| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Suchmasachine Bing kommt seit gestern immer bei neuem Fenster...Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
24.01.2014, 17:49
| #1 |
 |  Suchmasachine Bing kommt seit gestern immer bei neuem Fenster... Moin Leute, seit gestern kommt bei mir ständig ein Suchfenster von Bing, wenn ich einen neuen Task öffne. Außerdem öffnen sich ungewollt Fenster. Habe Windows 8 drauf + Gratis-Avira mit täglichem Update. Ich arbeite mit Firefox. Kann mir jemand bitte helfen? Geändert von dreizwonull (24.01.2014 um 18:38 Uhr) |
|
24.01.2014, 19:59
| #2 |
| /// the machine /// TB-Ausbilder    | Suchmasachine Bing kommt seit gestern immer bei neuem Fenster... hi,
__________________Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
|
24.01.2014, 20:50
| #3 |
| | Suchmasachine Bing kommt seit gestern immer bei neuem Fenster... Danke für die Hilfe, ich hoffe, dass ich es so richtig mache...
__________________FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-01-2014
Ran by Eike Koopamann (administrator) on EIKE on 24-01-2014 20:45:39
Running from C:\Users\Eike Koopamann\Downloads
Windows 8 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(IvoSoft) C:\Program Files\Classic Shell\ClassicShellService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
() C:\Program Files (x86)\TOSHIBA\Password Utility\GFNEXSrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4396.1016_x64__8wekyb3d8bbwe\LiveComm.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoResident.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
(SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowsphotos_16.4.4388.928_x64__8wekyb3d8bbwe\LiveComm.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Updater) C:\ProgramData\Updater\updater.exe
(WatchDog) C:\ProgramData\RHelpers\ChromeHelper\ChromeHelper.exe
(WatchDog) C:\ProgramData\RHelpers\FirefoxHelper\FirefoxHelper.exe
(WatchDog) C:\ProgramData\RHelpers\IeHelper\IeHelper.exe
(Conduit) C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe
(Conduit) C:\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe
(Conduit) C:\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Reader_6.2.9200.20523_x64__8wekyb3d8bbwe\glcnd.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\Receiver\Receiver.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\AuthManager\AuthManSvr.exe
(Parallel Lines Development, LLC) C:\ProgramData\InternetUpdater\InternetUpdaterService.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_62280e15510f8e79\TiWorker.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [] - [x]
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13261456 2012-11-29] (Realtek Semiconductor)
HKLM\...\Run: [TCrdMain] - C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2565544 2012-10-31] ()
HKLM\...\Run: [TODDMain] - C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe [213136 2012-08-04] ()
HKLM\...\Run: [TecoResident] - C:\Program Files\TOSHIBA\Teco\TecoResident.exe [169896 2012-08-14] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] - C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [356776 2012-07-11] (TOSHIBA Corporation)
HKLM\...\Run: [SRS Premium Sound HD] - C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe [2172816 2012-10-22] (SRS Labs, Inc.)
HKLM-x32\...\Run: [Intel AppUp(R) center] - C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [156000 2012-12-18] (Intel Corporation)
HKLM-x32\...\Run: [TPUReg] - C:\Program Files (x86)\TOSHIBA\Password Utility\TosPU.exe [7152640 2012-12-05] (Pegatron Corporation)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [684600 2013-12-19] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [PDFPrint] - C:\Program Files (x86)\PDF24\pdf24.exe [162856 2013-07-22] (Geek Software GmbH)
HKLM-x32\...\Run: [Updater] - C:\ProgramData\Updater\Updater.exe [486264 2013-12-18] (Updater)
HKLM-x32\...\Run: [CitrixReceiver] - "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk"
HKLM-x32\...\Run: [ConnectionCenter] - C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [395656 2013-06-14] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [Redirector] - C:\Program Files (x86)\Citrix\ICA Client\redirector.exe [153992 2013-06-14] (Citrix Systems, Inc.)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [Updater] - C:\ProgramData\Updater\Updater.exe [486264 2013-12-18] (Updater)
HKCU\...\Run: [Optimizer Pro] - C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe [135160 2014-01-13] (PC Utilities Software Limited)
MountPoints2: {29bedb58-8051-11e3-be94-24fd5215b36f} - "E:\Startme.exe"
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll [1344800 2014-01-01] (Conduit)
AppInit_DLLs: C:\PROGRA~2\OPTIMI~1\OPTPRO~2.DLL => C:\Program Files (x86)\Optimizer Pro\OptProCrash_x64.dll [2681648 2014-01-23] ()
AppInit_DLLs-x32: c:\progra~2\searchprotect\searchprotect\bin\spvc32loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dll [1037600 2014-01-01] (Conduit)
AppInit_DLLs-x32: c:\progra~2\optimi~1\optpro~1.dll => C:\Program Files (x86)\Optimizer Pro\OptProCrash.dll [2961368 2014-01-23] ()
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com/?ctid=CT3323737&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SPAADC6004-D67A-4068-997F-B273C887E248&SSPV=
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKLM - {92DBA33B-89A9-4441-965D-BE7A8C1BC452} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MATMJS
SearchScopes: HKLM-x32 - {92DBA33B-89A9-4441-965D-BE7A8C1BC452} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MATMJS
SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://search.conduit.com/Results.aspx?ctid=CT3323737&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SPAADC6004-D67A-4068-997F-B273C887E248&q={searchTerms}&SSPV=
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://search.conduit.com/Results.aspx?ctid=CT3323737&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SPAADC6004-D67A-4068-997F-B273C887E248&q={searchTerms}&SSPV=
SearchScopes: HKCU - {92DBA33B-89A9-4441-965D-BE7A8C1BC452} URL =
BHO: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
BHO: ClassicIE9BHO Class - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIE9DLL_64.dll (IvoSoft)
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
BHO-x32: Websteroids - {44ed99e2-16a6-4b89-80d6-5b21cf42e78b} - C:\ProgramData\Websteroids\IE\common.dll (Creative Island Media, LLC)
BHO-x32: ClassicIE9BHO Class - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIE9DLL_32.dll (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Eike Koopamann\AppData\Roaming\Mozilla\Firefox\Profiles\nvxyvzwz.default
FF NewTab: hxxp://search.conduit.com/?ctid=CT3323737&octid=EB_ORIGINAL_CTID&SearchSource=69&CUI=&SSPV=&Lay=1&UM=2&UP=SPAADC6004-D67A-4068-997F-B273C887E248
FF SearchEngineOrder.1: Google
FF SelectedSearchEngine: Bing
FF Homepage: https://www.google.de/
FF Keyword.URL: hxxp://www.google.com/search?ie=UTF-8&oe=utf-8&q=
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @Citrix.com/npican - C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)
FF SearchPlugin: C:\Users\Eike Koopamann\AppData\Roaming\Mozilla\Firefox\Profiles\nvxyvzwz.default\searchplugins\conduit-search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Websteroids - C:\Users\Eike Koopamann\AppData\Roaming\Mozilla\Firefox\Profiles\nvxyvzwz.default\Extensions\support@websteroidsapp.com [2014-01-23]
FF Extension: Adblock Plus - C:\Users\Eike Koopamann\AppData\Roaming\Mozilla\Firefox\Profiles\nvxyvzwz.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-08-11]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
==================== Services (Whitelisted) =================
U2 70e6ca8c; C:\Program Files (x86)\Optimizer Pro\OptProCrashSvc.dll [186496 2014-01-23] ()
U2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376 2013-12-19] (Avira Operations GmbH & Co. KG)
U2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376 2013-11-25] (Avira Operations GmbH & Co. KG)
U4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1011768 2013-12-19] (Avira Operations GmbH & Co. KG)
U2 ClassicShellService; C:\Program Files\Classic Shell\ClassicShellService.exe [68608 2013-06-29] (IvoSoft)
U2 CltMngSvc; C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe [2301216 2014-01-01] (Conduit)
U2 GFNEXSrv; C:\Program Files (x86)\TOSHIBA\Password Utility\GFNEXSrv.exe [156672 2011-10-13] ()
U2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)
U2 InternetUpdater; C:\ProgramData\InternetUpdater\InternetUpdaterService.exe [45568 2014-01-15] (Parallel Lines Development, LLC)
U2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
U2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
U2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
U3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [288776 2013-09-06] (McAfee, Inc.)
U2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [201872 2012-12-05] (Realtek Semiconductor)
U3 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [116240 2013-01-04] (Toshiba Europe GmbH)
U3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-07-02] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
U2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-19] (Avira Operations GmbH & Co. KG)
U1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [131576 2013-12-19] (Avira Operations GmbH & Co. KG)
U1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2013-11-25] (Avira Operations GmbH & Co. KG)
U2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [84720 2013-12-19] (Avira Operations GmbH & Co. KG)
U3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
U3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
U2 PEGAGFN; C:\Program Files (x86)\TOSHIBA\Password Utility\PEGAGFN.sys [14344 2009-09-11] (PEGATRON)
U3 RtkBtFilter; C:\Windows\system32\DRIVERS\RtkBtfilter.sys [24208 2012-07-11] (Realtek Microelectronics)
U3 RTL8192Ce; C:\Windows\system32\DRIVERS\rtwlane.sys [1498256 2012-08-29] (Realtek Semiconductor Corporation )
U3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [1498256 2012-08-29] (Realtek Semiconductor Corporation )
U3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [31032 2012-11-29] (Synaptics Incorporated)
U3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [28632 2012-07-31] (Windows (R) Win 7 DDK provider)
U3 WUDFWpdComp; C:\Windows\system32\DRIVERS\WUDFRd.sys [198656 2012-07-26] (Microsoft Corporation)
U4 esgiguard;
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-01-24 20:45 - 2014-01-24 20:45 - 00020833 _____ C:\Users\Eike Koopamann\Downloads\FRST.txt
2014-01-24 20:44 - 2014-01-24 20:44 - 02077696 _____ (Farbar) C:\Users\Eike Koopamann\Downloads\FRST64.exe
2014-01-23 20:47 - 2014-01-23 20:47 - 00000000 ____D C:\ProgramData\InternetUpdater
2014-01-23 20:04 - 2014-01-23 20:04 - 00000000 ____D C:\Users\Eike Koopamann\AppData\Roaming\ICAClient
2014-01-23 20:03 - 2014-01-23 20:06 - 00000000 ____D C:\Users\Eike Koopamann\AppData\Local\Citrix
2014-01-23 20:03 - 2014-01-23 20:04 - 00000000 ____D C:\ProgramData\Citrix
2014-01-23 20:03 - 2014-01-23 20:04 - 00000000 ____D C:\Program Files (x86)\Citrix
2014-01-23 20:03 - 2014-01-23 20:03 - 00000000 ____D C:\Users\Eike Koopamann\Documents\Optimizer Pro
2014-01-23 20:03 - 2014-01-23 20:03 - 00000000 ____D C:\Users\Eike Koopamann\AppData\Roaming\Optimizer Pro
2014-01-23 20:03 - 2014-01-23 20:03 - 00000000 ____D C:\Program Files (x86)\Optimizer Pro
2014-01-23 20:02 - 2014-01-23 20:02 - 00000000 ____D C:\Users\Eike Koopamann\AppData\Local\SearchProtect
2014-01-23 20:02 - 2014-01-23 20:02 - 00000000 ____D C:\ProgramData\Updater
2014-01-23 20:02 - 2014-01-23 20:02 - 00000000 ____D C:\ProgramData\RHelpers
2014-01-23 20:02 - 2014-01-23 20:02 - 00000000 ____D C:\Program Files (x86)\SearchProtect
2014-01-23 20:01 - 2014-01-23 20:01 - 00657784 _____ (Conduit) C:\Users\Eike Koopamann\Downloads\Citrix_Receiver_TSV126G03.exe
2014-01-23 20:01 - 2014-01-23 20:01 - 00000000 ____D C:\Users\Eike Koopamann\Downloads\Citrix_Receiver_TSV126G03
2014-01-23 20:01 - 2014-01-23 20:01 - 00000000 ____D C:\ProgramData\Websteroids
2014-01-19 19:23 - 2014-01-19 19:23 - 00000000 ____D C:\Users\Eike Koopamann\AppData\Roaming\sMedio
2014-01-18 10:06 - 2013-12-07 07:37 - 00688640 _____ (Microsoft Corporation) C:\windows\system32\WSShared.dll
2014-01-18 10:06 - 2013-12-07 07:37 - 00163840 _____ (Microsoft Corporation) C:\windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-01-18 10:06 - 2013-12-07 06:15 - 00562688 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSShared.dll
2014-01-18 10:06 - 2013-12-07 06:15 - 00124928 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-01-15 18:29 - 2013-10-31 06:56 - 00915968 _____ (Microsoft Corporation) C:\windows\system32\MPSSVC.dll
2014-01-15 18:29 - 2013-10-31 06:56 - 00758784 _____ (Microsoft Corporation) C:\windows\system32\FirewallAPI.dll
2014-01-15 18:29 - 2013-10-31 05:01 - 00550400 _____ (Microsoft Corporation) C:\windows\SysWOW64\FirewallAPI.dll
2014-01-15 18:29 - 2013-10-31 04:42 - 00074752 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mpsdrv.sys
2014-01-15 18:29 - 2013-10-28 06:50 - 00588288 _____ (Microsoft Corporation) C:\windows\system32\SHCore.dll
2014-01-15 18:29 - 2013-10-28 05:05 - 00452608 _____ (Microsoft Corporation) C:\windows\SysWOW64\SHCore.dll
2014-01-15 18:29 - 2013-10-13 21:49 - 00100696 _____ (Microsoft Corporation) C:\windows\system32\Drivers\disk.sys
2014-01-15 18:29 - 2013-08-27 06:21 - 00227840 _____ (Microsoft Corporation) C:\windows\system32\WebClnt.dll
2014-01-15 18:29 - 2013-08-27 06:19 - 00104448 _____ (Microsoft Corporation) C:\windows\system32\davclnt.dll
2014-01-15 18:29 - 2013-08-26 23:29 - 00199168 _____ (Microsoft Corporation) C:\windows\SysWOW64\WebClnt.dll
2014-01-15 18:29 - 2013-08-26 23:28 - 00086016 _____ (Microsoft Corporation) C:\windows\SysWOW64\davclnt.dll
2013-12-29 23:06 - 2013-12-29 23:06 - 479824446 _____ C:\windows\MEMORY.DMP
2013-12-29 23:06 - 2013-12-29 23:06 - 00285920 _____ C:\windows\Minidump\122913-18671-01.dmp
2013-12-29 23:06 - 2013-12-29 23:06 - 00000000 ____D C:\windows\Minidump
2013-12-28 23:46 - 2013-12-28 23:46 - 00329024 _____ C:\windows\system32\FNTCACHE.DAT
==================== One Month Modified Files and Folders =======
2014-01-24 20:46 - 2014-01-24 20:45 - 00020833 _____ C:\Users\Eike Koopamann\Downloads\FRST.txt
2014-01-24 20:44 - 2014-01-24 20:44 - 02077696 _____ (Farbar) C:\Users\Eike Koopamann\Downloads\FRST64.exe
2014-01-24 20:43 - 2013-08-16 15:07 - 00000884 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2014-01-24 20:02 - 2012-07-26 09:12 - 00000000 ____D C:\windows\system32\sru
2014-01-24 19:23 - 2013-08-11 17:48 - 01904871 _____ C:\windows\WindowsUpdate.log
2014-01-23 20:47 - 2014-01-23 20:47 - 00000000 ____D C:\ProgramData\InternetUpdater
2014-01-23 20:06 - 2014-01-23 20:03 - 00000000 ____D C:\Users\Eike Koopamann\AppData\Local\Citrix
2014-01-23 20:04 - 2014-01-23 20:04 - 00000000 ____D C:\Users\Eike Koopamann\AppData\Roaming\ICAClient
2014-01-23 20:04 - 2014-01-23 20:03 - 00000000 ____D C:\ProgramData\Citrix
2014-01-23 20:04 - 2014-01-23 20:03 - 00000000 ____D C:\Program Files (x86)\Citrix
2014-01-23 20:03 - 2014-01-23 20:03 - 00000000 ____D C:\Users\Eike Koopamann\Documents\Optimizer Pro
2014-01-23 20:03 - 2014-01-23 20:03 - 00000000 ____D C:\Users\Eike Koopamann\AppData\Roaming\Optimizer Pro
2014-01-23 20:03 - 2014-01-23 20:03 - 00000000 ____D C:\Program Files (x86)\Optimizer Pro
2014-01-23 20:02 - 2014-01-23 20:02 - 00000000 ____D C:\Users\Eike Koopamann\AppData\Local\SearchProtect
2014-01-23 20:02 - 2014-01-23 20:02 - 00000000 ____D C:\ProgramData\Updater
2014-01-23 20:02 - 2014-01-23 20:02 - 00000000 ____D C:\ProgramData\RHelpers
2014-01-23 20:02 - 2014-01-23 20:02 - 00000000 ____D C:\Program Files (x86)\SearchProtect
2014-01-23 20:01 - 2014-01-23 20:01 - 00657784 _____ (Conduit) C:\Users\Eike Koopamann\Downloads\Citrix_Receiver_TSV126G03.exe
2014-01-23 20:01 - 2014-01-23 20:01 - 00000000 ____D C:\Users\Eike Koopamann\Downloads\Citrix_Receiver_TSV126G03
2014-01-23 20:01 - 2014-01-23 20:01 - 00000000 ____D C:\ProgramData\Websteroids
2014-01-19 19:23 - 2014-01-19 19:23 - 00000000 ____D C:\Users\Eike Koopamann\AppData\Roaming\sMedio
2014-01-19 19:21 - 2012-07-26 08:21 - 00029633 _____ C:\windows\setupact.log
2014-01-18 16:00 - 2012-07-26 08:22 - 00000006 ____H C:\windows\Tasks\SA.DAT
2014-01-18 15:59 - 2012-07-26 06:26 - 00262144 ___SH C:\windows\system32\config\BBI
2014-01-18 15:58 - 2013-08-18 20:50 - 00000000 ____D C:\windows\system32\MRT
2014-01-18 15:58 - 2012-07-26 09:12 - 00000000 ____D C:\windows\WinStore
2014-01-18 15:56 - 2013-08-18 20:50 - 86054176 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-01-13 21:03 - 2012-07-26 09:12 - 00000000 ____D C:\windows\AUInstallAgent
2014-01-10 20:43 - 2012-08-01 17:55 - 00780976 _____ C:\windows\system32\perfh010.dat
2014-01-10 20:43 - 2012-08-01 17:55 - 00152608 _____ C:\windows\system32\perfc010.dat
2014-01-10 20:43 - 2012-08-01 17:38 - 00753134 _____ C:\windows\system32\perfh007.dat
2014-01-10 20:43 - 2012-08-01 17:38 - 00155826 _____ C:\windows\system32\perfc007.dat
2014-01-10 20:43 - 2012-07-26 08:28 - 02679026 _____ C:\windows\system32\PerfStringBackup.INI
2014-01-09 09:02 - 2013-11-19 21:21 - 00694240 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-01-09 09:02 - 2013-11-19 21:21 - 00078296 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-12-29 23:06 - 2013-12-29 23:06 - 479824446 _____ C:\windows\MEMORY.DMP
2013-12-29 23:06 - 2013-12-29 23:06 - 00285920 _____ C:\windows\Minidump\122913-18671-01.dmp
2013-12-29 23:06 - 2013-12-29 23:06 - 00000000 ____D C:\windows\Minidump
2013-12-28 23:46 - 2013-12-28 23:46 - 00329024 _____ C:\windows\system32\FNTCACHE.DAT
2013-12-28 23:46 - 2013-08-11 18:03 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-12-28 23:44 - 2012-07-26 06:38 - 00000000 ____D C:\windows\system32\oobe
Some content of TEMP:
====================
C:\Users\Eike Koopamann\AppData\Local\Temp\avgnt.exe
C:\Users\Eike Koopamann\AppData\Local\Temp\nsf703A.exe
C:\Users\Eike Koopamann\AppData\Local\Temp\nsh8C5F.exe
C:\Users\Eike Koopamann\AppData\Local\Temp\nsi8ED1.exe
C:\Users\Eike Koopamann\AppData\Local\Temp\nsk6D9A.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-01-19 15:29
==================== End Of Log ============================
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-01-2014
Ran by Eike Koopamann at 2014-01-24 20:48:23
Running from C:\Users\Eike Koopamann\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Avira Desktop (Enabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AS: Avira Desktop (Enabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.170 - Adobe Systems Incorporated)
Avira Free Antivirus (x32 Version: 14.0.2.286 - Avira)
Citrix Authentication Manager (x32 Version: 5.0.0.60597 - Citrix Systems, Inc.) Hidden
Citrix Receiver (DV) (x32 Version: 14.0.0.91 - Citrix Systems, Inc.) Hidden
Citrix Receiver (HDX Flash-Umleitung) (x32 Version: 14.0.0.91 - Citrix Systems, Inc.) Hidden
Citrix Receiver (USB) (x32 Version: 14.0.0.91 - Citrix Systems, Inc.) Hidden
Citrix Receiver (x32 Version: 14.0.0.91 - Citrix Systems, Inc.)
Citrix Receiver Inside (x32 Version: 3.4.0.45902 - Citrix Systems, Inc.) Hidden
Citrix Receiver Updater (x32 Version: 4.0.0.45893 - Citrix Systems, Inc.) Hidden
Citrix Receiver(Aero) (x32 Version: 14.0.0.91 - Citrix Systems, Inc.) Hidden
Classic Shell (Version: 3.6.8 - IvoSoft)
ElsterFormular (x32 Version: 14.4.12044 - Landesfinanzdirektion Thüringen)
FileParade bundle uninstaller (x32 Version: 1.0.0.0 - FileParade)
Intel AppUp(R) center (x32 Version: 3.8.0.41663.61 - Intel)
Intel(R) Management Engine Components (x32 Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (x32 Version: 9.17.10.2875 - Intel Corporation)
Intel(R) Rapid Storage Technology (x32 Version: 11.5.2.1001 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (x32 Version: 2.0.0.37149 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden
Internet Updater (x32 Version: 2.6.57 - Parallel Lines Development, LLC) <==== ATTENTION
LibreOffice 4.1.0.4 (x32 Version: 4.1.0.4 - The Document Foundation)
Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300 - Malwarebytes Corporation)
McAfee Security Scan Plus (Version: 3.8.130.10 - McAfee, Inc.)
Microsoft Office (x32 Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation)
MozBackup 1.5.1 (x32 Version: - Pavel Cvrcek)
Mozilla Firefox 26.0 (x86 de) (x32 Version: 26.0 - Mozilla)
Mozilla Maintenance Service (x32 Version: 26.0 - Mozilla)
Mozilla Thunderbird 17.0.8 (x86 de) (x32 Version: 17.0.8 - Mozilla)
Nokia Connectivity Cable Driver (Version: 7.1.32.69 - )
Online Plug-in (x32 Version: 14.0.0.91 - Citrix Systems, Inc.) Hidden
Optimizer Pro v3.2 (x32 Version: - PC Utilities Software Limited) <==== ATTENTION
PDF24 Creator 5.7.0 (x32 Version: - PDF24.org)
Premium Sound HD (Version: 1.12.6000 - DTS, Inc.)
Realtek Bluetooth Filter Driver Package (x32 Version: 12.24.2012.0802 - REALTEK Semiconductor Corp)
Realtek Bluetooth Filter Driver Package (x32 Version: 12.24.2012.0802 - REALTEK Semiconductor Corp) Hidden
Realtek Ethernet Controller Driver (x32 Version: 8.3.730.2012 - Realtek)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6794 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (x32 Version: 6.1.8400.30136 - Realtek Semiconductor Corp.)
Realtek WLAN Driver (x32 Version: 2.00.0020 - REALTEK Semiconductor Corp.)
Search Protect (x32 Version: 2.9.40.12 - Conduit) <==== ATTENTION
Self-Service Plug-in (x32 Version: 4.0.0.40674 - Citrix Systems, Inc.) Hidden
Shared C Run-time for x64 (Version: 10.0.0 - McAfee)
Synaptics Pointing Device Driver (Version: 16.3.4.0 - Synaptics Incorporated)
TOSHIBA Desktop Assist (Version: 1.00.08.6402 - Toshiba Corporation)
TOSHIBA eco Utility (Version: 2.0.0.6415 - Toshiba Corporation)
TOSHIBA Function Key (Version: 1.00.6626.6410 - Toshiba Corporation)
TOSHIBA Manuals (x32 Version: 10.10 - TOSHIBA)
TOSHIBA Password Utility (x32 Version: 2.00.973 - Toshiba Corporation)
TOSHIBA Password Utility (x32 Version: 2.00.973 - Toshiba Corporation) Hidden
TOSHIBA PC Health Monitor (Version: 1.8.17.640104 - Toshiba Corporation)
TOSHIBA Recovery Media Creator (x32 Version: 2.2.1.54043006 - Toshiba Corporation)
TOSHIBA Resolution+ Plug-in for Windows Media Player (x32 Version: 1.2.2.00 - TOSHIBA Corporation)
TOSHIBA Service Station (Version: 2.4.4 - TOSHIBA)
TOSHIBA System Driver (x32 Version: 1.00.0015 - Toshiba Corporation)
TOSHIBA System Settings (x32 Version: 1.00.0002.32002 - Toshiba Corporation)
Toshiba TEMPRO (x32 Version: 4.3.3 - Toshiba Europe GmbH)
TOSHIBA VIDEO PLAYER (Version: 5.1.0.21-A - Toshiba Corporation)
Updater (x32 Version: 2.6.53 - Creative Island Media, LLC)
Websteroids (x32 Version: 2.6.53 - Creative Island Media, LLC) <==== ATTENTION
Windows Driver Package - Realtek Semiconductor Corp. RtkBtFilter Bluetooth (07/11/2012 2.3.13.3) (Version: 07/11/2012 2.3.13.3 - Realtek Semiconductor Corp.)
==================== Restore Points =========================
17-01-2014 17:24:44 Windows Update
==================== Hosts content: ==========================
2012-07-26 06:26 - 2012-07-26 06:26 - 00000824 ____N C:\windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {0A1CB763-BDC3-40BF-87B4-F1AE0CAA5020} - System32\Tasks\Toshiba\CommonNotifier => C:\Program Files (x86)\Toshiba TEMPRO\Toshiba.Tempro.UI.CommonNotifier.exe [2013-01-04] (Toshiba Europe GmbH)
Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {1CEDC5A2-E183-4BE9-BBCB-404EA7C62650} - System32\Tasks\Microsoft\Windows\Setup\Windows Upgrade Notification Task => C:\windows\system32\NotificationUI.exe [2013-08-16] (Microsoft Corporation)
Task: {1FCD2161-F8D6-4A23-A1DF-3742FE23B9BF} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2012-11-29] (Synaptics Incorporated)
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {8260E436-41C8-4649-9C17-44C4E45025A4} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [2012-07-27] (TOSHIBA Corporation)
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {C15F0BA4-27D9-4E4F-8A09-8D5E3E97F1A7} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-10] (Adobe Systems Incorporated)
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {CEF8B262-C34A-4992-B98E-8B950462793E} - \Desk 365 RunAsStdUser No Task File
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {EE327E2B-FAFF-4880-B399-0CE2667FA2CC} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\system32\NotificationUI.exe [2013-08-16] (Microsoft Corporation)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Loaded Modules (whitelisted) =============
2013-01-29 20:09 - 2012-11-01 14:43 - 00175008 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4396.1016_x64__8wekyb3d8bbwe\ModernShared\ErrorReporting\ErrorReporting.dll
2012-10-26 00:24 - 2012-10-24 06:44 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-07-19 02:38 - 2012-07-19 02:38 - 00020904 _____ () C:\Program Files\TOSHIBA\Hotkey\SmoothView.dll
2012-07-19 02:38 - 2012-07-19 02:38 - 00049064 _____ () C:\Program Files\TOSHIBA\Hotkey\Hotkey\FnZ.dll
2012-08-14 03:13 - 2012-08-14 03:13 - 00018344 _____ () C:\Program Files\TOSHIBA\Teco\TecoMUI.dll
2013-08-28 21:16 - 2013-08-28 21:16 - 01179136 _____ () C:\windows\assembly\NativeImages_v4.0.30319_64\Windows.UI\9fbc5975a21c5638ba05f81b9febfaee\Windows.UI.ni.dll
2013-11-09 17:30 - 2013-11-09 17:30 - 00351232 _____ () C:\windows\assembly\NativeImages_v4.0.30319_64\Windows.Data\967740f7ed74ebe361d82cba59a694b2\Windows.Data.ni.dll
2013-08-28 21:16 - 2013-08-28 21:16 - 00295936 _____ () C:\windows\assembly\NativeImages_v4.0.30319_64\Windows.Foundation\14050be959443e89237e6c9136ea8e5e\Windows.Foundation.ni.dll
2013-01-29 20:09 - 2012-11-01 14:43 - 00175008 _____ () C:\Program Files\WindowsApps\microsoft.windowsphotos_16.4.4388.928_x64__8wekyb3d8bbwe\ModernShared\ErrorReporting\ErrorReporting.dll
2013-08-11 10:19 - 2013-08-13 21:14 - 00394824 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2013-05-09 17:01 - 2012-06-25 18:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2014-01-23 20:03 - 2014-01-23 20:03 - 00186496 _____ () C:\Program Files (x86)\Optimizer Pro\OptProCrashSvc.dll
2014-01-23 20:03 - 2014-01-23 20:03 - 02961368 _____ () C:\Program Files (x86)\Optimizer Pro\OptProCrash.dll
2013-12-20 18:30 - 2013-12-20 18:30 - 03559024 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
==================== Alternate Data Streams (whitelisted) =========
AlternateDataStreams: C:\ProgramData\TEMP:373E1720
==================== Safe Mode (whitelisted) ===================
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Could not start eventlog service, could not read events.
Der angeforderte Dienst wurde bereits gestartet.
Sie erhalten weitere Hilfe, wenn Sie NET HELPMSG 2182 eingeben.
==================== Memory info ===========================
Percentage of memory in use: 65%
Total physical RAM: 3979.21 MB
Available physical RAM: 1390 MB
Total Pagefile: 8075.21 MB
Available Pagefile: 4415.59 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
==================== Drives ================================
Drive c: (TI31051200A) (Fixed) (Total:286.89 GB) (Free:243.74 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 298 GB) (Disk ID: 00000000)
Partition: GPT Partition Type
==================== End Of Log ============================
|
|
25.01.2014, 13:28
| #4 |
| /// the machine /// TB-Ausbilder | Suchmasachine Bing kommt seit gestern immer bei neuem Fenster... Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
25.01.2014, 15:49
| #5 |
| | Suchmasachine Bing kommt seit gestern immer bei neuem Fenster...Code:
ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2014.01.25.08 Windows 8 x64 NTFS Internet Explorer 10.0.9200.16750 Eike Koopamann :: EIKE [Administrator] 25.01.2014 15:42:43 mbam-log-2014-01-25 (15-42-43).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 205132 Laufzeit: 4 Minute(n), 3 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter # AdwCleaner v3.017 - Bericht erstellt am 25/01/2014 um 15:33:27
# Aktualisiert 12/01/2014 von Xplode
# Betriebssystem : Windows 8 (64 bits)
# Benutzername : Eike Koopamann - EIKE
# Gestartet von : C:\Users\Eike Koopamann\Desktop\adwcleaner.exe
# Option : Löschen
***** [ Dienste ] *****
[#] Dienst Gelöscht : 70e6ca8c
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\RHelpers
Ordner Gelöscht : C:\Program Files (x86)\sweetpacks bundle uninstaller
Ordner Gelöscht : C:\Users\Eike Koopamann\AppData\Local\Searchprotect
Ordner Gelöscht : C:\Users\Eike Koopamann\AppData\Roaming\optimizer pro
Datei Gelöscht : C:\Users\Eike Koopamann\AppData\Roaming\Mozilla\Firefox\Profiles\nvxyvzwz.default\searchplugins\conduit-search.xml
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\IM
Schlüssel Gelöscht : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\DynConIE
Schlüssel Gelöscht : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gelöscht : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Schlüssel Gelöscht : HKLM\Software\SearchProtect
Daten Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll
Daten Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\OPTIMI~1\OPTPRO~2.DLL
***** [ Browser ] *****
-\\ Internet Explorer v10.0.9200.16537
-\\ Mozilla Firefox v26.0 (de)
[ Datei : C:\Users\Eike Koopamann\AppData\Roaming\Mozilla\Firefox\Profiles\nvxyvzwz.default\prefs.js ]
Zeile gelöscht : user_pref("browser.newtab.url", "hxxp://search.conduit.com/?ctid=CT3323737&octid=EB_ORIGINAL_CTID&SearchSource=69&CUI=&SSPV=&Lay=1&UM=2&UP=SPAADC6004-D67A-4068-997F-B273C887E248");
Zeile gelöscht : user_pref("browser.search.defaultenginename", "Conduit Search");
Zeile gelöscht : user_pref("browser.search.selectedEngine", "Conduit Search");
Zeile gelöscht : user_pref("extentions.webcake.installId", "51611ED4-A4D9-B305-7D4B-73E165587581");
Zeile gelöscht : user_pref("extentions.webcake.installId_backup", "51611ED4-A4D9-B305-7D4B-73E165587581");
*************************
AdwCleaner[R0].txt - [6068 octets] - [04/12/2013 17:46:29]
AdwCleaner[R1].txt - [2964 octets] - [25/01/2014 15:32:09]
AdwCleaner[R2].txt - [3024 octets] - [25/01/2014 15:32:57]
AdwCleaner[S0].txt - [5516 octets] - [04/12/2013 17:47:14]
AdwCleaner[S1].txt - [2732 octets] - [25/01/2014 15:33:27]
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [2792 octets] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.0 (01.07.2014:1)
OS: Windows 8 x64
Ran by Eike Koopamann on 25.01.2014 at 15:38:52,10
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ FireFox
Emptied folder: C:\Users\Eike Koopamann\AppData\Roaming\mozilla\firefox\profiles\nvxyvzwz.default\minidumps [7 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 25.01.2014 at 15:44:07,90
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-01-2014
Ran by Eike Koopamann (administrator) on EIKE on 25-01-2014 15:48:35
Running from C:\Users\Eike Koopamann\Downloads
Windows 8 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(IvoSoft) C:\Program Files\Classic Shell\ClassicShellService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
() C:\Program Files (x86)\TOSHIBA\Password Utility\GFNEXSrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4396.1016_x64__8wekyb3d8bbwe\LiveComm.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoResident.exe
(SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\redirector.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\Receiver\Receiver.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\Toshiba.Tempro.UI.CommonNotifier.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [] - [x]
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13261456 2012-11-29] (Realtek Semiconductor)
HKLM\...\Run: [TCrdMain] - C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2565544 2012-10-31] ()
HKLM\...\Run: [TODDMain] - C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe [213136 2012-08-04] ()
HKLM\...\Run: [TecoResident] - C:\Program Files\TOSHIBA\Teco\TecoResident.exe [169896 2012-08-14] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] - C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [356776 2012-07-11] (TOSHIBA Corporation)
HKLM\...\Run: [SRS Premium Sound HD] - C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe [2172816 2012-10-22] (SRS Labs, Inc.)
HKLM-x32\...\Run: [Intel AppUp(R) center] - C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [156000 2012-12-18] (Intel Corporation)
HKLM-x32\...\Run: [TPUReg] - C:\Program Files (x86)\TOSHIBA\Password Utility\TosPU.exe [7152640 2012-12-05] (Pegatron Corporation)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [684600 2013-12-19] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [PDFPrint] - C:\Program Files (x86)\PDF24\pdf24.exe [162856 2013-07-22] (Geek Software GmbH)
HKLM-x32\...\Run: [CitrixReceiver] - "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk"
HKLM-x32\...\Run: [ConnectionCenter] - C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [395656 2013-06-14] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [Redirector] - C:\Program Files (x86)\Citrix\ICA Client\redirector.exe [153992 2013-06-14] (Citrix Systems, Inc.)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
MountPoints2: {29bedb58-8051-11e3-be94-24fd5215b36f} - "E:\Startme.exe"
==================== Internet (Whitelisted) ====================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKLM - {92DBA33B-89A9-4441-965D-BE7A8C1BC452} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MATMJS
SearchScopes: HKLM-x32 - {92DBA33B-89A9-4441-965D-BE7A8C1BC452} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MATMJS
SearchScopes: HKCU - {92DBA33B-89A9-4441-965D-BE7A8C1BC452} URL =
BHO: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
BHO: ClassicIE9BHO Class - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIE9DLL_64.dll (IvoSoft)
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
BHO-x32: ClassicIE9BHO Class - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIE9DLL_32.dll (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Eike Koopamann\AppData\Roaming\Mozilla\Firefox\Profiles\nvxyvzwz.default
FF SearchEngineOrder.1: Google
FF Homepage: www.google.de
FF Keyword.URL: hxxp://www.google.com/search?ie=UTF-8&oe=utf-8&q=
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @Citrix.com/npican - C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Websteroids - C:\Users\Eike Koopamann\AppData\Roaming\Mozilla\Firefox\Profiles\nvxyvzwz.default\Extensions\support@websteroidsapp.com [2014-01-23]
FF Extension: Adblock Plus - C:\Users\Eike Koopamann\AppData\Roaming\Mozilla\Firefox\Profiles\nvxyvzwz.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-08-11]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
==================== Services (Whitelisted) =================
U2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376 2013-12-19] (Avira Operations GmbH & Co. KG)
U2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376 2013-11-25] (Avira Operations GmbH & Co. KG)
U4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1011768 2013-12-19] (Avira Operations GmbH & Co. KG)
U2 ClassicShellService; C:\Program Files\Classic Shell\ClassicShellService.exe [68608 2013-06-29] (IvoSoft)
U2 GFNEXSrv; C:\Program Files (x86)\TOSHIBA\Password Utility\GFNEXSrv.exe [156672 2011-10-13] ()
U2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)
U2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
U2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
U2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
U3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [288776 2013-09-06] (McAfee, Inc.)
U2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [201872 2012-12-05] (Realtek Semiconductor)
U3 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [116240 2013-01-04] (Toshiba Europe GmbH)
U3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-07-02] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
U2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-19] (Avira Operations GmbH & Co. KG)
U1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [131576 2013-12-19] (Avira Operations GmbH & Co. KG)
U1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2013-11-25] (Avira Operations GmbH & Co. KG)
U2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [84720 2013-12-19] (Avira Operations GmbH & Co. KG)
U3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
U3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
U2 PEGAGFN; C:\Program Files (x86)\TOSHIBA\Password Utility\PEGAGFN.sys [14344 2009-09-11] (PEGATRON)
U3 RtkBtFilter; C:\Windows\system32\DRIVERS\RtkBtfilter.sys [24208 2012-07-11] (Realtek Microelectronics)
U3 RTL8192Ce; C:\Windows\system32\DRIVERS\rtwlane.sys [1498256 2012-08-29] (Realtek Semiconductor Corporation )
U3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [1498256 2012-08-29] (Realtek Semiconductor Corporation )
U3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [31032 2012-11-29] (Synaptics Incorporated)
U3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [28632 2012-07-31] (Windows (R) Win 7 DDK provider)
U3 WUDFWpdComp; C:\Windows\system32\DRIVERS\WUDFRd.sys [198656 2012-07-26] (Microsoft Corporation)
U4 esgiguard;
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-01-25 15:44 - 2014-01-25 15:44 - 00000890 _____ C:\Users\Eike Koopamann\Desktop\JRT.txt
2014-01-25 15:37 - 2014-01-25 15:37 - 01037068 _____ (Thisisu) C:\Users\Eike Koopamann\Desktop\JRT.exe
2014-01-25 15:30 - 2014-01-25 15:30 - 01236282 _____ C:\Users\Eike Koopamann\Desktop\adwcleaner.exe
2014-01-25 15:14 - 2014-01-25 15:14 - 00001084 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-01-25 15:12 - 2014-01-25 15:12 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Eike Koopamann\Downloads\mbam-setup-1.75.0.1300(1).exe
2014-01-24 20:48 - 2014-01-24 20:49 - 00011495 _____ C:\Users\Eike Koopamann\Downloads\Addition.txt
2014-01-24 20:45 - 2014-01-25 15:48 - 00017401 _____ C:\Users\Eike Koopamann\Downloads\FRST.txt
2014-01-24 20:44 - 2014-01-24 20:44 - 02077696 _____ (Farbar) C:\Users\Eike Koopamann\Downloads\FRST64.exe
2014-01-23 20:04 - 2014-01-23 20:04 - 00000000 ____D C:\Users\Eike Koopamann\AppData\Roaming\ICAClient
2014-01-23 20:03 - 2014-01-23 20:06 - 00000000 ____D C:\Users\Eike Koopamann\AppData\Local\Citrix
2014-01-23 20:03 - 2014-01-23 20:04 - 00000000 ____D C:\ProgramData\Citrix
2014-01-23 20:03 - 2014-01-23 20:04 - 00000000 ____D C:\Program Files (x86)\Citrix
2014-01-23 20:02 - 2014-01-25 15:26 - 00000000 ____D C:\ProgramData\Updater
2014-01-23 20:01 - 2014-01-23 20:01 - 00000000 ____D C:\Users\Eike Koopamann\Downloads\Citrix_Receiver_TSV126G03
2014-01-19 19:23 - 2014-01-19 19:23 - 00000000 ____D C:\Users\Eike Koopamann\AppData\Roaming\sMedio
2014-01-18 10:06 - 2013-12-07 07:37 - 00688640 _____ (Microsoft Corporation) C:\windows\system32\WSShared.dll
2014-01-18 10:06 - 2013-12-07 07:37 - 00163840 _____ (Microsoft Corporation) C:\windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-01-18 10:06 - 2013-12-07 06:15 - 00562688 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSShared.dll
2014-01-18 10:06 - 2013-12-07 06:15 - 00124928 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-01-15 18:29 - 2013-10-31 06:56 - 00915968 _____ (Microsoft Corporation) C:\windows\system32\MPSSVC.dll
2014-01-15 18:29 - 2013-10-31 06:56 - 00758784 _____ (Microsoft Corporation) C:\windows\system32\FirewallAPI.dll
2014-01-15 18:29 - 2013-10-31 05:01 - 00550400 _____ (Microsoft Corporation) C:\windows\SysWOW64\FirewallAPI.dll
2014-01-15 18:29 - 2013-10-31 04:42 - 00074752 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mpsdrv.sys
2014-01-15 18:29 - 2013-10-28 06:50 - 00588288 _____ (Microsoft Corporation) C:\windows\system32\SHCore.dll
2014-01-15 18:29 - 2013-10-28 05:05 - 00452608 _____ (Microsoft Corporation) C:\windows\SysWOW64\SHCore.dll
2014-01-15 18:29 - 2013-10-13 21:49 - 00100696 _____ (Microsoft Corporation) C:\windows\system32\Drivers\disk.sys
2014-01-15 18:29 - 2013-08-27 06:21 - 00227840 _____ (Microsoft Corporation) C:\windows\system32\WebClnt.dll
2014-01-15 18:29 - 2013-08-27 06:19 - 00104448 _____ (Microsoft Corporation) C:\windows\system32\davclnt.dll
2014-01-15 18:29 - 2013-08-26 23:29 - 00199168 _____ (Microsoft Corporation) C:\windows\SysWOW64\WebClnt.dll
2014-01-15 18:29 - 2013-08-26 23:28 - 00086016 _____ (Microsoft Corporation) C:\windows\SysWOW64\davclnt.dll
2013-12-29 23:06 - 2013-12-29 23:06 - 479824446 _____ C:\windows\MEMORY.DMP
2013-12-29 23:06 - 2013-12-29 23:06 - 00285920 _____ C:\windows\Minidump\122913-18671-01.dmp
2013-12-29 23:06 - 2013-12-29 23:06 - 00000000 ____D C:\windows\Minidump
2013-12-28 23:46 - 2013-12-28 23:46 - 00329024 _____ C:\windows\system32\FNTCACHE.DAT
==================== One Month Modified Files and Folders =======
2014-01-25 15:48 - 2014-01-24 20:45 - 00017401 _____ C:\Users\Eike Koopamann\Downloads\FRST.txt
2014-01-25 15:44 - 2014-01-25 15:44 - 00000890 _____ C:\Users\Eike Koopamann\Desktop\JRT.txt
2014-01-25 15:43 - 2013-08-16 15:07 - 00000884 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2014-01-25 15:37 - 2014-01-25 15:37 - 01037068 _____ (Thisisu) C:\Users\Eike Koopamann\Desktop\JRT.exe
2014-01-25 15:34 - 2012-07-26 08:22 - 00000006 ____H C:\windows\Tasks\SA.DAT
2014-01-25 15:33 - 2013-12-04 17:45 - 00000000 ____D C:\AdwCleaner
2014-01-25 15:30 - 2014-01-25 15:30 - 01236282 _____ C:\Users\Eike Koopamann\Desktop\adwcleaner.exe
2014-01-25 15:26 - 2014-01-23 20:02 - 00000000 ____D C:\ProgramData\Updater
2014-01-25 15:26 - 2013-08-11 17:48 - 02035537 _____ C:\windows\WindowsUpdate.log
2014-01-25 15:26 - 2013-01-30 03:47 - 00063406 _____ C:\windows\PFRO.log
2014-01-25 15:26 - 2012-07-26 06:26 - 00262144 ___SH C:\windows\system32\config\BBI
2014-01-25 15:14 - 2014-01-25 15:14 - 00001084 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-01-25 15:14 - 2013-11-08 17:56 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-25 15:12 - 2014-01-25 15:12 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Eike Koopamann\Downloads\mbam-setup-1.75.0.1300(1).exe
2014-01-25 15:12 - 2012-07-26 09:12 - 00000000 ____D C:\windows\system32\sru
2014-01-24 20:49 - 2014-01-24 20:48 - 00011495 _____ C:\Users\Eike Koopamann\Downloads\Addition.txt
2014-01-24 20:44 - 2014-01-24 20:44 - 02077696 _____ (Farbar) C:\Users\Eike Koopamann\Downloads\FRST64.exe
2014-01-23 20:06 - 2014-01-23 20:03 - 00000000 ____D C:\Users\Eike Koopamann\AppData\Local\Citrix
2014-01-23 20:04 - 2014-01-23 20:04 - 00000000 ____D C:\Users\Eike Koopamann\AppData\Roaming\ICAClient
2014-01-23 20:04 - 2014-01-23 20:03 - 00000000 ____D C:\ProgramData\Citrix
2014-01-23 20:04 - 2014-01-23 20:03 - 00000000 ____D C:\Program Files (x86)\Citrix
2014-01-23 20:01 - 2014-01-23 20:01 - 00000000 ____D C:\Users\Eike Koopamann\Downloads\Citrix_Receiver_TSV126G03
2014-01-19 19:23 - 2014-01-19 19:23 - 00000000 ____D C:\Users\Eike Koopamann\AppData\Roaming\sMedio
2014-01-19 19:21 - 2012-07-26 08:21 - 00029633 _____ C:\windows\setupact.log
2014-01-18 15:58 - 2013-08-18 20:50 - 00000000 ____D C:\windows\system32\MRT
2014-01-18 15:58 - 2012-07-26 09:12 - 00000000 ____D C:\windows\WinStore
2014-01-18 15:56 - 2013-08-18 20:50 - 86054176 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-01-13 21:03 - 2012-07-26 09:12 - 00000000 ____D C:\windows\AUInstallAgent
2014-01-10 20:43 - 2012-08-01 17:55 - 00780976 _____ C:\windows\system32\perfh010.dat
2014-01-10 20:43 - 2012-08-01 17:55 - 00152608 _____ C:\windows\system32\perfc010.dat
2014-01-10 20:43 - 2012-08-01 17:38 - 00753134 _____ C:\windows\system32\perfh007.dat
2014-01-10 20:43 - 2012-08-01 17:38 - 00155826 _____ C:\windows\system32\perfc007.dat
2014-01-10 20:43 - 2012-07-26 08:28 - 02679026 _____ C:\windows\system32\PerfStringBackup.INI
2014-01-09 09:02 - 2013-11-19 21:21 - 00694240 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-01-09 09:02 - 2013-11-19 21:21 - 00078296 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-12-29 23:06 - 2013-12-29 23:06 - 479824446 _____ C:\windows\MEMORY.DMP
2013-12-29 23:06 - 2013-12-29 23:06 - 00285920 _____ C:\windows\Minidump\122913-18671-01.dmp
2013-12-29 23:06 - 2013-12-29 23:06 - 00000000 ____D C:\windows\Minidump
2013-12-28 23:46 - 2013-12-28 23:46 - 00329024 _____ C:\windows\system32\FNTCACHE.DAT
2013-12-28 23:46 - 2013-08-11 18:03 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-12-28 23:44 - 2012-07-26 06:38 - 00000000 ____D C:\windows\system32\oobe
Some content of TEMP:
====================
C:\Users\Eike Koopamann\AppData\Local\Temp\avgnt.exe
C:\Users\Eike Koopamann\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-01-19 15:29
==================== End Of Log ============================
|
|
26.01.2014, 07:26
| #6 |
| /// the machine /// TB-Ausbilder | Suchmasachine Bing kommt seit gestern immer bei neuem Fenster...ESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme? 
__________________ --> Suchmasachine Bing kommt seit gestern immer bei neuem Fenster... |
|
26.01.2014, 11:37
| #7 |
| | Suchmasachine Bing kommt seit gestern immer bei neuem Fenster...Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=cfd0e1f5f6c872488d66e365b74a5b96
# engine=16799
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-01-26 10:27:41
# local_time=2014-01-26 11:27:41 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.2.9200 NT
# compatibility_mode=1799 16775165 100 96 75303 161406966 68073 0
# compatibility_mode=5893 16776574 100 94 4558302 37628482 0 0
# scanned=181021
# found=3
# cleaned=0
# scan_time=3453
sh=42BE14A1364480B439C0FC2592A4BB86E04F4219 ft=1 fh=23eba6a0d8026998 vn="probably a variant of Win32/Adware.Yontoo.A application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Betcat\WebCakeIEClient.dll.vir"
sh=759D415B53185628CA25492523A5B2BC7E562D4A ft=1 fh=2db2a80633ac8466 vn="probably a variant of Win32/Adware.Yontoo.B application" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\Tarma Installer\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}\_Setupx.dll.vir"
sh=96C0D8FAE0FA351F8ED8FFAAE02A7D6EB4BAD4AD ft=0 fh=0000000000000000 vn="JS/Adware.Yontoo.C application" ac=I fn="C:\FRST\Quarantine\plugins@getwebcake.com.xpi"
Code:
ATTFilter Results of screen317's Security Check version 0.99.79 x64 (UAC is enabled) Internet Explorer 10 Out of date! ``````````````Antivirus/Firewall Check:`````````````` Windows Defender Avira Desktop Antivirus up to date! (On Access scanning disabled!) `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware Version 1.75.0.1300 Adobe Flash Player 11.9.900.170 Mozilla Firefox (26.0) Mozilla Thunderbird (17.0.8) ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe Avira Antivir avgnt.exe Avira Antivir avguard.exe Malwarebytes' Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: % ````````````````````End of Log`````````````````````` FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-01-2014 01
Ran by Eike Koopamann (administrator) on EIKE on 26-01-2014 11:36:31
Running from C:\Users\Eike Koopamann\Downloads
Windows 8 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(IvoSoft) C:\Program Files\Classic Shell\ClassicShellService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
() C:\Program Files (x86)\TOSHIBA\Password Utility\GFNEXSrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4396.1016_x64__8wekyb3d8bbwe\LiveComm.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoResident.exe
(SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\redirector.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\Receiver\Receiver.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\Toshiba.Tempro.UI.CommonNotifier.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowsphotos_16.4.4388.928_x64__8wekyb3d8bbwe\LiveComm.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [] - [x]
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13261456 2012-11-29] (Realtek Semiconductor)
HKLM\...\Run: [TCrdMain] - C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2565544 2012-10-31] ()
HKLM\...\Run: [TODDMain] - C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe [213136 2012-08-04] ()
HKLM\...\Run: [TecoResident] - C:\Program Files\TOSHIBA\Teco\TecoResident.exe [169896 2012-08-14] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] - C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [356776 2012-07-11] (TOSHIBA Corporation)
HKLM\...\Run: [SRS Premium Sound HD] - C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe [2172816 2012-10-22] (SRS Labs, Inc.)
HKLM-x32\...\Run: [Intel AppUp(R) center] - C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [156000 2012-12-18] (Intel Corporation)
HKLM-x32\...\Run: [TPUReg] - C:\Program Files (x86)\TOSHIBA\Password Utility\TosPU.exe [7152640 2012-12-05] (Pegatron Corporation)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [684600 2013-12-19] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [PDFPrint] - C:\Program Files (x86)\PDF24\pdf24.exe [162856 2013-07-22] (Geek Software GmbH)
HKLM-x32\...\Run: [CitrixReceiver] - "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk"
HKLM-x32\...\Run: [ConnectionCenter] - C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [395656 2013-06-14] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [Redirector] - C:\Program Files (x86)\Citrix\ICA Client\redirector.exe [153992 2013-06-14] (Citrix Systems, Inc.)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
MountPoints2: {29bedb58-8051-11e3-be94-24fd5215b36f} - "E:\Startme.exe"
==================== Internet (Whitelisted) ====================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKLM - {92DBA33B-89A9-4441-965D-BE7A8C1BC452} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MATMJS
SearchScopes: HKLM-x32 - {92DBA33B-89A9-4441-965D-BE7A8C1BC452} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MATMJS
SearchScopes: HKCU - DefaultScope {92DBA33B-89A9-4441-965D-BE7A8C1BC452} URL =
SearchScopes: HKCU - {92DBA33B-89A9-4441-965D-BE7A8C1BC452} URL =
BHO: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
BHO: ClassicIE9BHO Class - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIE9DLL_64.dll (IvoSoft)
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
BHO-x32: ClassicIE9BHO Class - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIE9DLL_32.dll (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Eike Koopamann\AppData\Roaming\Mozilla\Firefox\Profiles\nvxyvzwz.default
FF SearchEngineOrder.1: Google
FF Homepage: www.google.de
FF Keyword.URL: hxxp://www.google.com/search?ie=UTF-8&oe=utf-8&q=
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @Citrix.com/npican - C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Websteroids - C:\Users\Eike Koopamann\AppData\Roaming\Mozilla\Firefox\Profiles\nvxyvzwz.default\Extensions\support@websteroidsapp.com [2014-01-23]
FF Extension: Adblock Plus - C:\Users\Eike Koopamann\AppData\Roaming\Mozilla\Firefox\Profiles\nvxyvzwz.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-08-11]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
==================== Services (Whitelisted) =================
U2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376 2013-12-19] (Avira Operations GmbH & Co. KG)
U2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376 2013-11-25] (Avira Operations GmbH & Co. KG)
U4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1011768 2013-12-19] (Avira Operations GmbH & Co. KG)
U2 ClassicShellService; C:\Program Files\Classic Shell\ClassicShellService.exe [68608 2013-06-29] (IvoSoft)
U2 GFNEXSrv; C:\Program Files (x86)\TOSHIBA\Password Utility\GFNEXSrv.exe [156672 2011-10-13] ()
U2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)
U2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
U2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
U2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
U3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [288776 2013-09-06] (McAfee, Inc.)
U2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [201872 2012-12-05] (Realtek Semiconductor)
U3 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [116240 2013-01-04] (Toshiba Europe GmbH)
U3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-07-02] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
U2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-19] (Avira Operations GmbH & Co. KG)
U1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [131576 2013-12-19] (Avira Operations GmbH & Co. KG)
U1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2013-11-25] (Avira Operations GmbH & Co. KG)
U2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [84720 2013-12-19] (Avira Operations GmbH & Co. KG)
U3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
U3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
U2 PEGAGFN; C:\Program Files (x86)\TOSHIBA\Password Utility\PEGAGFN.sys [14344 2009-09-11] (PEGATRON)
U3 RtkBtFilter; C:\Windows\system32\DRIVERS\RtkBtfilter.sys [24208 2012-07-11] (Realtek Microelectronics)
U3 RTL8192Ce; C:\Windows\system32\DRIVERS\rtwlane.sys [1498256 2012-08-29] (Realtek Semiconductor Corporation )
U3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [1498256 2012-08-29] (Realtek Semiconductor Corporation )
U3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [31032 2012-11-29] (Synaptics Incorporated)
U3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [28632 2012-07-31] (Windows (R) Win 7 DDK provider)
U3 WUDFWpdComp; C:\Windows\system32\DRIVERS\WUDFRd.sys [198656 2012-07-26] (Microsoft Corporation)
U4 esgiguard;
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-01-26 11:36 - 2014-01-26 11:36 - 00000000 ____D C:\Users\Eike Koopamann\Downloads\FRST-OlderVersion
2014-01-26 11:33 - 2014-01-26 11:33 - 00987425 _____ C:\Users\Eike Koopamann\Desktop\SecurityCheck.exe
2014-01-26 10:25 - 2014-01-26 10:25 - 02347384 _____ (ESET) C:\Users\Eike Koopamann\Downloads\esetsmartinstaller_enu(1).exe
2014-01-26 10:24 - 2014-01-26 10:25 - 02347384 _____ (ESET) C:\Users\Eike Koopamann\Downloads\esetsmartinstaller_enu.exe
2014-01-25 15:44 - 2014-01-25 15:44 - 00000890 _____ C:\Users\Eike Koopamann\Desktop\JRT.txt
2014-01-25 15:37 - 2014-01-25 15:37 - 01037068 _____ (Thisisu) C:\Users\Eike Koopamann\Desktop\JRT.exe
2014-01-25 15:30 - 2014-01-25 15:30 - 01236282 _____ C:\Users\Eike Koopamann\Desktop\adwcleaner.exe
2014-01-25 15:14 - 2014-01-25 15:14 - 00001084 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-01-25 15:12 - 2014-01-25 15:12 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Eike Koopamann\Downloads\mbam-setup-1.75.0.1300(1).exe
2014-01-24 20:48 - 2014-01-24 20:49 - 00011495 _____ C:\Users\Eike Koopamann\Downloads\Addition.txt
2014-01-24 20:45 - 2014-01-26 11:36 - 00017666 _____ C:\Users\Eike Koopamann\Downloads\FRST.txt
2014-01-24 20:44 - 2014-01-26 11:36 - 02078208 _____ (Farbar) C:\Users\Eike Koopamann\Downloads\FRST64.exe
2014-01-23 20:04 - 2014-01-23 20:04 - 00000000 ____D C:\Users\Eike Koopamann\AppData\Roaming\ICAClient
2014-01-23 20:03 - 2014-01-23 20:06 - 00000000 ____D C:\Users\Eike Koopamann\AppData\Local\Citrix
2014-01-23 20:03 - 2014-01-23 20:04 - 00000000 ____D C:\ProgramData\Citrix
2014-01-23 20:03 - 2014-01-23 20:04 - 00000000 ____D C:\Program Files (x86)\Citrix
2014-01-23 20:02 - 2014-01-25 15:26 - 00000000 ____D C:\ProgramData\Updater
2014-01-19 19:23 - 2014-01-19 19:23 - 00000000 ____D C:\Users\Eike Koopamann\AppData\Roaming\sMedio
2014-01-18 10:06 - 2013-12-07 07:37 - 00688640 _____ (Microsoft Corporation) C:\windows\system32\WSShared.dll
2014-01-18 10:06 - 2013-12-07 07:37 - 00163840 _____ (Microsoft Corporation) C:\windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-01-18 10:06 - 2013-12-07 06:15 - 00562688 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSShared.dll
2014-01-18 10:06 - 2013-12-07 06:15 - 00124928 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-01-15 18:29 - 2013-10-31 06:56 - 00915968 _____ (Microsoft Corporation) C:\windows\system32\MPSSVC.dll
2014-01-15 18:29 - 2013-10-31 06:56 - 00758784 _____ (Microsoft Corporation) C:\windows\system32\FirewallAPI.dll
2014-01-15 18:29 - 2013-10-31 05:01 - 00550400 _____ (Microsoft Corporation) C:\windows\SysWOW64\FirewallAPI.dll
2014-01-15 18:29 - 2013-10-31 04:42 - 00074752 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mpsdrv.sys
2014-01-15 18:29 - 2013-10-28 06:50 - 00588288 _____ (Microsoft Corporation) C:\windows\system32\SHCore.dll
2014-01-15 18:29 - 2013-10-28 05:05 - 00452608 _____ (Microsoft Corporation) C:\windows\SysWOW64\SHCore.dll
2014-01-15 18:29 - 2013-10-13 21:49 - 00100696 _____ (Microsoft Corporation) C:\windows\system32\Drivers\disk.sys
2014-01-15 18:29 - 2013-08-27 06:21 - 00227840 _____ (Microsoft Corporation) C:\windows\system32\WebClnt.dll
2014-01-15 18:29 - 2013-08-27 06:19 - 00104448 _____ (Microsoft Corporation) C:\windows\system32\davclnt.dll
2014-01-15 18:29 - 2013-08-26 23:29 - 00199168 _____ (Microsoft Corporation) C:\windows\SysWOW64\WebClnt.dll
2014-01-15 18:29 - 2013-08-26 23:28 - 00086016 _____ (Microsoft Corporation) C:\windows\SysWOW64\davclnt.dll
2013-12-29 23:06 - 2013-12-29 23:06 - 479824446 _____ C:\windows\MEMORY.DMP
2013-12-29 23:06 - 2013-12-29 23:06 - 00285920 _____ C:\windows\Minidump\122913-18671-01.dmp
2013-12-29 23:06 - 2013-12-29 23:06 - 00000000 ____D C:\windows\Minidump
2013-12-28 23:46 - 2013-12-28 23:46 - 00329024 _____ C:\windows\system32\FNTCACHE.DAT
==================== One Month Modified Files and Folders =======
2014-01-26 11:36 - 2014-01-26 11:36 - 00000000 ____D C:\Users\Eike Koopamann\Downloads\FRST-OlderVersion
2014-01-26 11:36 - 2014-01-24 20:45 - 00017666 _____ C:\Users\Eike Koopamann\Downloads\FRST.txt
2014-01-26 11:36 - 2014-01-24 20:44 - 02078208 _____ (Farbar) C:\Users\Eike Koopamann\Downloads\FRST64.exe
2014-01-26 11:36 - 2013-12-03 23:28 - 00000000 ____D C:\FRST
2014-01-26 11:33 - 2014-01-26 11:33 - 00987425 _____ C:\Users\Eike Koopamann\Desktop\SecurityCheck.exe
2014-01-26 11:00 - 2012-07-26 09:12 - 00000000 ____D C:\windows\system32\sru
2014-01-26 10:43 - 2013-08-16 15:07 - 00000884 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2014-01-26 10:32 - 2013-08-11 17:48 - 02077813 _____ C:\windows\WindowsUpdate.log
2014-01-26 10:25 - 2014-01-26 10:25 - 02347384 _____ (ESET) C:\Users\Eike Koopamann\Downloads\esetsmartinstaller_enu(1).exe
2014-01-26 10:25 - 2014-01-26 10:24 - 02347384 _____ (ESET) C:\Users\Eike Koopamann\Downloads\esetsmartinstaller_enu.exe
2014-01-25 15:44 - 2014-01-25 15:44 - 00000890 _____ C:\Users\Eike Koopamann\Desktop\JRT.txt
2014-01-25 15:37 - 2014-01-25 15:37 - 01037068 _____ (Thisisu) C:\Users\Eike Koopamann\Desktop\JRT.exe
2014-01-25 15:34 - 2012-07-26 08:22 - 00000006 ____H C:\windows\Tasks\SA.DAT
2014-01-25 15:33 - 2013-12-04 17:45 - 00000000 ____D C:\AdwCleaner
2014-01-25 15:30 - 2014-01-25 15:30 - 01236282 _____ C:\Users\Eike Koopamann\Desktop\adwcleaner.exe
2014-01-25 15:26 - 2014-01-23 20:02 - 00000000 ____D C:\ProgramData\Updater
2014-01-25 15:26 - 2013-01-30 03:47 - 00063406 _____ C:\windows\PFRO.log
2014-01-25 15:26 - 2012-07-26 06:26 - 00262144 ___SH C:\windows\system32\config\BBI
2014-01-25 15:14 - 2014-01-25 15:14 - 00001084 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-01-25 15:14 - 2013-11-08 17:56 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-25 15:12 - 2014-01-25 15:12 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Eike Koopamann\Downloads\mbam-setup-1.75.0.1300(1).exe
2014-01-24 20:49 - 2014-01-24 20:48 - 00011495 _____ C:\Users\Eike Koopamann\Downloads\Addition.txt
2014-01-23 20:06 - 2014-01-23 20:03 - 00000000 ____D C:\Users\Eike Koopamann\AppData\Local\Citrix
2014-01-23 20:04 - 2014-01-23 20:04 - 00000000 ____D C:\Users\Eike Koopamann\AppData\Roaming\ICAClient
2014-01-23 20:04 - 2014-01-23 20:03 - 00000000 ____D C:\ProgramData\Citrix
2014-01-23 20:04 - 2014-01-23 20:03 - 00000000 ____D C:\Program Files (x86)\Citrix
2014-01-19 19:23 - 2014-01-19 19:23 - 00000000 ____D C:\Users\Eike Koopamann\AppData\Roaming\sMedio
2014-01-19 19:21 - 2012-07-26 08:21 - 00029633 _____ C:\windows\setupact.log
2014-01-18 15:58 - 2013-08-18 20:50 - 00000000 ____D C:\windows\system32\MRT
2014-01-18 15:58 - 2012-07-26 09:12 - 00000000 ____D C:\windows\WinStore
2014-01-18 15:56 - 2013-08-18 20:50 - 86054176 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-01-13 21:03 - 2012-07-26 09:12 - 00000000 ____D C:\windows\AUInstallAgent
2014-01-10 20:43 - 2012-08-01 17:55 - 00780976 _____ C:\windows\system32\perfh010.dat
2014-01-10 20:43 - 2012-08-01 17:55 - 00152608 _____ C:\windows\system32\perfc010.dat
2014-01-10 20:43 - 2012-08-01 17:38 - 00753134 _____ C:\windows\system32\perfh007.dat
2014-01-10 20:43 - 2012-08-01 17:38 - 00155826 _____ C:\windows\system32\perfc007.dat
2014-01-10 20:43 - 2012-07-26 08:28 - 02679026 _____ C:\windows\system32\PerfStringBackup.INI
2014-01-09 09:02 - 2013-11-19 21:21 - 00694240 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-01-09 09:02 - 2013-11-19 21:21 - 00078296 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-12-29 23:06 - 2013-12-29 23:06 - 479824446 _____ C:\windows\MEMORY.DMP
2013-12-29 23:06 - 2013-12-29 23:06 - 00285920 _____ C:\windows\Minidump\122913-18671-01.dmp
2013-12-29 23:06 - 2013-12-29 23:06 - 00000000 ____D C:\windows\Minidump
2013-12-28 23:46 - 2013-12-28 23:46 - 00329024 _____ C:\windows\system32\FNTCACHE.DAT
2013-12-28 23:46 - 2013-08-11 18:03 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-12-28 23:44 - 2012-07-26 06:38 - 00000000 ____D C:\windows\system32\oobe
Some content of TEMP:
====================
C:\Users\Eike Koopamann\AppData\Local\Temp\avgnt.exe
C:\Users\Eike Koopamann\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-01-19 15:29
==================== End Of Log ============================
--- --- --- Ich habe jetzt noch das Problem, dass ich teilweise Wörter unterstrichen habe und sich ein Linkfesnster öffnen, wenn ich mit der Maus hingehe. Das Bing-Fenster scheint weg zu sein. Geändert von dreizwonull (26.01.2014 um 11:46 Uhr) |
|
27.01.2014, 08:36
| #8 |
| /// the machine /// TB-Ausbilder | Suchmasachine Bing kommt seit gestern immer bei neuem Fenster... in welchem Browser?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
27.01.2014, 12:39
| #9 |
| | Suchmasachine Bing kommt seit gestern immer bei neuem Fenster... Firefox... |
|
28.01.2014, 10:39
| #10 |
| /// the machine /// TB-Ausbilder | Suchmasachine Bing kommt seit gestern immer bei neuem Fenster... Revo Uninstaller - Download - Filepony damit Firefox deinstallieren, keine Daten behalten, Reste entfernen lassen, neu installieren. Dann: https://support.mozilla.org/de/kb/fi...einfach-loesen
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
28.01.2014, 16:37
| #11 |
| | Suchmasachine Bing kommt seit gestern immer bei neuem Fenster... Hm, scheint alles sauber zu sein. Danke! |
|
29.01.2014, 10:53
| #12 |
| /// the machine /// TB-Ausbilder | Suchmasachine Bing kommt seit gestern immer bei neuem Fenster... Fertig Die Reihenfolge ist hier entscheidend.
Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
29.01.2014, 17:52
| #13 |
| | Suchmasachine Bing kommt seit gestern immer bei neuem Fenster... Danke, Schrauber. Thema kann von mir auis geschlossen werden! |
|
30.01.2014, 16:04
| #14 |
| /// the machine /// TB-Ausbilder | Suchmasachine Bing kommt seit gestern immer bei neuem Fenster... Gern Geschehen
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu Suchmasachine Bing kommt seit gestern immer bei neuem Fenster... |
| gestern, heute, js/adware.yontoo.c, leute, neue, neuem, neuen, ungewollt, win32/adware.yontoo.a, win32/adware.yontoo.b, öffnen |
Linear-Darstellung
