GVU-Trojaner vermutlich deaktiviert, aber noch Probleme

claro3 · 23.10.2013, 13:19

Hallo zusammen,
mich hat es auch mit dem GVU-Trojaner erwischt. Bin aber erst spät auf Euere Seite gekommen.
So habe ich mit Avira Rescue System CD einen Scan gemacht und dort gab es auch 2 Funde. Beim nächsten Start war aber der selbe Hintergrund und nichts ging am PC.
Beim nächsten Startversuch über F8 und abgesicherter Modus und allen weiteren normalen Startversuchen ging der Start wieder. Avira Free AntiVirus hatte auch eine Datei in Quarantäne (Logfile ganz unten). Habe einige verdächtige Dateien in Zusammenhang mit dem Fund gelöscht. Eine Datei (C:/ProgrammData/emqlv78.pss) lässt sich nicht löschen. Auch Eintrag im Autostartordner habe ich gelöscht.
Lässt sich wieder fast normal starten bis auf zwei neue Fehlermeldungen:
1. Ein Fenster - ist immer im Vordergrund - so ähnlich kommt: "Programmwechsel funktioniert nicht. Server ausgelastet." Auswählen könnte man "Wechseln zu ..." oder "Wiederholen". "Abbrechen" ist deaktiviert.
2. "ePowerTray" funktioniert nicht mehr --> Programm schließen;
Systemwiederherstellung klappt leider nicht, das hab ich schon versucht.
Meine Frage dazu:
Gibt es eine Möglichkeit, das System sicher wieder zu bereinigen oder ist evtl. ein Neuaufsetzen unumgänglich?
Hier die Logfiles (Benutzername durch * ersetzt) von
FRST64:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-10-2013
Ran by SYSTEM on MININT-BJ1OALT on 23-10-2013 13:10:54
Running from I:\
Windows 7 Home Premium (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [9913376 2009-12-29] (Realtek Semiconductor)
HKLM\...\Run: [mwlDaemon] - C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe [349480 2009-09-10] (Egis Technology Inc.)
HKLM\...\Run: [NvCplDaemon] - RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1890088 2009-12-10] (Synaptics Incorporated)
HKLM\...\Run: [Acer ePower Management] - C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [860192 2010-02-05] (Acer Incorporated)
HKLM\...\Run: [Windows Mobile Device Center] - C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [itype] - c:\Program Files\Microsoft IntelliType Pro\itype.exe [1873256 2011-08-10] (Microsoft Corporation)
HKLM\...\RunOnce: [*Restore] - C:\Windows\system32\rstrui.exe /RUNONCE [296960 2010-11-19] (Microsoft Corporation)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2009-12-23] (Intel Corporation)
HKLM-x32\...\Run: [EgisTecLiveUpdate] - C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe [199464 2009-08-03] (Egis Technology Inc.)
HKLM-x32\...\Run: [BackupManagerTray] - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [265984 2010-01-12] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [LManager] - C:\Program Files (x86)\Launch Manager\LManager.exe [1300560 2010-03-03] (Dritek System Inc.)
HKLM-x32\...\Run: [ZoneAlarm Client] - C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe [1043968 2010-06-28] (Check Point Software Technologies LTD)
HKLM-x32\...\Run: [GrooveMonitor] - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [VirtualCloneDrive] - C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [85160 2009-06-17] (Elaborate Bytes AG)
HKLM-x32\...\Run: [MMReminderService] - C:\Program Files (x86)\Mindjet\MindManager 6\MMReminderService.exe [31232 2006-04-03] (Mindjet)
HKLM-x32\...\Run: [Dictionary4Free] - C:\Program Files (x86)\Dictionary4Free\FreeDict.exe [1388544 2002-05-27] (GEKKO Software GmbH)
HKLM-x32\...\Run: [TkBellExe] - C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe [180269 2010-08-25] (RealNetworks, Inc.)
HKLM-x32\...\Run: [CorelDRAW Graphics Suite 11b] - C:\Program Files (x86)\Corel\Corel Graphics 12\Languages\DE\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=100710 serial=DR12CCF-3407797-WGW lang=DE
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\qttask.exe [98304 2010-10-20] (Apple Computer, Inc.)
HKLM-x32\...\Run: [SearchSettings] - C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe [983904 2012-04-23] (Spigot, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252296 2012-01-17] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [347192 2013-09-03] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [ApnTBMon] - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1558480 2013-07-26] (APN)
HKU\Default\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [154144 2009-12-23] ()
HKU\Default User\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [154144 2009-12-23] ()
HKU\***********\...\Run: [EPSON Stylus DX4000 Series] - C:\Windows\system32\spool\DRIVERS\x64\3\E_FATIBEE.EXE /FU "C:\Users\****~1\AppData\Local\Temp\E_S72FE.tmp" /EF "HKCU"
HKU\***********\...\Run: [pdfSaver3] - C:\Program Files (x86)\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe [380928 2004-09-05] (Tracker Software Products Ltd.)
HKU\***********\...\Run: [ALBATTTOOL] - C:\Program Files (x86)\AkkuLine.de\AkkuLine Batterie-Tool\AL-Batterie-Tool.exe

==================== Services (Whitelisted) =================

S2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-09-03] (Avira Operations GmbH & Co. KG)
S2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-09-03] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [815160 2013-09-03] (Avira Operations GmbH & Co. KG)
S2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [168400 2013-07-26] (APN LLC.)
S3 COMSysApp; C:\Windows\SysWow64\dllhost.exe [7168 2009-07-13] (Microsoft Corporation)
S2 IGDCTRL; C:\Program Files\FRITZ!DSL\IGDCTRL.EXE [88888 2009-07-28] (AVM Berlin)
S3 msiserver; C:\Windows\SysWow64\msiexec.exe [73216 2010-11-19] (Microsoft Corporation)
S2 MWLService; C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [305448 2009-09-10] (Egis Technology Inc.)
S2 NMSAccess; C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe [71096 2010-03-04] ()
S3 nosGetPlusHelper; C:\Program Files (x86)\NOS\bin\getPlus_Helper_3004.dll [53248 2011-03-29] (NOS Microsystems Ltd.)
S2 PCSUService; C:\Program Files (x86)\PC Beschleunigen\PCSUService.exe [235232 2011-11-07] ()
S2 VMLiteService; C:\Program Files\VMLite\VMLite Workstation\VMLiteService.exe [426600 2010-08-20] (VMLite, Inc.)
S2 vsmon; C:\Windows\SysWOW64\ZoneLabs\vsmon.exe [2435592 2010-06-28] (Check Point Software Technologies LTD)
S2 Winmgmt; C:\PROGRA~3\emqlv78.pss [61544 2013-10-21] (Microsoft Corporation)
S2 Winmgmt; C:\PROGRA~3\emqlv78.pss [61544 2013-10-21] (Microsoft Corporation)
S2 WSearch; C:\Windows\SysWow64\SearchIndexer.exe [427520 2011-05-03] (Microsoft Corporation)
S2 McAfee SiteAdvisor Service; c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [x]

==================== Drivers (Whitelisted) ====================

S2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [105344 2013-09-03] (Avira Operations GmbH & Co. KG)
S1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132088 2013-09-03] (Avira Operations GmbH & Co. KG)
S1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-08-05] (Avira Operations GmbH & Co. KG)
S0 BMLoad; C:\Windows\System32\drivers\BMLoad.sys [16512 2009-12-14] (Bytemobile, Inc.)
S3 HSPADataCardusbmdm; C:\Windows\System32\DRIVERS\HSPADataCardusbmdm.sys [122752 2011-08-19] (HSPADataCard Incorporated)
S3 HSPADataCardusbnmea; C:\Windows\System32\DRIVERS\HSPADataCardusbnmea.sys [122752 2011-08-19] (HSPADataCard Incorporated)
S3 HSPADataCardusbser; C:\Windows\System32\DRIVERS\HSPADataCardusbser.sys [122752 2011-08-19] (HSPADataCard Incorporated)
S3 MHIKEY10; C:\Windows\System32\Drivers\MHIKEY10x64.sys [59392 2010-04-08] (Generic USB smartcard reader)
S3 s0016bus; C:\Windows\System32\DRIVERS\s0016bus.sys [115240 2008-05-16] (MCCI Corporation)
S3 s0016mdfl; C:\Windows\System32\DRIVERS\s0016mdfl.sys [19496 2008-05-16] (MCCI Corporation)
S3 s0016mdm; C:\Windows\System32\DRIVERS\s0016mdm.sys [158760 2008-05-16] (MCCI Corporation)
S3 s0016mgmt; C:\Windows\System32\DRIVERS\s0016mgmt.sys [137256 2008-05-16] (MCCI Corporation)
S3 s0016nd5; C:\Windows\System32\DRIVERS\s0016nd5.sys [34344 2008-05-16] (MCCI Corporation)
S3 s0016obex; C:\Windows\System32\DRIVERS\s0016obex.sys [136744 2008-05-16] (MCCI Corporation)
S3 s0016unic; C:\Windows\System32\DRIVERS\s0016unic.sys [151592 2008-05-16] (MCCI Corporation)
S3 StarOpen; C:\Windows\System32\Drivers\StarOpen.sys [5504 2009-11-12] ()
S3 StarOpen; C:\Windows\SysWow64\Drivers\StarOpen.sys [7168 2009-11-12] ()
S1 tcpipBM; C:\Windows\system32\drivers\tcpipBM.sys [39552 2009-12-14] (Bytemobile, Inc.)
S2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-11-02] ()
S1 UimBus; C:\Windows\System32\DRIVERS\uimx64.sys [50768 2010-07-14] (Windows (R) 2000 DDK provider)
S1 Uim_IM; C:\Windows\System32\Drivers\Uim_IMx64.sys [566864 2010-07-14] (Paragon)
S3 usbhub; C:\Windows\SysWow64\Drivers\usbhub.sys [57600 2004-08-03] (Microsoft Corporation)
S1 VBoxDrv; C:\Windows\System32\drivers\VBoxDrv.sys [204328 2010-08-11] (VMLite, Inc.)
S3 VBoxNetAdp; C:\Windows\System32\DRIVERS\VBoxNetAdp.sys [146216 2010-08-11] (VMLite, Inc.)
S3 VBoxNetFlt; C:\Windows\System32\DRIVERS\VBoxNetFlt.sys [165800 2010-08-11] (VMLite, Inc.)
S1 vmlitedrv; C:\Windows\System32\drivers\vmlitedrv.sys [14952 2010-08-03] (VMLite, Inc.)
S3 vmlitestor; C:\Windows\System32\DRIVERS\vmlitestor.sys [177768 2010-08-11] (VMLite, Inc.)
S3 VMLiteUSB; C:\Windows\System32\Drivers\VMLiteUSB.sys [150120 2010-08-11] (VMLite, Inc.)
S1 VMLiteUSBMon; C:\Windows\System32\drivers\vmliteusbmon.sys [135272 2010-08-18] (VMLite, Inc.)
S1 Vsdatant; C:\Windows\System32\DRIVERS\vsdatant.sys [458840 2010-05-15] (Check Point Software Technologies LTD)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-10-23 13:10 - 2013-10-23 13:10 - 00000000 ____D C:\FRST
2013-10-21 07:58 - 2013-10-21 07:58 - 00061544 ____T (Microsoft Corporation) C:\ProgramData\emqlv78.pss
2013-09-30 11:56 - 2013-09-30 11:56 - 00001289 _____ C:\Users\***********\Desktop\NZ-Collagebilder.lnk
2013-09-26 10:24 - 2013-09-26 10:36 - 00000000 ____D C:\Users\***********\Desktop\Fotos
2013-09-23 02:28 - 2013-10-03 03:14 - 99014207 _____ C:\Windows\SysWOW64\ӼK

==================== One Month Modified Files and Folders =======

2013-10-23 13:10 - 2013-10-23 13:10 - 00000000 ____D C:\FRST
2013-10-23 02:33 - 2010-03-21 00:24 - 01965520 _____ C:\Windows\WindowsUpdate.log
2013-10-23 02:31 - 2009-07-13 20:45 - 00009696 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-23 02:31 - 2009-07-13 20:45 - 00009696 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-23 02:25 - 2010-08-23 10:37 - 01552982 _____ C:\Users\***********\DesktopStCenter.txt
2013-10-23 02:24 - 2013-02-18 10:51 - 00001122 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-10-23 02:24 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-23 02:23 - 2009-07-13 20:51 - 00138795 _____ C:\Windows\setupact.log
2013-10-23 01:58 - 2010-08-23 11:16 - 00000000 ____D C:\Users\***********\AppData\Roaming\FRITZ!
2013-10-22 21:15 - 2010-08-24 13:57 - 00003986 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{6C97ED24-156C-491D-A131-8DFBAECF877A}
2013-10-21 12:24 - 2013-02-18 10:51 - 00001126 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-10-21 07:58 - 2013-10-21 07:58 - 00061544 ____T (Microsoft Corporation) C:\ProgramData\emqlv78.pss
2013-10-19 09:40 - 2010-03-21 09:16 - 00657910 _____ C:\Windows\System32\perfh007.dat
2013-10-19 09:40 - 2010-03-21 09:16 - 00131250 _____ C:\Windows\System32\perfc007.dat
2013-10-19 09:40 - 2009-07-13 21:13 - 01507342 _____ C:\Windows\System32\PerfStringBackup.INI
2013-10-11 01:08 - 2010-10-05 11:38 - 00000000 ____D C:\ProgramData\boost_interprocess
2013-10-03 03:14 - 2013-09-23 02:28 - 99014207 _____ C:\Windows\SysWOW64\ӼK
2013-10-01 05:14 - 2011-02-26 05:54 - 00000000 ____D C:\Program Files (x86)\ElsterFormular
2013-10-01 05:11 - 2010-08-23 03:32 - 00000000 ____D C:\users\***********
2013-09-30 11:56 - 2013-09-30 11:56 - 00001289 _____ C:\Users\Kampfl Manfred\Desktop\NZ-Collagebilder.lnk
2013-09-30 10:35 - 2010-08-25 02:38 - 00000000 ____D C:\Program Files (x86)\VR-NetWorld
2013-09-29 03:07 - 2011-12-25 12:55 - 00000000 ____D C:\Users\***********\AppData\Roaming\MyPhoneExplorer
2013-09-26 10:36 - 2013-09-26 10:24 - 00000000 ____D C:\Users\***********\Desktop\Fotos

Files to move or delete:
====================
C:\Users\***********\2528698.exe


Some content of TEMP:
====================
C:\Users\***********\AppData\Local\Temp\AskSLib.dll
C:\Users\***********\AppData\Local\Temp\DevSetup32.dll
C:\Users\***********\AppData\Local\Temp\DevSetup64.dll
C:\Users\***********\AppData\Local\Temp\DriverInstall32.exe
C:\Users\***********\AppData\Local\Temp\DriverInstall64.exe
C:\Users\***********\AppData\Local\Temp\jucheck.exe
C:\Users\***********\AppData\Local\Temp\SkypeSetup.exe
C:\Users\***********\AppData\Local\Temp\_isAE2D.exe
C:\Users\***********\AppData\Local\Temp\~tmf9220818717674985402.dll


==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================

17
Restore point made on: 2013-06-15 07:08:35
Restore point made on: 2013-06-15 10:56:38
Restore point made on: 2013-06-16 08:46:03
Restore point made on: 2013-06-24 16:39:43
Restore point made on: 2013-07-17 06:08:05
Restore point made on: 2013-07-30 08:44:52
Restore point made on: 2013-08-10 15:02:02
Restore point made on: 2013-08-11 06:24:39
Restore point made on: 2013-08-14 11:26:45
Restore point made on: 2013-08-22 04:33:03
Restore point made on: 2013-08-31 11:48:56
Restore point made on: 2013-09-11 16:10:33
Restore point made on: 2013-09-19 10:26:44
Restore point made on: 2013-09-22 10:57:44
Restore point made on: 2013-10-16 17:35:40
Restore point made on: 2013-10-23 02:13:46
Restore point made on: 2013-10-23 02:29:20

==================== Memory info =========================== 

Percentage of memory in use: 20%
Total physical RAM: 3958.78 MB
Available physical RAM: 3166.57 MB
Total Pagefile: 3956.93 MB
Available Pagefile: 3190.86 MB
Total Virtual: 8192 MB
Available Virtual: 8191.87 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:294.23 GB) (Free:155.26 GB) NTFS
Drive d: (EigeneDateien) (Fixed) (Total:143.36 GB) (Free:18.78 GB) NTFS
Drive e: (MusikLaptop) (Fixed) (Total:146.48 GB) (Free:82.99 GB) NTFS
Drive g: (PQSERVICE) (Fixed) (Total:12 GB) (Free:1.9 GB) NTFS
Drive i: (*****) (Removable) (Total:0.97 GB) (Free:0.97 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (SYSTEM RESERVED) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596 GB) (Disk ID: C20DB313)
Partition 1: (Not Active) - (Size=12 GB) - (Type=27)
Partition 2: (Active) - (Size=102 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=294 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=290 GB) - (Type=OF Extended)

========================================================
Disk: 1 (Size: 999 MB) (Disk ID: 95D8E83C)
Partition 1: (Active) - (Size=998 MB) - (Type=0B)


LastRegBack: 2013-10-14 09:15

==================== End Of Log ============================

und hier die von Avira Antivirus:

Code:

ATTFilter

Exportierte Ereignisse:

20.10.2013 19:25 [Updater] Update nicht ausgeführt
      Das Update von Computer ************** (127.0.0.1) von 
      "hxxp://80.190.148.75/update" ist fehlgeschlagen.
      Das Engine/VDF Set konnte nicht validiert werden.
      Es wurden keine neuen Dateien geladen.

11.10.2013 11:10 [Updater] Update nicht ausgeführt
      Das Update von Computer ************** (127.0.0.1) von 
      "hxxp://perspeak.avira-update.com/update" ist fehlgeschlagen.
      Während des Herunterladens ist ein Fehler aufgetreten.
      Es wurden keine neuen Dateien geladen.

19.10.2013 03:09 [Updater] Update nicht ausgeführt
      Das Update von Computer ************** (192.168.178.30) von "'unbekannt'" ist 
      fehlgeschlagen.
      Ein vorhergehendes Update hat einen Systemneustart verlangt. Solange dieser 
      nicht ausgeführt wurde sind keine weiteren Updates möglich.
      Es wurden keine neuen Dateien geladen.

19.10.2013 12:09 [Updater] Update nicht ausgeführt
      Das Update von Computer ************** (192.168.178.30) von "'unbekannt'" ist 
      fehlgeschlagen.
      Ein vorhergehendes Update hat einen Systemneustart verlangt. Solange dieser 
      nicht ausgeführt wurde sind keine weiteren Updates möglich.
      Es wurden keine neuen Dateien geladen.

01.10.2013 18:20 [Updater] Update nicht ausgeführt
      Das Update von Computer ************** (127.0.0.1) von 
      "hxxp://perspeak.avira-update.com/update" ist fehlgeschlagen.
      Während des Herunterladens ist ein Fehler aufgetreten.
      Es wurden keine neuen Dateien geladen.

19.10.2013 19:40 [Updater] Update nicht ausgeführt
      Das Update von Computer ************** (192.168.178.30) von "'unbekannt'" ist 
      fehlgeschlagen.
      Ein vorhergehendes Update hat einen Systemneustart verlangt. Solange dieser 
      nicht ausgeführt wurde sind keine weiteren Updates möglich.
      Es wurden keine neuen Dateien geladen.

23.10.2013 11:46 [System-Scanner] Malware gefunden
      Die Datei 'C:\ProgramData\87vlqme.dss'
      enthielt einen Virus oder unerwünschtes Programm 'TR/Reveton.A.2185' [trojan].
      Durchgeführte Aktion(en):
      Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '57c60b43.qua' 
      verschoben!

23.10.2013 11:45 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\ProgramData\87vlqme.dss'
      wurde ein Virus oder unerwünschtes Programm 'TR/Reveton.A.2185' [trojan] 
      gefunden.
      Ausgeführte Aktion: Zugriff verweigern

Vielen Dank schon mal!

schrauber · 23.10.2013, 14:14

hi,

also der Rechner ist nicht mehr gesperrt? Dann jetzt bitte:

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

claro3 · 23.10.2013, 18:39

Richtig, Rechner ist nicht mehr gesperrt.
Hier bin ich aber über einen Zweitrechner. Internet derzeit deaktiviert.
Habe jetzt FRST64 wie gepostet vom Desktop laufen lassen.
FRST (Benutzername wieder ******):

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-10-2013
Ran by ****** (administrator) on PCNAME on 23-10-2013 18:56:35
Running from C:\Users\******\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Could not list processes ===============

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [9913376 2009-12-29] (Realtek Semiconductor)
HKLM\...\Run: [mwlDaemon] - C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe [349480 2009-09-10] (Egis Technology Inc.)
HKLM\...\Run: [NvCplDaemon] - RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1890088 2009-12-10] (Synaptics Incorporated)
HKLM\...\Run: [Acer ePower Management] - C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [860192 2010-02-05] (Acer Incorporated)
HKLM\...\Run: [Windows Mobile Device Center] - C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [itype] - c:\Program Files\Microsoft IntelliType Pro\itype.exe [1873256 2011-08-10] (Microsoft Corporation)
HKCU\...\Run: [EPSON Stylus DX4000 Series] - C:\Windows\system32\spool\DRIVERS\x64\3\E_FATIBEE.EXE /FU "C:\Users\***~1\AppData\Local\Temp\E_S72FE.tmp" /EF "HKCU"
HKCU\...\Run: [pdfSaver3] - C:\Program Files (x86)\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe [380928 2004-09-05] (Tracker Software Products Ltd.)
HKCU\...\Run: [ALBATTTOOL] - C:\Program Files (x86)\AkkuLine.de\AkkuLine Batterie-Tool\AL-Batterie-Tool.exe
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2009-12-24] (Intel Corporation)
HKLM-x32\...\Run: [EgisTecLiveUpdate] - C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe [199464 2009-08-04] (Egis Technology Inc.)
HKLM-x32\...\Run: [BackupManagerTray] - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [265984 2010-01-13] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [LManager] - C:\Program Files (x86)\Launch Manager\LManager.exe [1300560 2010-03-03] (Dritek System Inc.)
HKLM-x32\...\Run: [ZoneAlarm Client] - C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe [1043968 2010-06-28] (Check Point Software Technologies LTD)
HKLM-x32\...\Run: [GrooveMonitor] - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [VirtualCloneDrive] - C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [85160 2009-06-17] (Elaborate Bytes AG)
HKLM-x32\...\Run: [MMReminderService] - C:\Program Files (x86)\Mindjet\MindManager 6\MMReminderService.exe [31232 2006-04-03] (Mindjet)
HKLM-x32\...\Run: [Dictionary4Free] - C:\Program Files (x86)\Dictionary4Free\FreeDict.exe [1388544 2002-05-28] (GEKKO Software GmbH)
HKLM-x32\...\Run: [TkBellExe] - C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe [180269 2010-08-25] (RealNetworks, Inc.)
HKLM-x32\...\Run: [CorelDRAW Graphics Suite 11b] - C:\Program Files (x86)\Corel\Corel Graphics 12\Languages\DE\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=100710 serial=DR12CCF-3407797-WGW lang=DE
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\qttask.exe [98304 2010-10-20] (Apple Computer, Inc.)
HKLM-x32\...\Run: [SearchSettings] - C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe [983904 2012-04-23] (Spigot, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252296 2012-01-17] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [347192 2013-09-03] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [ApnTBMon] - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1558480 2013-07-26] (APN)
HKU\Default\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [154144 2009-12-24] ()
HKU\Default User\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [154144 2009-12-24] ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5741g&r=27360810j745l04c4z125t55k2k53p
URLSearchHook: (No Name) - {B922D405-6D13-4A2B-AE89-08A030DA4402} -  No File
SearchScopes: HKCU - {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = 
SearchScopes: HKCU - {65EE1C2B-720E-4334-BC2A-EBD6AE10C21F} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=302398&p={searchTerms}
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll No File
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Avira SearchFree Toolbar plus Web Protection - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.)
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: CmjBrowserHelperObject Object - {AC41D38F-B56D-40AD-94E0-B493D130C959} - C:\Program Files (x86)\Mindjet\MindManager 6\Mm6InternetExplorer.dll (Mindjet)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\5.6\pdfforgeToolbarIE.dll (Spigot, Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll No File
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
Toolbar: HKLM - QT TabBar - {d2bf470e-ed1c-487f-a333-2bd8835eb6ce} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
Toolbar: HKLM - QT Tab Standard Buttons - {d2bf470e-ed1c-487f-a666-2bd8835eb6ce} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
Toolbar: HKLM-x32 - pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\5.6\pdfforgeToolbarIE.dll (Spigot, Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM-x32 - Avira SearchFree Toolbar plus Web Protection - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll No File
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -  No File
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} -  No File
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} -  No File
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 07 C:\Program Files (x86)\FRITZ!DSL\\sarah.dll [28472] (AVM Berlin)
Winsock: Catalog5-x64 07 %ProgramFiles%\FRITZ!DSL\\sarah.dll [34104] (AVM Berlin)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_265.dll ()
FF Plugin: @java.com/DTPlugin,version=10.4.0 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.4.0 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.4.0 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.4.0 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nosltd.com/getPlus+(R),version=1.6.2.102 - C:\Program Files (x86)\NOS\bin\np_gp.dll (NOS Microsystems Ltd.)
FF Plugin-x32: @real.com/nppl3260;version=6.0.11.2027 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprjplug;version=1.0.2.2088 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpjplug;version=6.0.12.1040 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [ff-bmboc@bytemobile.com] - C:\Program Files (x86)\congstar\Internet-Manager\Bin\addon
FF Extension: Bytemobile Optimization Client - C:\Program Files (x86)\congstar\Internet-Manager\Bin\addon

Chrome: 
=======
CHR HomePage: hxxp://www.google.com/
CHR RestoreOnStartup:             "urls_to_restore_on_startup": [
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.95\PepperFlash\pepflashplayer.dll ()
CHR Extension: (YouTube) - C:\Users\***~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0
CHR Extension: (Google Search) - C:\Users\***~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0
CHR Extension: (Gmail) - C:\Users\***~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM-x32\...\Chrome\Extension: [aaaaacalgebmfelllfiaoknifldpngjh] - C:\ProgramData\AskPartnerNetwork\Toolbar\AVIRA-V7\CRX\ToolbarCR.crx

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-09-03] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-09-03] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [815160 2013-09-03] (Avira Operations GmbH & Co. KG)
R2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [168400 2013-07-26] (APN LLC.)
S3 COMSysApp; C:\Windows\SysWow64\dllhost.exe [7168 2009-07-14] (Microsoft Corporation)
R2 IGDCTRL; C:\Program Files\FRITZ!DSL\IGDCTRL.EXE [88888 2009-07-28] (AVM Berlin)
S3 msiserver; C:\Windows\SysWow64\msiexec.exe [73216 2010-11-20] (Microsoft Corporation)
R2 MWLService; C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [305448 2009-09-10] (Egis Technology Inc.)
R2 NMSAccess; C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe [71096 2010-03-04] ()
S3 nosGetPlusHelper; C:\Program Files (x86)\NOS\bin\getPlus_Helper_3004.dll [53248 2011-03-29] (NOS Microsystems Ltd.)
R2 PCSUService; C:\Program Files (x86)\PC Beschleunigen\PCSUService.exe [235232 2011-11-07] ()
R2 VMLiteService; C:\Program Files\VMLite\VMLite Workstation\VMLiteService.exe [426600 2010-08-21] (VMLite, Inc.)
R2 vsmon; C:\Windows\SysWOW64\ZoneLabs\vsmon.exe [2435592 2010-06-28] (Check Point Software Technologies LTD)
S2 Winmgmt; C:\PROGRA~3\emqlv78.pss [61544 2013-10-21] (Microsoft Corporation)
S2 Winmgmt; C:\PROGRA~3\emqlv78.pss [61544 2013-10-21] (Microsoft Corporation)
R2 WSearch; C:\Windows\SysWow64\SearchIndexer.exe [427520 2011-05-04] (Microsoft Corporation)
S2 McAfee SiteAdvisor Service; c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [x]

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [105344 2013-09-03] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132088 2013-09-03] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-08-05] (Avira Operations GmbH & Co. KG)
R0 BMLoad; C:\Windows\System32\drivers\BMLoad.sys [16512 2009-12-15] (Bytemobile, Inc.)
S3 HSPADataCardusbmdm; C:\Windows\System32\DRIVERS\HSPADataCardusbmdm.sys [122752 2011-08-19] (HSPADataCard Incorporated)
S3 HSPADataCardusbnmea; C:\Windows\System32\DRIVERS\HSPADataCardusbnmea.sys [122752 2011-08-19] (HSPADataCard Incorporated)
S3 HSPADataCardusbser; C:\Windows\System32\DRIVERS\HSPADataCardusbser.sys [122752 2011-08-19] (HSPADataCard Incorporated)
S3 MHIKEY10; C:\Windows\System32\Drivers\MHIKEY10x64.sys [59392 2010-04-09] (Generic USB smartcard reader)
S3 s0016bus; C:\Windows\System32\DRIVERS\s0016bus.sys [115240 2008-05-16] (MCCI Corporation)
S3 s0016mdfl; C:\Windows\System32\DRIVERS\s0016mdfl.sys [19496 2008-05-16] (MCCI Corporation)
S3 s0016mdm; C:\Windows\System32\DRIVERS\s0016mdm.sys [158760 2008-05-16] (MCCI Corporation)
S3 s0016mgmt; C:\Windows\System32\DRIVERS\s0016mgmt.sys [137256 2008-05-16] (MCCI Corporation)
S3 s0016nd5; C:\Windows\System32\DRIVERS\s0016nd5.sys [34344 2008-05-16] (MCCI Corporation)
S3 s0016obex; C:\Windows\System32\DRIVERS\s0016obex.sys [136744 2008-05-16] (MCCI Corporation)
S3 s0016unic; C:\Windows\System32\DRIVERS\s0016unic.sys [151592 2008-05-16] (MCCI Corporation)
S3 StarOpen; C:\Windows\System32\Drivers\StarOpen.sys [5504 2009-11-12] ()
S3 StarOpen; C:\Windows\SysWow64\Drivers\StarOpen.sys [7168 2009-11-12] ()
R1 tcpipBM; C:\Windows\system32\drivers\tcpipBM.sys [39552 2009-12-15] (Bytemobile, Inc.)
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-11-02] ()
S1 UimBus; C:\Windows\System32\DRIVERS\uimx64.sys [50768 2010-07-14] (Windows (R) 2000 DDK provider)
S1 Uim_IM; C:\Windows\System32\Drivers\Uim_IMx64.sys [566864 2010-07-14] (Paragon)
R3 usbhub; C:\Windows\SysWow64\Drivers\usbhub.sys [57600 2004-08-03] (Microsoft Corporation)
R1 VBoxDrv; C:\Windows\System32\drivers\VBoxDrv.sys [204328 2010-08-11] (VMLite, Inc.)
S3 VBoxNetAdp; C:\Windows\System32\DRIVERS\VBoxNetAdp.sys [146216 2010-08-11] (VMLite, Inc.)
R3 VBoxNetFlt; C:\Windows\System32\DRIVERS\VBoxNetFlt.sys [165800 2010-08-11] (VMLite, Inc.)
R1 vmlitedrv; C:\Windows\System32\drivers\vmlitedrv.sys [14952 2010-08-03] (VMLite, Inc.)
R3 vmlitestor; C:\Windows\System32\DRIVERS\vmlitestor.sys [177768 2010-08-11] (VMLite, Inc.)
S3 VMLiteUSB; C:\Windows\System32\Drivers\VMLiteUSB.sys [150120 2010-08-11] (VMLite, Inc.)
R1 VMLiteUSBMon; C:\Windows\System32\drivers\vmliteusbmon.sys [135272 2010-08-18] (VMLite, Inc.)
R1 Vsdatant; C:\Windows\System32\DRIVERS\vsdatant.sys [458840 2010-05-15] (Check Point Software Technologies LTD)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-10-23 23:10 - 2013-10-23 23:10 - 00000000 ____D C:\FRST
2013-10-23 18:25 - 2013-10-23 13:03 - 01954682 _____ (Farbar) C:\Users\******\Desktop\FRST64.exe
2013-10-21 17:58 - 2013-10-21 17:58 - 00061544 ____T (Microsoft Corporation) C:\ProgramData\emqlv78.pss
2013-09-30 21:56 - 2013-09-30 21:56 - 00001289 _____ C:\Users\******\Desktop\NZ-Collagebilder.lnk
2013-09-26 20:24 - 2013-09-26 20:36 - 00000000 ____D C:\Users\******\Desktop\Fotos
2013-09-23 12:28 - 2013-10-03 13:14 - 99014207 _____ C:\Windows\SysWOW64\ӼK

==================== One Month Modified Files and Folders =======

2013-10-23 23:10 - 2013-10-23 23:10 - 00000000 ____D C:\FRST
2013-10-23 18:59 - 2010-03-21 10:24 - 01984843 _____ C:\Windows\WindowsUpdate.log
2013-10-23 18:59 - 2009-07-14 06:45 - 00009696 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-23 18:59 - 2009-07-14 06:45 - 00009696 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-23 18:53 - 2010-08-23 20:37 - 01554234 _____ C:\Users\******\DesktopStCenter.txt
2013-10-23 18:51 - 2013-02-18 20:51 - 00001122 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-10-23 18:51 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-23 18:51 - 2009-07-14 06:51 - 00139019 _____ C:\Windows\setupact.log
2013-10-23 18:24 - 2013-02-18 20:51 - 00001126 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-10-23 14:30 - 2009-07-14 07:08 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-10-23 13:22 - 2010-08-23 13:32 - 00000000 ____D C:\Users\******
2013-10-23 13:03 - 2013-10-23 18:25 - 01954682 _____ (Farbar) C:\Users\******\Desktop\FRST64.exe
2013-10-23 12:26 - 2010-08-23 13:34 - 00000000 ___RD C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-10-23 11:58 - 2010-08-23 21:16 - 00000000 ____D C:\Users\******\AppData\Roaming\FRITZ!
2013-10-23 07:15 - 2010-08-24 23:57 - 00003986 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{6C97ED24-156C-491D-A131-8DFBAECF877A}
2013-10-21 17:58 - 2013-10-21 17:58 - 00061544 ____T (Microsoft Corporation) C:\ProgramData\emqlv78.pss
2013-10-19 19:40 - 2010-03-21 19:16 - 00657910 _____ C:\Windows\system32\perfh007.dat
2013-10-19 19:40 - 2010-03-21 19:16 - 00131250 _____ C:\Windows\system32\perfc007.dat
2013-10-19 19:40 - 2009-07-14 07:13 - 01507342 _____ C:\Windows\system32\PerfStringBackup.INI
2013-10-11 11:08 - 2010-10-05 21:38 - 00000000 ____D C:\ProgramData\boost_interprocess
2013-10-03 13:14 - 2013-09-23 12:28 - 99014207 _____ C:\Windows\SysWOW64\ӼK
2013-10-01 15:14 - 2011-02-26 15:54 - 00000000 ____D C:\Program Files (x86)\ElsterFormular
2013-09-30 21:56 - 2013-09-30 21:56 - 00001289 _____ C:\Users\******\Desktop\NZ-Collagebilder.lnk
2013-09-30 20:35 - 2010-08-25 12:38 - 00000000 ____D C:\Program Files (x86)\VR-NetWorld
2013-09-29 13:07 - 2011-12-25 22:55 - 00000000 ____D C:\Users\******\AppData\Roaming\MyPhoneExplorer
2013-09-26 20:36 - 2013-09-26 20:24 - 00000000 ____D C:\Users\******\Desktop\Fotos

Some content of TEMP:
====================
C:\Users\******\AppData\Local\Temp\AskSLib.dll
C:\Users\******\AppData\Local\Temp\DevSetup32.dll
C:\Users\******\AppData\Local\Temp\DevSetup64.dll
C:\Users\******\AppData\Local\Temp\DriverInstall32.exe
C:\Users\******\AppData\Local\Temp\DriverInstall64.exe
C:\Users\******\AppData\Local\Temp\jucheck.exe
C:\Users\******\AppData\Local\Temp\SkypeSetup.exe
C:\Users\******\AppData\Local\Temp\_isAE2D.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-10-14 19:15

==================== End Of Log ============================

--- --- ---

--- --- ---

Addition:

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-10-2013
Ran by ********* at 2013-10-23 19:02:21
Running from C:\Users\*********\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

Could not list Security Center items. Check WMI.


==================== Installed Programs ======================

 Update for Microsoft Office 2007 (KB2508958) (x32)
Acer Backup Manager (x32 Version: 2.0.0.58)
Acer Crystal Eye webcam (x32 Version: 1.0.1.4)
Acer ePower Management (x32 Version: 5.00.3002)
Acer eRecovery Management (x32 Version: 4.05.3006)
Acer Registration (x32 Version: 1.02.3006)
Acer ScreenSaver (x32 Version: 1.1.0105.2010)
Acer Updater (x32 Version: 1.01.3017)
Acrobat.com (x32 Version: 1.6.65)
Adobe AIR (x32 Version: 1.5.0.7220)
Adobe Download Manager (x32 Version: 1.6.2.102)
Adobe Flash Player 11 ActiveX (x32 Version: 11.8.800.175)
Adobe Flash Player 11 Plugin (x32 Version: 11.3.300.265)
Adobe Reader X (10.1.8) - Deutsch (x32 Version: 10.1.8)
Audacity 1.2.6 (x32)
Avira Free Antivirus (x32 Version: 13.0.0.4052)
Avira SearchFree Toolbar plus Web Protection (x32 Version: 12.2.2.663)
AVM FRITZ!Box Dokumentation (x32)
AVM FRITZ!Box Druckeranschluss (x32)
AVS Update Manager 1.0 (x32)
AVS Video Converter 6 (x32)
AVS Video Editor 4 (x32)
AVS4YOU Software Navigator 1.3 (x32)
Backup Manager Basic (x32 Version: 2.0.0.58)
BenVista PhotoZoom Classic 2.0 (HKCU Version: 2.0)
Broadcom Gigabit NetLink Controller (Version: 12.52.01)
Canon Utilities PhotoStitch (x32 Version: 3.1.20.44)
CCleaner (x32 Version: 2.36)
CDBurnerXP (x32 Version: 4.3.7.2356)
CloneDVD2 (x32)
Compatibility Pack für 2007 Office System (x32 Version: 12.0.6612.1000)
congstar Internet-Manager (x32 Version: 1.0.0.3)
CorelDRAW Graphics Suite 12 (x32 Version: 12.0.0.458)
CyberLink PowerDVD 9 (x32 Version: 9.0.2529.50)
Desk Drive (Version: 1.8.1)
Duden Tipptrainer 3.0 (x32 Version: 3.0.0.0)
ElsterFormular (x32 Version: 14.1.11318)
Epson Easy Photo Print 2 (x32 Version: 2.2.0.0)
Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) (x32 Version: 1.00.0000)
EPSON-Drucker-Software
ESDX4000_4050_CX3900 (x32)
Falk Navi-Manager (x32 Version: 2.2.0.0)
Falk Navi-Manager (x32 Version: 2.2.2)
FloorPlan 3D V.9 (x32 Version: 9.0)
Free Studio version 5.3.5 (x32 Version: 5.3.5)
Free YouTube to MP3 Converter version 3.12.1.319 (x32 Version: 3.12.1.319)
FreeCommander 2009.02 (x32 Version: 2009.02)
FreeFileSync v3.8 (x32)
FRITZ!DSL64 (Version: 2.04.03)
GIMP 2.6.10 (x32 Version: 2.6.10)
Google Chrome (x32 Version: 22.0.1229.95)
Google Earth (x32 Version: 5.2.1.1547)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0)
Google Toolbar for Internet Explorer (x32 Version: 7.4.3230.2052)
Google Update Helper (x32 Version: 1.3.21.135)
Identity Card (x32 Version: 1.00.3003)
Intel(R) Control Center (x32 Version: 1.2.1.1007)
Intel(R) Management Engine Components (x32 Version: 6.0.0.1179)
Intel(R) Rapid Storage Technology (x32 Version: 9.5.6.1001)
Intel(R) Turbo Boost Technology Driver (x32 Version: 01.00.01.1002)
Internet-TV für Windows Media Center (x32 Version: 4.2.2.0)
Java Auto Updater (x32 Version: 2.1.6.0)
Java(TM) 7 Update 4 (64-bit) (Version: 7.0.40)
Java(TM) 7 Update 4 (x32 Version: 7.0.40)
Junk Mail filter update (x32 Version: 14.0.8089.726)
Launch Manager (x32 Version: 4.0.6)
Lidl-Fotos (x32)
LingoMAXX Dictionary4Free (x32)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Choice Guard (x32 Version: 2.0.48.0)
Microsoft IntelliType Pro 8.2 (Version: 8.20.469.0)
Microsoft Office 2007 Service Pack 3 (SP3) (x32)
Microsoft Office Access MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Enterprise 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (x32 Version: 14.0.5130.5003)
Microsoft Office Groove MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office InfoPath MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Live Add-in 1.5 (x32 Version: 2.0.4024.1)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office PowerPoint Viewer 2007 (German) (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32)
Microsoft Office Publisher MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (x32 Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (x32 Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Mindjet MindManager Pro 6 (x32 Version: 6.1.809)
MSVCRT (x32 Version: 14.0.1468.721)
MSXML 4.0 SP2 Parser and SDK (x32 Version: 4.20.9818.0)
MSXML 4.0 SP3 Parser (KB2721691) (x32 Version: 4.30.2114.0)
MSXML 4.0 SP3 Parser (KB2758694) (x32 Version: 4.30.2117.0)
MSXML 4.0 SP3 Parser (KB973685) (x32 Version: 4.30.2107.0)
MyPhoneExplorer (x32 Version: 1.8.2)
MyWinLocker (x32 Version: 3.1.76.0)
NTI Media Maker 8 (x32 Version: 8.0.2.6509)
NVIDIA Drivers (Version: 1.10)
NVIDIA HD-Audiotreiber 1.3.18.0 (Version: 1.3.18.0)
NVIDIA Install Application (Version: 2.1002.109.718)
Office-Bibliothek 4.1 (x32)
Opera 12.02 (Version: 12.02.1578)
PC Beschleunigen - Vollständige Deinstallation (Version: 2.3.18)
PDFCreator (x32 Version: 1.0.2)
pdfforge Toolbar v5.6 (x32 Version: 5.6)
PDF-XChange 3.0 (x32)
Picasa 3 (x32 Version: 3.9)
PixelNet Software 4.12.1 (x32 Version: 4.12.1)
QTTabBar 1.5.0.0 Alpha 3
QuickTime (x32)
RealPlayer (x32)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6015)
Realtek USB 2.0 Card Reader (x32 Version: 6.1.7600.30113)
S.A.D. AntiSpy - PC Welt Edition (x32 Version: S.A.D. AntiSpy)
Skype Click to Call (x32 Version: 5.6.8442)
Skype™ 5.10 (x32 Version: 5.10.116)
Sony Ericsson Update Engine (x32 Version: 2.11.12.9)
Sony PC Companion 2.10.053 (x32 Version: 2.10.053)
Synaptics Pointing Device Driver (Version: 14.0.19.0)
Texas Hold'em Poker 7.1 (x32)
Überwachungstool für die Intel® Turbo-Boost-Technik (Version: 1.0.186.6)
uMedia uTV (x32 Version: 1.00.000)
Uninstall 1.0.0.1 (x32)
Update for 2007 Microsoft Office System (KB967642) (x32)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (x32)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (x32)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2825641) 32-Bit Edition (x32)
Update für Microsoft Office Excel 2007 Help (KB963678) (x32)
Update für Microsoft Office Outlook 2007 Help (KB963677) (x32)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (x32)
Update für Microsoft Office Word 2007 Help (KB963665) (x32)
VirtualCloneDrive (x32)
VLC media player 1.0.5 (x32 Version: 1.0.5)
VMLite Workstation (Version: 3.2.6)
VR-NetWorld (x32)
Walter de Gruyter - Pschyrembel (x32)
Welcome Center (x32 Version: 1.00.3012)
Winamp (x32 Version: 5.581 )
Winamp Erkennungs-Plug-in (HKCU Version: 1.0.0.1)
Windows Live Anmelde-Assistent (x32 Version: 5.000.818.5)
Windows Live Call (x32 Version: 14.0.8064.0206)
Windows Live Communications Platform (x32 Version: 14.0.8064.206)
Windows Live Essentials (x32 Version: 14.0.8089.0726)
Windows Live Essentials (x32 Version: 14.0.8089.726)
Windows Live Fotogalerie (x32 Version: 14.0.8081.709)
Windows Live Mail (x32 Version: 14.0.8089.0726)
Windows Live Messenger (x32 Version: 14.0.8089.0726)
Windows Live Movie Maker (x32 Version: 14.0.8091.0730)
Windows Live Sync (x32 Version: 14.0.8089.726)
Windows Live Writer (x32 Version: 14.0.8089.0726)
Windows Live-Uploadtool (x32 Version: 14.0.8014.1029)
Windows Media Center Add-in for Silverlight (x32 Version: 4.7.3.0)
Windows Mobile-Gerätecenter (Version: 6.1.6965.0)
Windows XP Mode (Version: 1.3.7600.16422)
WinRAR (x32)
Wise Registry Cleaner Free 5.61 (x32 Version: 5.61)
XMedia Recode Version 3.1.4.6 (x32 Version: 3.1.4.6)
YouTube Downloader 2.5.7 (x32)
ZoneAlarm (x32 Version: 9.2.058.000)

==================== Restore Points  =========================

Could not list Restore Points. Check WMI.


==================== Hosts content: ==========================

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {1944485E-E7C5-4662-8225-39BFEFBF0AC6} - System32\Tasks\{486325DA-5C15-4B5E-944F-B847615AE7FF} => C:\Windows\twain_32\escndv\escndv.exe
Task: {1D88A44C-90F0-4119-B4BE-EBE47914E9D5} - System32\Tasks\Wise Registry Cleaner Schedule Task => C:\Program Files (x86)\WiseRegistryCleaner\WiseRegistryCleaner.exe [2010-09-16] (WiseCleaner.com)
Task: {353DA2D9-981C-44CA-81DC-6D457779C60E} - System32\Tasks\{28E83467-8D27-425C-975A-56CA8CA054C4} => X:\INSTALL.EXE
Task: {35C36EF1-B9AC-40B5-BC4B-686BA9A13053} - System32\Tasks\{4CCCC847-BB75-4845-9293-E1D10FAE9B36} => X:\INSTALL.EXE
Task: {3D0E7DB8-EA93-465B-8053-6D26D3BCE449} - System32\Tasks\{E03B8769-7AE7-45BC-86F3-9685FFD46F59} => X:\INSTALL.EXE
Task: {4ADAD749-F773-439D-8390-D8BF0450FCAA} - System32\Tasks\{AB9763CF-E13A-47B5-B368-92BE69590847} => X:\INSTALL.EXE
Task: {4E3A7C3A-DDAE-4E7F-A024-1A5030734CC6} - System32\Tasks\{28514D77-1349-435B-B904-ACCEF9C2F7F2} => X:\INSTALL.EXE
Task: {5BC14766-F219-42E2-8FCD-3FA91D64F78E} - System32\Tasks\{AECE50AF-511B-4D99-936B-6387884EC6E3} => C:\Windows\twain_32\escndv\escndv.exe
Task: {6110E459-E314-4BCB-8CF9-DC3524927D95} - System32\Tasks\{7CE3FCFA-7DCF-4A44-8DDD-B0642109DBEC} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2012-07-13] (Skype Technologies S.A.)
Task: {8940E673-5D65-4AF9-811D-4E8D5327C3C9} - System32\Tasks\Microsoft_Hardware_Launch_IType_exe => c:\Program Files\Microsoft IntelliType Pro\IType.exe [2011-08-10] (Microsoft Corporation)
Task: {8B22F63F-2D66-476B-968B-B11F2262A10F} - System32\Tasks\{184AD4E1-BD9F-4983-A15A-54BF7EB0404D} => C:\Program Files (x86)\MegaSystems\Mensch 4D\GKMensch.exe
Task: {8E312D4F-2DBF-4ED7-B428-3590864B663C} - System32\Tasks\{0CFEA78F-1AA4-462C-ADEB-DBDF892E70CD} => X:\INSTALL.EXE
Task: {96A69100-1A7A-420C-A8BE-B44D6D0A6528} - System32\Tasks\{2DBCFDBB-AA5C-4689-9150-268314FD5F2B} => X:\INSTALL.EXE
Task: {AC469687-D0B6-46EA-A62F-2BFD09432E20} - System32\Tasks\{8B11AF01-B1A5-4387-9498-64CC12C0DCFB} => X:\INSTALL.EXE
Task: {B160D1F2-DCF0-4416-8AA1-DE41A0212881} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe [2010-02-23] (Microsoft Corporation)
Task: {B2A14DC5-2992-48EB-8FD4-8DB51BF94C91} - System32\Tasks\{8BFC955D-0105-4351-8F8D-4D64F31F0EB5} => Iexplore.exe hxxp://ui.skype.com/ui/0/4.1.0.179.367/de/abandoninstall?source=lightinstaller&amp;page=tsMain&amp;installinfo=google-toolbar:notoffered;notincluded,google-chrome:notoffered;notincluded
Task: {B3056FD0-2E7F-4780-B927-6F93CCA67D3A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-02-18] (Google Inc.)
Task: {C1468938-4464-466B-9DE7-0C4DACCEC7E8} - System32\Tasks\{8C958137-3591-46A4-832A-2A31B17766DF} => C:\Program Files (x86)\MegaSystems\Mensch 4D\GKMensch.exe
Task: {CFBF9EA6-792E-44C3-B399-9278DC06701D} - System32\Tasks\{0F720B8C-B181-4773-B741-7CC9088BD67B} => Iexplore.exe hxxp://ui.skype.com/ui/0/4.1.0.179.367/de/abandoninstall?source=lightinstaller&amp;page=tsMain&amp;installinfo=google-toolbar:notoffered;notincluded,google-chrome:notoffered;notincluded
Task: {D4F8F8CD-6088-4F07-923F-262C47E33188} - System32\Tasks\{97D61391-502B-4181-9210-EFBF648D6692} => X:\INSTALL.EXE
Task: {E65F8E99-7692-4E01-917B-B91DB6606102} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-02-18] (Google Inc.)
Task: {E7EDBC53-AB91-49CC-9BC1-F24A19CF4B67} - System32\Tasks\{5EFDA44C-1A62-4E07-B9F3-E200CDDD60FF} => C:\Windows\twain_32\escndv\escndv.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Wise Registry Cleaner Schedule Task.job => C:\Program Files (x86)\WiseRegistryCleaner\WiseRegistryCleaner.exe

==================== Loaded Modules (whitelisted) =============


==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Windows:436B3293FE094DB2
AlternateDataStreams: C:\ProgramData\Temp:0B9176C0
AlternateDataStreams: C:\ProgramData\Temp:4CF61E54
AlternateDataStreams: C:\ProgramData\Temp:4D066AD2
AlternateDataStreams: C:\ProgramData\Temp:5D7E5A8F
AlternateDataStreams: C:\ProgramData\Temp:93DE1838
AlternateDataStreams: C:\ProgramData\Temp:AB689DEA
AlternateDataStreams: C:\ProgramData\Temp:ABE89FFE
AlternateDataStreams: C:\ProgramData\Temp:E1F04E8D
AlternateDataStreams: C:\ProgramData\Temp:E3C56885

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsmon => ""="Service"

==================== Faulty Device Manager Devices =============

Could not list Devices. Check WMI.


==================== Event log errors: =========================

Application errors:
==================
Error: (10/23/2013 06:54:04 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: ePowerTray.exe, Version: 5.0.3002.0, Zeitstempel: 0x4b6c0cd9
Name des fehlerhaften Moduls: ePowerTray.exe, Version: 5.0.3002.0, Zeitstempel: 0x4b6c0cd9
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000001e99
ID des fehlerhaften Prozesses: 0xe00
Startzeit der fehlerhaften Anwendung: 0xePowerTray.exe0
Pfad der fehlerhaften Anwendung: ePowerTray.exe1
Pfad des fehlerhaften Moduls: ePowerTray.exe2
Berichtskennung: ePowerTray.exe3

Error: (10/23/2013 02:32:39 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: ePowerTray.exe, Version: 5.0.3002.0, Zeitstempel: 0x4b6c0cd9
Name des fehlerhaften Moduls: ePowerTray.exe, Version: 5.0.3002.0, Zeitstempel: 0x4b6c0cd9
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000001e99
ID des fehlerhaften Prozesses: 0xdac
Startzeit der fehlerhaften Anwendung: 0xePowerTray.exe0
Pfad der fehlerhaften Anwendung: ePowerTray.exe1
Pfad des fehlerhaften Moduls: ePowerTray.exe2
Berichtskennung: ePowerTray.exe3

Error: (10/23/2013 01:35:12 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: ePowerTray.exe, Version: 5.0.3002.0, Zeitstempel: 0x4b6c0cd9
Name des fehlerhaften Moduls: ePowerTray.exe, Version: 5.0.3002.0, Zeitstempel: 0x4b6c0cd9
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000001e99
ID des fehlerhaften Prozesses: 0xee0
Startzeit der fehlerhaften Anwendung: 0xePowerTray.exe0
Pfad der fehlerhaften Anwendung: ePowerTray.exe1
Pfad des fehlerhaften Moduls: ePowerTray.exe2
Berichtskennung: ePowerTray.exe3

Error: (10/23/2013 01:33:55 PM) (Source: System Restore) (User: )
Description: Der ausgewählte Wiederherstellungspunkt wurde während der Wiederherstellung beschädigt oder gelöscht (Geplanter Prüfpunkt).

Error: (10/23/2013 01:23:49 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: ePowerTray.exe, Version: 5.0.3002.0, Zeitstempel: 0x4b6c0cd9
Name des fehlerhaften Moduls: ePowerTray.exe, Version: 5.0.3002.0, Zeitstempel: 0x4b6c0cd9
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000001e99
ID des fehlerhaften Prozesses: 0xf48
Startzeit der fehlerhaften Anwendung: 0xePowerTray.exe0
Pfad der fehlerhaften Anwendung: ePowerTray.exe1
Pfad des fehlerhaften Moduls: ePowerTray.exe2
Berichtskennung: ePowerTray.exe3

Error: (10/23/2013 01:20:17 PM) (Source: System Restore) (User: )
Description: Der ausgewählte Wiederherstellungspunkt wurde während der Wiederherstellung beschädigt oder gelöscht (Geplanter Prüfpunkt).

Error: (10/23/2013 00:27:00 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: ePowerTray.exe, Version: 5.0.3002.0, Zeitstempel: 0x4b6c0cd9
Name des fehlerhaften Moduls: ePowerTray.exe, Version: 5.0.3002.0, Zeitstempel: 0x4b6c0cd9
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000001e99
ID des fehlerhaften Prozesses: 0xdcc
Startzeit der fehlerhaften Anwendung: 0xePowerTray.exe0
Pfad der fehlerhaften Anwendung: ePowerTray.exe1
Pfad des fehlerhaften Moduls: ePowerTray.exe2
Berichtskennung: ePowerTray.exe3

Error: (10/23/2013 00:08:07 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: ePowerTray.exe, Version: 5.0.3002.0, Zeitstempel: 0x4b6c0cd9
Name des fehlerhaften Moduls: ePowerTray.exe, Version: 5.0.3002.0, Zeitstempel: 0x4b6c0cd9
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000001e99
ID des fehlerhaften Prozesses: 0xe2c
Startzeit der fehlerhaften Anwendung: 0xePowerTray.exe0
Pfad der fehlerhaften Anwendung: ePowerTray.exe1
Pfad des fehlerhaften Moduls: ePowerTray.exe2
Berichtskennung: ePowerTray.exe3

Error: (10/23/2013 11:47:21 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: ePowerTray.exe, Version: 5.0.3002.0, Zeitstempel: 0x4b6c0cd9
Name des fehlerhaften Moduls: ePowerTray.exe, Version: 5.0.3002.0, Zeitstempel: 0x4b6c0cd9
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000001e99
ID des fehlerhaften Prozesses: 0xdf0
Startzeit der fehlerhaften Anwendung: 0xePowerTray.exe0
Pfad der fehlerhaften Anwendung: ePowerTray.exe1
Pfad des fehlerhaften Moduls: ePowerTray.exe2
Berichtskennung: ePowerTray.exe3

Error: (10/23/2013 07:15:30 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: ePowerTray.exe, Version: 5.0.3002.0, Zeitstempel: 0x4b6c0cd9
Name des fehlerhaften Moduls: ePowerTray.exe, Version: 5.0.3002.0, Zeitstempel: 0x4b6c0cd9
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000001e99
ID des fehlerhaften Prozesses: 0xe98
Startzeit der fehlerhaften Anwendung: 0xePowerTray.exe0
Pfad der fehlerhaften Anwendung: ePowerTray.exe1
Pfad des fehlerhaften Moduls: ePowerTray.exe2
Berichtskennung: ePowerTray.exe3


System errors:
=============
Error: (10/23/2013 07:06:04 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet: 
%%127

Error: (10/23/2013 07:05:34 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet: 
%%127

Error: (10/23/2013 07:05:04 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet: 
%%127

Error: (10/23/2013 07:04:34 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet: 
%%127

Error: (10/23/2013 07:04:04 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet: 
%%127

Error: (10/23/2013 07:03:34 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet: 
%%127

Error: (10/23/2013 07:03:04 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet: 
%%127

Error: (10/23/2013 07:02:34 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet: 
%%127

Error: (10/23/2013 07:02:04 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet: 
%%127

Error: (10/23/2013 07:01:34 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet: 
%%127


Microsoft Office Sessions:
=========================
Error: (03/14/2013 11:27:49 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 139 seconds with 60 seconds of active time.  This session ended with a crash.

Error: (08/25/2010 02:52:21 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6535.5005, Microsoft Office Version: 12.0.6425.1000. This session lasted 91 seconds with 60 seconds of active time.  This session ended with a crash.


==================== Memory info =========================== 

Percentage of memory in use: 37%
Total physical RAM: 3958.78 MB
Available physical RAM: 2471.92 MB
Total Pagefile: 7915.74 MB
Available Pagefile: 6169.07 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:294.23 GB) (Free:154.34 GB) NTFS
Drive e: (EigeneDateien) (Fixed) (Total:143.36 GB) (Free:18.79 GB) NTFS
Drive g: (MusikLaptop) (Fixed) (Total:146.48 GB) (Free:82.99 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596 GB) (Disk ID: C20DB313)
Partition 1: (Not Active) - (Size=12 GB) - (Type=27)
Partition 2: (Active) - (Size=102 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=294 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=290 GB) - (Type=OF Extended)

==================== End Of Log ============================

schrauber · 24.10.2013, 09:35

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

S2 Winmgmt; C:\PROGRA~3\emqlv78.pss [61544 2013-10-21] (Microsoft Corporation)
S2 Winmgmt; C:\PROGRA~3\emqlv78.pss [61544 2013-10-21] (Microsoft Corporation)
C:\ProgramData\emqlv78.pss

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

http://download.bleepingcomputer.com.../7/Winmgmt.reg
laden, asuführen, erlauben.

und ein frisches FRST log bitte.

claro3 · 24.10.2013, 23:22

Habe alles Schritt für Schritt ausgeführt. Hier die entsprechenden Dateien:
Fixlog:

Code:

ATTFilter

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 22-10-2013
Ran by Kampfl Manfred at 2013-10-24 22:36:21 Run:1
Running from C:\Users\***********\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
S2 Winmgmt; C:\PROGRA~3\emqlv78.pss [61544 2013-10-21] (Microsoft Corporation)
S2 Winmgmt; C:\PROGRA~3\emqlv78.pss [61544 2013-10-21] (Microsoft Corporation)
C:\ProgramData\emqlv78.pss
         
*****************

Winmgmt => Service restored successfully.
Winmgmt => Service restored successfully.
C:\ProgramData\emqlv78.pss => Moved successfully.

==== End of Fixlog ====

.... Logfile der Anti-Malware:

Code:

ATTFilter

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.10.24.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16686
************ :: ************ [Administrator]

24.10.2013 22:46:51
mbam-log-2013-10-24 (22-46-51).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 226776
Laufzeit: 7 Minute(n), 55 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 9
HKCR\CLSID\{E9B5B0D2-D08A-49FC-8B5C-159B60BAA268} (PUP.Optional.PCSpeedUp.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\CLSID\{B89F5C49-51DB-4974-AB5A-E25901AA339C} (PUP.Optional.PCSpeedUp.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\TypeLib\{3157E247-2784-4028-BF0F-52D6DDC70E1B} (PUP.Optional.PCSpeedUp.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\Interface\{6C42038D-817A-472C-8C2A-EF46F1DA576D} (PUP.Optional.PCSpeedUp.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\PCSU.SysUtils.1 (PUP.Optional.PCSpeedUp.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\PCSU.SysUtils (PUP.Optional.PCSpeedUp.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\PCSU.Registry.1 (PUP.Optional.PCSpeedUp.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\PCSU.Registry (PUP.Optional.PCSpeedUp.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4A4C368A-3ED8-4047-971C-CCC4D59E0008}_is1 (Rogue.Antispy) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 8
C:\Users\************\Documents\PCSpeedUp (PUP.Optional.PCSpeedUp.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\************\Documents\PCSpeedUp\RestorePoints (PUP.Optional.PCSpeedUp.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\************\Documents\PCSpeedUp\ScanResults (PUP.Optional.PCSpeedUp.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\AntiSpy (Rogue.Antispy) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\************\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AntiSpy (Rogue.Antispy) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\************\AppData\Roaming\OpenCandy (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\************\AppData\Roaming\OpenCandy\5B525810D773422CBFF7A2B236AAD503 (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\************\AppData\Roaming\OpenCandy\OpenCandy_5B525810D773422CBFF7A2B236AAD503 (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateien: 12
C:\Program Files (x86)\PC Beschleunigen\PCSUHelper.dll (PUP.Optional.PCSpeedUp.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\************\Documents\PCSpeedUp\App.log (PUP.Optional.PCSpeedUp.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\************\Documents\PCSpeedUp\ScanResults\FragmentedDisksCollection.log (PUP.Optional.PCSpeedUp.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\************\Documents\PCSpeedUp\ScanResults\JunkFilesCollection.log (PUP.Optional.PCSpeedUp.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\AntiSpy\AntiSpy.chm (Rogue.Antispy) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\AntiSpy\antiSpy.exe (Rogue.Antispy) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\AntiSpy\unins000.dat (Rogue.Antispy) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\AntiSpy\unins000.exe (Rogue.Antispy) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\************\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AntiSpy\S.A.D. AntiSpy - Hilfe starten.lnk (Rogue.Antispy) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\************\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AntiSpy\S.A.D. AntiSpy entfernen.lnk (Rogue.Antispy) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\************\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AntiSpy\S.A.D. AntiSpy starten.lnk (Rogue.Antispy) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\************\AppData\Roaming\OpenCandy\5B525810D773422CBFF7A2B236AAD503\pcspeedup_oc.exe (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

... Logdatei vom AdwCleaner:

Code:

ATTFilter

# AdwCleaner v3.010 - Bericht erstellt am 24/10/2013 um 23:24:07
# Updated 20/10/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : *********** - ***********
# Gestartet von : C:\Users\***********\Desktop\adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****

Dienst Gelöscht : Application Updater
Dienst Gelöscht : pcsuservice

***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\boost_interprocess
Ordner Gelöscht : C:\ProgramData\Partner
Ordner Gelöscht : C:\Program Files (x86)\Application Updater
Ordner Gelöscht : C:\Program Files (x86)\pdfforge Toolbar
Ordner Gelöscht : C:\Program Files (x86)\Common Files\DVDVideoSoft\TB
Ordner Gelöscht : C:\Program Files (x86)\Common Files\spigot
Ordner Gelöscht : C:\Users\***********\AppData\LocalLow\pdfforge
Ordner Gelöscht : C:\Users\***********\AppData\LocalLow\Search Settings
Ordner Gelöscht : C:\Users\***********\AppData\Roaming\dvdvideosoftiehelpers

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [SearchSettings]
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_deluxe-pacman_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_deluxe-pacman_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{B922D405-6D13-4A2B-AE89-08A030DA4402}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{B922D405-6D13-4A2B-AE89-08A030DA4402}]
Schlüssel Gelöscht : HKCU\Software\pdfforge
Schlüssel Gelöscht : HKCU\Software\Search Settings
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\pdfforge
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Search Settings
Schlüssel Gelöscht : HKLM\Software\Application Updater
Schlüssel Gelöscht : HKLM\Software\pdfforge
Schlüssel Gelöscht : HKLM\Software\Search Settings

***** [ Browser ] *****

-\\ Internet Explorer v10.0.9200.16686


-\\ Mozilla Firefox v

-\\ Google Chrome v22.0.1229.95

[ Datei : C:\Users\***********\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [4654 octets] - [24/10/2013 23:22:25]
AdwCleaner[S0].txt - [4311 octets] - [24/10/2013 23:24:07]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4371 octets] ##########

...die Logfile von Junkware:

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.7 (10.15.2013:3)
OS: Windows 7 Home Premium x64
Ran by ************ on 24.10.2013 at 23:41:07,40
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\apntbmon



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{41564952-412D-5637-00A7-7A786E7484D7}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskInstallChecker-1_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskInstallChecker-1_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskInstallChecker-1_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskInstallChecker-1_RASMANCS



~~~ Files

Successfully deleted: [File] "C:\Windows\Tasks\wise registry cleaner schedule task.job"



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\apn"
Successfully deleted: [Folder] "C:\Users\************\AppData\Roaming\software informer"



~~~ Chrome

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\aaaaacalgebmfelllfiaoknifldpngjh



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 24.10.2013 at 23:46:36,60
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

... und schließlich die FRST:

FRST Logfile:

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-10-2013
Ran by ************ (administrator) on ************ on 25-10-2013 00:14:33
Running from C:\Users\************\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Check Point Software Technologies LTD) C:\Windows\SysWOW64\ZoneLabs\vsmon.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(APN LLC.) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
(AVM Berlin) C:\Program Files\FRITZ!DSL\IGDCTRL.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe
() C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
(Acer) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(VMLite, Inc.) C:\Program Files\VMLite\VMLite Workstation\VMLiteService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliType Pro\itype.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Tracker Software Products Ltd.) C:\Program Files (x86)\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe
(AVM Berlin) C:\Program Files\FRITZ!DSL\FwebProt.exe
(ZTE) C:\Program Files (x86)\congstar\Internet-Manager\Bin\mcserver.exe
(AVM Berlin) C:\Program Files\FRITZ!DSL\StCenter.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
() C:\Program Files (x86)\congstar\Internet-Manager\Bin\dbus-daemon.exe
() C:\Program Files (x86)\congstar\Internet-Manager\Bin\db_daemon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Check Point Software Technologies LTD) C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe
(Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Mindjet) C:\Program Files (x86)\Mindjet\MindManager 6\MmReminderService.exe
(GEKKO Software GmbH) C:\Program Files (x86)\Dictionary4Free\FreeDict.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [9913376 2009-12-29] (Realtek Semiconductor)
HKLM\...\Run: [mwlDaemon] - C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe [349480 2009-09-10] (Egis Technology Inc.)
HKLM\...\Run: [NvCplDaemon] - RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1890088 2009-12-10] (Synaptics Incorporated)
HKLM\...\Run: [Acer ePower Management] - C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [860192 2010-02-05] (Acer Incorporated)
HKLM\...\Run: [Windows Mobile Device Center] - C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [itype] - c:\Program Files\Microsoft IntelliType Pro\itype.exe [1873256 2011-08-10] (Microsoft Corporation)
HKCU\...\Run: [EPSON Stylus DX4000 Series] - C:\Windows\system32\spool\DRIVERS\x64\3\E_FATIBEE.EXE /FU "C:\Users\KAMPFL~1\AppData\Local\Temp\E_S72FE.tmp" /EF "HKCU"
HKCU\...\Run: [pdfSaver3] - C:\Program Files (x86)\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe [380928 2004-09-05] (Tracker Software Products Ltd.)
HKCU\...\Run: [ALBATTTOOL] - C:\Program Files (x86)\AkkuLine.de\AkkuLine Batterie-Tool\AL-Batterie-Tool.exe
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2009-12-24] (Intel Corporation)
HKLM-x32\...\Run: [EgisTecLiveUpdate] - C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe [199464 2009-08-04] (Egis Technology Inc.)
HKLM-x32\...\Run: [BackupManagerTray] - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [265984 2010-01-13] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [LManager] - C:\Program Files (x86)\Launch Manager\LManager.exe [1300560 2010-03-03] (Dritek System Inc.)
HKLM-x32\...\Run: [ZoneAlarm Client] - C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe [1043968 2010-06-28] (Check Point Software Technologies LTD)
HKLM-x32\...\Run: [GrooveMonitor] - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [VirtualCloneDrive] - C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [85160 2009-06-17] (Elaborate Bytes AG)
HKLM-x32\...\Run: [MMReminderService] - C:\Program Files (x86)\Mindjet\MindManager 6\MMReminderService.exe [31232 2006-04-03] (Mindjet)
HKLM-x32\...\Run: [Dictionary4Free] - C:\Program Files (x86)\Dictionary4Free\FreeDict.exe [1388544 2002-05-28] (GEKKO Software GmbH)
HKLM-x32\...\Run: [TkBellExe] - C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe [180269 2010-08-25] (RealNetworks, Inc.)
HKLM-x32\...\Run: [CorelDRAW Graphics Suite 11b] - C:\Program Files (x86)\Corel\Corel Graphics 12\Languages\DE\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=100710 serial=DR12CCF-3407797-WGW lang=DE
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\qttask.exe [98304 2010-10-20] (Apple Computer, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252296 2012-01-17] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [347192 2013-09-03] (Avira Operations GmbH & Co. KG)
HKU\Default\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [154144 2009-12-24] ()
HKU\Default User\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [154144 2009-12-24] ()
Startup: C:\Users\************\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FRITZ!DSL Startcenter.lnk
ShortcutTarget: FRITZ!DSL Startcenter.lnk -> C:\Program Files\FRITZ!DSL\StCenter.exe (AVM Berlin)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5741g&r=27360810j745l04c4z125t55k2k53p
SearchScopes: HKCU - {65EE1C2B-720E-4334-BC2A-EBD6AE10C21F} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=302398&p={searchTerms}
BHO: Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport_x64.dll (APN LLC.)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll No File
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: No Name - {41564952-412D-5637-00A7-7A786E7484D7} -  No File
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: CmjBrowserHelperObject Object - {AC41D38F-B56D-40AD-94E0-B493D130C959} - C:\Program Files (x86)\Mindjet\MindManager 6\Mm6InternetExplorer.dll (Mindjet)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll No File
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
Toolbar: HKLM - QT TabBar - {d2bf470e-ed1c-487f-a333-2bd8835eb6ce} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
Toolbar: HKLM - QT Tab Standard Buttons - {d2bf470e-ed1c-487f-a666-2bd8835eb6ce} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
Toolbar: HKLM - Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport_x64.dll (APN LLC.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM-x32 - No Name - {41564952-412D-5637-00A7-7A786E7484D7} -  No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll No File
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -  No File
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} -  No File
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} -  No File
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 07 C:\Program Files (x86)\FRITZ!DSL\\sarah.dll [28472] (AVM Berlin)
Winsock: Catalog5-x64 07 %ProgramFiles%\FRITZ!DSL\\sarah.dll [34104] (AVM Berlin)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_265.dll ()
FF Plugin: @java.com/DTPlugin,version=10.4.0 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.4.0 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.4.0 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.4.0 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nosltd.com/getPlus+(R),version=1.6.2.102 - C:\Program Files (x86)\NOS\bin\np_gp.dll (NOS Microsystems Ltd.)
FF Plugin-x32: @real.com/nppl3260;version=6.0.11.2027 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprjplug;version=1.0.2.2088 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpjplug;version=6.0.12.1040 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [ff-bmboc@bytemobile.com] - C:\Program Files (x86)\congstar\Internet-Manager\Bin\addon
FF Extension: Bytemobile Optimization Client - C:\Program Files (x86)\congstar\Internet-Manager\Bin\addon

Chrome: 
=======
CHR HomePage: hxxp://www.google.com/
CHR RestoreOnStartup:             "urls_to_restore_on_startup": [
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.95\PepperFlash\pepflashplayer.dll ()
CHR Extension: (YouTube) - C:\Users\******~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0
CHR Extension: (Google Search) - C:\Users\******~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0
CHR Extension: (Gmail) - C:\Users\******~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-09-03] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-09-03] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [815160 2013-09-03] (Avira Operations GmbH & Co. KG)
R2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [166352 2013-10-23] (APN LLC.)
S3 COMSysApp; C:\Windows\SysWow64\dllhost.exe [7168 2009-07-14] (Microsoft Corporation)
R2 IGDCTRL; C:\Program Files\FRITZ!DSL\IGDCTRL.EXE [88888 2009-07-28] (AVM Berlin)
S3 msiserver; C:\Windows\SysWow64\msiexec.exe [73216 2010-11-20] (Microsoft Corporation)
R2 MWLService; C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [305448 2009-09-10] (Egis Technology Inc.)
R2 NMSAccess; C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe [71096 2010-03-04] ()
S3 nosGetPlusHelper; C:\Program Files (x86)\NOS\bin\getPlus_Helper_3004.dll [53248 2011-03-29] (NOS Microsystems Ltd.)
R2 VMLiteService; C:\Program Files\VMLite\VMLite Workstation\VMLiteService.exe [426600 2010-08-21] (VMLite, Inc.)
R2 vsmon; C:\Windows\SysWOW64\ZoneLabs\vsmon.exe [2435592 2010-06-28] (Check Point Software Technologies LTD)
R2 WSearch; C:\Windows\SysWow64\SearchIndexer.exe [427520 2011-05-04] (Microsoft Corporation)
S2 McAfee SiteAdvisor Service; c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [x]

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [105344 2013-09-03] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132088 2013-09-03] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-08-05] (Avira Operations GmbH & Co. KG)
R0 BMLoad; C:\Windows\System32\drivers\BMLoad.sys [16512 2009-12-15] (Bytemobile, Inc.)
S3 HSPADataCardusbmdm; C:\Windows\System32\DRIVERS\HSPADataCardusbmdm.sys [122752 2011-08-19] (HSPADataCard Incorporated)
S3 HSPADataCardusbnmea; C:\Windows\System32\DRIVERS\HSPADataCardusbnmea.sys [122752 2011-08-19] (HSPADataCard Incorporated)
S3 HSPADataCardusbser; C:\Windows\System32\DRIVERS\HSPADataCardusbser.sys [122752 2011-08-19] (HSPADataCard Incorporated)
S3 MHIKEY10; C:\Windows\System32\Drivers\MHIKEY10x64.sys [59392 2010-04-09] (Generic USB smartcard reader)
S3 s0016bus; C:\Windows\System32\DRIVERS\s0016bus.sys [115240 2008-05-16] (MCCI Corporation)
S3 s0016mdfl; C:\Windows\System32\DRIVERS\s0016mdfl.sys [19496 2008-05-16] (MCCI Corporation)
S3 s0016mdm; C:\Windows\System32\DRIVERS\s0016mdm.sys [158760 2008-05-16] (MCCI Corporation)
S3 s0016mgmt; C:\Windows\System32\DRIVERS\s0016mgmt.sys [137256 2008-05-16] (MCCI Corporation)
S3 s0016nd5; C:\Windows\System32\DRIVERS\s0016nd5.sys [34344 2008-05-16] (MCCI Corporation)
S3 s0016obex; C:\Windows\System32\DRIVERS\s0016obex.sys [136744 2008-05-16] (MCCI Corporation)
S3 s0016unic; C:\Windows\System32\DRIVERS\s0016unic.sys [151592 2008-05-16] (MCCI Corporation)
S3 StarOpen; C:\Windows\System32\Drivers\StarOpen.sys [5504 2009-11-12] ()
S3 StarOpen; C:\Windows\SysWow64\Drivers\StarOpen.sys [7168 2009-11-12] ()
R1 tcpipBM; C:\Windows\system32\drivers\tcpipBM.sys [39552 2009-12-15] (Bytemobile, Inc.)
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-11-02] ()
S1 UimBus; C:\Windows\System32\DRIVERS\uimx64.sys [50768 2010-07-14] (Windows (R) 2000 DDK provider)
S1 Uim_IM; C:\Windows\System32\Drivers\Uim_IMx64.sys [566864 2010-07-14] (Paragon)
R3 usbhub; C:\Windows\SysWow64\Drivers\usbhub.sys [57600 2004-08-03] (Microsoft Corporation)
R1 VBoxDrv; C:\Windows\System32\drivers\VBoxDrv.sys [204328 2010-08-11] (VMLite, Inc.)
S3 VBoxNetAdp; C:\Windows\System32\DRIVERS\VBoxNetAdp.sys [146216 2010-08-11] (VMLite, Inc.)
R3 VBoxNetFlt; C:\Windows\System32\DRIVERS\VBoxNetFlt.sys [165800 2010-08-11] (VMLite, Inc.)
R1 vmlitedrv; C:\Windows\System32\drivers\vmlitedrv.sys [14952 2010-08-03] (VMLite, Inc.)
R3 vmlitestor; C:\Windows\System32\DRIVERS\vmlitestor.sys [177768 2010-08-11] (VMLite, Inc.)
S3 VMLiteUSB; C:\Windows\System32\Drivers\VMLiteUSB.sys [150120 2010-08-11] (VMLite, Inc.)
R1 VMLiteUSBMon; C:\Windows\System32\drivers\vmliteusbmon.sys [135272 2010-08-18] (VMLite, Inc.)
R1 Vsdatant; C:\Windows\System32\DRIVERS\vsdatant.sys [458840 2010-05-15] (Check Point Software Technologies LTD)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-10-24 23:46 - 2013-10-24 23:46 - 00001712 _____ C:\Users\************\Desktop\JRT.txt
2013-10-24 23:41 - 2013-10-24 23:41 - 00000000 ____D C:\Windows\ERUNT
2013-10-24 23:40 - 2013-10-24 22:32 - 01033335 _____ (Thisisu) C:\Users\************\Desktop\JRT.exe
2013-10-24 23:22 - 2013-10-24 23:24 - 00000000 ____D C:\AdwCleaner
2013-10-24 23:21 - 2013-10-24 22:29 - 01060070 _____ C:\Users\************\Desktop\adwcleaner.exe
2013-10-24 22:39 - 2013-10-24 22:39 - 00001113 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-10-24 22:39 - 2013-10-24 22:39 - 00000000 ____D C:\Users\************\AppData\Roaming\Malwarebytes
2013-10-24 22:39 - 2013-10-24 22:39 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-10-24 22:39 - 2013-10-24 22:39 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-10-24 22:39 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-10-23 23:10 - 2013-10-23 23:10 - 00000000 ____D C:\FRST
2013-10-23 19:06 - 2013-10-23 19:12 - 00023732 _____ C:\Users\************\Desktop\Erstes FRST.txt
2013-10-23 19:02 - 2013-10-23 19:06 - 00024968 _____ C:\Users\************\Desktop\Erstes Addition.txt
2013-10-23 18:25 - 2013-10-23 13:03 - 01954682 _____ (Farbar) C:\Users\************\Desktop\FRST64.exe
2013-09-30 21:56 - 2013-09-30 21:56 - 00001289 _____ C:\Users\************\Desktop\NZ-Collagebilder.lnk
2013-09-26 20:24 - 2013-09-26 20:36 - 00000000 ____D C:\Users\************\Desktop\Fotos

==================== One Month Modified Files and Folders =======

2013-10-25 00:08 - 2009-07-14 06:45 - 00009696 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-25 00:08 - 2009-07-14 06:45 - 00009696 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-25 00:04 - 2010-03-21 10:24 - 02032996 _____ C:\Windows\WindowsUpdate.log
2013-10-25 00:01 - 2010-08-23 20:37 - 01555206 _____ C:\Users\************\DesktopStCenter.txt
2013-10-25 00:00 - 2013-02-18 20:51 - 00001122 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-10-25 00:00 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-25 00:00 - 2009-07-14 06:51 - 00139243 _____ C:\Windows\setupact.log
2013-10-24 23:59 - 2010-08-23 21:16 - 00000000 ____D C:\Users\************\AppData\Roaming\FRITZ!
2013-10-24 23:58 - 2010-08-23 13:34 - 00000000 ___RD C:\Users\************\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-10-24 23:46 - 2013-10-24 23:46 - 00001712 _____ C:\Users\************\Desktop\JRT.txt
2013-10-24 23:41 - 2013-10-24 23:41 - 00000000 ____D C:\Windows\ERUNT
2013-10-24 23:24 - 2013-10-24 23:22 - 00000000 ____D C:\AdwCleaner
2013-10-24 23:24 - 2013-02-18 20:51 - 00001126 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-10-24 23:11 - 2010-03-21 19:16 - 00657910 _____ C:\Windows\system32\perfh007.dat
2013-10-24 23:11 - 2010-03-21 19:16 - 00131250 _____ C:\Windows\system32\perfc007.dat
2013-10-24 23:11 - 2009-07-14 07:13 - 01507342 _____ C:\Windows\system32\PerfStringBackup.INI
2013-10-24 23:04 - 2010-03-02 13:11 - 00880652 _____ C:\Windows\PFRO.log
2013-10-24 23:01 - 2011-12-25 22:55 - 00000000 ____D C:\Program Files (x86)\PC Beschleunigen
2013-10-24 22:42 - 2010-08-28 01:44 - 00000000 ____D C:\Users\************\AppData\Roaming\Mozilla
2013-10-24 22:40 - 2010-08-24 23:57 - 00003986 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{6C97ED24-156C-491D-A131-8DFBAECF877A}
2013-10-24 22:39 - 2013-10-24 22:39 - 00001113 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-10-24 22:39 - 2013-10-24 22:39 - 00000000 ____D C:\Users\************\AppData\Roaming\Malwarebytes
2013-10-24 22:39 - 2013-10-24 22:39 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-10-24 22:39 - 2013-10-24 22:39 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-10-24 22:32 - 2013-10-24 23:40 - 01033335 _____ (Thisisu) C:\Users\************\Desktop\JRT.exe
2013-10-24 22:29 - 2013-10-24 23:21 - 01060070 _____ C:\Users\************\Desktop\adwcleaner.exe
2013-10-23 23:10 - 2013-10-23 23:10 - 00000000 ____D C:\FRST
2013-10-23 19:12 - 2013-10-23 19:06 - 00023732 _____ C:\Users\************\Desktop\Erstes FRST.txt
2013-10-23 19:06 - 2013-10-23 19:02 - 00024968 _____ C:\Users\************\Desktop\Erstes Addition.txt
2013-10-23 14:30 - 2009-07-14 07:08 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-10-23 13:22 - 2010-08-23 13:32 - 00000000 ____D C:\Users\************
2013-10-23 13:03 - 2013-10-23 18:25 - 01954682 _____ (Farbar) C:\Users\************\Desktop\FRST64.exe
2013-10-03 13:14 - 2013-09-23 12:28 - 99014207 _____ C:\Windows\SysWOW64\ӼK
2013-10-01 15:14 - 2011-02-26 15:54 - 00000000 ____D C:\Program Files (x86)\ElsterFormular
2013-09-30 21:56 - 2013-09-30 21:56 - 00001289 _____ C:\Users\************\Desktop\NZ-Collagebilder.lnk
2013-09-30 20:35 - 2010-08-25 12:38 - 00000000 ____D C:\Program Files (x86)\VR-NetWorld
2013-09-29 13:07 - 2011-12-25 22:55 - 00000000 ____D C:\Users\************\AppData\Roaming\MyPhoneExplorer
2013-09-26 20:36 - 2013-09-26 20:24 - 00000000 ____D C:\Users\************\Desktop\Fotos

Some content of TEMP:
====================
C:\Users\************\AppData\Local\Temp\AskSLib.dll
C:\Users\************\AppData\Local\Temp\DevSetup32.dll
C:\Users\************\AppData\Local\Temp\DevSetup64.dll
C:\Users\************\AppData\Local\Temp\DriverInstall32.exe
C:\Users\************\AppData\Local\Temp\DriverInstall64.exe
C:\Users\************\AppData\Local\Temp\jucheck.exe
C:\Users\************\AppData\Local\Temp\Quarantine.exe
C:\Users\************\AppData\Local\Temp\SkypeSetup.exe
C:\Users\************\AppData\Local\Temp\_isAE2D.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-10-24 21:39

==================== End Of Log ============================

--- --- ---

--- --- ---

--- --- ---

Gibt's auch eine Lösung für diese Fehlermeldung, die schon vor dem Trojaner-Problem aufgetaucht ist:
Leider klappt das Bildeinfügen vom PC nicht:
"FritzDSLProtect ist fehlerhaft installiert. Möchten Sie dies korrigieren?
Anschließend ist ein Neustart des Computers erforderlich."
Wenn man "Ja" klickt löst es das Problem nicht. Meldung kommt bei jedem Start.
Vielen Dank!

schrauber · 25.10.2013, 11:02

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?

claro3 · 04.11.2013, 17:05

Hat jetzt ein wenig gedauert, aber jetzt geht's bei mir weiter:
ESET log (2 Funde):

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=8d3a66181ac7a44ebf7f5b531645c2a7
# engine=15739
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-11-04 01:40:40
# local_time=2013-11-04 02:40:40 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 94 34726 154200545 27503 0
# compatibility_mode=5893 16776574 100 94 7298138 135159090 0 0
# compatibility_mode=9217 16777214 75 66 100954146 105806470 0 0
# scanned=421769
# found=2
# cleaned=0
# scan_time=16172
sh=E04B00BF51BF125CA0C467B6990F885B87E85C73 ft=1 fh=8fe06c0da0ef107b vn="Win64/Disabler.A trojan" ac=I fn="C:\FRST\Quarantine\emqlv78.pss"
sh=2EB3F4F36A6215BCB2D8723CF2172127C3BFB7E2 ft=0 fh=0000000000000000 vn="a variant of Java/Exploit.CVE-2013-2465.CC trojan" ac=I fn="C:\Users\***************\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4\7237c604-600cefbb"

und vom Security Check:

Code:

ATTFilter

 Results of screen317's Security Check version 0.99.74  
 Windows 7 Service Pack 1 x64   
 Internet Explorer 10  
``````````````Antivirus/Firewall Check:`````````````` 
Avira Desktop   
 Antivirus up to date!  (On Access scanning disabled!) 
`````````Anti-malware/Other Utilities Check:````````` 
 CCleaner     
 Java(TM) 7 Update 4  
 Java version out of Date! 
 Adobe Flash Player 11.9.900.117  
 Adobe Reader 10.1.8 Adobe Reader out of Date!  
````````Process Check: objlist.exe by Laurent````````  
 Avira Antivir avgnt.exe 
 Avira Antivir avguard.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````

und FRST log:

FRST Logfile:

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 31-10-2013
Ran by ************** (administrator) on ************** on 04-11-2013 16:40:21
Running from C:\Users\**************\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Check Point Software Technologies LTD) C:\Windows\SysWOW64\ZoneLabs\vsmon.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(APN LLC.) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
(AVM Berlin) C:\Program Files\FRITZ!DSL\IGDCTRL.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe
() C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
(Acer) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(VMLite, Inc.) C:\Program Files\VMLite\VMLite Workstation\VMLiteService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliType Pro\itype.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Tracker Software Products Ltd.) C:\Program Files (x86)\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe
(AVM Berlin) C:\Program Files\FRITZ!DSL\FwebProt.exe
(ZTE) C:\Program Files (x86)\congstar\Internet-Manager\Bin\mcserver.exe
(AVM Berlin) C:\Program Files\FRITZ!DSL\StCenter.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Check Point Software Technologies LTD) C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Mindjet) C:\Program Files (x86)\Mindjet\MindManager 6\MmReminderService.exe
(GEKKO Software GmbH) C:\Program Files (x86)\Dictionary4Free\FreeDict.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
() C:\Program Files (x86)\congstar\Internet-Manager\Bin\dbus-daemon.exe
() C:\Program Files (x86)\congstar\Internet-Manager\Bin\db_daemon.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\system32\Macromed\Flash\FlashUtil64_11_8_800_175_ActiveX.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [9913376 2009-12-29] (Realtek Semiconductor)
HKLM\...\Run: [NvCplDaemon] - RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1890088 2009-12-10] (Synaptics Incorporated)
HKLM\...\Run: [Acer ePower Management] - C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [860192 2010-02-05] (Acer Incorporated)
HKLM\...\Run: [Windows Mobile Device Center] - C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [itype] - C:\Program Files\Microsoft IntelliType Pro\itype.exe [1873256 2011-08-10] (Microsoft Corporation)
HKCU\...\Run: [EPSON Stylus DX4000 Series] - C:\Windows\system32\spool\DRIVERS\x64\3\E_FATIBEE.EXE /FU "C:\Users\KAMPFL~1\AppData\Local\Temp\E_S72FE.tmp" /EF "HKCU"
HKCU\...\Run: [pdfSaver3] - C:\Program Files (x86)\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe [380928 2004-09-05] (Tracker Software Products Ltd.)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2009-12-24] (Intel Corporation)
HKLM-x32\...\Run: [EgisTecLiveUpdate] - C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe [199464 2009-08-04] (Egis Technology Inc.)
HKLM-x32\...\Run: [BackupManagerTray] - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [265984 2010-01-13] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [LManager] - C:\Program Files (x86)\Launch Manager\LManager.exe [1300560 2010-03-03] (Dritek System Inc.)
HKLM-x32\...\Run: [ZoneAlarm Client] - C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe [1043968 2010-06-28] (Check Point Software Technologies LTD)
HKLM-x32\...\Run: [GrooveMonitor] - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [MMReminderService] - C:\Program Files (x86)\Mindjet\MindManager 6\MmReminderService.exe [31232 2006-04-03] (Mindjet)
HKLM-x32\...\Run: [Dictionary4Free] - C:\Program Files (x86)\Dictionary4Free\FreeDict.exe [1388544 2002-05-27] (GEKKO Software GmbH)
HKLM-x32\...\Run: [TkBellExe] - C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe [180269 2010-08-25] (RealNetworks, Inc.)
HKLM-x32\...\Run: [CorelDRAW Graphics Suite 11b] - C:\Program Files (x86)\Corel\Corel Graphics 12\Languages\DE\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=100710 serial=DR12CCF-3407797-WGW lang=DE
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\qttask.exe [98304 2010-10-20] (Apple Computer, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252296 2012-01-17] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [347192 2013-09-03] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [VirtualCloneDrive] - C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG)
HKU\Default\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [154144 2009-12-24] ()
HKU\Default User\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [154144 2009-12-24] ()
Startup: C:\Users\**************\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FRITZ!DSL Startcenter.lnk
ShortcutTarget: FRITZ!DSL Startcenter.lnk -> C:\Program Files\FRITZ!DSL\StCenter.exe (AVM Berlin)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5741g&r=27360810j745l04c4z125t55k2k53p
SearchScopes: HKCU - {65EE1C2B-720E-4334-BC2A-EBD6AE10C21F} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=302398&p={searchTerms}
BHO: Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport_x64.dll (APN LLC.)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll No File
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: No Name - {41564952-412D-5637-00A7-7A786E7484D7} -  No File
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: CmjBrowserHelperObject Object - {AC41D38F-B56D-40AD-94E0-B493D130C959} - C:\Program Files (x86)\Mindjet\MindManager 6\Mm6InternetExplorer.dll (Mindjet)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll No File
Toolbar: HKLM - QT TabBar - {d2bf470e-ed1c-487f-a333-2bd8835eb6ce} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
Toolbar: HKLM - QT Tab Standard Buttons - {d2bf470e-ed1c-487f-a666-2bd8835eb6ce} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
Toolbar: HKLM - Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport_x64.dll (APN LLC.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM-x32 - No Name - {41564952-412D-5637-00A7-7A786E7484D7} -  No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll No File
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -  No File
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} -  No File
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} -  No File
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 07 C:\Program Files (x86)\FRITZ!DSL\\sarah.dll [28472] (AVM Berlin)
Winsock: Catalog5-x64 07 %ProgramFiles%\FRITZ!DSL\\sarah.dll [34104] (AVM Berlin)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()
FF Plugin: @java.com/DTPlugin,version=10.4.0 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.4.0 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.4.0 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.4.0 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=6.0.11.2027 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprjplug;version=1.0.2.2088 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpjplug;version=6.0.12.1040 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [ff-bmboc@bytemobile.com] - C:\Program Files (x86)\congstar\Internet-Manager\Bin\addon
FF Extension: Bytemobile Optimization Client - C:\Program Files (x86)\congstar\Internet-Manager\Bin\addon

Chrome: 
=======
CHR HomePage: hxxp://www.google.com/
CHR RestoreOnStartup: "hxxp://www.google.com/"
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.95\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.95\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.95\pdf.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
CHR Plugin: (Java(TM) Platform SE 7 U4) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Java Deployment Toolkit 7.0.40.22) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (getPlusPlus for Adobe 162102) - C:\Program Files (x86)\NOS\bin\np_gp.dll No File
CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
CHR Plugin: (Windows Live\u00AE Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File
CHR Extension: (YouTube) - C:\Users\**************~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\**************~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Gmail) - C:\Users\**************~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-09-03] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-09-03] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [815160 2013-09-03] (Avira Operations GmbH & Co. KG)
R2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [166352 2013-10-23] (APN LLC.)
R2 IGDCTRL; C:\Program Files\FRITZ!DSL\IGDCTRL.EXE [88888 2009-07-28] (AVM Berlin)
R2 MWLService; C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [305448 2009-09-10] (Egis Technology Inc.)
R2 NMSAccess; C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe [71096 2010-03-04] ()
R2 VMLiteService; C:\Program Files\VMLite\VMLite Workstation\VMLiteService.exe [426600 2010-08-21] (VMLite, Inc.)
R2 vsmon; C:\Windows\SysWOW64\ZoneLabs\vsmon.exe [2435592 2010-06-28] (Check Point Software Technologies LTD)
S2 McAfee SiteAdvisor Service; c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [x]

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [105344 2013-09-03] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132088 2013-09-03] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-08-05] (Avira Operations GmbH & Co. KG)
R0 BMLoad; C:\Windows\System32\drivers\BMLoad.sys [16512 2009-12-15] (Bytemobile, Inc.)
S3 HSPADataCardusbmdm; C:\Windows\System32\DRIVERS\HSPADataCardusbmdm.sys [122752 2011-08-19] (HSPADataCard Incorporated)
S3 HSPADataCardusbnmea; C:\Windows\System32\DRIVERS\HSPADataCardusbnmea.sys [122752 2011-08-19] (HSPADataCard Incorporated)
S3 HSPADataCardusbser; C:\Windows\System32\DRIVERS\HSPADataCardusbser.sys [122752 2011-08-19] (HSPADataCard Incorporated)
S3 MHIKEY10; C:\Windows\System32\Drivers\MHIKEY10x64.sys [59392 2010-04-09] (Generic USB smartcard reader)
S3 s0016bus; C:\Windows\System32\DRIVERS\s0016bus.sys [115240 2008-05-16] (MCCI Corporation)
S3 s0016mdfl; C:\Windows\System32\DRIVERS\s0016mdfl.sys [19496 2008-05-16] (MCCI Corporation)
S3 s0016mdm; C:\Windows\System32\DRIVERS\s0016mdm.sys [158760 2008-05-16] (MCCI Corporation)
S3 s0016mgmt; C:\Windows\System32\DRIVERS\s0016mgmt.sys [137256 2008-05-16] (MCCI Corporation)
S3 s0016nd5; C:\Windows\System32\DRIVERS\s0016nd5.sys [34344 2008-05-16] (MCCI Corporation)
S3 s0016obex; C:\Windows\System32\DRIVERS\s0016obex.sys [136744 2008-05-16] (MCCI Corporation)
S3 s0016unic; C:\Windows\System32\DRIVERS\s0016unic.sys [151592 2008-05-16] (MCCI Corporation)
S3 StarOpen; C:\Windows\System32\Drivers\StarOpen.sys [5504 2009-11-12] ()
S3 StarOpen; C:\Windows\SysWow64\Drivers\StarOpen.sys [7168 2009-11-12] ()
R1 tcpipBM; C:\Windows\system32\drivers\tcpipBM.sys [39552 2009-12-15] (Bytemobile, Inc.)
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-11-02] ()
S1 UimBus; C:\Windows\System32\DRIVERS\uimx64.sys [50768 2010-07-14] (Windows (R) 2000 DDK provider)
S1 Uim_IM; C:\Windows\System32\Drivers\Uim_IMx64.sys [566864 2010-07-14] (Paragon)
R3 usbehci; C:\Windows\SysWow64\drivers\usbehci.sys [26624 2004-08-03] (Microsoft Corporation)
R3 usbhub; C:\Windows\SysWow64\DRIVERS\usbhub.sys [57600 2004-08-03] (Microsoft Corporation)
S3 usbuhci; C:\Windows\SysWow64\drivers\usbuhci.sys [20480 2004-08-03] (Microsoft Corporation)
R1 VBoxDrv; C:\Windows\System32\drivers\VBoxDrv.sys [204328 2010-08-11] (VMLite, Inc.)
S3 VBoxNetAdp; C:\Windows\System32\DRIVERS\VBoxNetAdp.sys [146216 2010-08-11] (VMLite, Inc.)
R3 VBoxNetFlt; C:\Windows\System32\DRIVERS\VBoxNetFlt.sys [165800 2010-08-11] (VMLite, Inc.)
R1 vmlitedrv; C:\Windows\System32\drivers\vmlitedrv.sys [14952 2010-08-03] (VMLite, Inc.)
R3 vmlitestor; C:\Windows\System32\DRIVERS\vmlitestor.sys [177768 2010-08-11] (VMLite, Inc.)
S3 VMLiteUSB; C:\Windows\System32\Drivers\VMLiteUSB.sys [150120 2010-08-11] (VMLite, Inc.)
R1 VMLiteUSBMon; C:\Windows\System32\drivers\vmliteusbmon.sys [135272 2010-08-18] (VMLite, Inc.)
R1 Vsdatant; C:\Windows\System32\DRIVERS\vsdatant.sys [458840 2010-05-15] (Check Point Software Technologies LTD)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-11-04 16:35 - 2013-11-04 16:35 - 01957098 _____ (Farbar) C:\Users\**************\Desktop\FRST64.exe
2013-11-04 12:46 - 2013-11-04 12:46 - 00000848 _____ C:\Users\**************\Desktop\checkup.txt
2013-11-04 12:27 - 2013-11-04 12:27 - 00000090 _____ C:\Users\**************\Desktop\Link.txt
2013-11-03 20:45 - 2013-11-03 20:43 - 00891167 _____ C:\Users\**************\Desktop\SecurityCheck.exe
2013-11-03 20:44 - 2013-11-03 20:42 - 02347384 _____ (ESET) C:\Users\**************\Desktop\esetsmartinstaller_enu.exe
2013-11-03 18:33 - 2013-09-23 00:28 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-11-03 18:33 - 2013-09-23 00:28 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-11-03 18:33 - 2013-09-23 00:27 - 14335488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-11-03 18:33 - 2013-09-23 00:27 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-11-03 18:33 - 2013-09-23 00:27 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-11-03 18:33 - 2013-09-23 00:27 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-11-03 18:33 - 2013-09-23 00:27 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-11-03 18:33 - 2013-09-23 00:27 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-11-03 18:33 - 2013-09-23 00:27 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-11-03 18:33 - 2013-09-23 00:27 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-11-03 18:33 - 2013-09-23 00:27 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-11-03 18:33 - 2013-09-23 00:27 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-11-03 18:33 - 2013-09-23 00:27 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-11-03 18:33 - 2013-09-22 23:55 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-11-03 18:33 - 2013-09-22 23:55 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-11-03 18:33 - 2013-09-22 23:55 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-11-03 18:33 - 2013-09-22 23:54 - 19252224 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-11-03 18:33 - 2013-09-22 23:54 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-11-03 18:33 - 2013-09-22 23:54 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-11-03 18:33 - 2013-09-22 23:54 - 02647552 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-11-03 18:33 - 2013-09-22 23:54 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-11-03 18:33 - 2013-09-22 23:54 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-11-03 18:33 - 2013-09-22 23:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-11-03 18:33 - 2013-09-22 23:54 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-11-03 18:33 - 2013-09-22 23:54 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-11-03 18:33 - 2013-09-22 23:54 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-11-03 18:33 - 2013-09-22 23:54 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-11-03 18:33 - 2013-09-21 04:38 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-11-03 18:33 - 2013-09-21 04:30 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-11-03 18:33 - 2013-09-21 03:48 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-11-03 18:33 - 2013-09-21 03:39 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-11-03 18:09 - 2013-09-14 02:10 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-11-03 18:09 - 2013-09-08 03:30 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-11-03 18:09 - 2013-09-08 03:27 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2013-11-03 18:09 - 2013-09-08 03:03 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2013-11-03 18:09 - 2013-08-29 03:17 - 05549504 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-11-03 18:09 - 2013-08-29 03:16 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-11-03 18:09 - 2013-08-29 03:16 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2013-11-03 18:09 - 2013-08-29 03:16 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-11-03 18:09 - 2013-08-29 03:13 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2013-11-03 18:09 - 2013-08-29 02:51 - 03969472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-11-03 18:09 - 2013-08-29 02:51 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-11-03 18:09 - 2013-08-29 02:50 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-11-03 18:09 - 2013-08-29 02:50 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2013-11-03 18:09 - 2013-08-29 02:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-11-03 18:09 - 2013-08-29 02:48 - 00640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2013-11-03 18:09 - 2013-08-29 01:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-11-03 18:09 - 2013-08-29 01:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-11-03 18:09 - 2013-08-29 01:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-11-03 18:09 - 2013-08-29 01:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-11-03 18:09 - 2013-08-28 02:21 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-11-03 18:09 - 2013-08-28 02:12 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2013-11-03 18:09 - 2013-07-12 11:41 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbvideo.sys
2013-11-03 18:09 - 2013-07-12 11:41 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys
2013-11-03 18:09 - 2013-07-12 11:40 - 00109824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBAUDIO.sys
2013-11-03 18:09 - 2013-07-04 13:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2013-11-03 18:09 - 2013-07-04 13:50 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2013-11-03 18:09 - 2013-07-04 13:50 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2013-11-03 18:09 - 2013-07-04 12:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2013-11-03 18:09 - 2013-07-04 12:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2013-11-03 18:09 - 2013-07-04 12:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2013-11-03 18:09 - 2013-07-04 11:11 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2013-11-03 18:09 - 2013-07-03 05:40 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbscan.sys
2013-11-03 18:09 - 2013-07-03 05:05 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2013-11-03 18:09 - 2013-07-03 05:05 - 00032896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2013-11-03 18:09 - 2013-06-25 23:55 - 00785624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2013-11-03 18:09 - 2013-06-06 06:50 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2013-11-03 18:09 - 2013-06-06 06:49 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2013-11-03 18:09 - 2013-06-06 06:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2013-11-03 18:09 - 2013-06-06 06:47 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2013-11-03 18:09 - 2013-06-06 05:57 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2013-11-03 18:09 - 2013-06-06 05:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2013-11-03 18:09 - 2013-06-06 05:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2013-11-03 18:09 - 2013-06-06 04:30 - 00368128 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2013-11-03 18:09 - 2013-06-06 04:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2013-11-03 18:09 - 2013-06-06 04:01 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2013-11-03 18:08 - 2013-08-01 13:09 - 00983488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2013-11-03 18:08 - 2013-07-20 11:33 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-11-03 18:08 - 2013-07-20 11:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2013-11-03 11:51 - 2013-11-03 18:02 - 104814100 _____ C:\Windows\SysWOW64\�榆”
2013-11-02 18:48 - 2013-11-02 18:48 - 00003074 _____ C:\Windows\System32\Tasks\{9C35EBFE-B845-4439-8663-9E09A8BCEE71}
2013-11-02 18:47 - 2013-11-02 18:47 - 00003074 _____ C:\Windows\System32\Tasks\{3487B000-380F-4D21-A99D-67AFFC99B273}
2013-11-02 18:46 - 2013-11-02 18:46 - 00003338 _____ C:\Windows\System32\Tasks\{C3504938-3CDE-4CC0-8F9B-EB05EEE22097}
2013-11-02 18:34 - 2013-11-04 16:21 - 00000392 _____ C:\Windows\setupact.log
2013-11-02 18:34 - 2013-11-02 18:34 - 00000000 _____ C:\Windows\setuperr.log
2013-11-02 17:20 - 2013-11-02 17:20 - 104684788 _____ C:\Windows\SysWOW64\핅๯
2013-11-02 14:02 - 2013-11-02 16:26 - 00000000 ____D C:\Users\**************\AppData\Roaming\Systweak
2013-11-02 14:02 - 2013-05-27 16:01 - 00020312 _____ (Systweak Inc., (www.systweak.com)) C:\Windows\system32\roboot64.exe
2013-11-02 12:48 - 2013-11-02 12:48 - 00000000 ____D C:\ProgramData\EgisTec
2013-11-02 12:39 - 2013-11-02 12:39 - 00000000 ____D C:\Users\**************\AppData\Roaming\InstallShield
2013-11-02 11:49 - 2013-11-02 11:50 - 00000000 ____D C:\Users\**************\AppData\Local\.elfohilfe
2013-11-02 00:05 - 2013-11-02 00:05 - 104569497 _____ C:\Windows\SysWOW64\墅勶œ
2013-10-24 22:41 - 2013-10-24 22:41 - 00000000 ____D C:\Windows\ERUNT
2013-10-24 22:22 - 2013-10-24 22:24 - 00000000 ____D C:\AdwCleaner
2013-10-24 21:39 - 2013-10-24 21:39 - 00000000 ____D C:\Users\**************\AppData\Roaming\Malwarebytes
2013-10-24 21:39 - 2013-10-24 21:39 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-10-23 22:10 - 2013-10-23 22:10 - 00000000 ____D C:\FRST

==================== One Month Modified Files and Folders =======

2013-11-04 16:35 - 2013-11-04 16:35 - 01957098 _____ (Farbar) C:\Users\**************\Desktop\FRST64.exe
2013-11-04 16:29 - 2009-07-14 05:45 - 00009696 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-04 16:29 - 2009-07-14 05:45 - 00009696 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-04 16:24 - 2013-02-18 19:51 - 00001126 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-11-04 16:24 - 2010-08-23 20:16 - 00000000 ____D C:\Users\**************\AppData\Roaming\FRITZ!
2013-11-04 16:24 - 2010-08-23 19:37 - 01561253 _____ C:\Users\**************\DesktopStCenter.txt
2013-11-04 16:22 - 2013-02-18 19:51 - 00001122 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-11-04 16:22 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-11-04 16:21 - 2013-11-02 18:34 - 00000392 _____ C:\Windows\setupact.log
2013-11-04 16:21 - 2010-03-21 09:24 - 01498349 _____ C:\Windows\WindowsUpdate.log
2013-11-04 12:46 - 2013-11-04 12:46 - 00000848 _____ C:\Users\**************\Desktop\checkup.txt
2013-11-04 12:27 - 2013-11-04 12:27 - 00000090 _____ C:\Users\**************\Desktop\Link.txt
2013-11-04 03:45 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2013-11-03 21:17 - 2010-03-21 18:16 - 00657910 _____ C:\Windows\system32\perfh007.dat
2013-11-03 21:17 - 2010-03-21 18:16 - 00131250 _____ C:\Windows\system32\perfc007.dat
2013-11-03 21:17 - 2009-07-14 06:13 - 01507342 _____ C:\Windows\system32\PerfStringBackup.INI
2013-11-03 21:07 - 2010-08-23 20:59 - 00000000 ____D C:\Users\**************\Documents\FalkData
2013-11-03 20:43 - 2013-11-03 20:45 - 00891167 _____ C:\Users\**************\Desktop\SecurityCheck.exe
2013-11-03 20:42 - 2013-11-03 20:44 - 02347384 _____ (ESET) C:\Users\**************\Desktop\esetsmartinstaller_enu.exe
2013-11-03 20:21 - 2010-08-24 22:57 - 00003986 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{6C97ED24-156C-491D-A131-8DFBAECF877A}
2013-11-03 18:40 - 2012-05-18 11:03 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-11-03 18:40 - 2012-05-18 11:03 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-11-03 18:40 - 2009-07-14 05:45 - 00447720 _____ C:\Windows\system32\FNTCACHE.DAT
2013-11-03 18:35 - 2010-03-02 11:55 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-11-03 18:25 - 2013-08-14 20:28 - 00000000 ____D C:\Windows\system32\MRT
2013-11-03 18:22 - 2010-08-23 19:45 - 80541720 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-11-03 18:02 - 2013-11-03 11:51 - 104814100 _____ C:\Windows\SysWOW64\�榆”
2013-11-02 18:48 - 2013-11-02 18:48 - 00003074 _____ C:\Windows\System32\Tasks\{9C35EBFE-B845-4439-8663-9E09A8BCEE71}
2013-11-02 18:47 - 2013-11-02 18:47 - 00003074 _____ C:\Windows\System32\Tasks\{3487B000-380F-4D21-A99D-67AFFC99B273}
2013-11-02 18:46 - 2013-11-02 18:46 - 00003338 _____ C:\Windows\System32\Tasks\{C3504938-3CDE-4CC0-8F9B-EB05EEE22097}
2013-11-02 18:34 - 2013-11-02 18:34 - 00000000 _____ C:\Windows\setuperr.log
2013-11-02 17:23 - 2011-03-23 22:43 - 00000000 ____D C:\Windows\Minidump
2013-11-02 17:23 - 2010-09-26 12:20 - 00000000 ____D C:\Users\**************\AppData\Roaming\Media Player Classic
2013-11-02 17:23 - 2010-08-24 22:51 - 00000000 ____D C:\Users\**************\AppData\Roaming\Winamp
2013-11-02 17:20 - 2013-11-02 17:20 - 104684788 _____ C:\Windows\SysWOW64\핅๯
2013-11-02 16:40 - 2011-02-23 18:34 - 00000000 ____D C:\Program Files\Desk Drive
2013-11-02 16:26 - 2013-11-02 14:02 - 00000000 ____D C:\Users\**************\AppData\Roaming\Systweak
2013-11-02 12:48 - 2013-11-02 12:48 - 00000000 ____D C:\ProgramData\EgisTec
2013-11-02 12:41 - 2010-08-23 20:40 - 00000000 ____D C:\Program Files (x86)\Elaborate Bytes
2013-11-02 12:40 - 2010-03-02 11:40 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-11-02 12:39 - 2013-11-02 12:39 - 00000000 ____D C:\Users\**************\AppData\Roaming\InstallShield
2013-11-02 12:37 - 2010-08-25 12:14 - 00000000 ____D C:\ProgramData\Sony Ericsson
2013-11-02 12:37 - 2010-08-25 12:14 - 00000000 ____D C:\Program Files (x86)\Sony Ericsson
2013-11-02 12:05 - 2011-12-25 21:55 - 00000000 ____D C:\Program Files (x86)\PC Beschleunigen
2013-11-02 12:03 - 2010-08-25 13:52 - 00000228 _____ C:\Windows\holdemg.ini
2013-11-02 11:59 - 2010-03-02 12:07 - 00001024 ___RH C:\Users\Public\Documents\NTIMP3.dll
2013-11-02 11:51 - 2010-03-02 12:03 - 00000000 ____D C:\Program Files (x86)\Google
2013-11-02 11:50 - 2013-11-02 11:49 - 00000000 ____D C:\Users\**************\AppData\Local\.elfohilfe
2013-11-02 00:21 - 2012-05-24 21:59 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-11-02 00:21 - 2012-05-20 23:27 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-11-02 00:05 - 2013-11-02 00:05 - 104569497 _____ C:\Windows\SysWOW64\墅勶œ
2013-10-24 22:58 - 2010-08-23 12:34 - 00000000 ___RD C:\Users\**************\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-10-24 22:41 - 2013-10-24 22:41 - 00000000 ____D C:\Windows\ERUNT
2013-10-24 22:24 - 2013-10-24 22:22 - 00000000 ____D C:\AdwCleaner
2013-10-24 21:42 - 2010-08-28 00:44 - 00000000 ____D C:\Users\**************\AppData\Roaming\Mozilla
2013-10-24 21:39 - 2013-10-24 21:39 - 00000000 ____D C:\Users\**************\AppData\Roaming\Malwarebytes
2013-10-24 21:39 - 2013-10-24 21:39 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-10-23 22:10 - 2013-10-23 22:10 - 00000000 ____D C:\FRST
2013-10-23 13:30 - 2009-07-14 06:08 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-10-23 12:22 - 2010-08-23 12:32 - 00000000 ____D C:\Users\**************

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-11-01 12:30

==================== End Of Log ============================

--- --- ---

--- --- ---

--- --- ---

Das zuletzt beschriebene Problem ist gelöst. (Nachtrag: Die Meldung kam jetzt mehrmals beim Starten nicht mehr. Hab jetzt Win-Updates gemacht und beim letzten Start, und eben gleich nochmals, kam diese Meldung wieder!)
Dafür wenn ich eine E-Mail in MS-Outlook 2007 erhalte mit einem Link und ich darauf klicke, öffnet sich nicht die entsprechende Internetseite, sondern kommt folgende Meldung (Benutzer=Administrator):
"Dieser Vorgang wurde wegen Beschränkungen auf dem Computer abgebrochen. Bitte wenden Sie sich an den Systemadministrator."
Und ich kann nur "OK" anklicken.

Und was ist mit den 2 Funden (ESET)?
Vielen Dank schon mal!

schrauber · 05.11.2013, 12:26

Ein Fund ist schon in Quarantäne, einer im java cache, das machen wir jetzt:

Downloade Dir bitte TFC ( von Oldtimer ) und speichere die Datei auf dem Desktop.
Schließe nun alle offenen Programme und trenne Dich von dem Internet.
Doppelklick auf die TFC.exe und drücke auf Start.
Sollte TFC nicht alle Dateien löschen können wird es einen Neustart verlangen. Dies bitte zulassen.

Java und Adobe updaten.

Öffne mal bitte FRST, setz nen Haken bei Additional und scanne, poste beide Logfiles. Ist das mit Outlook das einzige noch bestehende Problem?

claro3 · 05.11.2013, 15:30

Nein, beide Probleme bestehen noch .- also das Outlook-Problem mit den Links und das hier schon mal so Beschriebene:
"Gibt's auch eine Lösung für diese Fehlermeldung, die schon vor dem Trojaner-Problem aufgetaucht ist:
Leider klappt das Bildeinfügen vom PC nicht:
"FritzDSLProtect ist fehlerhaft installiert. Möchten Sie dies korrigieren?
Anschließend ist ein Neustart des Computers erforderlich."
Wenn man "Ja" klickt löst es das Problem nicht. Meldung kommt bei jedem Start."

Zum manuellen updaten von Adobe (vermutlich Flash Player? - Reader ist aktuell) und Java brauche ich bitte Instruktion - normalerweise kommt eine Benachrichtigung am PC.

Naja und nach den ersten zwei Schritten hier kam mir vor, dass er schneller gestartet ist und schneller gearbeitet hat. Jetzt ist wieder das typische wie nach mehreren Windows-updates: Startet langsamer und arbeitet viel im Hintergrund (Lüfter läuft viel, obwohl Prozessorauslastung laut Task-Manager unter 10 %).

Hier schon mal die Logfiles zu den letzten Schritten:

Code:

ATTFilter

Getting user folders.
 
Stopping running processes.
 
Emptying Temp folders.
 
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: ************
->Temp folder emptied: 8869222 bytes
->Temporary Internet Files folder emptied: 107628805 bytes
->Java cache emptied: 548246 bytes
->Google Chrome cache emptied: 32458988 bytes
->Flash cache emptied: 46812 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 88205490 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 3497480 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 755 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67759 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 751 bytes
 
Emptying RecycleBin. Do not interrupt.
 
RecycleBin emptied: 0 bytes
Process complete!
 
Total Files Cleaned = 230,00 mb

FRST:

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 31-10-2013
Ran by ************* (administrator) on ************* on 05-11-2013 14:51:22
Running from C:\Users\*************\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Check Point Software Technologies LTD) C:\Windows\SysWOW64\ZoneLabs\vsmon.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(APN LLC.) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
(AVM Berlin) C:\Program Files\FRITZ!DSL\IGDCTRL.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe
() C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
(Acer) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(VMLite, Inc.) C:\Program Files\VMLite\VMLite Workstation\VMLiteService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliType Pro\itype.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(AVM Berlin) C:\Program Files\FRITZ!DSL\FwebProt.exe
(AVM Berlin) C:\Program Files\FRITZ!DSL\StCenter.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Check Point Software Technologies LTD) C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Adobe Systems Incorporated) C:\Windows\system32\Macromed\Flash\FlashUtil64_11_8_800_175_ActiveX.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [9913376 2009-12-29] (Realtek Semiconductor)
HKLM\...\Run: [NvCplDaemon] - RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1890088 2009-12-10] (Synaptics Incorporated)
HKLM\...\Run: [Acer ePower Management] - C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [860192 2010-02-05] (Acer Incorporated)
HKLM\...\Run: [Windows Mobile Device Center] - C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [itype] - C:\Program Files\Microsoft IntelliType Pro\itype.exe [1873256 2011-08-10] (Microsoft Corporation)
HKCU\...\Run: [EPSON Stylus DX4000 Series] - C:\Windows\system32\spool\DRIVERS\x64\3\E_FATIBEE.EXE /FU "C:\Users\KAMPFL~1\AppData\Local\Temp\E_S72FE.tmp" /EF "HKCU"
HKCU\...\Run: [pdfSaver3] - C:\Program Files (x86)\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe [380928 2004-09-05] (Tracker Software Products Ltd.)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2009-12-24] (Intel Corporation)
HKLM-x32\...\Run: [EgisTecLiveUpdate] - C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe [199464 2009-08-04] (Egis Technology Inc.)
HKLM-x32\...\Run: [BackupManagerTray] - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [265984 2010-01-13] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [LManager] - C:\Program Files (x86)\Launch Manager\LManager.exe [1300560 2010-03-03] (Dritek System Inc.)
HKLM-x32\...\Run: [ZoneAlarm Client] - C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe [1043968 2010-06-28] (Check Point Software Technologies LTD)
HKLM-x32\...\Run: [GrooveMonitor] - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [MMReminderService] - C:\Program Files (x86)\Mindjet\MindManager 6\MmReminderService.exe [31232 2006-04-03] (Mindjet)
HKLM-x32\...\Run: [Dictionary4Free] - C:\Program Files (x86)\Dictionary4Free\FreeDict.exe [1388544 2002-05-27] (GEKKO Software GmbH)
HKLM-x32\...\Run: [TkBellExe] - C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe [180269 2010-08-25] (RealNetworks, Inc.)
HKLM-x32\...\Run: [CorelDRAW Graphics Suite 11b] - C:\Program Files (x86)\Corel\Corel Graphics 12\Languages\DE\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=100710 serial=DR12CCF-3407797-WGW lang=DE
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\qttask.exe [98304 2010-10-20] (Apple Computer, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252296 2012-01-17] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [347192 2013-09-03] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [VirtualCloneDrive] - C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG)
HKU\Default\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [154144 2009-12-24] ()
HKU\Default User\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [154144 2009-12-24] ()
Startup: C:\Users\*************\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FRITZ!DSL Startcenter.lnk
ShortcutTarget: FRITZ!DSL Startcenter.lnk -> C:\Program Files\FRITZ!DSL\StCenter.exe (AVM Berlin)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5741g&r=27360810j745l04c4z125t55k2k53p
SearchScopes: HKCU - {65EE1C2B-720E-4334-BC2A-EBD6AE10C21F} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=302398&p={searchTerms}
BHO: Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport_x64.dll (APN LLC.)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll No File
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: No Name - {41564952-412D-5637-00A7-7A786E7484D7} -  No File
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: CmjBrowserHelperObject Object - {AC41D38F-B56D-40AD-94E0-B493D130C959} - C:\Program Files (x86)\Mindjet\MindManager 6\Mm6InternetExplorer.dll (Mindjet)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll No File
Toolbar: HKLM - QT TabBar - {d2bf470e-ed1c-487f-a333-2bd8835eb6ce} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
Toolbar: HKLM - QT Tab Standard Buttons - {d2bf470e-ed1c-487f-a666-2bd8835eb6ce} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
Toolbar: HKLM - Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport_x64.dll (APN LLC.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM-x32 - No Name - {41564952-412D-5637-00A7-7A786E7484D7} -  No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll No File
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -  No File
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} -  No File
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} -  No File
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 07 C:\Program Files (x86)\FRITZ!DSL\\sarah.dll [28472] (AVM Berlin)
Winsock: Catalog5-x64 07 %ProgramFiles%\FRITZ!DSL\\sarah.dll [34104] (AVM Berlin)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()
FF Plugin: @java.com/DTPlugin,version=10.4.0 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.4.0 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.4.0 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.4.0 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=6.0.11.2027 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprjplug;version=1.0.2.2088 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpjplug;version=6.0.12.1040 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [ff-bmboc@bytemobile.com] - C:\Program Files (x86)\congstar\Internet-Manager\Bin\addon
FF Extension: Bytemobile Optimization Client - C:\Program Files (x86)\congstar\Internet-Manager\Bin\addon

Chrome: 
=======
CHR HomePage: hxxp://www.google.com/
CHR RestoreOnStartup: "hxxp://www.google.com/"
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.95\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.95\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.95\pdf.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
CHR Plugin: (Java(TM) Platform SE 7 U4) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Java Deployment Toolkit 7.0.40.22) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (getPlusPlus for Adobe 162102) - C:\Program Files (x86)\NOS\bin\np_gp.dll No File
CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
CHR Plugin: (Windows Live\u00AE Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File
CHR Extension: (YouTube) - C:\Users\*******~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\******~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Gmail) - C:\Users\********~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-09-03] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-09-03] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [815160 2013-09-03] (Avira Operations GmbH & Co. KG)
R2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [166352 2013-10-23] (APN LLC.)
R2 IGDCTRL; C:\Program Files\FRITZ!DSL\IGDCTRL.EXE [88888 2009-07-28] (AVM Berlin)
R2 MWLService; C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [305448 2009-09-10] (Egis Technology Inc.)
R2 NMSAccess; C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe [71096 2010-03-04] ()
R2 VMLiteService; C:\Program Files\VMLite\VMLite Workstation\VMLiteService.exe [426600 2010-08-21] (VMLite, Inc.)
R2 vsmon; C:\Windows\SysWOW64\ZoneLabs\vsmon.exe [2435592 2010-06-28] (Check Point Software Technologies LTD)
S2 McAfee SiteAdvisor Service; c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [x]

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [105344 2013-09-03] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132088 2013-09-03] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-08-05] (Avira Operations GmbH & Co. KG)
R0 BMLoad; C:\Windows\System32\drivers\BMLoad.sys [16512 2009-12-15] (Bytemobile, Inc.)
S3 HSPADataCardusbmdm; C:\Windows\System32\DRIVERS\HSPADataCardusbmdm.sys [122752 2011-08-19] (HSPADataCard Incorporated)
S3 HSPADataCardusbnmea; C:\Windows\System32\DRIVERS\HSPADataCardusbnmea.sys [122752 2011-08-19] (HSPADataCard Incorporated)
S3 HSPADataCardusbser; C:\Windows\System32\DRIVERS\HSPADataCardusbser.sys [122752 2011-08-19] (HSPADataCard Incorporated)
S3 MHIKEY10; C:\Windows\System32\Drivers\MHIKEY10x64.sys [59392 2010-04-09] (Generic USB smartcard reader)
S3 s0016bus; C:\Windows\System32\DRIVERS\s0016bus.sys [115240 2008-05-16] (MCCI Corporation)
S3 s0016mdfl; C:\Windows\System32\DRIVERS\s0016mdfl.sys [19496 2008-05-16] (MCCI Corporation)
S3 s0016mdm; C:\Windows\System32\DRIVERS\s0016mdm.sys [158760 2008-05-16] (MCCI Corporation)
S3 s0016mgmt; C:\Windows\System32\DRIVERS\s0016mgmt.sys [137256 2008-05-16] (MCCI Corporation)
S3 s0016nd5; C:\Windows\System32\DRIVERS\s0016nd5.sys [34344 2008-05-16] (MCCI Corporation)
S3 s0016obex; C:\Windows\System32\DRIVERS\s0016obex.sys [136744 2008-05-16] (MCCI Corporation)
S3 s0016unic; C:\Windows\System32\DRIVERS\s0016unic.sys [151592 2008-05-16] (MCCI Corporation)
S3 StarOpen; C:\Windows\System32\Drivers\StarOpen.sys [5504 2009-11-12] ()
S3 StarOpen; C:\Windows\SysWow64\Drivers\StarOpen.sys [7168 2009-11-12] ()
R1 tcpipBM; C:\Windows\system32\drivers\tcpipBM.sys [39552 2009-12-15] (Bytemobile, Inc.)
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-11-02] ()
S1 UimBus; C:\Windows\System32\DRIVERS\uimx64.sys [50768 2010-07-14] (Windows (R) 2000 DDK provider)
S1 Uim_IM; C:\Windows\System32\Drivers\Uim_IMx64.sys [566864 2010-07-14] (Paragon)
R3 usbehci; C:\Windows\SysWow64\drivers\usbehci.sys [26624 2004-08-03] (Microsoft Corporation)
R3 usbhub; C:\Windows\SysWow64\DRIVERS\usbhub.sys [57600 2004-08-03] (Microsoft Corporation)
S3 usbuhci; C:\Windows\SysWow64\drivers\usbuhci.sys [20480 2004-08-03] (Microsoft Corporation)
R1 VBoxDrv; C:\Windows\System32\drivers\VBoxDrv.sys [204328 2010-08-11] (VMLite, Inc.)
S3 VBoxNetAdp; C:\Windows\System32\DRIVERS\VBoxNetAdp.sys [146216 2010-08-11] (VMLite, Inc.)
R3 VBoxNetFlt; C:\Windows\System32\DRIVERS\VBoxNetFlt.sys [165800 2010-08-11] (VMLite, Inc.)
R1 vmlitedrv; C:\Windows\System32\drivers\vmlitedrv.sys [14952 2010-08-03] (VMLite, Inc.)
R3 vmlitestor; C:\Windows\System32\DRIVERS\vmlitestor.sys [177768 2010-08-11] (VMLite, Inc.)
S3 VMLiteUSB; C:\Windows\System32\Drivers\VMLiteUSB.sys [150120 2010-08-11] (VMLite, Inc.)
R1 VMLiteUSBMon; C:\Windows\System32\drivers\vmliteusbmon.sys [135272 2010-08-18] (VMLite, Inc.)
R1 Vsdatant; C:\Windows\System32\DRIVERS\vsdatant.sys [458840 2010-05-15] (Check Point Software Technologies LTD)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-11-05 14:44 - 2013-11-05 14:43 - 00448512 _____ (OldTimer Tools) C:\Users\*************\Desktop\TFC.exe
2013-11-04 18:08 - 2013-11-05 00:19 - 105017276 _____ C:\Windows\SysWOW64\م쁶
2013-11-04 17:13 - 2013-09-04 13:12 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2013-11-04 17:13 - 2013-09-04 13:11 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2013-11-04 17:13 - 2013-09-04 13:11 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2013-11-04 17:13 - 2013-09-04 13:11 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2013-11-04 17:13 - 2013-09-04 13:11 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2013-11-04 17:13 - 2013-09-04 13:11 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2013-11-04 17:13 - 2013-09-04 13:11 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2013-11-04 16:35 - 2013-11-04 16:35 - 01957098 _____ (Farbar) C:\Users\*************\Desktop\FRST64.exe
2013-11-04 12:27 - 2013-11-04 12:27 - 00000090 _____ C:\Users\*************\Desktop\Link.txt
2013-11-03 20:45 - 2013-11-03 20:43 - 00891167 _____ C:\Users\*************\Desktop\SecurityCheck.exe
2013-11-03 18:33 - 2013-09-23 00:28 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-11-03 18:33 - 2013-09-23 00:28 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-11-03 18:33 - 2013-09-23 00:27 - 14335488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-11-03 18:33 - 2013-09-23 00:27 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-11-03 18:33 - 2013-09-23 00:27 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-11-03 18:33 - 2013-09-23 00:27 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-11-03 18:33 - 2013-09-23 00:27 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-11-03 18:33 - 2013-09-23 00:27 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-11-03 18:33 - 2013-09-23 00:27 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-11-03 18:33 - 2013-09-23 00:27 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-11-03 18:33 - 2013-09-23 00:27 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-11-03 18:33 - 2013-09-23 00:27 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-11-03 18:33 - 2013-09-23 00:27 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-11-03 18:33 - 2013-09-22 23:55 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-11-03 18:33 - 2013-09-22 23:55 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-11-03 18:33 - 2013-09-22 23:55 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-11-03 18:33 - 2013-09-22 23:54 - 19252224 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-11-03 18:33 - 2013-09-22 23:54 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-11-03 18:33 - 2013-09-22 23:54 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-11-03 18:33 - 2013-09-22 23:54 - 02647552 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-11-03 18:33 - 2013-09-22 23:54 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-11-03 18:33 - 2013-09-22 23:54 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-11-03 18:33 - 2013-09-22 23:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-11-03 18:33 - 2013-09-22 23:54 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-11-03 18:33 - 2013-09-22 23:54 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-11-03 18:33 - 2013-09-22 23:54 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-11-03 18:33 - 2013-09-22 23:54 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-11-03 18:33 - 2013-09-21 04:38 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-11-03 18:33 - 2013-09-21 04:30 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-11-03 18:33 - 2013-09-21 03:48 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-11-03 18:33 - 2013-09-21 03:39 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-11-03 18:09 - 2013-09-14 02:10 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-11-03 18:09 - 2013-09-08 03:30 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-11-03 18:09 - 2013-09-08 03:27 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2013-11-03 18:09 - 2013-09-08 03:03 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2013-11-03 18:09 - 2013-08-29 03:17 - 05549504 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-11-03 18:09 - 2013-08-29 03:16 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-11-03 18:09 - 2013-08-29 03:16 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2013-11-03 18:09 - 2013-08-29 03:16 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-11-03 18:09 - 2013-08-29 03:13 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2013-11-03 18:09 - 2013-08-29 02:51 - 03969472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-11-03 18:09 - 2013-08-29 02:51 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-11-03 18:09 - 2013-08-29 02:50 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-11-03 18:09 - 2013-08-29 02:50 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2013-11-03 18:09 - 2013-08-29 02:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-11-03 18:09 - 2013-08-29 02:48 - 00640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2013-11-03 18:09 - 2013-08-29 01:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-11-03 18:09 - 2013-08-29 01:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-11-03 18:09 - 2013-08-29 01:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-11-03 18:09 - 2013-08-29 01:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-11-03 18:09 - 2013-08-28 02:21 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-11-03 18:09 - 2013-08-28 02:12 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2013-11-03 18:09 - 2013-07-12 11:41 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbvideo.sys
2013-11-03 18:09 - 2013-07-12 11:41 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys
2013-11-03 18:09 - 2013-07-12 11:40 - 00109824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBAUDIO.sys
2013-11-03 18:09 - 2013-07-04 13:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2013-11-03 18:09 - 2013-07-04 13:50 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2013-11-03 18:09 - 2013-07-04 13:50 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2013-11-03 18:09 - 2013-07-04 12:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2013-11-03 18:09 - 2013-07-04 12:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2013-11-03 18:09 - 2013-07-04 12:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2013-11-03 18:09 - 2013-07-04 11:11 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2013-11-03 18:09 - 2013-07-03 05:40 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbscan.sys
2013-11-03 18:09 - 2013-07-03 05:05 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2013-11-03 18:09 - 2013-07-03 05:05 - 00032896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2013-11-03 18:09 - 2013-06-25 23:55 - 00785624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2013-11-03 18:09 - 2013-06-06 06:50 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2013-11-03 18:09 - 2013-06-06 06:49 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2013-11-03 18:09 - 2013-06-06 06:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2013-11-03 18:09 - 2013-06-06 06:47 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2013-11-03 18:09 - 2013-06-06 05:57 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2013-11-03 18:09 - 2013-06-06 05:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2013-11-03 18:09 - 2013-06-06 05:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2013-11-03 18:09 - 2013-06-06 04:30 - 00368128 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2013-11-03 18:09 - 2013-06-06 04:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2013-11-03 18:09 - 2013-06-06 04:01 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2013-11-03 18:08 - 2013-08-01 13:09 - 00983488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2013-11-03 18:08 - 2013-07-20 11:33 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-11-03 18:08 - 2013-07-20 11:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2013-11-03 11:51 - 2013-11-03 18:02 - 104814100 _____ C:\Windows\SysWOW64\�榆”
2013-11-02 18:48 - 2013-11-02 18:48 - 00003074 _____ C:\Windows\System32\Tasks\{9C35EBFE-B845-4439-8663-9E09A8BCEE71}
2013-11-02 18:47 - 2013-11-02 18:47 - 00003074 _____ C:\Windows\System32\Tasks\{3487B000-380F-4D21-A99D-67AFFC99B273}
2013-11-02 18:46 - 2013-11-02 18:46 - 00003338 _____ C:\Windows\System32\Tasks\{C3504938-3CDE-4CC0-8F9B-EB05EEE22097}
2013-11-02 18:34 - 2013-11-04 17:27 - 00000560 _____ C:\Windows\setupact.log
2013-11-02 18:34 - 2013-11-02 18:34 - 00000000 _____ C:\Windows\setuperr.log
2013-11-02 17:20 - 2013-11-02 17:20 - 104684788 _____ C:\Windows\SysWOW64\핅๯
2013-11-02 14:02 - 2013-11-02 16:26 - 00000000 ____D C:\Users\*************\AppData\Roaming\Systweak
2013-11-02 14:02 - 2013-05-27 16:01 - 00020312 _____ (Systweak Inc., (www.systweak.com)) C:\Windows\system32\roboot64.exe
2013-11-02 12:48 - 2013-11-02 12:48 - 00000000 ____D C:\ProgramData\EgisTec
2013-11-02 12:39 - 2013-11-02 12:39 - 00000000 ____D C:\Users\*************\AppData\Roaming\InstallShield
2013-11-02 11:49 - 2013-11-02 11:50 - 00000000 ____D C:\Users\*************\AppData\Local\.elfohilfe
2013-11-02 00:05 - 2013-11-02 00:05 - 104569497 _____ C:\Windows\SysWOW64\墅勶œ
2013-10-24 22:41 - 2013-10-24 22:41 - 00000000 ____D C:\Windows\ERUNT
2013-10-24 22:22 - 2013-10-24 22:24 - 00000000 ____D C:\AdwCleaner
2013-10-24 21:39 - 2013-10-24 21:39 - 00000000 ____D C:\Users\*************\AppData\Roaming\Malwarebytes
2013-10-24 21:39 - 2013-10-24 21:39 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-10-23 22:10 - 2013-10-23 22:10 - 00000000 ____D C:\FRST

==================== One Month Modified Files and Folders =======

2013-11-05 14:43 - 2013-11-05 14:44 - 00448512 _____ (OldTimer Tools) C:\Users\*************\Desktop\TFC.exe
2013-11-05 14:40 - 2013-02-18 19:51 - 00001126 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-11-05 14:39 - 2010-08-23 19:37 - 01563876 _____ C:\Users\*************\DesktopStCenter.txt
2013-11-05 01:26 - 2010-08-23 20:16 - 00000000 ____D C:\Users\*************\AppData\Roaming\FRITZ!
2013-11-05 00:19 - 2013-11-04 18:08 - 105017276 _____ C:\Windows\SysWOW64\م쁶
2013-11-04 21:24 - 2013-02-18 19:51 - 00001122 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-11-04 17:50 - 2010-08-24 20:12 - 00000000 ____D C:\Users\*************\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bilder
2013-11-04 17:35 - 2009-07-14 05:45 - 00009696 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-04 17:35 - 2009-07-14 05:45 - 00009696 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-04 17:27 - 2013-11-02 18:34 - 00000560 _____ C:\Windows\setupact.log
2013-11-04 17:27 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-11-04 17:14 - 2010-03-21 09:24 - 01534201 _____ C:\Windows\WindowsUpdate.log
2013-11-04 16:35 - 2013-11-04 16:35 - 01957098 _____ (Farbar) C:\Users\*************\Desktop\FRST64.exe
2013-11-04 12:27 - 2013-11-04 12:27 - 00000090 _____ C:\Users\*************\Desktop\Link.txt
2013-11-04 03:45 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2013-11-03 21:17 - 2010-03-21 18:16 - 00657910 _____ C:\Windows\system32\perfh007.dat
2013-11-03 21:17 - 2010-03-21 18:16 - 00131250 _____ C:\Windows\system32\perfc007.dat
2013-11-03 21:17 - 2009-07-14 06:13 - 01507342 _____ C:\Windows\system32\PerfStringBackup.INI
2013-11-03 21:07 - 2010-08-23 20:59 - 00000000 ____D C:\Users\*************\Documents\FalkData
2013-11-03 20:43 - 2013-11-03 20:45 - 00891167 _____ C:\Users\*************\Desktop\SecurityCheck.exe
2013-11-03 20:21 - 2010-08-24 22:57 - 00003986 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{6C97ED24-156C-491D-A131-8DFBAECF877A}
2013-11-03 18:40 - 2012-05-18 11:03 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-11-03 18:40 - 2012-05-18 11:03 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-11-03 18:40 - 2009-07-14 05:45 - 00447720 _____ C:\Windows\system32\FNTCACHE.DAT
2013-11-03 18:35 - 2010-03-02 11:55 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-11-03 18:25 - 2013-08-14 20:28 - 00000000 ____D C:\Windows\system32\MRT
2013-11-03 18:22 - 2010-08-23 19:45 - 80541720 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-11-03 18:02 - 2013-11-03 11:51 - 104814100 _____ C:\Windows\SysWOW64\�榆”
2013-11-02 18:48 - 2013-11-02 18:48 - 00003074 _____ C:\Windows\System32\Tasks\{9C35EBFE-B845-4439-8663-9E09A8BCEE71}
2013-11-02 18:47 - 2013-11-02 18:47 - 00003074 _____ C:\Windows\System32\Tasks\{3487B000-380F-4D21-A99D-67AFFC99B273}
2013-11-02 18:46 - 2013-11-02 18:46 - 00003338 _____ C:\Windows\System32\Tasks\{C3504938-3CDE-4CC0-8F9B-EB05EEE22097}
2013-11-02 18:34 - 2013-11-02 18:34 - 00000000 _____ C:\Windows\setuperr.log
2013-11-02 17:23 - 2011-03-23 22:43 - 00000000 ____D C:\Windows\Minidump
2013-11-02 17:23 - 2010-09-26 12:20 - 00000000 ____D C:\Users\*************\AppData\Roaming\Media Player Classic
2013-11-02 17:23 - 2010-08-24 22:51 - 00000000 ____D C:\Users\*************\AppData\Roaming\Winamp
2013-11-02 17:20 - 2013-11-02 17:20 - 104684788 _____ C:\Windows\SysWOW64\핅๯
2013-11-02 16:40 - 2011-02-23 18:34 - 00000000 ____D C:\Program Files\Desk Drive
2013-11-02 16:26 - 2013-11-02 14:02 - 00000000 ____D C:\Users\*************\AppData\Roaming\Systweak
2013-11-02 12:48 - 2013-11-02 12:48 - 00000000 ____D C:\ProgramData\EgisTec
2013-11-02 12:41 - 2010-08-23 20:40 - 00000000 ____D C:\Program Files (x86)\Elaborate Bytes
2013-11-02 12:40 - 2010-03-02 11:40 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-11-02 12:39 - 2013-11-02 12:39 - 00000000 ____D C:\Users\*************\AppData\Roaming\InstallShield
2013-11-02 12:37 - 2010-08-25 12:14 - 00000000 ____D C:\ProgramData\Sony Ericsson
2013-11-02 12:37 - 2010-08-25 12:14 - 00000000 ____D C:\Program Files (x86)\Sony Ericsson
2013-11-02 12:05 - 2011-12-25 21:55 - 00000000 ____D C:\Program Files (x86)\PC Beschleunigen
2013-11-02 12:03 - 2010-08-25 13:52 - 00000228 _____ C:\Windows\holdemg.ini
2013-11-02 11:59 - 2010-03-02 12:07 - 00001024 ___RH C:\Users\Public\Documents\NTIMP3.dll
2013-11-02 11:51 - 2010-03-02 12:03 - 00000000 ____D C:\Program Files (x86)\Google
2013-11-02 11:50 - 2013-11-02 11:49 - 00000000 ____D C:\Users\*************\AppData\Local\.elfohilfe
2013-11-02 00:21 - 2012-05-24 21:59 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-11-02 00:21 - 2012-05-20 23:27 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-11-02 00:05 - 2013-11-02 00:05 - 104569497 _____ C:\Windows\SysWOW64\墅勶œ
2013-10-24 22:58 - 2010-08-23 12:34 - 00000000 ___RD C:\Users\*************\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-10-24 22:41 - 2013-10-24 22:41 - 00000000 ____D C:\Windows\ERUNT
2013-10-24 22:24 - 2013-10-24 22:22 - 00000000 ____D C:\AdwCleaner
2013-10-24 21:42 - 2010-08-28 00:44 - 00000000 ____D C:\Users\*************\AppData\Roaming\Mozilla
2013-10-24 21:39 - 2013-10-24 21:39 - 00000000 ____D C:\Users\*************\AppData\Roaming\Malwarebytes
2013-10-24 21:39 - 2013-10-24 21:39 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-10-23 22:10 - 2013-10-23 22:10 - 00000000 ____D C:\FRST
2013-10-23 13:30 - 2009-07-14 06:08 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-10-23 12:22 - 2010-08-23 12:32 - 00000000 ____D C:\Users\*************

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-11-01 12:30

==================== End Of Log ============================

--- --- ---

--- --- ---

und noch Addition:

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 31-10-2013
Ran by *************** at 2013-11-05 14:52:11
Running from C:\Users\***************\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Avira Desktop (Enabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AS: Avira Desktop (Enabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ZoneAlarm Firewall (Enabled) {D17DF357-CFF5-F001-D1C1-FCD21DFE3D5E}

==================== Installed Programs ======================

 Update for Microsoft Office 2007 (KB2508958) (x32)
Acer Backup Manager (x32 Version: 2.0.0.58)
Acer Crystal Eye webcam (x32 Version: 1.0.1.4)
Acer ePower Management (x32 Version: 5.00.3002)
Acer eRecovery Management (x32 Version: 4.05.3006)
Acer Registration (x32 Version: 1.02.3006)
Acer ScreenSaver (x32 Version: 1.1.0105.2010)
Acer Updater (x32 Version: 1.01.3017)
Acrobat.com (x32 Version: 1.6.65)
Adobe AIR (x32 Version: 1.5.0.7220)
Adobe Flash Player 11 ActiveX (x32 Version: 11.8.800.175)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.117)
Adobe Reader X (10.1.8) - Deutsch (x32 Version: 10.1.8)
Avira Free Antivirus (x32 Version: 13.0.0.4052)
Avira SearchFree Toolbar (x32 Version: 12.6.0.1900)
AVM FRITZ!Box Dokumentation (x32)
AVM FRITZ!Box Druckeranschluss (x32)
AVS Update Manager 1.0 (x32)
AVS Video Converter 6 (x32)
AVS Video Editor 4 (x32)
AVS4YOU Software Navigator 1.3 (x32)
Backup Manager Basic (x32 Version: 2.0.0.58)
Broadcom Gigabit NetLink Controller (Version: 12.52.01)
CCleaner (x32 Version: 2.36)
CDBurnerXP (x32 Version: 4.3.7.2356)
Compatibility Pack für 2007 Office System (x32 Version: 12.0.6612.1000)
congstar Internet-Manager (x32 Version: 1.0.0.3)
CorelDRAW Graphics Suite 12 (x32 Version: 12.0.0.458)
CyberLink PowerDVD 9 (x32 Version: 9.0.2529.50)
Duden Tipptrainer 3.0 (x32 Version: 3.0.0.0)
ElsterFormular (x32 Version: 14.1.11318)
EPSON-Drucker-Software
ESDX4000_4050_CX3900 (x32)
Falk Navi-Manager (x32 Version: 2.2.0.0)
Falk Navi-Manager (x32 Version: 2.2.2)
Free Studio version 5.3.5 (x32 Version: 5.3.5)
Free YouTube to MP3 Converter version 3.12.1.319 (x32 Version: 3.12.1.319)
FreeCommander 2009.02 (x32 Version: 2009.02)
FreeFileSync v3.8 (x32)
FRITZ!DSL64 (Version: 2.04.03)
Google Earth (x32 Version: 5.2.1.1547)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0)
Google Toolbar for Internet Explorer (x32 Version: 7.4.3230.2052)
Google Update Helper (x32 Version: 1.3.21.135)
Identity Card (x32 Version: 1.00.3003)
Intel(R) Control Center (x32 Version: 1.2.1.1007)
Intel(R) Management Engine Components (x32 Version: 6.0.0.1179)
Intel(R) Rapid Storage Technology (x32 Version: 9.5.6.1001)
Intel(R) Turbo Boost Technology Driver (x32 Version: 01.00.01.1002)
Internet-TV für Windows Media Center (x32 Version: 4.2.2.0)
Java Auto Updater (x32 Version: 2.1.6.0)
Java(TM) 7 Update 4 (64-bit) (Version: 7.0.40)
Java(TM) 7 Update 4 (x32 Version: 7.0.40)
Junk Mail filter update (x32 Version: 14.0.8089.726)
Launch Manager (x32 Version: 4.0.6)
LingoMAXX Dictionary4Free (x32)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Choice Guard (x32 Version: 2.0.48.0)
Microsoft IntelliType Pro 8.2 (Version: 8.20.469.0)
Microsoft Office 2007 Service Pack 3 (SP3) (x32)
Microsoft Office Access MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Enterprise 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (x32 Version: 14.0.5130.5003)
Microsoft Office Groove MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office InfoPath MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Live Add-in 1.5 (x32 Version: 2.0.4024.1)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office PowerPoint Viewer 2007 (German) (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32)
Microsoft Office Publisher MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (x32 Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (x32 Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Mindjet MindManager Pro 6 (x32 Version: 6.1.809)
MSVCRT (x32 Version: 14.0.1468.721)
MSXML 4.0 SP2 Parser and SDK (x32 Version: 4.20.9818.0)
MSXML 4.0 SP3 Parser (KB2721691) (x32 Version: 4.30.2114.0)
MSXML 4.0 SP3 Parser (KB2758694) (x32 Version: 4.30.2117.0)
MSXML 4.0 SP3 Parser (KB973685) (x32 Version: 4.30.2107.0)
MyPhoneExplorer (x32 Version: 1.8.2)
MyWinLocker (x32 Version: 3.1.76.0)
NTI Media Maker 8 (x32 Version: 8.0.2.6509)
NVIDIA Drivers (Version: 1.10)
NVIDIA HD-Audiotreiber 1.3.18.0 (Version: 1.3.18.0)
NVIDIA Install Application (Version: 2.1002.109.718)
Office-Bibliothek 4.1 (x32)
Opera 12.02 (Version: 12.02.1578)
PCSpeedUp (HKCU)
PDFCreator (x32 Version: 1.0.2)
PDF-XChange 3.0 (x32)
Picasa 3 (x32 Version: 3.9)
PixelNet Software 4.12.1 (x32 Version: 4.12.1)
QTTabBar 1.5.0.0 Alpha 3
QuickTime (x32)
RealPlayer (x32)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6015)
Realtek USB 2.0 Card Reader (x32 Version: 6.1.7600.30113)
Skype Click to Call (x32 Version: 5.6.8442)
Skype™ 5.10 (x32 Version: 5.10.116)
Synaptics Pointing Device Driver (Version: 14.0.19.0)
Texas Hold'em Poker 7.1 (x32)
Überwachungstool für die Intel® Turbo-Boost-Technik (Version: 1.0.186.6)
uMedia uTV (x32 Version: 1.00.000)
Update for 2007 Microsoft Office System (KB967642) (x32)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (x32)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (x32)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2827325) 32-Bit Edition (x32)
Update für Microsoft Office Excel 2007 Help (KB963678) (x32)
Update für Microsoft Office Outlook 2007 Help (KB963677) (x32)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (x32)
Update für Microsoft Office Word 2007 Help (KB963665) (x32)
VirtualCloneDrive (x32 Version: 5.4.7.0)
VLC media player 1.0.5 (x32 Version: 1.0.5)
VMLite Workstation (Version: 3.2.6)
VR-NetWorld (x32)
Walter de Gruyter - Pschyrembel (x32)
Welcome Center (x32 Version: 1.00.3012)
Winamp (x32 Version: 5.581 )
Winamp Erkennungs-Plug-in (HKCU Version: 1.0.0.1)
Windows Live Anmelde-Assistent (x32 Version: 5.000.818.5)
Windows Live Call (x32 Version: 14.0.8064.0206)
Windows Live Communications Platform (x32 Version: 14.0.8064.206)
Windows Live Essentials (x32 Version: 14.0.8089.0726)
Windows Live Essentials (x32 Version: 14.0.8089.726)
Windows Live Fotogalerie (x32 Version: 14.0.8081.709)
Windows Live Mail (x32 Version: 14.0.8089.0726)
Windows Live Messenger (x32 Version: 14.0.8089.0726)
Windows Live Movie Maker (x32 Version: 14.0.8091.0730)
Windows Live Sync (x32 Version: 14.0.8089.726)
Windows Live Writer (x32 Version: 14.0.8089.0726)
Windows Live-Uploadtool (x32 Version: 14.0.8014.1029)
Windows Media Center Add-in for Silverlight (x32 Version: 4.7.3.0)
Windows Mobile-Gerätecenter (Version: 6.1.6965.0)
WinRAR (x32)
XMedia Recode Version 3.1.4.6 (x32 Version: 3.1.4.6)
ZoneAlarm (x32 Version: 9.2.058.000)

==================== Restore Points  =========================

17-07-2013 14:07:14 Geplanter Prüfpunkt
30-07-2013 16:44:23 Windows Update
10-08-2013 22:58:12 Geplanter Prüfpunkt
11-08-2013 14:24:25 Windows Update
14-08-2013 19:25:58 Windows Update
22-08-2013 12:31:47 Geplanter Prüfpunkt
31-08-2013 19:48:13 Removed Sunny Explorer
12-09-2013 00:09:27 Geplanter Prüfpunkt
22-09-2013 18:57:14 Windows Update
17-10-2013 01:34:51 Geplanter Prüfpunkt
23-10-2013 11:25:21 Wiederherstellungsvorgang
01-11-2013 11:37:42 Geplanter Prüfpunkt
02-11-2013 10:35:40 FloorPlan 3D V.9 wird entfernt
02-11-2013 10:43:15 Removed pdfforge Toolbar v5.6.
02-11-2013 11:35:37 Windows XP Mode wird entfernt
02-11-2013 11:36:25 Windows XP Mode wird entfernt
02-11-2013 11:40:03 Entfernt Easy Photo Print Plug-in for PMB(Picture Motion Browser»ÎU
02-11-2013 15:38:21 Removed Desk Drive
02-11-2013 17:52:52 Gerätetreiber-Paketinstallation: Elaborate Bytes AG Speichercontroller
03-11-2013 17:12:56 Windows Update
04-11-2013 16:13:20 Windows Update

==================== Hosts content: ==========================

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {1944485E-E7C5-4662-8225-39BFEFBF0AC6} - System32\Tasks\{486325DA-5C15-4B5E-944F-B847615AE7FF} => C:\Windows\twain_32\escndv\escndv.exe
Task: {353DA2D9-981C-44CA-81DC-6D457779C60E} - System32\Tasks\{28E83467-8D27-425C-975A-56CA8CA054C4} => X:\INSTALL.EXE
Task: {35C36EF1-B9AC-40B5-BC4B-686BA9A13053} - System32\Tasks\{4CCCC847-BB75-4845-9293-E1D10FAE9B36} => X:\INSTALL.EXE
Task: {3D0E7DB8-EA93-465B-8053-6D26D3BCE449} - System32\Tasks\{E03B8769-7AE7-45BC-86F3-9685FFD46F59} => X:\INSTALL.EXE
Task: {4ADAD749-F773-439D-8390-D8BF0450FCAA} - System32\Tasks\{AB9763CF-E13A-47B5-B368-92BE69590847} => X:\INSTALL.EXE
Task: {4C957EAC-9AA6-471F-896B-6520DA27DE8A} - System32\Tasks\{9C35EBFE-B845-4439-8663-9E09A8BCEE71} => E:\Programme nicht installiert\Tools\Windowstools\Virtuelles\VirtualCD 9.3 Vollversion.exe [2010-07-09] (Macrovision Corporation)
Task: {4E3A7C3A-DDAE-4E7F-A024-1A5030734CC6} - System32\Tasks\{28514D77-1349-435B-B904-ACCEF9C2F7F2} => X:\INSTALL.EXE
Task: {5BC14766-F219-42E2-8FCD-3FA91D64F78E} - System32\Tasks\{AECE50AF-511B-4D99-936B-6387884EC6E3} => C:\Windows\twain_32\escndv\escndv.exe
Task: {6110E459-E314-4BCB-8CF9-DC3524927D95} - System32\Tasks\{7CE3FCFA-7DCF-4A44-8DDD-B0642109DBEC} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2012-07-13] (Skype Technologies S.A.)
Task: {7F373E03-4382-4114-BEC6-0185F78B13B0} - System32\Tasks\{3487B000-380F-4D21-A99D-67AFFC99B273} => E:\Programme nicht installiert\Tools\Windowstools\Virtuelles\VirtualCD 9.3 Vollversion.exe [2010-07-09] (Macrovision Corporation)
Task: {8940E673-5D65-4AF9-811D-4E8D5327C3C9} - System32\Tasks\Microsoft_Hardware_Launch_IType_exe => C:\Program Files\Microsoft IntelliType Pro\itype.exe [2011-08-10] (Microsoft Corporation)
Task: {8B22F63F-2D66-476B-968B-B11F2262A10F} - System32\Tasks\{184AD4E1-BD9F-4983-A15A-54BF7EB0404D} => C:\Program Files (x86)\MegaSystems\Mensch 4D\GKMensch.exe
Task: {8E312D4F-2DBF-4ED7-B428-3590864B663C} - System32\Tasks\{0CFEA78F-1AA4-462C-ADEB-DBDF892E70CD} => X:\INSTALL.EXE
Task: {96A69100-1A7A-420C-A8BE-B44D6D0A6528} - System32\Tasks\{2DBCFDBB-AA5C-4689-9150-268314FD5F2B} => X:\INSTALL.EXE
Task: {AC469687-D0B6-46EA-A62F-2BFD09432E20} - System32\Tasks\{8B11AF01-B1A5-4387-9498-64CC12C0DCFB} => X:\INSTALL.EXE
Task: {B160D1F2-DCF0-4416-8AA1-DE41A0212881} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe [2010-02-23] (Microsoft Corporation)
Task: {B2A14DC5-2992-48EB-8FD4-8DB51BF94C91} - System32\Tasks\{8BFC955D-0105-4351-8F8D-4D64F31F0EB5} => Iexplore.exe hxxp://ui.skype.com/ui/0/4.1.0.179.367/de/abandoninstall?source=lightinstaller&amp;page=tsMain&amp;installinfo=google-toolbar:notoffered;notincluded,google-chrome:notoffered;notincluded
Task: {B3056FD0-2E7F-4780-B927-6F93CCA67D3A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-02-18] (Google Inc.)
Task: {C1468938-4464-466B-9DE7-0C4DACCEC7E8} - System32\Tasks\{8C958137-3591-46A4-832A-2A31B17766DF} => C:\Program Files (x86)\MegaSystems\Mensch 4D\GKMensch.exe
Task: {CFBF9EA6-792E-44C3-B399-9278DC06701D} - System32\Tasks\{0F720B8C-B181-4773-B741-7CC9088BD67B} => Iexplore.exe hxxp://ui.skype.com/ui/0/4.1.0.179.367/de/abandoninstall?source=lightinstaller&amp;page=tsMain&amp;installinfo=google-toolbar:notoffered;notincluded,google-chrome:notoffered;notincluded
Task: {D4F8F8CD-6088-4F07-923F-262C47E33188} - System32\Tasks\{97D61391-502B-4181-9210-EFBF648D6692} => X:\INSTALL.EXE
Task: {E65F8E99-7692-4E01-917B-B91DB6606102} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-02-18] (Google Inc.)
Task: {E7EDBC53-AB91-49CC-9BC1-F24A19CF4B67} - System32\Tasks\{5EFDA44C-1A62-4E07-B9F3-E200CDDD60FF} => C:\Windows\twain_32\escndv\escndv.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-08-14 19:55 - 2013-08-05 16:55 - 00394824 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2010-01-07 02:46 - 2010-01-07 02:46 - 00465576 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll
2010-01-07 02:43 - 2010-01-07 02:43 - 01081600 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\ACE.dll
2010-03-02 11:40 - 2009-12-24 02:32 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Windows:436B3293FE094DB2
AlternateDataStreams: C:\ProgramData\Temp:0B9176C0
AlternateDataStreams: C:\ProgramData\Temp:4CF61E54
AlternateDataStreams: C:\ProgramData\Temp:4D066AD2
AlternateDataStreams: C:\ProgramData\Temp:5D7E5A8F
AlternateDataStreams: C:\ProgramData\Temp:93DE1838
AlternateDataStreams: C:\ProgramData\Temp:AB689DEA
AlternateDataStreams: C:\ProgramData\Temp:ABE89FFE
AlternateDataStreams: C:\ProgramData\Temp:E1F04E8D
AlternateDataStreams: C:\ProgramData\Temp:E3C56885

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsmon => ""="Service"

==================== Faulty Device Manager Devices =============

Name: Microsoft-Adapter für Miniports virtueller WiFis
Description: Microsoft-Adapter für Miniports virtueller WiFis
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vwifimp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: VMLite Host-Only Ethernet Adapter
Description: VMLite Host-Only Ethernet Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: VMLite Inc.
Service: VBoxNetAdp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (11/04/2013 05:10:54 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (11/04/2013 05:10:35 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (11/04/2013 05:10:22 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (11/04/2013 05:10:22 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (11/04/2013 04:36:52 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (11/04/2013 11:44:42 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (11/04/2013 11:44:11 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (11/04/2013 11:38:15 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (11/04/2013 03:38:34 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (11/04/2013 03:38:06 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig.


System errors:
=============
Error: (11/04/2013 05:28:04 PM) (Source: Service Control Manager) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
UimBus
Uim_IM

Error: (11/04/2013 05:27:46 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "McAfee SiteAdvisor Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (11/04/2013 05:27:45 PM) (Source: Microsoft-Windows-BitLocker-Driver) (User: NT-AUTORITÄT)
Description: Überprüfung des verschlüsselten Volumes: Die Volumeinformationen auf "\\?\Volume{bbeaa119-34c2-11df-95e9-806e6f6e6963}" können nicht gelesen werden.

Error: (11/04/2013 05:27:45 PM) (Source: Microsoft-Windows-BitLocker-Driver) (User: NT-AUTORITÄT)
Description: Überprüfung des verschlüsselten Volumes: Die Volumeinformationen auf "\\?\Volume{bbeaa118-34c2-11df-95e9-806e6f6e6963}" können nicht gelesen werden.

Error: (11/04/2013 05:24:19 PM) (Source: Service Control Manager) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
UimBus
Uim_IM

Error: (11/04/2013 05:23:57 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "McAfee SiteAdvisor Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (11/04/2013 05:23:57 PM) (Source: Microsoft-Windows-BitLocker-Driver) (User: NT-AUTORITÄT)
Description: Überprüfung des verschlüsselten Volumes: Die Volumeinformationen auf "\\?\Volume{bbeaa119-34c2-11df-95e9-806e6f6e6963}" können nicht gelesen werden.

Error: (11/04/2013 05:23:57 PM) (Source: Microsoft-Windows-BitLocker-Driver) (User: NT-AUTORITÄT)
Description: Überprüfung des verschlüsselten Volumes: Die Volumeinformationen auf "\\?\Volume{bbeaa118-34c2-11df-95e9-806e6f6e6963}" können nicht gelesen werden.

Error: (11/04/2013 05:22:09 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst Windows Update konnte nach dem Empfang eines Preshutdown-Steuerelements nicht richtig heruntergefahren werden.

Error: (11/04/2013 05:17:15 PM) (Source: Service Control Manager) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
UimBus
Uim_IM


Microsoft Office Sessions:
=========================
Error: (03/14/2013 10:27:49 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 139 seconds with 60 seconds of active time.  This session ended with a crash.

Error: (08/25/2010 01:52:21 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6535.5005, Microsoft Office Version: 12.0.6425.1000. This session lasted 91 seconds with 60 seconds of active time.  This session ended with a crash.


==================== Memory info =========================== 

Percentage of memory in use: 39%
Total physical RAM: 3958.78 MB
Available physical RAM: 2383.77 MB
Total Pagefile: 7915.73 MB
Available Pagefile: 6000.92 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:294.23 GB) (Free:154.32 GB) NTFS
Drive e: (EigeneDateien) (Fixed) (Total:143.36 GB) (Free:14.35 GB) NTFS
Drive g: (MusikLaptop) (Fixed) (Total:146.48 GB) (Free:82.99 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596 GB) (Disk ID: C20DB313)
Partition 1: (Not Active) - (Size=12 GB) - (Type=27)
Partition 2: (Active) - (Size=102 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=294 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=290 GB) - (Type=OF Extended)

==================== End Of Log ============================

Dankeschön!

schrauber · 06.11.2013, 10:50

Java und Flash am besten deinstallieren ,dann neu installieren.

Zitat:

FritzDSLProtect ist fehlerhaft installiert. Möchten Sie dies korrigieren?

auch mal komplett deinstallieren, dann neu installieren, am besten hiermit:

Revo Uninstaller - Download - Filepony

claro3 · 06.11.2013, 14:34

Hab alles mit Revo uninstaler deinstalliert (habe auch noch Teile eigentlich bereits deinstallierter Programme entfernt).
Adobe und Java neu installiert.
Die FritzBox DSL-Meldung (ebenfalls neu installiert) ist jetzt weg.
Bleibt nur das Outlook-Problem.
Was ist mit der Datei in Quarantäne - die ist noch da?

schrauber · 06.11.2013, 17:27

Ja aber in Quarantäne. Kannste löschen wenn Du magst. Office würd ich ja auch neu installieren, von office hab ich nicht so den Plan

.

claro3 · 06.11.2013, 19:43

Datei hab ich gelöscht.
Hab wegen Outlook gegoogelt und eine Lösung gefunden. Die Deinstallation (bzw. damit verbunden die versehentliche Installation) von Google Chrome war das Problem. Hab in der Registrierung einige Einträge abändern müssen. Jetzt futz es wieder.
Dir/Euch vielen herzlichen Dank und Spende folgt!

schrauber · 07.11.2013, 12:23

alles klar

06.11.2013, 17:27	#12
schrauber /// the machine /// TB-Ausbilder	GVU-Trojaner vermutlich deaktiviert, aber noch Probleme Ja aber in Quarantäne. Kannste löschen wenn Du magst. Office würd ich ja auch neu installieren, von office hab ich nicht so den Plan . __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

07.11.2013, 12:23	#14
schrauber /// the machine /// TB-Ausbilder	GVU-Trojaner vermutlich deaktiviert, aber noch Probleme alles klar __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

GVU-Trojaner vermutlich deaktiviert, aber noch Probleme

Log-Analyse und Auswertung: GVU-Trojaner vermutlich deaktiviert, aber noch Probleme