QV06 hat sich in meine Internetbrowser eingenistet

cosinus · 23.08.2013, 00:01

Malwarebytes Anti-Rootkit (MBAR)

Downloade dir bitte

Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.

Starte bitte die mbar.exe.
Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
Klicke auf den CleanUp Button und erlaube den Neustart.
Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
Nach dem Neustart starte die mbar.exe erneut.
Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.

Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

argonaut-1 · 23.08.2013, 00:32

Hallo, Cosinus,

das Programm hat nichts gefunden und auch keinen Neustart verlangt. Die erzeugte Log-Datei anbei.

Allerdings, wenn ich Firefox aufrufe, kommt immer noch als Startseite QV06.

Beste Grüße
Argonaut-1

Code:

ATTFilter

Malwarebytes Anti-Rootkit BETA 1.06.1.1005
www.malwarebytes.org

Database version: v2013.08.22.10

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16660
Adi :: ADI-PC [administrator]

23.08.2013 01:10:50
mbar-log-2013-08-23 (01-10-50).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P
Scan options disabled: PUP
Objects scanned: 269952
Time elapsed: 14 minute(s), 46 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

cosinus · 23.08.2013, 08:56

Zitat:

kommt immer noch als Startseite QV06.

Wir sind ja auch noch nit fertig

Adware/Junkware/Toolbars entfernen

1. Schritt: adwCleaner

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

2. Schritt: JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

3. Schritt: Frisches Log mit FRST

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

argonaut-1 · 23.08.2013, 18:30

Hallo, Cosinus,

danke für deine weiteren Empfehlungen. Ich mußte zwischenzeitlich mal auf Arbeit.
Anbei die Logs.

Beste Grüße
Argonaut-1

Code:

ATTFilter

# AdwCleaner v3.000 - Report created 23/08/2013 at 19:10:43
# Updated 20/08/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Adi - ADI-PC
# Running from : C:\Users\Adi\Desktop\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\boost_interprocess
Folder Deleted : C:\ProgramData\Browser Manager
Folder Deleted : C:\ProgramData\eSafe
Folder Deleted : C:\ProgramData\Partner
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\pdfforge
Folder Deleted : C:\Program Files\pdfforge
Folder Deleted : C:\Users\Adi\AppData\LocalLow\Searchqutoolbar
Folder Deleted : C:\Users\Adi\AppData\Roaming\Babylon
Folder Deleted : C:\Users\Adi\AppData\Roaming\eIntaller
Folder Deleted : C:\Users\Adi\AppData\Roaming\pdfforge
Folder Deleted : C:\Users\Adi\AppData\Roaming\Systweak
Folder Deleted : C:\Users\Adi\AppData\Roaming\Mozilla\Firefox\Profiles\y983ieqh.default\Searchqutoolbar
Folder Deleted : C:\Users\Adi\AppData\Roaming\Mozilla\Firefox\Profiles\y983ieqh.default\Extensions\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
File Deleted : C:\Program Files (x86)\Mozilla Firefox\Extensions\{1FD91A9C-410C-4090-BBCC-55D3450EF433}
File Deleted : C:\Windows\System32\roboot64.exe
File Deleted : C:\Users\Adi\AppData\Roaming\Mozilla\Firefox\Profiles\y983ieqh.default\searchplugins\11-suche.xml
File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\qvo6.xml
File Deleted : C:\Users\Adi\AppData\Roaming\Mozilla\Firefox\Profiles\y983ieqh.default\searchplugins\Search_Results.xml
File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\Search_Results.xml
File Deleted : C:\Users\Adi\AppData\Roaming\Mozilla\Firefox\Profiles\y983ieqh.default\bprotector_extensions.sqlite
File Deleted : C:\Users\Adi\AppData\Roaming\Mozilla\Firefox\Profiles\y983ieqh.default\user.js

***** [ Shortcuts ] *****

Shortcut Disinfected : C:\Users\Public\Desktop\Mozilla Firefox.lnk
Shortcut Disinfected : C:\Users\Adi\Desktop\Internet Explorer (64-bit).lnk
Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
Shortcut Disinfected : C:\Users\Adi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Shortcut Disinfected : C:\Users\Adi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
Shortcut Disinfected : C:\Users\Adi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
Shortcut Disinfected : C:\Users\Adi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer (2).lnk
Shortcut Disinfected : C:\Users\Adi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer (3).lnk
Shortcut Disinfected : C:\Users\Adi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph
Key Deleted : HKLM\SOFTWARE\Classes\AppID\BrowserConnection.dll
Key Deleted : HKLM\SOFTWARE\Classes\AppID\DNSBHO.dll
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard
Key Deleted : HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard.1
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Main [bprotector start page]
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WsysSvc
Key Deleted : HKCU\Software\f53ded9b334ea13
Key Deleted : HKLM\SOFTWARE\f53ded9b334ea13
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_photoscape_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_photoscape_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{AC662AF2-4601-4A68-84DF-A3FE83F1A5F9}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D97A8234-F2A2-4AD4-91D5-FECDB2C553AF}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9D717F81-9148-4F12-8568-69135F087DB0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FEFD3AF5-A346-4451-AA23-A3AD54915515}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1B730ACF-26A3-447B-9994-14AEE0EB72CC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{44B619BC-3D2B-4990-AA4F-9AA366921792}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D717F81-9148-4F12-8568-69135F087DB0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9D717F81-9148-4F12-8568-69135F087DB0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9D717F81-9148-4F12-8568-69135F087DB0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2413}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2413}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{25A3A431-30BB-47C8-AD6A-E1063801134F}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{99079A25-328F-4BD4-BE04-00955ACAA0A7}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2413}
Key Deleted : HKCU\Software\DataMngr_Toolbar
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\Software\qvo6Software
Key Deleted : HKLM\Software\SearchquMediabarTb
Key Deleted : HKLM\Software\systweak
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Searchqu Toolbar

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16660

Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]

-\\ Mozilla Firefox v23.0.1 (de)

[ File : C:\Users\Adi\AppData\Roaming\Mozilla\Firefox\Profiles\y983ieqh.default\prefs.js ]

Line Deleted : user_pref("browser.search.defaultenginename", "qvo6");
Line Deleted : user_pref("browser.search.order.1", "qvo6");
Line Deleted : user_pref("browser.search.selectedEngine", "qvo6");

*************************

AdwCleaner[R0].txt - [11307 octets] - [23/08/2013 19:09:56]
AdwCleaner[S0].txt - [9710 octets] - [23/08/2013 19:10:43]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [9770 octets] ##########

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.5.4 (08.22.2013:1)
OS: Windows 7 Home Premium x64
Ran by Adi on 23.08.2013 at 19:17:09,30
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\lyrixeeker



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Users\Adi\appdata\locallow\datamngr"
Successfully deleted: [Empty Folder] C:\Users\Adi\appdata\local\{648CEEB5-20A8-4C32-A853-833C4C8FA4D7}
Successfully deleted: [Empty Folder] C:\Users\Adi\appdata\local\{6D5DA982-A3AB-412A-9183-E80A39EE3F2B}
Successfully deleted: [Empty Folder] C:\Users\Adi\appdata\local\{A127E7F4-097A-42A1-8C48-13C76FFF7898}



~~~ FireFox

Emptied folder: C:\Users\Adi\AppData\Roaming\mozilla\firefox\profiles\y983ieqh.default\minidumps [151 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 23.08.2013 at 19:21:54,55
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-08-2013
Ran by Adi (administrator) on 23-08-2013 19:22:57
Running from C:\Users\Adi\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(BandRich Inc.) C:\Program Files (x86)\o2 Verbindungsmanager\BRService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(DTS, Inc) C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\PSUtility\TrayManager.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(FUJITSU LIMITED) C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
(Fujitsu Technology Solutions) C:\Fujitsu\Programs\DeskUpdate\DeskUpdateNotifier.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\Receiver\Receiver.exe
() C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
(pdfforge GbR) C:\Program Files (x86)\PDF Architect\HelperService.exe
(pdfforge GbR) C:\Program Files (x86)\PDF Architect\ConversionService.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\Plugfree NETWORK\PFNService.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\PSUtility\PSUService.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\HidFind.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apntex.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\Plugfree NETWORK\PFNAutoCon.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\Plugfree NETWORK\PFNetDm.EXE
(FUJITSU LIMITED) C:\Program Files\Fujitsu\Plugfree NETWORK\PFNTray.EXE
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13374568 2011-12-13] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_DTS] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2277992 2011-11-15] (Realtek Semiconductor)
HKLM\...\Run: [Apoint] - C:\Program Files\Apoint2K\Apoint.exe [589176 2011-12-20] (Alps Electric Co., Ltd.)
HKLM\...\Run: [BTMTrayAgent] - C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll [11406608 2011-12-20] (Intel Corporation)
HKLM\...\Run: [LoadFUJ02E3] - C:\Program Files\Fujitsu\FUJ02E3\fuj02e3.exe [76104 2011-11-24] (FUJITSU LIMITED)
HKLM\...\Run: [PSUTility] - C:\Program Files\Fujitsu\PSUtility\TrayManager.exe [205168 2011-10-03] (FUJITSU LIMITED)
HKLM\...\Run: [LoadFujitsuQuickTouch] - C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe [158024 2011-10-01] (FUJITSU LIMITED)
HKLM\...\Run: [LoadBtnHnd] - C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe [23368 2011-10-01] (FUJITSU LIMITED)
HKLM\...\Run: [Windows Mobile Device Center] - C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKCU\...\Run: [GarminExpressTrayApp] - C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1093464 2013-07-22] (Garmin Ltd or its subsidiaries)
HKCU\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3672640 2013-03-14] (Disc Soft Ltd)
HKLM-x32\...\Run: [USB3MON] - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-06] (Intel Corporation)
HKLM-x32\...\Run: [IndicatorUtility] - C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe [48752 2010-09-30] (FUJITSU LIMITED)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [DeskUpdateNotifier] - c:\Fujitsu\Programs\DeskUpdate\DeskUpdateNotifier.exe [101728 2013-05-17] (Fujitsu Technology Solutions)
HKLM-x32\...\Run: [YouCam Service] - C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [255208 2012-03-21] (CyberLink Corp.)
HKLM-x32\...\Run: [ConnectionCenter] - C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [380088 2012-07-27] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [HTC Sync Loader] - C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe [651264 2012-04-17] ()
HKU\Adi-Admin\...\CurrentVersion\Windows: [Load] C:\Users\Adi-Admin\LOCALS~1\Temp\msfkmt.cmd <===== ATTENTION
Startup: C:\Users\Adi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Mozilla Thunderbird.lnk
ShortcutTarget: Mozilla Thunderbird.lnk -> C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe (Mozilla Corporation)
Startup: C:\Users\Adi-Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LaunchCenter.lnk
ShortcutTarget: LaunchCenter.lnk -> C:\Program Files\Fujitsu\LaunchCenter\lcStarter.exe (Fujitsu Technology Solutions)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Steuer-Sparbuch heute.lnk
ShortcutTarget: WISO Mein Steuer-Sparbuch heute.lnk -> C:\Program Files (x86)\WISO\Steuersoftware 2013\mshaktuell.exe ()
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LaunchCenter.lnk
ShortcutTarget: LaunchCenter.lnk -> C:\Program Files\Fujitsu\LaunchCenter\lcStarter.exe (Fujitsu Technology Solutions)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\newreminderdialog.lnk
ShortcutTarget: newreminderdialog.lnk -> C:\Program Files\Fujitsu\FujitsuRecovery\NewReminderDialog.exe (Fujitsu Technology Solutions)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LaunchCenter.lnk
ShortcutTarget: LaunchCenter.lnk -> C:\Program Files\Fujitsu\LaunchCenter\lcStarter.exe (Fujitsu Technology Solutions)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\newreminderdialog.lnk
ShortcutTarget: newreminderdialog.lnk -> C:\Program Files\Fujitsu\FujitsuRecovery\NewReminderDialog.exe (Fujitsu Technology Solutions)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.web.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=FTSH&bmod=FTSH;
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&from=cor&uid=WDCXWD7500BPVT-16HXZT3_WD-WXE1CC12125921259&ts=1375605402
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - DefaultScope {B80C2155-B0F7-4C7B-B384-4348BADE5669} URL = 
SearchScopes: HKCU - {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL = 
SearchScopes: HKCU - {B80C2155-B0F7-4C7B-B384-4348BADE5669} URL = 
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: PDF Architect Helper - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GbR)
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: HKLM {AA570693-00E2-4907-B6F1-60A1199B030C} https://juniper.net/dana-cached/sc/JuniperSetupClient64.cab
DPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Tcpip\Parameters: [DhcpNameServer] 83.169.184.161 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Adi\AppData\Roaming\Mozilla\Firefox\Profiles\y983ieqh.default
FF Homepage: hxxp://www.web.de/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @Citrix.com/npican - C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.52 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Adi\AppData\Roaming\Mozilla\Firefox\Profiles\y983ieqh.default\searchplugins\englische-ergebnisse.xml
FF SearchPlugin: C:\Users\Adi\AppData\Roaming\Mozilla\Firefox\Profiles\y983ieqh.default\searchplugins\gmx-suche.xml
FF SearchPlugin: C:\Users\Adi\AppData\Roaming\Mozilla\Firefox\Profiles\y983ieqh.default\searchplugins\lastminute.xml
FF SearchPlugin: C:\Users\Adi\AppData\Roaming\Mozilla\Firefox\Profiles\y983ieqh.default\searchplugins\webde-suche.xml
FF Extension: No Name - C:\Users\Adi\AppData\Roaming\Mozilla\Extensions\{1FD91A9C-410C-4090-BBCC-55D3450EF433}
FF Extension: Garmin Communicator - C:\Users\Adi\AppData\Roaming\Mozilla\Firefox\Profiles\y983ieqh.default\Extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
FF Extension: adblockpopups - C:\Users\Adi\AppData\Roaming\Mozilla\Firefox\Profiles\y983ieqh.default\Extensions\adblockpopups@jessehakanen.net.xpi
FF Extension: elemhidehelper - C:\Users\Adi\AppData\Roaming\Mozilla\Firefox\Profiles\y983ieqh.default\Extensions\elemhidehelper@adblockplus.org.xpi
FF Extension: toolbar - C:\Users\Adi\AppData\Roaming\Mozilla\Firefox\Profiles\y983ieqh.default\Extensions\toolbar@web.de.xpi
FF Extension: No Name - C:\Users\Adi\AppData\Roaming\Mozilla\Firefox\Profiles\y983ieqh.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\IPSFFPlgn\
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\IPSFFPlgn\
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\coFFPlgn\
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\coFFPlgn\
FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt

==================== Services (Whitelisted) =================

R2 BandLuxe_Service; C:\Program Files (x86)\o2 Verbindungsmanager\BRService.exe [116960 2009-06-14] (BandRich Inc.)
R2 DTSAudioSvc; C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe [225280 2011-08-05] (DTS, Inc)
R2 FUJ02E3Service; C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe [76104 2011-11-24] (FUJITSU LIMITED)
R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [219480 2013-07-22] (Garmin Ltd or its subsidiaries)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2011-12-16] (Intel Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273168 2012-02-26] ()
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe [144368 2013-05-20] (Symantec Corporation)
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [87040 2012-03-23] ()
R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1324104 2013-01-09] (pdfforge GbR)
R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [795208 2013-01-09] (pdfforge GbR)
R2 PFNService; C:\Program Files\Fujitsu\Plugfree NETWORK\PFNService.exe [2213376 2011-12-22] (FUJITSU LIMITED)
R2 PowerSavingUtilityService; C:\Program Files\Fujitsu\PSUtility\PSUService.exe [63856 2011-10-03] (FUJITSU LIMITED)
S3 Samsung UPD Service2; C:\Windows\System32\SUPDSvc2.exe [158208 2012-04-06] (Samsung Electronics)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2669840 2012-02-26] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\Definitions\BASHDefs\20130715.001\BHDrvx64.sys [1393240 2013-05-20] (Symantec Corporation)
R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\Definitions\BASHDefs\20130715.001\BHDrvx64.sys [1393240 2013-05-20] (Symantec Corporation)
S3 br3gmdm; C:\Windows\System32\DRIVERS\br3gmdm.sys [119296 2008-12-23] (BandRich Inc.)
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1404000.028\ccSetx64.sys [169048 2013-04-15] (Symantec Corporation)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-08-03] (DT Soft Ltd)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2012-08-30] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2012-08-30] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138912 2013-05-31] (Symantec Corporation)
R0 FBIOSDRV; C:\Windows\System32\Drivers\FBIOSDRV.sys [21104 2009-06-24] (FUJITSU LIMITED)
R3 FUJ02B1; C:\Windows\system32\drivers\FUJ02B1.sys [7808 2006-11-01] (FUJITSU LIMITED)
R3 FUJ02E3; C:\Windows\system32\drivers\FUJ02E3.sys [7296 2006-11-01] (FUJITSU LIMITED)
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\Definitions\IPSDefs\20130821.003\IDSvia64.sys [520280 2013-08-21] (Symantec Corporation)
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\Definitions\IPSDefs\20130821.003\IDSvia64.sys [520280 2013-08-21] (Symantec Corporation)
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\Definitions\VirusDefs\20130822.002\ENG64.SYS [126040 2013-07-27] (Symantec Corporation)
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\Definitions\VirusDefs\20130822.002\ENG64.SYS [126040 2013-07-27] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\Definitions\VirusDefs\20130822.002\EX64.SYS [2098776 2013-07-27] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\Definitions\VirusDefs\20130822.002\EX64.SYS [2098776 2013-07-27] (Symantec Corporation)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1812608 2011-12-28] ()
R3 SRTSP; C:\Windows\System32\Drivers\NISx64\1404000.028\SRTSP64.SYS [796760 2013-05-15] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1404000.028\SRTSPX64.SYS [36952 2013-03-04] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1404000.028\SYMDS64.SYS [493656 2013-05-20] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1404000.028\SYMEFA64.SYS [1139800 2013-05-22] (Symantec Corporation)
R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS [177312 2013-07-28] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1404000.028\Ironx64.SYS [224416 2013-03-04] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1404000.028\SYMNETS.SYS [433752 2013-04-24] (Symantec Corporation)
S3 U6000ALL; C:\Windows\System32\DRIVERS\U6000ALL.sys [276480 2007-07-13] ()
S2 ASPI32; No ImagePath
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-08-23 19:17 - 2013-08-23 19:17 - 00000000 ____D C:\Windows\ERUNT
2013-08-23 19:13 - 2013-08-23 19:13 - 00009874 _____ C:\Users\Adi\Desktop\AdwCleaner[S0].txt
2013-08-23 19:09 - 2013-08-23 19:10 - 00000000 ____D C:\AdwCleaner
2013-08-23 19:08 - 2013-08-23 19:08 - 01576474 _____ (Farbar) C:\Users\Adi\Desktop\FRST64.exe
2013-08-23 19:05 - 2013-08-23 19:05 - 01021434 _____ (Thisisu) C:\Users\Adi\Desktop\JRT.exe
2013-08-23 19:05 - 2013-08-23 19:05 - 00975858 _____ C:\Users\Adi\Desktop\adwcleaner.exe
2013-08-23 01:10 - 2013-08-23 01:49 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-08-23 01:09 - 2013-08-23 01:49 - 00000000 ____D C:\Users\Adi\Desktop\mbar
2013-08-23 01:09 - 2013-08-23 01:09 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-08-23 01:08 - 2013-08-23 01:08 - 12081912 _____ (Malwarebytes Corp.) C:\Users\Adi\Desktop\mbar-1.06.1.1005.exe
2013-08-23 00:40 - 2013-08-23 00:40 - 00028395 _____ C:\ComboFix.txt
2013-08-23 00:21 - 2013-08-23 00:21 - 05111180 ____R (Swearware) C:\Users\Adi\Desktop\ComboFix.exe
2013-08-22 23:34 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2013-08-22 23:34 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2013-08-22 23:34 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-08-22 23:34 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-08-22 23:34 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-08-22 23:34 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2013-08-22 23:34 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2013-08-22 23:34 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2013-08-22 23:30 - 2013-08-23 00:40 - 00000000 ____D C:\Qoobox
2013-08-22 23:30 - 2013-08-23 00:34 - 00000000 ____D C:\Windows\erdnt
2013-08-19 13:56 - 2013-08-19 13:56 - 00000000 ____D C:\FRST
2013-08-19 13:01 - 2013-08-19 13:01 - 00000000 ____D C:\Program Files\Enigma Software Group
2013-08-19 13:01 - 2013-08-19 13:01 - 00000000 _____ C:\autoexec.bat
2013-08-19 13:00 - 2013-08-19 14:22 - 00000000 ____D C:\Windows\67E1227ED5534A6A96CD40CCBBC705D8.TMP
2013-08-19 12:33 - 2013-08-19 12:46 - 00000000 ____D C:\Users\Adi\AppData\Local\NPE
2013-08-18 11:10 - 2013-08-18 11:10 - 00000000 ____D C:\Program Files (x86)\Microtek
2013-08-18 11:09 - 2013-08-18 11:09 - 00000000 ____D C:\ScanWizard 5 v6.32
2013-08-18 10:09 - 2013-08-18 10:09 - 00000492 _____ C:\Windows\MAXLINK.INI
2013-08-18 10:08 - 2013-08-18 10:09 - 00000000 ____D C:\Program Files (x86)\ABBYY FineReader 4.0 Sprint
2013-08-18 10:07 - 1996-07-18 14:26 - 00022528 _____ (Adaptec) C:\Windows\SysWOW64\WNASPI32.DLL
2013-08-18 00:04 - 2013-08-18 00:04 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-17 23:57 - 2013-08-18 09:54 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2013-08-17 19:08 - 2013-08-18 17:14 - 00000000 ___SD C:\Users\Adi\Documents\Meine Datenquellen
2013-08-17 14:29 - 2013-08-17 14:29 - 00000000 ____D C:\Users\Adi\Desktop\Adobe Application Manager 6.2
2013-08-17 13:56 - 2013-08-17 13:56 - 00000915 _____ C:\Windows\system32\Drivers\etc\hosts.txt
2013-08-17 13:40 - 2013-08-17 14:24 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2013-08-17 13:29 - 2013-07-26 07:13 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-08-17 13:29 - 2013-07-26 07:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-08-17 13:29 - 2013-07-26 07:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-08-17 13:29 - 2013-07-26 07:12 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-08-17 13:29 - 2013-07-26 07:12 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-08-17 13:29 - 2013-07-26 07:12 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-08-17 13:29 - 2013-07-26 07:12 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-08-17 13:29 - 2013-07-26 07:12 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-08-17 13:29 - 2013-07-26 07:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-08-17 13:29 - 2013-07-26 07:12 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-08-17 13:29 - 2013-07-26 07:12 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-08-17 13:29 - 2013-07-26 07:12 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-08-17 13:29 - 2013-07-26 07:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-08-17 13:29 - 2013-07-26 07:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-08-17 13:29 - 2013-07-26 05:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-08-17 13:29 - 2013-07-26 05:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-08-17 13:29 - 2013-07-26 05:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-08-17 13:29 - 2013-07-26 05:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-08-17 13:29 - 2013-07-26 05:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-08-17 13:29 - 2013-07-26 05:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-08-17 13:29 - 2013-07-26 05:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-08-17 13:29 - 2013-07-26 05:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-08-17 13:29 - 2013-07-26 05:12 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-08-17 13:29 - 2013-07-26 05:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-08-17 13:29 - 2013-07-26 05:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-08-17 13:29 - 2013-07-26 05:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-08-17 13:29 - 2013-07-26 05:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-08-17 13:29 - 2013-07-26 05:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-08-17 13:29 - 2013-07-26 04:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-08-17 13:29 - 2013-07-26 04:39 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-08-17 13:29 - 2013-07-26 03:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-08-17 13:06 - 2013-08-17 13:07 - 00259498 _____ C:\Windows\msxml4-KB2758694-enu.LOG
2013-08-16 23:10 - 2013-07-19 03:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-08-16 23:10 - 2013-07-19 03:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-08-16 23:10 - 2013-07-09 07:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-08-16 23:10 - 2013-07-09 07:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-16 23:10 - 2013-07-09 07:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-16 23:10 - 2013-07-09 07:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-08-16 23:10 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-08-16 23:10 - 2013-07-09 06:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-08-16 23:10 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-08-16 23:10 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-08-16 23:09 - 2013-07-25 11:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-08-16 23:09 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-08-16 23:09 - 2013-07-09 07:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-16 23:09 - 2013-07-09 06:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2013-08-16 23:09 - 2013-07-06 08:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-16 23:09 - 2013-06-15 06:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2013-08-16 23:03 - 2013-08-16 23:03 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft Help
2013-08-16 23:03 - 2013-08-16 23:03 - 00000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help
2013-08-04 12:13 - 2013-08-04 12:13 - 00000000 ____D C:\Users\Adi\Documents\My Photos
2013-08-04 12:09 - 2013-08-04 12:09 - 00000000 ____D C:\Users\Adi\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1
2013-08-04 11:59 - 2013-08-23 19:12 - 00000000 ____D C:\Users\Adi\AppData\Local\Htc
2013-08-04 11:58 - 2013-08-04 11:59 - 00000000 ____D C:\Users\Adi\AppData\Roaming\HTC
2013-08-04 11:58 - 2013-08-04 11:58 - 00003606 _____ C:\Windows\System32\Tasks\Launch HTC Sync Loader
2013-08-04 11:58 - 2013-08-04 11:58 - 00001088 _____ C:\Users\Public\Desktop\HTC Sync.lnk
2013-08-04 11:41 - 2013-08-04 11:41 - 00000000 ____D C:\Users\Adi\AppData\Local\Downloaded Installations
2013-08-04 11:40 - 2013-08-04 11:40 - 00000000 ____D C:\Program Files (x86)\Spirent Communications
2013-08-04 11:39 - 2013-08-04 11:58 - 00000000 ____D C:\Program Files (x86)\HTC
2013-08-04 11:39 - 2013-08-04 11:39 - 00000000 ____D C:\Users\Default\AppData\Roaming\Macromedia
2013-08-04 11:39 - 2013-08-04 11:39 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Macromedia
2013-08-04 11:18 - 2013-08-04 11:18 - 160600984 _____ (HTC Corporation                                              ) C:\Users\Adi\Downloads\htc-sync [1].exe
2013-08-03 15:00 - 2013-08-03 15:00 - 00000000 ____D C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2013-08-03 14:59 - 2013-08-22 11:12 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-08-03 14:59 - 2013-08-03 14:59 - 00000000 ____D C:\Users\Adi\AppData\Local\Microsoft Help
2013-08-03 14:56 - 2003-04-18 19:06 - 00008192 _____ C:\Windows\SysWOW64\srvany.exe
2013-08-03 14:54 - 2013-08-03 14:54 - 00001960 _____ C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
2013-08-03 14:53 - 2013-08-03 14:54 - 00000000 ____D C:\Users\Adi\AppData\Roaming\DAEMON Tools Lite
2013-08-03 14:53 - 2013-08-03 14:53 - 00283200 _____ (DT Soft Ltd) C:\Windows\system32\Drivers\dtsoftbus01.sys
2013-08-03 14:53 - 2013-08-03 14:53 - 00000000 ____D C:\Program Files (x86)\DAEMON Tools Lite
2013-08-03 14:52 - 2013-08-03 14:54 - 00000000 ____D C:\ProgramData\DAEMON Tools Lite
2013-07-31 21:06 - 2013-07-31 21:05 - 00263592 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-07-31 21:05 - 2013-07-31 21:05 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-07-31 21:05 - 2013-07-31 21:05 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-07-31 21:05 - 2013-07-31 21:05 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-07-31 21:05 - 2013-07-31 21:05 - 00000000 ____D C:\Program Files (x86)\Java
2013-07-28 15:15 - 2013-07-28 15:15 - 00001664 _____ C:\Users\Public\Desktop\Recuva.lnk
2013-07-28 15:05 - 2013-07-28 15:05 - 00000000 ____D C:\Windows\System32\Tasks\Norton Internet Security
2013-07-28 15:02 - 2013-07-28 15:02 - 00000000 ____D C:\Users\Adi\Documents\Symantec
2013-07-28 14:46 - 2013-07-28 14:46 - 00000000 ____D C:\Users\Adi\Downloads\Rettung
2013-07-28 13:34 - 2013-07-28 13:34 - 00000000 ____D C:\Users\Public\Downloads\Norton
2013-07-28 13:21 - 2013-07-28 13:21 - 01474560 _____ C:\Users\Adi\Downloads\cluster 8186.ARJ
2013-07-28 13:21 - 2013-07-28 13:21 - 01474560 _____ C:\Users\Adi\Downloads\cluster 56305.BMP
2013-07-28 13:20 - 2013-07-28 13:21 - 01474560 _____ C:\Users\Adi\Downloads\cluster 53454.XLS
2013-07-28 13:20 - 2013-07-28 13:20 - 01474560 _____ C:\Users\Adi\Downloads\cluster 51779.EXE
2013-07-28 13:20 - 2013-07-28 13:20 - 01474560 _____ C:\Users\Adi\Downloads\cluster 48268.TIF
2013-07-28 13:20 - 2013-07-28 13:20 - 01474560 _____ C:\Users\Adi\Downloads\cluster 48.XLS
2013-07-28 13:20 - 2013-07-28 13:20 - 01474560 _____ C:\Users\Adi\Downloads\cluster 45713.XLS
2013-07-28 13:18 - 2013-07-28 13:18 - 01474560 _____ C:\Users\Adi\Downloads\cluster 39041.XLS
2013-07-28 13:17 - 2013-07-28 13:17 - 01474560 _____ C:\Users\Adi\Downloads\cluster 21833.XLS
2013-07-28 13:17 - 2013-07-28 13:17 - 01474560 _____ C:\Users\Adi\Downloads\cluster 18021.TIF

==================== One Month Modified Files and Folders =======

2013-08-23 19:21 - 2013-08-23 19:21 - 00001239 _____ C:\Users\Adi\Desktop\JRT.txt
2013-08-23 19:20 - 2009-07-14 06:45 - 00016752 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-23 19:20 - 2009-07-14 06:45 - 00016752 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-23 19:17 - 2013-08-23 19:17 - 00000000 ____D C:\Windows\ERUNT
2013-08-23 19:13 - 2013-08-23 19:13 - 00009874 _____ C:\Users\Adi\Desktop\AdwCleaner[S0].txt
2013-08-23 19:13 - 2012-12-21 14:12 - 00001104 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-08-23 19:13 - 2012-08-29 21:29 - 00000000 ____D C:\Users\Adi\Documents\Youcam
2013-08-23 19:12 - 2013-08-04 11:59 - 00000000 ____D C:\Users\Adi\AppData\Local\Htc
2013-08-23 19:12 - 2012-12-21 14:12 - 00001100 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-08-23 19:11 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-23 19:11 - 2009-07-14 06:51 - 00105466 _____ C:\Windows\setupact.log
2013-08-23 19:10 - 2013-08-23 19:09 - 00000000 ____D C:\AdwCleaner
2013-08-23 19:10 - 2012-09-16 16:03 - 00000967 _____ C:\Users\Adi\Desktop\Internet Explorer (64-bit).lnk
2013-08-23 19:10 - 2012-08-30 21:16 - 00001059 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-08-23 19:10 - 2012-08-29 21:20 - 00000997 _____ C:\Users\Adi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-08-23 19:10 - 2012-08-29 21:19 - 01452051 _____ C:\Windows\WindowsUpdate.log
2013-08-23 19:08 - 2013-08-23 19:08 - 01576474 _____ (Farbar) C:\Users\Adi\Desktop\FRST64.exe
2013-08-23 19:05 - 2013-08-23 19:05 - 01021434 _____ (Thisisu) C:\Users\Adi\Desktop\JRT.exe
2013-08-23 19:05 - 2013-08-23 19:05 - 00975858 _____ C:\Users\Adi\Desktop\adwcleaner.exe
2013-08-23 01:49 - 2013-08-23 01:10 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-08-23 01:49 - 2013-08-23 01:09 - 00000000 ____D C:\Users\Adi\Desktop\mbar
2013-08-23 01:09 - 2013-08-23 01:09 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-08-23 01:08 - 2013-08-23 01:08 - 12081912 _____ (Malwarebytes Corp.) C:\Users\Adi\Desktop\mbar-1.06.1.1005.exe
2013-08-23 00:40 - 2013-08-23 00:40 - 00028395 _____ C:\ComboFix.txt
2013-08-23 00:40 - 2013-08-22 23:30 - 00000000 ____D C:\Qoobox
2013-08-23 00:36 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini
2013-08-23 00:35 - 2010-11-21 05:47 - 00067204 _____ C:\Windows\PFRO.log
2013-08-23 00:35 - 2009-07-14 04:34 - 71827456 _____ C:\Windows\system32\config\software.bak
2013-08-23 00:35 - 2009-07-14 04:34 - 22544384 _____ C:\Windows\system32\config\system.bak
2013-08-23 00:35 - 2009-07-14 04:34 - 00524288 _____ C:\Windows\system32\config\default.bak
2013-08-23 00:35 - 2009-07-14 04:34 - 00090112 _____ C:\Windows\system32\config\sam.bak
2013-08-23 00:35 - 2009-07-14 04:34 - 00024576 _____ C:\Windows\system32\config\security.bak
2013-08-23 00:34 - 2013-08-22 23:30 - 00000000 ____D C:\Windows\erdnt
2013-08-23 00:21 - 2013-08-23 00:21 - 05111180 ____R (Swearware) C:\Users\Adi\Desktop\ComboFix.exe
2013-08-22 23:49 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Default
2013-08-22 23:43 - 2012-09-16 22:23 - 00000000 ____D C:\Users\Adi\AppData\Local\CrashDumps
2013-08-22 11:21 - 2012-09-02 00:04 - 00000000 ____D C:\Users\Adi\AppData\Roaming\Adobe
2013-08-22 11:21 - 2012-08-29 21:26 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-08-22 11:20 - 2012-08-29 21:26 - 00000000 ____D C:\ProgramData\Adobe
2013-08-22 11:15 - 2012-08-29 21:20 - 00112816 _____ C:\Users\Adi\AppData\Local\GDIPFONTCACHEV1.DAT
2013-08-22 11:13 - 2009-07-14 06:45 - 05055712 _____ C:\Windows\system32\FNTCACHE.DAT
2013-08-22 11:12 - 2013-08-03 14:59 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-08-22 11:10 - 2010-11-21 09:16 - 00000000 ____D C:\Windows\ShellNew
2013-08-22 11:10 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\MSBuild
2013-08-22 11:10 - 2009-07-14 04:34 - 00000387 _____ C:\Windows\win.ini
2013-08-22 11:09 - 2009-07-14 05:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2013-08-21 22:00 - 2012-01-06 19:54 - 00696870 _____ C:\Windows\system32\perfh007.dat
2013-08-21 22:00 - 2012-01-06 19:54 - 00148134 _____ C:\Windows\system32\perfc007.dat
2013-08-21 22:00 - 2009-07-14 07:13 - 01612484 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-19 16:56 - 2012-09-09 22:08 - 00000072 _____ C:\Users\Public\LMDebug.log
2013-08-19 14:22 - 2013-08-19 13:00 - 00000000 ____D C:\Windows\67E1227ED5534A6A96CD40CCBBC705D8.TMP
2013-08-19 13:56 - 2013-08-19 13:56 - 00000000 ____D C:\FRST
2013-08-19 13:01 - 2013-08-19 13:01 - 00000000 ____D C:\Program Files\Enigma Software Group
2013-08-19 13:01 - 2013-08-19 13:01 - 00000000 _____ C:\autoexec.bat
2013-08-19 12:46 - 2013-08-19 12:33 - 00000000 ____D C:\Users\Adi\AppData\Local\NPE
2013-08-19 12:33 - 2012-03-02 20:53 - 00000000 ____D C:\ProgramData\Norton
2013-08-19 12:30 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2013-08-19 12:13 - 2012-09-04 19:04 - 00000000 ____D C:\Users\Adi\AppData\Local\Adobe
2013-08-18 17:14 - 2013-08-17 19:08 - 00000000 ___SD C:\Users\Adi\Documents\Meine Datenquellen
2013-08-18 11:25 - 2012-03-02 20:29 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-08-18 11:10 - 2013-08-18 11:10 - 00000000 ____D C:\Program Files (x86)\Microtek
2013-08-18 11:09 - 2013-08-18 11:09 - 00000000 ____D C:\ScanWizard 5 v6.32
2013-08-18 10:43 - 2012-08-30 21:16 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-08-18 10:09 - 2013-08-18 10:09 - 00000492 _____ C:\Windows\MAXLINK.INI
2013-08-18 10:09 - 2013-08-18 10:08 - 00000000 ____D C:\Program Files (x86)\ABBYY FineReader 4.0 Sprint
2013-08-18 09:54 - 2013-08-17 23:57 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2013-08-18 00:04 - 2013-08-18 00:04 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-17 18:12 - 2012-08-29 21:20 - 00000000 ____D C:\Program Files (x86)\Google
2013-08-17 14:29 - 2013-08-17 14:29 - 00000000 ____D C:\Users\Adi\Desktop\Adobe Application Manager 6.2
2013-08-17 14:24 - 2013-08-17 13:40 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2013-08-17 13:56 - 2013-08-17 13:56 - 00000915 _____ C:\Windows\system32\Drivers\etc\hosts.txt
2013-08-17 13:07 - 2013-08-17 13:06 - 00259498 _____ C:\Windows\msxml4-KB2758694-enu.LOG
2013-08-16 23:03 - 2013-08-16 23:03 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft Help
2013-08-16 23:03 - 2013-08-16 23:03 - 00000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help
2013-08-04 12:13 - 2013-08-04 12:13 - 00000000 ____D C:\Users\Adi\Documents\My Photos
2013-08-04 12:09 - 2013-08-04 12:09 - 00000000 ____D C:\Users\Adi\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1
2013-08-04 11:59 - 2013-08-04 11:58 - 00000000 ____D C:\Users\Adi\AppData\Roaming\HTC
2013-08-04 11:58 - 2013-08-04 11:58 - 00003606 _____ C:\Windows\System32\Tasks\Launch HTC Sync Loader
2013-08-04 11:58 - 2013-08-04 11:58 - 00001088 _____ C:\Users\Public\Desktop\HTC Sync.lnk
2013-08-04 11:58 - 2013-08-04 11:39 - 00000000 ____D C:\Program Files (x86)\HTC
2013-08-04 11:41 - 2013-08-04 11:41 - 00000000 ____D C:\Users\Adi\AppData\Local\Downloaded Installations
2013-08-04 11:40 - 2013-08-04 11:40 - 00000000 ____D C:\Program Files (x86)\Spirent Communications
2013-08-04 11:40 - 2012-03-02 20:32 - 00041686 _____ C:\Windows\DPINST.LOG
2013-08-04 11:39 - 2013-08-04 11:39 - 00000000 ____D C:\Users\Default\AppData\Roaming\Macromedia
2013-08-04 11:39 - 2013-08-04 11:39 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Macromedia
2013-08-04 11:39 - 2012-08-30 20:57 - 00000000 ____D C:\Program Files (x86)\MSXML 4.0
2013-08-04 11:18 - 2013-08-04 11:18 - 160600984 _____ (HTC Corporation                                              ) C:\Users\Adi\Downloads\htc-sync [1].exe
2013-08-04 10:25 - 2013-06-10 21:19 - 00001894 _____ C:\Users\Public\Desktop\Garmin Express.lnk
2013-08-04 10:25 - 2013-06-10 21:19 - 00000000 ____D C:\ProgramData\Package Cache
2013-08-04 10:25 - 2012-12-21 22:21 - 00000000 ____D C:\ProgramData\Garmin
2013-08-04 10:24 - 2012-03-02 20:43 - 01590378 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-08-03 15:00 - 2013-08-03 15:00 - 00000000 ____D C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2013-08-03 14:59 - 2013-08-03 14:59 - 00000000 ____D C:\Users\Adi\AppData\Local\Microsoft Help
2013-08-03 14:54 - 2013-08-03 14:54 - 00001960 _____ C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
2013-08-03 14:54 - 2013-08-03 14:53 - 00000000 ____D C:\Users\Adi\AppData\Roaming\DAEMON Tools Lite
2013-08-03 14:54 - 2013-08-03 14:52 - 00000000 ____D C:\ProgramData\DAEMON Tools Lite
2013-08-03 14:53 - 2013-08-03 14:53 - 00283200 _____ (DT Soft Ltd) C:\Windows\system32\Drivers\dtsoftbus01.sys
2013-08-03 14:53 - 2013-08-03 14:53 - 00000000 ____D C:\Program Files (x86)\DAEMON Tools Lite
2013-07-31 21:05 - 2013-07-31 21:06 - 00263592 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-07-31 21:05 - 2013-07-31 21:05 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-07-31 21:05 - 2013-07-31 21:05 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-07-31 21:05 - 2013-07-31 21:05 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-07-31 21:05 - 2013-07-31 21:05 - 00000000 ____D C:\Program Files (x86)\Java
2013-07-31 21:05 - 2012-09-10 08:39 - 00867240 _____ (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2013-07-31 21:05 - 2012-09-10 08:39 - 00789416 _____ (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2013-07-28 15:42 - 2012-08-29 21:20 - 00000000 ____D C:\Users\Adi
2013-07-28 15:18 - 2012-09-16 15:37 - 00000000 ____D C:\Program Files\Recuva
2013-07-28 15:15 - 2013-07-28 15:15 - 00001664 _____ C:\Users\Public\Desktop\Recuva.lnk
2013-07-28 15:05 - 2013-07-28 15:05 - 00000000 ____D C:\Windows\System32\Tasks\Norton Internet Security
2013-07-28 15:02 - 2013-07-28 15:02 - 00000000 ____D C:\Users\Adi\Documents\Symantec
2013-07-28 14:58 - 2012-10-17 18:54 - 00002507 _____ C:\Users\Public\Desktop\Norton Internet Security.lnk
2013-07-28 14:58 - 2012-03-02 20:53 - 00003234 _____ C:\Windows\System32\Tasks\Norton WSC Integration
2013-07-28 14:58 - 2012-03-02 20:53 - 00000000 ____D C:\Windows\system32\Drivers\NISx64
2013-07-28 14:46 - 2013-07-28 14:46 - 00000000 ____D C:\Users\Adi\Downloads\Rettung
2013-07-28 14:44 - 2012-03-02 20:53 - 00177312 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
2013-07-28 14:44 - 2012-03-02 20:53 - 00007631 _____ C:\Windows\system32\Drivers\SYMEVENT64x86.CAT
2013-07-28 13:34 - 2013-07-28 13:34 - 00000000 ____D C:\Users\Public\Downloads\Norton
2013-07-28 13:21 - 2013-07-28 13:21 - 01474560 _____ C:\Users\Adi\Downloads\cluster 8186.ARJ
2013-07-28 13:21 - 2013-07-28 13:21 - 01474560 _____ C:\Users\Adi\Downloads\cluster 56305.BMP
2013-07-28 13:21 - 2013-07-28 13:20 - 01474560 _____ C:\Users\Adi\Downloads\cluster 53454.XLS
2013-07-28 13:20 - 2013-07-28 13:20 - 01474560 _____ C:\Users\Adi\Downloads\cluster 51779.EXE
2013-07-28 13:20 - 2013-07-28 13:20 - 01474560 _____ C:\Users\Adi\Downloads\cluster 48268.TIF
2013-07-28 13:20 - 2013-07-28 13:20 - 01474560 _____ C:\Users\Adi\Downloads\cluster 48.XLS
2013-07-28 13:20 - 2013-07-28 13:20 - 01474560 _____ C:\Users\Adi\Downloads\cluster 45713.XLS
2013-07-28 13:18 - 2013-07-28 13:18 - 01474560 _____ C:\Users\Adi\Downloads\cluster 39041.XLS
2013-07-28 13:17 - 2013-07-28 13:17 - 01474560 _____ C:\Users\Adi\Downloads\cluster 21833.XLS
2013-07-28 13:17 - 2013-07-28 13:17 - 01474560 _____ C:\Users\Adi\Downloads\cluster 18021.TIF
2013-07-26 07:13 - 2013-08-17 13:29 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-26 07:13 - 2013-08-17 13:29 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-26 07:13 - 2013-08-17 13:29 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-07-26 07:12 - 2013-08-17 13:29 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-26 07:12 - 2013-08-17 13:29 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-26 07:12 - 2013-08-17 13:29 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-26 07:12 - 2013-08-17 13:29 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-26 07:12 - 2013-08-17 13:29 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-26 07:12 - 2013-08-17 13:29 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-26 07:12 - 2013-08-17 13:29 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-26 07:12 - 2013-08-17 13:29 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-07-26 07:12 - 2013-08-17 13:29 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-07-26 07:12 - 2013-08-17 13:29 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-26 07:12 - 2013-08-17 13:29 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-07-26 05:35 - 2013-08-17 13:29 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-26 05:13 - 2013-08-17 13:29 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-26 05:13 - 2013-08-17 13:29 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-26 05:12 - 2013-08-17 13:29 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-26 05:12 - 2013-08-17 13:29 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-26 05:12 - 2013-08-17 13:29 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-26 05:12 - 2013-08-17 13:29 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-26 05:12 - 2013-08-17 13:29 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-26 05:12 - 2013-08-17 13:29 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-26 05:12 - 2013-08-17 13:29 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-07-26 05:12 - 2013-08-17 13:29 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-07-26 05:12 - 2013-08-17 13:29 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-26 05:11 - 2013-08-17 13:29 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-26 05:11 - 2013-08-17 13:29 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-07-26 04:49 - 2013-08-17 13:29 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-26 04:39 - 2013-08-17 13:29 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-07-26 03:59 - 2013-08-17 13:29 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-25 11:25 - 2013-08-16 23:09 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-25 10:57 - 2013-08-16 23:09 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-24 19:12 - 2012-09-16 15:51 - 00000000 ____D C:\Users\Adi\AppData\Roaming\Skype
2013-07-24 19:10 - 2012-09-16 15:51 - 00000000 ____D C:\ProgramData\Skype
2013-07-24 19:09 - 2012-09-16 15:51 - 00002517 _____ C:\Users\Public\Desktop\Skype.lnk
2013-07-24 19:09 - 2012-09-16 15:51 - 00000000 ___RD C:\Program Files (x86)\Skype

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-01-07 22:46

==================== End Of Log ============================

--- --- ---

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23-08-2013
Ran by Adi at 2013-08-23 19:23:13
Running from C:\Users\Adi\Desktop
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

   
ABBYY FineReader 4.0 Sprint (x32)
Adobe AIR (x32 Version: 3.2.0.2070)
Adobe Flash Player 11 ActiveX (x32 Version: 11.8.800.94)
Adobe Flash Player 11 Plugin (x32 Version: 11.7.700.224)
Adobe Reader X (10.1.7) - Deutsch (x32 Version: 10.1.7)
ALPS Touch Pad Driver
Amazon Kindle (HKCU)
ArcSoft MediaImpression 2 (x32 Version: 2.0.53.1090)
Citrix Authentication Manager (x32 Version: 3.0.0.47031)
Citrix Receiver (DV) (x32 Version: 13.3.0.55)
Citrix Receiver (HDX Flash-Umleitung) (x32 Version: 13.3.0.55)
Citrix Receiver (USB) (x32 Version: 13.3.0.55)
Citrix Receiver (x32 Version: 13.3.0.55)
Citrix Receiver Inside (x32 Version: 3.3.0.17208)
Citrix Receiver Updater (x32 Version: 3.3.0.17207)
Citrix Receiver(Aero) (x32 Version: 13.3.0.55)
Control ActiveX de Windows Live Mesh para conexiones remotas (x32 Version: 15.4.5722.2)
Contrôle ActiveX Windows Live Mesh pour connexions à distance (x32 Version: 15.4.5722.2)
CyberLink YouCam 5 (x32 Version: 5.0.1521)
D3DX10 (x32 Version: 15.4.2368.0902)
DAEMON Tools Lite (x32 Version: 4.47.1.0333)
DeskUpdate (x32 Version: 4.14.0122)
Drv (x32 Version: 1.00.0000)
e PDF to Word Converter 5.1.0.383 (Version: 5.1.0.383)
Elevated Installer (x32 Version: 2.2.17)
ElsterFormular (x32 Version: 14.3.11574)
ExtractNow (x32)
EZ Grabber (x32 Version: 1.00.0000)
FJ Camera (x32 Version: 5.8.52032.0_WHQL)
Free FLV Converter V 7.4.0 (x32 Version: 7.4.0.0)
Fujitsu Hotkey Utility (x32 Version: 3.70.0.0)
Fujitsu MobilityCenter Extension Utility (Version: 3.01.00.002)
Fujitsu MobilityCenter Extension Utility (x32 Version: 3.01.00.002)
Fujitsu System Extension Utility (Version: 3.4.4.0)
Fujitsu System Extension Utility (x32 Version: 3.4.4.0)
Garmin City Navigator Europe (Unicode) NT 2013.30 Update (x32 Version: 16.30.0.0)
Garmin Communicator Plugin x64 (Version: 4.0.3)
Garmin Express (x32 Version: 2.2.17)
Garmin Express Tray (x32 Version: 2.2.17)
Garmin Update Service (x32 Version: 2.2.17)
GIMP 2.8.2 (Version: 2.8.2)
Google Earth Plug-in (x32 Version: 7.1.1.1888)
Google Update Helper (x32 Version: 1.3.21.153)
High-Definition Video Playback (x32 Version: 7.3.10900.8.0)
HTC BMP USB Driver (x32 Version: 1.0.5375)
HTC Driver Installer (x32 Version: 3.0.0.021)
HTC Sync (x32 Version: 3.2.20)
Intel PROSet Wireless
Intel(R) Management Engine Components (x32 Version: 8.0.0.1351)
Intel(R) OpenCL CPU Runtime (x32)
Intel(R) Processor Graphics (x32 Version: 8.15.10.2696)
Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed (Version: 15.1.0.0096)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (Version: 2.0.0.0086)
Intel(R) USB 3.0 eXtensible Host Controller Driver (x32 Version: 1.0.3.214)
Intel® PROSet/Wireless WiFi-Software (Version: 15.01.0000.0830)
Intel® Trusted Connect Service Client (Version: 1.23.216.0)
Java 7 Update 25 (x32 Version: 7.0.250)
Java Auto Updater (x32 Version: 2.1.9.5)
Juniper Citrix Services Client (HKCU Version: 7.3.0.25741)
Juniper Networks, Inc. Setup Client (HKCU Version: 7.3.6.37319)
Juniper Networks, Inc. Setup Client 64-bit Activex Control (Version: 2.1.1.1)
Juniper Networks, Inc. Setup Client Activex Control (x32 Version: 2.1.1.1)
Junk Mail filter update (x32 Version: 15.4.3502.0922)
LIFEBOOK Application Panel (Version: 8.3.2.0)
LIFEBOOK Application Panel (x32 Version: 8.3.2.0)
Mesh Runtime (x32 Version: 15.4.5722.2)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2010 (x32 Version: 14.0.4763.1000)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (x32 Version: 9.0.30411)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000)
Mozilla Firefox 23.0.1 (x86 de) (x32 Version: 23.0.1)
Mozilla Maintenance Service (x32 Version: 23.0.1)
Mozilla Thunderbird 17.0.8 (x86 de) (x32 Version: 17.0.8)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT_amd64 (x32 Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
MSXML 4.0 SP3 Parser (KB2758694) (x32 Version: 4.30.2117.0)
MSXML 4.0 SP3 Parser (x32 Version: 4.30.2100.0)
Nero 10 Movie ThemePack Basic (x32 Version: 10.6.10000.1.0)
Nero BurnRights 10 (x32 Version: 4.4.10400.2.100)
Nero BurnRights 10 Help (CHM) (x32 Version: 10.6.10700)
Nero Control Center 10 (x32 Version: 10.6.12700.0.7)
Nero ControlCenter 10 Help (CHM) (x32 Version: 10.6.10800)
Nero Core Components 10 (x32 Version: 2.0.20000.9.12)
Nero CoverDesigner 10 (x32 Version: 5.6.10600.4.100)
Nero CoverDesigner 10 Help (CHM) (x32 Version: 10.6.10700)
Nero InfoTool 10 (x32 Version: 7.4.10300.1.100)
Nero InfoTool 10 Help (CHM) (x32 Version: 10.6.10700)
Nero Kwik Media (x32 Version: 1.6.14900.57.100)
Nero Multimedia Suite 10 Essentials (x32 Version: 10.6.10200)
Nero StartSmart 10 (x32 Version: 10.6.10400.2.100)
Nero StartSmart 10 Help (CHM) (x32 Version: 10.6.10700)
Nero Update (x32 Version: 1.0.10900.31.0)
NeroKwikMedia Help (CHM) (x32 Version: 10.6.10900)
Norton Internet Security (x32 Version: 20.4.0.40)
o2 Verbindungsmanager (x32 Version: 1.10.0006)
Online Plug-in (x32 Version: 13.3.0.55)
OpenOffice.org 3.4 (x32 Version: 3.4.9590)
PC Inspector File Recovery (x32 Version: 4.0)
PC Inspector smart recovery (x32 Version: 4.50)
PDF Architect (x32 Version: 1.0.52.8917)
PDF To Excel Converter V2.0 (x32)
PDFCreator (x32 Version: 1.6.2)
pdfforge Images2PDF 0.9.2.546 (Version: 0.9.2.546)
PhotoScape (x32)
Plugfree NETWORK (Version: 6.2.0.1)
Plugfree NETWORK (Version: 6.2.001)
Power Saving Utility (x32 Version: 32.01.10.038)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6526)
Realtek USB 2.0 Card Reader (x32 Version: 6.1.7601.30129)
Recuva (Version: 1.47)
Samsung Universal Print Driver (x32 Version: 2.03.06.00)
Self-Service Plug-in (x32 Version: 3.3.0.27839)
Skype Click to Call (x32 Version: 6.3.11079)
Skype™ 6.6 (x32 Version: 6.6.106)
TeamViewer 8 (x32 Version: 8.0.16642)
Update 4.0.3 for Microsoft .NET Framework 4 Client Profile (KB2600211) (x32 Version: 1)
Update 4.0.3 for Microsoft .NET Framework 4 Extended (KB2600211) (x32 Version: 1)
Windows Live (x32 Version: 15.4.3502.0922)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3508.1109)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Installer (x32 Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3508.1109)
Windows Live Mail (x32 Version: 15.4.3502.0922)
Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen (x32 Version: 15.4.5722.2)
Windows Live Mesh (x32 Version: 15.4.3502.0922)
Windows Live Mesh ActiveX control for remote connections (x32 Version: 15.4.5722.2)
Windows Live Mesh ActiveX Control for Remote Connections (x32 Version: 15.4.5722.2)
Windows Live Messenger (x32 Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Photo Common (x32 Version: 15.4.3502.0922)
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (x32 Version: 15.4.3502.0922)
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)
Windows Live UX Platform (x32 Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109)
Windows Live Writer (x32 Version: 15.4.3502.0922)
Windows Live Writer Resources (x32 Version: 15.4.3502.0922)
Windows Media Player Firefox Plugin (x32 Version: 1.0.0.8)
Windows Mobile Device Center Driver Update (Version: 6.1.6965.0)
Windows Mobile-Gerätecenter (Version: 6.1.6965.0)
Wise Registry Cleaner 7.71 (x32 Version: 7.71)
WISO Steuer-Sparbuch 2012 (x32 Version: 19.00.7303)
WISO Steuer-Sparbuch 2013 (x32 Version: 20.00.8137)

==================== Restore Points  =========================

19-08-2013 10:41:31 Norton_Power_Eraser_20130819124128989
19-08-2013 11:01:06 Installed SpyHunter
19-08-2013 12:21:45 Removed SpyHunter
22-08-2013 09:07:28 Microsoft Visual C++ 2005 Redistributable (x64) wird entfernt
22-08-2013 09:07:58 Removed Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
22-08-2013 09:08:29 Removed Microsoft Office Professional Plus 2010
22-08-2013 09:17:06 Removed MSXML 4.0 SP3 Parser (KB2758694)

==================== Hosts content: ==========================

2009-07-14 04:34 - 2013-08-23 00:36 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {309DB2C9-D83F-48C1-B215-1AEED59F442A} - System32\Tasks\Launch HTC Sync Loader => C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe [2012-04-17] ()
Task: {8DAAE6DC-593D-4304-AC5F-34C6C337B617} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\WSCStub.exe [2013-06-03] (Symantec Corporation)
Task: {9E877C2F-8011-4BAE-BF06-5E391A297AD9} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\SymErr.exe [2013-06-03] (Symantec Corporation)
Task: {CD325184-FA75-4168-8EB8-4CEF9666A340} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\SymErr.exe [2013-06-03] (Symantec Corporation)
Task: {E9E59FA7-207F-45E4-9C41-2F5CE7B26737} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-12-21] (Google Inc.)
Task: {EDEA69A9-C40F-48D9-92EF-52A5E249D2B3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-12-21] (Google Inc.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============

Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2013-08-23 19:12:47.725
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\sxs.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-08-23 19:08:40.210
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\sxs.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-08-23 18:57:40.758
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\sxs.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-08-23 01:58:24.303
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\sxs.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-08-23 01:52:36.370
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\sxs.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-08-23 01:35:51.392
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\sxs.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-08-23 01:33:58.101
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\sxs.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-08-23 01:27:04.123
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\sxs.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-08-23 00:57:47.078
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\sxs.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-08-23 00:47:38.480
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\sxs.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Percentage of memory in use: 48%
Total physical RAM: 3958.37 MB
Available physical RAM: 2057.55 MB
Total Pagefile: 7914.93 MB
Available Pagefile: 5748.25 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (System) (Fixed) (Total:80 GB) (Free:19.45 GB) NTFS
Drive d: (Daten) (Fixed) (Total:499.11 GB) (Free:444.99 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 699 GB) (Disk ID: B8755606)
Partition 1: (Active) - (Size=2 GB) - (Type=27)
Partition 2: (Not Active) - (Size=697 GB) - (Type=OF Extended)

==================== End Of Log ============================

cosinus · 23.08.2013, 19:22

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

HKU\Adi-Admin\...\CurrentVersion\Windows: [Load] C:\Users\Adi-Admin\LOCALS~1\Temp\msfkmt.cmd <===== ATTENTION
C:\Users\Adi-Admin\LOCALS~1\Temp\msfkmt.cmd

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

argonaut-1 · 23.08.2013, 20:19

Hallo, Cosinus,

anbei die Fixlist.txt.

Beste Grüße
Argonaut-1

Code:

ATTFilter

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 23-08-2013
Ran by Adi at 2013-08-23 21:17:08 Run:1
Running from C:\Users\Adi\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKU\Adi-Admin\...\CurrentVersion\Windows: [Load] C:\Users\Adi-Admin\LOCALS~1\Temp\msfkmt.cmd <===== ATTENTION
C:\Users\Adi-Admin\LOCALS~1\Temp\msfkmt.cmd

*****************

"C:\Users\Adi-Admin\LOCALS~1\Temp\msfkmt.cmd" => File/Directory not found.

==== End of Fixlog ====

cosinus · 24.08.2013, 14:46

Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes Anti-Malware (MBAM)

Hinweis: Denk bitte vorher daran, Malwarebytes Anti-Malware über den Updatebutton zu aktualisieren!

Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

argonaut-1 · 25.08.2013, 00:36

Hallo, Cosinus,

anbei die beiden Logfiles.

Beste Grüße

Argonaut-1

Code:

ATTFilter

 Malwarebytes Anti-Malware  (Test) 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.08.24.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16660
Adi :: ADI-PC [Administrator]

Schutz: Aktiviert

24.08.2013 22:08:43
MBAM-log-2013-08-24 (22-12-05).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 249349
Laufzeit: 3 Minute(n), 2 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Users\Adi\AppData\Roaming\Mozilla\Extensions\{1FD91A9C-410C-4090-BBCC-55D3450EF433} (PUP.Optional.Searchqu.A) -> Keine Aktion durchgeführt.

(Ende)

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=2e90b20ec80170499cac3ceb1b7c3d73
# engine=14890
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-08-24 11:25:14
# local_time=2013-08-25 01:25:14 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=3591 16777213 100 91 95452 140012098 0 0
# compatibility_mode=5893 16776574 100 94 2870199 129016564 0 0
# scanned=186722
# found=0
# cleaned=0
# scan_time=3556

cosinus · 25.08.2013, 14:02

Warum entfernst du den letzten Fund mit Mawarebytes nicht?

argonaut-1 · 25.08.2013, 15:03

Hallo, Cosinus,

Eintrag ist entfernt. Habe grade eben Malwarebytes ausgeführt - keine Funde. Logfile anbei.

Beste Grüße
Argonaut-1

Malwarebytes Anti-Malware (Test) 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.08.25.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16660
Adi :: ADI-PC [Administrator]

Schutz: Aktiviert

25.08.2013 15:56:47
mbam-log-2013-08-25 (15-56-47).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 248874
Laufzeit: 3 Minute(n), 34 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

cosinus · 25.08.2013, 15:53

Ok, das war auch nur ein Rest

Sieht soweit ok aus

Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat.

Info: Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie )

Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller
Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird.

Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?

argonaut-1 · 25.08.2013, 17:06

Hallo, Cosinus,
vielen herzlichen Dank an dich und alle, die hier mitarbeiten. Ich weiss nicht, was ich ohne eure Hilfe hätte tun sollen. Ich wünsche euch weiterhin viel Spaß und Erfolg bei eurer Arbeit.

Ihr seid wirklich suuper!

argonaut-1

cosinus · 25.08.2013, 21:30

Dann wären wir durch!

Falls du noch Lob oder Kritik loswerden möchtest => Lob, Kritik und Wünsche - Trojaner-Board

Die Programme, die hier zum Einsatz kamen, können alle deinstalliert werden. (Tools wie zB FRST einfach per Rechtsklick vom Desktop löschen)

Combofix entfernen (nur relevant wenn es hier benutzt wurde!) : Start/Ausführen (Tastenkombination WIN+R), dort den Befehl combofix /uninstall eintippen und ausführen

Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden.
Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern.

Microsoftupdate
Windows XP:Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.
Windows Vista/7: Start, Systemsteuerung, Windows-Update

PDF-Reader aktualisieren
Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast)

Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers:
Prüfen => Adobe - Flash Player
Downloadlinks findest du hier => Browsers and Plugins - FilePony.de

Alle Plugins im Firefox-Browser kannst du auch ganz einfach hier auf Aktualität prüfen => https://www.mozilla.org/de/plugincheck

Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind.

Java-Update
Veraltete Java-Installationen sind ein großes Sicherheitsrisiko, daher solltest Du die alten Versionen deinstallieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software (bzw. Programme und Funktionen) und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.

25.08.2013, 14:02	#24
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	QV06 hat sich in meine Internetbrowser eingenistet Warum entfernst du den letzten Fund mit Mawarebytes nicht? __________________ Logfiles bitte immer in CODE-Tags posten

QV06 hat sich in meine Internetbrowser eingenistet

Log-Analyse und Auswertung: QV06 hat sich in meine Internetbrowser eingenistet