqvl=18
SearchScopes: HKCU - {EEE6C360-6118-11DC-9C72-001320C79847} URL = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010000.10011&barid={C45CE679-57E1-11E2-B22B-CC52AF198575}
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll No File
BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
BHO-x32: SweetPacks Browser Helper - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll No File
Toolbar: HKLM-x32 - SweetPacks Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Musemann\AppData\Roaming\Mozilla\Firefox\Profiles\jkta644v.default
FF user.js: detected! => C:\Users\Musemann\AppData\Roaming\Mozilla\Firefox\Profiles\jkta644v.default\user.js
FF SelectedSearchEngine: WebSearch
FF Homepage: https://www.google.de/
FF Keyword.URL: user_pref("keyword.URL", "");
FF NetworkProxy: "http", "50.22.206.179"
FF NetworkProxy: "http_port", 8080
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=10.21.2 - C:\windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @videolan.org/vlc,version=2.0.2 - C:\Program Files\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.5 - C:\Program Files\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.6 - C:\Program Files\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.7 - C:\Program Files\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\windows\SysWOW64\Adobe\Director\np32dsw_1167637.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @divx.com/DivX Plus Web Player Plug-In,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Musemann\AppData\Roaming\Mozilla\Firefox\Profiles\jkta644v.default\searchplugins\11-suche.xml
FF SearchPlugin: C:\Users\Musemann\AppData\Roaming\Mozilla\Firefox\Profiles\jkta644v.default\searchplugins\boersebz.xml
FF SearchPlugin: C:\Users\Musemann\AppData\Roaming\Mozilla\Firefox\Profiles\jkta644v.default\searchplugins\englische-ergebnisse.xml
FF SearchPlugin: C:\Users\Musemann\AppData\Roaming\Mozilla\Firefox\Profiles\jkta644v.default\searchplugins\gmx-suche.xml
FF SearchPlugin: C:\Users\Musemann\AppData\Roaming\Mozilla\Firefox\Profiles\jkta644v.default\searchplugins\lastminute.xml
FF SearchPlugin: C:\Users\Musemann\AppData\Roaming\Mozilla\Firefox\Profiles\jkta644v.default\searchplugins\openstreetmap.xml
FF SearchPlugin: C:\Users\Musemann\AppData\Roaming\Mozilla\Firefox\Profiles\jkta644v.default\searchplugins\webde-suche.xml
FF SearchPlugin: C:\Users\Musemann\AppData\Roaming\Mozilla\Firefox\Profiles\jkta644v.default\searchplugins\WebSearch.xml
FF SearchPlugin: C:\Users\Musemann\AppData\Roaming\Mozilla\Firefox\Profiles\jkta644v.default\searchplugins\youtube-videosuche.xml
FF Extension: No Name - C:\Users\Musemann\AppData\Roaming\Mozilla\Firefox\Profiles\jkta644v.default\Extensions\foxmarks@kei.com
FF Extension: ProxTube - Gesperrte YouTube Videos entsperren - C:\Users\Musemann\AppData\Roaming\Mozilla\Firefox\Profiles\jkta644v.default\Extensions\ich@maltegoetz.de
FF Extension: WOT - C:\Users\Musemann\AppData\Roaming\Mozilla\Firefox\Profiles\jkta644v.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF Extension: DownloadHelper - C:\Users\Musemann\AppData\Roaming\Mozilla\Firefox\Profiles\jkta644v.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF Extension: canitbecheaper - C:\Users\Musemann\AppData\Roaming\Mozilla\Firefox\Profiles\jkta644v.default\Extensions\canitbecheaper@trafficbroker.co.uk.xpi
FF Extension: DivXWebPlayer - C:\Users\Musemann\AppData\Roaming\Mozilla\Firefox\Profiles\jkta644v.default\Extensions\DivXWebPlayer@divx.com.xpi
FF Extension: facebook - C:\Users\Musemann\AppData\Roaming\Mozilla\Firefox\Profiles\jkta644v.default\Extensions\facebook@disconnect.me.xpi
FF Extension: jid0-9XfBwUWnvPx4wWsfBWMCm4Jj69E - C:\Users\Musemann\AppData\Roaming\Mozilla\Firefox\Profiles\jkta644v.default\Extensions\jid0-9XfBwUWnvPx4wWsfBWMCm4Jj69E@jetpack.xpi
FF Extension: SciLorsGrooveUnlocker - C:\Users\Musemann\AppData\Roaming\Mozilla\Firefox\Profiles\jkta644v.default\Extensions\SciLorsGrooveUnlocker@scilor.com.xpi
FF Extension: searchy - C:\Users\Musemann\AppData\Roaming\Mozilla\Firefox\Profiles\jkta644v.default\Extensions\searchy@searchy.xpi
FF Extension: stefanvandamme - C:\Users\Musemann\AppData\Roaming\Mozilla\Firefox\Profiles\jkta644v.default\Extensions\stefanvandamme@stefanvd.net.xpi
FF Extension: testpilot - C:\Users\Musemann\AppData\Roaming\Mozilla\Firefox\Profiles\jkta644v.default\Extensions\testpilot@labs.mozilla.com.xpi
FF Extension: toolbar - C:\Users\Musemann\AppData\Roaming\Mozilla\Firefox\Profiles\jkta644v.default\Extensions\toolbar@web.de.xpi
FF Extension: videoresumer - C:\Users\Musemann\AppData\Roaming\Mozilla\Firefox\Profiles\jkta644v.default\Extensions\videoresumer@jetpack.xpi
FF Extension: youtubeunblocker - C:\Users\Musemann\AppData\Roaming\Mozilla\Firefox\Profiles\jkta644v.default\Extensions\youtubeunblocker@unblocker.yt.xpi
FF Extension: No Name - C:\Users\Musemann\AppData\Roaming\Mozilla\Firefox\Profiles\jkta644v.default\Extensions\{c36177c0-224a-11da-8cd6-0800200c9a91}.xpi
FF Extension: No Name - C:\Users\Musemann\AppData\Roaming\Mozilla\Firefox\Profiles\jkta644v.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF StartMenuInternet: FIREFOX.EXE - C:\Program Files\firefox.exe

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-06-27] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-06-27] (Avira Operations GmbH & Co. KG)
R2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [393032 2013-05-13] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [384840 2013-05-13] (BlueStack Systems, Inc.)
R2 CVPND; C:\Program Files\VPN Client\cvpnd.exe [1528616 2010-03-23] (Cisco Systems, Inc.)
R2 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe [280120 2010-10-01] (Hewlett-Packard Company)
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [635416 2010-03-07] (PDF Complete Inc)
R2 wltrysvc; C:\Program Files\Broadcom\Broadcom 802.11\WLTRYSVC.EXE [48128 2013-05-26] (Broadcom Corporation)

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [100712 2013-04-28] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130016 2013-04-28] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-04-28] (Avira Operations GmbH & Co. KG)
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [70984 2013-05-13] (BlueStack Systems)
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [70984 2013-05-13] (BlueStack Systems)
R2 cpuz135; C:\windows\system32\drivers\cpuz135_x64.sys [21992 2011-09-21] (CPUID)
R3 CVPNDRVA; C:\windows\system32\Drivers\CVPNDRVA.sys [304784 2010-03-23] ()
R3 CVPNDRVA; C:\windows\system32\Drivers\CVPNDRVA.sys [304784 2010-03-23] ()
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1803904 2010-06-23] ()
S2 tandpl; C:\Windows\SysWow64\drivers\tandpl.sys [4736 2003-04-19] ()
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-06-21] (Anchorfree Inc.)
S1 SBRE; \??\C:\windows\system32\drivers\SBREdrv.sys [x]
S2 tandpl; System32\drivers\tandpl.sys [x]
S3 vpnva; system32\DRIVERS\vpnva64.sys [x]
U3 awdcyuob; \??\C:\Users\Musemann\AppData\Local\Temp\awdcyuob.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-25 00:44 - 2013-07-25 00:44 - 00000000 ____D C:\FRST
2013-07-25 00:42 - 2013-07-25 00:43 - 01779761 _____ (Farbar) C:\Users\Musemann\Desktop\FRST64.exe
2013-07-24 21:56 - 2013-07-24 21:57 - 00000066 _____ C:\Users\Musemann\Desktop\Besorgen für Jakarta.txt
2013-07-24 20:47 - 2013-07-25 00:40 - 00000091 _____ C:\Users\Musemann\Desktop\Wen will ich treffen, bevor ich weg bin.txt
2013-07-24 20:23 - 2013-07-24 20:27 - 00000175 _____ C:\Users\Musemann\Desktop\Termine ab Münster.txt
2013-07-24 20:07 - 2013-07-24 21:58 - 00000270 _____ C:\Users\Musemann\Desktop\Treffen mit Olli Bellstedt.txt
2013-07-24 18:59 - 2013-07-24 18:59 - 00002726 _____ C:\Users\Musemann\Desktop\Gmer.log
2013-07-24 17:51 - 2013-07-24 19:03 - 00000175 _____ C:\Users\Musemann\Desktop\Trojaner Board.txt
2013-07-24 17:43 - 2013-07-24 17:43 - 00106762 _____ C:\Users\Musemann\Desktop\OTL.Txt
2013-07-24 17:25 - 2013-07-24 17:34 - 00018397 _____ C:\Users\Musemann\Desktop\Kündigung Inter.odt
2013-07-19 17:12 - 2013-07-19 17:12 - 00000000 ____D C:\Program Files\defaults
2013-07-19 17:12 - 2013-07-19 17:12 - 00000000 ____D C:\Program Files\browser
2013-07-18 02:24 - 2013-07-18 02:28 - 00000000 ____D C:\Users\Musemann\dwhelper
2013-07-18 01:55 - 2013-07-24 22:28 - 00000000 ____D C:\ProgramData\YTD Video Downloader
2013-07-18 01:55 - 2013-07-18 02:03 - 00000000 ____D C:\Program Files\extensions
2013-07-18 01:55 - 2013-07-18 01:55 - 00000000 ____D C:\ProgramData\APN
2013-07-18 01:55 - 2013-07-18 01:55 - 00000000 ____D C:\Program Files (x86)\GreenTree Applications
2013-07-11 16:51 - 2013-06-04 08:00 - 00624128 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll
2013-07-11 16:51 - 2013-06-04 06:53 - 00509440 _____ (Microsoft Corporation) C:\windows\SysWOW64\qedit.dll
2013-07-11 16:51 - 2013-05-06 08:03 - 01887744 _____ (Microsoft Corporation) C:\windows\system32\WMVDECOD.DLL
2013-07-11 16:51 - 2013-05-06 06:56 - 01620480 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMVDECOD.DLL
2013-07-11 16:50 - 2013-06-05 05:34 - 03153920 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2013-07-11 16:50 - 2013-04-10 07:45 - 01545728 _____ (Microsoft Corporation) C:\windows\system32\DWrite.dll
2013-07-11 16:50 - 2013-04-10 07:02 - 01077760 _____ (Microsoft Corporation) C:\windows\SysWOW64\DWrite.dll
2013-07-10 22:11 - 2013-07-24 20:23 - 00000680 _____ C:\Users\Musemann\Desktop\Köln.txt
2013-07-09 05:00 - 2013-07-09 05:01 - 08815292 _____ C:\Users\Musemann\Desktop\clip_jul_07_new.wmv
2013-07-09 05:00 - 2013-07-09 05:01 - 03738943 _____ C:\Users\Musemann\Desktop\clip_mar_08.wmv
2013-07-09 05:00 - 2013-07-09 05:00 - 01774842 _____ C:\Users\Musemann\Desktop\frankl_77.wmv
2013-07-01 12:48 - 2013-07-01 12:49 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-07-01 12:48 - 2013-07-01 12:48 - 00000000 ____D C:\Program Files\iTunes
2013-07-01 12:48 - 2013-07-01 12:48 - 00000000 ____D C:\Program Files\iPod
2013-06-26 09:49 - 2013-07-04 15:16 - 00000000 ____D C:\Program Files\updated

==================== One Month Modified Files and Folders =======

2013-07-25 00:44 - 2013-07-25 00:44 - 00000000 ____D C:\FRST
2013-07-25 00:43 - 2013-07-25 00:42 - 01779761 _____ (Farbar) C:\Users\Musemann\Desktop\FRST64.exe
2013-07-25 00:40 - 2013-07-24 20:47 - 00000091 _____ C:\Users\Musemann\Desktop\Wen will ich treffen, bevor ich weg bin.txt
2013-07-24 23:52 - 2012-05-20 17:05 - 00000884 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2013-07-24 22:28 - 2013-07-18 01:55 - 00000000 ____D C:\ProgramData\YTD Video Downloader
2013-07-24 21:58 - 2013-07-24 20:07 - 00000270 _____ C:\Users\Musemann\Desktop\Treffen mit Olli Bellstedt.txt
2013-07-24 21:57 - 2013-07-24 21:56 - 00000066 _____ C:\Users\Musemann\Desktop\Besorgen für Jakarta.txt
2013-07-24 21:27 - 2013-05-22 11:21 - 00001425 _____ C:\Users\Musemann\Desktop\To do.txt
2013-07-24 20:27 - 2013-07-24 20:23 - 00000175 _____ C:\Users\Musemann\Desktop\Termine ab Münster.txt
2013-07-24 20:23 - 2013-07-10 22:11 - 00000680 _____ C:\Users\Musemann\Desktop\Köln.txt
2013-07-24 19:03 - 2013-07-24 17:51 - 00000175 _____ C:\Users\Musemann\Desktop\Trojaner Board.txt
2013-07-24 18:59 - 2013-07-24 18:59 - 00002726 _____ C:\Users\Musemann\Desktop\Gmer.log
2013-07-24 18:26 - 2012-12-06 11:35 - 00019197 _____ C:\Users\Musemann\Desktop\Vision.odt
2013-07-24 17:43 - 2013-07-24 17:43 - 00106762 _____ C:\Users\Musemann\Desktop\OTL.Txt
2013-07-24 17:42 - 2011-09-23 18:16 - 00000000 ___RD C:\Users\Musemann\Desktop\Media und Tools
2013-07-24 17:34 - 2013-07-24 17:25 - 00018397 _____ C:\Users\Musemann\Desktop\Kündigung Inter.odt
2013-07-24 17:34 - 2011-03-09 13:27 - 01551023 _____ C:\windows\WindowsUpdate.log
2013-07-24 16:23 - 2009-07-14 06:45 - 00019760 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-24 16:23 - 2009-07-14 06:45 - 00019760 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-24 13:59 - 2009-07-14 07:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2013-07-24 13:58 - 2012-05-14 05:16 - 00028631 _____ C:\windows\setupact.log
2013-07-24 13:25 - 2012-07-01 18:13 - 00000000 ____D C:\Stuff
2013-07-24 13:04 - 2012-05-20 17:05 - 00692104 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2013-07-24 13:04 - 2012-05-20 17:05 - 00071048 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-07-24 13:04 - 2012-05-20 17:05 - 00003822 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2013-07-24 13:04 - 2011-09-23 20:37 - 00000000 ____D C:\Users\Musemann\AppData\Local\Adobe
2013-07-23 17:31 - 2011-09-05 11:29 - 00000000 ____D C:\Users\Musemann\AppData\Roaming\vlc
2013-07-23 14:21 - 2011-08-28 07:13 - 00000052 _____ C:\windows\SysWOW64\DOErrors.log
2013-07-23 14:20 - 2011-11-01 01:52 - 00000000 _____ C:\windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2013-07-23 14:12 - 2011-09-27 19:47 - 00000000 ____D C:\Users\Musemann\Desktop\Bilder
2013-07-20 13:59 - 2012-04-25 19:54 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-07-19 19:31 - 2011-11-16 19:40 - 00000000 ___RD C:\Dropbox
2013-07-19 19:31 - 2011-11-16 19:31 - 00000000 ____D C:\Users\Musemann\AppData\Roaming\Dropbox
2013-07-19 17:15 - 2011-08-27 17:41 - 00025786 _____ C:\Program Files\install.log
2013-07-19 17:12 - 2013-07-19 17:12 - 00000000 ____D C:\Program Files\defaults
2013-07-19 17:12 - 2013-07-19 17:12 - 00000000 ____D C:\Program Files\browser
2013-07-19 17:12 - 2013-01-12 21:34 - 00000000 ____D C:\Program Files\webapprt
2013-07-19 17:12 - 2011-08-27 17:41 - 00000000 ____D C:\Program Files\uninstall
2013-07-18 18:13 - 2012-03-17 22:06 - 00018941 _____ C:\Users\Musemann\Desktop\Hausarbeit Guttenberg.odt
2013-07-18 05:48 - 2012-09-22 05:43 - 00010240 _____ C:\Users\Musemann\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-07-18 02:28 - 2013-07-18 02:24 - 00000000 ____D C:\Users\Musemann\dwhelper
2013-07-18 02:24 - 2011-08-27 16:39 - 00000000 ____D C:\Users\Musemann
2013-07-18 02:09 - 2012-06-07 17:39 - 00102574 _____ C:\windows\PFRO.log
2013-07-18 02:03 - 2013-07-18 01:55 - 00000000 ____D C:\Program Files\extensions
2013-07-18 01:55 - 2013-07-18 01:55 - 00000000 ____D C:\ProgramData\APN
2013-07-18 01:55 - 2013-07-18 01:55 - 00000000 ____D C:\Program Files (x86)\GreenTree Applications
2013-07-12 12:54 - 2009-07-14 06:45 - 00306144 _____ C:\windows\system32\FNTCACHE.DAT
2013-07-12 12:51 - 2009-07-27 16:27 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-12 12:51 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-12 12:51 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-07-11 19:18 - 2013-05-05 15:52 - 00000000 ____D C:\Users\Musemann\Desktop\Kulturweit
2013-07-11 18:22 - 2010-12-09 00:40 - 00654400 _____ C:\windows\system32\perfh007.dat
2013-07-11 18:22 - 2010-12-09 00:40 - 00130240 _____ C:\windows\system32\perfc007.dat
2013-07-11 18:22 - 2009-07-14 07:13 - 01520734 _____ C:\windows\system32\PerfStringBackup.INI
2013-07-11 18:17 - 2011-10-12 00:27 - 78185248 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2013-07-11 03:20 - 2012-05-27 18:21 - 00000000 ____D C:\Users\Musemann\AppData\Roaming\dvdcss
2013-07-11 03:16 - 2013-06-20 03:26 - 00041320 _____ C:\Users\Musemann\Desktop\Tagebuch.odt
2013-07-11 03:04 - 2012-05-10 05:59 - 00033555 _____ C:\Users\Musemann\Desktop\Essay zur Arbeitskultur Unbehagen.odt
2013-07-09 17:46 - 2012-11-18 09:00 - 00012795 _____ C:\Users\Musemann\Desktop\Ideensammlung für Jobs, Praktika, Zukunftsplanung.odt
2013-07-09 05:01 - 2013-07-09 05:00 - 08815292 _____ C:\Users\Musemann\Desktop\clip_jul_07_new.wmv
2013-07-09 05:01 - 2013-07-09 05:00 - 03738943 _____ C:\Users\Musemann\Desktop\clip_mar_08.wmv
2013-07-09 05:00 - 2013-07-09 05:00 - 01774842 _____ C:\Users\Musemann\Desktop\frankl_77.wmv
2013-07-09 02:27 - 2011-10-06 03:04 - 00000000 ____D C:\Users\Musemann\AppData\Local\CrashDumps
2013-07-06 16:38 - 2003-01-01 01:03 - 00000000 ___RD C:\Users\Musemann\Desktop\Uni und Dokumente
2013-07-05 08:30 - 2012-07-31 13:35 - 00000000 ____D C:\Program Files\VLC
2013-07-04 15:16 - 2013-06-26 09:49 - 00000000 ____D C:\Program Files\updated
2013-07-01 12:49 - 2013-07-01 12:48 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-07-01 12:48 - 2013-07-01 12:48 - 00000000 ____D C:\Program Files\iTunes
2013-07-01 12:48 - 2013-07-01 12:48 - 00000000 ____D C:\Program Files\iPod
2013-06-30 16:31 - 2011-08-28 00:03 - 00000000 ____D C:\windows\rescache
2013-06-29 18:59 - 2011-09-28 14:05 - 00000158 _____ C:\Users\Musemann\Desktop\Lesen.txt
2013-06-28 16:15 - 2013-04-29 11:04 - 00003204 _____ C:\windows\System32\Tasks\HPCeeScheduleForMusemann
2013-06-28 16:15 - 2013-04-29 11:04 - 00000344 _____ C:\windows\Tasks\HPCeeScheduleForMusemann.job
2013-06-27 16:25 - 2013-05-02 11:03 - 00083672 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avnetflt.sys
2013-06-26 09:58 - 2013-05-16 15:26 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2013-06-25 17:15 - 2013-02-19 10:32 - 00000000 ____D C:\Users\Musemann\AppData\Roaming\Skype
2013-06-25 17:12 - 2013-02-19 10:32 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-06-25 17:12 - 2011-03-09 13:36 - 00000000 ____D C:\ProgramData\Skype

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-07-23 18:52

==================== End Of Log ============================

--- --- ---

Addition:

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-07-2013
Ran by Musemann at 2013-07-25 00:48:24
Running from C:\Users\Musemann\Desktop
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

   
adcom 802.11 Wireless LAN Adapter (Version: )
Adobe AIR (x32 Version: 3.7.0.1860)
Adobe Flash Player 11 Plugin (x32 Version: 11.8.800.94)
Adobe Reader X (10.1.7) - Deutsch (x32 Version: 10.1.7)
Adobe Shockwave Player 11.6 (x32 Version: 11.6.7.637)
Age of Empires III (x32 Version: 1.00.0000)
AirportMadness4 (x32 Version: 1.40)
Apple Application Support (x32 Version: 2.3.4)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (x32 Version: 2.1.3.127)
ATI Catalyst Install Manager (Version: 3.0.778.0)
Avira Free Antivirus (x32 Version: 13.0.0.3884)
AviSynth 2.5 (x32)
BlueStacks App Player (x32 Version: 0.7.12.896)
BlueStacks Notification Center (x32 Version: 0.7.12.896)
Bonjour (Version: 3.0.0.10)
Broadcom 2070 Bluetooth 3.0 (Version: 6.3.0.6300)
Broadcom Wireless Utility (Version: )
Catalyst Control Center - Branding (x32 Version: 1.00.0000)
Catalyst Control Center InstallProxy (x32 Version: 2010.0805.358.5180)
Catalyst Control Center Localization All (x32 Version: 2010.0805.358.5180)
CCC Help Chinese Standard (x32 Version: 2010.0805.0357.5180)
CCC Help Chinese Traditional (x32 Version: 2010.0805.0357.5180)
CCC Help Czech (x32 Version: 2010.0805.0357.5180)
CCC Help Danish (x32 Version: 2010.0805.0357.5180)
CCC Help Dutch (x32 Version: 2010.0805.0357.5180)
CCC Help English (x32 Version: 2010.0805.0357.5180)
CCC Help Finnish (x32 Version: 2010.0805.0357.5180)
CCC Help French (x32 Version: 2010.0805.0357.5180)
CCC Help German (x32 Version: 2010.0805.0357.5180)
CCC Help Greek (x32 Version: 2010.0805.0357.5180)
CCC Help Hungarian (x32 Version: 2010.0805.0357.5180)
CCC Help Italian (x32 Version: 2010.0805.0357.5180)
CCC Help Japanese (x32 Version: 2010.0805.0357.5180)
CCC Help Korean (x32 Version: 2010.0805.0357.5180)
CCC Help Norwegian (x32 Version: 2010.0805.0357.5180)
CCC Help Polish (x32 Version: 2010.0805.0357.5180)
CCC Help Portuguese (x32 Version: 2010.0805.0357.5180)
CCC Help Russian (x32 Version: 2010.0805.0357.5180)
CCC Help Spanish (x32 Version: 2010.0805.0357.5180)
CCC Help Swedish (x32 Version: 2010.0805.0357.5180)
CCC Help Thai (x32 Version: 2010.0805.0357.5180)
CCC Help Turkish (x32 Version: 2010.0805.0357.5180)
ccc-core-static (x32 Version: 2010.0805.358.5180)
ccc-utility64 (Version: 2010.0805.358.5180)
CCleaner (Version: 3.18)
CDBurnerXP (x32 Version: 4.4.2.3442)
Cisco Systems VPN Client 5.0.07.0290 (Version: 5.0.7)
ContinueToSave 1.74 (x32)
CPUID CPU-Z 1.59
DivX-Setup (x32 Version: 2.6.1.41)
Dropbox (HKCU Version: 2.0.22)
Dual-Core Optimizer (x32 Version: 1.1.4.0169)
Energy Star Digital Logo (x32 Version: 1.0.1)
Fire Department (x32 Version: 1.1.000)
Free Video Converter V 3.1 (x32 Version: 3.1.0.0)
FTL version 1.03.1 (x32 Version: 1.03.1)
Hewlett-Packard ACLM.NET v1.2.1.1 (x32 Version: 1.00.0000)
HiJackThis (x32 Version: 1.0.0)
HP Customer Experience Enhancements (x32 Version: 6.0.1.7)
HP Documentation (x32 Version: 1.5.0.0)
HP ESU for Microsoft Windows 7 (x32 Version: 1.1.8.1)
HP HotKey Support (Version: 4.0.3.1)
HP Setup (x32 Version: 8.5.4371.3505)
HP SoftPaq Download Manager (x32 Version: 3.0.5.0)
HP Software Framework (x32 Version: 4.1.13.1)
HP Software Setup (x32 Version: 7.0.1.6)
HP Support Assistant (x32 Version: 7.0.39.15)
HP Web Camera (Version: 1.0.0)
HP Webcam (x32 Version: 1.0.25.0)
HP Webcam Driver (x32 Version: 5.8.50015.0)
HP Wireless Assistant (Version: 4.0.6.0)
IDT Audio (x32 Version: 1.0.6300.0)
iTunes (Version: 11.0.4.4)
Java 7 Update 21 (64-bit) (Version: 7.0.210)
Java 7 Update 25 (x32 Version: 7.0.250)
Java Auto Updater (x32 Version: 2.1.9.5)
JDownloader 0.9 (x32 Version: 0.9)
Last.fm 1.5.4.27091 (x32)
LightScribe System Software (x32 Version: 1.18.12.1)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft Games for Windows - LIVE Redistributable (x32 Version: 3.5.88.0)
Microsoft Games for Windows Marketplace (x32 Version: 3.5.50.0)
Microsoft Office 2010 (x32 Version: 14.0.4763.1000)
Microsoft Silverlight (x32 Version: 4.0.50401.0)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Movie2KDownloader (x32 Version: 2.1 Build 26473)
Mozilla Firefox 22.0 (x86 de) (x32 Version: 22.0)
Mozilla Maintenance Service (x32 Version: 22.0)
Mozilla Thunderbird 17.0.7 (x86 de) (x32 Version: 17.0.7)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
New Star Soccer 5 v1.12 (x32)
Now Boarding (x32 Version: 1.2.2)
OpenAL (x32)
OpenOffice.org 3.3 (x32 Version: 3.3.9567)
Paint.NET v3.5.10 (Version: 3.60.0)
PcCloneEX (x32)
PDF Complete Special Edition (x32 Version: 3.5.117)
Pro Evolution Soccer 2012 (x32 Version: 1.00.0000)
Realtek Ethernet Controller All-In-One Windows Driver (x32 Version: 1.12.0011)
Revo Uninstaller Pro 2.5.9 (Version: 2.5.9)
Search Assistant WebSearch 1.74 (x32)
SecureW2 EAP Suite 1.1.3 for Windows (x32)
Skype™ 6.5 (x32 Version: 6.5.158)
SweetIM for Messenger 3.7 (x32 Version: 3.7.0007)
swMSM (x32 Version: 12.0.0.1)
Synaptics Pointing Device Driver (Version: 15.0.24.0)
TeamViewer 7 (x32 Version: 7.0.12979)
Tom Clancy's Splinter Cell Chaos Theory (x32 Version: 1.05.157)
Toolbar 4.7 by SweetPacks (x32 Version: 4.7.0004)
Trials Legends (x32 Version: 1.0.32)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update Manager for SweetPacks 1.1 (x32 Version: 1.1.0008)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0)
Vietcong (x32)
VLC media player 2.0.7 (Version: 2.0.7)
Widelands (x32 Version: Widelands)
Win7codecs (x32 Version: 3.0.5)
Windows 7 Default Setting (x32 Version: 1.0.1.7)
Windows Media Player Firefox Plugin (x32 Version: 1.0.0.8)
WinRAR 4.01 (64-Bit) (Version: 4.01.0)
WinZip 14.5 (x32 Version: 14.5.9095)
x64 Components v3.0.5 (Version: 3.0.5)
XIII (x32 Version: 1.00.000)
Xvid Video Codec (x32 Version: 1.3.2)
YTD Video Downloader 4.3 (x32 Version: 4.3)
Zattoo4 4.0.5 (x32 Version: 4.0.5)

==================== Restore Points  =========================

09-07-2013 14:42:46 Windows Update
11-07-2013 16:09:17 Windows Update
16-07-2013 11:58:36 Windows Update
17-07-2013 23:55:46 Gerätetreiber-Paketinstallation: Anchorfree Inc Netzwerkdienst
17-07-2013 23:59:03 Gerätetreiber-Paketinstallation: Anchorfree HSS VPN Adapter Netzwerkadapter
19-07-2013 13:53:29 Windows Update
23-07-2013 12:14:49 Windows Update

==================== Hosts content: ==========================

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____N C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {1ACDE070-5D94-41DF-B178-5DE02D6E792C} - System32\Tasks\{899D7271-08BC-4688-83E3-3D957A3A9211} => C:\Program Files (x86)\Fire Department\FDMASTER.exe [2004-08-16] ()
Task: {27985B36-EDB8-4D16-B4C7-A206D527BF68} - System32\Tasks\Microsoft\Windows\MUI\Lpksetup => C:\windows\System32\lpksetup.exe [2010-11-20] (Microsoft Corporation)
Task: {357FFB0F-E9B3-4211-8EDE-EB1AFD4A3119} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => c:\program files\windows defender\MpCmdRun.exe [2009-07-14] (Microsoft Corporation)
Task: {7A6A7868-114C-40B1-87F3-9EE81434310F} - System32\Tasks\Ad-Aware Antivirus Scheduled Scan => C:\PROGRA~2\AD-AWA~1\AdAwareLauncher.exe No File
Task: {7CDFD5AD-C683-46DA-8C88-3D78CD35460B} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => C:\Windows\system32\rundll32.exe [2009-07-14] (Microsoft Corporation)
Task: {998B2CF3-22B4-4BB7-BBAA-FB582ACBF345} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-24] (Adobe Systems Incorporated)
Task: {B42E003C-975C-49B6-A1B9-D4ED772799B8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {CF2167E9-519B-4FE5-B1B8-EBDE9402A2F8} - System32\Tasks\Microsoft\Windows\WindowsBackup\Windows Backup Monitor => C:\Windows\system32\sdclt.exe [2010-11-20] (Microsoft Corporation)
Task: {DA5CCA85-C9CA-4762-84A3-71D8A60E9D65} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {E3ECABA2-F3EF-4564-A77D-F559DA21FC47} - System32\Tasks\HPCeeScheduleForMusemann => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14] (Hewlett-Packard)
Task: {F79D6B62-9E15-4BA5-A4E4-71B95528A1DB} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2013-04-01] (Hewlett-Packard Company)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\HPCeeScheduleForMusemann.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Faulty Device Manager Devices =============

Name: Cisco Systems VPN Adapter for 64-bit Windows
Description: Cisco Systems VPN Adapter for 64-bit Windows
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: CVirtA
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: SBRE
Description: SBRE
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: SBRE
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/23/2013 06:58:53 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6193

Error: (07/23/2013 06:58:53 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6193

Error: (07/23/2013 06:58:53 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/23/2013 06:58:52 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5195

Error: (07/23/2013 06:58:52 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5195

Error: (07/23/2013 06:58:52 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/23/2013 06:58:51 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4197

Error: (07/23/2013 06:58:51 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4197

Error: (07/23/2013 06:58:51 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/23/2013 06:58:50 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3183


System errors:
=============
Error: (07/24/2013 01:59:56 PM) (Source: Service Control Manager) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
SBRE

Error: (07/24/2013 01:59:26 PM) (Source: Application Popup) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\drivers\tandpl.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.

Error: (07/24/2013 00:57:22 PM) (Source: DCOM) (User: )
Description: 1053iPod Service{063D34A4-BF84-4B8D-B699-E8CA06504DDE}

Error: (07/24/2013 00:57:21 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "iPod-Dienst" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (07/24/2013 00:57:21 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst iPod-Dienst erreicht.

Error: (07/24/2013 00:56:50 PM) (Source: Service Control Manager) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
SBRE

Error: (07/24/2013 00:54:59 PM) (Source: Application Popup) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\drivers\tandpl.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.

Error: (07/23/2013 07:52:01 PM) (Source: DCOM) (User: )
Description: {51FA2736-5DEE-11D4-98E8-006008BF430C}

Error: (07/23/2013 06:59:47 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst HP Wireless Assistant Service erreicht.

Error: (07/23/2013 02:08:36 PM) (Source: Service Control Manager) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
SBRE


Microsoft Office Sessions:
=========================
Error: (07/23/2013 06:58:53 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6193

Error: (07/23/2013 06:58:53 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6193

Error: (07/23/2013 06:58:53 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/23/2013 06:58:52 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5195

Error: (07/23/2013 06:58:52 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5195

Error: (07/23/2013 06:58:52 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/23/2013 06:58:51 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4197

Error: (07/23/2013 06:58:51 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4197

Error: (07/23/2013 06:58:51 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/23/2013 06:58:50 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3183


CodeIntegrity Errors:
===================================
  Date: 2012-05-13 15:29:39.637
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-05-13 05:02:43.429
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-05-13 04:55:10.614
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-05-12 23:15:35.085
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\pcrelib.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-05-12 23:15:34.882
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\pcrelib.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-05-12 23:15:34.679
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\pcrelib.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-05-12 22:59:42.195
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-05-11 21:45:08.230
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-05-11 21:10:27.479
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-05-11 16:26:05.310
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Percentage of memory in use: 49%
Total physical RAM: 3833.56 MB
Available physical RAM: 1936.59 MB
Total Pagefile: 7665.31 MB
Available Pagefile: 4840.19 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:280.79 GB) (Free:54.39 GB) NTFS (Disk=0 Partition=2) ==>[System with boot components (obtained from reading drive)]
Drive f: (HP_TOOLS) (Fixed) (Total:1.99 GB) (Free:1.98 GB) FAT32 (Disk=0 Partition=4)

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: 01A1A129)
Partition 1: (Active) - (Size=300 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=281 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=15 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=2 GB) - (Type=0C)

==================== End Of Log ============================

schrauber · 25.07.2013, 08:30

Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel

Link 1

WICHTIG - Speichere Combofix auf deinem Desktop

Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

starte den Rechner einfach neu. Dies sollte das Problem beheben.

chillmeister · 26.07.2013, 15:09

Hinweise:
1. Diesmal konnte ich den Antivir-Echtzeitscanner deaktivieren. Beim ersten Durchlauf wurde mir dennoch (von Antivir) angezeigt, dass Antivir einen Zugriff auf die Registry verhindert hat.
2. Beim ersten Durchlauf blieb der Scan bei der Erstellung der Log-Datei 15min lang hängen, ohne dass sich etwas tat (PC vermutlich überlastet, da er auf Dauerbetrieb lief). Daraufhin habe ich den Scan beendet, den PC neu gestartet, den Registry-Schutz bei Antivir ausgestellt und den Scan wiederholt.

Combofix-Log:

Code:

ATTFilter

ComboFix 13-07-25.02 - Musemann 26.07.2013  15:12:44.2.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.3834.1964 [GMT 2:00]
ausgeführt von:: c:\users\Musemann\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Vorheriger Suchlauf -------
.
c:\program files (x86)\SecureW2
c:\program files (x86)\SecureW2\Uninstall.exe
c:\programdata\Microsoft\Windows\Start Menu\Programs\SecureW2
c:\programdata\Microsoft\Windows\Start Menu\Programs\SecureW2\TTLS Manager.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\SecureW2\Uninstall.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\vpngui.exe.lnk
C:\Thumbs.db
c:\users\Musemann\AppData\Local\TempDIR
c:\users\Musemann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SecureW2
c:\windows\Installer\{467D5E81-8349-4892-9E81-C3674ED8E451}\Icon09DB8A851.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-06-26 bis 2013-07-26  ))))))))))))))))))))))))))))))
.
.
2013-07-26 13:27 . 2013-07-26 13:27	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-07-24 22:44 . 2013-07-24 22:44	--------	d-----w-	C:\FRST
2013-07-23 12:16 . 2013-07-02 08:34	9460976	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{B63ED580-5728-4481-B2B4-E438E473AE8E}\mpengine.dll
2013-07-19 15:12 . 2013-07-19 15:12	--------	d-----w-	c:\program files\defaults
2013-07-19 15:12 . 2013-07-19 15:12	--------	d-----w-	c:\program files\browser
2013-07-18 00:24 . 2013-07-18 00:28	--------	d-----w-	c:\users\Musemann\dwhelper
2013-07-17 23:55 . 2013-07-18 00:03	--------	d-----w-	c:\program files\extensions
2013-07-17 23:55 . 2013-07-17 23:55	--------	d-----w-	c:\programdata\APN
2013-07-17 23:55 . 2013-07-24 20:28	--------	d-----w-	c:\programdata\YTD Video Downloader
2013-07-17 23:55 . 2013-07-17 23:55	--------	d-----w-	c:\program files (x86)\GreenTree Applications
2013-07-11 14:51 . 2013-05-27 05:50	1011712	----a-w-	c:\program files\Windows Defender\MpSvc.dll
2013-07-11 14:51 . 2013-05-27 05:50	571904	----a-w-	c:\program files\Windows Defender\MpClient.dll
2013-07-11 14:51 . 2013-05-27 05:50	314880	----a-w-	c:\program files\Windows Defender\MpCommu.dll
2013-07-11 14:51 . 2013-05-27 04:57	4608	----a-w-	c:\program files (x86)\Windows Defender\MsMpLics.dll
2013-07-11 14:51 . 2013-05-27 04:57	54784	----a-w-	c:\program files (x86)\Windows Defender\MpOAV.dll
2013-07-11 14:51 . 2013-05-27 04:57	392704	----a-w-	c:\program files (x86)\Windows Defender\MpClient.dll
2013-07-11 14:51 . 2013-05-27 03:15	9216	----a-w-	c:\program files (x86)\Windows Defender\MpAsDesc.dll
2013-07-11 14:51 . 2013-06-04 06:00	624128	----a-w-	c:\windows\system32\qedit.dll
2013-07-11 14:51 . 2013-06-04 04:53	509440	----a-w-	c:\windows\SysWow64\qedit.dll
2013-07-11 14:51 . 2013-05-06 06:03	1887744	----a-w-	c:\windows\system32\WMVDECOD.DLL
2013-07-11 14:51 . 2013-05-06 04:56	1620480	----a-w-	c:\windows\SysWow64\WMVDECOD.DLL
2013-07-11 14:50 . 2013-06-05 03:34	3153920	----a-w-	c:\windows\system32\win32k.sys
2013-07-11 14:50 . 2013-04-10 05:48	1732608	----a-w-	c:\program files\Windows Journal\NBDoc.DLL
2013-07-11 14:50 . 2013-04-10 05:46	1402880	----a-w-	c:\program files\Windows Journal\JNWDRV.dll
2013-07-11 14:50 . 2013-04-10 05:46	1393152	----a-w-	c:\program files\Windows Journal\JNTFiltr.dll
2013-07-11 14:50 . 2013-04-10 05:46	1367040	----a-w-	c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2013-07-11 14:50 . 2013-04-10 05:03	936448	----a-w-	c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2013-07-11 14:50 . 2013-04-10 05:45	1545728	----a-w-	c:\windows\system32\DWrite.dll
2013-07-11 14:50 . 2013-04-10 05:02	1077760	----a-w-	c:\windows\SysWow64\DWrite.dll
2013-07-01 10:48 . 2013-07-01 10:48	--------	d-----w-	c:\program files\iPod
2013-07-01 10:48 . 2013-07-01 10:49	--------	d-----w-	c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-07-01 10:48 . 2013-07-01 10:48	--------	d-----w-	c:\program files\iTunes
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-24 11:04 . 2012-05-20 15:05	71048	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-07-24 11:04 . 2012-05-20 15:05	692104	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-07-11 16:17 . 2011-10-11 22:27	78185248	----a-w-	c:\windows\system32\MRT.exe
2013-06-27 14:25 . 2013-05-02 09:03	83672	----a-w-	c:\windows\system32\drivers\avnetflt.sys
2013-06-21 01:09 . 2013-06-21 01:09	42184	----a-w-	c:\windows\system32\drivers\taphss6.sys
2013-06-18 14:22 . 2011-08-27 15:41	20132248	----a-w-	c:\program files\xul.dll
2013-06-18 14:21 . 2012-10-10 23:59	92056	----a-w-	c:\program files\webapprt-stub.exe
2013-06-18 14:21 . 2012-10-10 23:59	170232	----a-w-	c:\program files\webapp-uninstaller.exe
2013-06-18 14:21 . 2011-08-27 15:41	272792	----a-w-	c:\program files\updater.exe
2013-06-18 14:21 . 2011-08-27 15:41	151960	----a-w-	c:\program files\softokn3.dll
2013-06-18 14:21 . 2013-04-28 08:56	26520	----a-w-	c:\program files\plugin-hang-ui.exe
2013-06-18 14:21 . 2011-08-27 15:41	17304	----a-w-	c:\program files\plugin-container.exe
2013-06-18 14:21 . 2011-08-27 15:41	91544	----a-w-	c:\program files\nssdbm3.dll
2013-06-18 14:21 . 2011-08-27 15:41	375192	----a-w-	c:\program files\nssckbi.dll
2013-06-18 14:21 . 2011-08-27 15:41	1916312	----a-w-	c:\program files\nss3.dll
2013-06-18 14:21 . 2011-08-27 15:41	3285912	----a-w-	c:\program files\mozjs.dll
2013-06-18 14:21 . 2012-04-15 19:18	131480	----a-w-	c:\program files\mozglue.dll
2013-06-18 14:21 . 2011-08-27 15:41	16280	----a-w-	c:\program files\mozalloc.dll
2013-06-18 14:21 . 2012-04-25 17:53	193824	----a-w-	c:\program files\maintenanceservice_installer.exe
2013-06-18 14:21 . 2012-04-25 17:53	117144	----a-w-	c:\program files\maintenanceservice.exe
2013-06-18 14:21 . 2011-08-27 15:41	478104	----a-w-	c:\program files\libGLESv2.dll
2013-06-18 14:21 . 2011-08-27 15:41	59288	----a-w-	c:\program files\libEGL.dll
2013-06-18 14:21 . 2012-04-15 19:18	3407256	----a-w-	c:\program files\gkmedias.dll
2013-06-18 14:21 . 2011-08-27 15:41	279448	----a-w-	c:\program files\freebl3.dll
2013-06-18 14:21 . 2011-08-27 15:41	920472	----a-w-	c:\program files\firefox.exe
2013-06-18 14:21 . 2011-08-27 15:41	116120	----a-w-	c:\program files\crashreporter.exe
2013-06-18 14:21 . 2012-08-29 20:48	74136	----a-w-	c:\program files\breakpadinjector.dll
2013-06-18 14:21 . 2011-08-27 15:41	19352	----a-w-	c:\program files\AccessibleMarshal.dll
2013-06-12 19:48 . 2012-05-14 02:54	867240	----a-w-	c:\windows\SysWow64\npdeployJava1.dll
2013-06-12 19:48 . 2011-09-23 16:22	789416	----a-w-	c:\windows\SysWow64\deployJava1.dll
2013-06-12 19:47 . 2013-06-21 16:07	96168	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-06-11 03:33 . 2013-06-11 03:33	311200	----a-w-	c:\windows\system32\javaws.exe
2013-06-11 03:33 . 2013-06-11 03:33	188832	----a-w-	c:\windows\system32\javaw.exe
2013-06-11 03:33 . 2013-06-11 03:33	108448	----a-w-	c:\windows\system32\WindowsAccessBridge-64.dll
2013-06-11 03:33 . 2013-06-11 03:33	971680	----a-w-	c:\windows\system32\deployJava1.dll
2013-06-11 03:33 . 2013-06-11 03:33	1092512	----a-w-	c:\windows\system32\npDeployJava1.dll
2013-06-11 03:33 . 2013-06-11 03:33	188320	----a-w-	c:\windows\system32\java.exe
2013-05-26 21:32 . 2013-05-26 21:33	1058816	----a-w-	c:\windows\system32\BCMLogon.dll
2013-05-26 21:32 . 2013-05-26 21:33	446	----a-w-	c:\windows\SysWow64\vcredist_x64.bat
2013-05-26 21:32 . 2013-05-26 21:33	35344	----a-w-	c:\windows\system32\drivers\npf.sys
2013-05-26 21:32 . 2013-05-26 21:33	22632	----a-w-	c:\windows\system32\drivers\bcm42rly.sys
2013-05-26 21:32 . 2013-05-26 21:33	7930368	----a-w-	c:\windows\system32\BCMWLCPL.CPL
2013-05-26 21:32 . 2013-05-26 21:33	73728	----a-w-	c:\windows\system32\wltrynt.dll
2013-05-26 21:32 . 2013-05-26 21:33	4961800	----a-w-	c:\windows\SysWow64\vcredist_x64.exe
2013-05-26 21:32 . 2013-05-26 21:33	4698112	----a-w-	c:\windows\system32\bcmttls.dll
2013-05-26 21:32 . 2013-05-26 21:33	445	----a-w-	c:\windows\system32\vcredist_x64.bat
2013-05-26 21:32 . 2013-05-26 21:33	3161088	----a-w-	c:\windows\system32\vcredist_x64.exe
2013-05-26 21:32 . 2011-03-09 11:29	95584	----a-w-	c:\windows\system32\bcmwlcoi.dll
2013-05-26 21:32 . 2011-03-09 11:29	6656	----a-w-	c:\windows\system32\bcmwlrc.dll
2013-05-26 21:32 . 2011-03-09 11:29	4747880	----a-w-	c:\windows\system32\drivers\BCMWL664.SYS
2013-05-26 21:32 . 2011-03-09 11:29	3952640	----a-w-	c:\windows\system32\bcmihvsrv64.dll
2013-05-26 21:32 . 2011-03-09 11:29	3617792	----a-w-	c:\windows\system32\bcmihvui64.dll
2013-05-13 05:51 . 2013-06-12 10:53	184320	----a-w-	c:\windows\system32\cryptsvc.dll
2013-05-13 05:51 . 2013-06-12 10:53	1464320	----a-w-	c:\windows\system32\crypt32.dll
2013-05-13 05:51 . 2013-06-12 10:53	139776	----a-w-	c:\windows\system32\cryptnet.dll
2013-05-13 05:50 . 2013-06-12 10:53	52224	----a-w-	c:\windows\system32\certenc.dll
2013-05-13 04:45 . 2013-06-12 10:53	1160192	----a-w-	c:\windows\SysWow64\crypt32.dll
2013-05-13 04:45 . 2013-06-12 10:53	140288	----a-w-	c:\windows\SysWow64\cryptsvc.dll
2013-05-13 04:45 . 2013-06-12 10:53	103936	----a-w-	c:\windows\SysWow64\cryptnet.dll
2013-05-13 03:43 . 2013-06-12 10:53	1192448	----a-w-	c:\windows\system32\certutil.exe
2013-05-13 03:08 . 2013-06-12 10:53	903168	----a-w-	c:\windows\SysWow64\certutil.exe
2013-05-13 03:08 . 2013-06-12 10:53	43008	----a-w-	c:\windows\SysWow64\certenc.dll
2013-05-10 05:49 . 2013-06-12 10:53	30720	----a-w-	c:\windows\system32\cryptdlg.dll
2013-05-10 03:20 . 2013-06-12 10:53	24576	----a-w-	c:\windows\SysWow64\cryptdlg.dll
2013-05-08 06:39 . 2013-06-12 10:53	1910632	----a-w-	c:\windows\system32\drivers\tcpip.sys
2013-05-06 13:39 . 2013-05-16 13:17	9060352	----a-w-	c:\windows\system32\mshtml.dll
2013-05-02 00:06 . 2011-10-17 22:10	278800	------w-	c:\windows\system32\MpSigStub.exe
2013-04-28 10:59 . 2013-04-28 11:00	28600	----a-w-	c:\windows\system32\drivers\avkmgr.sys
2013-04-28 10:59 . 2013-04-28 11:00	130016	----a-w-	c:\windows\system32\drivers\avipbb.sys
2013-04-28 10:59 . 2013-04-28 11:00	100712	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2010-05-26 18:41 . 2011-08-27 15:41	2106216	----a-w-	c:\program files\D3DCompiler_43.dll
2010-03-18 16:15 . 2012-06-05 23:41	770384	----a-w-	c:\program files\msvcr100.dll
2010-03-18 16:15 . 2012-06-05 23:41	421200	----a-w-	c:\program files\msvcp100.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36	130736	----a-w-	c:\users\Musemann\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36	130736	----a-w-	c:\users\Musemann\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36	130736	----a-w-	c:\users\Musemann\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-02-22 2363392]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"PDF Complete"="c:\program files (x86)\PDF Complete\pdfsty.exe" [2010-03-06 563736]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-08-05 98304]
"QLBController"="c:\program files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe" [2010-10-01 256056]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-06-27 345144]
"amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
"DivXMediaServer"="c:\program files (x86)\DivX\DivX Media Server\DivXMediaServer.exe" [2013-04-15 450560]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2013-02-13 1263952]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"BlueStacks Agent"="c:\program files (x86)\BlueStacks\HD-Agent.exe" [2013-05-13 601928]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-05-31 152392]
.
c:\users\Musemann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-7-30 1132320]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	autocheck autochk *\0\0sdnclean64.exe
.
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys;c:\windows\SYSNATIVE\drivers\SBREdrv.sys [x]
R2 BstHdAndroidSvc;BlueStacks Android Service;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys;c:\windows\SYSNATIVE\DRIVERS\revoflt.sys [x]
R3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys;c:\windows\SYSNATIVE\DRIVERS\taphss6.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe;c:\program files\IDT\WDM\AESTSr64.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 BstHdDrv;BlueStacks Hypervisor;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [x]
S2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe [x]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys;c:\windows\SYSNATIVE\drivers\cpuz135_x64.sys [x]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
S2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [x]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [x]
S2 hpHotkeyMonitor;HP Hotkey Monitor;c:\program files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe;c:\program files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe [x]
S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe;c:\program files (x86)\PDF Complete\pdfsvc.exe [x]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [x]
S3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys;c:\windows\SYSNATIVE\drivers\btwampfl.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-02-22 19:38	451872	----a-w-	c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-07-26 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-20 11:04]
.
2013-06-28 c:\windows\Tasks\HPCeeScheduleForMusemann.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36	164016	----a-w-	c:\users\Musemann\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36	164016	----a-w-	c:\users\Musemann\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36	164016	----a-w-	c:\users\Musemann\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36	164016	----a-w-	c:\users\Musemann\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-04-05 8192]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-11-21 489472]
"Broadcom Wireless Manager UI"="c:\program files\Broadcom\Broadcom 802.11\WLTRAY.exe" [2013-05-26 7177728]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://websearch.a-searchpage.info/?pid=658&r=2013/05/31&hid=4092835517&lg=EN&cc=DE&unqvl=18
uInternet Settings,ProxyOverride = *.local
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Musemann\AppData\Roaming\Mozilla\Firefox\Profiles\jkta644v.default\
FF - prefs.js: browser.search.defaulturl - hxxp://websearch.a-searchpage.info/?pid=658&r=2013/05/31&hid=4092835517&lg=EN&cc=DE&unqvl=18&l=1&q=
FF - prefs.js: browser.search.selectedEngine - WebSearch
FF - prefs.js: browser.startup.homepage - hxxps://www.google.de/
FF - prefs.js: keyword.URL - 
FF - ExtSQL: 2013-06-04 05:31; videoresumer@jetpack; c:\users\Musemann\AppData\Roaming\Mozilla\Firefox\Profiles\jkta644v.default\extensions\videoresumer@jetpack.xpi
FF - ExtSQL: 2013-06-06 10:59; stefanvandamme@stefanvd.net; c:\users\Musemann\AppData\Roaming\Mozilla\Firefox\Profiles\jkta644v.default\extensions\stefanvandamme@stefanvd.net.xpi
FF - ExtSQL: 2013-07-18 02:00; {b9db16a4-6edc-47ec-a1f4-b86292ed211d}; c:\users\Musemann\AppData\Roaming\Mozilla\Firefox\Profiles\jkta644v.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{EEE6C35C-6118-11DC-9C72-001320C79847} - c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
Toolbar-{EEE6C35B-6118-11DC-9C72-001320C79847} - c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
BHO-{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - c:\program files (x86)\Hotspot Shield\HssIE\HssIE_64.dll
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-SecureW2 EAP Suite - c:\program files (x86)\SecureW2\Uninstall.exe
AddRemove-{EE202411-2C26-49E8-9784-1BC1DBF7DE96} - c:\program files (x86)\InstallShield Installation Information\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\BlueStacks]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-07-26  15:50:46
ComboFix-quarantined-files.txt  2013-07-26 13:50
.
Vor Suchlauf: 22 Verzeichnis(se), 60.102.000.640 Bytes frei
Nach Suchlauf: 23 Verzeichnis(se), 59.962.421.248 Bytes frei
.
- - End Of File - - 9CC708BFEF62B9086AB3028B28289444
A36C5E4F47E84449FF07ED3517B43A31

schrauber · 27.07.2013, 10:32

hi,

Sorry für die Verspätung, liege flach mit Grippe und Fieber.

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

und ein frisches FRST log bitte.

chillmeister · 10.08.2013, 16:31

Hallo Schrauber,

ich hoffe du hast dich gut erholt. Diesmal hat es dann bei mir etwas länger gedauert.

Hinweise:
1. Beim Start des PCs braucht er über eine Minute, um sich mit dem Internet zu verbinden. Außerdem wird mir dann ein Windows-Fenster eingeblendet, dass ein Prozess nicht ausgeführt werden kann. Ein Klick auf "wechseln zu" führt nur zu einem Fehler-Sound, aber nichts passiert. Ich klicke das Fenster also per x weg. Die Fehlermeldung kommt bei jedem Start, allerdings erst seit etwa zwei Wochen.
2. Der Antivir-Echtzeitschutz startet manchmal nicht (geschlossenes Regenschirm-Symbol), obwohl der Haken dafür gesetzt ist. Auch deaktivieren und aktivieren hilft nicht.

Adw-Cleaner-Log:

Code:

ATTFilter

# AdwCleaner v2.306 - Datei am 10/08/2013 um 16:54:40 erstellt
# Aktualisiert am 19/07/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Musemann - MUSEMANNS-HP
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Musemann\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\END
Datei Gelöscht : C:\Users\Musemann\AppData\Roaming\Microsoft\Windows\Start Menu\Startfenster.lnk
Datei Gelöscht : C:\Users\Musemann\AppData\Roaming\Mozilla\Firefox\Profiles\jkta644v.default\foxydeal.sqlite
Datei Gelöscht : C:\Users\Musemann\AppData\Roaming\Mozilla\Firefox\Profiles\jkta644v.default\searchplugins\11-suche.xml
Datei Gelöscht : C:\Users\Musemann\AppData\Roaming\Mozilla\Firefox\Profiles\jkta644v.default\searchplugins\WebSearch.xml
Ordner Gelöscht : C:\Program Files (x86)\continuetosave
Ordner Gelöscht : C:\Program Files (x86)\Movie2KDownloader.com
Ordner Gelöscht : C:\Program Files (x86)\WebSearch
Ordner Gelöscht : C:\ProgramData\APN
Ordner Gelöscht : C:\ProgramData\SweetIM
Ordner Gelöscht : C:\ProgramData\Tarma Installer
Ordner Gelöscht : C:\Users\Musemann\AppData\Local\PutLockerDownloader
Ordner Gelöscht : C:\Users\Musemann\AppData\LocalLow\boost_interprocess
Ordner Gelöscht : C:\Users\Musemann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Movie2KDownloader.com
Ordner Gelöscht : C:\Users\Musemann\AppData\Roaming\Mozilla\Firefox\Profiles\jkta644v.default\jetpack
Ordner Gelöscht : C:\Users\Musemann\AppData\Roaming\Toolplugin
Ordner Gelöscht : C:\windows\Installer\{A0C9DF2B-89B5-4483-8983-18A68200F1B4}

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\1ClickDownload
Schlüssel Gelöscht : HKCU\Software\AppDataLow\SProtector
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.com
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Features\B2FD9C0A5B9838449838816A28001F4B
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Features\EB6AF8AEEB922FA4392548F13812E50B
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Products\B2FD9C0A5B9838449838816A28001F4B
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Products\EB6AF8AEEB922FA4392548F13812E50B
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Movie2KDownloader
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\sim-packages
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4D3B167E-5FD8-4276-8FD7-9DF19C1E4D19}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Schlüssel Gelöscht : HKLM\Software\Iminent
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\BundleSweetIMSetup_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\BundleSweetIMSetup_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\SweetIM.exe
Schlüssel Gelöscht : HKLM\Software\SP Global
Schlüssel Gelöscht : HKLM\Software\SProtector
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{82AC53B4-164C-4B07-A016-437A8388B81A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A4A0CB15-8465-4F58-A7E5-73084EA2A064}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A439801C-961D-452C-AB42-7848E9CBD289}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F4EBB1E2-21F3-4786-8CF4-16EC5925867F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\blaofbhgbmeikidhlkmjhbkbfohpgekf
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{2F603A45-D956-496B-81B5-50D782424976}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{96E2E493-C484-43E3-9B95-D62EE7D40D3A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A0C9DF2B-89B5-4483-8983-18A68200F1B4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{B85C4CB2-B352-4BD8-818C-BCE353599107}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{EA8FA6BE-29BE-4AF2-9352-841F83215EB0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\1ClickDownload
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2F603A45-D956-496B-81B5-50D782424976}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B85C4CB2-B352-4BD8-818C-BCE353599107}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelperApp.exe]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarProxy.dll]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{EEE6C35B-6118-11DC-9C72-001320C79847}]

***** [Internet Browser] *****

-\\ Internet Explorer v8.0.7601.17514

Ersetzt : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main - Start Page] = hxxp://websearch.a-searchpage.info/?pid=658&r=2013/05/31&hid=4092835517&lg=EN&cc=DE&unqvl=18 --> hxxp://www.google.com

-\\ Mozilla Firefox v23.0 (de)

Datei : C:\Users\Musemann\AppData\Roaming\Mozilla\Firefox\Profiles\jkta644v.default\prefs.js

C:\Users\Musemann\AppData\Roaming\Mozilla\Firefox\Profiles\jkta644v.default\user.js ... Gelöscht !

Gelöscht : user_pref("aol_toolbar.default.homepage.check", false);
Gelöscht : user_pref("aol_toolbar.default.search.check", false);
Gelöscht : user_pref("browser.search.defaultenginename", "WebSearch");
Gelöscht : user_pref("browser.search.defaulturl", "hxxp://websearch.a-searchpage.info/?pid=658&r=2013/05/31&hid[...]
Gelöscht : user_pref("browser.search.order.1", "WebSearch");
Gelöscht : user_pref("browser.search.order.1,S", "WebSearch");
Gelöscht : user_pref("browser.search.selectedEngine", "WebSearch");
Gelöscht : user_pref("browser.search.selectedEngine,S", "WebSearch");
Gelöscht : user_pref("extensions.BabylonToolbar.prtkDS", 0);
Gelöscht : user_pref("extensions.BabylonToolbar.prtkHmpg", 0);
Gelöscht : user_pref("extensions.DivXWebPlayer@divx.com.install-event-fired", true);
Gelöscht : user_pref("extensions.enabledAddons", "DivXWebPlayer%40divx.com:2.0.2.039,facebook%40disconnect.me:2[...]
Gelöscht : user_pref("extensions.toolbar_SGT-V7@apn.ask.com.install-event-fired", true);
Gelöscht : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "");
Gelöscht : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");
Gelöscht : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "");
Gelöscht : user_pref("sweetim.toolbar.previous.keyword.URL", "");
Gelöscht : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");
Gelöscht : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "");
Gelöscht : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "");
Gelöscht : user_pref("sweetim.toolbar.searchguard.enable", "");

*************************

AdwCleaner[S1].txt - [11015 octets] - [10/08/2013 16:54:40]

########## EOF - C:\AdwCleaner[S1].txt - [11076 octets] ##########

JRT-Log:

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.2.7 (07.29.2013:1)
OS: Windows 7 Home Premium x64
Ran by Musemann on 10.08.2013 at 17:05:10,61
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-1386174764-3383274687-1770524248-1000\Software\Microsoft\Internet Explorer\Main\\Start Page



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\apnstub_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\apnstub_rasmancs



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\ytd video downloader"
Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ytd video downloader"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 10.08.2013 at 17:10:55,43
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Und ein frisches FSRT-Log:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-07-2013 (ATTENTION: FRST version is 17 days old)
Ran by Musemann (administrator) on 10-08-2013 17:13:46
Running from C:\Users\Musemann\Desktop\Media und Tools
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AMD) C:\windows\system32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\STacSV64.exe
(AMD) C:\windows\system32\atieclxx.exe
(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11\WLTRYSVC.EXE
(Microsoft Corporation) C:\windows\system32\WLANExt.exe
(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11\bcmwltry.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Cisco Systems, Inc.) C:\Program Files\VPN Client\cvpnd.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Service.exe
(BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-Network.exe
(BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-BlockDevice.exe
(BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-SharedFolder.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11\WLTRAY.EXE
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
(Gemalto N.V.) C:\Users\Musemann\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Agent.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2174760 2010-06-04] (Synaptics Incorporated)
HKLM\...\Run: [HPWirelessAssistant] - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe [363064 2010-04-05] (Hewlett-Packard)
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [489472 2011-11-22] (IDT, Inc.)
HKLM\...\Run: [Broadcom Wireless Manager UI] - C:\Program Files\Broadcom\Broadcom 802.11\WLTRAY.exe [7177728 2013-05-26] (Broadcom Corporation)
HKCU\...\Run: [LightScribe Control Panel] - C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2010-02-22] (Hewlett-Packard Company)
HKCU\...\Run: [SanDiskSecureAccess_Manager.exe] - C:\Users\Musemann\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe [30705792 2012-02-15] (Gemalto N.V.)
HKLM-x32\...\Run: [PDF Complete] - C:\Program Files (x86)\PDF Complete\pdfsty.exe [563736 2010-03-07] (PDF Complete Inc)
HKLM-x32\...\Run: [StartCCC] - "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [98304 2010-08-05] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [QLBController] - C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe /start [256056 2010-10-01] (Hewlett-Packard Company)
HKLM-x32\...\Run: [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avgnt] - "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min [345144 2013-06-27] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [amd_dc_opt] - C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
HKLM-x32\...\Run: [APSDaemon] - "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [DivXMediaServer] - C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-04-15] (DivX, LLC)
HKLM-x32\...\Run: [DivXUpdate] - "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [1263952 2013-02-13] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [BlueStacks Agent] - C:\Program Files (x86)\BlueStacks\HD-Agent.exe [601928 2013-05-13] (BlueStack Systems, Inc.)
HKLM-x32\...\Run: [iTunesHelper] - "C:\Program Files\iTunes\iTunesHelper.exe" [152392 2013-05-31] (Apple Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\Musemann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - "C:\Program Files (x86)\Internet Explorer\iexplore.exe"
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Musemann\AppData\Roaming\Mozilla\Firefox\Profiles\jkta644v.default
FF Homepage: https://www.google.de/
FF Keyword.URL: user_pref("keyword.URL", "");
FF NetworkProxy: "http", "50.22.206.179"
FF NetworkProxy: "http_port", 8080
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=10.21.2 - C:\windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @videolan.org/vlc,version=2.0.2 - C:\Program Files\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.5 - C:\Program Files\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.6 - C:\Program Files\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.7 - C:\Program Files\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\windows\SysWOW64\Adobe\Director\np32dsw_1167637.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @divx.com/DivX Plus Web Player Plug-In,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Musemann\AppData\Roaming\Mozilla\Firefox\Profiles\jkta644v.default\searchplugins\boersebz.xml
FF SearchPlugin: C:\Users\Musemann\AppData\Roaming\Mozilla\Firefox\Profiles\jkta644v.default\searchplugins\englische-ergebnisse.xml
FF SearchPlugin: C:\Users\Musemann\AppData\Roaming\Mozilla\Firefox\Profiles\jkta644v.default\searchplugins\gmx-suche.xml
FF SearchPlugin: C:\Users\Musemann\AppData\Roaming\Mozilla\Firefox\Profiles\jkta644v.default\searchplugins\lastminute.xml
FF SearchPlugin: C:\Users\Musemann\AppData\Roaming\Mozilla\Firefox\Profiles\jkta644v.default\searchplugins\openstreetmap.xml
FF SearchPlugin: C:\Users\Musemann\AppData\Roaming\Mozilla\Firefox\Profiles\jkta644v.default\searchplugins\webde-suche.xml
FF SearchPlugin: C:\Users\Musemann\AppData\Roaming\Mozilla\Firefox\Profiles\jkta644v.default\searchplugins\youtube-videosuche.xml
FF Extension: No Name - C:\Users\Musemann\AppData\Roaming\Mozilla\Firefox\Profiles\jkta644v.default\Extensions\foxmarks@kei.com
FF Extension: ProxTube - Gesperrte YouTube Videos entsperren - C:\Users\Musemann\AppData\Roaming\Mozilla\Firefox\Profiles\jkta644v.default\Extensions\ich@maltegoetz.de
FF Extension: WOT - C:\Users\Musemann\AppData\Roaming\Mozilla\Firefox\Profiles\jkta644v.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF Extension: DownloadHelper - C:\Users\Musemann\AppData\Roaming\Mozilla\Firefox\Profiles\jkta644v.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF Extension: canitbecheaper - C:\Users\Musemann\AppData\Roaming\Mozilla\Firefox\Profiles\jkta644v.default\Extensions\canitbecheaper@trafficbroker.co.uk.xpi
FF Extension: DivXWebPlayer - C:\Users\Musemann\AppData\Roaming\Mozilla\Firefox\Profiles\jkta644v.default\Extensions\DivXWebPlayer@divx.com.xpi
FF Extension: facebook - C:\Users\Musemann\AppData\Roaming\Mozilla\Firefox\Profiles\jkta644v.default\Extensions\facebook@disconnect.me.xpi
FF Extension: jid0-9XfBwUWnvPx4wWsfBWMCm4Jj69E - C:\Users\Musemann\AppData\Roaming\Mozilla\Firefox\Profiles\jkta644v.default\Extensions\jid0-9XfBwUWnvPx4wWsfBWMCm4Jj69E@jetpack.xpi
FF Extension: SciLorsGrooveUnlocker - C:\Users\Musemann\AppData\Roaming\Mozilla\Firefox\Profiles\jkta644v.default\Extensions\SciLorsGrooveUnlocker@scilor.com.xpi
FF Extension: searchy - C:\Users\Musemann\AppData\Roaming\Mozilla\Firefox\Profiles\jkta644v.default\Extensions\searchy@searchy.xpi
FF Extension: stefanvandamme - C:\Users\Musemann\AppData\Roaming\Mozilla\Firefox\Profiles\jkta644v.default\Extensions\stefanvandamme@stefanvd.net.xpi
FF Extension: testpilot - C:\Users\Musemann\AppData\Roaming\Mozilla\Firefox\Profiles\jkta644v.default\Extensions\testpilot@labs.mozilla.com.xpi
FF Extension: toolbar - C:\Users\Musemann\AppData\Roaming\Mozilla\Firefox\Profiles\jkta644v.default\Extensions\toolbar@web.de.xpi
FF Extension: videoresumer - C:\Users\Musemann\AppData\Roaming\Mozilla\Firefox\Profiles\jkta644v.default\Extensions\videoresumer@jetpack.xpi
FF Extension: youtubeunblocker - C:\Users\Musemann\AppData\Roaming\Mozilla\Firefox\Profiles\jkta644v.default\Extensions\youtubeunblocker@unblocker.yt.xpi
FF Extension: No Name - C:\Users\Musemann\AppData\Roaming\Mozilla\Firefox\Profiles\jkta644v.default\Extensions\{c36177c0-224a-11da-8cd6-0800200c9a91}.xpi
FF Extension: No Name - C:\Users\Musemann\AppData\Roaming\Mozilla\Firefox\Profiles\jkta644v.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF StartMenuInternet: FIREFOX.EXE - "C:\Program Files\firefox.exe"

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-06-27] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-06-27] (Avira Operations GmbH & Co. KG)
R2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [393032 2013-05-13] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [384840 2013-05-13] (BlueStack Systems, Inc.)
R2 CVPND; C:\Program Files\VPN Client\cvpnd.exe [1528616 2010-03-23] (Cisco Systems, Inc.)
R2 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe [280120 2010-10-01] (Hewlett-Packard Company)
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [635416 2010-03-07] (PDF Complete Inc)
R2 wltrysvc; C:\Program Files\Broadcom\Broadcom 802.11\WLTRYSVC.EXE [48128 2013-05-26] (Broadcom Corporation)

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [100712 2013-04-28] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130016 2013-04-28] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-04-28] (Avira Operations GmbH & Co. KG)
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [70984 2013-05-13] (BlueStack Systems)
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [70984 2013-05-13] (BlueStack Systems)
R2 cpuz135; C:\windows\system32\drivers\cpuz135_x64.sys [21992 2011-09-21] (CPUID)
R3 CVPNDRVA; C:\windows\system32\Drivers\CVPNDRVA.sys [304784 2010-03-23] ()
R3 CVPNDRVA; C:\windows\system32\Drivers\CVPNDRVA.sys [304784 2010-03-23] ()
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1803904 2010-06-23] ()
S2 tandpl; C:\Windows\SysWow64\drivers\tandpl.sys [4736 2003-04-19] ()
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-06-21] (Anchorfree Inc.)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S1 SBRE; \??\C:\windows\system32\drivers\SBREdrv.sys [x]
S2 tandpl; System32\drivers\tandpl.sys [x]
S3 vpnva; system32\DRIVERS\vpnva64.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-08-10 17:05 - 2013-08-10 17:05 - 00000000 ____D C:\windows\ERUNT
2013-08-10 16:54 - 2013-08-10 16:55 - 00011122 _____ C:\AdwCleaner[S1].txt
2013-08-10 16:06 - 2013-08-10 16:06 - 00070457 _____ C:\Users\Musemann\Desktop\Selbstauskunft
2013-08-10 12:35 - 2013-08-10 13:03 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2013-08-08 17:03 - 2013-08-08 17:03 - 00107317 _____ C:\Users\Musemann\Desktop\Nachtrag zum Mietvertrag.jpeg
2013-08-08 17:03 - 2013-08-08 17:03 - 00060911 _____ C:\Users\Musemann\Desktop\Zustimmung Mieterhöhung.jpeg
2013-08-08 16:52 - 2013-08-10 12:19 - 00000000 ____D C:\Users\Musemann\AppData\Roaming\SanDisk
2013-08-08 16:52 - 2013-08-08 16:52 - 00000000 ____D C:\Users\Musemann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SanDisk SecureAccess Manager
2013-08-08 16:51 - 2013-08-08 16:51 - 00000000 ____D C:\Users\Musemann\AppData\Roaming\SanDisk SecureAccess
2013-07-26 15:51 - 2013-07-26 15:51 - 00023653 _____ C:\ComboFix.txt
2013-07-26 15:11 - 2013-07-26 15:52 - 00000000 ____D C:\ComboFix
2013-07-26 14:18 - 2013-07-26 15:52 - 00000000 ____D C:\Qoobox
2013-07-26 14:18 - 2011-06-26 08:45 - 00256000 _____ C:\windows\PEV.exe
2013-07-26 14:18 - 2010-11-07 19:20 - 00208896 _____ C:\windows\MBR.exe
2013-07-26 14:18 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe
2013-07-26 14:18 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe
2013-07-26 14:18 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe
2013-07-26 14:18 - 2000-08-31 02:00 - 00098816 _____ C:\windows\sed.exe
2013-07-26 14:18 - 2000-08-31 02:00 - 00080412 _____ C:\windows\grep.exe
2013-07-26 14:18 - 2000-08-31 02:00 - 00068096 _____ C:\windows\zip.exe
2013-07-26 14:17 - 2013-07-26 15:45 - 00000000 ____D C:\windows\erdnt
2013-07-25 21:14 - 2013-07-25 21:14 - 00001378 _____ C:\Users\Musemann\Desktop\Geistiges Eigentum - Verknüpfung.lnk
2013-07-25 19:55 - 2013-08-06 19:58 - 00009900 _____ C:\Users\Musemann\Desktop\Bestandsaufnahme, Hoffnungen, Ängste, Pläne fürs Wiederkommen.odt
2013-07-25 01:47 - 2013-07-25 01:47 - 11640134 _____ C:\Users\Musemann\Desktop\clip_june_07.wmv
2013-07-25 00:44 - 2013-07-25 00:44 - 00000000 ____D C:\FRST
2013-07-24 21:56 - 2013-08-07 17:10 - 00000320 _____ C:\Users\Musemann\Desktop\Besorgen für Jakarta.txt
2013-07-24 20:47 - 2013-07-25 20:07 - 00000102 _____ C:\Users\Musemann\Desktop\Wen will ich treffen, bevor ich weg bin.txt
2013-07-24 20:23 - 2013-07-26 00:37 - 00000186 _____ C:\Users\Musemann\Desktop\Termine ab Münster.txt
2013-07-24 20:07 - 2013-07-25 19:57 - 00000335 _____ C:\Users\Musemann\Desktop\Treffen mit Olli Bellstedt.txt
2013-07-24 18:59 - 2013-07-24 18:59 - 00002726 _____ C:\Users\Musemann\Desktop\Gmer.log
2013-07-24 17:43 - 2013-07-24 17:43 - 00106762 _____ C:\Users\Musemann\Desktop\OTL.Txt
2013-07-19 17:12 - 2013-08-08 04:12 - 00000000 ____D C:\Program Files\browser
2013-07-19 17:12 - 2013-07-19 17:12 - 00000000 ____D C:\Program Files\defaults
2013-07-18 02:24 - 2013-07-18 02:28 - 00000000 ____D C:\Users\Musemann\dwhelper
2013-07-18 01:55 - 2013-07-18 02:03 - 00000000 ____D C:\Program Files\extensions
2013-07-18 01:55 - 2013-07-18 01:55 - 00000000 ____D C:\Program Files (x86)\GreenTree Applications
2013-07-11 16:51 - 2013-06-04 08:00 - 00624128 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll
2013-07-11 16:51 - 2013-06-04 06:53 - 00509440 _____ (Microsoft Corporation) C:\windows\SysWOW64\qedit.dll
2013-07-11 16:51 - 2013-05-06 08:03 - 01887744 _____ (Microsoft Corporation) C:\windows\system32\WMVDECOD.DLL
2013-07-11 16:51 - 2013-05-06 06:56 - 01620480 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMVDECOD.DLL
2013-07-11 16:50 - 2013-06-05 05:34 - 03153920 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2013-07-11 16:50 - 2013-04-10 07:45 - 01545728 _____ (Microsoft Corporation) C:\windows\system32\DWrite.dll
2013-07-11 16:50 - 2013-04-10 07:02 - 01077760 _____ (Microsoft Corporation) C:\windows\SysWOW64\DWrite.dll

==================== One Month Modified Files and Folders =======

2013-08-10 17:12 - 2011-09-23 18:16 - 00000000 ___RD C:\Users\Musemann\Desktop\Media und Tools
2013-08-10 17:07 - 2009-07-14 06:45 - 00019760 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-10 17:07 - 2009-07-14 06:45 - 00019760 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-10 17:05 - 2013-08-10 17:05 - 00000000 ____D C:\windows\ERUNT
2013-08-10 16:57 - 2012-05-14 05:16 - 00030548 _____ C:\windows\setupact.log
2013-08-10 16:57 - 2012-04-25 19:54 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-08-10 16:57 - 2009-07-14 07:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2013-08-10 16:56 - 2011-03-09 13:27 - 01923601 _____ C:\windows\WindowsUpdate.log
2013-08-10 16:55 - 2013-08-10 16:54 - 00011122 _____ C:\AdwCleaner[S1].txt
2013-08-10 16:52 - 2012-05-20 17:05 - 00000884 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2013-08-10 16:49 - 2011-09-05 11:29 - 00000000 ____D C:\Users\Musemann\AppData\Roaming\vlc
2013-08-10 16:29 - 2012-07-01 18:13 - 00000000 ____D C:\Stuff
2013-08-10 16:06 - 2013-08-10 16:06 - 00070457 _____ C:\Users\Musemann\Desktop\Selbstauskunft
2013-08-10 13:03 - 2013-08-10 12:35 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2013-08-10 12:28 - 2013-07-10 22:11 - 00000420 _____ C:\Users\Musemann\Desktop\Köln.txt
2013-08-10 12:19 - 2013-08-08 16:52 - 00000000 ____D C:\Users\Musemann\AppData\Roaming\SanDisk
2013-08-08 17:03 - 2013-08-08 17:03 - 00107317 _____ C:\Users\Musemann\Desktop\Nachtrag zum Mietvertrag.jpeg
2013-08-08 17:03 - 2013-08-08 17:03 - 00060911 _____ C:\Users\Musemann\Desktop\Zustimmung Mieterhöhung.jpeg
2013-08-08 16:53 - 2010-12-09 00:40 - 00654400 _____ C:\windows\system32\perfh007.dat
2013-08-08 16:53 - 2010-12-09 00:40 - 00130240 _____ C:\windows\system32\perfc007.dat
2013-08-08 16:53 - 2009-07-14 07:13 - 01498742 _____ C:\windows\system32\PerfStringBackup.INI
2013-08-08 16:52 - 2013-08-08 16:52 - 00000000 ____D C:\Users\Musemann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SanDisk SecureAccess Manager
2013-08-08 16:51 - 2013-08-08 16:51 - 00000000 ____D C:\Users\Musemann\AppData\Roaming\SanDisk SecureAccess
2013-08-08 04:17 - 2011-08-27 17:41 - 00000000 ____D C:\Program Files\uninstall
2013-08-08 04:12 - 2013-07-19 17:12 - 00000000 ____D C:\Program Files\browser
2013-08-08 04:12 - 2013-04-28 10:56 - 00026520 _____ (Mozilla Corporation) C:\Program Files\plugin-hang-ui.exe
2013-08-08 04:12 - 2013-01-12 21:34 - 00000000 ____D C:\Program Files\webapprt
2013-08-08 04:12 - 2012-10-11 01:59 - 00170232 _____ (Mozilla Corporation) C:\Program Files\webapp-uninstaller.exe
2013-08-08 04:12 - 2012-10-11 01:59 - 00092056 _____ (Mozilla Foundation) C:\Program Files\webapprt-stub.exe
2013-08-08 04:12 - 2012-08-29 22:48 - 00074136 _____ (Mozilla Foundation) C:\Program Files\breakpadinjector.dll
2013-08-08 04:12 - 2012-04-25 19:53 - 00193824 _____ (Mozilla Corporation) C:\Program Files\maintenanceservice_installer.exe
2013-08-08 04:12 - 2012-04-25 19:53 - 00117656 _____ (Mozilla Foundation) C:\Program Files\maintenanceservice.exe
2013-08-08 04:12 - 2012-04-15 21:18 - 03429784 _____ (Mozilla Foundation) C:\Program Files\gkmedias.dll
2013-08-08 04:12 - 2012-04-15 21:18 - 00157592 _____ (Mozilla Foundation) C:\Program Files\mozglue.dll
2013-08-08 04:12 - 2012-02-08 18:21 - 07231369 _____ C:\Program Files\omni.ja
2013-08-08 04:12 - 2011-08-27 17:41 - 20605336 _____ (Mozilla Foundation) C:\Program Files\xul.dll
2013-08-08 04:12 - 2011-08-27 17:41 - 03534232 _____ C:\Program Files\mozjs.dll
2013-08-08 04:12 - 2011-08-27 17:41 - 01914776 _____ (Mozilla Foundation) C:\Program Files\nss3.dll
2013-08-08 04:12 - 2011-08-27 17:41 - 00478104 _____ (Mozilla Foundation) C:\Program Files\libGLESv2.dll
2013-08-08 04:12 - 2011-08-27 17:41 - 00392600 _____ (Mozilla Foundation) C:\Program Files\nssckbi.dll
2013-08-08 04:12 - 2011-08-27 17:41 - 00301976 _____ (Mozilla Foundation) C:\Program Files\freebl3.dll
2013-08-08 04:12 - 2011-08-27 17:41 - 00276376 _____ (Mozilla Corporation) C:\Program Files\firefox.exe
2013-08-08 04:12 - 2011-08-27 17:41 - 00272792 _____ (Mozilla Foundation) C:\Program Files\updater.exe
2013-08-08 04:12 - 2011-08-27 17:41 - 00152984 _____ (Mozilla Foundation) C:\Program Files\softokn3.dll
2013-08-08 04:12 - 2011-08-27 17:41 - 00116120 _____ (Mozilla Foundation) C:\Program Files\crashreporter.exe
2013-08-08 04:12 - 2011-08-27 17:41 - 00091544 _____ (Mozilla Foundation) C:\Program Files\nssdbm3.dll
2013-08-08 04:12 - 2011-08-27 17:41 - 00059288 _____ (Mozilla Foundation) C:\Program Files\libEGL.dll
2013-08-08 04:12 - 2011-08-27 17:41 - 00019352 _____ (Mozilla Foundation) C:\Program Files\AccessibleMarshal.dll
2013-08-08 04:12 - 2011-08-27 17:41 - 00017304 _____ (Mozilla Corporation) C:\Program Files\plugin-container.exe
2013-08-08 04:12 - 2011-08-27 17:41 - 00016280 _____ (Mozilla Foundation) C:\Program Files\mozalloc.dll
2013-08-08 04:12 - 2011-08-27 17:41 - 00001928 _____ C:\Program Files\precomplete
2013-08-08 04:12 - 2011-08-27 17:41 - 00000899 _____ C:\Program Files\softokn3.chk
2013-08-08 04:12 - 2011-08-27 17:41 - 00000899 _____ C:\Program Files\nssdbm3.chk
2013-08-08 04:12 - 2011-08-27 17:41 - 00000899 _____ C:\Program Files\freebl3.chk
2013-08-08 04:12 - 2011-08-27 17:41 - 00000633 _____ C:\Program Files\application.ini
2013-08-08 04:12 - 2011-08-27 17:41 - 00000140 _____ C:\Program Files\platform.ini
2013-08-08 04:12 - 2011-08-27 17:41 - 00000099 _____ C:\Program Files\dependentlibs.list
2013-08-07 17:10 - 2013-07-24 21:56 - 00000320 _____ C:\Users\Musemann\Desktop\Besorgen für Jakarta.txt
2013-08-07 16:36 - 2013-06-26 09:49 - 00000000 ____D C:\Program Files\updated
2013-08-06 20:03 - 2012-12-06 11:35 - 00027584 _____ C:\Users\Musemann\Desktop\Vision.odt
2013-08-06 19:58 - 2013-07-25 19:55 - 00009900 _____ C:\Users\Musemann\Desktop\Bestandsaufnahme, Hoffnungen, Ängste, Pläne fürs Wiederkommen.odt
2013-08-06 16:25 - 2011-11-01 01:52 - 00000000 _____ C:\windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2013-08-06 16:25 - 2011-08-28 07:13 - 00000052 _____ C:\windows\SysWOW64\DOErrors.log
2013-07-30 15:29 - 2011-09-27 19:47 - 00000000 ____D C:\Users\Musemann\Desktop\Bilder
2013-07-29 22:15 - 2013-04-29 11:04 - 00003204 _____ C:\windows\System32\Tasks\HPCeeScheduleForMusemann
2013-07-29 22:15 - 2013-04-29 11:04 - 00000344 _____ C:\windows\Tasks\HPCeeScheduleForMusemann.job
2013-07-26 23:17 - 2012-11-18 09:00 - 00013275 _____ C:\Users\Musemann\Desktop\Ideensammlung für Jobs, Praktika, Zukunftsplanung.odt
2013-07-26 19:30 - 2011-10-06 03:04 - 00000000 ____D C:\Users\Musemann\AppData\Local\CrashDumps
2013-07-26 15:56 - 2012-06-07 17:39 - 00104118 _____ C:\windows\PFRO.log
2013-07-26 15:52 - 2013-07-26 15:11 - 00000000 ____D C:\ComboFix
2013-07-26 15:52 - 2013-07-26 14:18 - 00000000 ____D C:\Qoobox
2013-07-26 15:51 - 2013-07-26 15:51 - 00023653 _____ C:\ComboFix.txt
2013-07-26 15:45 - 2013-07-26 14:17 - 00000000 ____D C:\windows\erdnt
2013-07-26 15:28 - 2009-07-14 04:34 - 00000215 _____ C:\windows\system.ini
2013-07-26 00:37 - 2013-07-24 20:23 - 00000186 _____ C:\Users\Musemann\Desktop\Termine ab Münster.txt
2013-07-25 21:14 - 2013-07-25 21:14 - 00001378 _____ C:\Users\Musemann\Desktop\Geistiges Eigentum - Verknüpfung.lnk
2013-07-25 20:07 - 2013-07-24 20:47 - 00000102 _____ C:\Users\Musemann\Desktop\Wen will ich treffen, bevor ich weg bin.txt
2013-07-25 19:57 - 2013-07-24 20:07 - 00000335 _____ C:\Users\Musemann\Desktop\Treffen mit Olli Bellstedt.txt
2013-07-25 01:47 - 2013-07-25 01:47 - 11640134 _____ C:\Users\Musemann\Desktop\clip_june_07.wmv
2013-07-25 00:44 - 2013-07-25 00:44 - 00000000 ____D C:\FRST
2013-07-24 21:27 - 2013-05-22 11:21 - 00001425 _____ C:\Users\Musemann\Desktop\To do.txt
2013-07-24 18:59 - 2013-07-24 18:59 - 00002726 _____ C:\Users\Musemann\Desktop\Gmer.log
2013-07-24 17:43 - 2013-07-24 17:43 - 00106762 _____ C:\Users\Musemann\Desktop\OTL.Txt
2013-07-24 13:04 - 2012-05-20 17:05 - 00692104 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2013-07-24 13:04 - 2012-05-20 17:05 - 00071048 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-07-24 13:04 - 2012-05-20 17:05 - 00003822 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2013-07-24 13:04 - 2011-09-23 20:37 - 00000000 ____D C:\Users\Musemann\AppData\Local\Adobe
2013-07-19 19:31 - 2011-11-16 19:40 - 00000000 ___RD C:\Dropbox
2013-07-19 19:31 - 2011-11-16 19:31 - 00000000 ____D C:\Users\Musemann\AppData\Roaming\Dropbox
2013-07-19 17:15 - 2011-08-27 17:41 - 00025786 _____ C:\Program Files\install.log
2013-07-19 17:12 - 2013-07-19 17:12 - 00000000 ____D C:\Program Files\defaults
2013-07-18 18:13 - 2012-03-17 22:06 - 00018941 _____ C:\Users\Musemann\Desktop\Hausarbeit Guttenberg.odt
2013-07-18 05:48 - 2012-09-22 05:43 - 00010240 _____ C:\Users\Musemann\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-07-18 02:28 - 2013-07-18 02:24 - 00000000 ____D C:\Users\Musemann\dwhelper
2013-07-18 02:24 - 2011-08-27 16:39 - 00000000 ____D C:\Users\Musemann
2013-07-18 02:03 - 2013-07-18 01:55 - 00000000 ____D C:\Program Files\extensions
2013-07-18 01:55 - 2013-07-18 01:55 - 00000000 ____D C:\Program Files (x86)\GreenTree Applications
2013-07-12 12:54 - 2009-07-14 06:45 - 00306144 _____ C:\windows\system32\FNTCACHE.DAT
2013-07-12 12:51 - 2009-07-27 16:27 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-12 12:51 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-12 12:51 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-07-11 19:18 - 2013-05-05 15:52 - 00000000 ____D C:\Users\Musemann\Desktop\Kulturweit
2013-07-11 18:17 - 2011-10-12 00:27 - 78185248 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2013-07-11 03:20 - 2012-05-27 18:21 - 00000000 ____D C:\Users\Musemann\AppData\Roaming\dvdcss
2013-07-11 03:16 - 2013-06-20 03:26 - 00041320 _____ C:\Users\Musemann\Desktop\Tagebuch.odt
2013-07-11 03:04 - 2012-05-10 05:59 - 00033555 _____ C:\Users\Musemann\Desktop\Essay zur Arbeitskultur Unbehagen.odt

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-08-07 16:10

==================== End Of Log ============================

--- --- ---

schrauber · 10.08.2013, 21:28

Lesestoff:
Warum wir Avira nicht mehr empfehlen
Avira liefert seit einiger Zeit mit der Standardinstallation die Ask Toolbar mit aus. Diese Toolbar ist Voraussetzung dafür, dass der Webguard zuverlässig funktioniert. Die Ask Toolbar ist dafür bekannt, dass sie das Surfverhalten des Benutzers ausspioniert, um damit in letzter Konsequenz Geld zu verdienen. Daher wird von uns auf diesem Board als "schädlich" eingestuft. Mehr Informationen.

Eine Sicherheitsfirma, die dem Benutzer praktisch ungefragt schädliche Software "unterjubelt", scheidet für uns daher aus. Wir empfehlen daher allen Nutzern von Avira aufgrund dieser Geschäftspraktik, der teilweise äußerst schlechten Erkennungsrate und der überaus nervtötenden Werbung Avira zu deinstallieren und auf ein alternatives Produkt auszuweichen.

Solltest du dich zu einem Wechsel entscheiden, empfehlen wir dir nach der Deinstallation mit dem Avira-Cleaner alle Reste zu entfernen.

Was für ne Fehlermeldung? Wortlaut? Screenshot?

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

und ein frisches FRST log bitte.

chillmeister · 27.01.2014, 12:13

Hallo Schrauber,

mit einem halben Jahr Verspätung poste ich dir jetzt meine Logs. Der Eset-Scan hat bei meinen ersten Versuchen mehrere Stunden gedauert, sodass ich ihn dann abgebrochen und lange aufgeschoben habe. Jetzt aber.

Hauptproblem: Immer wieder "eingeschränkter Zugriff" beim Wifi (gelbes Ausrufezeichen auf den Wifi-Balken in der Task-Leiste), ich komme dann nicht ins Internet.
Außerdem: Ich verwalte mit meinem Thunderbird zwei Mailadressen. Weiterhin kommen alle Mails über Thunderbird an, aber ich kann keine mehr über Thunderbird verschicken (nur noch über die Webclients der jeweiligen Adressen einlogge). Fehlermeldung: Thunderbird könne keine Verbindung zum jeweiligen SMTP-Server aufbauen. Diese Server haben sich aber nicht geändert, geändert hat sich nur dass ich keine Verbindung zu ihnen bekomme.

Dafür tritt nun die Fehlermeldung, von der ich in einem älteren Post gesprochen habe, kaum mehr auf. Sie kam immer beim Erscheinen des Windows-Desktop nach einigen Sekunden. Exakter Wortlaut: "Dieser Vorgang kann nicht ausgeführt werden,
da die andere Anwendung aktiv ist. "wechseln zu" oder "wiederholen". Windows Problembehandlung: Der DNS-Server antwortet nicht"

Antivir deinstalliere ich gerne, kannst du mir eine kostenlose Alternative empfehlen?
Und hier nun endlich die Logs:

Eset:

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=b4e4b67012294e45ad92085368a38353
# engine=16745
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-01-22 09:19:56
# local_time=2014-01-22 04:19:56 (+0700, Südostasiatische Normalzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 96 0 255798486 0 0
# compatibility_mode=5893 16776573 100 94 57789 142012246 0 0
# scanned=228172
# found=0
# cleaned=0
# scan_time=7792

SecurityCheck:

Code:

ATTFilter

 Results of screen317's Security Check version 0.99.72  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
``````````````Antivirus/Firewall Check:`````````````` 
Avira Desktop   
 Antivirus up to date!  (On Access scanning disabled!) 
`````````Anti-malware/Other Utilities Check:````````` 
 Malwarebytes Anti-Malware Version 1.75.0.1300  
 Java 7 Update 45  
 Java version out of Date! 
 Adobe Flash Player 11.9.900.170  
 Adobe Reader 10.1.9 Adobe Reader out of Date!  
 Mozilla Firefox (26.0) 
 Mozilla Thunderbird (24.2.0) 
````````Process Check: objlist.exe by Laurent````````  
 Avira Antivir avgnt.exe 
 Avira Antivir avguard.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````

Und ein frisches FRST-Log, private Textdateinamen habe ich mit "xxx" ersetzt. Was mir schonmal auffällt. Der Websear-Guru sollte da wahrscheinlich nicht sein.

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-01-2014
Ran by Musemann (administrator) on MUSEMANNS-HP on 22-01-2014 17:28:00
Running from C:\Users\Musemann\Desktop\Media und Tools
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11\WLTRYSVC.EXE
(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11\BCMWLTRY.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Cisco Systems, Inc.) C:\Program Files\VPN Client\cvpnd.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11\WLTRAY.EXE
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Agent.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Flexera Software LLC.) C:\ProgramData\FLEXnet\Connect\11\agent.exe
(Flexera Software LLC.) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
(Dropbox, Inc.) C:\Users\Musemann\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Mozilla Corporation) C:\Program Files\firefox.exe
(Mozilla Corporation) C:\Program Files\plugin-container.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2174760 2010-06-04] (Synaptics Incorporated)
HKLM\...\Run: [HPWirelessAssistant] - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe [363064 2010-04-06] (Hewlett-Packard)
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [489472 2011-11-22] (IDT, Inc.)
HKLM\...\Run: [Broadcom Wireless Manager UI] - C:\Program Files\Broadcom\Broadcom 802.11\WLTRAY.exe [7177728 2013-05-27] (Broadcom Corporation)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-08-05] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [QLBController] - C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe [256056 2010-10-01] (Hewlett-Packard Company)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [684600 2013-12-19] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [amd_dc_opt] - C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-22] (Apple Inc.)
HKLM-x32\...\Run: [DivXMediaServer] - C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-04-15] (DivX, LLC)
HKLM-x32\...\Run: [DivXUpdate] - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1263952 2013-02-13] ()
HKLM-x32\...\Run: [BlueStacks Agent] - C:\Program Files (x86)\BlueStacks\HD-Agent.exe [601928 2013-05-13] (BlueStack Systems, Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [ISUSPM] - C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe [2068856 2011-10-12] (Flexera Software LLC.)
HKLM-x32\...\Run: [DNS7reminder] - C:\Program Files (x86)\Nuance\NaturallySpeaking12\Ereg\Ereg.exe [328992 2010-10-27] (Nuance Communications, Inc.)
HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2014-01-14] (Hewlett-Packard)
HKCU\...\Run: [LightScribe Control Panel] - C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2010-02-23] (Hewlett-Packard Company)
HKCU\...\Run: [ISUSPM] - C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [2068856 2011-10-12] (Flexera Software LLC.)
AppInit_DLLs-x32: c:\progra~2\websea~1\sprote~1.dll => C:\Program Files (x86)\WebSearch\sprotector.dll [1044480 2013-01-24] ()
Startup: C:\Users\Musemann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://websearch.searchguru.info/?pid=658&r=2013/12/08&hid=2630995699&lg=EN&cc=DE&unqvl=43
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://websearch.searchguru.info/?pid=658&r=2013/12/08&hid=2630995699&lg=EN&cc=DE&unqvl=43
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 - {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = hxxp://websearch.searchguru.info/?l=1&q={searchTerms}&pid=658&r=2013/12/08&hid=2630995699&lg=EN&cc=DE&unqvl=43
SearchScopes: HKCU - DefaultScope {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = hxxp://websearch.searchguru.info/?l=1&q={searchTerms}&pid=658&r=2013/12/08&hid=2630995699&lg=EN&cc=DE&unqvl=43
SearchScopes: HKCU - {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = hxxp://websearch.searchguru.info/?l=1&q={searchTerms}&pid=658&r=2013/12/08&hid=2630995699&lg=EN&cc=DE&unqvl=43
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Musemann\AppData\Roaming\Mozilla\Firefox\Profiles\jkta644v.default
FF DefaultSearchEngine: WebSearch
FF SearchEngineOrder.1: WebSearch
FF SearchEngineOrder.user_pref("browser.search.order.1,S", "WebSearch");: user_pref("browser.search.order.1,S", "WebSearch");
FF SelectedSearchEngine: WebSearch
FF Homepage: hxxp://websearch.searchguru.info/?pid=658&r=2013/12/08&hid=2630995699&lg=EN&cc=DE&unqvl=43
FF NetworkProxy: "http", "50.22.206.179"
FF NetworkProxy: "http_port", 8080
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=10.21.2 - C:\windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @videolan.org/vlc,version=2.0.2 - C:\Program Files\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.5 - C:\Program Files\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.6 - C:\Program Files\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.7 - C:\Program Files\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.8 - C:\Program Files\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\windows\SysWOW64\Adobe\Director\np32dsw_1167637.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @divx.com/DivX Plus Web Player Plug-In,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: nuance.com/DragonRIAPlugin - C:\PROGRA~2\Nuance\NATURA~1\Program\npDgnRia.dll (Nuance Communications Inc.)
FF SearchPlugin: C:\Users\Musemann\AppData\Roaming\Mozilla\Firefox\Profiles\jkta644v.default\searchplugins\11-suche.xml
FF SearchPlugin: C:\Users\Musemann\AppData\Roaming\Mozilla\Firefox\Profiles\jkta644v.default\searchplugins\boersebz.xml
FF SearchPlugin: C:\Users\Musemann\AppData\Roaming\Mozilla\Firefox\Profiles\jkta644v.default\searchplugins\englische-ergebnisse.xml
FF SearchPlugin: C:\Users\Musemann\AppData\Roaming\Mozilla\Firefox\Profiles\jkta644v.default\searchplugins\gmx-suche.xml
FF SearchPlugin: C:\Users\Musemann\AppData\Roaming\Mozilla\Firefox\Profiles\jkta644v.default\searchplugins\lastminute.xml
FF SearchPlugin: C:\Users\Musemann\AppData\Roaming\Mozilla\Firefox\Profiles\jkta644v.default\searchplugins\openstreetmap.xml
FF SearchPlugin: C:\Users\Musemann\AppData\Roaming\Mozilla\Firefox\Profiles\jkta644v.default\searchplugins\webde-suche.xml
FF SearchPlugin: C:\Users\Musemann\AppData\Roaming\Mozilla\Firefox\Profiles\jkta644v.default\searchplugins\WebSearch.xml
FF SearchPlugin: C:\Users\Musemann\AppData\Roaming\Mozilla\Firefox\Profiles\jkta644v.default\searchplugins\youtube-videosuche.xml
FF Extension: Xmarks - C:\Users\Musemann\AppData\Roaming\Mozilla\Firefox\Profiles\jkta644v.default\Extensions\foxmarks@kei.com [2013-05-21]
FF Extension: ProxTube - Unblock YouTube - C:\Users\Musemann\AppData\Roaming\Mozilla\Firefox\Profiles\jkta644v.default\Extensions\ich@maltegoetz.de [2013-12-11]
FF Extension: YouTube Unblocker - C:\Users\Musemann\AppData\Roaming\Mozilla\Firefox\Profiles\jkta644v.default\Extensions\youtubeunblocker@unblocker.yt [2014-01-17]
FF Extension: WOT - C:\Users\Musemann\AppData\Roaming\Mozilla\Firefox\Profiles\jkta644v.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2013-12-01]
FF Extension: DownloadHelper - C:\Users\Musemann\AppData\Roaming\Mozilla\Firefox\Profiles\jkta644v.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2013-08-28]
FF Extension: InvisibleHand - C:\Users\Musemann\AppData\Roaming\Mozilla\Firefox\Profiles\jkta644v.default\Extensions\canitbecheaper@trafficbroker.co.uk.xpi [2013-02-18]
FF Extension: DivX Web Player - C:\Users\Musemann\AppData\Roaming\Mozilla\Firefox\Profiles\jkta644v.default\Extensions\DivXWebPlayer@divx.com.xpi [2011-10-12]
FF Extension: Facebook Disconnect - C:\Users\Musemann\AppData\Roaming\Mozilla\Firefox\Profiles\jkta644v.default\Extensions\facebook@disconnect.me.xpi [2012-04-06]
FF Extension: Self-Destructing Cookies - C:\Users\Musemann\AppData\Roaming\Mozilla\Firefox\Profiles\jkta644v.default\Extensions\jid0-9XfBwUWnvPx4wWsfBWMCm4Jj69E@jetpack.xpi [2013-04-28]
FF Extension: SciLor's Grooveshark(tm) Unlocker for Germany - C:\Users\Musemann\AppData\Roaming\Mozilla\Firefox\Profiles\jkta644v.default\Extensions\SciLorsGrooveUnlocker@scilor.com.xpi [2012-05-17]
FF Extension: InstantFox - C:\Users\Musemann\AppData\Roaming\Mozilla\Firefox\Profiles\jkta644v.default\Extensions\searchy@searchy.xpi [2013-04-28]
FF Extension: Turn Off the Lights - C:\Users\Musemann\AppData\Roaming\Mozilla\Firefox\Profiles\jkta644v.default\Extensions\stefanvandamme@stefanvd.net.xpi [2013-06-04]
FF Extension: Test Pilot - C:\Users\Musemann\AppData\Roaming\Mozilla\Firefox\Profiles\jkta644v.default\Extensions\testpilot@labs.mozilla.com.xpi [2013-01-13]
FF Extension: WEB.DE MailCheck - C:\Users\Musemann\AppData\Roaming\Mozilla\Firefox\Profiles\jkta644v.default\Extensions\toolbar@web.de.xpi [2011-12-20]
FF Extension: Video Resumer - C:\Users\Musemann\AppData\Roaming\Mozilla\Firefox\Profiles\jkta644v.default\Extensions\videoresumer@jetpack.xpi [2013-06-04]
FF Extension: {134cef13-aa85-46ce-b169-dcb8787a2e45} - C:\Users\Musemann\AppData\Roaming\Mozilla\Firefox\Profiles\jkta644v.default\Extensions\{134cef13-aa85-46ce-b169-dcb8787a2e45}.xpi [2013-11-02]
FF Extension: Skype Converter Plus - C:\Users\Musemann\AppData\Roaming\Mozilla\Firefox\Profiles\jkta644v.default\Extensions\{4e594b86-4237-43ca-a356-f4e0b25017e6}.xpi [2013-11-11]
FF Extension: Fasterfox - C:\Users\Musemann\AppData\Roaming\Mozilla\Firefox\Profiles\jkta644v.default\Extensions\{c36177c0-224a-11da-8cd6-0800200c9a91}.xpi [2013-05-21]
FF Extension: Adblock Plus - C:\Users\Musemann\AppData\Roaming\Mozilla\Firefox\Profiles\jkta644v.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-01-20]
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013-05-24]
FF HKLM-x32\...\Firefox\Extensions: [jid0-lmZNVK7a82O8cufhdfB9dUDfA2w@jetpack] - C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\ffShim.xpi
FF Extension: No Name - C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\ffShim.xpi [2013-10-15]
FF StartMenuInternet: FIREFOX.EXE - C:\Program Files\firefox.exe

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376 2013-12-19] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376 2013-12-15] (Avira Operations GmbH & Co. KG)
S2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [393032 2013-05-13] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [384840 2013-05-13] (BlueStack Systems, Inc.)
R2 CVPND; C:\Program Files\VPN Client\cvpnd.exe [1528616 2010-03-23] (Cisco Systems, Inc.)
R2 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe [280120 2010-10-01] (Hewlett-Packard Company)
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [635416 2010-03-07] (PDF Complete Inc)
R2 wltrysvc; C:\Program Files\Broadcom\Broadcom 802.11\bcmwltry.exe [5862400 2013-05-27] (Broadcom Corporation)

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-19] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-19] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-12-15] (Avira Operations GmbH & Co. KG)
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [70984 2013-05-13] (BlueStack Systems)
R3 CVPNDRVA; C:\windows\system32\Drivers\CVPNDRVA.sys [304784 2010-03-23] ()
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1803904 2010-06-23] ()
S2 tandpl; C:\Windows\SysWOW64\drivers\tandpl.sys [4736 2003-04-19] ()
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-06-21] (Anchorfree Inc.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S1 SBRE; \??\C:\windows\system32\drivers\SBREdrv.sys [x]
S3 vpnva; system32\DRIVERS\vpnva64.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-01-20 18:02 - 2014-01-20 18:14 - 57200756 _____ C:\Users\Musemann\Desktop\xxx.odt
2014-01-19 22:38 - 2014-01-20 00:03 - 00023645 _____ C:\Users\Musemann\Desktop\xxx.odt
2014-01-19 21:03 - 2014-01-19 21:07 - 25848660 _____ C:\Users\Musemann\Desktop\anki-2.0.20.exe
2014-01-16 19:35 - 2014-01-17 22:51 - 00018063 _____ C:\Users\Musemann\Desktop\xxx.odt
2014-01-16 18:17 - 2014-01-22 00:09 - 00011507 _____ C:\Users\Musemann\Desktop\xxx.odt
2014-01-16 17:52 - 2014-01-16 19:25 - 00178374 _____ C:\Users\Musemann\Desktop\xxx.odt
2014-01-16 17:18 - 2014-01-16 19:31 - 00000000 ____D C:\Users\Musemann\Desktop\Bilder für Zimmer
2014-01-15 22:40 - 2013-11-27 08:41 - 00343040 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbhub.sys
2014-01-15 22:40 - 2013-11-27 08:41 - 00325120 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbport.sys
2014-01-15 22:40 - 2013-11-27 08:41 - 00099840 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbccgp.sys
2014-01-15 22:40 - 2013-11-27 08:41 - 00053248 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbehci.sys
2014-01-15 22:40 - 2013-11-27 08:41 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbuhci.sys
2014-01-15 22:40 - 2013-11-27 08:41 - 00025600 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbohci.sys
2014-01-15 22:40 - 2013-11-27 08:41 - 00007808 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbd.sys
2014-01-15 22:40 - 2013-11-26 18:40 - 00376768 _____ (Microsoft Corporation) C:\windows\system32\Drivers\netio.sys
2014-01-15 22:40 - 2013-11-26 17:32 - 03156480 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-01-15 00:25 - 2014-01-15 00:25 - 00000000 ____D C:\Users\Musemann\AppData\Roaming\Malwarebytes
2014-01-15 00:24 - 2014-01-15 00:24 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-15 00:24 - 2014-01-15 00:24 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-15 00:24 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-01-14 17:47 - 2014-01-16 17:50 - 00018873 _____ C:\Users\Musemann\Desktop\xxx.odt
2014-01-11 23:19 - 2014-01-20 18:04 - 00013635 _____ C:\Users\Musemann\Desktop\xxx.odt
2014-01-11 16:19 - 2014-01-11 16:19 - 00000000 ____D C:\Program Files\defaults
2014-01-11 16:19 - 2014-01-11 16:19 - 00000000 ____D C:\Program Files\browser
2013-12-31 19:10 - 2014-01-19 22:41 - 00001075 _____ C:\Users\Musemann\AppData\Roaming\SAS7_000.DAT

==================== One Month Modified Files and Folders =======

2014-01-22 17:28 - 2011-09-23 23:16 - 00000000 ___RD C:\Users\Musemann\Desktop\Media und Tools
2014-01-22 17:08 - 2012-09-10 07:00 - 00000000 ____D C:\Users\Musemann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-01-22 16:52 - 2012-05-20 22:05 - 00000884 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2014-01-22 14:11 - 2011-11-17 00:31 - 00000000 ____D C:\Users\Musemann\AppData\Roaming\Dropbox
2014-01-22 14:09 - 2011-11-17 00:40 - 00000000 ___RD C:\Dropbox
2014-01-22 14:09 - 2011-11-17 00:32 - 00000000 ____D C:\Users\Musemann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-01-22 14:04 - 2010-12-09 05:40 - 00697098 _____ C:\windows\system32\perfh007.dat
2014-01-22 14:04 - 2010-12-09 05:40 - 00148362 _____ C:\windows\system32\perfc007.dat
2014-01-22 14:04 - 2009-07-14 12:13 - 01613412 _____ C:\windows\system32\PerfStringBackup.INI
2014-01-22 13:56 - 2009-07-14 11:45 - 00019760 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-22 13:56 - 2009-07-14 11:45 - 00019760 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-22 13:47 - 2012-05-14 10:16 - 00038849 _____ C:\windows\setupact.log
2014-01-22 13:47 - 2009-07-14 12:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2014-01-22 02:08 - 2011-09-05 16:29 - 00000000 ____D C:\Users\Musemann\AppData\Roaming\vlc
2014-01-22 02:08 - 2011-03-09 18:27 - 01169345 _____ C:\windows\WindowsUpdate.log
2014-01-22 01:28 - 2013-04-29 16:04 - 00003204 _____ C:\windows\System32\Tasks\HPCeeScheduleForMusemann
2014-01-22 01:28 - 2013-04-29 16:04 - 00000344 _____ C:\windows\Tasks\HPCeeScheduleForMusemann.job
2014-01-22 00:09 - 2014-01-16 18:17 - 00011507 _____ C:\Users\Musemann\Desktop\To do.odt
2014-01-20 18:14 - 2014-01-20 18:02 - 57200756 _____ C:\Users\Musemann\Desktop\xxx.odt
2014-01-20 18:04 - 2014-01-11 23:19 - 00013635 _____ C:\Users\Musemann\Desktop\xxx.odt
2014-01-20 16:03 - 2009-07-14 12:08 - 00032640 _____ C:\windows\Tasks\SCHEDLGU.TXT
2014-01-20 05:33 - 2013-02-19 15:32 - 00000000 ____D C:\Users\Musemann\AppData\Roaming\Skype
2014-01-20 00:03 - 2014-01-19 22:38 - 00023645 _____ C:\Users\Musemann\Desktop\xxx.odt
2014-01-19 22:41 - 2013-12-31 19:10 - 00001075 _____ C:\Users\Musemann\AppData\Roaming\SAS7_000.DAT
2014-01-19 21:07 - 2014-01-19 21:03 - 25848660 _____ C:\Users\Musemann\Desktop\anki-2.0.20.exe
2014-01-19 20:02 - 2011-11-01 06:52 - 00000000 _____ C:\windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-01-19 20:02 - 2011-08-28 12:13 - 00000052 _____ C:\windows\SysWOW64\DOErrors.log
2014-01-19 03:01 - 2012-11-18 14:00 - 00019414 _____ C:\Users\Musemann\Desktop\xxx.odt
2014-01-18 14:09 - 2012-07-01 23:13 - 00000000 ____D C:\Stuff
2014-01-17 22:51 - 2014-01-16 19:35 - 00018063 _____ C:\Users\Musemann\Desktop\xxx.odt
2014-01-16 19:31 - 2014-01-16 17:18 - 00000000 ____D C:\Users\Musemann\Desktop\Bilder für Zimmer
2014-01-16 19:25 - 2014-01-16 17:52 - 00178374 _____ C:\Users\Musemann\Desktop\xxx.odt
2014-01-16 17:50 - 2014-01-14 17:47 - 00018873 _____ C:\Users\Musemann\Desktop\xxx.odt
2014-01-16 17:35 - 2013-12-09 01:11 - 00000000 ____D C:\Users\Musemann\Desktop\Frankl, Fromm u. co
2014-01-16 17:33 - 2012-01-09 03:13 - 00000000 ____D C:\Users\Musemann\Desktop\Anschauen Sammelsurium
2014-01-16 17:31 - 2013-07-26 00:55 - 00016479 _____ C:\Users\Musemann\Desktop\xxx.odt
2014-01-16 17:13 - 2011-09-28 19:05 - 00000135 _____ C:\Users\Musemann\Desktop\Lesen.txt
2014-01-16 17:10 - 2011-09-18 01:13 - 00000108 _____ C:\Users\Musemann\Desktop\Neue Alben.txt
2014-01-16 11:10 - 2011-09-08 19:24 - 00000000 ____D C:\Program Files (x86)\Plugins
2014-01-16 11:04 - 2009-07-14 11:45 - 00306144 _____ C:\windows\system32\FNTCACHE.DAT
2014-01-16 01:40 - 2013-08-15 00:38 - 00000000 ____D C:\windows\system32\MRT
2014-01-16 01:37 - 2011-10-12 05:27 - 86054176 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-01-15 18:15 - 2012-05-10 10:59 - 00033906 _____ C:\Users\Musemann\Desktop\Essay zur Arbeitskultur Unbehagen.odt
2014-01-15 10:37 - 2012-06-07 22:39 - 00109944 _____ C:\windows\PFRO.log
2014-01-15 00:25 - 2014-01-15 00:25 - 00000000 ____D C:\Users\Musemann\AppData\Roaming\Malwarebytes
2014-01-15 00:24 - 2014-01-15 00:24 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-15 00:24 - 2014-01-15 00:24 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-14 17:11 - 2013-05-22 08:08 - 00000000 ____D C:\ProgramData\StarApp
2014-01-14 17:11 - 2013-05-22 06:41 - 00000000 ____D C:\ProgramData\InstallMate
2014-01-12 15:04 - 2012-05-28 00:01 - 00000000 ____D C:\Users\Musemann\Desktop\Games
2014-01-11 23:03 - 2012-04-26 00:54 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2014-01-11 16:26 - 2011-08-27 22:41 - 00024976 _____ C:\Program Files\install.log
2014-01-11 16:19 - 2014-01-11 16:19 - 00000000 ____D C:\Program Files\defaults
2014-01-11 16:19 - 2014-01-11 16:19 - 00000000 ____D C:\Program Files\browser
2014-01-11 16:19 - 2013-01-13 02:34 - 00000000 ____D C:\Program Files\webapprt
2014-01-11 16:19 - 2011-08-27 22:41 - 00000000 ____D C:\Program Files\uninstall
2014-01-09 23:11 - 2011-10-06 08:04 - 00000000 ____D C:\Users\Musemann\AppData\Local\CrashDumps
2014-01-09 22:37 - 2013-02-19 15:32 - 00000000 ___RD C:\Program Files (x86)\Skype
2014-01-09 22:37 - 2011-03-09 18:36 - 00000000 ____D C:\ProgramData\Skype
2014-01-09 00:32 - 2013-11-07 22:57 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2014-01-09 00:29 - 2012-05-27 23:21 - 00000000 ____D C:\Users\Musemann\AppData\Roaming\dvdcss

Some content of TEMP:
====================
C:\Users\Musemann\AppData\Local\Temp\avgnt.exe
C:\Users\Musemann\AppData\Local\Temp\install_flashplayer11x32_mssa_aaa_aih.exe
C:\Users\Musemann\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Musemann\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Musemann\AppData\Local\Temp\sSetup-se.exe
C:\Users\Musemann\AppData\Local\Temp\TsuD0B71F11.dll
C:\Users\Musemann\AppData\Local\Temp\vlc-2.0.8-win64.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-01-20 17:10

==================== End Of Log ============================

--- --- ---

[/CODE]

Vielen Dank für deine Hilfe!
Chillmeister

schrauber · 28.01.2014, 10:32

Zitat:

Fehlermeldung: Thunderbird könne keine Verbindung zum jeweiligen SMTP-Server aufbauen. Diese Server haben sich aber nicht geändert, geändert hat sich nur dass ich keine Verbindung zu ihnen bekomme.

Sicher? Ich selbst habe dutzende Erinnerungsmails bekommen dass die Anbieter die verschlüsselung umstellen und das man das anpassen muss.

Kostenlose Av sind alle voll mit Werbung.

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

AppInit_DLLs-x32: c:\progra~2\websea~1\sprote~1.dll => C:\Program Files (x86)\WebSearch\sprotector.dll [1044480 2013-01-24] ()
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://websearch.searchguru.info/?pid=658&r=2013/12/08&hid=2630995699&lg=EN&cc=DE&unqvl=43
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://websearch.searchguru.info/?pid=658&r=2013/12/08&hid=2630995699&lg=EN&cc=DE&unqvl=43
SearchScopes: HKLM-x32 - {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = hxxp://websearch.searchguru.info/?l=1&q={searchTerms}&pid=658&r=2013/12/08&hid=2630995699&lg=EN&cc=DE&unqvl=43
SearchScopes: HKCU - DefaultScope {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = hxxp://websearch.searchguru.info/?l=1&q={searchTerms}&pid=658&r=2013/12/08&hid=2630995699&lg=EN&cc=DE&unqvl=43
SearchScopes: HKCU - {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = hxxp://websearch.searchguru.info/?l=1&q={searchTerms}&pid=658&r=2013/12/08&hid=2630995699&lg=EN&cc=DE&unqvl=43

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

chillmeister · 24.02.2014, 11:19

Zum Mailversand:
Ich habe die Angaben zu den SMTP-Servern überprüft, da stimmt alles. Habe jetzt dem Netzwerk-Admin geschrieben. Vielleicht hat es auch damit zu tun, dass ich aus Indonesien schreibe und als Hacker eingestuft werde? Mit meinem Google-Account geht mir das nämlich regelmäßig so.

Zum Virenschutz:
Du sagst, kostenlose sind alle voll mit Werbung. Welches Programm bis 30, 40€ kannst du denn empfehlen?

Ergänzung:
Wenn ich im Firefox auf Facebook gehe, meldet NoScript, dass "akamaihd.net" ein Script ausüben will. Wenn ich es nicht aktiviere, kann ich Facebook nicht nutzen. Da habe ich also wohl noch einen ungebetenen Gast...

Hier das Fixlog:

Code:

ATTFilter

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 22-01-2014
Ran by Musemann at 2014-02-24 17:06:19 Run:1
Running from C:\Users\Musemann\Desktop\Media und Tools
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
AppInit_DLLs-x32: c:\progra~2\websea~1\sprote~1.dll => C:\Program Files (x86)\WebSearch\sprotector.dll [1044480 2013-01-24] ()
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://websearch.searchguru.info/?pid=658&r=2013/12/08&hid=2630995699&lg=EN&cc=DE&unqvl=43
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://websearch.searchguru.info/?pid=658&r=2013/12/08&hid=2630995699&lg=EN&cc=DE&unqvl=43
SearchScopes: HKLM-x32 - {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = hxxp://websearch.searchguru.info/?l=1&q={searchTerms}&pid=658&r=2013/12/08&hid=2630995699&lg=EN&cc=DE&unqvl=43
SearchScopes: HKCU - DefaultScope {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = hxxp://websearch.searchguru.info/?l=1&q={searchTerms}&pid=658&r=2013/12/08&hid=2630995699&lg=EN&cc=DE&unqvl=43
SearchScopes: HKCU - {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = hxxp://websearch.searchguru.info/?l=1&q={searchTerms}&pid=658&r=2013/12/08&hid=2630995699&lg=EN&cc=DE&unqvl=43
         
*****************

"c:\\progra~2\\websea~1\\sprote~1.dll" => Value Data removed successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE} => Key deleted successfully.
HKCR\CLSID\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE} => Key not found.

==== End of Fixlog ====

schrauber · 25.02.2014, 10:08

Zitat:

Du sagst, kostenlose sind alle voll mit Werbung. Welches Programm bis 30, 40€ kannst du denn empfehlen?

Emsisoft, 39 Tacken

Wenn Du Facebook nicht nutzen kannst ist es ein Script welches Facebook braucht, also musst du es zulassen. Damit sichert Facebook seine Statistiken. Ist leider so.

chillmeister · 07.03.2014, 10:41

Du gibts mir keine weiteren Anforderungen, d.h. wir sind fertig?

Alles klar, danke für den Emisoft-Tip. Ich probiers aus.

Bei "akamaihd.net" bin ich von Malware ausgegangen, da es unterm dem Begriff reichlich Threads hier gibt: http://www.trojaner-board.de/thema/r...maihd.net.html
Ist das wirklich von Facebook?

schrauber · 08.03.2014, 12:36

Zitat:

Akamaihd.net belongs to Akamai Technologies - Wikipedia, the free encyclopedia. In laymans terms it is a cloud company/server that facebook is using for part or maybe all of its site. as the fbstatic hints at. I see Akamaihd.net when using other sites like Twitter.

Das Teil ansich is legal, wird aber auch von Adware benutzt

.

Fertig

Die Reihenfolge ist hier entscheidend.

Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
- Windowstaste + R > Combofix /Uninstall (eingeben) > OK
- Alternative: Combofix.exe in uninstall.exe umbenennen und starten
- Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
Downloade Dir bitte auf jeden Fall DelFix auf deinen Desktop:
- Schließe alle offenen Programme.
- Starte die delfix.exe mit einem Doppelklick.
- Setze vor jede Funktion ein Häkchen.
- Klicke auf Start.
- Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
- Starte deinen Rechner abschließend neu.
Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.

Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun

Hier noch ein paar Tipps zur Absicherung deines Systems.

Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.

Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
Windows Updates
- Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
- Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
Gehe sicher das die automatischen Updates aktiviert sind.
Software Updates
Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.

Anti- Viren Software

Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.

Zusätzlicher Schutz

MalwareBytes Anti Malware
Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
Ein Tutorial zur Verwendung findest Du hier.
WinPatrol
Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.

Sicheres Browsen

SpywareBlaster
Eine kurze Einführung findest du Hier
MVPs hosts file
Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
WOT (Web of trust)
Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.

Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.

Opera
Mozilla Firefox.
- Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
- NoScript
  Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
- AdblockPlus
  Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
  Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )

Don'ts

Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe

Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.

chillmeister · 17.03.2014, 09:12

Danke für die Erklärung zum Script und die vielen Tips. Ich mache das dann mal eins nach dem anderen.

Zwei Fragen noch:
1. Sollte ich bei Emsisoft Firewall und Anti-Malware im Paket kaufen oder nur eins von beidem?
2. Wo kann ich euch/Trojaner-Board spenden als Dank für die Hilfe?

Browser wird immer langsamer, Websites melden gehäufte Anfragen

Log-Analyse und Auswertung: Browser wird immer langsamer, Websites melden gehäufte Anfragen