Malware.Packer.ORPC und search.ueep.com

Mel-e · 16.09.2013, 09:29

Guten Morgen,
mein Mann bat mich gestern nach seinem Rechner zu sehen, weil Mozilla mit search.ueep.com startete. Hab bei ihm Malwarebytes laufen lassen und wurde leider fündig

(
Bevor ich die logs von gestern poste, kurz, was ich (wahrscheinlich dummerweise) gemacht habe danach:
Habe Malwarebytes alles Gefundene löschen lassen.
Habe adwcleaner runtergeladen (das log finde ich leider nicht), der wurde auch fündig, habe auch alles löschen lassen. War erst nach 3. oder 4. Mal alles "weg".
Habe die zwei Dateien, die Malwarebytes gefunden hatte, noch manuell gelöscht, weil sie wohl immer noch da waren (eine lief auch als Prozess im Taskmanager, das vorher beendet).
Habe dann in der Registry nach Einträgen gesucht, die dort nicht hingehören und teilweise auch gelöscht (alles was bei "Run" etc. nicht hätte stehen sollen).
Hab nicht notiert, was das war, aber waren nur drei Einträge, die mit search.ueep.com zu tun hatten.
Habe den Malwarebytes Rootkit Scanner laufen lassen, der Gott sei Dank nix gefunden hat.
Malwarebytes hat dann "nur" noch Registry-Einträge gefunden.
Mozilla öffnet aber immer noch mit search.ueep.com.

Mein Mann weiß, dass er sich den Mist erst vorgestern zugezogen hat (Datei im I-net geöffnet - großer Fehler...).
Die Frage ist jetzt: Sind noch Biester auf dem Rechner und wenn ja: Kriegen wir das ohne Neuinstallation in den Griff?

Hier die Malwarebytes Logs von gestern:

Code:

ATTFilter

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.09.15.02

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
E. ***:: MEDIONAKOYA [Administrator]

15.09.2013 13:52:43
MBAM-log-2013-09-15 (14-52-22).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|H:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 406687
Laufzeit: 56 Minute(n), 10 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 2
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|bProtector Start Page (PUP.BProtector) -> Daten: search.ueep.com -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes|bProtectorDefaultScope (PUP.BProtector) -> Daten: {N324-ADWF32D-T23R-TR32DSA-L32RT-YRED123} -> Keine Aktion durchgeführt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 3
C:\Program Files (x86)\AskPartnerNetwork\Toolbar\APNSetup.exe (PUP.Optional.ASKToolbar.A) -> Keine Aktion durchgeführt.
C:\Users\E. ***\AppData\Local\Temp\hd.gallery_48169.zip (Malware.Packer.ORPC) -> Keine Aktion durchgeführt.
C:\Users\E. ***\AppData\Roaming\cache.dat (Trojan.Ransom.Gend) -> Keine Aktion durchgeführt.

(Ende)

Das zweite:

Code:

ATTFilter

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.09.15.02

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
E. ***:: MEDIONAKOYA [Administrator]

15.09.2013 15:49:31
MBAM-log-2013-09-15 (16-56-32).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|H:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 406744
Laufzeit: 56 Minute(n), 20 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 2
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|bProtector Start Page (PUP.BProtector) -> Daten: search.ueep.com -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes|bProtectorDefaultScope (PUP.BProtector) -> Daten: {N324-ADWF32D-T23R-TR32DSA-L32RT-YRED123} -> Keine Aktion durchgeführt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Schon mal tausend Dank!!

schrauber · 16.09.2013, 10:07

hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

Mel-e · 16.09.2013, 10:25

Ok, hier die Logs:

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-09-2013 01
Ran by E. ***(administrator) on MEDIONAKOYA on 16-09-2013 11:14:08
Running from C:\Users\E. ***\Desktop
Windows Vista (TM) Home Premium Service Pack 2 (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(APN LLC.) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Nero AG) C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe
(pdfforge GbR) C:\Program Files (x86)\PDF Architect\HelperService.exe
(pdfforge GbR) C:\Program Files (x86)\PDF Architect\ConversionService.exe
(Prolific Technology Inc.) C:\Windows\SysWOW64\IoctlSvc.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Program Files (x86)\Realtek Semiconductor Corp\Realtek USB 2.0 Card Reader\reset.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\PSIA.exe
(X10) C:\PROGRA~2\COMMON~1\X10\Common\x10nets.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Spotify Ltd) C:\Users\E. ***\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(APN) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\system32\conime.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [6847008 2008-10-31] (Realtek Semiconductor)
HKLM\...\Run: [Skytel] - C:\Program Files\Realtek\Audio\HDA\Skytel.exe [1833504 2008-10-31] (Realtek Semiconductor Corp.)
HKLM\...\Run: [IAAnotif] - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [178712 2008-04-15] (Intel Corporation)
HKLM\...\Run: [NvCplDaemon] - RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [NvMediaCenter] - RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
HKCU\...\Run: [Spotify Web Helper] - C:\Users\E. ***\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1104384 2013-07-26] (Spotify Ltd)
MountPoints2: {1be6cdd0-6b7d-11e1-b310-001f16144ef8} - I:\Startme.exe
HKLM-x32\...\Run: [] -  [x]
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-01-28] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-02-20] (Apple Inc.)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [347192 2013-09-05] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [ApnTBMon] - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1558480 2013-07-26] (APN)
HKU\Default\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
Startup: C:\Users\E. ***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = search.ueep.com
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - {N324-ADWF32D-T23R-TR32DSA-L32RT-YRED123} URL = 
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO-x32: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
BHO-x32: PDF Architect Helper - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GbR)
BHO-x32: Avira SearchFree Toolbar plus Web Protection - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.)
BHO-x32: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
Toolbar: HKLM-x32 - Avira SearchFree Toolbar plus Web Protection - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.)
Toolbar: HKCU -  No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Handler: ipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} -  No File
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: ipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\E. ***\AppData\Roaming\Mozilla\Firefox\Profiles\hpsl5mp1.default
FF NewTab: search.ueep.com
FF DefaultSearchEngine: Ueep
FF SelectedSearchEngine: Ueep
FF Homepage: https://www.google.de/
FF Keyword.URL: hxxp://search.ueep.com/?q=
FF NetworkProxy: "autoconfig_url", "https://mediahint.com/default.pac"
FF NetworkProxy: "no_proxies_on", "*.local"
FF NetworkProxy: "type", 2
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll ()
FF Plugin: @java.com/DTPlugin,version=10.9.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.13.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin-x32: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=15.0.6.14 - c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprjplug;version=15.0.6.14 - c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.6.14 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.6.14 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=15.0.6.14 - c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin-x32: @videolan.org/vlc,version=2.0.0 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.0.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @phonostar.de/phonostar - C:\Program Files (x86)\dradio-Recorder\npphonostarDetectNP.dll No File
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101753.dll (Amazon.com, Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: HTTPS-Everywhere - C:\Users\E. ***\AppData\Roaming\Mozilla\Firefox\Profiles\hpsl5mp1.default\Extensions\https-everywhere@eff.org
FF Extension: ProxTube - Gesperrte YouTube Videos entsperren - C:\Users\E. ***\AppData\Roaming\Mozilla\Firefox\Profiles\hpsl5mp1.default\Extensions\ich@maltegoetz.de
FF Extension: Flagfox - C:\Users\E. ***\AppData\Roaming\Mozilla\Firefox\Profiles\hpsl5mp1.default\Extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
FF Extension: DownloadHelper - C:\Users\E. ***\AppData\Roaming\Mozilla\Firefox\Profiles\hpsl5mp1.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF Extension: 2.0 - C:\Users\E. ***\AppData\Roaming\Mozilla\Firefox\Profiles\hpsl5mp1.default\Extensions\2.0@disconnect.me.xpi
FF Extension: elemhidehelper - C:\Users\E. ***\AppData\Roaming\Mozilla\Firefox\Profiles\hpsl5mp1.default\Extensions\elemhidehelper@adblockplus.org.xpi
FF Extension: mediahint - C:\Users\E. ***\AppData\Roaming\Mozilla\Firefox\Profiles\hpsl5mp1.default\Extensions\mediahint@jetpack.xpi
FF Extension: toolbar_AVIRA-V7 - C:\Users\E. ***\AppData\Roaming\Mozilla\Firefox\Profiles\hpsl5mp1.default\Extensions\toolbar_AVIRA-V7@apn.ask.com.xpi
FF Extension: No Name - C:\Users\E. ***\AppData\Roaming\Mozilla\Firefox\Profiles\hpsl5mp1.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
FF Extension: No Name - C:\Users\E. ***\AppData\Roaming\Mozilla\Firefox\Profiles\hpsl5mp1.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: No Name - C:\Users\E. ***\AppData\Roaming\Mozilla\Firefox\Profiles\hpsl5mp1.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM-x32\...\Firefox\Extensions: [{0153E448-190B-4987-BDE1-F256CADA672F}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt

==================== Services (Whitelisted) =================

S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2013-08-28] (Adobe Systems)
R2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe [622648 2013-09-05] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-09-05] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-09-05] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [815160 2013-09-05] (Avira Operations GmbH & Co. KG)
R2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [168400 2013-07-26] (APN LLC.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 Nero BackItUp Scheduler 3; C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe [877864 2008-02-18] (Nero AG)
S3 NMIndexingService; C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe [529704 2008-02-28] (Nero AG)
R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1522312 2012-11-22] (pdfforge GbR)
R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [905864 2012-11-22] (pdfforge GbR)
R2 PLFlash DeviceIoControl Service; C:\Windows\SysWOW64\IoctlSvc.exe [81920 2006-12-19] (Prolific Technology Inc.)
R2 resetWinService; C:\Program Files (x86)\Realtek Semiconductor Corp\Realtek USB 2.0 Card Reader\reset.exe [71168 2008-10-29] ()
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1328736 2012-09-24] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [656480 2012-09-24] (Secunia)
R2 x10nets; C:\PROGRA~2\COMMON~1\X10\Common\x10nets.exe [20480 2001-11-12] (X10)

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [105344 2013-09-05] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132088 2013-09-05] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-08-25] (Avira Operations GmbH & Co. KG)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 s1018bus; C:\Windows\System32\DRIVERS\s1018bus.sys [113704 2009-03-25] (MCCI Corporation)
S3 s1018mdfl; C:\Windows\System32\DRIVERS\s1018mdfl.sys [19496 2009-03-25] (MCCI Corporation)
S3 s1018mdm; C:\Windows\System32\DRIVERS\s1018mdm.sys [153128 2009-03-25] (MCCI Corporation)
S3 s1018mgmt; C:\Windows\System32\DRIVERS\s1018mgmt.sys [133160 2009-03-25] (MCCI Corporation)
S3 s1018nd5; C:\Windows\System32\DRIVERS\s1018nd5.sys [34856 2009-03-25] (MCCI Corporation)
S3 s1018obex; C:\Windows\System32\DRIVERS\s1018obex.sys [128552 2009-03-25] (MCCI Corporation)
S3 s1018unic; C:\Windows\System32\DRIVERS\s1018unic.sys [146472 2009-03-25] (MCCI Corporation)
S3 WINIO; C:\Windows\system32\WinIo.sys [12160 2012-07-18] ()
S3 WNA3100M; C:\Windows\System32\DRIVERS\WNA3100M.sys [1045608 2011-12-30] (NETGEAR Corporation                           )
R3 X10Hid; C:\Windows\System32\Drivers\x10hid.sys [15768 2006-11-15] (X10 Wireless Technology, Inc.)
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-09-16 11:14 - 2013-09-16 11:14 - 00000000 ____D C:\FRST
2013-09-16 11:13 - 2013-09-16 11:13 - 01951150 _____ (Farbar) C:\Users\E. ***\Desktop\FRST64.exe
2013-09-16 09:54 - 2013-09-16 09:54 - 00000000 ____D C:\Windows\PCHEALTH
2013-09-16 09:52 - 2013-09-16 09:52 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2013-09-16 09:32 - 2013-09-16 10:05 - 00009020 _____ C:\Windows\PFRO.log
2013-09-16 09:31 - 2013-09-16 09:31 - 00000085 _____ C:\Windows\wininit.ini
2013-09-15 19:56 - 2013-09-15 19:56 - 00482409 _____ C:\Users\E. ***\Desktop\bookmarks.html
2013-09-15 19:56 - 2013-09-15 19:56 - 00241006 _____ C:\Users\E. ***\Desktop\bookmarks-2013-09-15.json
2013-09-15 18:40 - 2006-09-18 23:37 - 00000761 _____ C:\Windows\system32\Drivers\etc\hosts.20130915-184054.backup
2013-09-15 18:26 - 2013-09-16 09:32 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2013-09-15 15:36 - 2013-09-15 15:47 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-09-15 15:35 - 2013-09-15 15:47 - 00000000 ____D C:\Users\E. ***\Desktop\mbar
2013-09-15 15:34 - 2013-09-15 15:34 - 12907592 _____ (Malwarebytes Corp.) C:\Users\E. ***\Desktop\test.exe
2013-09-15 15:23 - 2013-09-15 15:23 - 00001595 _____ C:\Users\E. ***\Desktop\AdwCleaner[R2].txt
2013-09-15 13:25 - 2013-09-15 19:41 - 00000000 ____D C:\AdwCleaner
2013-09-15 13:24 - 2013-09-15 13:24 - 01037278 _____ C:\Users\E. ***\Desktop\3003-adwcleaner.exe
2013-09-15 10:48 - 2013-09-15 10:48 - 00000000 ____D C:\Program Files\Enigma Software Group
2013-09-15 10:48 - 2013-09-15 10:48 - 00000000 _____ C:\autoexec.bat
2013-09-14 15:02 - 2013-09-14 15:02 - 97542592 _____ C:\Windows\SysWOW64\籄뿉ᴼÝ
2013-09-14 03:08 - 2013-07-31 16:17 - 17833472 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-14 03:08 - 2013-07-31 15:42 - 10926080 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-14 03:08 - 2013-07-31 15:29 - 02312704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-14 03:08 - 2013-07-31 15:20 - 01346560 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-14 03:08 - 2013-07-31 15:19 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-14 03:08 - 2013-07-31 15:18 - 01494528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-09-14 03:08 - 2013-07-31 15:17 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-09-14 03:08 - 2013-07-31 15:16 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-14 03:08 - 2013-07-31 15:14 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-09-14 03:08 - 2013-07-31 15:13 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-14 03:08 - 2013-07-31 15:13 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-09-14 03:08 - 2013-07-31 15:11 - 02147840 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-14 03:08 - 2013-07-31 15:11 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-14 03:08 - 2013-07-31 15:09 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-09-14 03:08 - 2013-07-31 15:08 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-14 03:08 - 2013-07-31 15:05 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-14 03:08 - 2013-07-31 12:30 - 12335104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-09-14 03:08 - 2013-07-31 12:05 - 09738752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-09-14 03:08 - 2013-07-31 12:00 - 01800704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-09-14 03:08 - 2013-07-31 11:53 - 01104896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-09-14 03:08 - 2013-07-31 11:52 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-09-14 03:08 - 2013-07-31 11:52 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-09-14 03:08 - 2013-07-31 11:51 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-09-14 03:08 - 2013-07-31 11:49 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-09-14 03:08 - 2013-07-31 11:48 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-09-14 03:08 - 2013-07-31 11:48 - 00420864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-09-14 03:08 - 2013-07-31 11:48 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-09-14 03:08 - 2013-07-31 11:47 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-09-14 03:08 - 2013-07-31 11:46 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-09-14 03:08 - 2013-07-31 11:45 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-09-14 03:08 - 2013-07-31 11:45 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-09-14 03:08 - 2013-07-31 11:42 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-09-13 07:18 - 2013-08-08 04:03 - 02775552 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-09-13 07:18 - 2013-07-16 11:25 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\themeui.dll
2013-09-13 07:18 - 2013-07-16 06:35 - 00615936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\themeui.dll
2013-09-13 06:48 - 2013-09-13 06:48 - 97412816 _____ C:\Windows\SysWOW64\⠔䜫ᴼÞ
2013-08-28 20:27 - 2013-08-28 20:27 - 00000000 ____D C:\ID_CS2_GR_NonRet
2013-08-28 08:54 - 2013-08-02 16:06 - 01706496 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-08-28 08:54 - 2013-08-02 06:09 - 01548288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-08-27 12:56 - 2013-08-27 12:56 - 00000000 ____D C:\Users\E. ***\dwhelper
2013-08-27 12:30 - 2013-08-27 12:30 - 00000000 ____D C:\Program Files (x86)\NETGEAR
2013-08-27 12:30 - 2011-12-30 15:23 - 01045608 _____ (NETGEAR Corporation                           ) C:\Windows\system32\Drivers\WNA3100M.sys
2013-08-26 14:18 - 2013-08-26 14:20 - 00000000 ____D C:\Users\E. ***\Desktop\Adobe Programme
2013-08-25 14:47 - 2013-08-25 14:47 - 00000000 ____D C:\ProgramData\Ralink
2013-08-25 14:03 - 2013-08-25 14:03 - 00000000 ____D C:\ProgramData\InstallShield
2013-08-25 13:59 - 2013-08-25 14:00 - 00000223 _____ C:\WirelessDiagLog.csv
2013-08-25 13:54 - 2013-08-25 13:54 - 00000000 ____D C:\Users\E. ***\AppData\Local\{10C1C73B-E883-48CD-A102-0E75F079D8D9}
2013-08-25 13:36 - 2009-09-04 17:44 - 00515416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_5.dll
2013-08-25 13:36 - 2009-09-04 17:44 - 00069464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_3.dll
2013-08-25 13:36 - 2009-09-04 17:29 - 00523088 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_42.dll
2013-08-25 13:36 - 2009-09-04 17:29 - 00453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_42.dll
2013-08-25 13:28 - 2006-11-29 13:06 - 04398360 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_32.dll
2013-08-25 13:28 - 2006-11-29 13:06 - 03426072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_32.dll
2013-08-25 13:26 - 2013-08-25 13:54 - 00000000 ____D C:\Users\E. ***\AppData\Local\Windows Live
2013-08-25 13:10 - 2013-08-25 13:10 - 00000936 _____ C:\Users\Public\Desktop\HP Photo Creations.lnk
2013-08-25 13:08 - 2013-08-25 13:08 - 00000000 ____D C:\Program Files\HP
2013-08-25 12:54 - 2013-08-25 12:54 - 00000000 ____D C:\ProgramData\AskPartnerNetwork
2013-08-25 12:54 - 2013-08-25 12:54 - 00000000 ____D C:\Program Files (x86)\AskPartnerNetwork
2013-08-25 12:53 - 2013-08-25 12:53 - 00000000 ____D C:\Users\E. ***\AppData\Roaming\Avira
2013-08-25 12:52 - 2013-09-05 17:23 - 00132088 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-08-25 12:52 - 2013-09-05 17:23 - 00105344 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-08-25 12:52 - 2013-08-25 12:52 - 00000000 ____D C:\Program Files (x86)\Avira
2013-08-25 12:52 - 2013-08-25 12:51 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2013-08-25 10:55 - 2013-08-25 13:10 - 00000000 ____D C:\ProgramData\HP Photo Creations
2013-08-25 10:55 - 2013-08-25 13:10 - 00000000 ____D C:\Program Files (x86)\HP Photo Creations
2013-08-25 10:52 - 2013-08-25 11:00 - 00000000 ____D C:\ProgramData\HP(48)
2013-08-25 10:52 - 2013-08-25 10:52 - 00000000 ____D C:\Program Files\HP(45)
2013-08-23 20:50 - 2013-08-23 20:51 - 00000000 ____D C:\Users\E. ***\Desktop\Fotos Ulrich und Tim
2013-08-18 19:05 - 2013-08-18 19:05 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

==================== One Month Modified Files and Folders =======

2013-09-16 11:14 - 2013-09-16 11:14 - 00000000 ____D C:\FRST
2013-09-16 11:13 - 2013-09-16 11:13 - 01951150 _____ (Farbar) C:\Users\E. ***\Desktop\FRST64.exe
2013-09-16 10:56 - 2013-03-11 13:47 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-09-16 10:10 - 2012-07-26 14:52 - 01712023 _____ C:\Windows\WindowsUpdate.log
2013-09-16 10:06 - 2012-03-05 18:22 - 00349260 _____ C:\ProgramData\nvModes.001
2013-09-16 10:06 - 2006-11-02 17:22 - 00003712 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-16 10:06 - 2006-11-02 17:22 - 00003712 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-16 10:05 - 2013-09-16 09:32 - 00009020 _____ C:\Windows\PFRO.log
2013-09-16 10:05 - 2006-11-02 17:42 - 00032538 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-09-16 10:05 - 2006-11-02 17:42 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-16 10:01 - 2013-08-16 07:00 - 00000000 ____D C:\Windows\system32\MRT
2013-09-16 09:59 - 2012-11-02 19:02 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-09-16 09:59 - 2006-11-02 14:35 - 79143768 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2013-09-16 09:59 - 2006-11-02 14:34 - 00000240 _____ C:\Windows\win.ini
2013-09-16 09:54 - 2013-09-16 09:54 - 00000000 ____D C:\Windows\PCHEALTH
2013-09-16 09:52 - 2013-09-16 09:52 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2013-09-16 09:52 - 2012-03-04 23:12 - 00000000 ____D C:\Users\E. ***
2013-09-16 09:32 - 2013-09-15 18:26 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2013-09-16 09:31 - 2013-09-16 09:31 - 00000085 _____ C:\Windows\wininit.ini
2013-09-16 09:29 - 2012-03-05 18:19 - 00349260 _____ C:\ProgramData\nvModes.dat
2013-09-15 22:37 - 2012-03-08 21:44 - 00000000 ____D C:\Users\E. ***\AppData\Roaming\vlc
2013-09-15 21:39 - 2012-03-06 18:39 - 00012800 _____ C:\Users\E. ***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-09-15 21:08 - 2012-06-30 10:56 - 00000000 ____D C:\Users\E. ***\AppData\Roaming\dvdcss
2013-09-15 19:56 - 2013-09-15 19:56 - 00482409 _____ C:\Users\E. ***\Desktop\bookmarks.html
2013-09-15 19:56 - 2013-09-15 19:56 - 00241006 _____ C:\Users\E. ***\Desktop\bookmarks-2013-09-15.json
2013-09-15 19:51 - 2012-03-08 22:13 - 00000000 ____D C:\Users\E. ***\AppData\Roaming\EndNote
2013-09-15 19:41 - 2013-09-15 13:25 - 00000000 ____D C:\AdwCleaner
2013-09-15 19:24 - 2012-03-08 21:46 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-09-15 15:47 - 2013-09-15 15:36 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-09-15 15:47 - 2013-09-15 15:35 - 00000000 ____D C:\Users\E. ***\Desktop\mbar
2013-09-15 15:34 - 2013-09-15 15:34 - 12907592 _____ (Malwarebytes Corp.) C:\Users\E. ***\Desktop\test.exe
2013-09-15 15:32 - 2012-03-06 17:52 - 00000000 ____D C:\Program Files\CCleaner
2013-09-15 15:23 - 2013-09-15 15:23 - 00001595 _____ C:\Users\E. ***\Desktop\AdwCleaner[R2].txt
2013-09-15 13:24 - 2013-09-15 13:24 - 01037278 _____ C:\Users\E. ***\Desktop\3003-adwcleaner.exe
2013-09-15 10:48 - 2013-09-15 10:48 - 00000000 ____D C:\Program Files\Enigma Software Group
2013-09-15 10:48 - 2013-09-15 10:48 - 00000000 _____ C:\autoexec.bat
2013-09-14 18:19 - 2012-03-18 15:15 - 00000000 ____D C:\Users\E. ***\AppData\Roaming\foobar2000
2013-09-14 17:57 - 2012-03-04 23:12 - 00001005 _____ C:\Users\E. ***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2013-09-14 15:02 - 2013-09-14 15:02 - 97542592 _____ C:\Windows\SysWOW64\籄뿉ᴼÝ
2013-09-14 03:30 - 2006-11-02 17:21 - 00398584 _____ C:\Windows\system32\FNTCACHE.DAT
2013-09-13 20:57 - 2013-03-11 13:47 - 00003736 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-09-13 20:57 - 2012-04-15 17:27 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-09-13 20:57 - 2012-03-08 21:29 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-09-13 06:48 - 2013-09-13 06:48 - 97412816 _____ C:\Windows\SysWOW64\⠔䜫ᴼÞ
2013-09-12 13:55 - 2008-01-21 13:10 - 01445546 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-12 13:55 - 2008-01-21 13:09 - 00628992 _____ C:\Windows\system32\perfh007.dat
2013-09-12 13:55 - 2008-01-21 13:09 - 00126704 _____ C:\Windows\system32\perfc007.dat
2013-09-09 21:04 - 2013-08-06 20:48 - 00000000 ____D C:\Users\E. ***\Desktop\Klausur 1
2013-09-05 17:23 - 2013-08-25 12:52 - 00132088 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-09-05 17:23 - 2013-08-25 12:52 - 00105344 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-08-28 20:32 - 2012-03-05 18:39 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-08-28 20:31 - 2012-03-04 23:12 - 00000000 ___RD C:\Users\E. ***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-08-28 20:30 - 2012-03-05 18:40 - 00000000 ____D C:\ProgramData\Adobe
2013-08-28 20:27 - 2013-08-28 20:27 - 00000000 ____D C:\ID_CS2_GR_NonRet
2013-08-27 15:31 - 2012-03-05 18:04 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-08-27 12:56 - 2013-08-27 12:56 - 00000000 ____D C:\Users\E. ***\dwhelper
2013-08-27 12:30 - 2013-08-27 12:30 - 00000000 ____D C:\Program Files (x86)\NETGEAR
2013-08-26 14:20 - 2013-08-26 14:18 - 00000000 ____D C:\Users\E. ***\Desktop\Adobe Programme
2013-08-25 15:13 - 2012-03-08 21:46 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy
2013-08-25 14:50 - 2012-03-05 18:11 - 00000000 ____D C:\Program Files (x86)\RALINK
2013-08-25 14:47 - 2013-08-25 14:47 - 00000000 ____D C:\ProgramData\Ralink
2013-08-25 14:19 - 2006-11-02 15:33 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2013-08-25 14:03 - 2013-08-25 14:03 - 00000000 ____D C:\ProgramData\InstallShield
2013-08-25 14:00 - 2013-08-25 13:59 - 00000223 _____ C:\WirelessDiagLog.csv
2013-08-25 13:54 - 2013-08-25 13:54 - 00000000 ____D C:\Users\E. ***\AppData\Local\{10C1C73B-E883-48CD-A102-0E75F079D8D9}
2013-08-25 13:54 - 2013-08-25 13:26 - 00000000 ____D C:\Users\E. ***\AppData\Local\Windows Live
2013-08-25 13:54 - 2012-03-04 23:12 - 00105360 _____ C:\Users\E. ***\AppData\Local\GDIPFONTCACHEV1.DAT
2013-08-25 13:10 - 2013-08-25 13:10 - 00000936 _____ C:\Users\Public\Desktop\HP Photo Creations.lnk
2013-08-25 13:10 - 2013-08-25 10:55 - 00000000 ____D C:\ProgramData\HP Photo Creations
2013-08-25 13:10 - 2013-08-25 10:55 - 00000000 ____D C:\Program Files (x86)\HP Photo Creations
2013-08-25 13:09 - 2012-03-05 18:34 - 00000000 ____D C:\Program Files (x86)\HP
2013-08-25 13:08 - 2013-08-25 13:08 - 00000000 ____D C:\Program Files\HP
2013-08-25 13:08 - 2012-03-05 18:33 - 00000000 ____D C:\ProgramData\HP
2013-08-25 12:54 - 2013-08-25 12:54 - 00000000 ____D C:\ProgramData\AskPartnerNetwork
2013-08-25 12:54 - 2013-08-25 12:54 - 00000000 ____D C:\Program Files (x86)\AskPartnerNetwork
2013-08-25 12:53 - 2013-08-25 12:53 - 00000000 ____D C:\Users\E. ***\AppData\Roaming\Avira
2013-08-25 12:52 - 2013-08-25 12:52 - 00000000 ____D C:\Program Files (x86)\Avira
2013-08-25 12:52 - 2013-08-05 21:18 - 00000000 ____D C:\ProgramData\Avira
2013-08-25 12:51 - 2013-08-25 12:52 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2013-08-25 12:29 - 2012-03-06 18:02 - 00000000 ____D C:\Program Files (x86)\PDFCreator
2013-08-25 12:03 - 2006-11-02 15:34 - 00000000 ____D C:\Windows\system32\Msdtc
2013-08-25 12:02 - 2012-03-05 18:22 - 00000000 ____D C:\Users\Gast
2013-08-25 12:02 - 2006-11-02 15:34 - 00000000 ____D C:\Windows\system32\spool
2013-08-25 12:02 - 2006-11-02 15:33 - 00000000 ____D C:\Windows\registration
2013-08-25 12:02 - 2006-11-02 14:33 - 77070336 _____ C:\Windows\system32\config\software_previous
2013-08-25 12:02 - 2006-11-02 14:33 - 47972352 _____ C:\Windows\system32\config\components_previous
2013-08-25 12:02 - 2006-11-02 14:33 - 22020096 _____ C:\Windows\system32\config\system_previous
2013-08-25 12:02 - 2006-11-02 14:33 - 00262144 _____ C:\Windows\system32\config\security_previous
2013-08-25 12:02 - 2006-11-02 14:33 - 00262144 _____ C:\Windows\system32\config\sam_previous
2013-08-25 12:02 - 2006-11-02 14:33 - 00262144 _____ C:\Windows\system32\config\default_previous
2013-08-25 11:00 - 2013-08-25 10:52 - 00000000 ____D C:\ProgramData\HP(48)
2013-08-25 10:52 - 2013-08-25 10:52 - 00000000 ____D C:\Program Files\HP(45)
2013-08-23 20:51 - 2013-08-23 20:50 - 00000000 ____D C:\Users\E. ***\Desktop\Fotos Ulrich und Tim
2013-08-19 19:32 - 2012-04-27 20:34 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-08-18 19:05 - 2013-08-18 19:05 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

Some content of TEMP:
====================
C:\Users\E. ***\AppData\Local\Temp\SHSetup.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-09-16 10:12

==================== End Of Log ============================

--- --- ---

--- --- ---

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-09-2013 01
Ran by E. *at 2013-09-16 11:14:46
Running from C:\Users\E. *\Desktop
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

Adobe Acrobat 6.0 Professional - English, Français, Deutsch (x32 Version: 006.000.000)
Adobe AIR (x32 Version: 3.8.0.1280)
Adobe Bridge 1.0 (x32 Version: 001.000.001)
Adobe Common File Installer (x32 Version: 1.00.001)
Adobe Flash Player 11 ActiveX (x32 Version: 11.8.800.174)
Adobe Flash Player 11 Plugin (x32 Version: 11.8.800.168)
Adobe Help Center 1.0 (x32 Version: 1.0.1)
Adobe InDesign CS2 (x32 Version: 004.000.000)
Adobe Photoshop 7.0.1 (x32 Version: 7.0)
Adobe Reader X (10.1.8) - Deutsch (x32 Version: 10.1.8)
Adobe Stock Photos 1.0 (x32 Version: 1.0.1)
Amazon MP3-Downloader 1.0.17 (x32 Version: 1.0.17)
Apple Application Support (x32 Version: 2.3.3)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (x32 Version: 2.1.3.127)
Avira Antivirus Premium (x32 Version: 13.0.0.4052)
Avira SearchFree Toolbar plus Web Protection (x32 Version: 12.2.2.663)
Azurewave Wireless LAN (x32 Version: 1.00.0000)
Bonjour (Version: 3.0.0.10)
Canon RAW Codec (x32 Version: 1.8.0.68)
CCleaner (Version: 4.05)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32)
dradio-Recorder Version 3.02.6 (x32)
DriveImage XML (Private Edition) (x32 Version: 2.44.000)
Dropbox (HKCU Version: 1.6.16)
EndNote X1 (x32 Version: 11.0.0.2571)
foobar2000 v0.9.6.9 (x32 Version: 0.9.6.9)
Free PDF to Word Doc Converter v1.1 (x32 Version: 1.1)
Free YouTube Download version 3.0.22.221 (x32 Version: 3.0.22.221)
Free YouTube to MP3 Converter version 3.11.36.1201 (x32 Version: 3.11.36.1201)
Google Earth (x32 Version: 6.2.0.5905)
HP Deskjet 2050 J510 series - Grundlegende Software für das Gerät (Version: 22.0.334.0)
HP Deskjet 2050 J510 series Hilfe (x32 Version: 140.0.61.61)
HP Photo Creations (x32 Version: 1.0.0.3341)
HP Update (x32 Version: 5.002.005.003)
InstallShield Tuner 6.0.1 For Adobe Acrobat (x32 Version: 6.0.1)
Intel PROSet Wireless
Intel(R) Matrix Storage Manager
Intel(R) PROSet/Wireless WiFi-Software (Version: 12.00.0004)
ISI ResearchSoft - Export Helper (x32)
iTunes (Version: 11.0.2.26)
Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300)
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000)
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Professional 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.7015.1000)
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Single Image 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Silverlight (x32 Version: 5.1.20513.0)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Mozilla Firefox 23.0.1 (x86 de) (x32 Version: 23.0.1)
Mozilla Maintenance Service (x32 Version: 23.0.1)
MSXML 4.0 SP2 (KB927978) (x32 Version: 4.20.9841.0)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
MSXML 4.0 SP3 Parser (KB2721691) (x32 Version: 4.30.2114.0)
MSXML 4.0 SP3 Parser (KB2758694) (x32 Version: 4.30.2117.0)
MSXML 4.0 SP3 Parser (x32 Version: 4.30.2100.0)
Nero 8 Essentials (x32 Version: 8.3.124)
neroxml (x32 Version: 1.0.0)
NVIDIA Drivers
NVIDIA HD-Audiotreiber 1.3.18.0 (Version: 1.3.18.0)
NVIDIA Install Application (Version: 2.1002.109.718)
PDF Architect (x32 Version: 1.0.41.8362)
PDFCreator (x32 Version: 1.6.0)
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0)
RealPlayer (x32 Version: 15.0.6)
Realtek 8169 8168 8101E 8102E Ethernet Driver (x32 Version: 1.00.0000)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.5730)
Realtek USB 2.0 Card Reader (x32 Version: 6.0.6000.20111)
RealUpgrade 1.1 (x32 Version: 1.1.0)
Secunia PSI (3.0.0.4001) (x32 Version: 3.0.0.4001)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32)
simfy (x32 Version: 1.7.3)
Sony Ericsson PC Companion 1.60.13 (x32 Version: 1.60.13)
Spotify (HKCU Version: 0.9.1.57.ge7405149)
Typograf4.8f (x32 Version: 4.8f)
Update for Microsoft .NET Framework 3.5 SP1 (KB2836940) (x32 Version: 1)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (x32)
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553157) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2589370) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2760758) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (x32)
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition (x32)
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (x32)
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (x32)
VCRedistSetup (x32 Version: 1.0.0)
VirtualDJ Home FREE (x32 Version: 7.0.5)
Visual C++ 9.0 CRT (x86) WinSXS MSM (x32 Version: 9.0)
VLC media player 2.0.2 (x32 Version: 2.0.2)
X10 Hardware(TM) (x32)
XnView 1.99.5 (x32 Version: 1.99.5)

==================== Restore Points  =========================

15-09-2013 08:47:47 Installed SpyHunter
15-09-2013 11:20:05 Removed SpyHunter
16-09-2013 05:46:34 Geplanter Prüfpunkt
16-09-2013 07:51:32 Windows Update

==================== Hosts content: ==========================

2006-11-02 14:34 - 2006-09-18 23:37 - 00000761 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {07E176E4-9897-44A2-BA54-5D7B2B2C0704} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\schtasks.exe [2008-01-21] (Microsoft Corporation)
Task: {0AEAFAF6-F116-4A60-AFB4-C8B755A6E975} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {0BF5AC5C-8443-4463-9FD2-5112ABBD1DFE} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-3391542994-9121858-3532271502-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-07-27] (RealNetworks, Inc.)
Task: {192DDA2D-5815-47B8-983F-65744FEEC03A} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {23CAA6FF-9D8C-4492-A8E9-7467332FD4FB} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-08-21] (Piriform Ltd)
Task: {254095AE-FB97-48EA-94A5-D8BF2AB79714} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-21] (Microsoft Corporation)
Task: {4E946E6C-49EC-4FD9-8F58-EB5AF1752C5D} - System32\Tasks\Microsoft\Windows\PLA\System\ConvertLogEntries => C:\Windows\system32\pla.dll [2008-01-21] (Microsoft Corporation)
Task: {6933E955-03A1-4996-A496-ECE1F720D9A0} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-13] (Adobe Systems Incorporated)
Task: {7C638E5B-ECE5-4424-A7E5-2C913CA682E9} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {A9683382-0125-42BE-A29E-E39819CD3AF7} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\OptinNotification => C:\Windows\System32\wsqmcons.exe [2008-01-21] (Microsoft Corporation)
Task: {D8045DD0-644B-45B4-871B-673B01CDE043} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-3391542994-9121858-3532271502-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-07-27] (RealNetworks, Inc.)
Task: {E18C10E3-D887-4F85-A267-4514411D450F} - System32\Tasks\Microsoft\Windows\Defrag\ManualDefrag => C:\Windows\system32\defrag.exe [2008-01-21] (Microsoft Corp.)
Task: {E91D6474-70CC-42BE-80FF-8BED8AF557ED} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-21] ()
Task: {F88E4BA4-9EBD-4938-BC67-2D20F100B002} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {FE73B04F-317C-4F07-9FA2-8DDE7483C5E5} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - E. *
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2008-11-21 23:07 - 2008-11-21 23:07 - 00733184 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2012-11-14 01:32 - 2012-11-14 01:32 - 00162552 _____ (Dropbox, Inc.) C:\Users\E. *\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
2008-11-21 23:07 - 2008-11-21 23:07 - 00082464 _____ (NVIDIA Corporation) C:\Windows\system32\NvMcTray.dll
2008-11-21 23:07 - 2008-11-21 23:07 - 00733184 _____ (NVIDIA Corporation) C:\Windows\System32\nvapi64.dll
2011-09-27 08:22 - 2011-09-27 08:22 - 00053608 _____ (Open Source Software community project) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\pthreadVC2.dll
2011-09-27 08:23 - 2011-09-27 08:23 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2011-09-27 08:22 - 2011-09-27 08:22 - 01242472 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2011-08-31 00:05 - 2011-08-31 00:05 - 00085864 _____ (Apple Inc.) C:\Windows\system32\dnssd.dll
2013-08-18 19:05 - 2013-08-18 19:05 - 03551640 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2012-11-14 01:32 - 2012-11-14 01:32 - 00129272 _____ (Dropbox, Inc.) C:\Users\E. *\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll

==================== Alternate Data Streams (whitelisted) ==========



==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (09/16/2013 10:07:35 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/16/2013 10:07:21 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen bereits aktiven Komponentenversion.
Die widersprüchlichen Komponenten sind:
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.

Error: (09/16/2013 09:34:11 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen bereits aktiven Komponentenversion.
Die widersprüchlichen Komponenten sind:
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.

Error: (09/16/2013 09:34:11 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen bereits aktiven Komponentenversion.
Die widersprüchlichen Komponenten sind:
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.

Error: (09/16/2013 09:34:09 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/16/2013 09:29:00 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/16/2013 06:40:21 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/15/2013 07:43:23 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/15/2013 07:28:03 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen bereits aktiven Komponentenversion.
Die widersprüchlichen Komponenten sind:
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.

Error: (09/15/2013 07:28:03 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen bereits aktiven Komponentenversion.
Die widersprüchlichen Komponenten sind:
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.


System errors:
=============
Error: (09/16/2013 09:57:41 AM) (Source: Service Control Manager) (User: )
Description: Windows Search%%1053

Error: (09/16/2013 09:57:41 AM) (Source: Service Control Manager) (User: )
Description: 30000Windows Search

Error: (09/16/2013 09:57:40 AM) (Source: Service Control Manager) (User: )
Description: Windows Search%%1053

Error: (09/16/2013 09:57:40 AM) (Source: Service Control Manager) (User: )
Description: 30000Windows Search

Error: (09/16/2013 09:57:40 AM) (Source: DCOM) (User: )
Description: 1053WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (09/16/2013 09:28:46 AM) (Source: Dhcp) (User: )
Description: Die IP-Adresslease 192.168.0.5 für die Netzwerkkarte mit der Netzwerkadresse 0022436020D6 wurde durch den DHCP-Server 192.168.0.1 abgelehnt (der DHCP-Server hat eine DHCPNACK-Meldung gesendet).

Error: (09/16/2013 07:44:57 AM) (Source: Service Control Manager) (User: )
Description: Avira Email Schutz101Neustart des Diensts

Error: (09/16/2013 06:45:20 AM) (Source: Server) (User: )
Description: Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht \Device\NetBT_Tcpip_{C48BE012-0CA0-4D4C-B8DD-A133A340C104} vom Serverdienst nicht gebunden werden. Der Serverdienst konnte nicht gestartet werden.

Error: (09/16/2013 06:40:01 AM) (Source: Dhcp) (User: )
Description: Die IP-Adresslease 192.168.0.6 für die Netzwerkkarte mit der Netzwerkadresse 0022436020D6 wurde durch den DHCP-Server 192.168.0.1 abgelehnt (der DHCP-Server hat eine DHCPNACK-Meldung gesendet).

Error: (09/15/2013 09:35:22 PM) (Source: cdrom) (User: )
Description: Fehlerhafter Block bei Gerät \Device\CdRom0.


Microsoft Office Sessions:
=========================
Error: (09/16/2013 10:07:35 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/16/2013 10:07:21 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifestC:\Program Files (x86)\Nero\Nero8\Nero Toolkit\DiscSpeed.exe

Error: (09/16/2013 09:34:11 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifestC:\Program Files (x86)\Nero\Nero8\Nero Toolkit\DiscSpeed.exe

Error: (09/16/2013 09:34:11 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifestC:\Program Files (x86)\Nero\Nero8\Nero Toolkit\DiscSpeed.exe

Error: (09/16/2013 09:34:09 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/16/2013 09:29:00 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/16/2013 06:40:21 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/15/2013 07:43:23 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/15/2013 07:28:03 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifestC:\Program Files (x86)\Nero\Nero8\Nero Toolkit\DiscSpeed.exe

Error: (09/15/2013 07:28:03 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifestC:\Program Files (x86)\Nero\Nero8\Nero Toolkit\DiscSpeed.exe


CodeIntegrity Errors:
===================================
  Date: 2013-09-15 16:26:37.378
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_0fabe61737f42f96\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-09-15 16:26:37.206
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_0fabe61737f42f96\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-09-15 16:26:37.050
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_0fabe61737f42f96\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-09-15 16:26:36.878
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_0fabe61737f42f96\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-09-15 16:26:36.722
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_0fabe61737f42f96\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-09-15 16:26:36.535
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_0fabe61737f42f96\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-09-15 16:26:36.301
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22497_none_0f6c030d3823f645\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-09-15 16:26:36.130
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22497_none_0f6c030d3823f645\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-09-15 16:26:35.974
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22497_none_0f6c030d3823f645\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-09-15 16:26:35.802
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22497_none_0f6c030d3823f645\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Percentage of memory in use: 38%
Total physical RAM: 4089.95 MB
Available physical RAM: 2495.46 MB
Total Pagefile: 8399.2 MB
Available Pagefile: 6528.02 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:59.81 GB) (Free:10 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:216.85 GB) (Free:180.04 GB) NTFS
Drive h: (Volume) (Fixed) (Total:21.43 GB) (Free:21.31 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298 GB) (Disk ID: 10E38D74)
Partition 1: (Active) - (Size=60 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=217 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=21 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Bin ich mal gespannt...

schrauber · 16.09.2013, 18:47

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

und ein frisches FRST log bitte.

Mel-e · 16.09.2013, 19:30

Juhuu, weiter geht's, hier die Logs:

Code:

ATTFilter

# AdwCleaner v3.004 - Bericht erstellt am 16/09/2013 um 20:05:46
# Updated 15/09/2013 von Xplode
# Betriebssystem : Windows (TM) Vista Home Premium Service Pack 2 (64 bits)
# Benutzername : E. *** - MEDIONAKOYA
# Gestartet von : C:\Users\E. ***\Desktop\adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****


***** [ Browser ] *****

-\\ Internet Explorer v9.0.8112.16506


-\\ Mozilla Firefox v23.0.1 (de)

[ Datei : C:\Users\E. ***\AppData\Roaming\Mozilla\Firefox\Profiles\hpsl5mp1.default\prefs.js ]


[ Datei : C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\aytdyu7t.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [2605 octets] - [15/09/2013 13:26:16]
AdwCleaner[R1].txt - [2682 octets] - [15/09/2013 13:43:00]
AdwCleaner[R2].txt - [1595 octets] - [15/09/2013 15:22:43]
AdwCleaner[R3].txt - [1715 octets] - [15/09/2013 15:30:13]
AdwCleaner[R4].txt - [1590 octets] - [15/09/2013 17:24:23]
AdwCleaner[R5].txt - [1417 octets] - [15/09/2013 17:28:48]
AdwCleaner[R6].txt - [1938 octets] - [15/09/2013 19:29:47]
AdwCleaner[R7].txt - [1592 octets] - [16/09/2013 20:05:12]
AdwCleaner[S0].txt - [2666 octets] - [15/09/2013 13:45:02]
AdwCleaner[S1].txt - [1656 octets] - [15/09/2013 15:23:41]
AdwCleaner[S2].txt - [1651 octets] - [15/09/2013 17:25:33]
AdwCleaner[S3].txt - [1965 octets] - [15/09/2013 19:41:40]
AdwCleaner[S4].txt - [1513 octets] - [16/09/2013 20:05:46]

########## EOF - C:\AdwCleaner\AdwCleaner[S4].txt - [1573 octets] ##########

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.1 (09.15.2013:1)
OS: Windows (TM) Vista Home Premium x64
Ran by E. *** on 16.09.2013 at 20:11:26,93
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\apntbmon
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-3391542994-9121858-3532271502-1000\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Search Page
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL\\Default



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{41564952-412D-5637-00A7-7A786E7484D7}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\apn"
Successfully deleted: [Empty Folder] C:\Users\E. ***\appdata\local\{10C1C73B-E883-48CD-A102-0E75F079D8D9}



~~~ FireFox

Successfully deleted: [File] C:\Users\E. ***\AppData\Roaming\mozilla\firefox\profiles\hpsl5mp1.default\extensions\toolbar_avira-v7@apn.ask.com.xpi
Successfully deleted the following from C:\Users\E. ***\AppData\Roaming\mozilla\firefox\profiles\hpsl5mp1.default\prefs.js

user_pref("browser.newtab.url", "search.ueep.com");
user_pref("browser.search.defaultenginename", "Ueep");
user_pref("browser.search.selectedEngine", "Ueep");
user_pref("keyword.URL", "hxxp://search.ueep.com/?q=");
Emptied folder: C:\Users\E. ***\AppData\Roaming\mozilla\firefox\profiles\hpsl5mp1.default\minidumps [179 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 16.09.2013 at 20:18:12,07
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-09-2013 01
Ran by E. *** (administrator) on MEDIONAKOYA on 16-09-2013 20:22:47
Running from C:\Users\E. ***\Desktop
Windows Vista (TM) Home Premium Service Pack 2 (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(APN LLC.) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Nero AG) C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe
(pdfforge GbR) C:\Program Files (x86)\PDF Architect\HelperService.exe
(pdfforge GbR) C:\Program Files (x86)\PDF Architect\ConversionService.exe
(Prolific Technology Inc.) C:\Windows\SysWOW64\IoctlSvc.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Program Files (x86)\Realtek Semiconductor Corp\Realtek USB 2.0 Card Reader\reset.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\PSIA.exe
(X10) C:\PROGRA~2\COMMON~1\X10\Common\x10nets.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Spotify Ltd) C:\Users\E. ***\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [6847008 2008-10-31] (Realtek Semiconductor)
HKLM\...\Run: [Skytel] - C:\Program Files\Realtek\Audio\HDA\Skytel.exe [1833504 2008-10-31] (Realtek Semiconductor Corp.)
HKLM\...\Run: [IAAnotif] - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [178712 2008-04-15] (Intel Corporation)
HKLM\...\Run: [NvCplDaemon] - RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [NvMediaCenter] - RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
HKCU\...\Run: [Spotify Web Helper] - C:\Users\E. ***\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1104384 2013-07-26] (Spotify Ltd)
MountPoints2: {1be6cdd0-6b7d-11e1-b310-001f16144ef8} - I:\Startme.exe
HKLM-x32\...\Run: [] -  [x]
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-01-28] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-02-20] (Apple Inc.)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [347192 2013-09-05] (Avira Operations GmbH & Co. KG)
HKU\Default\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default User\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
Startup: C:\Users\E. ***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - {N324-ADWF32D-T23R-TR32DSA-L32RT-YRED123} URL = 
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO-x32: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
BHO-x32: PDF Architect Helper - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GbR)
BHO-x32: No Name - {41564952-412D-5637-00A7-7A786E7484D7} -  No File
BHO-x32: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
Toolbar: HKLM-x32 -  No Name - {41564952-412D-5637-00A7-7A786E7484D7} -  No File
Toolbar: HKCU -  No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Handler: ipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} -  No File
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: ipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\E. ***\AppData\Roaming\Mozilla\Firefox\Profiles\hpsl5mp1.default
FF Homepage: https://www.google.de/
FF NetworkProxy: "no_proxies_on", "*.local"
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll ()
FF Plugin: @java.com/DTPlugin,version=10.9.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.13.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin-x32: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=15.0.6.14 - c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprjplug;version=15.0.6.14 - c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.6.14 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.6.14 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=15.0.6.14 - c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin-x32: @videolan.org/vlc,version=2.0.0 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.0.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @phonostar.de/phonostar - C:\Program Files (x86)\dradio-Recorder\npphonostarDetectNP.dll No File
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101753.dll (Amazon.com, Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: HTTPS-Everywhere - C:\Users\E. ***\AppData\Roaming\Mozilla\Firefox\Profiles\hpsl5mp1.default\Extensions\https-everywhere@eff.org
FF Extension: ProxTube - Gesperrte YouTube Videos entsperren - C:\Users\E. ***\AppData\Roaming\Mozilla\Firefox\Profiles\hpsl5mp1.default\Extensions\ich@maltegoetz.de
FF Extension: Flagfox - C:\Users\E. ***\AppData\Roaming\Mozilla\Firefox\Profiles\hpsl5mp1.default\Extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
FF Extension: DownloadHelper - C:\Users\E. ***\AppData\Roaming\Mozilla\Firefox\Profiles\hpsl5mp1.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF Extension: 2.0 - C:\Users\E. ***\AppData\Roaming\Mozilla\Firefox\Profiles\hpsl5mp1.default\Extensions\2.0@disconnect.me.xpi
FF Extension: elemhidehelper - C:\Users\E. ***\AppData\Roaming\Mozilla\Firefox\Profiles\hpsl5mp1.default\Extensions\elemhidehelper@adblockplus.org.xpi
FF Extension: mediahint - C:\Users\E. ***\AppData\Roaming\Mozilla\Firefox\Profiles\hpsl5mp1.default\Extensions\mediahint@jetpack.xpi
FF Extension: No Name - C:\Users\E. ***\AppData\Roaming\Mozilla\Firefox\Profiles\hpsl5mp1.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
FF Extension: No Name - C:\Users\E. ***\AppData\Roaming\Mozilla\Firefox\Profiles\hpsl5mp1.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: No Name - C:\Users\E. ***\AppData\Roaming\Mozilla\Firefox\Profiles\hpsl5mp1.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM-x32\...\Firefox\Extensions: [{0153E448-190B-4987-BDE1-F256CADA672F}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt

==================== Services (Whitelisted) =================

S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2013-08-28] (Adobe Systems)
R2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe [622648 2013-09-05] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-09-05] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-09-05] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [815160 2013-09-05] (Avira Operations GmbH & Co. KG)
R2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [168400 2013-07-26] (APN LLC.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 Nero BackItUp Scheduler 3; C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe [877864 2008-02-18] (Nero AG)
S3 NMIndexingService; C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe [529704 2008-02-28] (Nero AG)
R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1522312 2012-11-22] (pdfforge GbR)
R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [905864 2012-11-22] (pdfforge GbR)
R2 PLFlash DeviceIoControl Service; C:\Windows\SysWOW64\IoctlSvc.exe [81920 2006-12-19] (Prolific Technology Inc.)
R2 resetWinService; C:\Program Files (x86)\Realtek Semiconductor Corp\Realtek USB 2.0 Card Reader\reset.exe [71168 2008-10-29] ()
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1328736 2012-09-24] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [656480 2012-09-24] (Secunia)
R2 x10nets; C:\PROGRA~2\COMMON~1\X10\Common\x10nets.exe [20480 2001-11-12] (X10)

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [105344 2013-09-05] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132088 2013-09-05] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-08-25] (Avira Operations GmbH & Co. KG)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 s1018bus; C:\Windows\System32\DRIVERS\s1018bus.sys [113704 2009-03-25] (MCCI Corporation)
S3 s1018mdfl; C:\Windows\System32\DRIVERS\s1018mdfl.sys [19496 2009-03-25] (MCCI Corporation)
S3 s1018mdm; C:\Windows\System32\DRIVERS\s1018mdm.sys [153128 2009-03-25] (MCCI Corporation)
S3 s1018mgmt; C:\Windows\System32\DRIVERS\s1018mgmt.sys [133160 2009-03-25] (MCCI Corporation)
S3 s1018nd5; C:\Windows\System32\DRIVERS\s1018nd5.sys [34856 2009-03-25] (MCCI Corporation)
S3 s1018obex; C:\Windows\System32\DRIVERS\s1018obex.sys [128552 2009-03-25] (MCCI Corporation)
S3 s1018unic; C:\Windows\System32\DRIVERS\s1018unic.sys [146472 2009-03-25] (MCCI Corporation)
S3 WINIO; C:\Windows\system32\WinIo.sys [12160 2012-07-18] ()
S3 WNA3100M; C:\Windows\System32\DRIVERS\WNA3100M.sys [1045608 2011-12-30] (NETGEAR Corporation                           )
R3 X10Hid; C:\Windows\System32\Drivers\x10hid.sys [15768 2006-11-15] (X10 Wireless Technology, Inc.)
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-09-16 20:18 - 2013-09-16 20:18 - 00002626 _____ C:\Users\E. ***\Desktop\JRT.txt
2013-09-16 20:11 - 2013-09-16 20:11 - 00000000 ____D C:\Windows\ERUNT
2013-09-16 20:09 - 2013-09-16 20:09 - 01029675 _____ (Thisisu) C:\Users\E. ***\Desktop\JRT.exe
2013-09-16 20:07 - 2013-09-16 20:07 - 00001653 _____ C:\Users\E. ***\Desktop\AdwCleaner[S4].txt
2013-09-16 20:04 - 2013-09-16 20:04 - 01039554 _____ C:\Users\E. ***\Desktop\adwcleaner.exe
2013-09-16 20:02 - 2013-09-16 20:02 - 00000034 _____ C:\Windows\setupact.log
2013-09-16 20:02 - 2013-09-16 20:02 - 00000000 _____ C:\Windows\setuperr.log
2013-09-16 11:14 - 2013-09-16 11:14 - 00000000 ____D C:\FRST
2013-09-16 11:13 - 2013-09-16 11:13 - 01951150 _____ (Farbar) C:\Users\E. ***\Desktop\FRST64.exe
2013-09-16 09:54 - 2013-09-16 09:54 - 00000000 ____D C:\Windows\PCHEALTH
2013-09-16 09:52 - 2013-09-16 09:52 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2013-09-16 09:31 - 2013-09-16 09:31 - 00000085 _____ C:\Windows\wininit.ini
2013-09-15 19:56 - 2013-09-15 19:56 - 00482409 _____ C:\Users\E. ***\Desktop\bookmarks.html
2013-09-15 19:56 - 2013-09-15 19:56 - 00241006 _____ C:\Users\E. ***\Desktop\bookmarks-2013-09-15.json
2013-09-15 18:40 - 2006-09-18 23:37 - 00000761 _____ C:\Windows\system32\Drivers\etc\hosts.20130915-184054.backup
2013-09-15 18:26 - 2013-09-16 09:32 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2013-09-15 15:36 - 2013-09-15 15:47 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-09-15 15:35 - 2013-09-15 15:47 - 00000000 ____D C:\Users\E. ***\Desktop\mbar
2013-09-15 15:34 - 2013-09-15 15:34 - 12907592 _____ (Malwarebytes Corp.) C:\Users\E. ***\Desktop\test.exe
2013-09-15 15:23 - 2013-09-15 15:23 - 00001595 _____ C:\Users\E. ***\Desktop\AdwCleaner[R2].txt
2013-09-15 13:25 - 2013-09-16 20:05 - 00000000 ____D C:\AdwCleaner
2013-09-15 10:48 - 2013-09-15 10:48 - 00000000 ____D C:\Program Files\Enigma Software Group
2013-09-15 10:48 - 2013-09-15 10:48 - 00000000 _____ C:\autoexec.bat
2013-09-14 15:02 - 2013-09-14 15:02 - 97542592 _____ C:\Windows\SysWOW64\籄뿉ᴼÝ
2013-09-14 03:08 - 2013-07-31 16:17 - 17833472 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-14 03:08 - 2013-07-31 15:42 - 10926080 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-14 03:08 - 2013-07-31 15:29 - 02312704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-14 03:08 - 2013-07-31 15:20 - 01346560 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-14 03:08 - 2013-07-31 15:19 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-14 03:08 - 2013-07-31 15:18 - 01494528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-09-14 03:08 - 2013-07-31 15:17 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-09-14 03:08 - 2013-07-31 15:16 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-14 03:08 - 2013-07-31 15:14 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-09-14 03:08 - 2013-07-31 15:13 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-14 03:08 - 2013-07-31 15:13 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-09-14 03:08 - 2013-07-31 15:11 - 02147840 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-14 03:08 - 2013-07-31 15:11 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-14 03:08 - 2013-07-31 15:09 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-09-14 03:08 - 2013-07-31 15:08 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-14 03:08 - 2013-07-31 15:05 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-14 03:08 - 2013-07-31 12:30 - 12335104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-09-14 03:08 - 2013-07-31 12:05 - 09738752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-09-14 03:08 - 2013-07-31 12:00 - 01800704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-09-14 03:08 - 2013-07-31 11:53 - 01104896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-09-14 03:08 - 2013-07-31 11:52 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-09-14 03:08 - 2013-07-31 11:52 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-09-14 03:08 - 2013-07-31 11:51 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-09-14 03:08 - 2013-07-31 11:49 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-09-14 03:08 - 2013-07-31 11:48 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-09-14 03:08 - 2013-07-31 11:48 - 00420864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-09-14 03:08 - 2013-07-31 11:48 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-09-14 03:08 - 2013-07-31 11:47 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-09-14 03:08 - 2013-07-31 11:46 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-09-14 03:08 - 2013-07-31 11:45 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-09-14 03:08 - 2013-07-31 11:45 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-09-14 03:08 - 2013-07-31 11:42 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-09-13 07:18 - 2013-08-08 04:03 - 02775552 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-09-13 07:18 - 2013-07-16 11:25 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\themeui.dll
2013-09-13 07:18 - 2013-07-16 06:35 - 00615936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\themeui.dll
2013-09-13 06:48 - 2013-09-13 06:48 - 97412816 _____ C:\Windows\SysWOW64\⠔䜫ᴼÞ
2013-08-28 20:27 - 2013-08-28 20:27 - 00000000 ____D C:\ID_CS2_GR_NonRet
2013-08-28 08:54 - 2013-08-02 16:06 - 01706496 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-08-28 08:54 - 2013-08-02 06:09 - 01548288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-08-27 12:56 - 2013-08-27 12:56 - 00000000 ____D C:\Users\E. ***\dwhelper
2013-08-27 12:30 - 2013-08-27 12:30 - 00000000 ____D C:\Program Files (x86)\NETGEAR
2013-08-27 12:30 - 2011-12-30 15:23 - 01045608 _____ (NETGEAR Corporation                           ) C:\Windows\system32\Drivers\WNA3100M.sys
2013-08-26 14:18 - 2013-08-26 14:20 - 00000000 ____D C:\Users\E. ***\Desktop\Adobe Programme
2013-08-25 14:47 - 2013-08-25 14:47 - 00000000 ____D C:\ProgramData\Ralink
2013-08-25 14:03 - 2013-08-25 14:03 - 00000000 ____D C:\ProgramData\InstallShield
2013-08-25 13:59 - 2013-08-25 14:00 - 00000223 _____ C:\WirelessDiagLog.csv
2013-08-25 13:36 - 2009-09-04 17:44 - 00515416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_5.dll
2013-08-25 13:36 - 2009-09-04 17:44 - 00069464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_3.dll
2013-08-25 13:36 - 2009-09-04 17:29 - 00523088 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_42.dll
2013-08-25 13:36 - 2009-09-04 17:29 - 00453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_42.dll
2013-08-25 13:28 - 2006-11-29 13:06 - 04398360 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_32.dll
2013-08-25 13:28 - 2006-11-29 13:06 - 03426072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_32.dll
2013-08-25 13:26 - 2013-08-25 13:54 - 00000000 ____D C:\Users\E. ***\AppData\Local\Windows Live
2013-08-25 13:08 - 2013-08-25 13:08 - 00000000 ____D C:\Program Files\HP
2013-08-25 12:54 - 2013-08-25 12:54 - 00000000 ____D C:\ProgramData\AskPartnerNetwork
2013-08-25 12:54 - 2013-08-25 12:54 - 00000000 ____D C:\Program Files (x86)\AskPartnerNetwork
2013-08-25 12:53 - 2013-08-25 12:53 - 00000000 ____D C:\Users\E. ***\AppData\Roaming\Avira
2013-08-25 12:52 - 2013-09-05 17:23 - 00132088 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-08-25 12:52 - 2013-09-05 17:23 - 00105344 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-08-25 12:52 - 2013-08-25 12:52 - 00000000 ____D C:\Program Files (x86)\Avira
2013-08-25 12:52 - 2013-08-25 12:51 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2013-08-25 10:55 - 2013-08-25 13:10 - 00000000 ____D C:\ProgramData\HP Photo Creations
2013-08-25 10:55 - 2013-08-25 13:10 - 00000000 ____D C:\Program Files (x86)\HP Photo Creations
2013-08-25 10:52 - 2013-08-25 11:00 - 00000000 ____D C:\ProgramData\HP(48)
2013-08-25 10:52 - 2013-08-25 10:52 - 00000000 ____D C:\Program Files\HP(45)
2013-08-23 20:50 - 2013-08-23 20:51 - 00000000 ____D C:\Users\E. ***\Desktop\Fotos Ulrich und Tim
2013-08-18 19:05 - 2013-08-18 19:05 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

==================== One Month Modified Files and Folders =======

2013-09-16 20:20 - 2012-07-26 14:52 - 01735473 _____ C:\Windows\WindowsUpdate.log
2013-09-16 20:20 - 2012-03-05 18:22 - 00349260 _____ C:\ProgramData\nvModes.001
2013-09-16 20:20 - 2006-11-02 17:42 - 00032538 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-09-16 20:20 - 2006-11-02 17:42 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-16 20:20 - 2006-11-02 17:22 - 00003712 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-16 20:20 - 2006-11-02 17:22 - 00003712 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-16 20:18 - 2013-09-16 20:18 - 00002626 _____ C:\Users\E. ***\Desktop\JRT.txt
2013-09-16 20:11 - 2013-09-16 20:11 - 00000000 ____D C:\Windows\ERUNT
2013-09-16 20:09 - 2013-09-16 20:09 - 01029675 _____ (Thisisu) C:\Users\E. ***\Desktop\JRT.exe
2013-09-16 20:07 - 2013-09-16 20:07 - 00001653 _____ C:\Users\E. ***\Desktop\AdwCleaner[S4].txt
2013-09-16 20:06 - 2012-03-05 18:19 - 00349260 _____ C:\ProgramData\nvModes.dat
2013-09-16 20:05 - 2013-09-15 13:25 - 00000000 ____D C:\AdwCleaner
2013-09-16 20:04 - 2013-09-16 20:04 - 01039554 _____ C:\Users\E. ***\Desktop\adwcleaner.exe
2013-09-16 20:02 - 2013-09-16 20:02 - 00000034 _____ C:\Windows\setupact.log
2013-09-16 20:02 - 2013-09-16 20:02 - 00000000 _____ C:\Windows\setuperr.log
2013-09-16 19:57 - 2013-03-11 13:47 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-09-16 11:14 - 2013-09-16 11:14 - 00000000 ____D C:\FRST
2013-09-16 11:13 - 2013-09-16 11:13 - 01951150 _____ (Farbar) C:\Users\E. ***\Desktop\FRST64.exe
2013-09-16 10:01 - 2013-08-16 07:00 - 00000000 ____D C:\Windows\system32\MRT
2013-09-16 09:59 - 2012-11-02 19:02 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-09-16 09:59 - 2006-11-02 14:35 - 79143768 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2013-09-16 09:59 - 2006-11-02 14:34 - 00000240 _____ C:\Windows\win.ini
2013-09-16 09:54 - 2013-09-16 09:54 - 00000000 ____D C:\Windows\PCHEALTH
2013-09-16 09:52 - 2013-09-16 09:52 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2013-09-16 09:52 - 2012-03-04 23:12 - 00000000 ____D C:\Users\E. ***
2013-09-16 09:32 - 2013-09-15 18:26 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2013-09-16 09:31 - 2013-09-16 09:31 - 00000085 _____ C:\Windows\wininit.ini
2013-09-15 22:37 - 2012-03-08 21:44 - 00000000 ____D C:\Users\E. ***\AppData\Roaming\vlc
2013-09-15 21:39 - 2012-03-06 18:39 - 00012800 _____ C:\Users\E. ***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-09-15 21:08 - 2012-06-30 10:56 - 00000000 ____D C:\Users\E. ***\AppData\Roaming\dvdcss
2013-09-15 19:56 - 2013-09-15 19:56 - 00482409 _____ C:\Users\E. ***\Desktop\bookmarks.html
2013-09-15 19:56 - 2013-09-15 19:56 - 00241006 _____ C:\Users\E. ***\Desktop\bookmarks-2013-09-15.json
2013-09-15 19:51 - 2012-03-08 22:13 - 00000000 ____D C:\Users\E. ***\AppData\Roaming\EndNote
2013-09-15 19:24 - 2012-03-08 21:46 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-09-15 15:47 - 2013-09-15 15:36 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-09-15 15:47 - 2013-09-15 15:35 - 00000000 ____D C:\Users\E. ***\Desktop\mbar
2013-09-15 15:34 - 2013-09-15 15:34 - 12907592 _____ (Malwarebytes Corp.) C:\Users\E. ***\Desktop\test.exe
2013-09-15 15:32 - 2012-03-06 17:52 - 00000000 ____D C:\Program Files\CCleaner
2013-09-15 15:23 - 2013-09-15 15:23 - 00001595 _____ C:\Users\E. ***\Desktop\AdwCleaner[R2].txt
2013-09-15 10:48 - 2013-09-15 10:48 - 00000000 ____D C:\Program Files\Enigma Software Group
2013-09-15 10:48 - 2013-09-15 10:48 - 00000000 _____ C:\autoexec.bat
2013-09-14 18:19 - 2012-03-18 15:15 - 00000000 ____D C:\Users\E. ***\AppData\Roaming\foobar2000
2013-09-14 17:57 - 2012-03-04 23:12 - 00001005 _____ C:\Users\E. ***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2013-09-14 15:02 - 2013-09-14 15:02 - 97542592 _____ C:\Windows\SysWOW64\籄뿉ᴼÝ
2013-09-14 03:30 - 2006-11-02 17:21 - 00398584 _____ C:\Windows\system32\FNTCACHE.DAT
2013-09-13 20:57 - 2013-03-11 13:47 - 00003736 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-09-13 20:57 - 2012-04-15 17:27 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-09-13 20:57 - 2012-03-08 21:29 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-09-13 06:48 - 2013-09-13 06:48 - 97412816 _____ C:\Windows\SysWOW64\⠔䜫ᴼÞ
2013-09-12 13:55 - 2008-01-21 13:10 - 01445546 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-12 13:55 - 2008-01-21 13:09 - 00628992 _____ C:\Windows\system32\perfh007.dat
2013-09-12 13:55 - 2008-01-21 13:09 - 00126704 _____ C:\Windows\system32\perfc007.dat
2013-09-09 21:04 - 2013-08-06 20:48 - 00000000 ____D C:\Users\E. ***\Desktop\Klausur 1
2013-09-05 17:23 - 2013-08-25 12:52 - 00132088 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-09-05 17:23 - 2013-08-25 12:52 - 00105344 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-08-28 20:32 - 2012-03-05 18:39 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-08-28 20:31 - 2012-03-04 23:12 - 00000000 ___RD C:\Users\E. ***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-08-28 20:30 - 2012-03-05 18:40 - 00000000 ____D C:\ProgramData\Adobe
2013-08-28 20:27 - 2013-08-28 20:27 - 00000000 ____D C:\ID_CS2_GR_NonRet
2013-08-27 15:31 - 2012-03-05 18:04 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-08-27 12:56 - 2013-08-27 12:56 - 00000000 ____D C:\Users\E. ***\dwhelper
2013-08-27 12:30 - 2013-08-27 12:30 - 00000000 ____D C:\Program Files (x86)\NETGEAR
2013-08-26 14:20 - 2013-08-26 14:18 - 00000000 ____D C:\Users\E. ***\Desktop\Adobe Programme
2013-08-25 15:13 - 2012-03-08 21:46 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy
2013-08-25 14:50 - 2012-03-05 18:11 - 00000000 ____D C:\Program Files (x86)\RALINK
2013-08-25 14:47 - 2013-08-25 14:47 - 00000000 ____D C:\ProgramData\Ralink
2013-08-25 14:19 - 2006-11-02 15:33 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2013-08-25 14:03 - 2013-08-25 14:03 - 00000000 ____D C:\ProgramData\InstallShield
2013-08-25 14:00 - 2013-08-25 13:59 - 00000223 _____ C:\WirelessDiagLog.csv
2013-08-25 13:54 - 2013-08-25 13:26 - 00000000 ____D C:\Users\E. ***\AppData\Local\Windows Live
2013-08-25 13:54 - 2012-03-04 23:12 - 00105360 _____ C:\Users\E. ***\AppData\Local\GDIPFONTCACHEV1.DAT
2013-08-25 13:10 - 2013-08-25 10:55 - 00000000 ____D C:\ProgramData\HP Photo Creations
2013-08-25 13:10 - 2013-08-25 10:55 - 00000000 ____D C:\Program Files (x86)\HP Photo Creations
2013-08-25 13:09 - 2012-03-05 18:34 - 00000000 ____D C:\Program Files (x86)\HP
2013-08-25 13:08 - 2013-08-25 13:08 - 00000000 ____D C:\Program Files\HP
2013-08-25 13:08 - 2012-03-05 18:33 - 00000000 ____D C:\ProgramData\HP
2013-08-25 12:54 - 2013-08-25 12:54 - 00000000 ____D C:\ProgramData\AskPartnerNetwork
2013-08-25 12:54 - 2013-08-25 12:54 - 00000000 ____D C:\Program Files (x86)\AskPartnerNetwork
2013-08-25 12:53 - 2013-08-25 12:53 - 00000000 ____D C:\Users\E. ***\AppData\Roaming\Avira
2013-08-25 12:52 - 2013-08-25 12:52 - 00000000 ____D C:\Program Files (x86)\Avira
2013-08-25 12:52 - 2013-08-05 21:18 - 00000000 ____D C:\ProgramData\Avira
2013-08-25 12:51 - 2013-08-25 12:52 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2013-08-25 12:29 - 2012-03-06 18:02 - 00000000 ____D C:\Program Files (x86)\PDFCreator
2013-08-25 12:03 - 2006-11-02 15:34 - 00000000 ____D C:\Windows\system32\Msdtc
2013-08-25 12:02 - 2012-03-05 18:22 - 00000000 ____D C:\Users\Gast
2013-08-25 12:02 - 2006-11-02 15:34 - 00000000 ____D C:\Windows\system32\spool
2013-08-25 12:02 - 2006-11-02 15:33 - 00000000 ____D C:\Windows\registration
2013-08-25 12:02 - 2006-11-02 14:33 - 77070336 _____ C:\Windows\system32\config\software_previous
2013-08-25 12:02 - 2006-11-02 14:33 - 47972352 _____ C:\Windows\system32\config\components_previous
2013-08-25 12:02 - 2006-11-02 14:33 - 22020096 _____ C:\Windows\system32\config\system_previous
2013-08-25 12:02 - 2006-11-02 14:33 - 00262144 _____ C:\Windows\system32\config\security_previous
2013-08-25 12:02 - 2006-11-02 14:33 - 00262144 _____ C:\Windows\system32\config\sam_previous
2013-08-25 12:02 - 2006-11-02 14:33 - 00262144 _____ C:\Windows\system32\config\default_previous
2013-08-25 11:00 - 2013-08-25 10:52 - 00000000 ____D C:\ProgramData\HP(48)
2013-08-25 10:52 - 2013-08-25 10:52 - 00000000 ____D C:\Program Files\HP(45)
2013-08-23 20:51 - 2013-08-23 20:50 - 00000000 ____D C:\Users\E. ***\Desktop\Fotos Ulrich und Tim
2013-08-19 19:32 - 2012-04-27 20:34 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-08-18 19:05 - 2013-08-18 19:05 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

Some content of TEMP:
====================
C:\Users\E. ***\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-09-16 20:13

==================== End Of Log ============================

--- --- ---

JRT hat ja search.ueep.schrott gefunden, ist aber immer noch die startseite der wahl für Mozilla...
Nochmals Danke!!

schrauber · 16.09.2013, 20:37

Reste entfernen wir gleich.

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?

Mel-e · 16.09.2013, 23:07

So, hier die nächsten Logs für dich:

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=b5d54009154f014581a21130318cce6c
# engine=15156
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-09-16 09:44:37
# local_time=2013-09-16 11:44:37 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=5892 16776574 100 100 3808826 216891783 0 0
# scanned=165482
# found=0
# cleaned=0
# scan_time=4972

Code:

ATTFilter

 Results of screen317's Security Check version 0.99.73  
 Windows Vista Service Pack 2 x64 (UAC is enabled)  
 Internet Explorer 9  
 Internet Explorer 8  
``````````````Antivirus/Firewall Check:`````````````` 
Avira Desktop   
 Antivirus up to date!  (On Access scanning disabled!) 
`````````Anti-malware/Other Utilities Check:````````` 
 Secunia PSI (3.0.0.4001)   
 Malwarebytes Anti-Malware Version 1.75.0.1300  
 Adobe Flash Player 	11.8.800.168  
 Adobe Reader 10.1.8 Adobe Reader out of Date!  
 Mozilla Firefox (23.0.1) 
````````Process Check: objlist.exe by Laurent````````  
 Avira Antivir avgnt.exe 
 Avira Antivir avguard.exe 
 Realtek Semiconductor Corp Realtek USB 2.0 Card Reader reset.exe  
 Malwarebytes' Anti-Malware mbamscheduler.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log``````````````````````

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-09-2013 03
Ran by E. *** (administrator) on MEDIONAKOYA on 17-09-2013 00:00:35
Running from C:\Users\E. ***\Desktop
Windows Vista (TM) Home Premium Service Pack 2 (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(APN LLC.) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Nero AG) C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe
(pdfforge GbR) C:\Program Files (x86)\PDF Architect\HelperService.exe
(pdfforge GbR) C:\Program Files (x86)\PDF Architect\ConversionService.exe
(Prolific Technology Inc.) C:\Windows\SysWOW64\IoctlSvc.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Program Files (x86)\Realtek Semiconductor Corp\Realtek USB 2.0 Card Reader\reset.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\PSIA.exe
(X10) C:\PROGRA~2\COMMON~1\X10\Common\x10nets.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Spotify Ltd) C:\Users\E. ***\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(Microsoft Corporation) C:\Windows\system32\conime.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [6847008 2008-10-31] (Realtek Semiconductor)
HKLM\...\Run: [Skytel] - C:\Program Files\Realtek\Audio\HDA\Skytel.exe [1833504 2008-10-31] (Realtek Semiconductor Corp.)
HKLM\...\Run: [IAAnotif] - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [178712 2008-04-15] (Intel Corporation)
HKLM\...\Run: [NvCplDaemon] - RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [NvMediaCenter] - RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
HKCU\...\Run: [Spotify Web Helper] - C:\Users\E. ***\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1104384 2013-07-26] (Spotify Ltd)
MountPoints2: {1be6cdd0-6b7d-11e1-b310-001f16144ef8} - I:\Startme.exe
HKLM-x32\...\Run: [] -  [x]
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-01-28] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-02-20] (Apple Inc.)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [347192 2013-09-05] (Avira Operations GmbH & Co. KG)
HKU\Default\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default User\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
Startup: C:\Users\E. ***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - {N324-ADWF32D-T23R-TR32DSA-L32RT-YRED123} URL = 
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO-x32: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
BHO-x32: PDF Architect Helper - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GbR)
BHO-x32: No Name - {41564952-412D-5637-00A7-7A786E7484D7} -  No File
BHO-x32: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
Toolbar: HKLM-x32 -  No Name - {41564952-412D-5637-00A7-7A786E7484D7} -  No File
Toolbar: HKCU -  No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Handler: ipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} -  No File
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: ipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\E. ***\AppData\Roaming\Mozilla\Firefox\Profiles\hpsl5mp1.default
FF Homepage: https://www.google.de/
FF NetworkProxy: "no_proxies_on", "*.local"
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll ()
FF Plugin: @java.com/DTPlugin,version=10.9.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.13.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin-x32: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=15.0.6.14 - c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprjplug;version=15.0.6.14 - c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.6.14 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.6.14 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=15.0.6.14 - c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin-x32: @videolan.org/vlc,version=2.0.0 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.0.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @phonostar.de/phonostar - C:\Program Files (x86)\dradio-Recorder\npphonostarDetectNP.dll No File
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101753.dll (Amazon.com, Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: HTTPS-Everywhere - C:\Users\E. ***\AppData\Roaming\Mozilla\Firefox\Profiles\hpsl5mp1.default\Extensions\https-everywhere@eff.org
FF Extension: ProxTube - Gesperrte YouTube Videos entsperren - C:\Users\E. ***\AppData\Roaming\Mozilla\Firefox\Profiles\hpsl5mp1.default\Extensions\ich@maltegoetz.de
FF Extension: Flagfox - C:\Users\E. ***\AppData\Roaming\Mozilla\Firefox\Profiles\hpsl5mp1.default\Extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
FF Extension: DownloadHelper - C:\Users\E. ***\AppData\Roaming\Mozilla\Firefox\Profiles\hpsl5mp1.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF Extension: 2.0 - C:\Users\E. ***\AppData\Roaming\Mozilla\Firefox\Profiles\hpsl5mp1.default\Extensions\2.0@disconnect.me.xpi
FF Extension: elemhidehelper - C:\Users\E. ***\AppData\Roaming\Mozilla\Firefox\Profiles\hpsl5mp1.default\Extensions\elemhidehelper@adblockplus.org.xpi
FF Extension: mediahint - C:\Users\E. ***\AppData\Roaming\Mozilla\Firefox\Profiles\hpsl5mp1.default\Extensions\mediahint@jetpack.xpi
FF Extension: No Name - C:\Users\E. ***\AppData\Roaming\Mozilla\Firefox\Profiles\hpsl5mp1.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
FF Extension: No Name - C:\Users\E. ***\AppData\Roaming\Mozilla\Firefox\Profiles\hpsl5mp1.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: No Name - C:\Users\E. ***\AppData\Roaming\Mozilla\Firefox\Profiles\hpsl5mp1.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM-x32\...\Firefox\Extensions: [{0153E448-190B-4987-BDE1-F256CADA672F}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt

==================== Services (Whitelisted) =================

S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2013-08-28] (Adobe Systems)
R2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe [622648 2013-09-05] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-09-05] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-09-05] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [815160 2013-09-05] (Avira Operations GmbH & Co. KG)
R2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [168400 2013-07-26] (APN LLC.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 Nero BackItUp Scheduler 3; C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe [877864 2008-02-18] (Nero AG)
S3 NMIndexingService; C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe [529704 2008-02-28] (Nero AG)
R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1522312 2012-11-22] (pdfforge GbR)
R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [905864 2012-11-22] (pdfforge GbR)
R2 PLFlash DeviceIoControl Service; C:\Windows\SysWOW64\IoctlSvc.exe [81920 2006-12-19] (Prolific Technology Inc.)
R2 resetWinService; C:\Program Files (x86)\Realtek Semiconductor Corp\Realtek USB 2.0 Card Reader\reset.exe [71168 2008-10-29] ()
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1328736 2012-09-24] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [656480 2012-09-24] (Secunia)
R2 x10nets; C:\PROGRA~2\COMMON~1\X10\Common\x10nets.exe [20480 2001-11-12] (X10)

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [105344 2013-09-05] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132088 2013-09-05] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-08-25] (Avira Operations GmbH & Co. KG)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 s1018bus; C:\Windows\System32\DRIVERS\s1018bus.sys [113704 2009-03-25] (MCCI Corporation)
S3 s1018mdfl; C:\Windows\System32\DRIVERS\s1018mdfl.sys [19496 2009-03-25] (MCCI Corporation)
S3 s1018mdm; C:\Windows\System32\DRIVERS\s1018mdm.sys [153128 2009-03-25] (MCCI Corporation)
S3 s1018mgmt; C:\Windows\System32\DRIVERS\s1018mgmt.sys [133160 2009-03-25] (MCCI Corporation)
S3 s1018nd5; C:\Windows\System32\DRIVERS\s1018nd5.sys [34856 2009-03-25] (MCCI Corporation)
S3 s1018obex; C:\Windows\System32\DRIVERS\s1018obex.sys [128552 2009-03-25] (MCCI Corporation)
S3 s1018unic; C:\Windows\System32\DRIVERS\s1018unic.sys [146472 2009-03-25] (MCCI Corporation)
S3 WINIO; C:\Windows\system32\WinIo.sys [12160 2012-07-18] ()
S3 WNA3100M; C:\Windows\System32\DRIVERS\WNA3100M.sys [1045608 2011-12-30] (NETGEAR Corporation                           )
R3 X10Hid; C:\Windows\System32\Drivers\x10hid.sys [15768 2006-11-15] (X10 Wireless Technology, Inc.)
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-09-17 00:00 - 2013-09-17 00:00 - 01950524 _____ (Farbar) C:\Users\E. ***\Desktop\FRST64.exe
2013-09-16 23:54 - 2013-09-16 23:54 - 00001026 _____ C:\Users\E. ***\Desktop\checkup.txt
2013-09-16 23:51 - 2013-09-16 23:51 - 00891144 _____ C:\Users\E. ***\Desktop\SecurityCheck.exe
2013-09-16 22:14 - 2013-09-16 22:14 - 97845400 _____ C:\Windows\SysWOW64\텩淈ᴼÓ
2013-09-16 20:18 - 2013-09-16 20:26 - 00002596 _____ C:\Users\E. ***\Desktop\JRT.txt
2013-09-16 20:11 - 2013-09-16 20:11 - 00000000 ____D C:\Windows\ERUNT
2013-09-16 20:09 - 2013-09-16 20:09 - 01029675 _____ (Thisisu) C:\Users\E. ***\Desktop\JRT.exe
2013-09-16 20:07 - 2013-09-16 20:26 - 00001635 _____ C:\Users\E. ***\Desktop\AdwCleaner[S4].txt
2013-09-16 20:04 - 2013-09-16 20:04 - 01039554 _____ C:\Users\E. ***\Desktop\adwcleaner.exe
2013-09-16 20:02 - 2013-09-16 20:02 - 00000034 _____ C:\Windows\setupact.log
2013-09-16 20:02 - 2013-09-16 20:02 - 00000000 _____ C:\Windows\setuperr.log
2013-09-16 11:14 - 2013-09-16 11:14 - 00000000 ____D C:\FRST
2013-09-16 09:54 - 2013-09-16 09:54 - 00000000 ____D C:\Windows\PCHEALTH
2013-09-16 09:52 - 2013-09-16 09:52 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2013-09-16 09:31 - 2013-09-16 09:31 - 00000085 _____ C:\Windows\wininit.ini
2013-09-15 19:56 - 2013-09-15 19:56 - 00482409 _____ C:\Users\E. ***\Desktop\bookmarks.html
2013-09-15 19:56 - 2013-09-15 19:56 - 00241006 _____ C:\Users\E. ***\Desktop\bookmarks-2013-09-15.json
2013-09-15 18:40 - 2006-09-18 23:37 - 00000761 _____ C:\Windows\system32\Drivers\etc\hosts.20130915-184054.backup
2013-09-15 18:26 - 2013-09-16 09:32 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2013-09-15 15:36 - 2013-09-15 15:47 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-09-15 15:35 - 2013-09-15 15:47 - 00000000 ____D C:\Users\E. ***\Desktop\mbar
2013-09-15 15:34 - 2013-09-15 15:34 - 12907592 _____ (Malwarebytes Corp.) C:\Users\E. ***\Desktop\test.exe
2013-09-15 15:23 - 2013-09-15 15:23 - 00001595 _____ C:\Users\E. ***\Desktop\AdwCleaner[R2].txt
2013-09-15 13:25 - 2013-09-16 20:05 - 00000000 ____D C:\AdwCleaner
2013-09-15 10:48 - 2013-09-15 10:48 - 00000000 ____D C:\Program Files\Enigma Software Group
2013-09-15 10:48 - 2013-09-15 10:48 - 00000000 _____ C:\autoexec.bat
2013-09-14 15:02 - 2013-09-14 15:02 - 97542592 _____ C:\Windows\SysWOW64\籄뿉ᴼÝ
2013-09-14 03:08 - 2013-07-31 16:17 - 17833472 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-14 03:08 - 2013-07-31 15:42 - 10926080 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-14 03:08 - 2013-07-31 15:29 - 02312704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-14 03:08 - 2013-07-31 15:20 - 01346560 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-14 03:08 - 2013-07-31 15:19 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-14 03:08 - 2013-07-31 15:18 - 01494528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-09-14 03:08 - 2013-07-31 15:17 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-09-14 03:08 - 2013-07-31 15:16 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-14 03:08 - 2013-07-31 15:14 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-09-14 03:08 - 2013-07-31 15:13 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-14 03:08 - 2013-07-31 15:13 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-09-14 03:08 - 2013-07-31 15:11 - 02147840 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-14 03:08 - 2013-07-31 15:11 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-14 03:08 - 2013-07-31 15:09 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-09-14 03:08 - 2013-07-31 15:08 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-14 03:08 - 2013-07-31 15:05 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-14 03:08 - 2013-07-31 12:30 - 12335104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-09-14 03:08 - 2013-07-31 12:05 - 09738752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-09-14 03:08 - 2013-07-31 12:00 - 01800704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-09-14 03:08 - 2013-07-31 11:53 - 01104896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-09-14 03:08 - 2013-07-31 11:52 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-09-14 03:08 - 2013-07-31 11:52 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-09-14 03:08 - 2013-07-31 11:51 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-09-14 03:08 - 2013-07-31 11:49 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-09-14 03:08 - 2013-07-31 11:48 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-09-14 03:08 - 2013-07-31 11:48 - 00420864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-09-14 03:08 - 2013-07-31 11:48 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-09-14 03:08 - 2013-07-31 11:47 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-09-14 03:08 - 2013-07-31 11:46 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-09-14 03:08 - 2013-07-31 11:45 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-09-14 03:08 - 2013-07-31 11:45 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-09-14 03:08 - 2013-07-31 11:42 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-09-13 07:18 - 2013-08-08 04:03 - 02775552 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-09-13 07:18 - 2013-07-16 11:25 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\themeui.dll
2013-09-13 07:18 - 2013-07-16 06:35 - 00615936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\themeui.dll
2013-09-13 06:48 - 2013-09-13 06:48 - 97412816 _____ C:\Windows\SysWOW64\⠔䜫ᴼÞ
2013-08-28 20:27 - 2013-08-28 20:27 - 00000000 ____D C:\ID_CS2_GR_NonRet
2013-08-28 08:54 - 2013-08-02 16:06 - 01706496 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-08-28 08:54 - 2013-08-02 06:09 - 01548288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-08-27 12:56 - 2013-08-27 12:56 - 00000000 ____D C:\Users\E. ***\dwhelper
2013-08-27 12:30 - 2013-08-27 12:30 - 00000000 ____D C:\Program Files (x86)\NETGEAR
2013-08-27 12:30 - 2011-12-30 15:23 - 01045608 _____ (NETGEAR Corporation                           ) C:\Windows\system32\Drivers\WNA3100M.sys
2013-08-26 14:18 - 2013-08-26 14:20 - 00000000 ____D C:\Users\E. ***\Desktop\Adobe Programme
2013-08-25 14:47 - 2013-08-25 14:47 - 00000000 ____D C:\ProgramData\Ralink
2013-08-25 14:03 - 2013-08-25 14:03 - 00000000 ____D C:\ProgramData\InstallShield
2013-08-25 13:59 - 2013-08-25 14:00 - 00000223 _____ C:\WirelessDiagLog.csv
2013-08-25 13:36 - 2009-09-04 17:44 - 00515416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_5.dll
2013-08-25 13:36 - 2009-09-04 17:44 - 00069464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_3.dll
2013-08-25 13:36 - 2009-09-04 17:29 - 00523088 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_42.dll
2013-08-25 13:36 - 2009-09-04 17:29 - 00453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_42.dll
2013-08-25 13:28 - 2006-11-29 13:06 - 04398360 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_32.dll
2013-08-25 13:28 - 2006-11-29 13:06 - 03426072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_32.dll
2013-08-25 13:26 - 2013-08-25 13:54 - 00000000 ____D C:\Users\E. ***\AppData\Local\Windows Live
2013-08-25 13:08 - 2013-08-25 13:08 - 00000000 ____D C:\Program Files\HP
2013-08-25 12:54 - 2013-08-25 12:54 - 00000000 ____D C:\ProgramData\AskPartnerNetwork
2013-08-25 12:54 - 2013-08-25 12:54 - 00000000 ____D C:\Program Files (x86)\AskPartnerNetwork
2013-08-25 12:53 - 2013-08-25 12:53 - 00000000 ____D C:\Users\E. ***\AppData\Roaming\Avira
2013-08-25 12:52 - 2013-09-05 17:23 - 00132088 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-08-25 12:52 - 2013-09-05 17:23 - 00105344 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-08-25 12:52 - 2013-08-25 12:52 - 00000000 ____D C:\Program Files (x86)\Avira
2013-08-25 12:52 - 2013-08-25 12:51 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2013-08-25 10:55 - 2013-08-25 13:10 - 00000000 ____D C:\ProgramData\HP Photo Creations
2013-08-25 10:55 - 2013-08-25 13:10 - 00000000 ____D C:\Program Files (x86)\HP Photo Creations
2013-08-25 10:52 - 2013-08-25 11:00 - 00000000 ____D C:\ProgramData\HP(48)
2013-08-25 10:52 - 2013-08-25 10:52 - 00000000 ____D C:\Program Files\HP(45)
2013-08-23 20:50 - 2013-08-23 20:51 - 00000000 ____D C:\Users\E. ***\Desktop\Fotos Ulrich und Tim
2013-08-18 19:05 - 2013-08-18 19:05 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

==================== One Month Modified Files and Folders =======

2013-09-17 00:00 - 2013-09-17 00:00 - 01950524 _____ (Farbar) C:\Users\E. ***\Desktop\FRST64.exe
2013-09-16 23:57 - 2013-03-11 13:47 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-09-16 23:54 - 2013-09-16 23:54 - 00001026 _____ C:\Users\E. ***\Desktop\checkup.txt
2013-09-16 23:51 - 2013-09-16 23:51 - 00891144 _____ C:\Users\E. ***\Desktop\SecurityCheck.exe
2013-09-16 23:48 - 2012-03-05 18:22 - 00349260 _____ C:\ProgramData\nvModes.001
2013-09-16 22:20 - 2006-11-02 17:22 - 00003712 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-16 22:20 - 2006-11-02 17:22 - 00003712 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-16 22:14 - 2013-09-16 22:14 - 97845400 _____ C:\Windows\SysWOW64\텩淈ᴼÓ
2013-09-16 20:26 - 2013-09-16 20:18 - 00002596 _____ C:\Users\E. ***\Desktop\JRT.txt
2013-09-16 20:26 - 2013-09-16 20:07 - 00001635 _____ C:\Users\E. ***\Desktop\AdwCleaner[S4].txt
2013-09-16 20:24 - 2012-07-26 14:52 - 01738539 _____ C:\Windows\WindowsUpdate.log
2013-09-16 20:20 - 2006-11-02 17:42 - 00032538 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-09-16 20:20 - 2006-11-02 17:42 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-16 20:11 - 2013-09-16 20:11 - 00000000 ____D C:\Windows\ERUNT
2013-09-16 20:09 - 2013-09-16 20:09 - 01029675 _____ (Thisisu) C:\Users\E. ***\Desktop\JRT.exe
2013-09-16 20:06 - 2012-03-05 18:19 - 00349260 _____ C:\ProgramData\nvModes.dat
2013-09-16 20:05 - 2013-09-15 13:25 - 00000000 ____D C:\AdwCleaner
2013-09-16 20:04 - 2013-09-16 20:04 - 01039554 _____ C:\Users\E. ***\Desktop\adwcleaner.exe
2013-09-16 20:02 - 2013-09-16 20:02 - 00000034 _____ C:\Windows\setupact.log
2013-09-16 20:02 - 2013-09-16 20:02 - 00000000 _____ C:\Windows\setuperr.log
2013-09-16 11:14 - 2013-09-16 11:14 - 00000000 ____D C:\FRST
2013-09-16 10:01 - 2013-08-16 07:00 - 00000000 ____D C:\Windows\system32\MRT
2013-09-16 09:59 - 2012-11-02 19:02 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-09-16 09:59 - 2006-11-02 14:35 - 79143768 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2013-09-16 09:59 - 2006-11-02 14:34 - 00000240 _____ C:\Windows\win.ini
2013-09-16 09:54 - 2013-09-16 09:54 - 00000000 ____D C:\Windows\PCHEALTH
2013-09-16 09:52 - 2013-09-16 09:52 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2013-09-16 09:52 - 2012-03-04 23:12 - 00000000 ____D C:\Users\E. ***
2013-09-16 09:32 - 2013-09-15 18:26 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2013-09-16 09:31 - 2013-09-16 09:31 - 00000085 _____ C:\Windows\wininit.ini
2013-09-15 22:37 - 2012-03-08 21:44 - 00000000 ____D C:\Users\E. ***\AppData\Roaming\vlc
2013-09-15 21:39 - 2012-03-06 18:39 - 00012800 _____ C:\Users\E. ***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-09-15 21:08 - 2012-06-30 10:56 - 00000000 ____D C:\Users\E. ***\AppData\Roaming\dvdcss
2013-09-15 19:56 - 2013-09-15 19:56 - 00482409 _____ C:\Users\E. ***\Desktop\bookmarks.html
2013-09-15 19:56 - 2013-09-15 19:56 - 00241006 _____ C:\Users\E. ***\Desktop\bookmarks-2013-09-15.json
2013-09-15 19:51 - 2012-03-08 22:13 - 00000000 ____D C:\Users\E. ***\AppData\Roaming\EndNote
2013-09-15 19:24 - 2012-03-08 21:46 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-09-15 15:47 - 2013-09-15 15:36 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-09-15 15:47 - 2013-09-15 15:35 - 00000000 ____D C:\Users\E. ***\Desktop\mbar
2013-09-15 15:34 - 2013-09-15 15:34 - 12907592 _____ (Malwarebytes Corp.) C:\Users\E. ***\Desktop\test.exe
2013-09-15 15:32 - 2012-03-06 17:52 - 00000000 ____D C:\Program Files\CCleaner
2013-09-15 15:23 - 2013-09-15 15:23 - 00001595 _____ C:\Users\E. ***\Desktop\AdwCleaner[R2].txt
2013-09-15 10:48 - 2013-09-15 10:48 - 00000000 ____D C:\Program Files\Enigma Software Group
2013-09-15 10:48 - 2013-09-15 10:48 - 00000000 _____ C:\autoexec.bat
2013-09-14 18:19 - 2012-03-18 15:15 - 00000000 ____D C:\Users\E. ***\AppData\Roaming\foobar2000
2013-09-14 17:57 - 2012-03-04 23:12 - 00001005 _____ C:\Users\E. ***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2013-09-14 15:02 - 2013-09-14 15:02 - 97542592 _____ C:\Windows\SysWOW64\籄뿉ᴼÝ
2013-09-14 03:30 - 2006-11-02 17:21 - 00398584 _____ C:\Windows\system32\FNTCACHE.DAT
2013-09-13 20:57 - 2013-03-11 13:47 - 00003736 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-09-13 20:57 - 2012-04-15 17:27 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-09-13 20:57 - 2012-03-08 21:29 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-09-13 06:48 - 2013-09-13 06:48 - 97412816 _____ C:\Windows\SysWOW64\⠔䜫ᴼÞ
2013-09-12 13:55 - 2008-01-21 13:10 - 01445546 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-12 13:55 - 2008-01-21 13:09 - 00628992 _____ C:\Windows\system32\perfh007.dat
2013-09-12 13:55 - 2008-01-21 13:09 - 00126704 _____ C:\Windows\system32\perfc007.dat
2013-09-09 21:04 - 2013-08-06 20:48 - 00000000 ____D C:\Users\E. ***\Desktop\Klausur 1
2013-09-05 17:23 - 2013-08-25 12:52 - 00132088 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-09-05 17:23 - 2013-08-25 12:52 - 00105344 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-08-28 20:32 - 2012-03-05 18:39 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-08-28 20:31 - 2012-03-04 23:12 - 00000000 ___RD C:\Users\E. ***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-08-28 20:30 - 2012-03-05 18:40 - 00000000 ____D C:\ProgramData\Adobe
2013-08-28 20:27 - 2013-08-28 20:27 - 00000000 ____D C:\ID_CS2_GR_NonRet
2013-08-27 15:31 - 2012-03-05 18:04 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-08-27 12:56 - 2013-08-27 12:56 - 00000000 ____D C:\Users\E. ***\dwhelper
2013-08-27 12:30 - 2013-08-27 12:30 - 00000000 ____D C:\Program Files (x86)\NETGEAR
2013-08-26 14:20 - 2013-08-26 14:18 - 00000000 ____D C:\Users\E. ***\Desktop\Adobe Programme
2013-08-25 15:13 - 2012-03-08 21:46 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy
2013-08-25 14:50 - 2012-03-05 18:11 - 00000000 ____D C:\Program Files (x86)\RALINK
2013-08-25 14:47 - 2013-08-25 14:47 - 00000000 ____D C:\ProgramData\Ralink
2013-08-25 14:19 - 2006-11-02 15:33 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2013-08-25 14:03 - 2013-08-25 14:03 - 00000000 ____D C:\ProgramData\InstallShield
2013-08-25 14:00 - 2013-08-25 13:59 - 00000223 _____ C:\WirelessDiagLog.csv
2013-08-25 13:54 - 2013-08-25 13:26 - 00000000 ____D C:\Users\E. ***\AppData\Local\Windows Live
2013-08-25 13:54 - 2012-03-04 23:12 - 00105360 _____ C:\Users\E. ***\AppData\Local\GDIPFONTCACHEV1.DAT
2013-08-25 13:10 - 2013-08-25 10:55 - 00000000 ____D C:\ProgramData\HP Photo Creations
2013-08-25 13:10 - 2013-08-25 10:55 - 00000000 ____D C:\Program Files (x86)\HP Photo Creations
2013-08-25 13:09 - 2012-03-05 18:34 - 00000000 ____D C:\Program Files (x86)\HP
2013-08-25 13:08 - 2013-08-25 13:08 - 00000000 ____D C:\Program Files\HP
2013-08-25 13:08 - 2012-03-05 18:33 - 00000000 ____D C:\ProgramData\HP
2013-08-25 12:54 - 2013-08-25 12:54 - 00000000 ____D C:\ProgramData\AskPartnerNetwork
2013-08-25 12:54 - 2013-08-25 12:54 - 00000000 ____D C:\Program Files (x86)\AskPartnerNetwork
2013-08-25 12:53 - 2013-08-25 12:53 - 00000000 ____D C:\Users\E. ***\AppData\Roaming\Avira
2013-08-25 12:52 - 2013-08-25 12:52 - 00000000 ____D C:\Program Files (x86)\Avira
2013-08-25 12:52 - 2013-08-05 21:18 - 00000000 ____D C:\ProgramData\Avira
2013-08-25 12:51 - 2013-08-25 12:52 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2013-08-25 12:29 - 2012-03-06 18:02 - 00000000 ____D C:\Program Files (x86)\PDFCreator
2013-08-25 12:03 - 2006-11-02 15:34 - 00000000 ____D C:\Windows\system32\Msdtc
2013-08-25 12:02 - 2012-03-05 18:22 - 00000000 ____D C:\Users\Gast
2013-08-25 12:02 - 2006-11-02 15:34 - 00000000 ____D C:\Windows\system32\spool
2013-08-25 12:02 - 2006-11-02 15:33 - 00000000 ____D C:\Windows\registration
2013-08-25 12:02 - 2006-11-02 14:33 - 77070336 _____ C:\Windows\system32\config\software_previous
2013-08-25 12:02 - 2006-11-02 14:33 - 47972352 _____ C:\Windows\system32\config\components_previous
2013-08-25 12:02 - 2006-11-02 14:33 - 22020096 _____ C:\Windows\system32\config\system_previous
2013-08-25 12:02 - 2006-11-02 14:33 - 00262144 _____ C:\Windows\system32\config\security_previous
2013-08-25 12:02 - 2006-11-02 14:33 - 00262144 _____ C:\Windows\system32\config\sam_previous
2013-08-25 12:02 - 2006-11-02 14:33 - 00262144 _____ C:\Windows\system32\config\default_previous
2013-08-25 11:00 - 2013-08-25 10:52 - 00000000 ____D C:\ProgramData\HP(48)
2013-08-25 10:52 - 2013-08-25 10:52 - 00000000 ____D C:\Program Files\HP(45)
2013-08-23 20:51 - 2013-08-23 20:50 - 00000000 ____D C:\Users\E. ***\Desktop\Fotos Ulrich und Tim
2013-08-19 19:32 - 2012-04-27 20:34 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-08-18 19:05 - 2013-08-18 19:05 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

Some content of TEMP:
====================
C:\Users\E. ***\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-09-16 20:27

==================== End Of Log ============================

--- --- ---

Mal schauen, was du dazu sagst, dann habe ich auch noch ein oder zwei Fragen

Gute Nacht!

schrauber · 17.09.2013, 13:06

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [x]

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Noch Probleme?

Mel-e · 17.09.2013, 18:38

Lieber Schrauber,
vielen Dank für deine erneute Hilfe

Du fragst, ob noch Probleme vorhanden sind - ja

Als ich mir hier angemeldet habe, war mir gar nicht klar, dass wir so flott durch eine Bereinigung durcharbeiten.
Nicht falsch verstehen - ich bin dir sehr dankbar dafür!
In meinem Ursprungspost hatte ich ja gefragt, ob das wat "Schlimmeres" ist oder nicht (meinen Rechner hätte ich neuinstalliert - mein Mann sieht das anders und hofft auf Säuberung...)

Für mich klangen die Funde aus meinem Ursprungspost ziemlich übel, allerdings habe ich fast keine Info (gar keine eigentlich) im Netz dazu gefunden.
Ich fände es super toll, wenn du mir vielleicht kurz was dazu sagen könntest. V.a. zu Trojan.Ransom.Gend und Malware.Packer.ORPC.
Passwörter ändern etc. ist klar und (böse Jungs, kurz herhören

Internetbanking findet nicht statt :-D Aber könnte da noch ein Türchen offen sein deiner Einschätzung nach?

Und bevor ich's vergesse: search.ueep.schrott muss noch weg

Tausend Dank bis hierhin!
Mel-e

Code:

ATTFilter

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 16-09-2013 03
Ran by E. *** at 2013-09-17 19:16:15 Run:1
Running from C:\Users\E. ***\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
*****************

esgiguard => Service deleted successfully.

==== End of Fixlog ====

schrauber · 17.09.2013, 20:21

Das war nur Adware, kein Thema

In welchem Browser gibt es noch Probleme?

Mel-e · 17.09.2013, 20:54

Leider beide noch auf search.ueep.com (IE und FF).
Startseite natürlich manuell geändert. Wenn ich auf Startseite klicke geht er drauf. Aber nach Neustart öffnen beide wieder auf ueep. Der Eintrag der eigentlichen Startseite steht dann trotzdem korrekterweise in den Einstellungen.
Hmm.
Idee?
FF wäre ja Neuinstallation möglich, aber IE, kriegt man den überhaupt deinstalliert?
Ich harre der Dinge und folge brav jedem deiner Schritte

schrauber · 18.09.2013, 10:00

FF komplett deinstalliere, keine Daten behalten, neu installieren. IE komplett zurücksetzen.

dann ein frisches FRST log bitte.

Mel-e · 18.09.2013, 15:06

Also:
Firefox ist wieder sauber.
Beim Internet Explorer ist das ganz interessant.
Im Startmenü sind zwei Einträge IE "normal" und IE 64 Bit.
Wahrscheinlich muss das so sein - ich benutz den nie und mein Mann auf dem Rechner hier auch nie...
Jedenfalls: Hab den 64 Bit mehrfach zurückgesetzt, search.ueep.com hält sich absolut hartnäckig!
Beim anderen "normalen" IE war kein search.ueep.com. da. Hab trotzdem mal zurückgesetzt. Mehrfach beide IEs neugestartet, Rechner neugestartet, CCleaner laufen lassen.
Search.ueep.com scheint das alles wenig zu interessieren, ihm gefällt's hier zu gut

Hier das neueste FRST Log:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-09-2013 03
Ran by E. *** (administrator) on MEDIONAKOYA on 18-09-2013 15:57:54
Running from C:\Users\E. ***\Desktop
Windows Vista (TM) Home Premium Service Pack 2 (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(APN LLC.) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Nero AG) C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe
(pdfforge GbR) C:\Program Files (x86)\PDF Architect\HelperService.exe
(pdfforge GbR) C:\Program Files (x86)\PDF Architect\ConversionService.exe
(Prolific Technology Inc.) C:\Windows\SysWOW64\IoctlSvc.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Program Files (x86)\Realtek Semiconductor Corp\Realtek USB 2.0 Card Reader\reset.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\PSIA.exe
(X10) C:\PROGRA~2\COMMON~1\X10\Common\x10nets.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Spotify Ltd) C:\Users\E. ***\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [6847008 2008-10-31] (Realtek Semiconductor)
HKLM\...\Run: [Skytel] - C:\Program Files\Realtek\Audio\HDA\Skytel.exe [1833504 2008-10-31] (Realtek Semiconductor Corp.)
HKLM\...\Run: [IAAnotif] - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [178712 2008-04-15] (Intel Corporation)
HKLM\...\Run: [NvCplDaemon] - RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [NvMediaCenter] - RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
HKCU\...\Run: [Spotify Web Helper] - C:\Users\E. ***\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1104384 2013-07-26] (Spotify Ltd)
MountPoints2: {1be6cdd0-6b7d-11e1-b310-001f16144ef8} - I:\Startme.exe
HKLM-x32\...\Run: [] -  [x]
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-01-28] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-02-20] (Apple Inc.)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [347192 2013-09-05] (Avira Operations GmbH & Co. KG)
HKU\Default\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default User\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
Startup: C:\Users\E. ***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x276B510076B4CE01
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO-x32: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
BHO-x32: PDF Architect Helper - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GbR)
BHO-x32: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
Toolbar: HKLM-x32 -  No Name - {41564952-412D-5637-00A7-7A786E7484D7} -  No File
Toolbar: HKCU -  No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Handler: ipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} -  No File
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: ipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\E. ***\AppData\Roaming\Mozilla\Firefox\Profiles\2wdazf7o.default
FF Homepage: www.spiegel.de
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll ()
FF Plugin: @java.com/DTPlugin,version=10.9.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.13.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin-x32: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=15.0.6.14 - c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprjplug;version=15.0.6.14 - c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.6.14 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.6.14 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=15.0.6.14 - c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin-x32: @videolan.org/vlc,version=2.0.0 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.0.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @phonostar.de/phonostar - C:\Program Files (x86)\dradio-Recorder\npphonostarDetectNP.dll No File
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101753.dll (Amazon.com, Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: No Name - C:\Users\E. ***\AppData\Roaming\Mozilla\Firefox\Profiles\2wdazf7o.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM-x32\...\Firefox\Extensions: [{0153E448-190B-4987-BDE1-F256CADA672F}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt

==================== Services (Whitelisted) =================

S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2013-08-28] (Adobe Systems)
R2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe [622648 2013-09-05] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-09-05] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-09-05] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [815160 2013-09-05] (Avira Operations GmbH & Co. KG)
R2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [168400 2013-07-26] (APN LLC.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 Nero BackItUp Scheduler 3; C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe [877864 2008-02-18] (Nero AG)
S3 NMIndexingService; C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe [529704 2008-02-28] (Nero AG)
R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1522312 2012-11-22] (pdfforge GbR)
R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [905864 2012-11-22] (pdfforge GbR)
R2 PLFlash DeviceIoControl Service; C:\Windows\SysWOW64\IoctlSvc.exe [81920 2006-12-19] (Prolific Technology Inc.)
R2 resetWinService; C:\Program Files (x86)\Realtek Semiconductor Corp\Realtek USB 2.0 Card Reader\reset.exe [71168 2008-10-29] ()
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1328736 2012-09-24] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [656480 2012-09-24] (Secunia)
R2 x10nets; C:\PROGRA~2\COMMON~1\X10\Common\x10nets.exe [20480 2001-11-12] (X10)

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [105344 2013-09-05] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132088 2013-09-05] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-08-25] (Avira Operations GmbH & Co. KG)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 s1018bus; C:\Windows\System32\DRIVERS\s1018bus.sys [113704 2009-03-25] (MCCI Corporation)
S3 s1018mdfl; C:\Windows\System32\DRIVERS\s1018mdfl.sys [19496 2009-03-25] (MCCI Corporation)
S3 s1018mdm; C:\Windows\System32\DRIVERS\s1018mdm.sys [153128 2009-03-25] (MCCI Corporation)
S3 s1018mgmt; C:\Windows\System32\DRIVERS\s1018mgmt.sys [133160 2009-03-25] (MCCI Corporation)
S3 s1018nd5; C:\Windows\System32\DRIVERS\s1018nd5.sys [34856 2009-03-25] (MCCI Corporation)
S3 s1018obex; C:\Windows\System32\DRIVERS\s1018obex.sys [128552 2009-03-25] (MCCI Corporation)
S3 s1018unic; C:\Windows\System32\DRIVERS\s1018unic.sys [146472 2009-03-25] (MCCI Corporation)
S3 WINIO; C:\Windows\system32\WinIo.sys [12160 2012-07-18] ()
S3 WNA3100M; C:\Windows\System32\DRIVERS\WNA3100M.sys [1045608 2011-12-30] (NETGEAR Corporation                           )
R3 X10Hid; C:\Windows\System32\Drivers\x10hid.sys [15768 2006-11-15] (X10 Wireless Technology, Inc.)
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-09-18 11:22 - 2013-09-18 11:24 - 00000000 ____D C:\Users\E. ***\AppData\Roaming\Mozilla
2013-09-18 11:15 - 2013-09-18 11:15 - 00486596 _____ C:\Users\E. ***\Desktop\bookmarks.html
2013-09-18 11:15 - 2013-09-18 11:15 - 00243114 _____ C:\Users\E. ***\Desktop\bookmarks-2013-09-18.json
2013-09-17 17:04 - 2013-09-17 17:04 - 97949955 _____ C:\Windows\SysWOW64\⾬⩜ᴼÍ
2013-09-17 00:00 - 2013-09-17 00:00 - 01950524 _____ (Farbar) C:\Users\E. ***\Desktop\FRST64.exe
2013-09-16 23:54 - 2013-09-16 23:54 - 00001026 _____ C:\Users\E. ***\Desktop\checkup.txt
2013-09-16 23:51 - 2013-09-16 23:51 - 00891144 _____ C:\Users\E. ***\Desktop\SecurityCheck.exe
2013-09-16 20:11 - 2013-09-16 20:11 - 00000000 ____D C:\Windows\ERUNT
2013-09-16 20:09 - 2013-09-16 20:09 - 01029675 _____ (Thisisu) C:\Users\E. ***\Desktop\JRT.exe
2013-09-16 20:04 - 2013-09-16 20:04 - 01039554 _____ C:\Users\E. ***\Desktop\adwcleaner.exe
2013-09-16 11:14 - 2013-09-16 11:14 - 00000000 ____D C:\FRST
2013-09-16 09:54 - 2013-09-16 09:54 - 00000000 ____D C:\Windows\PCHEALTH
2013-09-16 09:52 - 2013-09-16 09:52 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2013-09-16 09:31 - 2013-09-16 09:31 - 00000085 _____ C:\Windows\wininit.ini
2013-09-15 18:40 - 2006-09-18 23:37 - 00000761 _____ C:\Windows\system32\Drivers\etc\hosts.20130915-184054.backup
2013-09-15 18:26 - 2013-09-16 09:32 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2013-09-15 15:36 - 2013-09-15 15:47 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-09-15 15:35 - 2013-09-15 15:47 - 00000000 ____D C:\Users\E. ***\Desktop\mbar
2013-09-15 15:34 - 2013-09-15 15:34 - 12907592 _____ (Malwarebytes Corp.) C:\Users\E. ***\Desktop\test.exe
2013-09-15 13:25 - 2013-09-16 20:05 - 00000000 ____D C:\AdwCleaner
2013-09-15 10:48 - 2013-09-15 10:48 - 00000000 ____D C:\Program Files\Enigma Software Group
2013-09-15 10:48 - 2013-09-15 10:48 - 00000000 _____ C:\autoexec.bat
2013-09-14 15:02 - 2013-09-14 15:02 - 97542592 _____ C:\Windows\SysWOW64\籄뿉ᴼÝ
2013-09-14 03:08 - 2013-07-31 16:17 - 17833472 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-14 03:08 - 2013-07-31 15:42 - 10926080 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-14 03:08 - 2013-07-31 15:29 - 02312704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-14 03:08 - 2013-07-31 15:20 - 01346560 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-14 03:08 - 2013-07-31 15:19 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-14 03:08 - 2013-07-31 15:18 - 01494528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-09-14 03:08 - 2013-07-31 15:17 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-09-14 03:08 - 2013-07-31 15:16 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-14 03:08 - 2013-07-31 15:14 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-09-14 03:08 - 2013-07-31 15:13 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-14 03:08 - 2013-07-31 15:13 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-09-14 03:08 - 2013-07-31 15:11 - 02147840 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-14 03:08 - 2013-07-31 15:11 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-14 03:08 - 2013-07-31 15:09 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-09-14 03:08 - 2013-07-31 15:08 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-14 03:08 - 2013-07-31 15:05 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-14 03:08 - 2013-07-31 12:30 - 12335104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-09-14 03:08 - 2013-07-31 12:05 - 09738752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-09-14 03:08 - 2013-07-31 12:00 - 01800704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-09-14 03:08 - 2013-07-31 11:53 - 01104896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-09-14 03:08 - 2013-07-31 11:52 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-09-14 03:08 - 2013-07-31 11:52 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-09-14 03:08 - 2013-07-31 11:51 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-09-14 03:08 - 2013-07-31 11:49 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-09-14 03:08 - 2013-07-31 11:48 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-09-14 03:08 - 2013-07-31 11:48 - 00420864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-09-14 03:08 - 2013-07-31 11:48 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-09-14 03:08 - 2013-07-31 11:47 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-09-14 03:08 - 2013-07-31 11:46 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-09-14 03:08 - 2013-07-31 11:45 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-09-14 03:08 - 2013-07-31 11:45 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-09-14 03:08 - 2013-07-31 11:42 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-09-13 07:18 - 2013-08-08 04:03 - 02775552 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-09-13 07:18 - 2013-07-16 11:25 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\themeui.dll
2013-09-13 07:18 - 2013-07-16 06:35 - 00615936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\themeui.dll
2013-09-13 06:48 - 2013-09-13 06:48 - 97412816 _____ C:\Windows\SysWOW64\⠔䜫ᴼÞ
2013-08-28 20:27 - 2013-08-28 20:27 - 00000000 ____D C:\ID_CS2_GR_NonRet
2013-08-28 08:54 - 2013-08-02 16:06 - 01706496 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-08-28 08:54 - 2013-08-02 06:09 - 01548288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-08-27 12:56 - 2013-08-27 12:56 - 00000000 ____D C:\Users\E. ***\dwhelper
2013-08-27 12:30 - 2013-08-27 12:30 - 00000000 ____D C:\Program Files (x86)\NETGEAR
2013-08-27 12:30 - 2011-12-30 15:23 - 01045608 _____ (NETGEAR Corporation                           ) C:\Windows\system32\Drivers\WNA3100M.sys
2013-08-26 14:18 - 2013-08-26 14:20 - 00000000 ____D C:\Users\E. ***\Desktop\Adobe Programme
2013-08-25 14:47 - 2013-08-25 14:47 - 00000000 ____D C:\ProgramData\Ralink
2013-08-25 14:03 - 2013-08-25 14:03 - 00000000 ____D C:\ProgramData\InstallShield
2013-08-25 13:59 - 2013-08-25 14:00 - 00000223 _____ C:\WirelessDiagLog.csv
2013-08-25 13:36 - 2009-09-04 17:44 - 00515416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_5.dll
2013-08-25 13:36 - 2009-09-04 17:44 - 00069464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_3.dll
2013-08-25 13:36 - 2009-09-04 17:29 - 00523088 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_42.dll
2013-08-25 13:36 - 2009-09-04 17:29 - 00453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_42.dll
2013-08-25 13:28 - 2006-11-29 13:06 - 04398360 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_32.dll
2013-08-25 13:28 - 2006-11-29 13:06 - 03426072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_32.dll
2013-08-25 13:26 - 2013-08-25 13:54 - 00000000 ____D C:\Users\E. ***\AppData\Local\Windows Live
2013-08-25 13:08 - 2013-08-25 13:08 - 00000000 ____D C:\Program Files\HP
2013-08-25 12:54 - 2013-08-25 12:54 - 00000000 ____D C:\ProgramData\AskPartnerNetwork
2013-08-25 12:54 - 2013-08-25 12:54 - 00000000 ____D C:\Program Files (x86)\AskPartnerNetwork
2013-08-25 12:53 - 2013-08-25 12:53 - 00000000 ____D C:\Users\E. ***\AppData\Roaming\Avira
2013-08-25 12:52 - 2013-09-05 17:23 - 00132088 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-08-25 12:52 - 2013-09-05 17:23 - 00105344 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-08-25 12:52 - 2013-08-25 12:52 - 00000000 ____D C:\Program Files (x86)\Avira
2013-08-25 12:52 - 2013-08-25 12:51 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2013-08-25 10:55 - 2013-08-25 13:10 - 00000000 ____D C:\ProgramData\HP Photo Creations
2013-08-25 10:55 - 2013-08-25 13:10 - 00000000 ____D C:\Program Files (x86)\HP Photo Creations
2013-08-25 10:52 - 2013-08-25 11:00 - 00000000 ____D C:\ProgramData\HP(48)
2013-08-25 10:52 - 2013-08-25 10:52 - 00000000 ____D C:\Program Files\HP(45)
2013-08-23 20:50 - 2013-08-23 20:51 - 00000000 ____D C:\Users\E. ***\Desktop\Fotos Ulrich und Tim

==================== One Month Modified Files and Folders =======

2013-09-18 15:57 - 2013-03-11 13:47 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-09-18 15:55 - 2012-03-05 18:22 - 00349260 _____ C:\ProgramData\nvModes.001
2013-09-18 15:55 - 2012-03-05 18:19 - 00349260 _____ C:\ProgramData\nvModes.dat
2013-09-18 15:55 - 2006-11-02 17:42 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-18 15:55 - 2006-11-02 17:22 - 00003712 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-18 15:55 - 2006-11-02 17:22 - 00003712 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-18 15:54 - 2012-07-26 14:52 - 01788448 _____ C:\Windows\WindowsUpdate.log
2013-09-18 15:54 - 2006-11-02 17:42 - 00032538 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-09-18 14:42 - 2012-03-06 18:39 - 00017408 _____ C:\Users\E. ***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-09-18 11:24 - 2013-09-18 11:22 - 00000000 ____D C:\Users\E. ***\AppData\Roaming\Mozilla
2013-09-18 11:22 - 2013-08-18 19:05 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-09-18 11:15 - 2013-09-18 11:15 - 00486596 _____ C:\Users\E. ***\Desktop\bookmarks.html
2013-09-18 11:15 - 2013-09-18 11:15 - 00243114 _____ C:\Users\E. ***\Desktop\bookmarks-2013-09-18.json
2013-09-17 17:04 - 2013-09-17 17:04 - 97949955 _____ C:\Windows\SysWOW64\⾬⩜ᴼÍ
2013-09-17 00:00 - 2013-09-17 00:00 - 01950524 _____ (Farbar) C:\Users\E. ***\Desktop\FRST64.exe
2013-09-16 23:54 - 2013-09-16 23:54 - 00001026 _____ C:\Users\E. ***\Desktop\checkup.txt
2013-09-16 23:51 - 2013-09-16 23:51 - 00891144 _____ C:\Users\E. ***\Desktop\SecurityCheck.exe
2013-09-16 20:11 - 2013-09-16 20:11 - 00000000 ____D C:\Windows\ERUNT
2013-09-16 20:09 - 2013-09-16 20:09 - 01029675 _____ (Thisisu) C:\Users\E. ***\Desktop\JRT.exe
2013-09-16 20:05 - 2013-09-15 13:25 - 00000000 ____D C:\AdwCleaner
2013-09-16 20:04 - 2013-09-16 20:04 - 01039554 _____ C:\Users\E. ***\Desktop\adwcleaner.exe
2013-09-16 11:14 - 2013-09-16 11:14 - 00000000 ____D C:\FRST
2013-09-16 10:01 - 2013-08-16 07:00 - 00000000 ____D C:\Windows\system32\MRT
2013-09-16 09:59 - 2012-11-02 19:02 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-09-16 09:59 - 2006-11-02 14:35 - 79143768 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2013-09-16 09:59 - 2006-11-02 14:34 - 00000240 _____ C:\Windows\win.ini
2013-09-16 09:54 - 2013-09-16 09:54 - 00000000 ____D C:\Windows\PCHEALTH
2013-09-16 09:52 - 2013-09-16 09:52 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2013-09-16 09:52 - 2012-03-04 23:12 - 00000000 ____D C:\Users\E. ***
2013-09-16 09:32 - 2013-09-15 18:26 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2013-09-16 09:31 - 2013-09-16 09:31 - 00000085 _____ C:\Windows\wininit.ini
2013-09-15 22:37 - 2012-03-08 21:44 - 00000000 ____D C:\Users\E. ***\AppData\Roaming\vlc
2013-09-15 21:08 - 2012-06-30 10:56 - 00000000 ____D C:\Users\E. ***\AppData\Roaming\dvdcss
2013-09-15 19:51 - 2012-03-08 22:13 - 00000000 ____D C:\Users\E. ***\AppData\Roaming\EndNote
2013-09-15 19:24 - 2012-03-08 21:46 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-09-15 15:47 - 2013-09-15 15:36 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-09-15 15:47 - 2013-09-15 15:35 - 00000000 ____D C:\Users\E. ***\Desktop\mbar
2013-09-15 15:34 - 2013-09-15 15:34 - 12907592 _____ (Malwarebytes Corp.) C:\Users\E. ***\Desktop\test.exe
2013-09-15 15:32 - 2012-03-06 17:52 - 00000000 ____D C:\Program Files\CCleaner
2013-09-15 10:48 - 2013-09-15 10:48 - 00000000 ____D C:\Program Files\Enigma Software Group
2013-09-15 10:48 - 2013-09-15 10:48 - 00000000 _____ C:\autoexec.bat
2013-09-14 18:19 - 2012-03-18 15:15 - 00000000 ____D C:\Users\E. ***\AppData\Roaming\foobar2000
2013-09-14 17:57 - 2012-03-04 23:12 - 00001005 _____ C:\Users\E. ***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2013-09-14 15:02 - 2013-09-14 15:02 - 97542592 _____ C:\Windows\SysWOW64\籄뿉ᴼÝ
2013-09-14 03:30 - 2006-11-02 17:21 - 00398584 _____ C:\Windows\system32\FNTCACHE.DAT
2013-09-13 20:57 - 2013-03-11 13:47 - 00003736 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-09-13 20:57 - 2012-04-15 17:27 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-09-13 20:57 - 2012-03-08 21:29 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-09-13 06:48 - 2013-09-13 06:48 - 97412816 _____ C:\Windows\SysWOW64\⠔䜫ᴼÞ
2013-09-12 13:55 - 2008-01-21 13:10 - 01445546 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-12 13:55 - 2008-01-21 13:09 - 00628992 _____ C:\Windows\system32\perfh007.dat
2013-09-12 13:55 - 2008-01-21 13:09 - 00126704 _____ C:\Windows\system32\perfc007.dat
2013-09-09 21:04 - 2013-08-06 20:48 - 00000000 ____D C:\Users\E. ***\Desktop\Klausur 1
2013-09-05 17:23 - 2013-08-25 12:52 - 00132088 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-09-05 17:23 - 2013-08-25 12:52 - 00105344 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-08-28 20:32 - 2012-03-05 18:39 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-08-28 20:31 - 2012-03-04 23:12 - 00000000 ___RD C:\Users\E. ***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-08-28 20:30 - 2012-03-05 18:40 - 00000000 ____D C:\ProgramData\Adobe
2013-08-28 20:27 - 2013-08-28 20:27 - 00000000 ____D C:\ID_CS2_GR_NonRet
2013-08-27 15:31 - 2012-03-05 18:04 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-08-27 12:56 - 2013-08-27 12:56 - 00000000 ____D C:\Users\E. ***\dwhelper
2013-08-27 12:30 - 2013-08-27 12:30 - 00000000 ____D C:\Program Files (x86)\NETGEAR
2013-08-26 14:20 - 2013-08-26 14:18 - 00000000 ____D C:\Users\E. ***\Desktop\Adobe Programme
2013-08-25 15:13 - 2012-03-08 21:46 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy
2013-08-25 14:50 - 2012-03-05 18:11 - 00000000 ____D C:\Program Files (x86)\RALINK
2013-08-25 14:47 - 2013-08-25 14:47 - 00000000 ____D C:\ProgramData\Ralink
2013-08-25 14:19 - 2006-11-02 15:33 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2013-08-25 14:03 - 2013-08-25 14:03 - 00000000 ____D C:\ProgramData\InstallShield
2013-08-25 14:00 - 2013-08-25 13:59 - 00000223 _____ C:\WirelessDiagLog.csv
2013-08-25 13:54 - 2013-08-25 13:26 - 00000000 ____D C:\Users\E. ***\AppData\Local\Windows Live
2013-08-25 13:54 - 2012-03-04 23:12 - 00105360 _____ C:\Users\E. ***\AppData\Local\GDIPFONTCACHEV1.DAT
2013-08-25 13:10 - 2013-08-25 10:55 - 00000000 ____D C:\ProgramData\HP Photo Creations
2013-08-25 13:10 - 2013-08-25 10:55 - 00000000 ____D C:\Program Files (x86)\HP Photo Creations
2013-08-25 13:09 - 2012-03-05 18:34 - 00000000 ____D C:\Program Files (x86)\HP
2013-08-25 13:08 - 2013-08-25 13:08 - 00000000 ____D C:\Program Files\HP
2013-08-25 13:08 - 2012-03-05 18:33 - 00000000 ____D C:\ProgramData\HP
2013-08-25 12:54 - 2013-08-25 12:54 - 00000000 ____D C:\ProgramData\AskPartnerNetwork
2013-08-25 12:54 - 2013-08-25 12:54 - 00000000 ____D C:\Program Files (x86)\AskPartnerNetwork
2013-08-25 12:53 - 2013-08-25 12:53 - 00000000 ____D C:\Users\E. ***\AppData\Roaming\Avira
2013-08-25 12:52 - 2013-08-25 12:52 - 00000000 ____D C:\Program Files (x86)\Avira
2013-08-25 12:52 - 2013-08-05 21:18 - 00000000 ____D C:\ProgramData\Avira
2013-08-25 12:51 - 2013-08-25 12:52 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2013-08-25 12:29 - 2012-03-06 18:02 - 00000000 ____D C:\Program Files (x86)\PDFCreator
2013-08-25 12:03 - 2006-11-02 15:34 - 00000000 ____D C:\Windows\system32\Msdtc
2013-08-25 12:02 - 2012-03-05 18:22 - 00000000 ____D C:\Users\Gast
2013-08-25 12:02 - 2006-11-02 15:34 - 00000000 ____D C:\Windows\system32\spool
2013-08-25 12:02 - 2006-11-02 15:33 - 00000000 ____D C:\Windows\registration
2013-08-25 12:02 - 2006-11-02 14:33 - 77070336 _____ C:\Windows\system32\config\software_previous
2013-08-25 12:02 - 2006-11-02 14:33 - 47972352 _____ C:\Windows\system32\config\components_previous
2013-08-25 12:02 - 2006-11-02 14:33 - 22020096 _____ C:\Windows\system32\config\system_previous
2013-08-25 12:02 - 2006-11-02 14:33 - 00262144 _____ C:\Windows\system32\config\security_previous
2013-08-25 12:02 - 2006-11-02 14:33 - 00262144 _____ C:\Windows\system32\config\sam_previous
2013-08-25 12:02 - 2006-11-02 14:33 - 00262144 _____ C:\Windows\system32\config\default_previous
2013-08-25 11:00 - 2013-08-25 10:52 - 00000000 ____D C:\ProgramData\HP(48)
2013-08-25 10:52 - 2013-08-25 10:52 - 00000000 ____D C:\Program Files\HP(45)
2013-08-23 20:51 - 2013-08-23 20:50 - 00000000 ____D C:\Users\E. ***\Desktop\Fotos Ulrich und Tim

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-09-18 15:46

==================== End Of Log ============================

--- --- ---

Übrigens Danke für den Hinweis, dass das "nur" Adware war - Wieso nennen die den Quatsch dann "Malware..." und "Trojan..."?! Grrr.

Bis zum nächsten Post!
Mel-e

schrauber · 18.09.2013, 19:43

Lade SystemLook von jpshortstuff von einem der folgenden Spiegel herunter und speichere das Tool auf dem Desktop.
SystemLook (64 bit)

Doppelklicke auf die SystemLook_x64.exe, um das Tool zu starten.
Kopiere den Inhalt der folgenden Codebox in das Textfeld des Tools:
Code:
ATTFilter
```
:filefind
*Search.ueep*
:regfind
Search.ueep
         
```
Klicke nun auf den Button Look, um den Scan zu starten.
Der Suchlauf kann einige Zeit dauern.
Wenn der Suchlauf beendet ist, wird sich Dein Editor mit den Ergebnissen öffnen, poste diese in deinen Thread.
Die Ergebnisse werden auf dem Desktop als SystemLook.txt gespeichert.

Mel-e · 19.09.2013, 07:44

Guten Morgen :-)
endlich erwischt :-)

Code:

ATTFilter

SystemLook 30.07.11 by jpshortstuff
Log created at 08:31 on 19/09/2013 by E. ***
Administrator - Elevation successful

========== filefind ==========

Searching for "*Search.ueep*"
No files found.

========== regfind ==========

Searching for "Search.ueep"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
@="hxxp://search.ueep.com/?q={searchTerms}"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
@="hxxp://search.ueep.com/?q={searchTerms}"
[HKEY_USERS\S-1-5-21-3391542994-9121858-3532271502-1000\Software\Microsoft\Internet Explorer\Search]
@="hxxp://search.ueep.com/?q={searchTerms}"
[HKEY_USERS\S-1-5-21-3391542994-9121858-3532271502-1000\Software\Microsoft\Internet Explorer\SearchUrl]
@="hxxp://search.ueep.com/?q={searchTerms}"

-= EOF =-

Manuell löschen?
Freut mich, dass du ihn gefunden hast - Watson dankt Sherlock!

17.09.2013, 20:21	#10
schrauber /// the machine /// TB-Ausbilder	Malware.Packer.ORPC und search.ueep.com Das war nur Adware, kein Thema In welchem Browser gibt es noch Probleme? __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

18.09.2013, 10:00	#12
schrauber /// the machine /// TB-Ausbilder	Malware.Packer.ORPC und search.ueep.com FF komplett deinstalliere, keine Daten behalten, neu installieren. IE komplett zurücksetzen. dann ein frisches FRST log bitte. __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

Malware.Packer.ORPC und search.ueep.com

Plagegeister aller Art und deren Bekämpfung: Malware.Packer.ORPC und search.ueep.com