Windows 7: Startseiten im IE und Firefox werden auf QV06 umgeleitet

Maria22 · 06.08.2013, 13:44

Hallo :-)

Seit gestern habe ich das Problem dass meine Standard Startseiten im Internetexplorer sowie im Firefox auf Qv06 umgeleitet werden. (Habe mir ein Programm runtergeladen das Spider.exe heißt, dabei hab ich mir wohl was eingefangen.
Ich habe bereits euer Forum durchsucht und dabei diesen Beitrag gefunden http://www.trojaner-board.de/135264-...mgeleitet.html , die vorgeschlagenen Schritte habe ich bereits durchgeführt aber es hat nix gebracht:-( Hier die .txt-Dateien:

Zitat:

# AdwCleaner v2.306 - Datei am 06/08/2013 um 13:02:58 erstellt
# Aktualisiert am 19/07/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (32 bits)
# Benutzer : User - USER-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\User\Downloads\adwcleaner.exe
# Option [Löschen]

**** [Dienste] ****

***** [Dateien / Ordner] *****

Datei Desinfiziert : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
Datei Desinfiziert : C:\Users\Public\Desktop\Mozilla Firefox.lnk
Datei Desinfiziert : C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
Datei Desinfiziert : C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk
Datei Desinfiziert : C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Datei Gelöscht : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
Datei Gelöscht : C:\Program Files\Mozilla FireFox\searchplugins\qvo6.xml
Datei Gelöscht : C:\windows\system32\conduitEngine.tmp
Gelöscht mit Neustart : C:\ProgramData\eSafe
Ordner Gelöscht : C:\Program Files\Conduit
Ordner Gelöscht : C:\Program Files\Mozilla Firefox\Extensions\adapter@babylontc.com
Ordner Gelöscht : C:\Program Files\Mozilla Firefox\Extensions\ocr@babylon.com
Ordner Gelöscht : C:\Program Files\Productivity_2.1
Ordner Gelöscht : C:\ProgramData\Babylon

***** [Registrierungsdatenbank] *****

Daten Gelöscht : HKLM\...\StartMenuInternet\FIREFOX.EXE [(Default)] = C:\Program Files\Mozilla Firefox\firefox.exe hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&from=cor&uid=ST9500420AS_5VJ2ZAL9&ts=1375732143
Daten Gelöscht : HKLM\...\StartMenuInternet\IEXPLORE.EXE [(Default)] = C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&from=cor&uid=ST9500420AS_5VJ2ZAL9&ts=1375732143
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\PriceGong
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Productivity_2.1
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Toolbar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Toolbar
Schlüssel Gelöscht : HKCU\Software\Babylon
Schlüssel Gelöscht : HKCU\Software\BabylonToolbar
Schlüssel Gelöscht : HKCU\Software\InstallCore
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Translate this web page with Babylon
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Translate with Babylon
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Office\Powerpoint\Addins\babylonofficeaddin.officeaddin
Schlüssel Gelöscht : HKCU\Software\Microsoft\Office\Word\Addins\babylonofficeaddin.officeaddin
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C44F9E21-D93F-490C-B41C-B3548BDD19FC}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8B7237A3-1591-4323-A68E-711818DF8006}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C44F9E21-D93F-490C-B41C-B3548BDD19FC}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E84CC2C1-B722-48FC-A39C-EDB8B525C777}
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar
Schlüssel Gelöscht : HKLM\Software\Babylon
Schlüssel Gelöscht : HKLM\Software\BabylonToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B16632F1-24E0-4D99-A68D-70BFB6447C48}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C0CEA572-2978-4DFC-A672-8100FF0E276A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\BabylonIEPI.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\BabylonTC.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\b
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BabyDict
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BabyGloss
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Babylon.dskBnd
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Babylon.dskBnd.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BabylonIEPI.BabylonIEBho
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BabylonIEPI.BabylonIEBho.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BabylonOfficeAddin.OfficeAddin
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BabylonOfficeAddin.OfficeAddin.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BabylonTC.GingerApplication
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BabylonTC.GingerApplication.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BabyOptFile
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\bbylnApp.appCore
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\bbylnApp.appCore.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{20E1481B-E285-4ABC-ADC7-AE24842B81CD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{291BCCC1-6890-484A-89D3-318C928DAC1B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6AC0BB10-C922-45E2-857D-2A368FE749E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{8B7237A3-1591-4323-A68E-711818DF8006}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{B8276A94-891D-453C-9FF3-715C042A2575}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{C44F9E21-D93F-490C-B41C-B3548BDD19FC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{DF390AA1-1E65-4825-B8E7-BE6B47BD56B8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FFB9ADCB-8C79-4C29-81D3-74D46A93D370}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Conduit.Engine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\escort.escortIEPane
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\escort.escrtBtn.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0194532A-A99C-4337-937E-2A452C8957BE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5F339F0B-716F-408F-A627-DEEB5DEB4020}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{95734BDE-B702-45B9-86E5-27676729F904}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B7EA2226-F876-4BE4-B478-76EBAE2A668A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D0482C8E-BAEA-4943-911A-B661060F56A7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2857573
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2903600
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2903601
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{0C2E529C-A82C-4AC6-8807-0B51F7AD7BB2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{92E5039E-FF1E-4AFB-8F24-87592D20C383}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{A1489C85-4F6F-48C4-AC9E-18B63AF4703E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{F310F027-15CB-4A7F-B10D-3A4AFB5013A5}
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\Software\eSafeSecControl
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{F72841F0-4EF1-4DF5-BCE5-B3AC8ACF5478}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7341C12A-0133-469C-B355-909BFFCE9A42}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D7E8D668-0678-4A9D-8955-A8385F1818FC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\BabylonTC_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\BabylonTC_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Babylon.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C44F9E21-D93F-490C-B41C-B3548BDD19FC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8B7237A3-1591-4323-A68E-711818DF8006}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Productivity_2.1 Toolbar
Schlüssel Gelöscht : HKLM\Software\Productivity_2.1
Schlüssel Gelöscht : HKLM\Software\qvo6Software
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{C44F9E21-D93F-490C-B41C-B3548BDD19FC}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E84CC2C1-B722-48FC-A39C-EDB8B525C777}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{E84CC2C1-B722-48FC-A39C-EDB8B525C777}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49DD-99D7-DC866BE87DBC}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{C44F9E21-D93F-490C-B41C-B3548BDD19FC}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{C44F9E21-D93F-490C-B41C-B3548BDD19FC}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Babylon Client]

***** [Internet Browser] *****

-\\ Internet Explorer v10.0.9200.16635

Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&from=cor&uid=ST9500420AS_5VJ2ZAL9&ts=1375732143 --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Default_Page_URL] = hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&from=cor&uid=ST9500420AS_5VJ2ZAL9&ts=1375732143 --> hxxp://www.google.com
Ersetzt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Default_Page_URL] = hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&from=cor&uid=ST9500420AS_5VJ2ZAL9&ts=1375732143 --> hxxp://www.google.com
Ersetzt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&from=cor&uid=ST9500420AS_5VJ2ZAL9&ts=1375732143 --> hxxp://www.google.com

-\\ Mozilla Firefox v17.0.1 (en-US)

-\\ Google Chrome v [Version kann nicht ermittelt werden]

*************************

AdwCleaner[S1].txt - [15231 octets] - [06/08/2013 13:02:58]

########## EOF - C:\AdwCleaner[S1].txt - [15292 octets] ##########

Zitat:

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 10.0.9200.16635
Run by User at 13:11:21 on 2013-08-06
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.3036.1939 [GMT 2:00]
.
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\Program Files\Fingerprint Sensor\AtService.exe
C:\windows\system32\atiesrxx.exe
C:\windows\system32\Hpservice.exe
C:\windows\system32\atieclxx.exe
C:\ProgramData\eSafe\eGdpSvc.exe
C:\windows\system32\taskeng.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\system32\taskeng.exe
C:\windows\Explorer.EXE
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
C:\Program Files\ActivIdentity\ActivClient\acevents.exe
C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Hewlett-Packard\IAM\Bin\AsGHost.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\windows\System32\spoolsv.exe
C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe
C:\Program Files\ActivIdentity\ActivClient\acevents.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\windows\system32\AEADISRV.EXE
C:\Program Files\LSI SoftModem\agrsmsvc.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
C:\Program Files\PDF Complete\pdfsvc.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\windows\system32\SearchIndexer.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\servicing\TrustedInstaller.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\windows\system32\taskhost.exe
C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe
C:\windows\system32\SearchProtocolHost.exe
C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\windows\system32\sppsvc.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\wuauclt.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\conhost.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\System32\svchost.exe -k Cognizance
C:\windows\System32\svchost.exe -k Bioscrypt
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k GPSvcGroup
C:\windows\System32\svchost.exe -k yksvcs
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\System32\svchost.exe -k HPZ12
C:\windows\System32\svchost.exe -k HPZ12
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\System32\svchost.exe -k LocalServicePeerNet
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://www.google.com
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://www.google.com
mDefault_Page_URL = hxxp://www.google.com
uProxyOverride = local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: {b80f591e-fe9a-46cf-a13e-180377240586} - <orphaned>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: DivX HiQ: {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: Citavi Picker: {609D670F-B735-4da7-AC6D-F3BD358E325E} -
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - <orphaned>
BHO: Windows Live Anmelde-Hilfsprogramm: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} -
BHO: Credential Manager for HP ProtectTools: {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - c:\program files\hewlett-packard\iam\bin\ItIEAddIn.dll
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - c:\program files\hewlett-packard\hp support framework\resources\hpnetworkcheck\HPNetworkCheckPlugin.dll
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun
uRun: [SUPERAntiSpyware] g:\neuer ordner\SUPERAntiSpyware.exe
uRun: [Google Update] "c:\users\user\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [GoogleChromeAutoLaunch_BCEA24321E5E4F1401136BBEDFB545FE] "c:\users\user\appdata\local\google\chrome\application\chrome.exe" --no-startup-window
mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [PDF Complete] c:\program files\pdf complete\pdfsty.exe
mRun: [WirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [MVS Splash] c:\program files\mcafee\managed virusscan\agent\Splash.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [SoundMAX] c:\program files\analog devices\soundmax\soundmax.exe /tray
mRun: [acevents] "c:\program files\actividentity\activclient\acevents.exe"
mRun: [accrdsub] "c:\program files\actividentity\activclient\accrdsub.exe"
mRun: [PTHOSTTR] c:\program files\hewlett-packard\hp protecttools security manager\PTHOSTTR.EXE /Start
mRun: [CognizanceTS] rundll32.exe c:\progra~1\hewlet~1\iam\bin\ASTSVCC.dll,RegisterModule
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
StartupFolder: c:\users\user\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: &Citavi Picker... - c:\programdata\swiss academic software\citavi picker\internet explorer\ShowContextMenu.html
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Free YouTube to Mp3 Converter - c:\users\user\appdata\roaming\dvdvideosoftiehelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\mif5ba~1\office12\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - c:\program files\hewlett-packard\hp support framework\resources\hpnetworkcheck\NCLauncherFromIE.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {619D670F-B735-4da7-AC6D-F3BD358E325E} - {609D670F-B735-4da7-AC6D-F3BD358E325E} -
IE: {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - c:\program files\icq7.4\ICQ.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
Trusted Zone: //about.htm/
Trusted Zone: //Exclude.htm/
Trusted Zone: //LanguageSelection.htm/
Trusted Zone: //Message.htm/
Trusted Zone: //MyAgttryCmd.htm/
Trusted Zone: //MyAgttryNag.htm/
Trusted Zone: //MyNotification.htm/
Trusted Zone: //NOCLessUpdate.htm/
Trusted Zone: //quarantine.htm/
Trusted Zone: //ScanNow.htm/
Trusted Zone: //strings.vbs/
Trusted Zone: //Template.htm/
Trusted Zone: //Update.htm/
Trusted Zone: //VirFound.htm/
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 192.168.178.1
TCP: Interfaces\{F08EAF44-CF44-4D90-AFCF-54C702EBF372} : DHCPNameServer = 192.168.178.1
TCP: Interfaces\{F08EAF44-CF44-4D90-AFCF-54C702EBF372}\34166656348616F637 : DHCPNameServer = 192.168.178.1
TCP: Interfaces\{F08EAF44-CF44-4D90-AFCF-54C702EBF372}\563616D6075737 : DHCPNameServer = 172.17.2.9
TCP: Interfaces\{F08EAF44-CF44-4D90-AFCF-54C702EBF372}\64259445A51224F687026333630302341626C656 : DHCPNameServer = 192.168.178.1
TCP: Interfaces\{F08EAF44-CF44-4D90-AFCF-54C702EBF372}\75C414E4D26775 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{F08EAF44-CF44-4D90-AFCF-54C702EBF372}\F6234435C4 : DHCPNameServer = 192.168.1.1 193.189.244.194 193.189.244.202
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: myrm - {4D034FC3-013F-4b95-B544-44D49ABE3E76} -
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: !SASWinLogon - g:\neuer ordner\SASWINLO.DLL
AppInit_DLLs= c:\progra~1\hewlet~1\iam\bin\APSHook.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} -
LSA: Notification Packages = scecli ASWLNPkg
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\user\appdata\roaming\mozilla\firefox\profiles\r9xl3eaq.default\
FF - prefs.js: browser.search.selectedEngine - qvo6
FF - prefs.js: browser.startup.homepage - hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&from=cor&uid=ST9500420AS_5VJ2ZAL9&ts=1375732143
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?babsrc=toolbar2&q=
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.3.21.153\npGoogleUpdate3.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20513.0\npctrlui.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\veetle\player\npvlc.dll
FF - plugin: c:\program files\veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\user\appdata\local\google\update\1.3.21.153\npGoogleUpdate3.dll
FF - plugin: c:\users\user\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_7_700_224.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
FF - plugin: c:\windows\system32\tvuax\npTVUAx.dll
.
============= SERVICES / DRIVERS ===============
.
R0 SbAlg;SbAlg;c:\windows\system32\drivers\SbAlg.sys [2009-7-29 51408]
R0 SbFsLock;SbFsLock;c:\windows\system32\drivers\SbFsLock.sys [2009-7-29 12960]
R1 appdrv01;Application Driver (01);c:\windows\system32\drivers\appdrv01.sys [2012-5-9 3332784]
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2013-3-3 37352]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2011-6-6 218688]
R1 RsvLock;RsvLock;c:\windows\system32\drivers\rsvlock.sys [2009-7-29 12528]
R2 ac.sharedstore;ActivIdentity Shared Store Service;c:\program files\common files\actividentity\ac.sharedstore.exe [2009-6-3 207400]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-8-4 176128]
R2 AntiVirSchedulerService;Avira Planer;c:\program files\avira\antivir desktop\sched.exe [2013-3-3 84024]
R2 AntiVirService;Avira Echtzeit-Scanner;c:\program files\avira\antivir desktop\avguard.exe [2013-3-3 108088]
R2 ASBroker;Logon Session Broker;c:\windows\system32\svchost.exe -k Cognizance [2009-7-14 20992]
R2 ASChannel;Lokaler Verbindungskanal;c:\windows\system32\svchost.exe -k Bioscrypt [2009-7-14 20992]
R2 ATService;AuthenTec Fingerprint Service;c:\program files\fingerprint sensor\AtService.exe [2009-7-29 1201400]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2013-3-3 84744]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files\hewlett-packard\hp support framework\HPSA_Service.exe [2012-9-27 86528]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files\hewlett-packard\shared\HPDrvMntSvc.exe [2012-8-10 197536]
R2 HpFkCryptService;Drive Encryption Service;c:\program files\hewlett-packard\drive encryption\HpFkCrypt.exe [2009-7-29 256544]
R2 hpsrv;HP Service;c:\windows\system32\hpservice.exe [2009-7-8 26168]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-5-22 655944]
R2 pdfcDispatcher;PDF Document Manager;c:\program files\pdf complete\pdfsvc.exe [2009-9-20 635416]
R2 WsysSvc;Wsys Service;c:\programdata\esafe\eGdpSvc.exe [2013-8-5 891456]
R2 yksvc;Marvell Yukon Service;c:\windows\system32\svchost.exe -k yksvcs [2009-7-14 20992]
R3 5U876UVC;HP Webcam [2 MP series];c:\windows\system32\drivers\5U876.sys [2010-1-22 118656]
R3 avmaudio;AVM Audio;c:\windows\system32\drivers\avmaudio.sys [2011-10-17 101248]
R3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2009-9-20 228408]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-4-4 22344]
R3 NETw5s32;Intel(R) Wireless WiFi Link Adaptertreiber für Windows 7 32-Bit;c:\windows\system32\drivers\NETw5s32.sys [2010-1-13 6755840]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2009-7-20 313856]
S2 !SASCORE;SAS Core Service;"g:\neuer ordner\sascore.exe" --> g:\neuer ordner\SASCORE.EXE [?]
S2 appdrvrem01;Application Driver Auto Removal Service (01);c:\windows\system32\appdrvrem01.exe svc --> c:\windows\system32\appdrvrem01.exe svc [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2012-7-9 104912]
S2 EngineServer;EngineServer;c:\progra~1\mcafee\manage~1\vscan\engine~1.exe --> c:\progra~1\mcafee\manage~1\vscan\ENGINE~1.EXE [?]
S2 myAgtSvc;McAfee Virus and Spyware Protection Service;"c:\program files\mcafee\managed virusscan\agent\myagtsvc.exe" /servicestart --> c:\program files\mcafee\managed virusscan\agent\myAgtSvc.Exe [?]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-6-21 162408]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2010-1-22 29472]
S3 HP ProtectTools Service;HP ProtectTools Service;"c:\program files\hewlett-packard\hp protecttools security manager\ptchangefilterservice.exe" --> c:\program files\hewlett-packard\hp protecttools security manager\PTChangeFilterService.exe [?]
S3 NETw1v32;Intel(R) Wireless WiFi Link 1000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw1v32.sys [2009-7-21 5958656]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]
S3 RoxMediaDB10;RoxMediaDB10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxMediaDB10.exe [2009-6-13 1120752]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-7-4 52224]
S3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\wat\WatAdminSvc.exe [2010-6-30 1343400]
.
=============== File Associations ===============
.
FileExt: .txt: opendocument.WriterDocument.1 - HKCR\*\Shell="c:\program files\k-lite codec pack\tools\MediaInfo.exe" "%1" [UserChoice] [default=MediaInfo - 'Open' doesn't exist]
.
=============== Created Last 30 ================
.
2013-08-06 06:08:36 -------- d-----w- c:\windows\system32\MRT
2013-08-06 06:08:30 -------- d-----w- C:\6e3ffb7815cbe27a668914aacbca93
2013-08-05 19:49:13 -------- d-----w- c:\programdata\eSafe
2013-08-05 19:48:31 -------- d-----w- c:\users\user\appdata\roaming\eIntaller
2013-07-11 13:14:16 1247744 ----a-w- c:\windows\system32\DWrite.dll
2013-07-11 13:14:15 1620480 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-07-11 13:14:14 509440 ----a-w- c:\windows\system32\qedit.dll
2013-07-11 13:14:14 2347520 ----a-w- c:\windows\system32\win32k.sys
2013-07-11 13:14:09 988672 ----a-w- c:\program files\windows journal\JNTFiltr.dll
2013-07-11 13:14:09 936448 ----a-w- c:\program files\common files\microsoft shared\ink\journal.dll
2013-07-11 13:14:08 969216 ----a-w- c:\program files\windows journal\JNWDRV.dll
2013-07-11 13:14:08 1221632 ----a-w- c:\program files\windows journal\NBDoc.DLL
2013-07-11 13:14:07 680960 ----a-w- c:\program files\windows defender\MpSvc.dll
2013-07-11 13:14:07 392704 ----a-w- c:\program files\windows defender\MpClient.dll
2013-07-11 13:14:07 224768 ----a-w- c:\program files\windows defender\MpCommu.dll
.
==================== Find3M ====================
.
2013-06-27 14:30:09 67168 ----a-w- c:\windows\system32\drivers\avnetflt.sys
2013-06-12 09:28:10 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-06-12 09:28:10 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-06-11 23:43:37 1767936 ----a-w- c:\windows\system32\wininet.dll
2013-06-11 23:43:00 2877440 ----a-w- c:\windows\system32\jscript9.dll
2013-06-11 23:42:58 61440 ----a-w- c:\windows\system32\iesetup.dll
2013-06-11 23:42:58 109056 ----a-w- c:\windows\system32\iesysprep.dll
2013-06-11 22:51:45 71680 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2013-06-07 02:37:52 2706432 ----a-w- c:\windows\system32\mshtml.tlb
2013-05-13 04:45:55 140288 ----a-w- c:\windows\system32\cryptsvc.dll
2013-05-13 04:45:55 1160192 ----a-w- c:\windows\system32\crypt32.dll
2013-05-13 04:45:55 103936 ----a-w- c:\windows\system32\cryptnet.dll
2013-05-13 03:08:10 903168 ----a-w- c:\windows\system32\certutil.exe
2013-05-13 03:08:06 43008 ----a-w- c:\windows\system32\certenc.dll
2013-05-10 03:20:54 24576 ----a-w- c:\windows\system32\cryptdlg.dll
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, hxxp://www.gmer.net
Windows 6.1.7601 Disk: ST950042 rev.0006 -> Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: >>UNKNOWN [0x8300F000]<< >>UNKNOWN [0x8C031000]<< >>UNKNOWN [0x8CE89000]<< >>UNKNOWN [0x8CE4E000]<< >>UNKNOWN [0x83422000]<< >>UNKNOWN [0x8BEBF000]<< >>UNKNOWN [0x8C20A000]<< >>UNKNOWN [0x95B95000]<< >>UNKNOWN [0x8CFED000]<< >>UNKNOWN [0x96B3F000]<< >>UNKNOWN [0x9662A000]<<
_asm { DEC EBP; POP EDX; NOP ; ADD [EBX], AL; ADD [EAX], AL; ADD [EAX+EAX], AL; ADD [EAX], AL; }
1 ntkrnlpa!IofCallDriver[0x83045BBA] -> \Device\Harddisk0\DR0[0x87B49958]
\Driver\Disk[0x87B48BB8] -> IRP_MJ_CREATE -> 0x8C03539F
3 [0x8C03559E] -> ntkrnlpa!IofCallDriver[0x83045BBA] -> [0x87B49020]
\Driver\hpdskflt[0x87AF4AC0] -> IRP_MJ_CREATE -> 0x8CE4FFB0
5 [0x8CE50090] -> ntkrnlpa!IofCallDriver[0x83045BBA] -> [0x870F2958]
\Driver\ACPI[0x863D48D0] -> IRP_MJ_CREATE -> 0x8BEC84CC
7 [0x8BEC83D4] -> ntkrnlpa!IofCallDriver[0x83045BBA] -> \Device\Ide\IAAStorageDevice-1[0x87087028]
\Driver\iaStor[0x870D3948] -> IRP_MJ_CREATE -> 0x8C24E954
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; MOV CX, 0x4; MOV BP, 0x7be; CMP BYTE [BP+0x0], 0x0; }
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !
.
============= FINISH: 13:13:07,21 ===============

Zitat:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 22.01.2010 16:33:18
System Uptime: 06.08.2013 13:04:22 (0 hours ago)
.
Motherboard: Hewlett-Packard | | 3074
Processor: Intel(R) Core(TM)2 Duo CPU T6570 @ 2.10GHz | Intel(R) Genuine processor | 2101/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 448 GiB total, 205,84 GiB free.
D: is CDROM ()
E: is FIXED (FAT32) - 2 GiB total, 1,915 GiB free.
F: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: SASKUTIL
Device ID: ROOT\LEGACY_SASKUTIL\0000
Manufacturer:
Name: SASKUTIL
PNP Device ID: ROOT\LEGACY_SASKUTIL\0000
Service: SASKUTIL
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: SASDIFSV
Device ID: ROOT\LEGACY_SASDIFSV\0000
Manufacturer:
Name: SASDIFSV
PNP Device ID: ROOT\LEGACY_SASDIFSV\0000
Service: SASDIFSV
.
==== System Restore Points ===================
.
RP300: 11.07.2013 14:30:58 - Geplanter Prüfpunkt
RP301: 12.07.2013 09:51:33 - Windows Update
RP302: 22.07.2013 19:55:37 - Geplanter Prüfpunkt
RP303: 01.08.2013 07:43:22 - Geplanter Prüfpunkt
RP304: 01.08.2013 09:04:30 - Wiederherstellungsvorgang
RP305: 06.08.2013 08:07:29 - Windows Update
RP306: 06.08.2013 12:48:23 - Windows Update
RP307: 06.08.2013 12:53:08 - Removed Java(TM) 6 Update 35
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
32 Bit HP CIO Components Installer
4500_Help
7-Zip 4.65
ActivClient x86
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader XI (11.0.02)
Anno 1701
ANSTOSS 3
ATI Catalyst Install Manager
µTorrent
AuthenTec Fingerprint System
Avira Free Antivirus
AVM FRITZ!Box USB-Fernanschluss
bpd_scan
BPDSoftware
BPDSoftware_Ini
BufferChm
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CDBurnerXP
Citavi 4
Compatibility Pack für 2007 Office System
Credential Manager for HP ProtectTools
DAEMON Tools Lite
DirectX 9 Runtime
DivX-Setup
DownVision
Drive Encryption for HP ProtectTools
EA Download Manager
ElsterFormular
Empire Earth II
FIFA 10
FIFA 11
Free YouTube to MP3 Converter version 3.12.1.320
GIMP 2.8.4
Google Chrome
Google Earth Plug-in
Google Update Helper
GPL MPEG-1/2 DirectShow Decoder Filter
Hewlett-Packard ACLM.NET v1.2.1.1
HP 3D DriveGuard
HP Advisor
HP Common Access Service Library
HP Customer Experience Enhancements
HP ESU for Microsoft Windows 7
HP Integrated Module with Bluetooth wireless technology
HP JavaCard for HP ProtectTools
HP Officejet J4500 Series
HP ProtectTools Security Manager
HP ProtectTools Security Manager Suite
HP Quick Launch Buttons
HP QuickLook
HP Setup
HP Software Setup
HP Support Assistant
HP User Guides 0136
HP Wallpaper
HP Web Camera
HP Webcam
HP Wireless Assistant
ICQ7.4
Integrated Camera Driver Installer Package Ver.1.30.110.0
Intel® Matrix Storage Manager
J4500
K-Lite Codec Pack 6.8.0 (Full)
LightScribe System Software
LSI HDA Modem
Malwarebytes Anti-Malware Version 1.62.0.1300
Marvell Miniport Driver
Microsoft .NET Framework 4 Client Profile DEU Language Pack
Microsoft .NET Framework 4.5
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (German) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (German) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (German) 2007
Microsoft Office InfoPath MUI (German) 2007
Microsoft Office Live Add-in 1.5
Microsoft Office OneNote MUI (German) 2007
Microsoft Office Outlook MUI (German) 2007
Microsoft Office PowerPoint MUI (German) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (German) 2007
Microsoft Office Proof (Italian) 2007
Microsoft Office Proofing (German) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (German) 2007
Microsoft Office Shared MUI (German) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (German) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Mozilla Firefox 17.0.1 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
No23 Recorder
OpenAL
PCM Fast Editor
PDF Complete Special Edition
Picasa 3
Politik Tycoon 1.01
ProductContext
QLBCASL
Rainlendar2 (remove only)
Roxio Activation Module
Roxio Creator Audio
Roxio Creator Business
Roxio Creator Business v10
Roxio Creator Copy
Roxio Creator Data
Roxio Creator Tools
Roxio Express Labeler 3
Roxio MyDVD
Scan
SCR3xxx Smart Card Reader
Security Update for Microsoft .NET Framework 4 Client Profile DEU Language Pack (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile DEU Language Pack (KB2518870)
Security Update for Microsoft .NET Framework 4.5 (KB2737083)
Security Update for Microsoft .NET Framework 4.5 (KB2742613)
Security Update for Microsoft .NET Framework 4.5 (KB2789648)
Security Update for Microsoft .NET Framework 4.5 (KB2804582)
Security Update for Microsoft .NET Framework 4.5 (KB2833957)
Security Update for Microsoft .NET Framework 4.5 (KB2840642)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687309) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2597971) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition
Skype™ 6.6
Sonic CinePlayer Decoder Pack
SopCast 3.2.9
SoundMAX
Synaptics Pointing Device Driver
Toolbox
Tour de France 2011 - Der offizielle Radsport-Manager Version 1
Uninstall 1.0.0.1
Unity Web Player
Update für Microsoft Office Excel 2007 Help (KB963678)
Update für Microsoft Office Outlook 2007 Help (KB963677)
Update für Microsoft Office Powerpoint 2007 Help (KB963669)
Update für Microsoft Office Word 2007 Help (KB963665)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4.5 (KB2750147)
Update for Microsoft .NET Framework 4.5 (KB2805221)
Update for Microsoft .NET Framework 4.5 (KB2805226)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2817563) 32-Bit Edition
VC80CRTRedist - 8.0.50727.4053
Veetle TV 0.9.18
VLC media player 1.1.4
WebReg
Windows 7 Default Setting
Windows Live-Uploadtool
Windows Live Anmelde-Assistent
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Fotogalerie
Windows Live Messenger
Windows Live Movie Maker
Windows Live Sync
Windows Media Player Firefox Plugin
WinZip 12.0
Wsys Control 1.0.0.2598
.
==== End Of File ===========================

Das hat wie gesagt nichts gebracht... Weiteres Vorgehen siehe nächster Beitrag:

Maria22 · 06.08.2013, 13:44

Habe dann noch die "Standartprozedur" durchgeführt, anbei die Logfiles:

Zitat:

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 13:19 on 06/08/2013 (User)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
HKCU

AEMON Tools Lite -> Removed

Checking for services/drivers...
Unable to read SafeBoot.sys

-=E.O.F=-

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 05-08-2013
Ran by User (administrator) on 06-08-2013 13:27:42
Running from C:\Users\User\Desktop
Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(AuthenTec, Inc.) C:\Program Files\Fingerprint Sensor\AtService.exe
(AMD) C:\windows\system32\atiesrxx.exe
(Hewlett-Packard) C:\windows\system32\Hpservice.exe
(AMD) C:\windows\system32\atieclxx.exe
(Wsys Co., Ltd.) C:\ProgramData\eSafe\eGdpSvc.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
() C:\Program Files\DivX\DivX Update\DivXUpdate.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\acevents.exe
(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(DT Soft Ltd) C:\Program Files\DAEMON Tools Lite\DTLite.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
(Bioscrypt Inc.) C:\Program Files\Hewlett-Packard\IAM\Bin\AsGHost.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(ActivIdentity) C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe
(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\acevents.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Andrea Electronics Corporation) C:\windows\system32\AEADISRV.EXE
(LSI Corporation) C:\Program Files\LSI SoftModem\agrsmsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(McAfee, Inc.) C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
(PDF Complete Inc) C:\Program Files\PDF Complete\pdfsvc.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
() C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\windows\system32\wuauclt.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
() C:\Users\User\Desktop\Defogger.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
(Adobe Systems, Inc.) C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [QlbCtrl.exe] - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [288312 2009-07-28] ( Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [IAAnotif] - C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-08-25] (Intel Corporation)
HKLM\...\Run: [PDF Complete] - C:\Program Files\PDF Complete\pdfsty.exe [563736 2009-06-18] (PDF Complete Inc)
HKLM\...\Run: [WirelessAssistant] - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [498744 2009-07-23] (Hewlett-Packard)
HKLM\...\Run: [MVS Splash] - C:\Program Files\McAfee\Managed VirusScan\Agent\Splash.exe [x]
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1721640 2010-08-17] (Synaptics Incorporated)
HKLM\...\Run: [StartCCC] - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-08-04] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [GrooveMonitor] - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [DivXUpdate] - C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1230704 2011-01-11] ()
HKLM\...\Run: [SoundMAXPnP] - C:\Program Files\Analog Devices\Core\smax4pnp.exe [1314816 2009-05-18] (Analog Devices, Inc.)
HKLM\...\Run: [SoundMAX] - C:\Program Files\Analog Devices\SoundMAX\soundmax.exe [3866624 2009-05-18] (Analog Devices, Inc.)
HKLM\...\Run: [acevents] - C:\Program Files\ActivIdentity\ActivClient\acevents.exe [153640 2009-06-03] (ActivIdentity)
HKLM\...\Run: [] -  [x]
HKLM\...\Run: [accrdsub] - C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe [400936 2009-06-03] (ActivIdentity)
HKLM\...\Run: [PTHOSTTR] - C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start [x]
HKLM\...\Run: [CognizanceTS] - C:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll [24848 2009-07-23] (Bioscrypt Inc.)
HKLM\...\Run: [Malwarebytes' Anti-Malware] - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [462920 2012-07-03] (Malwarebytes Corporation)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [946352 2012-12-18] (Adobe Systems Incorporated)
HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [345144 2013-06-27] (Avira Operations GmbH & Co. KG)
HKLM\...\runonceex: [ContentMerger] - c:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\ContentMerger10.exe [19952 2009-06-13] (Sonic Solutions)
Winlogon\Notify\!SASWinLogon: G:\Neuer Ordner\SASWINLO.DLL [X]
HKCU\...\Run: [SUPERAntiSpyware] - G:\Neuer Ordner\SUPERAntiSpyware.exe [x]
HKCU\...\Run: [Google Update] - C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-08-15] (Google Inc.)
HKCU\...\Run: [GoogleChromeAutoLaunch_BCEA24321E5E4F1401136BBEDFB545FE] - C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe [825808 2013-05-29] (Google Inc.)
HKCU\...\Policies\system: [DisableCMD] 0
MountPoints2: {3464dca5-900b-11e0-8fb6-18a905e37ce7} - D:\Autorun.exe
MountPoints2: {e1b32d32-07b4-11df-ac17-806e6f6e6963} - F:\Launcher.exe
HKU\Default\...\Run: [HPADVISOR] - C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe [ 2009-07-16] (Hewlett-Packard)
HKU\Default User\...\Run: [HPADVISOR] - C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe [ 2009-07-16] (Hewlett-Packard)
Lsa: [Notification Packages] scecli ASWLNPkg
Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
URLSearchHook: (No Name) - {b80f591e-fe9a-46cf-a13e-180377240586} -  No File
SearchScopes: HKLM - DefaultScope value is missing.
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
BHO: DivX HiQ - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO: Citavi Picker - {609D670F-B735-4da7-AC6D-F3BD358E325E} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: No Name - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -  No File
BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
BHO: Credential Manager for HP ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll (Bioscrypt Inc.)
BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKCU -No Name - {B80F591E-FE9A-46CF-A13E-180377240586} -  No File
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler: myrm - {4D034FC3-013F-4b95-B544-44D49ABE3E76} - C:\Program Files\McAfee\Managed VirusScan\Agent\myRmProt4.9.2.329.dll No File
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - G:\Neuer Ordner\SASSEH.DLL No File [ ]
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\r9xl3eaq.default
FF NewTab: hxxp://search.babylon.com/?affID=119292&babsrc=NT_ss&mntrId=2690001E648DB6DD
FF SelectedSearchEngine: qvo6
FF Homepage: hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&from=cor&uid=ST9500420AS_5VJ2ZAL9&ts=1375732143
FF Keyword.URL: hxxp://search.babylon.com/?babsrc=toolbar2&q=
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @google.com/npPicasa3,version=3.0.0 - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=1.6.0_35 - C:\windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @pages.tvunetworks.com/WebPlayer - C:\windows\system32\TVUAx\npTVUAx.dll (TVU networks)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @veetle.com/veetleCorePlugin,version=0.9.18 - C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF Plugin: @veetle.com/veetlePlayerPlugin,version=0.9.18 - C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\User\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\User\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\User\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Extension: Babylon - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\r9xl3eaq.default\Extensions\ffxtlbr@babylon.com
FF Extension: ProxTube - Gesperrte YouTube Videos entsperren - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\r9xl3eaq.default\Extensions\ich@maltegoetz.de
FF Extension: No Name - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\r9xl3eaq.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
FF Extension: pencil - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\r9xl3eaq.default\Extensions\pencil@evolus.vn.xpi
FF Extension: Default - C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video
FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video
FF HKLM\...\Firefox\Extensions: [{6904342A-8307-11DF-A508-4AE2DFD72085}] C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa
FF Extension: DivX HiQ - C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa

Chrome: 
=======
CHR HomePage: hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&from=cor&uid=ST9500420AS_5VJ2ZAL9&ts=1375732143
CHR RestoreOnStartup: "hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&from=cor&uid=ST9500420AS_5VJ2ZAL9&ts=1375732143"
CHR DefaultSearchURL: (qvo6) - hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=cor&from=cor&uid=ST9500420AS_5VJ2ZAL9&ts=1375732143&type=default&q={searchTerms}
CHR DefaultSuggestURL: (qvo6) -       "suggest_url": "",
CHR Plugin: (Shockwave Flash) - C:\Users\User\AppData\Local\Google\Chrome\Application\21.0.1180.79\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Shockwave Flash) - C:\Users\User\AppData\Local\Google\Chrome\Application\27.0.1453.110\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll No File
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\User\AppData\Local\Google\Chrome\Application\27.0.1453.110\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\User\AppData\Local\Google\Chrome\Application\27.0.1453.110\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.290.11) - C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U29) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
CHR Plugin: (DivX Web Player) - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Picasa) - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll No File
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (Veetle TV Player) - C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
CHR Plugin: (Veetle TV Core) - C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
CHR Plugin: (Windows Live\u00AE Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (TVU Web Player for FireFox) - C:\windows\system32\TVUAx\npTVUAx.dll (TVU networks)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Extension: (ProxTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aakchaleigkohafkfjfjbblobjifikek\1.2.3_0
CHR Extension: (DivX HiQ) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae\2.1.1.94_0
CHR Extension: (AdBlock) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.4_0
CHR Extension: (DVDVideoSoft Browser Extension) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.0_0
CHR Extension: (DivX Plus Web Player HTML5 \u003Cvideo\u003E) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.1.94_0
CHR Extension: (Citavi Picker) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\piehhloihgjjiomhieeddiidpekaajio\2013.4.29_0
CHR HKLM\...\Chrome\Extension: [aakchaleigkohafkfjfjbblobjifikek] - C:\Users\User\AppData\LocalLow\proxtube\CHROME\proxtube.crx
CHR HKLM\...\Chrome\Extension: [fnjbmmemklcjgepojigaapkoodmkgbae] - C:\Program Files\DivX\DivX Plus Web Player\google_chrome\wpa\wpa.crx
CHR HKLM\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files\DivX\DivX Plus Web Player\google_chrome\html5video\html5video.crx
CHR HKLM\...\Chrome\Extension: [piehhloihgjjiomhieeddiidpekaajio] - C:\ProgramData\Swiss Academic Software\Citavi Picker\Chrome\ChromePicker.crx

========================== Services (Whitelisted) =================

R2 ac.sharedstore; C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe [207400 2009-06-03] (ActivIdentity)
R2 AgereModemAudio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [26112 2009-12-03] (LSI Corporation)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [84024 2013-06-27] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [108088 2013-06-27] (Avira Operations GmbH & Co. KG)
S2 appdrvrem01; C:\Windows\System32\appdrvrem01.exe [316888 2012-05-09] (Protection Technology)
R2 ASBroker; C:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll [192784 2009-07-23] (Bioscrypt Inc.)
R2 ASChannel; C:\Program Files\Hewlett-Packard\IAM\Bin\AsChnl.dll [150288 2009-07-23] (Bioscrypt Inc.)
R2 ATService; C:\Program Files\Fingerprint Sensor\AtService.exe [1201400 2009-07-29] (AuthenTec, Inc.)
R2 HpFkCryptService; C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [256544 2009-07-29] (McAfee, Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [655944 2012-07-03] (Malwarebytes Corporation)
R2 pdfcDispatcher; C:\Program Files\PDF Complete\pdfsvc.exe [635416 2009-06-18] (PDF Complete Inc)
R2 WsysSvc; C:\ProgramData\eSafe\eGdpSvc.exe [891456 2013-08-05] (Wsys Co., Ltd.)
R2 yksvc; C:\Windows\System32\yk62x86.dll [282624 2009-07-20] (Marvell)
S2 !SASCORE; "G:\Neuer Ordner\SASCORE.EXE" [x]
S2 EngineServer; C:\PROGRA~1\McAfee\MANAGE~1\VScan\ENGINE~1.EXE [x]
S3 HP ProtectTools Service; "C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe" [x]
S2 myAgtSvc; "C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.Exe" /ServiceStart [x]

==================== Drivers (Whitelisted) ====================

R3 5U876UVC; C:\Windows\System32\DRIVERS\5U876.sys [118656 2009-06-30] (Ricoh co.,Ltd.)
R1 appdrv01; C:\Windows\System32\Drivers\appdrv01.sys [3332784 2012-05-09] (Protection Technology)
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [281760 2011-01-16] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [84744 2013-04-01] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135136 2013-04-01] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-04-01] (Avira Operations GmbH & Co. KG)
R3 avmaudio; C:\Windows\System32\DRIVERS\avmaudio.sys [101248 2011-10-17] (AVM Berlin)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [218688 2011-06-06] (DT Soft Ltd)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [25888 2011-01-16] ()
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [22344 2012-07-03] (Malwarebytes Corporation)
R1 mfetdik; C:\Windows\System32\drivers\mfetdik.sys [55336 2009-05-16] (McAfee, Inc.)
S3 NETw1v32; C:\Windows\System32\DRIVERS\NETw1v32.sys [5958656 2009-07-21] (Intel Corporation)
R1 RsvLock; C:\Windows\System32\Drivers\RsvLock.sys [12528 2009-07-29] (SafeBoot International)
R0 SafeBoot; C:\Windows\System32\Drivers\SafeBoot.sys [109216 2009-07-29] ()
R0 SbAlg; C:\Windows\System32\Drivers\SbAlg.sys [51408 2009-07-29] (SafeBoot N.V.)
R0 SbFsLock; C:\Windows\System32\Drivers\SbFsLock.sys [12960 2009-07-29] (SafeBoot International)
S0 sfvfs02; C:\Windows\System32\drivers\sfvfs02.sys [66560 2005-05-16] (Protection Technology)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-03-03] (Avira GmbH)
S1 SASDIFSV; \??\G:\Neuer Ordner\SASDIFSV.SYS [x]
S1 SASKUTIL; \??\G:\Neuer Ordner\SASKUTIL.SYS [x]
U3 mbr; \??\C:\Users\User\AppData\Local\Temp\mbr.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-08-06 13:27 - 2013-08-06 13:27 - 00000000 ____D C:\FRST
2013-08-06 13:26 - 2013-08-06 13:26 - 01228808 _____ (Farbar) C:\Users\User\Desktop\FRST.exe
2013-08-06 13:19 - 2013-08-06 13:19 - 00000598 _____ C:\Users\User\Desktop\defogger_disable.log
2013-08-06 13:19 - 2013-08-06 13:19 - 00000156 _____ C:\Users\User\defogger_reenable
2013-08-06 13:18 - 2013-08-06 13:18 - 00050477 _____ C:\Users\User\Desktop\Defogger.exe
2013-08-06 13:13 - 2013-08-06 13:13 - 00022262 _____ C:\Users\User\Desktop\dds.txt
2013-08-06 13:13 - 2013-08-06 13:13 - 00009873 _____ C:\Users\User\Desktop\attach.txt
2013-08-06 13:10 - 2013-08-06 13:10 - 00700783 ____R (Swearware) C:\Users\User\Desktop\dds+.exe
2013-08-06 13:07 - 2013-08-06 13:07 - 00015362 _____ C:\Users\User\Desktop\AdwCleaner[S1].txt
2013-08-06 13:02 - 2013-08-06 13:06 - 00015362 _____ C:\AdwCleaner[S1].txt
2013-08-06 13:02 - 2013-08-06 13:02 - 00791488 _____ C:\Users\User\Downloads\ImageEditorSetup.exe
2013-08-06 13:02 - 2013-08-06 13:02 - 00666633 _____ C:\Users\User\Downloads\adwcleaner.exe
2013-08-06 08:08 - 2013-08-06 08:08 - 00000000 ____D C:\windows\system32\MRT
2013-08-06 08:08 - 2013-08-06 08:08 - 00000000 ____D C:\6e3ffb7815cbe27a668914aacbca93
2013-08-05 21:49 - 2013-08-06 13:04 - 00000000 ____D C:\ProgramData\eSafe
2013-08-05 21:48 - 2013-08-05 21:48 - 00000000 ____D C:\Users\User\AppData\Roaming\eIntaller
2013-08-03 04:44 - 2013-08-05 21:37 - 00000000 ____D C:\Users\User\Desktop\maria
2013-08-01 23:38 - 2013-08-01 23:38 - 00262515 _____ C:\Users\User\Downloads\Altklausuren.zip
2013-07-31 13:48 - 2013-07-31 13:48 - 00435712 _____ C:\Users\User\Downloads\awp11bg.ppt
2013-07-29 16:42 - 2013-07-31 19:40 - 00125275 ____H C:\Users\User\Documents\~WRL2837.tmp
2013-07-29 14:33 - 2013-07-29 14:33 - 00166400 _____ C:\Users\User\Downloads\wipol 2 - allokatives marktversagen.ppt
2013-07-28 14:11 - 2013-07-28 14:11 - 10120704 _____ C:\Users\User\Downloads\Int_Ec_Rel_and_Reg_Integr_SS_2013_17072013.ppt
2013-07-23 14:22 - 2013-07-23 14:23 - 00000000 ____D C:\Users\User\Downloads\VBL
2013-07-18 00:35 - 2013-07-24 22:51 - 00000000 ____D C:\Users\User\Downloads\externe
2013-07-15 10:52 - 2013-07-23 01:00 - 00000000 ____D C:\Users\User\Downloads\Informationsmanagment
2013-07-12 10:00 - 2013-06-12 01:43 - 14329856 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2013-07-12 10:00 - 2013-06-12 01:43 - 02877440 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2013-07-12 10:00 - 2013-06-12 01:43 - 01767936 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2013-07-12 10:00 - 2013-06-12 01:43 - 01141248 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2013-07-12 10:00 - 2013-06-12 01:43 - 00690688 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2013-07-12 10:00 - 2013-06-12 01:43 - 00493056 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2013-07-12 10:00 - 2013-06-12 01:43 - 00042496 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2013-07-12 10:00 - 2013-06-12 01:43 - 00039424 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2013-07-12 10:00 - 2013-06-12 01:42 - 13760512 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2013-07-12 10:00 - 2013-06-12 01:42 - 02046976 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2013-07-12 10:00 - 2013-06-12 01:42 - 00391168 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2013-07-12 10:00 - 2013-06-12 01:42 - 00109056 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2013-07-12 10:00 - 2013-06-12 01:42 - 00061440 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2013-07-12 10:00 - 2013-06-12 01:42 - 00033280 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2013-07-12 10:00 - 2013-06-12 00:51 - 00071680 _____ (Microsoft Corporation) C:\windows\system32\RegisterIEPKEYs.exe
2013-07-12 10:00 - 2013-06-07 04:37 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2013-07-11 15:14 - 2013-06-05 05:05 - 02347520 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2013-07-11 15:14 - 2013-06-04 06:53 - 00509440 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll
2013-07-11 15:14 - 2013-05-06 06:56 - 01620480 _____ (Microsoft Corporation) C:\windows\system32\WMVDECOD.DLL
2013-07-11 15:14 - 2013-04-10 01:34 - 01247744 _____ (Microsoft Corporation) C:\windows\system32\DWrite.dll

==================== One Month Modified Files and Folders =======

2013-08-06 13:27 - 2013-08-06 13:27 - 00000000 ____D C:\FRST
2013-08-06 13:26 - 2013-08-06 13:26 - 01228808 _____ (Farbar) C:\Users\User\Desktop\FRST.exe
2013-08-06 13:19 - 2013-08-06 13:19 - 00000598 _____ C:\Users\User\Desktop\defogger_disable.log
2013-08-06 13:19 - 2013-08-06 13:19 - 00000156 _____ C:\Users\User\defogger_reenable
2013-08-06 13:18 - 2013-08-06 13:18 - 00050477 _____ C:\Users\User\Desktop\Defogger.exe
2013-08-06 13:13 - 2013-08-06 13:13 - 00022262 _____ C:\Users\User\Desktop\dds.txt
2013-08-06 13:13 - 2013-08-06 13:13 - 00009873 _____ C:\Users\User\Desktop\attach.txt
2013-08-06 13:13 - 2009-07-14 06:34 - 00019760 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-06 13:13 - 2009-07-14 06:34 - 00019760 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-06 13:10 - 2013-08-06 13:10 - 00700783 ____R (Swearware) C:\Users\User\Desktop\dds+.exe
2013-08-06 13:07 - 2013-08-06 13:07 - 00015362 _____ C:\Users\User\Desktop\AdwCleaner[S1].txt
2013-08-06 13:06 - 2013-08-06 13:02 - 00015362 _____ C:\AdwCleaner[S1].txt
2013-08-06 13:04 - 2013-08-05 21:49 - 00000000 ____D C:\ProgramData\eSafe
2013-08-06 13:04 - 2013-06-11 21:58 - 00010316 _____ C:\windows\setupact.log
2013-08-06 13:04 - 2012-02-15 13:38 - 00001090 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-08-06 13:04 - 2009-07-14 06:53 - 00000006 ____H C:\windows\Tasks\SA.DAT
2013-08-06 13:03 - 2012-08-15 11:57 - 00000000 ____D C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2013-08-06 13:03 - 2011-05-13 21:34 - 00001007 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-08-06 13:03 - 2010-01-23 02:21 - 01621726 _____ C:\windows\WindowsUpdate.log
2013-08-06 13:03 - 2010-01-22 17:59 - 00001146 _____ C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-08-06 13:02 - 2013-08-06 13:02 - 00791488 _____ C:\Users\User\Downloads\ImageEditorSetup.exe
2013-08-06 13:02 - 2013-08-06 13:02 - 00666633 _____ C:\Users\User\Downloads\adwcleaner.exe
2013-08-06 08:08 - 2013-08-06 08:08 - 00000000 ____D C:\windows\system32\MRT
2013-08-06 08:08 - 2013-08-06 08:08 - 00000000 ____D C:\6e3ffb7815cbe27a668914aacbca93
2013-08-05 22:39 - 2012-08-15 11:55 - 00001116 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4234438737-965128108-3711115987-1001UA.job
2013-08-05 22:36 - 2012-07-31 10:36 - 00000884 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2013-08-05 22:36 - 2012-02-15 13:38 - 00001094 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-08-05 21:49 - 2012-08-15 11:57 - 00002552 _____ C:\Users\User\Desktop\chrome.lnk
2013-08-05 21:49 - 2010-01-31 18:23 - 00001573 _____ C:\Users\User\Desktop\Internet Explorer.lnk
2013-08-05 21:48 - 2013-08-05 21:48 - 00000000 ____D C:\Users\User\AppData\Roaming\eIntaller
2013-08-05 21:37 - 2013-08-03 04:44 - 00000000 ____D C:\Users\User\Desktop\maria
2013-08-05 21:35 - 2012-08-15 11:55 - 00001064 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4234438737-965128108-3711115987-1001Core.job
2013-08-05 12:08 - 2012-11-15 15:11 - 00000000 ____D C:\Users\User\Downloads\alt
2013-08-04 21:25 - 2009-09-20 16:47 - 00909458 _____ C:\windows\system32\PerfStringBackup.INI
2013-08-03 04:27 - 2009-07-14 04:37 - 00000000 ____D C:\windows\system32\wfp
2013-08-03 04:26 - 2010-02-02 19:37 - 00000000 ____D C:\Users\User\AppData\Roaming\Skype
2013-08-03 04:26 - 2009-07-14 04:37 - 00000000 ____D C:\windows\system32\NDF
2013-08-03 04:26 - 2009-07-14 04:37 - 00000000 ____D C:\windows\registration
2013-08-03 04:26 - 2009-07-14 04:37 - 00000000 ____D C:\windows\AppCompat
2013-08-01 23:38 - 2013-08-01 23:38 - 00262515 _____ C:\Users\User\Downloads\Altklausuren.zip
2013-08-01 06:41 - 2009-09-20 16:49 - 00000000 ____D C:\ProgramData\PDFC
2013-07-31 19:40 - 2013-07-29 16:42 - 00125275 ____H C:\Users\User\Documents\~WRL2837.tmp
2013-07-31 14:08 - 2010-01-31 18:52 - 00000052 _____ C:\windows\system32\DOErrors.log
2013-07-31 14:07 - 2011-10-26 16:49 - 00000000 _____ C:\windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2013-07-31 13:48 - 2013-07-31 13:48 - 00435712 _____ C:\Users\User\Downloads\awp11bg.ppt
2013-07-31 13:31 - 2013-01-31 14:47 - 00000136 ____H C:\Users\User\Downloads\.picasa.ini
2013-07-29 20:40 - 2011-05-13 20:35 - 00000000 ____D C:\Program Files\Google
2013-07-29 14:33 - 2013-07-29 14:33 - 00166400 _____ C:\Users\User\Downloads\wipol 2 - allokatives marktversagen.ppt
2013-07-28 14:11 - 2013-07-28 14:11 - 10120704 _____ C:\Users\User\Downloads\Int_Ec_Rel_and_Reg_Integr_SS_2013_17072013.ppt
2013-07-26 20:30 - 2010-01-22 18:24 - 00248388 _____ C:\windows\PFRO.log
2013-07-24 22:51 - 2013-07-18 00:35 - 00000000 ____D C:\Users\User\Downloads\externe
2013-07-23 14:23 - 2013-07-23 14:22 - 00000000 ____D C:\Users\User\Downloads\VBL
2013-07-23 01:00 - 2013-07-15 10:52 - 00000000 ____D C:\Users\User\Downloads\Informationsmanagment
2013-07-15 14:07 - 2010-04-27 12:00 - 01161216 ___SH C:\Users\User\Desktop\Thumbs.db
2013-07-13 00:17 - 2012-12-11 17:35 - 00000000 ___RD C:\Program Files\Skype
2013-07-13 00:17 - 2010-01-22 17:41 - 00000000 ____D C:\ProgramData\Skype
2013-07-12 11:45 - 2009-07-14 04:37 - 00000000 ____D C:\windows\Microsoft.NET
2013-07-12 10:20 - 2009-07-14 06:33 - 00475216 _____ C:\windows\system32\FNTCACHE.DAT
2013-07-12 10:19 - 2010-07-22 16:22 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-12 10:17 - 2009-07-27 13:09 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-12 10:17 - 2009-07-14 06:52 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-12 09:59 - 2009-09-20 16:54 - 00000000 ____D C:\ProgramData\Microsoft Help

Files to move or delete:
====================
C:\ProgramData\ism_0_llatsni.pad
C:\ProgramData\kcap_0paos.pad
C:\Users\User\AppData\Roaming\skype.dat
C:\Users\User\AppData\Roaming\skype.ini

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-08-02 08:50

==================== End Of Log ============================

--- --- ---

Zitat:

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 05-08-2013
Ran by User at 2013-08-06 13:28:28
Running from C:\Users\User\Desktop
Boot Mode: Normal
==========================================================

==================== Installed Programs =======================

Update for Microsoft Office 2007 (KB2508958)
µTorrent (Version: 3.0.0)
32 Bit HP CIO Components Installer (Version: 6.1.1)
4500_Help (Version: 1.00.0000)
7-Zip 4.65
ActivClient x86 (Version: 6.2)
Adobe AIR (Version: 2.0.4.13090)
Adobe Flash Player 11 ActiveX (Version: 11.7.700.224)
Adobe Flash Player 11 Plugin (Version: 11.7.700.224)
Adobe Reader XI (11.0.02) (Version: 11.0.02)
Anno 1701 (Version: 1.00)
ANSTOSS 3
ATI Catalyst Install Manager (Version: 3.0.732.0)
AuthenTec Fingerprint System (Version: 8.0.202.0)
Avira Free Antivirus (Version: 13.0.0.3885)
AVM FRITZ!Box USB-Fernanschluss (HKCU Version: 2.2.1.0)
bpd_scan (Version: 3.00.0000)
BPDSoftware (Version: 50.0.165.000)
BPDSoftware_Ini (Version: 1.00.0000)
BufferChm (Version: 130.0.331.000)
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center Core Implementation (Version: 2009.0804.1118.18368)
Catalyst Control Center Graphics Full Existing (Version: 2009.0804.1118.18368)
Catalyst Control Center Graphics Full New (Version: 2009.0804.1118.18368)
Catalyst Control Center Graphics Light (Version: 2009.0804.1118.18368)
Catalyst Control Center InstallProxy (Version: 2009.0804.1118.18368)
Catalyst Control Center Localization All (Version: 2009.0804.1118.18368)
CCC Help Chinese Standard (Version: 2009.0804.1117.18368)
CCC Help Chinese Traditional (Version: 2009.0804.1117.18368)
CCC Help Czech (Version: 2009.0804.1117.18368)
CCC Help Danish (Version: 2009.0804.1117.18368)
CCC Help Dutch (Version: 2009.0804.1117.18368)
CCC Help English (Version: 2009.0804.1117.18368)
CCC Help Finnish (Version: 2009.0804.1117.18368)
CCC Help French (Version: 2009.0804.1117.18368)
CCC Help German (Version: 2009.0804.1117.18368)
CCC Help Greek (Version: 2009.0804.1117.18368)
CCC Help Hungarian (Version: 2009.0804.1117.18368)
CCC Help Italian (Version: 2009.0804.1117.18368)
CCC Help Japanese (Version: 2009.0804.1117.18368)
CCC Help Korean (Version: 2009.0804.1117.18368)
CCC Help Norwegian (Version: 2009.0804.1117.18368)
CCC Help Polish (Version: 2009.0804.1117.18368)
CCC Help Portuguese (Version: 2009.0804.1117.18368)
CCC Help Russian (Version: 2009.0804.1117.18368)
CCC Help Spanish (Version: 2009.0804.1117.18368)
CCC Help Swedish (Version: 2009.0804.1117.18368)
CCC Help Thai (Version: 2009.0804.1117.18368)
CCC Help Turkish (Version: 2009.0804.1117.18368)
ccc-core-static (Version: 2009.0804.1118.18368)
ccc-utility (Version: 2009.0804.1118.18368)
CDBurnerXP (Version: 4.4.0.2905)
Citavi 4 (Version: 4.0.0.12)
Compatibility Pack für 2007 Office System (Version: 12.0.6612.1000)
Credential Manager for HP ProtectTools (Version: 4.1.5.1483)
DAEMON Tools Lite (Version: 4.40.2.0131)
DirectX 9 Runtime (Version: 1.00.0000)
DivX-Setup (Version: 2.3.1.2)
DownVision (Version: 1.0)
Drive Encryption for HP ProtectTools (Version: 4.0.24)
EA Download Manager (Version: 7.3.7.4)
ElsterFormular (Version: 14.1.20130301)
Empire Earth II
FIFA 10 (Version: 1.0.0.0)
FIFA 11 (Version: 1.0.0.0)
Free YouTube to MP3 Converter version 3.12.1.320 (Version: 3.12.1.320)
GIMP 2.8.4 (Version: 2.8.4)
Google Chrome (HKCU Version: 27.0.1453.110)
Google Earth Plug-in (Version: 7.1.1.1888)
Google Update Helper (Version: 1.3.21.153)
GPL MPEG-1/2 DirectShow Decoder Filter (Version: 0.1.2)
Hewlett-Packard ACLM.NET v1.2.1.1 (Version: 1.00.0000)
HP 3D DriveGuard (Version: 4.0.5.1)
HP Advisor (Version: 3.2.8946.3086)
HP Common Access Service Library (Version: 3.0.28.1)
HP Customer Experience Enhancements (Version: 6.0.1.3)
HP ESU for Microsoft Windows 7 (Version: 1.0.1.1)
HP Integrated Module with Bluetooth wireless technology (Version: 6.2.0.9602)
HP JavaCard for HP ProtectTools (Version: 04.10.9.0013)
HP Officejet J4500 Series (Version: 13.0)
HP ProtectTools Security Manager (Version: 04.10.9.0013)
HP ProtectTools Security Manager Suite (Version: 04.10.9.0013)
HP Quick Launch Buttons (Version: 6.50.4.2)
HP QuickLook (Version: 3.0.0.17)
HP Setup (Version: 1.2.3215.3078)
HP Software Setup (Version: 1.0.0.15)
HP Support Assistant (Version: 7.0.39.15)
HP User Guides 0136 (Version: 1.03.0002)
HP Wallpaper (Version: 1.0.1.11)
HP Web Camera (Version: 1.0.0)
HP Webcam (Version: 1.0)
HP Wireless Assistant (Version: 3.50.9.1)
ICQ7.4 (Version: 7.4)
Integrated Camera Driver Installer Package Ver.1.30.110.0 (Version: 1.30.110.0)
Intel® Matrix Storage Manager
J4500 (Version: 50.0.165.000)
K-Lite Codec Pack 6.8.0 (Full) (Version: 6.8.0)
LightScribe System Software (Version: 1.18.6.1)
LSI HDA Modem (Version: 2.2.100)
Malwarebytes Anti-Malware Version 1.62.0.1300 (Version: 1.62.0.1300)
Marvell Miniport Driver (Version: 10.70.5.3)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft .NET Framework 4.5 (Version: 4.5.50709)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000)
Microsoft Office Excel MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Groove MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office InfoPath MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Live Add-in 1.5 (Version: 2.0.4024.1)
Microsoft Office OneNote MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Italian) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Suite Activation Assistant (Version: 2.7)
Microsoft Office Word MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable - KB2467175 (Version: 8.0.51011)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Mozilla Firefox 17.0.1 (x86 en-US) (Version: 17.0.1)
Mozilla Maintenance Service (Version: 17.0.1)
MSVCRT (Version: 14.0.1468.721)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
No23 Recorder (Version: 2.1.0.3)
OpenAL
PCM Fast Editor (HKCU Version: 2.1.0.0)
PDF Complete Special Edition (Version: 3.5.108)
Picasa 3 (Version: 3.9)
Politik Tycoon 1.01
ProductContext (Version: 50.0.165.000)
QLBCASL (Version: 6.40.17.2)
Rainlendar2 (remove only)
Roxio Activation Module (Version: 1.0)
Roxio Creator Audio (Version: 3.8.0)
Roxio Creator Business (Version: 10.3)
Roxio Creator Business v10 (Version: 3.8.0)
Roxio Creator Copy (Version: 3.8.0)
Roxio Creator Data (Version: 3.8.0)
Roxio Creator Tools (Version: 3.8.0)
Roxio Express Labeler 3 (Version: 3.2.2)
Roxio MyDVD (Version: 10.3.349)
Scan (Version: 13.0.0.0)
SCR3xxx Smart Card Reader (Version: 8.35)
Skype™ 6.6 (Version: 6.6.106)
Sonic CinePlayer Decoder Pack (Version: 4.3.0)
SopCast 3.2.9 (Version: 3.2.9)
SoundMAX (Version: 6.10.1.7255)
Synaptics Pointing Device Driver (Version: 15.0.17.2)
Toolbox (Version: 130.0.648.000)
Tour de France 2011 - Der offizielle Radsport-Manager Version 1 (Version: 1.0.4.4)
Uninstall 1.0.0.1
Unity Web Player (HKCU Version: )
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4.5 (KB2750147) (Version: 1)
Update for Microsoft .NET Framework 4.5 (KB2805221) (Version: 1)
Update for Microsoft .NET Framework 4.5 (KB2805226) (Version: 1)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2817563) 32-Bit Edition
Update für Microsoft Office Excel 2007 Help (KB963678)
Update für Microsoft Office Outlook 2007 Help (KB963677)
Update für Microsoft Office Powerpoint 2007 Help (KB963669)
Update für Microsoft Office Word 2007 Help (KB963665)
VC80CRTRedist - 8.0.50727.4053 (Version: 1.1.0)
Veetle TV 0.9.18 (Version: 0.9.18)
VLC media player 1.1.4 (Version: 1.1.4)
WebReg (Version: 130.0.132.017)
Windows 7 Default Setting (Version: 1.0.0.6)
Windows Live Anmelde-Assistent (Version: 5.000.818.5)
Windows Live Call (Version: 14.0.8064.0206)
Windows Live Communications Platform (Version: 14.0.8064.206)
Windows Live Essentials (Version: 14.0.8089.0726)
Windows Live Essentials (Version: 14.0.8089.726)
Windows Live Fotogalerie (Version: 14.0.8081.709)
Windows Live Messenger (Version: 14.0.8089.0726)
Windows Live Movie Maker (Version: 14.0.8091.0730)
Windows Live Sync (Version: 14.0.8089.726)
Windows Live-Uploadtool (Version: 14.0.8014.1029)
Windows Media Player Firefox Plugin (Version: 1.0.0.8)
WinZip 12.0 (Version: 12.0.8252)
Wsys Control 1.0.0.2598 (Version: 1.0.0.2598)

==================== Restore Points =========================

11-07-2013 12:30:58 Geplanter Prüfpunkt
12-07-2013 07:51:33 Windows Update
22-07-2013 17:55:37 Geplanter Prüfpunkt
01-08-2013 05:43:22 Geplanter Prüfpunkt
01-08-2013 07:04:30 Wiederherstellungsvorgang
06-08-2013 06:07:29 Windows Update
06-08-2013 10:48:23 Windows Update
06-08-2013 10:53:08 Removed Java(TM) 6 Update 35

==================== Hosts content: ==========================

2010-06-13 01:01 - 2010-06-13 01:01 - 00012407 ____A C:\windows\system32\Drivers\etc\hosts
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "hxxp://www.w3.org/TR/html4/strict.dtd">
<html lang='en'>
<head>
<meta name="description" content="Yahoo! GeoCities offers you a free web site and all the tools you need to build a dynamic site. Features include easy-to-use site building tools, online help, web site statistics, secure and reliable hosting, and an intuitive control panel.">
<title>Yahoo! GeoCities: Get a web site with easy-to-use site building tools.</title>
<link rel="stylesheet" type="text/css" media="all" href="hxxp://l.yimg.com/a/combo?yui/2.5.2/build/reset-fonts-grids/reset-fonts-grids.css&smbiz/css/headfoot_6.css&smbiz/css/ysbs_glossary_1.css">
<link rel="stylesheet" type="text/css" media="all" href="hxxp://us.i1.yimg.com/us.yimg.com/lib/smbiz/css/geocities_84954.css"> <style>
h1 { line-height:30px;height:30px; padding-left:15px; font-weight:bold;font-size:1.6em;color:#1f296a;}
.services li { margin-left:1.0em; padding-left:0.5em; background:url("hxxp://l.yimg.com/a/lib/smbiz/i/geo_bullet_3x3_1.gif") no-repeat 0 0.5em; margin-bottom:0.5em;margin-left:1.5em;margin-right:0.5em;width:6em}
.services li {float:left; width:17em; font-size:116%;margin-top:0.8em}
.services { font-size:116%; padding-bottom:20px }
.learnmore a {color:#2882DE;font-size:16px}
.image_web {float:right; margin:15px 0 0 15px}
p {margin:20px;font-size:1em;}
h2 {margin:20px 0 0 20px;color:#1F296;font-weight:bold;font-size:1.25em;color:#1f296a;}
h3 {margin:20px;color:#1F296;font-weight:bold;font-size:1.15em;color:#1f296a;}
li.rule {border-top:solid 1px #DBE1E6;}
</style>
</head>
<body>


<div class="ez-mw" style ="height:900px;width:905px">
<div class="ez-wri ez-oh" style="width:900px">
<div class="ez-box"> <link type="text/css" rel="stylesheet" href="hxxp://l.yimg.com/a/lib/uh/15/css/uh-1.0.28.css">
<style type="text/css">
div#headerblock div{font-family:arial;}
#ygma{position:relative;z-index:99999;}
#ygma #ygma-search input{width:200px;}
#ygma #ygma-search{width:400px;}
</style>
<div id="ygma"><div id="ygmaheader"><div class="bd sp"><div id="ymenu" class="ygmaclr"><div id="mepanel"><ul id="mepanel-nav"><li class="me1"><em>New User? <a class="ygmasignup" title="Sign Up" href="hxxp://us.ard.yahoo.com/SIG=15u88cce2/M=650008.13654023.13693397.13153904/D=smallbiz/S=2023010636:HEAD/Y=YAHOO/EXP=1252098940/L=HzY9i9j8aIuVH8pzSp2qoCoWz37hF0qhZ1wABADc/B=RCQ9Atj8a20-/J=1252091740846210/K=88LB2KvJxEkW95HaZ4xf4Q/A=5836007/R=2/SIG=13j8rdsqp/*https://edit.yahoo.com/config/eval_register?.done=hxxp://smallbusiness.yahoo.com%2findex.html&.src=smbiz&.intl=us">Sign Up</a></em></li><li class="me2"><a title="Sign In" href="hxxp://us.ard.yahoo.com/SIG=15u88cce2/M=650008.13654023.13693397.13153904/D=smallbiz/S=2023010636:HEAD/Y=YAHOO/EXP=1252098940/L=HzY9i9j8aIuVH8pzSp2qoCoWz37hF0qhZ1wABADc/B=RCQ9Atj8a20-/J=1252091740846210/K=88LB2KvJxEkW95HaZ4xf4Q/A=5836007/R=3/SIG=13cm6p12o/*https://login.yahoo.com/config/login?.done=hxxp://geocities.yahoo.com&.src=smbiz&.intl=us">Sign In</a></li>
<li class="me3"><a href="hxxp://us.ard.yahoo.com/SIG=15uqalioe/M=650008.13654021.13693393.13153902/D=smallbiz/S=2023010636:HEAD/Y=YAHOO/EXP=1252098025/L=j.Ah_9j8aIuVH8pzSp2qoCg9z37hF0qhY8gACN48/B=zgw4Atj8a20-/J=1252090825225621/K=pmFpaSqI9UgVSmAu3nNNgw/A=5836006/R=7/SIG=11hjute28/*hxxp://help.yahoo.com/l/us/yahoo/geocities/" target="_top" title="Yahoo! Help Central">Help</a></li> </ul></div><div id="ygmapromo"><a style="font-weight:bold;" id="ygmaie8" href="hxxp://us.ard.yahoo.com/SIG=15vud5jbf/M=650008.13445975.13532322.12832737/D=smallbiz/S=2023010636:HPRM2/Y=YAHOO/EXP=1252098025/L=j.Ah_9j8aIuVH8pzSp2qoCg9z37hF0qhY8gACN48/B=0Qw4Atj8a20-/J=1252090825225621/K=pmFpaSqI9UgVSmAu3nNNgw/A=5706923/R=0/SIG=117bakia1/*hxxp://toolbar.yahoo.com/?.cpdl=ushdl" target="_top">Get Yahoo! Toolbar<abbr title="Yahoo! Toolbar"></abbr></a> <script language=javascript>
if(window.yzq_d==null)window.yzq_d=new Object();
window.yzq_d['0Qw4Atj8a20-']='&U=13hn349r9%2fN%3d0Qw4Atj8a20-%2fC%3d650008.13445975.13532322.12832737%2fD%3dHPRM2%2fB%3d5706923%2fV%3d1';
</script> <noscript><img width=1 height=1 alt="" src="hxxp://us.bc.yahoo.com/b?P=j.Ah_9j8aIuVH8pzSp2qoCg9z37hF0qhY8gACN48&T=144j596l3%2fX%3d1252090825%2fE%3d2023010636%2fR%3dsmallbiz%2fK%3d5%2fV%3d2.1%2fW%3dH%2fY%3dYAHOO%2fF%3d 1861688409%2fQ%3d-1%2fS%3d1%2fJ%3d8B68FCD8&U=13hn349r9%2fN%3d0Qw4Atj8a20-%2fC%3d650008.13445975.13532322.12832737%2fD%3dHPRM2%2fB%3d5706923%2fV%3d1"></noscript></div> <div id="pa"><div id="pa-wrapper"><ul id="pa2-nav" class="sp"><li class="pa1 sp"><a class="sp" href="hxxp://us.ard.yahoo.com/SIG=15uqalioe/M=650008.13654021.13693393.13153902/D=smallbiz/S=2023010636:HEAD/Y=YAHOO/EXP=1252098025/L=j.Ah_9j8aIuVH8pzSp2qoCg9z37hF0qhY8gACN48/B=zgw4Atj8a20-/J=1252090825225621/K=pmFpaSqI9UgVSmAu3nNNgw/A=5836006/R=8/SIG=10jmd0d5u/*hxxp://yahoo.com/" title="Yahoo!" target="_top">Yahoo!</a></li><li class="pa2 sp"><a class="sp" href="hxxp://us.ard.yahoo.com/SIG=15uqalioe/M=650008.13654021.13693393.13153902/D=smallbiz/S=2023010636:HEAD/Y=YAHOO/EXP=1252098025/L=j.Ah_9j8aIuVH8pzSp2qoCg9z37hF0qhY8gACN48/B=zgw4Atj8a20-/J=1252090825225621/K=pmFpaSqI9UgVSmAu3nNNgw/A=5836006/R=9/SIG=10n3m6b64/*hxxp://mail.yahoo.com" title="Yahoo! Mail" target="_top">Mail</a></li></ul><div id="pa-left" class="sp"></div><ul id="pa-nav" class="sp"><li class="pa3 sp"><a class="sp" href="hxxp://us.ard.yahoo.com/SIG=15uqalioe/M=650008.13654021.13693393.13153902/D=smallbiz/S=2023010636:HEAD/Y=YAHOO/EXP=1252098025/L=j.Ah_9j8aIuVH8pzSp2qoCg9z37hF0qhY8gACN48/B=zgw4Atj8a20-/J=1252090825225621/K=pmFpaSqI9UgVSmAu3nNNgw/A=5836006/R=10/SIG=10l2nj3k8/*hxxp://my.yahoo.com" title="My Yahoo!" target="_top">My Yahoo!</a></li><li class="pa4 sp"><a class="sp" href="hxxp://us.ard.yahoo.com/SIG=15uqalioe/M=650008.13654021.13693393.13153902/D=smallbiz/S=2023010636:HEAD/Y=YAHOO/EXP=1252098025/L=j.Ah_9j8aIuVH8pzSp2qoCg9z37hF0qhY8gACN48/B=zgw4Atj8a20-/J=1252090825225621/K=pmFpaSqI9UgVSmAu3nNNgw/A=5836006/R=11/SIG=10niob72s/*hxxp://news.yahoo.com" title="Yahoo! News" target="_top">News</a></li><li class="pa5 sp"><a class="sp" href="hxxp://us.ard.yahoo.com/SIG=15uqalioe/M=650008.13654021.13693393.13153902/D=smallbiz/S=2023010636:HEAD/Y=YAHOO/EXP=1252098025/L=j.Ah_9j8aIuVH8pzSp2qoCg9z37hF0qhY8gACN48/B=zgw4Atj8a20-/J=1252090825225621/K=pmFpaSqI9UgVSmAu3nNNgw/A=5836006/R=12/SIG=10q40gpus/*hxxp://finance.yahoo.com" title="Yahoo! Finance" target="_top">Finance</a></li><li class="pa6 sp"><a class="sp" href="hxxp://us.ard.yahoo.com/SIG=15uqalioe/M=650008.13654021.13693393.13153902/D=smallbiz/S=2023010636:HEAD/Y=YAHOO/EXP=1252098025/L=j.Ah_9j8aIuVH8pzSp2qoCg9z37hF0qhY8gACN48/B=zgw4Atj8a20-/J=1252090825225621/K=pmFpaSqI9UgVSmAu3nNNgw/A=5836006/R=13/SIG=10pcalhda/*hxxp://sports.yahoo.com" title="Yahoo! Sports" target="_top">Sports</a></li></ul><div id="pa-right" class="sp"></div></div></div></div><div id="yahoo" class="ygmaclr"><div id="ygmabot"><a id="ygmalogo" href="hxxp://us.ard.yahoo.com/SIG=15uqalioe/M=650008.13654021.13693393.13153902/D=smallbiz/S=2023010636:HEAD/Y=YAHOO/EXP=1252098025/L=j.Ah_9j8aIuVH8pzSp2qoCg9z37hF0qhY8gACN48/B=zgw4Atj8a20-/J=1252090825225621/K=pmFpaSqI9UgVSmAu3nNNgw/A=5836006/R=14/SIG=110k0lq1s/*hxxp://smallbusiness.yahoo.com" target="_top"><img id="ygmalogoimg" width="265" height="33" src="hxxp://l.yimg.com/a/i/us/geo/b/geo_ma_p_us_1.gif" alt="Yahoo! Small Business"></a></div><div id="ygma-search"><form class="ygmaclr" id="sf" action="hxxp://search.yahoo.com/search" method="GET"><fieldset><span class="ygma-search-wrapper" role="application"><input class="sp" type="text" id="ygmasearchInput" name="p" value="Search" onblur="if (this.value == ''){this.value='Search';this.style.color='#999';this.style.fontWeight='normal';}" onfocus="if (this.value == 'Search'){this.value='';this.style.color='#000';this.style.fontWeight='bold';}" maxlength="100" autocomplete="off" /><input type="hidden" id="fr" name="fr" value="ush-smbizc" /><div id="sat"></div></span><span class="ygma-search-wrapper"><span class="btn sp"><span class="first-child"><button name="ygmasrchbtn" id="ygmasrchbtn" value="Web Search" type="submit">Web Search </button></span></span></span></fieldset></form></div></div></div></div></div><script charset="utf-8" type="text/javascript" src="hxxp://l.yimg.com/a/lib/uh/15/js/uh-1.0.20.js"></script> <script language=javascript>
if(window.yzq_d==null)window.yzq_d=new Object();
window.yzq_d['zgw4Atj8a20-']='&U=13gmetml2%2fN%3dzgw4Atj8a20-%2fC%3d650008.13654021.13693393.13153902%2fD%3dHEAD%2fB%3d5836006%2fV%3d1';
</script>

</div>
</div>
<div class="ez-wr" style="width:898px;margin-top:1.5em">
<Div class="ez-l2a" id="wrapper">
<div class="ez-l2a-1 " style="width:898px">
<div class="ez-box">
<div class="ez-wr" >
<div class="ez-box" style="width:898px">
<h1>Sorry, the GeoCities web site you were trying to reach is no longer available.</h1>
</div>
</div>
<div class="ez-wr">
<div class="ez-box" id="boxyahoourls">
<p> GeoCities has closed, but there's a lot more to explore on Yahoo!</p>
<h2>Visit one of these popular Yahoo! sites:</h2>
<ul class= "services">
<li><a href="hxxp://mail.yahoo.com">Yahoo! Mail</a></li>
<li><a href="hxxp://smallbusiness.yahoo.com/webhosting">Web Hosting</a></li>
<li><a href="hxxp://news.yahoo.com">News</a></li>
<li><a href="hxxp://games.yahoo.com">Games</a></li>
<li><a href="hxxp://sports.yahoo.com/">Sports</a> </li>
<li><a href="hxxp://movies.yahoo.com">Movies</a></li>
<li><a href="hxxp://finance.yahoo.com">Finance</a></li>
<li><a href="hxxp://maps.yahoo.com">Maps</a></li>
</ul> </div>
<li class="rule"></li>
<p>The GeoCities site you were looking for may have been preserved in the Internet Archive's Wayback Machine. To find out, <a href="hxxp://www.archive.org/web/web.php" target="_blank">visit Archive.org</a> and enter the site's web address in the field provided.</p>
<li class="rule"></li>
</div>
</div>
</div> </div> <div class="ez-wr">
<div class="ez-box" style="text-align:center; margin-top:25px;">
<font size="-2" face="verdana">Copyright © 2009 <a href="hxxp://yahoo.com/">Yahoo!</a> Inc. All rights reserved.
<ul>
<li style="display:inline;"><a target="_top" href="hxxp://privacy.yahoo.com/privacy/us/geo/">Privacy Policy</a></li> - <li style="display:inline;"><a target="_top" href="hxxp://docs.yahoo.com/info/copyright/copyright.html">Copyright Policy</a></li> -
<li style="display:inline;"><a target="_top" href="hxxp://docs.yahoo.com/info/guidelines/community.html">Guidelines</a
></li> -
<li style="display:inline;"><a target="_top" href="hxxp://smallbusiness.yahoo.com/tos/tos.php">Terms of Service
</a></li> -
<li style="display:inline;"><a target="_top" href="hxxp://help.yahoo.com/help/us/geo/">Help</a></li>
</ul> </font>
</div>

</div> </div>
</body>
</html>
</object></layer></div></span></style></noscript></table></script></applet>
<IMG SRC="hxxp://geo.yahoo.com/serv?s=19190039&t=1276383808&f=us-w3" ALT=1 WIDTH=1 HEIGHT=1>

==================== Scheduled Tasks (whitelisted) =============

Task: {16380F69-E8DA-45D5-A26B-CBDF238850B7} - System32\Tasks\Adobe Flash Player Updater => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-12] (Adobe Systems Incorporated)
Task: {17B82C0B-9B66-4251-8B9A-73B7D32CF4FB} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {2DC3A668-B27C-46D6-82AE-4F4BAB873E37} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe [2010-02-11] (Microsoft Corporation)
Task: {314E6668-4A15-4235-836B-0DAED4475818} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4234438737-965128108-3711115987-1001Core => C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-15] (Google Inc.)
Task: {40394C94-EAFF-4FB7-B733-458E30AEF6E4} - System32\Tasks\{85AC5D8A-45EA-4F83-95E3-62AD103AFF50} => c:\users\user\appdata\local\google\chrome\application\chrome.exe [2013-05-29] (Google Inc.)
Task: {4FF6F0CF-7229-4B1C-BECF-F3FB41FD3564} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-02-15] (Google Inc.)
Task: {72F07AE8-180E-4E1D-84C4-1D7CBFFE5E1D} - System32\Tasks\User_Feed_Synchronization-{40AF3FB8-A870-4B2C-8DDD-F6110729DE13} => C:\windows\system32\msfeedssync.exe [2013-07-04] (Microsoft Corporation)
Task: {9968D575-8A32-43F0-9939-15B984191853} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4234438737-965128108-3711115987-1001UA => C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-15] (Google Inc.)
Task: {A9F79831-F37C-429C-B1C1-9FBFB7159EB3} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2012-09-05] (Hewlett-Packard Company)
Task: {AC28ADF1-CA1D-43D2-9328-FADFC6DDCC4A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-02-15] (Google Inc.)
Task: {DE954909-08BA-42DD-BCC0-09C7E65E3D9A} - System32\Tasks\GoforFilesUpdate => C:\Program Files\GoforFiles\GFFUpdater.exe No File
Task: {E6165F25-2084-4490-A078-47E8B19D7BAB} - System32\Tasks\Microsoft\Windows\MUI\Lpksetup => C:\windows\System32\lpksetup.exe [2010-11-20] (Microsoft Corporation)
Task: {F70049EA-D2DF-4316-9B1A-CBFAAA5C3A6C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4234438737-965128108-3711115987-1001Core.job => C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4234438737-965128108-3711115987-1001UA.job => C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Faulty Device Manager Devices =============

Name: SASKUTIL
Description: SASKUTIL
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: SASKUTIL
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: SASDIFSV
Description: SASDIFSV
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: SASDIFSV
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

==================== Event log errors: =========================

Application errors:
==================
Error: (08/04/2013 09:51:33 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: AsGHost.exe, Version: 3.1.1.74, Zeitstempel: 0x4a680dbf
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725, Zeitstempel: 0x4ec49b60
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00052cc7
ID des fehlerhaften Prozesses: 0x149c
Startzeit der fehlerhaften Anwendung: 0xAsGHost.exe0
Pfad der fehlerhaften Anwendung: AsGHost.exe1
Pfad des fehlerhaften Moduls: AsGHost.exe2
Berichtskennung: AsGHost.exe3

Error: (08/04/2013 09:51:20 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: AsGHost.exe, Version: 3.1.1.74, Zeitstempel: 0x4a680dbf
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725, Zeitstempel: 0x4ec49b60
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00070053
ID des fehlerhaften Prozesses: 0x149c
Startzeit der fehlerhaften Anwendung: 0xAsGHost.exe0
Pfad der fehlerhaften Anwendung: AsGHost.exe1
Pfad des fehlerhaften Moduls: AsGHost.exe2
Berichtskennung: AsGHost.exe3

Error: (08/02/2013 07:30:55 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: iexplore.exe, Version: 10.0.9200.16635, Zeitstempel: 0x51b7a921
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000001e
ID des fehlerhaften Prozesses: 0x15ec
Startzeit der fehlerhaften Anwendung: 0xiexplore.exe0
Pfad der fehlerhaften Anwendung: iexplore.exe1
Pfad des fehlerhaften Moduls: iexplore.exe2
Berichtskennung: iexplore.exe3

Error: (07/31/2013 07:38:52 PM) (Source: Application Hang) (User: )
Description: Programm WINWORD.EXE, Version 12.0.6668.5000 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1eec

Startzeit: 01ce8c44551cbc41

Endzeit: 96

Anwendungspfad: C:\Program Files\Microsoft Office\Office12\WINWORD.EXE

Berichts-ID: fe43f1d6-fa07-11e2-8528-18a905e37ce7

Error: (07/31/2013 06:57:57 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: chrome.exe, Version: 27.0.1453.110, Zeitstempel: 0x51a566a7
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725, Zeitstempel: 0x4ec49b60
Ausnahmecode: 0xc000000d
Fehleroffset: 0x00097c41
ID des fehlerhaften Prozesses: 0xe48
Startzeit der fehlerhaften Anwendung: 0xchrome.exe0
Pfad der fehlerhaften Anwendung: chrome.exe1
Pfad des fehlerhaften Moduls: chrome.exe2
Berichtskennung: chrome.exe3

Error: (07/30/2013 07:01:04 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: iexplore.exe, Version: 10.0.9200.16635, Zeitstempel: 0x51b7a921
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000001b
ID des fehlerhaften Prozesses: 0x3b6c
Startzeit der fehlerhaften Anwendung: 0xiexplore.exe0
Pfad der fehlerhaften Anwendung: iexplore.exe1
Pfad des fehlerhaften Moduls: iexplore.exe2
Berichtskennung: iexplore.exe3

Error: (07/28/2013 10:06:28 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: iexplore.exe, Version: 10.0.9200.16635, Zeitstempel: 0x51b7a921
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000001c
ID des fehlerhaften Prozesses: 0x4bc
Startzeit der fehlerhaften Anwendung: 0xiexplore.exe0
Pfad der fehlerhaften Anwendung: iexplore.exe1
Pfad des fehlerhaften Moduls: iexplore.exe2
Berichtskennung: iexplore.exe3

Error: (07/28/2013 10:02:38 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: iexplore.exe, Version: 10.0.9200.16635, Zeitstempel: 0x51b7a921
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000018
ID des fehlerhaften Prozesses: 0x2034
Startzeit der fehlerhaften Anwendung: 0xiexplore.exe0
Pfad der fehlerhaften Anwendung: iexplore.exe1
Pfad des fehlerhaften Moduls: iexplore.exe2
Berichtskennung: iexplore.exe3

Error: (07/26/2013 06:52:58 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: iexplore.exe, Version: 10.0.9200.16635, Zeitstempel: 0x51b7a921
Name des fehlerhaften Moduls: Flash32_11_7_700_224.ocx, Version: 11.7.700.224, Zeitstempel: 0x51a673ec
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0059985d
ID des fehlerhaften Prozesses: 0x2e4c
Startzeit der fehlerhaften Anwendung: 0xiexplore.exe0
Pfad der fehlerhaften Anwendung: iexplore.exe1
Pfad des fehlerhaften Moduls: iexplore.exe2
Berichtskennung: iexplore.exe3

Error: (07/26/2013 07:47:02 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: AsGHost.exe, Version: 3.1.1.74, Zeitstempel: 0x4a680dbf
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725, Zeitstempel: 0x4ec49b60
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00052cc7
ID des fehlerhaften Prozesses: 0xc68
Startzeit der fehlerhaften Anwendung: 0xAsGHost.exe0
Pfad der fehlerhaften Anwendung: AsGHost.exe1
Pfad des fehlerhaften Moduls: AsGHost.exe2
Berichtskennung: AsGHost.exe3

System errors:
=============
Error: (08/06/2013 01:06:23 PM) (Source: Service Control Manager) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
SASDIFSV
SASKUTIL
sfdrv01
sfvfs02

Error: (08/06/2013 01:06:10 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "McAfee Virus and Spyware Protection Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error: (08/06/2013 01:06:09 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "EngineServer" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error: (08/06/2013 01:06:08 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "SAS Core Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error: (08/06/2013 01:06:08 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Wsys Service" wurde nicht richtig gestartet.

Error: (08/06/2013 01:04:43 PM) (Source: atikmdag) (User: )
Description: Display is not active

Error: (08/06/2013 01:04:43 PM) (Source: atikmdag) (User: )
Description: CPLIB :: General - Invalid Parameter

Error: (08/06/2013 01:04:41 PM) (Source: atikmdag) (User: )
Description: Display is not active

Error: (08/06/2013 01:04:41 PM) (Source: atikmdag) (User: )
Description: CPLIB :: General - Invalid Parameter

Error: (08/06/2013 01:04:24 PM) (Source: Application Popup) (User: )
Description: Treiber sfdrv01.sys konnte nicht geladen werden.

Microsoft Office Sessions:
=========================
Error: (05/22/2013 03:59:37 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 10468 seconds with 240 seconds of active time. This session ended with a crash.

Error: (05/13/2013 08:15:25 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 8889 seconds with 240 seconds of active time. This session ended with a crash.

Error: (04/16/2013 02:34:06 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 9106 seconds with 0 seconds of active time. This session ended with a crash.

Error: (03/13/2013 02:23:21 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 8 seconds with 0 seconds of active time. This session ended with a crash.

Error: (11/26/2012 03:00:06 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6662.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 13067 seconds with 180 seconds of active time. This session ended with a crash.

Error: (08/05/2011 02:00:00 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 4456 seconds with 0 seconds of active time. This session ended with a crash.

Error: (11/15/2010 01:46:51 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 52 seconds with 0 seconds of active time. This session ended with a crash.

==================== Memory info ===========================

Percentage of memory in use: 45%
Total physical RAM: 3036.27 MB
Available physical RAM: 1656.59 MB
Total Pagefile: 6070.82 MB
Available Pagefile: 4430.38 MB
Total Virtual: 2047.88 MB
Available Virtual: 1892.99 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:448.47 GB) (Free:205.77 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (HP_TOOLS) (Fixed) (Total:1.99 GB) (Free:1.91 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 466 GB) (Disk ID: DC4BB5EC)
Partition 1: (Active) - (Size=300 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=448 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=15 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=2 GB) - (Type=0C)

==================== End Of Log ============================

GMER Logfile:

Code:

ATTFilter

GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-08-06 14:12:24
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST950042 rev.0006 465,76GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\User\AppData\Local\Temp\kxldapob.sys


---- Kernel code sections - GMER 2.1 ----

.text           ntkrnlpa.exe!ZwRollbackEnlistment + 140D                                                         8304C9F5 1 Byte  [06]
.text           ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                           830861F2 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
?               C:\windows\System32\Drivers\SafeBoot.sys                                                         Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.
.text           C:\windows\system32\DRIVERS\atikmdag.sys                                                         section is writeable [0x9662B000, 0x2D51CE, 0xE8000020]
.text           C:\windows\system32\DRIVERS\atksgt.sys                                                           section is writeable [0x9E1B7300, 0x3B6D8, 0xE8000020]
.text           C:\windows\system32\DRIVERS\lirsgt.sys                                                           section is writeable [0x9E1FA300, 0x1BEE, 0xE8000020]
?               C:\Users\User\AppData\Local\Temp\mbr.sys                                                         Das System kann die angegebene Datei nicht finden. !

---- Devices - GMER 2.1 ----

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                          Wdf01000.sys
AttachedDevice  \Driver\tdx \Device\Tcp                                                                          mfetdik.sys
AttachedDevice  \Driver\tdx \Device\Udp                                                                          mfetdik.sys
AttachedDevice  \FileSystem\fastfat \Fat                                                                         fltmgr.sys

---- Registry - GMER 2.1 ----

Reg             HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002713591c59                      
Reg             HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002713591c59 (not active ControlSet)  

---- EOF - GMER 2.1 ----

--- --- ---
So mehr habe ich noch nicht gemacht. Achja Avira hat natürlich nix gefunden. Würde mich sehr über eure Hilfe freuen. Vielen Dank schonmal im Vorraus

cosinus · 06.08.2013, 15:42

Hallo und

JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

Danach eine neues Log mit Farbars Tool bitte:

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

Maria22 · 06.08.2013, 15:54

Nach dem starten von JRT kommt die folgende Meldung:

Zitat:

A bad module has been detected!
A reboot is reqired to move modules.

Press `y`to reboot now
Press `n`to reboot later

als dann y drücken? (Sry wahrscheinlich ne dumme Frage :-(

cosinus · 06.08.2013, 15:56

y drücken, das wird deinen Rechner neustarten und JRT sollte weitermachen, ansonsten bitte posten was passiert ist

Zitat:

Microsoft Office Enterprise 2007

btw, wieso hast du eine Enterprise Edition von MS-Office drauf, diese Edition ist nur für Firmenkunden als sehr teure Volumenlizenz verfügbar!!

Maria22 · 06.08.2013, 16:14

Vielen Dank für die schnelle Hilfe :-)

Hier die Logdateien:

Zitat:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.3.4 (08.06.2013:1)
OS: Windows 7 Home Premium x86
Ran by User on 06.08.2013 at 17:09:10,14
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\esafeseccontrol

~~~ Files

Successfully deleted [File] C:\windows\system32\Tasks\CreateChoiceProcessTask
Successfully deleted: [File] "C:\Program Files\adobe\reader 10.0\reader\plug_ins\babylon\babylonrpi.api"
Successfully deleted: [File] "C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\babylon.lnk"
Successfully disinfected: [Shortcut] C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
Successfully disinfected: [Shortcut] C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk
Successfully repaired: [Shortcut] C:\Users\User\desktop\chrome.lnk
Successfully repaired: [Shortcut] C:\Users\User\desktop\Internet Explorer.lnk

~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\esafe"
Successfully deleted: [Folder] "C:\Users\User\AppData\Roaming\babylon"
Successfully deleted: [Folder] "C:\Users\User\AppData\Roaming\dvdvideosoftiehelpers"
Successfully deleted: [Folder] "C:\Users\User\AppData\Roaming\goforfiles"
Successfully deleted: [Folder] "C:\Users\User\AppData\Roaming\opencandy"
Successfully deleted: [Folder] "C:\Users\User\appdata\local\babylon"
Successfully deleted: [Folder] "C:\Users\User\appdata\local\conduit"
Successfully deleted: [Folder] "C:\Users\User\appdata\locallow\boost_interprocess"
Successfully deleted: [Folder] "C:\Users\User\appdata\locallow\conduit"
Successfully deleted: [Folder] "C:\Users\User\appdata\locallow\pricegong"

~~~ FireFox

Successfully deleted: [Folder] C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\r9xl3eaq.default\extensions\ffxtlbr@babylon.com
Successfully deleted: [Folder] C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\r9xl3eaq.default\extensions\{acaa314b-eeba-48e4-ad47-84e31c44796c}
Successfully deleted the following from C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\r9xl3eaq.default\prefs.js

user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");
user_pref("browser.newtab.url", "hxxp://search.babylon.com/?affID=119292&babsrc=NT_ss&mntrId=2690001E648DB6DD");
user_pref("browser.search.defaultenginename", "qvo6");
user_pref("browser.search.order.1", "qvo6");
user_pref("browser.startup.homepage", "hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&from=cor&uid=ST9500420AS_5VJ2ZAL9&ts=1375732143");
user_pref("extensions.BabylonToolbar.aflt", "babclient");
user_pref("extensions.BabylonToolbar.bbDpng", 1);
user_pref("extensions.BabylonToolbar.dfltLng", "en");
user_pref("extensions.BabylonToolbar.firstRun", false);
user_pref("extensions.BabylonToolbar.id", "2690ce8b000000000000001e648db6dc");
user_pref("extensions.BabylonToolbar.instlDay", "15211");
user_pref("extensions.BabylonToolbar.instlRef", "std");
user_pref("extensions.BabylonToolbar.keyWordUrl", "hxxp://search.babylon.com/?babsrc=SP_&q={searchTerms}&mntrId=2690ce8b000000000000001e648db6dc&tlver=1.4.35.10&");
user_pref("extensions.BabylonToolbar.lastDP", 1);
user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.4.35.100:44:10");
user_pref("extensions.BabylonToolbar.mntrFFxVrsn", "4.0");
user_pref("extensions.BabylonToolbar.newTab", true);
user_pref("extensions.BabylonToolbar.newTabUrl", "hxxp://search.babylon.com/?babsrc=NT_bb");
user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
user_pref("extensions.BabylonToolbar.propectorlck", 66666828);
user_pref("extensions.BabylonToolbar.prtkHmpg", 1);
user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
user_pref("extensions.BabylonToolbar.ptch_0717", true);
user_pref("extensions.BabylonToolbar.smplGrp", "none");
user_pref("extensions.BabylonToolbar.srchPrvdr", "Search the web (Babylon)");
user_pref("extensions.BabylonToolbar.tlbrId", "base");
user_pref("extensions.BabylonToolbar.vrsn", "1.4.35.10");
user_pref("extensions.BabylonToolbar.vrsnTs", "1.4.35.100:44:10");
user_pref("keyword.URL", "hxxp://search.babylon.com/?babsrc=toolbar2&q=");
Emptied folder: C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\r9xl3eaq.default\minidumps [37 files]

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 06.08.2013 at 17:12:02,01
Computer was rebooted
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 05-08-2013
Ran by User (administrator) on 06-08-2013 17:14:13
Running from C:\Users\User\Desktop
Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(AuthenTec, Inc.) C:\Program Files\Fingerprint Sensor\AtService.exe
(AMD) C:\windows\system32\atiesrxx.exe
(AMD) C:\windows\system32\atieclxx.exe
(Hewlett-Packard) C:\windows\system32\Hpservice.exe
(Bioscrypt Inc.) C:\Program Files\Hewlett-Packard\IAM\Bin\AsGHost.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
() C:\Program Files\DivX\DivX Update\DivXUpdate.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe
(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\acevents.exe
(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
(ActivIdentity) C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe
(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\acevents.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Andrea Electronics Corporation) C:\windows\system32\AEADISRV.EXE
(LSI Corporation) C:\Program Files\LSI SoftModem\agrsmsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(McAfee, Inc.) C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
(PDF Complete Inc) C:\Program Files\PDF Complete\pdfsvc.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
() C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\windows\system32\wuauclt.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [QlbCtrl.exe] - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [288312 2009-07-28] ( Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [IAAnotif] - C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-08-25] (Intel Corporation)
HKLM\...\Run: [PDF Complete] - C:\Program Files\PDF Complete\pdfsty.exe [563736 2009-06-18] (PDF Complete Inc)
HKLM\...\Run: [WirelessAssistant] - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [498744 2009-07-23] (Hewlett-Packard)
HKLM\...\Run: [MVS Splash] - C:\Program Files\McAfee\Managed VirusScan\Agent\Splash.exe [x]
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1721640 2010-08-17] (Synaptics Incorporated)
HKLM\...\Run: [StartCCC] - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-08-04] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [GrooveMonitor] - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [DivXUpdate] - C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1230704 2011-01-11] ()
HKLM\...\Run: [SoundMAXPnP] - C:\Program Files\Analog Devices\Core\smax4pnp.exe [1314816 2009-05-18] (Analog Devices, Inc.)
HKLM\...\Run: [SoundMAX] - C:\Program Files\Analog Devices\SoundMAX\soundmax.exe [3866624 2009-05-18] (Analog Devices, Inc.)
HKLM\...\Run: [acevents] - C:\Program Files\ActivIdentity\ActivClient\acevents.exe [153640 2009-06-03] (ActivIdentity)
HKLM\...\Run: [] -  [x]
HKLM\...\Run: [accrdsub] - C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe [400936 2009-06-03] (ActivIdentity)
HKLM\...\Run: [PTHOSTTR] - C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start [x]
HKLM\...\Run: [CognizanceTS] - C:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll [24848 2009-07-23] (Bioscrypt Inc.)
HKLM\...\Run: [Malwarebytes' Anti-Malware] - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [462920 2012-07-03] (Malwarebytes Corporation)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [946352 2012-12-18] (Adobe Systems Incorporated)
HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [345144 2013-06-27] (Avira Operations GmbH & Co. KG)
HKLM\...\runonceex: [ContentMerger] - c:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\ContentMerger10.exe [19952 2009-06-13] (Sonic Solutions)
Winlogon\Notify\!SASWinLogon: G:\Neuer Ordner\SASWINLO.DLL [X]
HKCU\...\Run: [SUPERAntiSpyware] - G:\Neuer Ordner\SUPERAntiSpyware.exe [x]
HKCU\...\Run: [Google Update] - C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-08-15] (Google Inc.)
HKCU\...\Run: [GoogleChromeAutoLaunch_BCEA24321E5E4F1401136BBEDFB545FE] - C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe [825808 2013-05-29] (Google Inc.)
HKCU\...\Policies\system: [DisableCMD] 0
MountPoints2: {3464dca5-900b-11e0-8fb6-18a905e37ce7} - D:\Autorun.exe
MountPoints2: {e1b32d32-07b4-11df-ac17-806e6f6e6963} - F:\Launcher.exe
HKU\Default\...\Run: [HPADVISOR] - C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe [ 2009-07-16] (Hewlett-Packard)
HKU\Default User\...\Run: [HPADVISOR] - C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe [ 2009-07-16] (Hewlett-Packard)
Lsa: [Notification Packages] scecli ASWLNPkg
Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Upgrade to Google Chrome
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Upgrade to Google Chrome
URLSearchHook: (No Name) - {b80f591e-fe9a-46cf-a13e-180377240586} -  No File
SearchScopes: HKLM - DefaultScope value is missing.
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
BHO: DivX HiQ - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO: Citavi Picker - {609D670F-B735-4da7-AC6D-F3BD358E325E} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: No Name - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -  No File
BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
BHO: Credential Manager for HP ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll (Bioscrypt Inc.)
BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKCU -No Name - {B80F591E-FE9A-46CF-A13E-180377240586} -  No File
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler: myrm - {4D034FC3-013F-4b95-B544-44D49ABE3E76} - C:\Program Files\McAfee\Managed VirusScan\Agent\myRmProt4.9.2.329.dll No File
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - G:\Neuer Ordner\SASSEH.DLL No File [ ]
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\r9xl3eaq.default
FF SelectedSearchEngine: Google
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @google.com/npPicasa3,version=3.0.0 - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=1.6.0_35 - C:\windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @pages.tvunetworks.com/WebPlayer - C:\windows\system32\TVUAx\npTVUAx.dll (TVU networks)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @veetle.com/veetleCorePlugin,version=0.9.18 - C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF Plugin: @veetle.com/veetlePlayerPlugin,version=0.9.18 - C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\User\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\User\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\User\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Extension: ProxTube - Gesperrte YouTube Videos entsperren - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\r9xl3eaq.default\Extensions\ich@maltegoetz.de
FF Extension: pencil - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\r9xl3eaq.default\Extensions\pencil@evolus.vn.xpi
FF Extension: Default - C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video
FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video
FF HKLM\...\Firefox\Extensions: [{6904342A-8307-11DF-A508-4AE2DFD72085}] C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa
FF Extension: DivX HiQ - C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa

Chrome: 
=======
CHR HomePage: hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&from=cor&uid=ST9500420AS_5VJ2ZAL9&ts=1375732143
CHR RestoreOnStartup: "hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&from=cor&uid=ST9500420AS_5VJ2ZAL9&ts=1375732143"
CHR DefaultSearchURL: (qvo6) - hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=cor&from=cor&uid=ST9500420AS_5VJ2ZAL9&ts=1375732143&type=default&q={searchTerms}
CHR DefaultSuggestURL: (qvo6) -       "suggest_url": "",
CHR Plugin: (Shockwave Flash) - C:\Users\User\AppData\Local\Google\Chrome\Application\21.0.1180.79\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Shockwave Flash) - C:\Users\User\AppData\Local\Google\Chrome\Application\27.0.1453.110\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll No File
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\User\AppData\Local\Google\Chrome\Application\27.0.1453.110\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\User\AppData\Local\Google\Chrome\Application\27.0.1453.110\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.290.11) - C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U29) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
CHR Plugin: (DivX Web Player) - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Picasa) - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll No File
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (Veetle TV Player) - C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
CHR Plugin: (Veetle TV Core) - C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
CHR Plugin: (Windows Live\u00AE Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (TVU Web Player for FireFox) - C:\windows\system32\TVUAx\npTVUAx.dll (TVU networks)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Extension: (ProxTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aakchaleigkohafkfjfjbblobjifikek\1.2.3_0
CHR Extension: (DivX HiQ) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae\2.1.1.94_0
CHR Extension: (AdBlock) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.4_0
CHR Extension: (DVDVideoSoft Browser Extension) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.0_0
CHR Extension: (DivX Plus Web Player HTML5 \u003Cvideo\u003E) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.1.94_0
CHR Extension: (Citavi Picker) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\piehhloihgjjiomhieeddiidpekaajio\2013.4.29_0
CHR HKLM\...\Chrome\Extension: [aakchaleigkohafkfjfjbblobjifikek] - C:\Users\User\AppData\LocalLow\proxtube\CHROME\proxtube.crx
CHR HKLM\...\Chrome\Extension: [fnjbmmemklcjgepojigaapkoodmkgbae] - C:\Program Files\DivX\DivX Plus Web Player\google_chrome\wpa\wpa.crx
CHR HKLM\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files\DivX\DivX Plus Web Player\google_chrome\html5video\html5video.crx
CHR HKLM\...\Chrome\Extension: [piehhloihgjjiomhieeddiidpekaajio] - C:\ProgramData\Swiss Academic Software\Citavi Picker\Chrome\ChromePicker.crx

========================== Services (Whitelisted) =================

R2 ac.sharedstore; C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe [207400 2009-06-03] (ActivIdentity)
R2 AgereModemAudio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [26112 2009-12-03] (LSI Corporation)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [84024 2013-06-27] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [108088 2013-06-27] (Avira Operations GmbH & Co. KG)
S2 appdrvrem01; C:\Windows\System32\appdrvrem01.exe [316888 2012-05-09] (Protection Technology)
R2 ASBroker; C:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll [192784 2009-07-23] (Bioscrypt Inc.)
R2 ASChannel; C:\Program Files\Hewlett-Packard\IAM\Bin\AsChnl.dll [150288 2009-07-23] (Bioscrypt Inc.)
R2 ATService; C:\Program Files\Fingerprint Sensor\AtService.exe [1201400 2009-07-29] (AuthenTec, Inc.)
R2 HpFkCryptService; C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [256544 2009-07-29] (McAfee, Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [655944 2012-07-03] (Malwarebytes Corporation)
R2 pdfcDispatcher; C:\Program Files\PDF Complete\pdfsvc.exe [635416 2009-06-18] (PDF Complete Inc)
R2 yksvc; C:\Windows\System32\yk62x86.dll [282624 2009-07-20] (Marvell)
S2 !SASCORE; "G:\Neuer Ordner\SASCORE.EXE" [x]
S2 EngineServer; C:\PROGRA~1\McAfee\MANAGE~1\VScan\ENGINE~1.EXE [x]
S3 HP ProtectTools Service; "C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe" [x]
S2 myAgtSvc; "C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.Exe" /ServiceStart [x]
S2 WsysSvc; C:\ProgramData\eSafe\eGdpSvc.exe [x]

==================== Drivers (Whitelisted) ====================

R3 5U876UVC; C:\Windows\System32\DRIVERS\5U876.sys [118656 2009-06-30] (Ricoh co.,Ltd.)
R1 appdrv01; C:\Windows\System32\Drivers\appdrv01.sys [3332784 2012-05-09] (Protection Technology)
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [281760 2011-01-16] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [84744 2013-04-01] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135136 2013-04-01] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-04-01] (Avira Operations GmbH & Co. KG)
R3 avmaudio; C:\Windows\System32\DRIVERS\avmaudio.sys [101248 2011-10-17] (AVM Berlin)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [218688 2011-06-06] (DT Soft Ltd)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [25888 2011-01-16] ()
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [22344 2012-07-03] (Malwarebytes Corporation)
R1 mfetdik; C:\Windows\System32\drivers\mfetdik.sys [55336 2009-05-16] (McAfee, Inc.)
S3 NETw1v32; C:\Windows\System32\DRIVERS\NETw1v32.sys [5958656 2009-07-21] (Intel Corporation)
R1 RsvLock; C:\Windows\System32\Drivers\RsvLock.sys [12528 2009-07-29] (SafeBoot International)
R0 SafeBoot; C:\Windows\System32\Drivers\SafeBoot.sys [109216 2009-07-29] ()
R0 SbAlg; C:\Windows\System32\Drivers\SbAlg.sys [51408 2009-07-29] (SafeBoot N.V.)
R0 SbFsLock; C:\Windows\System32\Drivers\SbFsLock.sys [12960 2009-07-29] (SafeBoot International)
S0 sfvfs02; C:\Windows\System32\drivers\sfvfs02.sys [66560 2005-05-16] (Protection Technology)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-03-03] (Avira GmbH)
S1 SASDIFSV; \??\G:\Neuer Ordner\SASDIFSV.SYS [x]
S1 SASKUTIL; \??\G:\Neuer Ordner\SASKUTIL.SYS [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-08-06 17:12 - 2013-08-06 17:12 - 00004782 _____ C:\Users\User\Desktop\JRT.txt
2013-08-06 16:55 - 2013-08-06 16:55 - 00000000 ____D C:\windows\ERUNT
2013-08-06 16:54 - 2013-08-06 16:55 - 00000000 ____D C:\Users\User\Desktop\Trojaner
2013-08-06 16:53 - 2013-08-06 16:53 - 00563461 _____ (Oleg N. Scherbakov) C:\Users\User\Desktop\JRT.exe
2013-08-06 13:27 - 2013-08-06 13:27 - 00000000 ____D C:\FRST
2013-08-06 13:26 - 2013-08-06 13:26 - 01228808 _____ (Farbar) C:\Users\User\Desktop\FRST.exe
2013-08-06 13:19 - 2013-08-06 13:19 - 00000156 _____ C:\Users\User\defogger_reenable
2013-08-06 13:02 - 2013-08-06 13:06 - 00015362 _____ C:\AdwCleaner[S1].txt
2013-08-06 13:02 - 2013-08-06 13:02 - 00791488 _____ C:\Users\User\Downloads\ImageEditorSetup.exe
2013-08-06 13:02 - 2013-08-06 13:02 - 00666633 _____ C:\Users\User\Downloads\adwcleaner.exe
2013-08-06 08:08 - 2013-08-06 08:08 - 00000000 ____D C:\windows\system32\MRT
2013-08-06 08:08 - 2013-08-06 08:08 - 00000000 ____D C:\6e3ffb7815cbe27a668914aacbca93
2013-08-05 21:48 - 2013-08-05 21:48 - 00000000 ____D C:\Users\User\AppData\Roaming\eIntaller
2013-08-03 04:44 - 2013-08-05 21:37 - 00000000 ____D C:\Users\User\Desktop\maria
2013-08-01 23:38 - 2013-08-01 23:38 - 00262515 _____ C:\Users\User\Downloads\Altklausuren.zip
2013-07-31 13:48 - 2013-07-31 13:48 - 00435712 _____ C:\Users\User\Downloads\awp11bg.ppt
2013-07-29 16:42 - 2013-07-31 19:40 - 00125275 ____H C:\Users\User\Documents\~WRL2837.tmp
2013-07-29 14:33 - 2013-07-29 14:33 - 00166400 _____ C:\Users\User\Downloads\wipol 2 - allokatives marktversagen.ppt
2013-07-28 14:11 - 2013-07-28 14:11 - 10120704 _____ C:\Users\User\Downloads\Int_Ec_Rel_and_Reg_Integr_SS_2013_17072013.ppt
2013-07-23 14:22 - 2013-07-23 14:23 - 00000000 ____D C:\Users\User\Downloads\VBL
2013-07-18 00:35 - 2013-07-24 22:51 - 00000000 ____D C:\Users\User\Downloads\externe
2013-07-15 10:52 - 2013-07-23 01:00 - 00000000 ____D C:\Users\User\Downloads\Informationsmanagment
2013-07-12 10:00 - 2013-06-12 01:43 - 14329856 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2013-07-12 10:00 - 2013-06-12 01:43 - 02877440 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2013-07-12 10:00 - 2013-06-12 01:43 - 01767936 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2013-07-12 10:00 - 2013-06-12 01:43 - 01141248 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2013-07-12 10:00 - 2013-06-12 01:43 - 00690688 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2013-07-12 10:00 - 2013-06-12 01:43 - 00493056 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2013-07-12 10:00 - 2013-06-12 01:43 - 00042496 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2013-07-12 10:00 - 2013-06-12 01:43 - 00039424 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2013-07-12 10:00 - 2013-06-12 01:42 - 13760512 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2013-07-12 10:00 - 2013-06-12 01:42 - 02046976 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2013-07-12 10:00 - 2013-06-12 01:42 - 00391168 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2013-07-12 10:00 - 2013-06-12 01:42 - 00109056 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2013-07-12 10:00 - 2013-06-12 01:42 - 00061440 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2013-07-12 10:00 - 2013-06-12 01:42 - 00033280 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2013-07-12 10:00 - 2013-06-12 00:51 - 00071680 _____ (Microsoft Corporation) C:\windows\system32\RegisterIEPKEYs.exe
2013-07-12 10:00 - 2013-06-07 04:37 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2013-07-11 15:14 - 2013-06-05 05:05 - 02347520 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2013-07-11 15:14 - 2013-06-04 06:53 - 00509440 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll
2013-07-11 15:14 - 2013-05-06 06:56 - 01620480 _____ (Microsoft Corporation) C:\windows\system32\WMVDECOD.DLL
2013-07-11 15:14 - 2013-04-10 01:34 - 01247744 _____ (Microsoft Corporation) C:\windows\system32\DWrite.dll

==================== One Month Modified Files and Folders =======

2013-08-06 17:12 - 2013-08-06 17:12 - 00004782 _____ C:\Users\User\Desktop\JRT.txt
2013-08-06 17:12 - 2012-08-15 11:57 - 00002358 _____ C:\Users\User\Desktop\chrome.lnk
2013-08-06 17:12 - 2010-01-31 18:23 - 00001379 _____ C:\Users\User\Desktop\Internet Explorer.lnk
2013-08-06 17:08 - 2012-02-15 13:38 - 00001090 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-08-06 17:07 - 2013-06-11 21:58 - 00010484 _____ C:\windows\setupact.log
2013-08-06 17:07 - 2009-07-14 06:53 - 00000006 ____H C:\windows\Tasks\SA.DAT
2013-08-06 17:06 - 2010-01-23 02:21 - 01627958 _____ C:\windows\WindowsUpdate.log
2013-08-06 16:55 - 2013-08-06 16:55 - 00000000 ____D C:\windows\ERUNT
2013-08-06 16:55 - 2013-08-06 16:54 - 00000000 ____D C:\Users\User\Desktop\Trojaner
2013-08-06 16:53 - 2013-08-06 16:53 - 00563461 _____ (Oleg N. Scherbakov) C:\Users\User\Desktop\JRT.exe
2013-08-06 16:39 - 2012-08-15 11:55 - 00001116 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4234438737-965128108-3711115987-1001UA.job
2013-08-06 16:36 - 2012-07-31 10:36 - 00000884 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2013-08-06 16:36 - 2012-02-15 13:38 - 00001094 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-08-06 13:27 - 2013-08-06 13:27 - 00000000 ____D C:\FRST
2013-08-06 13:26 - 2013-08-06 13:26 - 01228808 _____ (Farbar) C:\Users\User\Desktop\FRST.exe
2013-08-06 13:19 - 2013-08-06 13:19 - 00000156 _____ C:\Users\User\defogger_reenable
2013-08-06 13:13 - 2009-07-14 06:34 - 00019760 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-06 13:13 - 2009-07-14 06:34 - 00019760 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-06 13:06 - 2013-08-06 13:02 - 00015362 _____ C:\AdwCleaner[S1].txt
2013-08-06 13:03 - 2012-08-15 11:57 - 00000000 ____D C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2013-08-06 13:03 - 2011-05-13 21:34 - 00001007 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-08-06 13:03 - 2010-01-22 17:59 - 00001146 _____ C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-08-06 13:02 - 2013-08-06 13:02 - 00791488 _____ C:\Users\User\Downloads\ImageEditorSetup.exe
2013-08-06 13:02 - 2013-08-06 13:02 - 00666633 _____ C:\Users\User\Downloads\adwcleaner.exe
2013-08-06 08:08 - 2013-08-06 08:08 - 00000000 ____D C:\windows\system32\MRT
2013-08-06 08:08 - 2013-08-06 08:08 - 00000000 ____D C:\6e3ffb7815cbe27a668914aacbca93
2013-08-05 21:48 - 2013-08-05 21:48 - 00000000 ____D C:\Users\User\AppData\Roaming\eIntaller
2013-08-05 21:37 - 2013-08-03 04:44 - 00000000 ____D C:\Users\User\Desktop\maria
2013-08-05 21:35 - 2012-08-15 11:55 - 00001064 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4234438737-965128108-3711115987-1001Core.job
2013-08-05 12:08 - 2012-11-15 15:11 - 00000000 ____D C:\Users\User\Downloads\alt
2013-08-04 21:25 - 2009-09-20 16:47 - 00909458 _____ C:\windows\system32\PerfStringBackup.INI
2013-08-03 04:27 - 2009-07-14 04:37 - 00000000 ____D C:\windows\system32\wfp
2013-08-03 04:26 - 2010-02-02 19:37 - 00000000 ____D C:\Users\User\AppData\Roaming\Skype
2013-08-03 04:26 - 2009-07-14 04:37 - 00000000 ____D C:\windows\system32\NDF
2013-08-03 04:26 - 2009-07-14 04:37 - 00000000 ____D C:\windows\registration
2013-08-03 04:26 - 2009-07-14 04:37 - 00000000 ____D C:\windows\AppCompat
2013-08-01 23:38 - 2013-08-01 23:38 - 00262515 _____ C:\Users\User\Downloads\Altklausuren.zip
2013-08-01 06:41 - 2009-09-20 16:49 - 00000000 ____D C:\ProgramData\PDFC
2013-07-31 19:40 - 2013-07-29 16:42 - 00125275 ____H C:\Users\User\Documents\~WRL2837.tmp
2013-07-31 14:08 - 2010-01-31 18:52 - 00000052 _____ C:\windows\system32\DOErrors.log
2013-07-31 14:07 - 2011-10-26 16:49 - 00000000 _____ C:\windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2013-07-31 13:48 - 2013-07-31 13:48 - 00435712 _____ C:\Users\User\Downloads\awp11bg.ppt
2013-07-31 13:31 - 2013-01-31 14:47 - 00000136 ____H C:\Users\User\Downloads\.picasa.ini
2013-07-29 20:40 - 2011-05-13 20:35 - 00000000 ____D C:\Program Files\Google
2013-07-29 14:33 - 2013-07-29 14:33 - 00166400 _____ C:\Users\User\Downloads\wipol 2 - allokatives marktversagen.ppt
2013-07-28 14:11 - 2013-07-28 14:11 - 10120704 _____ C:\Users\User\Downloads\Int_Ec_Rel_and_Reg_Integr_SS_2013_17072013.ppt
2013-07-26 20:30 - 2010-01-22 18:24 - 00248388 _____ C:\windows\PFRO.log
2013-07-24 22:51 - 2013-07-18 00:35 - 00000000 ____D C:\Users\User\Downloads\externe
2013-07-23 14:23 - 2013-07-23 14:22 - 00000000 ____D C:\Users\User\Downloads\VBL
2013-07-23 01:00 - 2013-07-15 10:52 - 00000000 ____D C:\Users\User\Downloads\Informationsmanagment
2013-07-15 14:07 - 2010-04-27 12:00 - 01161216 ___SH C:\Users\User\Desktop\Thumbs.db
2013-07-13 00:17 - 2012-12-11 17:35 - 00000000 ___RD C:\Program Files\Skype
2013-07-13 00:17 - 2010-01-22 17:41 - 00000000 ____D C:\ProgramData\Skype
2013-07-12 11:45 - 2009-07-14 04:37 - 00000000 ____D C:\windows\Microsoft.NET
2013-07-12 10:20 - 2009-07-14 06:33 - 00475216 _____ C:\windows\system32\FNTCACHE.DAT
2013-07-12 10:19 - 2010-07-22 16:22 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-12 10:17 - 2009-07-27 13:09 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-12 10:17 - 2009-07-14 06:52 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-12 09:59 - 2009-09-20 16:54 - 00000000 ____D C:\ProgramData\Microsoft Help

Files to move or delete:
====================
C:\ProgramData\ism_0_llatsni.pad
C:\ProgramData\kcap_0paos.pad
C:\Users\User\AppData\Roaming\skype.dat
C:\Users\User\AppData\Roaming\skype.ini

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-08-02 08:50

==================== End Of Log ============================

--- --- ---

Die Version habe ich mal geschenkt bekommen KP :-)

cosinus · 06.08.2013, 16:17

Zitat:

Die Version habe ich mal geschenkt bekommen KP :-)

Geschenkt? Niemand verschenkt mal eben so eine Volumenlizenz!

Bitte lesen => http://www.trojaner-board.de/95393-c...-software.html

Es geht weiter wenn du alles Illegale entfernt hast.

Bei wiederholten Crack/Keygen Verstößen behalte ich es mir vor, den Support einzustellen, d.h. Hilfe nur noch bei der Datensicherung und Neuinstallation des Betriebssystems.

Maria22 · 06.08.2013, 16:21

So habe das jetzt deinstalliert, habe das halt geschenkt bekommen, hat funktioniert, hab mir nix dabei gedacht :-(

cosinus · 06.08.2013, 16:45

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

C:\ProgramData\ism_0_llatsni.pad
C:\ProgramData\kcap_0paos.pad
C:\Users\User\AppData\Roaming\skype.dat
C:\Users\User\AppData\Roaming\skype.ini

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Maria22 · 06.08.2013, 22:21

Vielen Dank :-) Anbei die Fixlog-Datei:

Zitat:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 05-08-2013
Ran by User at 2013-08-06 23:25:12 Run:1
Running from C:\Users\User\Desktop
Boot Mode: Normal

==============================================

C:\ProgramData\ism_0_llatsni.pad => Moved successfully.
C:\ProgramData\kcap_0paos.pad => Moved successfully.
C:\Users\User\AppData\Roaming\skype.dat => Moved successfully.
C:\Users\User\AppData\Roaming\skype.ini => Moved successfully.

==== End of Fixlog ====

cosinus · 06.08.2013, 23:35

Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes Anti-Malware (MBAM)

Hinweis: Denk bitte vorher daran, Malwarebytes Anti-Malware über den Updatebutton zu aktualisieren!

Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Maria22 · 07.08.2013, 12:18

DANKE! Hier die Logfiles:

Zitat:

Malwarebytes Anti-Malware 1.75.0.1300
Malwarebytes : Free Anti-Malware download

Datenbank Version: v2013.08.07.03

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 10.0.9200.16635
User :: USER-PC [Administrator]

07.08.2013 09:43:35
MBAM-log-2013-08-07 (10-09-41).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 219339
Laufzeit: 9 Minute(n), 21 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 1
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\WSYSSVC (PUP.Optional.Esafe.A) -> Keine Aktion durchgeführt.

Infizierte Registrierungswerte: 1
HKLM\SYSTEM\CurrentControlSet\Services\WsysSvc|ImagePath (PUP.Optional.Esafe.A) -> Daten: C:\ProgramData\eSafe\eGdpSvc.exe -> Keine Aktion durchgeführt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 5
C:\Users\User\AppData\Roaming\eIntaller\6D92C7EAB60343bbAC6C1AE667FDF254\eGdpSvc.exe (PUP.Optional.ESafe.A) -> Keine Aktion durchgeführt.
C:\Users\User\AppData\Local\Temp\rymdadh (Trojan.Agent.rf) -> Keine Aktion durchgeführt.
C:\Users\User\AppData\Local\Temp\vdtjicm (Trojan.Agent.rf) -> Keine Aktion durchgeführt.
C:\Users\User\AppData\Local\Temp\is956058749\cor_ar_2013729172639_qvo6.exe (PUP.Optional.Elex) -> Keine Aktion durchgeführt.
C:\Users\User\AppData\Local\Temp\is956058749\DeltaTB.exe (PUP.Optional.Babylon.A) -> Keine Aktion durchgeführt.

(Ende)

Zitat:

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=57b19f0d3df5544e87fcf73710ac51c4
# engine=14680
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-08-07 11:02:44
# local_time=2013-08-07 01:02:44 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 97 20499 121640248 13242 0
# compatibility_mode=5893 16776574 66 85 2256290 127504555 0 0
# scanned=258093
# found=1
# cleaned=0
# scan_time=9755
sh=71F53F572F30D94C645A77A305E273070E1E4303 ft=0 fh=0000000000000000 vn="Win32/LockScreen.AXJ trojan" ac=I fn="C:\Users\User\AppData\Local\Temp\index.html"

cosinus · 07.08.2013, 14:26

Zitat:

Keine Aktion durchgeführt.
-> No action taken.

Die Funde mit Malwarebytes bitte alle entfernen, sodass sie in der Quarantäne von Malwarebytes aufgehoben werden! Bitte nachholen falls noch nicht getan!

NICHTS voreilig aus der Quarantäne löschen!

Maria22 · 07.08.2013, 15:02

Sry hab die Logdatei vorher gespeichert, habe natürlich alles gelöscht. Wars das dann? Auf diesem Wege nochmal tausend Dank für die schnelle und perfekte Hilfe!!!

cosinus · 07.08.2013, 15:32

Bitte nochmal TFC ausführen um die TEMPs zu leeren:

Lade dir

TFC (TempFileCleaner von Oldtimer) herunter und speichere es auf den Desktop.

Öffne die TFC.exe.
Vista und Win 7 User mit Rechtsklick "als Administrator starten".
Schließe alle anderen Programme.
Drücke auf den Button Start.
Falls du zu einem Neustart aufgefordert wirst, bestätige diesen.

Windows 7: Startseiten im IE und Firefox werden auf QV06 umgeleitet

Log-Analyse und Auswertung: Windows 7: Startseiten im IE und Firefox werden auf QV06 umgeleitet