| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Search Protect - Conduit kann nicht deinstalliert werdenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
26.01.2014, 11:22
| #1 |
 |  Search Protect - Conduit kann nicht deinstalliert werden Hallo liebe Trojaner Jäger, seit ein paar Tagen habe ich das Problem, das mein Laptop mit Windows 7 ( 64 Bit ) recht lahm geworden ist. Ich dachte erst, es liegt am Laptop. Dann mal gegooglt und habe was von diesem "Search Protect" gelesen. Danach mal in die Systemsteuerung geschaut und siehe da, es taucht auch bei mir in der Liste unter "Programm zu deinstallieren" auf. Nun würde ich diesen Mist gerne weg bekommen, aber ich glaube da benötige ich erfahren Hilfe und wende mich mit einer Bitte mir zu helfen, an Euch und hoffe, das es daran liegt und Ihr mir hier helfen könnt. Gruß Shorti |
|
26.01.2014, 13:10
| #2 |
| /// the machine /// TB-Ausbilder    | Search Protect - Conduit kann nicht deinstalliert werden hi,
__________________Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
|
27.01.2014, 15:42
| #3 |
| | Search Protect - Conduit kann nicht deinstalliert werden OK, werde ich durchführen...
__________________FRST Logfile: FRST Logfile: FRST Logfile: FRST Logfile: FRST Logfile: FRST Logfile: FRST Logfile: FRST Logfile: FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-01-2014 01
Ran by User (administrator) on XXX on 26-01-2014 13:23:22
Running from C:\Users\User\Downloads\Trojaner Board
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Sanford, L.P.) C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
( ) C:\Program Files\Autodesk\Inventor 2013\Moldflow\bin\mitsijm.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\SmoothView\SmoothView.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TECO\Teco.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\ReelTime\TosReelTimeMonitor.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe
(Autodesk, Inc.) C:\Program Files\Autodesk\Inventor 2014\Moldflow\bin\mitsijm.exe
() C:\Program Files\Toshiba\FlashCards\Hotkey\TCrdKBB.exe
(Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe
(Toshiba Europe GmbH) C:\Program Files\Toshiba\Registration\ToshibaReminder.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
(Microsoft Corporation) C:\Users\User\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Nero AG) C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Akamai Technologies, Inc.) C:\Users\User\AppData\Local\Akamai\netsession_win.exe
(Autodesk, Inc.) C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe
(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtMng.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
(Dropbox, Inc.) C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Conduit) C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe
(Akamai Technologies, Inc.) C:\Users\User\AppData\Local\Akamai\netsession_win.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TECO\TecoService.exe
(Conduit) C:\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe
(Conduit) C:\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe
(AVM Berlin) C:\Users\User\AppData\Local\Apps\2.0\CYN3ZPHY.T37\4J0RP2L5.DLH\frit..tion_8488884cfbcefd60_0002.0003_f406d43803d5433d\fritzbox-usb-fernanschluss.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TPHM\TPCHWMsg.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosA2dp.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtHid.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TRCMan\TRCMan.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtHSP.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(Ask) C:\Program Files (x86)\Ask.com\Updater\Updater.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
(InterVideo) C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\agent.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [TPwrMain] - C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [505696 2009-11-05] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] - C:\Program Files\TOSHIBA\TBS\HSON.exe [52600 2009-03-09] (TOSHIBA Corporation)
HKLM\...\Run: [SmoothView] - C:\Program Files\Toshiba\SmoothView\SmoothView.exe [570680 2009-08-13] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] - C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [913720 2010-03-25] (TOSHIBA Corporation)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10134560 2010-03-22] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [896032 2010-03-22] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2052392 2010-03-10] (Synaptics Incorporated)
HKLM\...\Run: [ThpSrv] - C:\windows\system32\thpsrv /logon
HKLM\...\Run: [Teco] - C:\Program Files\TOSHIBA\TECO\Teco.exe [1519016 2010-07-28] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [709976 2010-02-05] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] - C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [711576 2010-07-22] (TOSHIBA Corporation)
HKLM\...\Run: [SmartFaceVWatcher] - C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe [238080 2009-10-19] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] - C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [38304 2010-07-09] (TOSHIBA Corporation)
HKLM\...\Run: [TosNC] - C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [595816 2010-04-23] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] - C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [Toshiba TEMPRO] - C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe [1050072 2010-05-11] (Toshiba Europe GmbH)
HKLM\...\Run: [Toshiba Registration] - C:\Program Files\Toshiba\Registration\ToshibaReminder.exe [136136 2010-04-19] (Toshiba Europe GmbH)
HKLM-x32\...\Run: [NBAgent] - C:\Program Files (x86)\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe [1086760 2010-03-09] (Nero AG)
HKLM-x32\...\Run: [SVPWUTIL] - C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe [352256 2010-02-22] (TOSHIBA)
HKLM-x32\...\Run: [HWSetup] - C:\Program Files\TOSHIBA\Utilities\HWSetup.exe [423936 2010-03-04] (TOSHIBA Electronics, Inc.)
HKLM-x32\...\Run: [KeNotify] - C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe [34160 2009-12-25] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [ITSecMng] - C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe [83336 2009-07-22] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [ToshibaServiceStation] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1294136 2009-10-06] (TOSHIBA Corporation)
HKLM-x32\...\Run: [TRCMan] - C:\Program Files (x86)\TOSHIBA\TRCMan\TRCMan.exe [714104 2010-06-02] (TOSHIBA Corporation)
HKLM-x32\...\Run: [TWebCamera] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe [2454840 2010-05-01] (TOSHIBA CORPORATION.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [IndexSearch] - C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe [46368 2010-03-08] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PaperPort PTD] - C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe [29984 2010-03-08] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PPort12reminder] - C:\Program Files (x86)\Nuance\PaperPort\Ereg\Ereg.exe [328992 2010-02-09] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDFHook] - C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe [636192 2010-03-05] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDF5 Registry Controller] - C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe [62752 2010-03-05] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [ControlCenter4] - C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [139264 2010-10-28] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] - C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [2621440 2010-06-10] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [ApnUpdater] - C:\Program Files (x86)\Ask.com\Updater\Updater.exe [1568976 2012-06-20] (Ask)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [684600 2014-01-14] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [DLSService] - "C:\Program Files (x86)\DYMO\DYMO Label Software\DLSService.exe"
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-10-01] (Apple Inc.)
HKCU\...\Run: [AVMUSBFernanschluss] - C:\Users\User\AppData\Local\Apps\2.0\CYN3ZPHY.T37\4J0RP2L5.DLH\frit..tion_8488884cfbcefd60_0002.0003_f406d43803d5433d\AVMAutoStart.exe [139264 2013-01-10] (AVM Berlin)
HKCU\...\Run: [ISUSPM] - C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation)
HKCU\...\Run: [SkyDrive] - C:\Users\User\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [257136 2013-08-18] (Microsoft Corporation)
HKCU\...\Run: [iCloudServices] - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-09-14] (Apple Inc.)
HKCU\...\Run: [ApplePhotoStreams] - C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-09-15] (Apple Inc.)
HKCU\...\Run: [Akamai NetSession Interface] - C:\Users\User\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.)
HKCU\...\Run: [Autodesk Sync] - C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [1081224 2013-02-05] (Autodesk, Inc.)
HKU\Default\...\Run: [TOSHIBA Online Product Information] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [4581280 2010-03-03] (TOSHIBA)
HKU\Default User\...\Run: [TOSHIBA Online Product Information] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [4581280 2010-03-03] (TOSHIBA)
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll [1344800 2014-01-01] (Conduit)
AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dll [1037600 2014-01-01] (Conduit)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com/?ctid=CT3319434&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SP683BA533-8BC0-4305-81A0-029197A83C18&SSPV=
HKCU\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://search.babylon.com/?affID=121562&babsrc=HP_ss_din2g&mntrId=389C88AE1D3F23AB
URLSearchHook: HKCU - UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://search.conduit.com/Results.aspx?ctid=CT3319434&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SP683BA533-8BC0-4305-81A0-029197A83C18&q={searchTerms}&SSPV=
SearchScopes: HKCU - bProtectorDefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://search.conduit.com/Results.aspx?ctid=CT3319434&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SP683BA533-8BC0-4305-81A0-029197A83C18&q={searchTerms}&SSPV=
SearchScopes: HKCU - {02D554C9-5BAC-4088-B940-D8CF85D0F79B} URL =
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www.delta-search.com/?q={searchTerms}&affID=121562&babsrc=SP_ss&mntrId=389C88AE1D3F23AB
SearchScopes: HKCU - {1695F057-E9E5-4E67-BBE9-5011183B6D99} URL = hxxp://www.amazon.de/gp/search?ie=UTF8&keywords={searchTerms}&tag=tochibade-win7-ie-search-21&index=blended&linkCode=ur2
SearchScopes: HKCU - {BA55DABC-4256-4A3B-A8B1-030ECDB2AE7E} URL =
SearchScopes: HKCU - {BC33DCF5-09F6-4060-88D2-035042D6192E} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10395&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=^ABT&apn_dtid=^YYYYYY^YY^DE&apn_uid=b0747396-7f02-44e4-8732-d8fadced706f&apn_sauid=B01BD60F-0D00-4A0A-AC5A-40F1C73139E0
SearchScopes: HKCU - {BF9D5AAF-D3A8-4171-944F-6199F1997E09} URL = hxxp://rover.ebay.com/rover/1/707-44556-9400-9/4?satitle={searchTerms}
BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL No File
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll No File
BHO-x32: PlusIEEventHelper Class - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll (Zeon Corporation)
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Avira SearchFree Toolbar plus Web Protection - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
Toolbar: HKLM-x32 - Avira SearchFree Toolbar plus Web Protection - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\uhwqlx47.default
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @java.com/DTPlugin,version=10.7.2 - C:\windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.7.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.5 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.8 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @dymo.com/DymoLabelFramework - C:\Program Files (x86)\DYMO\DYMO Label Software\Framework\npDYMOLabelFramework.dll ( Sanford L.P.)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\uhwqlx47.default\searchplugins\BrowserDefender.xml
FF SearchPlugin: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\uhwqlx47.default\searchplugins\conduit-search-1.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Easy YouTube Video Downloader - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\uhwqlx47.default\Extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi [2013-06-15]
==================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376 2014-01-14] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376 2014-01-14] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1011768 2014-01-14] (Avira Operations GmbH & Co. KG)
R2 CltMngSvc; C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe [2301216 2014-01-01] (Conduit)
R2 DymoPnpService; C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe [32368 2012-10-09] (Sanford, L.P.)
R2 mitsijm2013; C:\Program Files\Autodesk\Inventor 2013\Moldflow\bin\mitsijm.exe [339776 2012-01-31] ( )
R2 mitsijm2014; C:\Program Files\Autodesk\Inventor 2014\Moldflow\bin\mitsijm.exe [952608 2013-01-25] (Autodesk, Inc.)
R2 NitroDriverReadSpool2; C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe [204296 2012-04-12] (Nitro PDF Software)
R2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [144672 2010-03-08] (Nuance Communications, Inc.)
S3 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [124368 2010-05-11] (Toshiba Europe GmbH)
==================== Drivers (Whitelisted) ====================
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-19] (Avira Operations GmbH & Co. KG)
R3 avmaudio; C:\Windows\System32\DRIVERS\avmaudio.sys [116480 2013-01-10] (AVM Berlin)
R3 avmaura; C:\Windows\System32\DRIVERS\avmaura.sys [116480 2012-12-21] (AVM Berlin)
S1 SSHDRV76; C:\windows\SysWOW64\drivers\SSHDRV76.sys [53760 2013-05-30] ()
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-01-26 13:23 - 2014-01-26 13:23 - 00000000 ____D C:\FRST
2014-01-26 13:22 - 2014-01-26 13:23 - 00000000 ____D C:\Users\User\Downloads\Trojaner Board
2014-01-24 22:19 - 2014-01-24 22:22 - 00000000 ____D C:\Users\User\Downloads\VWL
2014-01-24 21:30 - 2013-12-18 21:09 - 00096168 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2014-01-24 21:30 - 2013-12-18 21:04 - 00264616 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe
2014-01-24 21:30 - 2013-12-18 21:04 - 00175016 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe
2014-01-24 21:30 - 2013-12-18 21:03 - 00174504 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe
2014-01-24 21:29 - 2014-01-24 21:30 - 00005327 _____ C:\windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-01-21 21:54 - 2014-01-21 21:54 - 00000000 ___SD C:\Users\User\Documents\Meine Datenquellen
2014-01-19 17:17 - 2014-01-19 17:18 - 00000000 ____D C:\ProgramData\TuneUp Software
2014-01-19 17:17 - 2014-01-19 17:17 - 00000000 __SHD C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2014-01-19 17:17 - 2014-01-19 17:17 - 00000000 ____D C:\Users\User\AppData\Roaming\TuneUp Software
2014-01-19 17:15 - 2014-01-19 17:16 - 00000000 ____D C:\Users\User\AppData\Local\SearchProtect
2014-01-19 17:15 - 2014-01-19 17:16 - 00000000 ____D C:\Program Files (x86)\SearchProtect
2014-01-19 17:15 - 2014-01-19 17:15 - 00000000 _____ C:\END
2014-01-19 10:18 - 2014-01-19 10:18 - 00000000 ____D C:\Users\User\Downloads\FOM
2014-01-15 16:15 - 2013-11-27 02:41 - 00343040 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbhub.sys
2014-01-15 16:15 - 2013-11-27 02:41 - 00325120 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbport.sys
2014-01-15 16:15 - 2013-11-27 02:41 - 00099840 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbccgp.sys
2014-01-15 16:15 - 2013-11-27 02:41 - 00053248 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbehci.sys
2014-01-15 16:15 - 2013-11-27 02:41 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbuhci.sys
2014-01-15 16:15 - 2013-11-27 02:41 - 00025600 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbohci.sys
2014-01-15 16:15 - 2013-11-27 02:41 - 00007808 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbd.sys
2014-01-15 16:15 - 2013-11-26 12:40 - 00376768 _____ (Microsoft Corporation) C:\windows\system32\Drivers\netio.sys
2014-01-15 16:15 - 2013-11-26 11:32 - 03156480 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-01-07 23:35 - 2014-01-07 23:35 - 00002050 _____ C:\Users\Public\Desktop\Autodesk ReCap.lnk
2014-01-07 23:35 - 2014-01-07 23:35 - 00000000 ____D C:\ProgramData\FARO
2014-01-07 23:30 - 2014-01-07 23:30 - 00001236 _____ C:\Users\Public\Desktop\Autodesk Vault Basic 2014.lnk
2014-01-07 22:49 - 2014-01-07 22:49 - 00002238 _____ C:\Users\Public\Desktop\Autodesk Inventor Professional 2014.lnk
2014-01-07 22:08 - 2014-01-07 22:08 - 00002014 _____ C:\Users\Public\Desktop\Autodesk 360.lnk
2014-01-07 22:02 - 2014-01-07 22:02 - 00002146 _____ C:\Users\Public\Desktop\DWG TrueView 2014.lnk
2014-01-07 22:00 - 2014-01-07 22:00 - 00000000 ____D C:\Program Files (x86)\DWG TrueView 2014
2014-01-07 21:25 - 2014-01-07 21:26 - 00000000 ____D C:\Users\User\AppData\Local\Akamai
2014-01-07 21:11 - 2014-01-08 19:20 - 00000000 ____D C:\Users\User\Downloads\Autodesk Inventor 2014
==================== One Month Modified Files and Folders =======
2014-01-26 13:23 - 2014-01-26 13:23 - 00000000 ____D C:\FRST
2014-01-26 13:23 - 2014-01-26 13:22 - 00000000 ____D C:\Users\User\Downloads\Trojaner Board
2014-01-26 12:42 - 2012-07-12 11:38 - 01868228 _____ C:\windows\WindowsUpdate.log
2014-01-26 11:15 - 2012-07-13 16:15 - 00000000 ____D C:\Users\User\Documents\Outlook-Dateien
2014-01-26 10:58 - 2009-07-14 05:45 - 00016080 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-26 10:58 - 2009-07-14 05:45 - 00016080 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-26 10:53 - 2012-08-27 20:57 - 00000000 ____D C:\Users\User\AppData\Roaming\Dropbox
2014-01-25 11:22 - 2012-08-27 21:00 - 00000000 ___RD C:\Users\User\Dropbox
2014-01-25 11:21 - 2013-06-28 18:14 - 00000000 ___RD C:\Users\User\SkyDrive
2014-01-25 11:17 - 2009-07-14 05:51 - 00080764 _____ C:\windows\setupact.log
2014-01-24 22:22 - 2014-01-24 22:19 - 00000000 ____D C:\Users\User\Downloads\VWL
2014-01-24 21:30 - 2014-01-24 21:29 - 00005327 _____ C:\windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-01-24 21:30 - 2013-10-18 19:24 - 00000000 ____D C:\ProgramData\Oracle
2014-01-24 21:30 - 2010-09-20 19:44 - 00000000 ____D C:\Program Files (x86)\Java
2014-01-24 21:24 - 2012-07-12 12:55 - 00000000 ____D C:\Users\User\AppData\Roaming\Toshiba
2014-01-23 18:43 - 2012-07-12 11:35 - 00488716 _____ C:\windows\PFRO.log
2014-01-23 18:39 - 2012-07-13 14:45 - 00000000 ____D C:\ProgramData\Microsoft Help
2014-01-23 18:39 - 2009-07-14 03:34 - 00000478 _____ C:\windows\win.ini
2014-01-23 18:38 - 2012-09-12 16:49 - 00000039 _____ C:\windows\vbaddin.ini
2014-01-21 21:54 - 2014-01-21 21:54 - 00000000 ___SD C:\Users\User\Documents\Meine Datenquellen
2014-01-21 19:00 - 2012-07-14 15:24 - 00000000 ____D C:\Users\User\AppData\Roaming\Nitro PDF
2014-01-20 21:12 - 2012-07-13 18:25 - 00000000 ____D C:\Users\User\AppData\Local\Deployment
2014-01-19 17:48 - 2013-04-16 18:14 - 00000000 ____D C:\Program Files (x86)\UltraMixer
2014-01-19 17:18 - 2014-01-19 17:17 - 00000000 ____D C:\ProgramData\TuneUp Software
2014-01-19 17:17 - 2014-01-19 17:17 - 00000000 __SHD C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2014-01-19 17:17 - 2014-01-19 17:17 - 00000000 ____D C:\Users\User\AppData\Roaming\TuneUp Software
2014-01-19 17:16 - 2014-01-19 17:15 - 00000000 ____D C:\Users\User\AppData\Local\SearchProtect
2014-01-19 17:16 - 2014-01-19 17:15 - 00000000 ____D C:\Program Files (x86)\SearchProtect
2014-01-19 17:15 - 2014-01-19 17:15 - 00000000 _____ C:\END
2014-01-19 17:15 - 2013-06-14 10:38 - 00000000 ____D C:\Users\User\AppData\Roaming\OpenCandy
2014-01-19 14:43 - 2012-08-03 14:43 - 00000000 ____D C:\Users\User\AppData\Roaming\Skype
2014-01-19 10:18 - 2014-01-19 10:18 - 00000000 ____D C:\Users\User\Downloads\FOM
2014-01-19 09:40 - 2010-09-20 20:02 - 00000000 ___RD C:\Program Files (x86)\Skype
2014-01-19 09:40 - 2010-09-20 20:02 - 00000000 ____D C:\ProgramData\Skype
2014-01-15 20:55 - 2009-07-14 05:45 - 00559968 _____ C:\windows\system32\FNTCACHE.DAT
2014-01-15 20:49 - 2013-08-18 21:02 - 00000000 ____D C:\windows\system32\MRT
2014-01-15 20:46 - 2012-07-17 13:45 - 86054176 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-01-15 18:19 - 2013-11-13 15:53 - 00000000 ____D C:\Users\User\AppData\Roaming\vlc
2014-01-15 17:58 - 2013-05-15 17:32 - 00000000 ____D C:\Users\User\AppData\Roaming\dvdcss
2014-01-14 18:20 - 2009-07-14 18:58 - 00699666 _____ C:\windows\system32\perfh007.dat
2014-01-14 18:20 - 2009-07-14 18:58 - 00149774 _____ C:\windows\system32\perfc007.dat
2014-01-14 18:20 - 2009-07-14 06:13 - 01620612 _____ C:\windows\system32\PerfStringBackup.INI
2014-01-11 12:39 - 2012-07-30 17:29 - 00000000 ____D C:\Users\User\AppData\Roaming\Autodesk
2014-01-08 22:49 - 2012-07-29 09:41 - 01594892 _____ C:\windows\SysWOW64\PerfStringBackup.INI
2014-01-08 22:33 - 2012-07-31 20:55 - 00000000 ____D C:\Users\User\AppData\Local\Autodesk,_Inc
2014-01-08 19:20 - 2014-01-07 21:11 - 00000000 ____D C:\Users\User\Downloads\Autodesk Inventor 2014
2014-01-08 05:18 - 2012-07-12 12:55 - 00179512 _____ C:\Users\User\AppData\Local\GDIPFONTCACHEV1.DAT
2014-01-07 23:35 - 2014-01-07 23:35 - 00002050 _____ C:\Users\Public\Desktop\Autodesk ReCap.lnk
2014-01-07 23:35 - 2014-01-07 23:35 - 00000000 ____D C:\ProgramData\FARO
2014-01-07 23:35 - 2012-07-31 14:39 - 00000000 ____D C:\Program Files\Autodesk
2014-01-07 23:35 - 2012-07-30 17:29 - 00000000 ____D C:\ProgramData\Autodesk
2014-01-07 23:30 - 2014-01-07 23:30 - 00001236 _____ C:\Users\Public\Desktop\Autodesk Vault Basic 2014.lnk
2014-01-07 23:30 - 2012-07-31 14:51 - 00000000 ____D C:\Users\User\Documents\Inventor
2014-01-07 23:30 - 2012-07-31 14:42 - 00000000 ____D C:\Users\Public\Documents\Autodesk
2014-01-07 22:53 - 2012-07-31 14:39 - 00000000 ____D C:\Users\User\AppData\Local\Autodesk
2014-01-07 22:49 - 2014-01-07 22:49 - 00002238 _____ C:\Users\Public\Desktop\Autodesk Inventor Professional 2014.lnk
2014-01-07 22:47 - 2012-10-26 20:12 - 00000000 ____D C:\Program Files\Common Files\Autodesk Shared
2014-01-07 22:08 - 2014-01-07 22:08 - 00002014 _____ C:\Users\Public\Desktop\Autodesk 360.lnk
2014-01-07 22:02 - 2014-01-07 22:02 - 00002146 _____ C:\Users\Public\Desktop\DWG TrueView 2014.lnk
2014-01-07 22:00 - 2014-01-07 22:00 - 00000000 ____D C:\Program Files (x86)\DWG TrueView 2014
2014-01-07 21:47 - 2009-07-14 04:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2014-01-07 21:26 - 2014-01-07 21:25 - 00000000 ____D C:\Users\User\AppData\Local\Akamai
2014-01-07 21:25 - 2012-07-31 14:12 - 00000000 ____D C:\Autodesk
2014-01-07 20:47 - 2012-08-27 21:00 - 00001031 _____ C:\Users\User\Desktop\Dropbox.lnk
2014-01-07 20:47 - 2012-08-27 20:58 - 00000000 ____D C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-01-07 20:47 - 2012-07-12 12:49 - 00000000 ___RD C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-12-29 17:06 - 2012-07-13 18:26 - 00016986 _____ C:\windows\avmacc.log
Some content of TEMP:
====================
C:\Users\User\AppData\Local\Temp\avgnt.exe
C:\Users\User\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\User\AppData\Local\Temp\MSNDD06.exe
C:\Users\User\AppData\Local\Temp\nsbFA80.exe
C:\Users\User\AppData\Local\Temp\nsg7F84.exe
C:\Users\User\AppData\Local\Temp\nsv82EE.exe
C:\Users\User\AppData\Local\Temp\nsvF7A1.exe
C:\Users\User\AppData\Local\Temp\uninst1.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-09-04 20:59
==================== End Of Log ============================
--- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- FRST Additions Logfile: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-01-2014 01
Ran by User at 2014-01-26 13:25:00
Running from C:\Users\User\Downloads\Trojaner Board
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Avira Desktop (Enabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AS: Avira Desktop (Enabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
Adobe AIR (x32 Version: 1.5.3.9130 - Adobe Systems Inc.)
Adobe AIR (x32 Version: 1.5.3.9130 - Adobe Systems Inc.) Hidden
Adobe Flash Player 11 ActiveX (x32 Version: 11.5.502.135 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Photoshop Lightroom 4.4 64-bit (Version: 4.4.1 - Adobe)
Adobe Reader X (10.1.9) - Deutsch (x32 Version: 10.1.9 - Adobe Systems Incorporated)
Advertising Center (x32 Version: 0.0.0.2 - Nero AG) Hidden
Akamai NetSession Interface (HKCU Version: - Akamai Technologies, Inc)
Apple Application Support (x32 Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (x32 Version: 2.1.3.127 - Apple Inc.)
Aquamarin Haushaltsbuch 2.9.2 b (x32 Version: - makasy.com)
Ashampoo Burning Studio 2012 CBE v.11.0.4 (x32 Version: 11.0.4 - Ashampoo GmbH & Co. KG)
Ask Toolbar (x32 Version: 1.15.4.0 - Ask.com) <==== ATTENTION
Autodesk 360 (Version: 4.0.27.1 - Autodesk)
Autodesk Design Review 2013 (x32 Version: 13.0.0.82 - Autodesk, Inc.)
Autodesk Design Review 2013 (x32 Version: 13.0.0.82 - Autodesk, Inc.) Hidden
Autodesk DWG TrueView 2014 (Version: 19.1.18.0 - Autodesk)
Autodesk Inventor Content Center Libraries 2013 (Desktop Content) (Version: 17.0.13800.0000 - Autodesk)
Autodesk Inventor Content Center Libraries 2014 (Desktop Content) (Version: 18.0.17000.0000 - Autodesk)
Autodesk Inventor Fusion 2013 (Version: 2.0.0.206 - Autodesk, Inc.)
Autodesk Inventor Fusion 2013 (Version: 2.0.0.206 - Autodesk, Inc.) Hidden
Autodesk Inventor Fusion for Inventor 2013 Add-in (Version: 1.0.0.111 - Autodesk)
Autodesk Inventor Professional 2013 (Version: 17.0.13800.0000 - Autodesk) Hidden
Autodesk Inventor Professional 2013 Deutsch (German) (Version: 17.0.13800.0000 - Autodesk)
Autodesk Inventor Professional 2013 Language Pack - Deutsch (German) (Version: 17.0.13800.0000 - Autodesk) Hidden
Autodesk Inventor Professional 2014 - Deutsch (German) (Version: 18.0.17000.0000 - Autodesk)
Autodesk Inventor Professional 2014 (Version: 18.0.17000.0000 - Autodesk) Hidden
Autodesk Inventor Professional 2014 Language Pack - Deutsch (German) (Version: 18.0.17000.0000 - Autodesk) Hidden
Autodesk Inventor Publisher 2013 - Deutsch (German) (Version: 5.0.0.106 - Autodesk, Inc.)
Autodesk Inventor Publisher 2013 (Version: 5.0.0.106 - Autodesk, Inc.) Hidden
Autodesk Inventor Publisher 2013 Language Pack (Version: 5.0.0.106 - Autodesk, Inc.) Hidden
Autodesk Inventor Publisher 2013 Word Add-in (HKCU Version: 1.1.0.0 - Autodesk)
Autodesk Material Library 2013 (x32 Version: 3.0.13 - Autodesk)
Autodesk Material Library 2014 (x32 Version: 4.0.19.0 - Autodesk)
Autodesk Material Library Base Resolution Image Library 2013 (x32 Version: 3.0.13 - Autodesk)
Autodesk Material Library Base Resolution Image Library 2014 (x32 Version: 4.0.19.0 - Autodesk)
Autodesk Material Library Low Resolution Image Library 2013 (x32 Version: 3.0.13 - Autodesk)
Autodesk Material Library Low Resolution Image Library 2014 (x32 Version: 4.0.19.0 - Autodesk)
Autodesk ReCap (Version: 1.0.43.27 - Autodesk)
Autodesk ReCap (Version: 1.0.43.27 - Autodesk) Hidden
Autodesk ReCap Language Pack-English (Version: 1.0.43.27 - Autodesk) Hidden
Autodesk Revit Interoperability for Inventor 2014 (Version: 13.02.15161 - Autodesk)
Autodesk Revit Interoperability for Inventor 2014 (Version: 13.02.15161 - Autodesk) Hidden
Autodesk Vault Basic 2013 (Client) (Version: 17.0.61.0 - Autodesk) Hidden
Autodesk Vault Basic 2013 (Client) (x32 Version: 17.0.61.0 - Autodesk)
Autodesk Vault Basic 2013 (Client) German Language Pack (Version: 17.0.61.0 - Autodesk) Hidden
Autodesk Vault Basic 2014 (Client) (Version: 18.0.86.0 - Autodesk)
Autodesk Vault Basic 2014 (Client) (Version: 18.0.86.0 - Autodesk) Hidden
Autodesk Vault Basic 2014 (Client) German Language Pack (Version: 18.0.86.0 - Autodesk) Hidden
Avery Wizard 4.0 (x32 Version: 4.0.201 - Avery)
Avira Free Antivirus (x32 Version: 14.0.2.344 - Avira)
Avira SearchFree Toolbar plus Web Protection Updater (HKCU Version: 1.3.0.23930 - Ask.com)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.82 - WildTangent) Hidden
Bluetooth Stack for Windows by Toshiba (Version: v7.10.10(T) - TOSHIBA CORPORATION)
Bonjour (Version: 3.0.0.10 - Apple Inc.)
Broadcom 802.11 Network Adapter (Version: 5.60.48.42 - Broadcom Corporation)
Brother MFL-Pro Suite MFC-J6710DW (x32 Version: 1.0.20.0 - Brother Industries, Ltd.)
Bundled software uninstaller (x32 Version: - ) <==== ATTENTION
Chuzzle Deluxe (x32 Version: 2.2.0.82 - WildTangent) Hidden
Corel WinDVD (x32 Version: 10.0.5.544 - Corel Inc.)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32 Version: - Microsoft)
DesignPro 5 (x32 Version: 5.5.708 - Avery Dennison)
DesignPro 5 (x32 Version: 5.5.708 - Avery Dennison) Hidden
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.82 - WildTangent) Hidden
Direct DiscRecorder (x32 Version: 1.00.0000 - Corel Corporation) Hidden
Dropbox (HKCU Version: 2.4.11 - Dropbox, Inc.)
DVD MovieFactory for TOSHIBA (x32 Version: 7.0.0 - Corel Corporation)
DVD MovieFactory for TOSHIBA (x32 Version: 7.0.0 - Corel Corporation) Hidden
DWG TrueView 2013 (Version: 19.0.55.0 - Autodesk)
DWG TrueView 2013 (Version: 19.0.55.0 - Autodesk) Hidden
DWG TrueView 2014 (Version: 19.1.18.0 - Autodesk) Hidden
DYMO Label v.8 (x32 Version: 8.4.2.18 - Sanford, L.P.)
Eco Materials Adviser for Autodesk Inventor 2013 (Version: 3.9.12.0 - Granta Design Limited)
Eco Materials Adviser for Autodesk Inventor 2014 (64-bit) (Version: 4.4.1.0 - Granta Design Limited)
ENE CIR Receiver Driver (Version: 2.7.4.1 - ENE)
FARO LS 1.1.501.0 (64bit) (x32 Version: 5.1.0.30630 - FARO Scanner Production)
FATE (x32 Version: 2.2.0.82 - WildTangent) Hidden
FilesFrog Update Checker (x32 Version: - ) <==== ATTENTION
FileZilla Client 3.7.1 (HKCU Version: 3.7.1 - FileZilla Project)
FreeMind (x32 Version: 0.8.1 - )
FRITZ!Box USB-Fernanschluss (HKCU Version: 2.3.0.2 - AVM Berlin)
Garmin City Navigator Europe NT 2013.10 Update (x32 Version: 16.10.0.0 - Garmin Ltd or its subsidiaries)
Garmin MapInstall (x32 Version: 4.0.3 - Garmin Ltd or its subsidiaries)
Garmin Training Center (x32 Version: 3.6.5 - Garmin Ltd or its subsidiaries)
Garmin USB Drivers (x32 Version: 2.3.1.0 - Garmin Ltd or its subsidiaries)
iCloud (Version: 3.0.2.163 - Apple Inc.)
ImagXpress (x32 Version: 7.0.74.0 - Nero AG) Hidden
Intel(R) Management Engine Components (x32 Version: 6.0.0.1179 - Intel Corporation)
Intel(R) Rapid Storage Technology (x32 Version: 9.5.7.1002 - Intel Corporation)
iTunes (Version: 11.1.1.11 - Apple Inc.)
Java 7 Update 51 (x32 Version: 7.0.510 - Oracle)
Java 7 Update 7 (64-bit) (Version: 7.0.70 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Java(TM) 6 Update 20 (x32 Version: 6.0.200 - Sun Microsystems, Inc.)
JavaFX 2.1.1 (x32 Version: 2.1.1 - Oracle Corporation)
Jewel Quest II (x32 Version: 2.2.0.82 - WildTangent) Hidden
JMicron Flash Media Controller Driver (x32 Version: 1.0.44.1 - JMicron Technology Corp.)
Junk Mail filter update (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Multi-Targeting Pack (x32 Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.5 (Version: 4.5.50709 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5 DEU Language Pack (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5 DEU Language Pack (Version: 4.5.50709 - Microsoft Corporation) Hidden
Microsoft Age of Empires (x32 Version: - )
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Choice Guard (x32 Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft Expression Blend 3 SDK (x32 Version: 1.0.1343.0 - Microsoft Corporation)
Microsoft Expression Blend 4 (x32 Version: 4.0.20621.0 - Microsoft Corporation)
Microsoft Expression Blend 4 (x32 Version: 4.0.20621.0 - Microsoft Corporation) Hidden
Microsoft Expression Blend SDK for .NET 4 (x32 Version: 2.0.20621.0 - Microsoft Corporation)
Microsoft Expression Blend SDK for Silverlight 4 (x32 Version: 2.0.20621.0 - Microsoft Corporation)
Microsoft Expression Design 4 (x32 Version: 7.0.20516.0 - Microsoft Corporation)
Microsoft Expression Design 4 (x32 Version: 7.0.20516.0 - Microsoft Corporation) Hidden
Microsoft Expression Encoder 4 (x32 Version: 4.0.1651.0 - Microsoft Corporation)
Microsoft Expression Encoder 4 (x32 Version: 4.0.1651.0 - Microsoft Corporation) Hidden
Microsoft Expression Encoder 4 Screen Capture Codec (x32 Version: 4.0.1651.0 - Microsoft Corporation)
Microsoft Expression Studio 4 (x32 Version: 4.0.20705.0 - Microsoft Corporation)
Microsoft Expression Studio 4 (x32 Version: 4.0.20705.0 - Microsoft Corporation) Hidden
Microsoft Expression Web 4 (x32 Version: 4.0.1303.0 - Microsoft Corporation)
Microsoft Expression Web 4 (x32 Version: 4.0.1303.0 - Microsoft Corporation) Hidden
Microsoft Expression Web 4 Service Pack 2 (x32 Version: - Microsoft Corporation)
Microsoft Office 2010 Primary Interop Assemblies (x32 Version: 14.0.4763.1024 - Microsoft Corporation)
Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Project MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Project Professional 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Visio 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Visio MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Project Professional 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft Silverlight 3 SDK (x32 Version: 3.0.40818.0 - Microsoft Corporation)
Microsoft Silverlight 4 SDK (x32 Version: 4.0.50401.0 - Microsoft Corporation)
Microsoft SkyDrive (HKCU Version: 17.0.2015.0811 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visio Professional 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Visual Basic for Applications 7.1 (x64) (Version: 7.1.00.00 - Microsoft Corporation) Hidden
Microsoft Visual Basic for Applications 7.1 (x64) German (Version: 7.1.0.0 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 x64 ATL Runtime 9.0.30729 (x32 Version: 9.0.30729 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 x64 CRT Runtime 9.0.30729 (x32 Version: 9.0.30729 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 x64 MFC Runtime 9.0.30729 (x32 Version: 9.0.30729 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 x64 OpenMP Runtime 9.0.30729 (x32 Version: 9.0.30729 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 x86 ATL Runtime 9.0.30729 (x32 Version: 9.0.30729 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 x86 CRT Runtime 9.0.30729 (x32 Version: 9.0.30729 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 x86 MFC Runtime 9.0.30729 (x32 Version: 9.0.30729 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 x86 OpenMP Runtime 9.0.30729 (x32 Version: 9.0.30729 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (Version: 10.0.40303 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (Version: 10.0.40308 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU (Version: 10.0.40303 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (Version: 10.0.40303 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (x32 Version: 3.0.5305.0 - Microsoft Corp.)
Mozilla Firefox 26.0 (x86 de) (x32 Version: 26.0 - Mozilla)
Mozilla Maintenance Service (x32 Version: 26.0 - Mozilla)
MSVCRT (x32 Version: 14.0.1468.721 - Microsoft) Hidden
MSXML 4.0 SP3 Parser (KB2721691) (x32 Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (x32 Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (x32 Version: 4.30.2100.0 - Microsoft Corporation)
Nero 9 Essentials (x32 Version: - Nero AG)
Nero BackItUp (x32 Version: 5.2.21001 - Nero AG)
Nero BackItUp and Burn (x32 Version: 1.2.0030 - Nero AG)
Nero BurnRights (x32 Version: 3.4.13.100 - Nero AG) Hidden
Nero BurnRights (x32 Version: 3.6.26001 - Nero AG)
Nero BurnRights Help (x32 Version: 3.4.4.100 - Nero AG) Hidden
Nero ControlCenter (x32 Version: 9.0.0.1 - Nero AG) Hidden
Nero DiscSpeed (x32 Version: 5.4.13.100 - Nero AG) Hidden
Nero DiscSpeed Help (x32 Version: 5.4.4.100 - Nero AG) Hidden
Nero DriveSpeed (x32 Version: 4.4.12.100 - Nero AG) Hidden
Nero DriveSpeed Help (x32 Version: 4.4.4.100 - Nero AG) Hidden
Nero Express (x32 Version: 9.6.16000 - Nero AG)
Nero Express Help (x32 Version: 9.4.34.100 - Nero AG) Hidden
Nero InfoTool (x32 Version: 6.4.12.100 - Nero AG) Hidden
Nero InfoTool Help (x32 Version: 6.4.4.100 - Nero AG) Hidden
Nero Installer (x32 Version: 4.4.9.0 - Nero AG) Hidden
Nero Online Upgrade (x32 Version: 1.3.0.0 - Nero AG) Hidden
Nero RescueAgent (x32 Version: 2.6.25002 - Nero AG)
Nero StartSmart (x32 Version: 9.4.37.100 - Nero AG) Hidden
Nero StartSmart Help (x32 Version: 9.4.37.100 - Nero AG) Hidden
NeroExpress (x32 Version: 9.4.34.100 - Nero AG) Hidden
neroxml (x32 Version: 1.0.0 - Nero AG) Hidden
Nitro Pro 7 (Version: 7.3.1.10 - Nitro PDF Software)
Nuance PaperPort 12 (x32 Version: 12.1.0000 - Nuance Communications, Inc.)
Nuance PDF Viewer Plus (x32 Version: 5.30.3290 - Nuance Communications, Inc)
NVIDIA Display Control Panel (Version: 6.14.12.5897 - NVIDIA Corporation)
NVIDIA Drivers (Version: 1.10.62.40 - NVIDIA Corporation)
NVIDIA PhysX (x32 Version: 9.10.0224 - NVIDIA Corporation)
PaperPort Image Printer 64-bit (Version: 1.00.0001 - Nuance Communications, Inc.)
Penguins! (x32 Version: 2.2.0.82 - WildTangent) Hidden
Photo Service - powered by myphotobook (x32 Version: 1.0.7 - myphotobook GmbH) Hidden
Photo Service - powered by myphotobook (x32 Version: 1.0.7-279 - myphotobook GmbH)
PhotoScape (x32 Version: - )
Plants vs. Zombies (x32 Version: 2.2.0.82 - WildTangent) Hidden
PlayReady PC Runtime amd64 (Version: 1.3.0 - Microsoft Corporation)
Polar Bowler (x32 Version: 2.2.0.82 - WildTangent) Hidden
Realtek Ethernet Controller Driver For Windows 7 (x32 Version: 7.20.503.2010 - Realtek)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6069 - Realtek Semiconductor Corp.)
Scansoft PDF Professional (x32 Version: - ) Hidden
Schnell-Deinstallations-Tool für Autodesk Inventor 2013 (Version: 17.0.13800.0000 - Autodesk)
Search Protect (x32 Version: 2.9.40.12 - Conduit) <==== ATTENTION
Secure Download Manager (x32 Version: 3.1.20 - Kivuto Solutions Inc.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version: - Microsoft) Hidden
Skype™ 6.11 (x32 Version: 6.11.102 - Skype Technologies S.A.)
Synaptics Pointing Device Driver (Version: 15.0.8.1 - Synaptics Incorporated)
TELL ME MORE (x32 Version: - Auralog)
Toshiba Assist (x32 Version: 3.00.11 - TOSHIBA CORPORATION)
TOSHIBA Bulletin Board (Version: 1.6.08.64 - TOSHIBA Corporation) Hidden
TOSHIBA Bulletin Board (x32 Version: 1.6.08.64 - TOSHIBA Corporation)
TOSHIBA ConfigFree (x32 Version: 8.0.34 - TOSHIBA CORPORATION)
TOSHIBA Disc Creator (Version: 2.1.0.2 for x64 - TOSHIBA Corporation)
TOSHIBA eco Utility (Version: 1.2.18.64 - TOSHIBA Corporation) Hidden
TOSHIBA eco Utility (x32 Version: 1.2.18.64 - TOSHIBA Corporation)
TOSHIBA eco Utility (x32 Version: 1.2.18.64 - TOSHIBA Corporation) Hidden
TOSHIBA Face Recognition (Version: 3.1.3.64 - TOSHIBA Corporation) Hidden
TOSHIBA Face Recognition (x32 Version: 3.1.3.64 - TOSHIBA Corporation)
TOSHIBA Flash Cards Support Utility (x32 Version: 1.63.0.6C - TOSHIBA CORPORATION)
TOSHIBA Flash Cards Support Utility (x32 Version: 1.63.0.6C - TOSHIBA CORPORATION) Hidden
TOSHIBA Hardware Setup (x32 Version: 1.63.0.26C - TOSHIBA CORPORATION)
TOSHIBA Hardware Setup (x32 Version: 1.63.0.26C - TOSHIBA CORPORATION) Hidden
TOSHIBA HDD Protection (Version: 2.2.0.4 - TOSHIBA Corporation)
TOSHIBA HDD/SSD Alert (Version: 3.1.64.6 - TOSHIBA Corporation) Hidden
TOSHIBA HDD/SSD Alert (x32 Version: 3.1.64.6 - TOSHIBA Corporation)
TOSHIBA HDD/SSD Alert (x32 Version: 3.1.64.6 - TOSHIBA Corporation) Hidden
Toshiba Manuals (x32 Version: 10.02 - TOSHIBA)
TOSHIBA Media Controller (x32 Version: 1.0.80.8.64 - TOSHIBA CORPORATION)
TOSHIBA Media Controller Plug-in (x32 Version: 1.0.5.11 - TOSHIBA CORPORATION)
TOSHIBA Online Product Information (x32 Version: 2.09.0001 - TOSHIBA)
TOSHIBA PC Health Monitor (Version: 1.7.1.64 - TOSHIBA Corporation)
TOSHIBA Recovery Media Creator (Version: 2.1.0.4 x64 - TOSHIBA Corporation)
TOSHIBA Recovery Media Creator Reminder (x32 Version: 1.00.0019 - TOSHIBA)
TOSHIBA Recovery Media Creator Reminder (x32 Version: 1.00.0019 - TOSHIBA) Hidden
TOSHIBA ReelTime (Version: 1.7.16.64 - TOSHIBA Corporation) Hidden
TOSHIBA ReelTime (x32 Version: 1.7.16.64 - TOSHIBA Corporation)
TOSHIBA Remote Control Manager (x32 Version: 3.0.3.0 - TOSHIBA CORPORATION)
TOSHIBA Service Station (x32 Version: 2.1.40 - TOSHIBA)
TOSHIBA Sleep Utility (x32 Version: 1.4.1.3 - TOSHIBA Corporation)
TOSHIBA Supervisor Password (x32 Version: 1.63.0.9C - TOSHIBA CORPORATION) Hidden
TOSHIBA Supervisorkennwort (x32 Version: 1.63.0.9C - TOSHIBA CORPORATION)
Toshiba TEMPRO (x32 Version: 3.33 - Toshiba Europe GmbH)
TOSHIBA Value Added Package (Version: 1.3.4.64 - TOSHIBA Corporation) Hidden
TOSHIBA Value Added Package (x32 Version: 1.3.4.64 - TOSHIBA Corporation)
TOSHIBA Value Added Package (x32 Version: 1.3.4.64 - TOSHIBA Corporation) Hidden
TOSHIBA VIDEO PLAYER (x32 Version: 4.00.1.08-A - TOSHIBA Corporation)
TOSHIBA Web Camera Application (x32 Version: 1.1.1.16 - TOSHIBA Corporation)
Update for Microsoft .NET Framework 4.5 (KB2750147) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4.5 (KB2805221) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4.5 (KB2805226) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition (x32 Version: - Microsoft)
Utility Common Driver (x32 Version: 1.0.52.1C - TOSHIBA) Hidden
VBA (2627.01) (x32 Version: 6.03.00.9402 - Microsoft Corporation) Hidden
VBA (2701.01) (x32 Version: 6.03.00.9402 - Microsoft Corporation) Hidden
Visual C++ 2008 - x64 (KB958357) - v9.0.30729.177 (x32 Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177 (x32 Version: 9.0.30729.177 - Microsoft Corporation)
VLC media player 2.0.8 (Version: 2.0.8 - VideoLAN)
WildTangent ORB Game Console (x32 Version: - WildTangent) Hidden
WildTangent-Spiele (x32 Version: 1.0.0.80 - WildTangent)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0) (Version: 04/19/2012 2.3.1.0 - Garmin)
Windows Live Call (x32 Version: 14.0.8064.0206 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 14.0.8064.206 - Microsoft Corporation) Hidden
Windows Live Essentials (x32 Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 14.0.8081.709 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 6.500.3165.0 - Microsoft Corporation)
Windows Live Mail (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 14.0.8091.0730 - Microsoft Corporation) Hidden
Windows Live Sync (x32 Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live Writer (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live-Uploadtool (x32 Version: 14.0.8014.1029 - Microsoft Corporation)
WinRAR 4.10 (64-Bit) (Version: 4.10.0 - win.rar GmbH)
WPF Toolkit February 2010 (Version 3.5.50211.1) (x32 Version: 3.5.50211.1 - Microsoft Corporation)
XAMPP 1.8.1 (x32 Version: - )
Zuma Deluxe (x32 Version: 2.2.0.82 - WildTangent) Hidden
==================== Restore Points =========================
04-01-2014 09:53:12 Windows Update
07-01-2014 15:59:42 Windows Update
07-01-2014 20:47:52 DirectX wurde installiert
08-01-2014 21:34:25 Windows Update
15-01-2014 15:08:16 Windows Update
15-01-2014 19:45:44 Windows Update
19-01-2014 16:46:00 TuneUp Utilities 2014 wird entfernt
19-01-2014 16:47:23 TuneUp Utilities 2014 (de-DE) wird entfernt
21-01-2014 20:34:58 Windows Update
23-01-2014 17:21:30 Windows Update
24-01-2014 20:28:49 Installed Java 7 Update 51
==================== Hosts content: ==========================
2009-07-14 03:34 - 2013-01-09 16:47 - 00000027 ____A C:\windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
Task: {1FEA0AB0-4930-4EAD-AE28-4AF4F45DD989} - System32\Tasks\EPUpdater => C:\Users\User\AppData\Roaming\BABSOL~1\Shared\BabMaint.exe <==== ATTENTION
Task: {4DF4397F-E594-4679-9876-4B9EF1B09125} - System32\Tasks\ConfigFree Startup Programs => C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe [2010-06-03] (TOSHIBA CORPORATION)
Task: {9EE55DBA-01A4-4DD6-B8B3-4FBDC49888D9} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {BE9EA3D2-6723-4712-B342-DF2C761FC936} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files (x86)\Ask.com\UpdateTask.exe [2012-06-20] ()
Task: {EB11D98D-C108-4ECE-B366-A6F68260D1D3} - System32\Tasks\BrowserDefendert => Sc.exe start BrowserDefendert
Task: {FF4E067C-7F7E-4AA2-B16C-2223082B7EB0} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
==================== Loaded Modules (whitelisted) =============
2012-07-16 15:23 - 2012-01-09 18:44 - 00193536 _____ () C:\Program Files\WinRAR\rarext.dll
2010-01-02 15:42 - 2010-01-02 15:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2010-03-03 13:15 - 2010-03-03 13:15 - 08762680 _____ () C:\Program Files\Toshiba\FlashCards\BlackPng.dll
2009-11-03 12:26 - 2009-11-03 12:26 - 00053560 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnZ.dll
2010-03-03 13:15 - 2010-03-03 13:15 - 00019256 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF10.dll
2010-03-03 13:15 - 2010-03-03 13:15 - 00019256 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF11.dll
2010-09-20 19:48 - 2009-06-22 13:40 - 00022328 _____ () C:\Program Files\TOSHIBA\Toshiba Assist\NotifyX.dll
2009-03-12 19:08 - 2009-03-12 19:08 - 00048640 _____ () C:\Program Files (x86)\Toshiba\PCDiag\NotifyPCD.dll
2009-07-25 15:38 - 2009-07-25 15:38 - 00017800 _____ () C:\Program Files\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll
2010-07-28 09:27 - 2010-07-28 09:27 - 00590776 _____ () C:\Program Files\Toshiba\TECO\TecoPower.dll
2010-04-23 12:58 - 2010-04-23 12:58 - 03409256 _____ () C:\Program Files\Toshiba\BulletinBoard\TosNcUi.dll
2013-02-05 00:21 - 2013-02-05 00:21 - 00056352 _____ () C:\Program Files\Autodesk\Autodesk Sync\qoauth_Ad_1.dll
2013-02-05 00:21 - 2013-02-05 00:21 - 00937504 _____ () C:\Program Files\Autodesk\Autodesk Sync\qca_Ad_2.dll
2013-02-05 00:21 - 2013-02-05 00:21 - 00124448 _____ () C:\Program Files\Autodesk\Autodesk Sync\QJson.dll
2013-02-05 00:21 - 2013-02-05 00:21 - 00045088 _____ () C:\Program Files\Autodesk\Autodesk Sync\QtSolutions_MFCMigrationFramework_Ad_2.dll
2013-02-22 18:24 - 2013-02-22 18:19 - 00397704 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2012-05-30 19:06 - 2012-05-30 19:06 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2012-05-30 19:06 - 2012-05-30 19:06 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-09-14 00:51 - 2013-09-14 00:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\zlib1.dll
2013-09-14 00:50 - 2013-09-14 00:50 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\libxml2.dll
2013-10-19 00:55 - 2013-10-19 00:55 - 25100288 _____ () C:\Users\User\AppData\Roaming\Dropbox\bin\libcef.dll
2012-07-14 14:51 - 2009-02-27 15:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2013-12-22 13:17 - 2013-12-22 13:17 - 03559024 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2013-06-18 21:08 - 2013-06-18 21:08 - 00093696 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
2013-12-23 12:58 - 2013-12-23 12:58 - 16242056 _____ () C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (01/24/2014 10:31:38 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: firefox.exe, Version: 26.0.0.5087, Zeitstempel: 0x52a0d273
Name des fehlerhaften Moduls: xul.dll, Version: 26.0.0.5087, Zeitstempel: 0x52a0d20a
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0014e1a8
ID des fehlerhaften Prozesses: 0x1bb8
Startzeit der fehlerhaften Anwendung: 0xfirefox.exe0
Pfad der fehlerhaften Anwendung: firefox.exe1
Pfad des fehlerhaften Moduls: firefox.exe2
Berichtskennung: firefox.exe3
Error: (01/24/2014 10:03:25 PM) (Source: VSS) (User: )
Description: Volumeschattenkopie-Dienstfehler: Die E/A-Schreibvorgänge können während des Schattenkopie-Erstellungszeitraums auf Volume "C:\" nicht gespeichert werden.
Der Volumeindex im Schattenkopiesatz ist 0. Fehlerdetails: Offen[0x00000000, Der Vorgang wurde erfolgreich beendet.
], Leerung[0x00000000, Der Vorgang wurde erfolgreich beendet.
], Freigabe[0x80042314, Der Schattenkopieanbieter hat beim Warten auf den Schreibvorgang auf das Volume, von dem eine Schattenkopie erstellt wird, das Zeitlimit überschritten. Ursache hierfür könnte eine durch eine Anwendung oder einen Systemdienst verursachte hohe Aktivität auf dem Volume sein. Wiederholen Sie den Vorgang später, wenn das Volume nicht so stark ausgelastet ist.
], Ausführung[0x00000000, Der Vorgang wurde erfolgreich beendet.
].
Vorgang:
Asynchroner Vorgang wird ausgeführt
Kontext:
Aktueller Status: DoSnapshotSet
Error: (01/24/2014 10:03:25 PM) (Source: VSS) (User: )
Description: Volumeschattenkopie-Dienstfehler: Die Schattenkopie kann nicht zugesichert werden - Vorgang hat das Zeitlimit überschritten.
Fehlerkontext: DeviceIoControl(\\?\Volume{3fb8e317-cc0d-11e1-a1fd-806e6f6e6963} - 00000000000000D8,0x0053c010,0000000000375400,0,0000000000376410,4096,[0]).
Vorgang:
Schattenkopien werden übertragen
Kontext:
Ausführungskontext: System Provider
Error: (01/23/2014 06:51:03 PM) (Source: Microsoft Office 14) (User: )
Description: Microsoft Word: Rejected Safe Mode action : Schwerwiegender Fehler in Word beim autodesk vault addin for office 2010-Add-In. Falls diese Fehlermeldung mehrmals angezeigt wurde, sollten Sie dieses Add-In deaktivieren und überprüfen, ob ein Update verfügbar ist. Möchten Sie dieses Add-In deaktivieren?.
Rejected Safe Mode action : Microsoft Word.
Error: (01/23/2014 06:51:02 PM) (Source: Microsoft Office 14) (User: )
Description: Microsoft Word: Accepted Safe Mode action : Schwerwiegender Fehler in Word beim autodesk vault addin for office 2010-Add-In. Falls diese Fehlermeldung mehrmals angezeigt wurde, sollten Sie dieses Add-In deaktivieren und überprüfen, ob ein Update verfügbar ist. Möchten Sie dieses Add-In deaktivieren?.
Accepted Safe Mode action : Microsoft Word.
Error: (01/23/2014 06:26:38 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: WINWORD.EXE, Version: 14.0.7113.5001, Zeitstempel: 0x52866c04
Name des fehlerhaften Moduls: VaultClient.dll, Version: 18.0.86.0, Zeitstempel: 0x512e5a35
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00001625
ID des fehlerhaften Prozesses: 0x16ac
Startzeit der fehlerhaften Anwendung: 0xWINWORD.EXE0
Pfad der fehlerhaften Anwendung: WINWORD.EXE1
Pfad des fehlerhaften Moduls: WINWORD.EXE2
Berichtskennung: WINWORD.EXE3
Error: (01/21/2014 09:31:30 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1852871
Error: (01/21/2014 09:31:30 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1852871
Error: (01/21/2014 09:31:30 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (01/18/2014 05:52:15 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7601.17567, Zeitstempel: 0x4d672ee4
Name des fehlerhaften Moduls: AdSyncNamespace.dll, Version: 4.0.27.1, Zeitstempel: 0x5110cc26
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000001d7a6
ID des fehlerhaften Prozesses: 0x6a8
Startzeit der fehlerhaften Anwendung: 0xExplorer.EXE0
Pfad der fehlerhaften Anwendung: Explorer.EXE1
Pfad des fehlerhaften Moduls: Explorer.EXE2
Berichtskennung: Explorer.EXE3
System errors:
=============
Error: (01/25/2014 11:24:30 AM) (Source: WMPNetworkSvc) (User: )
Description: WMPNetworkSvc0x80070420
Error: (01/25/2014 11:23:47 AM) (Source: DCOM) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}
Error: (01/25/2014 11:23:21 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (01/25/2014 11:23:21 AM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Windows Search erreicht.
Error: (01/25/2014 11:23:21 AM) (Source: DCOM) (User: )
Description: 1053WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
Error: (01/25/2014 11:22:43 AM) (Source: DCOM) (User: )
Description: 1053TOSHIBA HDD SSD Alert Service{A1CC28EB-258A-4B67-BBC2-4DD5D8AF4C8F}
Error: (01/25/2014 11:22:43 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "TOSHIBA HDD SSD Alert Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (01/25/2014 11:22:43 AM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst TOSHIBA HDD SSD Alert Service erreicht.
Error: (01/25/2014 11:21:17 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Avira Browser-Schutz" wurde mit folgendem dienstspezifischem Fehler beendet: %%4.
Error: (01/25/2014 11:16:28 AM) (Source: Application Popup) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\windows\SysWow64\drivers\SSHDRV76.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.
Microsoft Office Sessions:
=========================
Error: (01/24/2014 10:31:38 PM) (Source: Application Error)(User: )
Description: firefox.exe26.0.0.508752a0d273xul.dll26.0.0.508752a0d20ac00000050014e1a81bb801cf1948fca8402bC:\Program Files (x86)\Mozilla Firefox\firefox.exeC:\Program Files (x86)\Mozilla Firefox\xul.dlle7ac2d10-853e-11e3-90b9-88ae1d3f23ab
Error: (01/24/2014 10:03:25 PM) (Source: VSS)(User: )
Description: C:\00x00000000, Der Vorgang wurde erfolgreich beendet.
0x00000000, Der Vorgang wurde erfolgreich beendet.
0x80042314, Der Schattenkopieanbieter hat beim Warten auf den Schreibvorgang auf das Volume, von dem eine Schattenkopie erstellt wird, das Zeitlimit überschritten. Ursache hierfür könnte eine durch eine Anwendung oder einen Systemdienst verursachte hohe Aktivität auf dem Volume sein. Wiederholen Sie den Vorgang später, wenn das Volume nicht so stark ausgelastet ist.
0x00000000, Der Vorgang wurde erfolgreich beendet.
Vorgang:
Asynchroner Vorgang wird ausgeführt
Kontext:
Aktueller Status: DoSnapshotSet
Error: (01/24/2014 10:03:25 PM) (Source: VSS)(User: )
Description: DeviceIoControl(\\?\Volume{3fb8e317-cc0d-11e1-a1fd-806e6f6e6963} - 00000000000000D8,0x0053c010,0000000000375400,0,0000000000376410,4096,[0])
Vorgang:
Schattenkopien werden übertragen
Kontext:
Ausführungskontext: System Provider
Error: (01/23/2014 06:51:03 PM) (Source: Microsoft Office 14)(User: )
Description: Microsoft WordSchwerwiegender Fehler in Word beim autodesk vault addin for office 2010-Add-In. Falls diese Fehlermeldung mehrmals angezeigt wurde, sollten Sie dieses Add-In deaktivieren und überprüfen, ob ein Update verfügbar ist. Möchten Sie dieses Add-In deaktivieren?
Error: (01/23/2014 06:51:02 PM) (Source: Microsoft Office 14)(User: )
Description: Microsoft WordSchwerwiegender Fehler in Word beim autodesk vault addin for office 2010-Add-In. Falls diese Fehlermeldung mehrmals angezeigt wurde, sollten Sie dieses Add-In deaktivieren und überprüfen, ob ein Update verfügbar ist. Möchten Sie dieses Add-In deaktivieren?
Error: (01/23/2014 06:26:38 PM) (Source: Application Error)(User: )
Description: WINWORD.EXE14.0.7113.500152866c04VaultClient.dll18.0.86.0512e5a35c00000050000162516ac01cf185ff80cfdadC:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXEC:\Program Files (x86)\Autodesk\Data Management Applications\Office Addin 2014\VaultClient.dll839bdca6-8453-11e3-acf5-b482fefa170f
Error: (01/21/2014 09:31:30 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1852871
Error: (01/21/2014 09:31:30 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1852871
Error: (01/21/2014 09:31:30 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (01/18/2014 05:52:15 PM) (Source: Application Error)(User: )
Description: Explorer.EXE6.1.7601.175674d672ee4AdSyncNamespace.dll4.0.27.15110cc26c0000005000000000001d7a66a801cf141f9b1f728dC:\windows\Explorer.EXEC:\Program Files\Autodesk\Autodesk Sync\AdSyncNamespace.dlle198ec5d-8060-11e3-be54-88ae1d3f23ab
CodeIntegrity Errors:
===================================
Date: 2013-06-14 12:01:51.031
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-06-14 12:01:50.891
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-01-09 16:42:49.613
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-01-09 16:42:49.535
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
==================== Memory info ===========================
Percentage of memory in use: 56%
Total physical RAM: 4026.67 MB
Available physical RAM: 1758.51 MB
Total Pagefile: 8051.52 MB
Available Pagefile: 5207.07 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB
==================== Drives ================================
Drive c: (TI30669200A) (Fixed) (Total:584.24 GB) (Free:103.49 GB) NTFS ==>[System with boot components (obtained from reading drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 596 GB) (Disk ID: 9BFA65B0)
Partition 1: (Active) - (Size=1 GB) - (Type=27)
Partition 2: (Not Active) - (Size=584 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=10 GB) - (Type=17)
==================== End Of Log ============================
Wie geht es nun weiter? Kann mir eventuell ein anderer hier behilflich sein? "Schrauber" hat wohl etwas viel um die Ohren oder hat mich vergessen.  Habe mal Anti-Malware installiert und es wurden 127 infizierte Dateien entdeckt. Wäre echt für Hilfe dankbar... Folgend mal der Bericht von Anti-Malware. Code:
ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2014.01.26.06 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 11.0.9600.16476 User :: XXX [Administrator] 26.01.2014 21:41:36 MBAM-log-2014-01-26 (21-51-36).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 220165 Laufzeit: 8 Minute(n), 42 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 14 HKLM\SYSTEM\CurrentControlSet\Services\CltMngSvc (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt. HKCR\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3} (PUP.Optional.Delta.A) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{82E1477C-B154-48D3-9891-33D83C26BCD3} (PUP.Optional.Delta.A) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{82E1477C-B154-48D3-9891-33D83C26BCD3} (PUP.Optional.Delta.A) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{C1AF5FA5-852C-4C90-812E-A7F75E011D87} (PUP.Optional.Delta.A) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C1AF5FA5-852C-4C90-812E-A7F75E011D87} (PUP.Optional.Delta.A) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FilesFrog Update Checker (PUP.Optional.Somoto.A) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\DataMngr_Toolbar (PUP.Optional.DataMngr.A) -> Keine Aktion durchgeführt. HKCU\Software\DataMngr (PUP.Optional.DataMngr.A) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\BI (PUP.Optional.FilesFrog.A) -> Keine Aktion durchgeführt. HKCU\Software\BabSolution\Updater (PUP.Optional.Babylon.A) -> Keine Aktion durchgeführt. HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings (PUP.Optional.BProtector.A) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\SOMOTO\SDP (PUP.Optional.Somoto.A) -> Keine Aktion durchgeführt. Infizierte Registrierungswerte: 4 HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|bProtector Start Page (PUP.BProtector) -> Daten: hxxp://search.babylon.com/?affID=121562&babsrc=HP_ss_din2g&mntrId=389C88AE1D3F23AB -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes|bProtectorDefaultScope (PUP.BProtector) -> Daten: {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} -> Keine Aktion durchgeführt. HKCU\Software\BI|ui_path_filesfrog (PUP.Optional.FilesFrog.A) -> Daten: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FilesFrog Update Checker -> Keine Aktion durchgeführt. HKCU\Software\Somoto\SDP|affid (PUP.Optional.Somoto.A) -> Daten: dvdstyler -> Keine Aktion durchgeführt. Infizierte Dateiobjekte der Registrierung: 2 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs (PUP.Optional.Conduit.A) -> Bösartig: (C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll) Gut: () -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (PUP.Optional.Conduit.A) -> Bösartig: (hxxp://search.conduit.com/?ctid=CT3319434&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SP683BA533-8BC0-4305-81A0-029197A83C18&SSPV=) Gut: (hxxp://www.google.com) -> Keine Aktion durchgeführt. Infizierte Verzeichnisse: 25 C:\Program Files (x86)\SearchProtect (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\SearchProtect\Main (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\SearchProtect\Main\bin (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\SearchProtect\Main\Logs (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\SearchProtect\Main\rep (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\SearchProtect\SearchProtect (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\SearchProtect\SearchProtect\bin (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\SearchProtect\SearchProtect\rep (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\SearchProtect\UI (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\SearchProtect\UI\bin (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\SearchProtect\UI\dialogs (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\SearchProtect\UI\dialogs\bubble (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\SearchProtect\UI\dialogs\Images (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\SearchProtect\UI\dialogs\libs (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\SearchProtect\UI\dialogs\protection (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\SearchProtect\UI\dialogs\settings (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\SearchProtect\UI\rep (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt. C:\Users\User\AppData\Roaming\OpenCandy (PUP.Optional.OpenCandy) -> Keine Aktion durchgeführt. C:\Users\User\AppData\Roaming\OpenCandy\463A887D826D4AD488B7FDD22AE01483 (PUP.Optional.OpenCandy) -> Keine Aktion durchgeführt. C:\Users\User\AppData\Roaming\OpenCandy\ACA47C9457E04C3DAC4B766B25851D6A (PUP.Optional.OpenCandy) -> Keine Aktion durchgeführt. C:\Users\User\AppData\Roaming\OpenCandy\F540EFC0853148B89D8FC25E756F2747 (PUP.Optional.OpenCandy) -> Keine Aktion durchgeführt. C:\Users\User\AppData\Roaming\File Scout (PUP.Optional.FileScout.A) -> Keine Aktion durchgeführt. C:\Users\User\AppData\Local\FilesFrog Update Checker (PUP.Optional.FilesFrog.A) -> Keine Aktion durchgeführt. C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FilesFrog Update Checker (PUP.Optional.FilesFrog.A) -> Keine Aktion durchgeführt. Infizierte Dateien: 82 C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32.dll (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dll (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt. C:\Users\User\AppData\Roaming\File Scout\filescout.exe (PUP.Optional.FileScout.A) -> Keine Aktion durchgeführt. C:\Users\User\AppData\Roaming\OpenCandy\ACA47C9457E04C3DAC4B766B25851D6A\DeltaTB.exe (PUP.Optional.Delta.A) -> Keine Aktion durchgeführt. C:\Users\User\AppData\Roaming\OpenCandy\F540EFC0853148B89D8FC25E756F2747\SSStub_SearchProtect_p1v0.exe (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt. C:\Users\User\AppData\Local\Temp\is-MM60P.tmp\OCSetupHlp.dll (PUP.Optional.OpenCandy) -> Keine Aktion durchgeführt. C:\Users\User\AppData\Local\Temp\nsyDAE6.tmp\SPtool.dll (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt. C:\Users\User\AppData\Local\FilesFrog Update Checker\uninstall.exe (PUP.Optional.Somoto.A) -> Keine Aktion durchgeführt. C:\Users\User\AppData\Local\FilesFrog Update Checker\update_checker.exe (PUP.Optional.FilesFrog.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\SearchProtect\EULA.txt (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\SearchProtect\Main\bin\SPTool.dll (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\SearchProtect\Main\bin\uninstall.exe (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\SearchProtect\Main\rep\SystemRepository.dat (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPTool64.exe (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64.dll (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\SearchProtect\UI\dialogs\settings.html (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\SearchProtect\UI\dialogs\style.css (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\SearchProtect\UI\dialogs\bubble\bubble.css (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\SearchProtect\UI\dialogs\bubble\bubble.html (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\SearchProtect\UI\dialogs\bubble\bubble.js (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\SearchProtect\UI\dialogs\bubble\defaults.js (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\Apply-default.png (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\Apply-onclick.png (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\Apply-Rollover.png (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bg-with-logo.png (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bg.png (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bgNotif.png (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bgSettings.png (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bgUninstall.png (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\btnBlue.png (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\btnClose.png (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\btnSilver.png (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\checkbox.png (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\checkbox_checked.png (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\checkbox_def.png (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\close-win-def.png (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\close-win-over-click.png (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\gray-bg.png (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\hez-def.png (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\hez-selected.png (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\hez.png (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\icon-win.png (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\info-icon.png (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\menu-rollover.png (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\menu-selected.png (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\radio-button-def.png (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\radio-button-selected.png (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\radio-button.png (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\radio-button2.png (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\Settings-icon.png (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\text-field.png (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\v.png (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\x.png (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\defaults.js (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\dialogUtils.js (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\jquery.1.7.1.min.js (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\json2.min.js (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\main.js (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\SPDialogAPI.js (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\SearchProtect\UI\dialogs\protection\defaults.js (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\SearchProtect\UI\dialogs\protection\protection.css (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\SearchProtect\UI\dialogs\protection\protection.html (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\SearchProtect\UI\dialogs\protection\protection.js (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\SearchProtect\UI\dialogs\settings\defaults.js (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\SearchProtect\UI\dialogs\settings\settings.css (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\SearchProtect\UI\dialogs\settings\settings.html (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\SearchProtect\UI\dialogs\settings\settings.js (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall\defaults.js (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall\uninstall.css (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall\uninstall.html (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall\uninstall.js (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt. C:\Users\User\AppData\Roaming\OpenCandy\463A887D826D4AD488B7FDD22AE01483\Trial-14.0.1000.89_de-DE_1004733_DE-2.exe (PUP.Optional.OpenCandy) -> Keine Aktion durchgeführt. C:\Users\User\AppData\Roaming\OpenCandy\ACA47C9457E04C3DAC4B766B25851D6A\5404.ico (PUP.Optional.OpenCandy) -> Keine Aktion durchgeführt. C:\Users\User\AppData\Roaming\OpenCandy\ACA47C9457E04C3DAC4B766B25851D6A\EBB77268-338F-4C6A-8590-AD88FED26F4A (PUP.Optional.OpenCandy) -> Keine Aktion durchgeführt. C:\Users\User\AppData\Roaming\OpenCandy\ACA47C9457E04C3DAC4B766B25851D6A\OCBrowserHelper_1.0.6.125.exe (PUP.Optional.OpenCandy) -> Keine Aktion durchgeführt. C:\Users\User\AppData\Roaming\File Scout\uninst.exe (PUP.Optional.FileScout.A) -> Keine Aktion durchgeführt. C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FilesFrog Update Checker\Check for Updates.lnk (PUP.Optional.FilesFrog.A) -> Keine Aktion durchgeführt. C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FilesFrog Update Checker\Uninstall.lnk (PUP.Optional.FilesFrog.A) -> Keine Aktion durchgeführt. (Ende) Schade, kenne ich hier aus dem Forum nicht.  Geändert von shorti01 (26.01.2014 um 13:45 Uhr) |
|
28.01.2014, 11:27
| #4 | |
| /// the machine /// TB-Ausbilder | Search Protect - Conduit kann nicht deinstalliert werdenZitat:
Das ist hier ehrenamltich und Freizeit. Ich betreue allein hier derzeit ca 300 User, und muss nebenbei noch arbeiten um richtig echtes Geld zu verdienen. Und KEINER meiner User wartet länger als 24h auf Antwort, eher kürzer. Das ist doppelt bis 3mal so schnell wie bei manch andern Foren oder Helfern. Also immer locker durch die Hose atmen. Ich verzichte schon auf so Nebensächlichkeiten wie Essen, Schlafen und mit meinem Kind spielen um hier oft genug Antworten zu können  Funde von MBAM löschen lassen, dann: Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
28.01.2014, 21:49
| #5 | |
| | Search Protect - Conduit kann nicht deinstalliert werdenZitat:
Na was soll´s...  Ich werde mich morgen dran setzen und poste dann meinen Angriff auf den infizierten Rechner.  |
|
29.01.2014, 12:29
| #6 |
| /// the machine /// TB-Ausbilder | Search Protect - Conduit kann nicht deinstalliert werden Wenn Du nach nem Tag nachhakst, aber doch nit 2h nachdem Du die Logs gepostet hast  .Ich übersehe nie einen User oder Thread der von mir in Arbeit is, den Zusatz "the machine" hab ich nit aus Spass unter meinem Nick stehen  
__________________ --> Search Protect - Conduit kann nicht deinstalliert werden |
|
29.01.2014, 19:20
| #7 |
| | Search Protect - Conduit kann nicht deinstalliert werden So habe alles von dem MBAM löschen lassen und den ADW Cleaner ausgeführt, hier schon mal der Log Code:
ATTFilter # AdwCleaner v3.018 - Bericht erstellt am 29/01/2014 um 18:43:57
# Updated 28/01/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : User - XXX
# Gestartet von : C:\Users\User\Desktop\adwcleaner.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\Program Files (x86)\Ask.com
Ordner Gelöscht : C:\windows\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}
Ordner Gelöscht : C:\windows\SysWOW64\Searchprotect
Ordner Gelöscht : C:\Users\User\AppData\Local\AskToolbar
Ordner Gelöscht : C:\Users\User\AppData\Local\Searchprotect
Ordner Gelöscht : C:\Users\User\AppData\LocalLow\AskToolbar
Ordner Gelöscht : C:\Users\User\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitGuard
Datei Gelöscht : C:\END
Datei Gelöscht : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\uhwqlx47.default\bprotector_extensions.sqlite
Datei Gelöscht : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\uhwqlx47.default\bprotector_prefs.js
Datei Gelöscht : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\uhwqlx47.default\invalidprefs.js
Datei Gelöscht : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\uhwqlx47.default\searchplugins\BrowserDefender.xml
Datei Gelöscht : C:\windows\System32\Tasks\BrowserDefendert
Datei Gelöscht : C:\windows\System32\Tasks\EPUpdater
Datei Gelöscht : C:\windows\System32\Tasks\Scheduled Update for Ask Toolbar
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]
Schlüssel Gelöscht : HKCU\Software\58ed78ab23de543
Schlüssel Gelöscht : HKLM\SOFTWARE\58ed78ab23de543
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F994E0D9-8335-48F1-99C2-A712C21F8D5F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Schlüssel Gelöscht : HKCU\Software\Ask.com
Schlüssel Gelöscht : HKCU\Software\AskToolbar
Schlüssel Gelöscht : HKCU\Software\BabSolution
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\filescout
Schlüssel Gelöscht : HKCU\Software\Somoto
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\AskToolbar
Schlüssel Gelöscht : HKLM\Software\AskToolbar
Schlüssel Gelöscht : HKLM\Software\Babylon
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\Software\DataMngr
Schlüssel Gelöscht : HKLM\Software\SearchProtect
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\bi_uninstaller
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.16428
-\\ Mozilla Firefox v26.0 (de)
[ Datei : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\uhwqlx47.default\prefs.js ]
Zeile gelöscht : user_pref("browser.newtab.url", "hxxp://search.conduit.com/?ctid=CT3319434&octid=EB_ORIGINAL_CTID&SearchSource=69&CUI=&SSPV=&Lay=1&UM=2&UP=SP683BA533-8BC0-4305-81A0-029197A83C18");
Zeile gelöscht : user_pref("extensions.asktb.InstallDir", "C:\\Program Files (x86)\\Ask.com\\");
Zeile gelöscht : user_pref("extensions.asktb.apn_dbr", "ff_13.0.1");
Zeile gelöscht : user_pref("extensions.asktb.cbid", "^ABT");
Zeile gelöscht : user_pref("extensions.asktb.clear-searches-on-exit", true);
Zeile gelöscht : user_pref("extensions.asktb.config-updated", false);
Zeile gelöscht : user_pref("extensions.asktb.crumb", "2012.07.19+08.05.36-toolbar019iad-DE-RG9ydG11bmQsR2VybWFueQ%3D%3D");
Zeile gelöscht : user_pref("extensions.asktb.default-channel-url-mask", "hxxp://avira-int.ask.com/web?q={query}&qsrc={qsrc}&o={o}&l={l}&gct=bar&locale={locale}");
Zeile gelöscht : user_pref("extensions.asktb.domain", "avira-int.ask.com");
Zeile gelöscht : user_pref("extensions.asktb.domainName", "avira-int.ask.com");
Zeile gelöscht : user_pref("extensions.asktb.dtid", "^YYYYYY^YY^DE");
Zeile gelöscht : user_pref("extensions.asktb.ff-original-keyword-url", "");
Zeile gelöscht : user_pref("extensions.asktb.fresh-install", false);
Zeile gelöscht : user_pref("extensions.asktb.guid", "b0747396-7f02-44e4-8732-d8fadced706f");
Zeile gelöscht : user_pref("extensions.asktb.hxxp-header-whitelist-hosts", "[\"static-dev.en.dev.ask.com\", \"ask.com\", \"www.facebook.com\", \"www.playsushi.com\", \"WWW.google.com\", \"hxxps://websearch.ask.com\", [...]
Zeile gelöscht : user_pref("extensions.asktb.if", "first");
Zeile gelöscht : user_pref("extensions.asktb.l", "dis");
Zeile gelöscht : user_pref("extensions.asktb.last-config-req", "1346248086173");
Zeile gelöscht : user_pref("extensions.asktb.last-search-timestamp", "1344091915280");
Zeile gelöscht : user_pref("extensions.asktb.locale", "de_DE");
Zeile gelöscht : user_pref("extensions.asktb.localePref", true);
Zeile gelöscht : user_pref("extensions.asktb.location", "Dortmund,Germany");
Zeile gelöscht : user_pref("extensions.asktb.notification-shown", true);
Zeile gelöscht : user_pref("extensions.asktb.o", "APN10395");
Zeile gelöscht : user_pref("extensions.asktb.overlay-reloaded-using-restart", true);
Zeile gelöscht : user_pref("extensions.asktb.qsrc", "2871");
Zeile gelöscht : user_pref("extensions.asktb.r", "2");
Zeile gelöscht : user_pref("extensions.asktb.sa", "YES");
Zeile gelöscht : user_pref("extensions.asktb.saguid", "B01BD60F-0D00-4A0A-AC5A-40F1C73139E0");
Zeile gelöscht : user_pref("extensions.asktb.search-suggestions-enabled", true);
Zeile gelöscht : user_pref("extensions.asktb.silent-upgrade-from-pre-newtabs-build", false);
Zeile gelöscht : user_pref("extensions.asktb.socialmini-native-on", true);
Zeile gelöscht : user_pref("extensions.asktb.themeid", "");
Zeile gelöscht : user_pref("extensions.asktb.timeinstalled", "19.07.2012 17:06:47");
Zeile gelöscht : user_pref("extensions.asktb.to", "");
Zeile gelöscht : user_pref("extensions.asktb.v", "3.15.4.100015");
Zeile gelöscht : user_pref("extensions.asktb.version", "5.15.4.23930");
*************************
AdwCleaner[R0].txt - [9784 octets] - [29/01/2014 18:39:27]
AdwCleaner[S0].txt - [9151 octets] - [29/01/2014 18:43:57]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [9211 octets] ##########
Hier nun der Log vom Junkware Remove Tool Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.0 (01.07.2014:1)
OS: Windows 7 Home Premium x64
Ran by User on 29.01.2014 at 18:54:06,53
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-554711917-2863548098-4266043090-1000\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{BC33DCF5-09F6-4060-88D2-035042D6192E}
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\Users\User\appdata\local\webplayer"
~~~ FireFox
Emptied folder: C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\uhwqlx47.default\minidumps [48 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 29.01.2014 at 19:02:55,65
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 29-01-2014 01
Ran by User (administrator) on XXX on 29-01-2014 19:05:45
Running from C:\Users\User\Downloads\Trojaner Board
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Sanford, L.P.) C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
( ) C:\Program Files\Autodesk\Inventor 2013\Moldflow\bin\mitsijm.exe
(Autodesk, Inc.) C:\Program Files\Autodesk\Inventor 2014\Moldflow\bin\mitsijm.exe
(Nero AG) C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\SmoothView\SmoothView.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TECO\Teco.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\ReelTime\TosReelTimeMonitor.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe
(Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe
(Toshiba Europe GmbH) C:\Program Files\Toshiba\Registration\ToshibaReminder.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
() C:\Program Files\Toshiba\FlashCards\Hotkey\TCrdKBB.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
(Microsoft Corporation) C:\Users\User\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Akamai Technologies, Inc.) C:\Users\User\AppData\Local\Akamai\netsession_win.exe
(Autodesk, Inc.) C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtMng.exe
(Dropbox, Inc.) C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Akamai Technologies, Inc.) C:\Users\User\AppData\Local\Akamai\netsession_win.exe
(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(TOSHIBA Corporation) C:\Program Files\Toshiba\TECO\TecoService.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(AVM Berlin) C:\Users\User\AppData\Local\Apps\2.0\CYN3ZPHY.T37\4J0RP2L5.DLH\frit..tion_8488884cfbcefd60_0002.0003_f406d43803d5433d\fritzbox-usb-fernanschluss.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSENotify.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TPHM\TPCHWMsg.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TRCMan\TRCMan.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosA2dp.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtHid.exe
() C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ReModem.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtHSP.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
(InterVideo) C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(Thisisu) C:\Users\User\Desktop\JRT.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [TPwrMain] - C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [505696 2009-11-05] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] - C:\Program Files\TOSHIBA\TBS\HSON.exe [52600 2009-03-09] (TOSHIBA Corporation)
HKLM\...\Run: [SmoothView] - C:\Program Files\Toshiba\SmoothView\SmoothView.exe [570680 2009-08-13] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] - C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [913720 2010-03-25] (TOSHIBA Corporation)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10134560 2010-03-22] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [896032 2010-03-22] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2052392 2010-03-10] (Synaptics Incorporated)
HKLM\...\Run: [ThpSrv] - C:\windows\system32\thpsrv /logon
HKLM\...\Run: [Teco] - C:\Program Files\TOSHIBA\TECO\Teco.exe [1519016 2010-07-28] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [709976 2010-02-05] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] - C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [711576 2010-07-22] (TOSHIBA Corporation)
HKLM\...\Run: [SmartFaceVWatcher] - C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe [238080 2009-10-19] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] - C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [38304 2010-07-09] (TOSHIBA Corporation)
HKLM\...\Run: [TosNC] - C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [595816 2010-04-23] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] - C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [Toshiba TEMPRO] - C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe [1050072 2010-05-11] (Toshiba Europe GmbH)
HKLM\...\Run: [Toshiba Registration] - C:\Program Files\Toshiba\Registration\ToshibaReminder.exe [136136 2010-04-19] (Toshiba Europe GmbH)
HKLM-x32\...\Run: [NBAgent] - C:\Program Files (x86)\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe [1086760 2010-03-09] (Nero AG)
HKLM-x32\...\Run: [SVPWUTIL] - C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe [352256 2010-02-22] (TOSHIBA)
HKLM-x32\...\Run: [HWSetup] - C:\Program Files\TOSHIBA\Utilities\HWSetup.exe [423936 2010-03-04] (TOSHIBA Electronics, Inc.)
HKLM-x32\...\Run: [KeNotify] - C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe [34160 2009-12-25] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [ITSecMng] - C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe [83336 2009-07-22] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [ToshibaServiceStation] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1294136 2009-10-06] (TOSHIBA Corporation)
HKLM-x32\...\Run: [TRCMan] - C:\Program Files (x86)\TOSHIBA\TRCMan\TRCMan.exe [714104 2010-06-02] (TOSHIBA Corporation)
HKLM-x32\...\Run: [TWebCamera] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe [2454840 2010-05-01] (TOSHIBA CORPORATION.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [IndexSearch] - C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe [46368 2010-03-08] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PaperPort PTD] - C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe [29984 2010-03-08] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PPort12reminder] - C:\Program Files (x86)\Nuance\PaperPort\Ereg\Ereg.exe [328992 2010-02-09] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDFHook] - C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe [636192 2010-03-05] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDF5 Registry Controller] - C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe [62752 2010-03-05] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [ControlCenter4] - C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [139264 2010-10-28] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] - C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [2621440 2010-06-10] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [684600 2014-01-14] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [DLSService] - "C:\Program Files (x86)\DYMO\DYMO Label Software\DLSService.exe"
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-10-01] (Apple Inc.)
HKCU\...\Run: [AVMUSBFernanschluss] - C:\Users\User\AppData\Local\Apps\2.0\CYN3ZPHY.T37\4J0RP2L5.DLH\frit..tion_8488884cfbcefd60_0002.0003_f406d43803d5433d\AVMAutoStart.exe [139264 2013-01-10] (AVM Berlin)
HKCU\...\Run: [ISUSPM] - C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation)
HKCU\...\Run: [SkyDrive] - C:\Users\User\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [257136 2013-08-18] (Microsoft Corporation)
HKCU\...\Run: [iCloudServices] - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-09-14] (Apple Inc.)
HKCU\...\Run: [ApplePhotoStreams] - C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-09-15] (Apple Inc.)
HKCU\...\Run: [Akamai NetSession Interface] - C:\Users\User\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.)
HKCU\...\Run: [Autodesk Sync] - C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [1081224 2013-02-05] (Autodesk, Inc.)
HKU\Default\...\Run: [TOSHIBA Online Product Information] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [4581280 2010-03-03] (TOSHIBA)
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => File Not Found
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
URLSearchHook: HKCU - UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll No File
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {02D554C9-5BAC-4088-B940-D8CF85D0F79B} URL =
SearchScopes: HKCU - {1695F057-E9E5-4E67-BBE9-5011183B6D99} URL = hxxp://www.amazon.de/gp/search?ie=UTF8&keywords={searchTerms}&tag=tochibade-win7-ie-search-21&index=blended&linkCode=ur2
SearchScopes: HKCU - {BA55DABC-4256-4A3B-A8B1-030ECDB2AE7E} URL =
SearchScopes: HKCU - {BF9D5AAF-D3A8-4171-944F-6199F1997E09} URL = hxxp://rover.ebay.com/rover/1/707-44556-9400-9/4?satitle={searchTerms}
BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL No File
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll No File
BHO-x32: PlusIEEventHelper Class - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll (Zeon Corporation)
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\uhwqlx47.default
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_12_0_0_43.dll ()
FF Plugin: @java.com/DTPlugin,version=10.7.2 - C:\windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.7.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.5 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.8 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_43.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @dymo.com/DymoLabelFramework - C:\Program Files (x86)\DYMO\DYMO Label Software\Framework\npDYMOLabelFramework.dll ( Sanford L.P.)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\uhwqlx47.default\searchplugins\conduit-search-1.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Easy YouTube Video Downloader - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\uhwqlx47.default\Extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi [2013-06-15]
==================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376 2014-01-14] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376 2014-01-14] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1011768 2014-01-14] (Avira Operations GmbH & Co. KG)
R2 DymoPnpService; C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe [32368 2012-10-09] (Sanford, L.P.)
R2 mitsijm2013; C:\Program Files\Autodesk\Inventor 2013\Moldflow\bin\mitsijm.exe [339776 2012-01-31] ( )
R2 mitsijm2014; C:\Program Files\Autodesk\Inventor 2014\Moldflow\bin\mitsijm.exe [952608 2013-01-25] (Autodesk, Inc.)
R2 NitroDriverReadSpool2; C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe [204296 2012-04-12] (Nitro PDF Software)
R2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [144672 2010-03-08] (Nuance Communications, Inc.)
S3 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [124368 2010-05-11] (Toshiba Europe GmbH)
==================== Drivers (Whitelisted) ====================
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-19] (Avira Operations GmbH & Co. KG)
R3 avmaudio; C:\Windows\System32\DRIVERS\avmaudio.sys [116480 2013-01-10] (AVM Berlin)
R3 avmaura; C:\Windows\System32\DRIVERS\avmaura.sys [116480 2012-12-21] (AVM Berlin)
S1 SSHDRV76; C:\windows\SysWOW64\drivers\SSHDRV76.sys [53760 2013-05-30] ()
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-01-29 19:02 - 2014-01-29 19:02 - 00001293 _____ C:\Users\User\Desktop\JRT.txt
2014-01-29 18:53 - 2014-01-29 18:53 - 01037068 _____ (Thisisu) C:\Users\User\Desktop\JRT.exe
2014-01-29 18:53 - 2014-01-29 18:53 - 00000000 ____D C:\windows\ERUNT
2014-01-29 18:39 - 2014-01-29 18:44 - 00000000 ____D C:\AdwCleaner
2014-01-29 18:19 - 2014-01-29 18:19 - 01166132 _____ C:\Users\User\Desktop\adwcleaner.exe
2014-01-28 16:11 - 2014-01-29 17:24 - 00000000 ____D C:\Program Files (x86)\McAfee Security Scan
2014-01-26 21:41 - 2014-01-26 21:41 - 00000000 ____D C:\Users\User\AppData\Roaming\Malwarebytes
2014-01-26 21:40 - 2014-01-26 21:40 - 00001120 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-01-26 21:40 - 2014-01-26 21:40 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-26 21:40 - 2014-01-26 21:40 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-26 21:40 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-01-26 19:09 - 2014-01-26 19:09 - 00000000 ____D C:\Users\User\Documents\Any Video Converter
2014-01-26 19:08 - 2014-01-26 19:08 - 00000000 ____D C:\Users\User\AppData\Roaming\AnvSoft
2014-01-26 19:08 - 2014-01-26 19:08 - 00000000 ____D C:\Program Files (x86)\AnvSoft
2014-01-26 19:06 - 2014-01-26 19:07 - 37146216 _____ (Any-Video-Converter.com ) C:\Users\User\Downloads\avc-free.exe
2014-01-26 13:23 - 2014-01-29 19:05 - 00000000 ____D C:\FRST
2014-01-26 13:22 - 2014-01-29 19:05 - 00000000 ____D C:\Users\User\Downloads\Trojaner Board
2014-01-24 22:19 - 2014-01-24 22:22 - 00000000 ____D C:\Users\User\Downloads\VWL
2014-01-24 21:30 - 2013-12-18 21:09 - 00096168 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2014-01-24 21:30 - 2013-12-18 21:04 - 00264616 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe
2014-01-24 21:30 - 2013-12-18 21:04 - 00175016 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe
2014-01-24 21:30 - 2013-12-18 21:03 - 00174504 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe
2014-01-24 21:29 - 2014-01-24 21:30 - 00005327 _____ C:\windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-01-21 21:54 - 2014-01-21 21:54 - 00000000 ___SD C:\Users\User\Documents\Meine Datenquellen
2014-01-19 17:17 - 2014-01-19 17:18 - 00000000 ____D C:\ProgramData\TuneUp Software
2014-01-19 17:17 - 2014-01-19 17:17 - 00000000 __SHD C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2014-01-19 17:17 - 2014-01-19 17:17 - 00000000 ____D C:\Users\User\AppData\Roaming\TuneUp Software
2014-01-19 10:18 - 2014-01-19 10:18 - 00000000 ____D C:\Users\User\Downloads\FOM
2014-01-15 16:15 - 2013-11-27 02:41 - 00343040 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbhub.sys
2014-01-15 16:15 - 2013-11-27 02:41 - 00325120 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbport.sys
2014-01-15 16:15 - 2013-11-27 02:41 - 00099840 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbccgp.sys
2014-01-15 16:15 - 2013-11-27 02:41 - 00053248 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbehci.sys
2014-01-15 16:15 - 2013-11-27 02:41 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbuhci.sys
2014-01-15 16:15 - 2013-11-27 02:41 - 00025600 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbohci.sys
2014-01-15 16:15 - 2013-11-27 02:41 - 00007808 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbd.sys
2014-01-15 16:15 - 2013-11-26 12:40 - 00376768 _____ (Microsoft Corporation) C:\windows\system32\Drivers\netio.sys
2014-01-15 16:15 - 2013-11-26 11:32 - 03156480 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-01-07 23:35 - 2014-01-07 23:35 - 00002050 _____ C:\Users\Public\Desktop\Autodesk ReCap.lnk
2014-01-07 23:35 - 2014-01-07 23:35 - 00000000 ____D C:\ProgramData\FARO
2014-01-07 23:30 - 2014-01-07 23:30 - 00001236 _____ C:\Users\Public\Desktop\Autodesk Vault Basic 2014.lnk
2014-01-07 22:49 - 2014-01-07 22:49 - 00002238 _____ C:\Users\Public\Desktop\Autodesk Inventor Professional 2014.lnk
2014-01-07 22:08 - 2014-01-07 22:08 - 00002014 _____ C:\Users\Public\Desktop\Autodesk 360.lnk
2014-01-07 22:02 - 2014-01-07 22:02 - 00002146 _____ C:\Users\Public\Desktop\DWG TrueView 2014.lnk
2014-01-07 22:00 - 2014-01-07 22:00 - 00000000 ____D C:\Program Files (x86)\DWG TrueView 2014
2014-01-07 21:25 - 2014-01-07 21:26 - 00000000 ____D C:\Users\User\AppData\Local\Akamai
2014-01-07 21:11 - 2014-01-08 19:20 - 00000000 ____D C:\Users\User\Downloads\Autodesk Inventor 2014
==================== One Month Modified Files and Folders =======
2014-01-29 19:05 - 2014-01-26 13:23 - 00000000 ____D C:\FRST
2014-01-29 19:05 - 2014-01-26 13:22 - 00000000 ____D C:\Users\User\Downloads\Trojaner Board
2014-01-29 19:02 - 2014-01-29 19:02 - 00001293 _____ C:\Users\User\Desktop\JRT.txt
2014-01-29 18:56 - 2009-07-14 05:45 - 00016080 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-29 18:56 - 2009-07-14 05:45 - 00016080 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-29 18:53 - 2014-01-29 18:53 - 01037068 _____ (Thisisu) C:\Users\User\Desktop\JRT.exe
2014-01-29 18:53 - 2014-01-29 18:53 - 00000000 ____D C:\windows\ERUNT
2014-01-29 18:49 - 2012-08-27 21:00 - 00000000 ___RD C:\Users\User\Dropbox
2014-01-29 18:49 - 2012-08-27 20:57 - 00000000 ____D C:\Users\User\AppData\Roaming\Dropbox
2014-01-29 18:48 - 2013-06-28 18:14 - 00000000 ___RD C:\Users\User\SkyDrive
2014-01-29 18:45 - 2012-07-12 11:38 - 02003122 _____ C:\windows\WindowsUpdate.log
2014-01-29 18:45 - 2009-07-14 05:51 - 00081100 _____ C:\windows\setupact.log
2014-01-29 18:44 - 2014-01-29 18:39 - 00000000 ____D C:\AdwCleaner
2014-01-29 18:33 - 2012-07-12 11:35 - 00520066 _____ C:\windows\PFRO.log
2014-01-29 18:19 - 2014-01-29 18:19 - 01166132 _____ C:\Users\User\Desktop\adwcleaner.exe
2014-01-29 17:24 - 2014-01-28 16:11 - 00000000 ____D C:\Program Files (x86)\McAfee Security Scan
2014-01-28 16:11 - 2012-07-13 17:53 - 00692616 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-01-28 16:11 - 2012-07-13 17:53 - 00071048 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-01-28 16:11 - 2012-07-13 17:48 - 00000000 ____D C:\Users\User\AppData\Local\Adobe
2014-01-28 16:11 - 2010-09-20 20:11 - 00000000 ____D C:\ProgramData\McAfee
2014-01-27 22:19 - 2012-07-13 16:15 - 00000000 ____D C:\Users\User\Documents\Outlook-Dateien
2014-01-27 22:05 - 2012-07-13 18:25 - 00000000 ____D C:\Users\User\AppData\Local\Deployment
2014-01-27 18:48 - 2009-07-14 18:58 - 00699666 _____ C:\windows\system32\perfh007.dat
2014-01-27 18:48 - 2009-07-14 18:58 - 00149774 _____ C:\windows\system32\perfc007.dat
2014-01-27 18:48 - 2009-07-14 06:13 - 01620612 _____ C:\windows\system32\PerfStringBackup.INI
2014-01-26 21:41 - 2014-01-26 21:41 - 00000000 ____D C:\Users\User\AppData\Roaming\Malwarebytes
2014-01-26 21:40 - 2014-01-26 21:40 - 00001120 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-01-26 21:40 - 2014-01-26 21:40 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-26 21:40 - 2014-01-26 21:40 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-26 19:09 - 2014-01-26 19:09 - 00000000 ____D C:\Users\User\Documents\Any Video Converter
2014-01-26 19:08 - 2014-01-26 19:08 - 00000000 ____D C:\Users\User\AppData\Roaming\AnvSoft
2014-01-26 19:08 - 2014-01-26 19:08 - 00000000 ____D C:\Program Files (x86)\AnvSoft
2014-01-26 19:07 - 2014-01-26 19:06 - 37146216 _____ (Any-Video-Converter.com ) C:\Users\User\Downloads\avc-free.exe
2014-01-26 17:17 - 2013-01-13 21:03 - 00000000 ____D C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Apache Friends
2014-01-24 22:22 - 2014-01-24 22:19 - 00000000 ____D C:\Users\User\Downloads\VWL
2014-01-24 21:30 - 2014-01-24 21:29 - 00005327 _____ C:\windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-01-24 21:30 - 2013-10-18 19:24 - 00000000 ____D C:\ProgramData\Oracle
2014-01-24 21:30 - 2010-09-20 19:44 - 00000000 ____D C:\Program Files (x86)\Java
2014-01-24 21:24 - 2012-07-12 12:55 - 00000000 ____D C:\Users\User\AppData\Roaming\Toshiba
2014-01-23 18:39 - 2012-07-13 14:45 - 00000000 ____D C:\ProgramData\Microsoft Help
2014-01-23 18:39 - 2009-07-14 03:34 - 00000478 _____ C:\windows\win.ini
2014-01-23 18:38 - 2012-09-12 16:49 - 00000039 _____ C:\windows\vbaddin.ini
2014-01-21 21:54 - 2014-01-21 21:54 - 00000000 ___SD C:\Users\User\Documents\Meine Datenquellen
2014-01-21 19:00 - 2012-07-14 15:24 - 00000000 ____D C:\Users\User\AppData\Roaming\Nitro PDF
2014-01-19 17:48 - 2013-04-16 18:14 - 00000000 ____D C:\Program Files (x86)\UltraMixer
2014-01-19 17:18 - 2014-01-19 17:17 - 00000000 ____D C:\ProgramData\TuneUp Software
2014-01-19 17:17 - 2014-01-19 17:17 - 00000000 __SHD C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2014-01-19 17:17 - 2014-01-19 17:17 - 00000000 ____D C:\Users\User\AppData\Roaming\TuneUp Software
2014-01-19 14:43 - 2012-08-03 14:43 - 00000000 ____D C:\Users\User\AppData\Roaming\Skype
2014-01-19 10:18 - 2014-01-19 10:18 - 00000000 ____D C:\Users\User\Downloads\FOM
2014-01-19 09:40 - 2010-09-20 20:02 - 00000000 ___RD C:\Program Files (x86)\Skype
2014-01-19 09:40 - 2010-09-20 20:02 - 00000000 ____D C:\ProgramData\Skype
2014-01-15 20:55 - 2009-07-14 05:45 - 00559968 _____ C:\windows\system32\FNTCACHE.DAT
2014-01-15 20:49 - 2013-08-18 21:02 - 00000000 ____D C:\windows\system32\MRT
2014-01-15 20:46 - 2012-07-17 13:45 - 86054176 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-01-15 18:19 - 2013-11-13 15:53 - 00000000 ____D C:\Users\User\AppData\Roaming\vlc
2014-01-15 17:58 - 2013-05-15 17:32 - 00000000 ____D C:\Users\User\AppData\Roaming\dvdcss
2014-01-11 12:39 - 2012-07-30 17:29 - 00000000 ____D C:\Users\User\AppData\Roaming\Autodesk
2014-01-08 22:49 - 2012-07-29 09:41 - 01594892 _____ C:\windows\SysWOW64\PerfStringBackup.INI
2014-01-08 22:33 - 2012-07-31 20:55 - 00000000 ____D C:\Users\User\AppData\Local\Autodesk,_Inc
2014-01-08 19:20 - 2014-01-07 21:11 - 00000000 ____D C:\Users\User\Downloads\Autodesk Inventor 2014
2014-01-08 05:18 - 2012-07-12 12:55 - 00179512 _____ C:\Users\User\AppData\Local\GDIPFONTCACHEV1.DAT
2014-01-07 23:35 - 2014-01-07 23:35 - 00002050 _____ C:\Users\Public\Desktop\Autodesk ReCap.lnk
2014-01-07 23:35 - 2014-01-07 23:35 - 00000000 ____D C:\ProgramData\FARO
2014-01-07 23:35 - 2012-07-31 14:39 - 00000000 ____D C:\Program Files\Autodesk
2014-01-07 23:35 - 2012-07-30 17:29 - 00000000 ____D C:\ProgramData\Autodesk
2014-01-07 23:30 - 2014-01-07 23:30 - 00001236 _____ C:\Users\Public\Desktop\Autodesk Vault Basic 2014.lnk
2014-01-07 23:30 - 2012-07-31 14:51 - 00000000 ____D C:\Users\User\Documents\Inventor
2014-01-07 23:30 - 2012-07-31 14:42 - 00000000 ____D C:\Users\Public\Documents\Autodesk
2014-01-07 22:53 - 2012-07-31 14:39 - 00000000 ____D C:\Users\User\AppData\Local\Autodesk
2014-01-07 22:49 - 2014-01-07 22:49 - 00002238 _____ C:\Users\Public\Desktop\Autodesk Inventor Professional 2014.lnk
2014-01-07 22:47 - 2012-10-26 20:12 - 00000000 ____D C:\Program Files\Common Files\Autodesk Shared
2014-01-07 22:08 - 2014-01-07 22:08 - 00002014 _____ C:\Users\Public\Desktop\Autodesk 360.lnk
2014-01-07 22:02 - 2014-01-07 22:02 - 00002146 _____ C:\Users\Public\Desktop\DWG TrueView 2014.lnk
2014-01-07 22:00 - 2014-01-07 22:00 - 00000000 ____D C:\Program Files (x86)\DWG TrueView 2014
2014-01-07 21:47 - 2009-07-14 04:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2014-01-07 21:26 - 2014-01-07 21:25 - 00000000 ____D C:\Users\User\AppData\Local\Akamai
2014-01-07 21:25 - 2012-07-31 14:12 - 00000000 ____D C:\Autodesk
2014-01-07 20:47 - 2012-08-27 21:00 - 00001031 _____ C:\Users\User\Desktop\Dropbox.lnk
2014-01-07 20:47 - 2012-08-27 20:58 - 00000000 ____D C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-01-07 20:47 - 2012-07-12 12:49 - 00000000 ___RD C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Some content of TEMP:
====================
C:\Users\User\AppData\Local\Temp\avgnt.exe
C:\Users\User\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-09-04 20:59
==================== End Of Log ============================
--- --- --- --- --- --- Hoffe das nun alles entfernt ist und ich den Mist nun los bin. Wenn Du mir zum Schluß noch einen Tip geben würdest, wie ich mich gegen den ganze Trojaner Kram besser schützen könnte, wäre ich Dir noch dankbar.  |
|
30.01.2014, 16:19
| #8 |
| /// the machine /// TB-Ausbilder | Search Protect - Conduit kann nicht deinstalliert werden Besprechen wir nach dem Onlinescan auf Reste ESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
01.02.2014, 22:37
| #9 |
| | Search Protect - Conduit kann nicht deinstalliert werden Hier der ESET Log Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=d0013d0f20a9504cb4de8cfa5e8c8d06
# engine=16895
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-02-01 08:32:51
# local_time=2014-02-01 09:32:51 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 96 53603 161958076 46377 0
# compatibility_mode=5893 16776573 100 94 66241 142916621 0 0
# scanned=363239
# found=2
# cleaned=0
# scan_time=37058
sh=B28AFB183EE15EF0FDBD3CD59A9BDD16442D5E24 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\_OTL\MovedFiles\01092013_153729.zip"
sh=C32F3F35F9C62500C2EAA3F3E3C5E90BDF5CAA4A ft=0 fh=0000000000000000 vn="Win32/Reveton.M trojan" ac=I fn="C:\_OTL\MovedFiles\01092013_153729\C_Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk"
Code:
ATTFilter Results of screen317's Security Check version 0.99.79 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` Windows Security Center service is not running! This report may not be accurate! Avira Desktop Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware Version 1.75.0.1300 JavaFX 2.1.1 Java(TM) 6 Update 20 Java 7 Update 51 Adobe Flash Player 12.0.0.43 Flash Player out of Date! Adobe Reader 10.1.9 Adobe Reader out of Date! Mozilla Firefox (26.0) ````````Process Check: objlist.exe by Laurent```````` Avira Antivir avgnt.exe Avira Antivir avguard.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-02-2014 04
Ran by User (administrator) on XXX on 01-02-2014 22:31:26
Running from C:\Users\User\Downloads\Trojaner Board
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Sanford, L.P.) C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
( ) C:\Program Files\Autodesk\Inventor 2013\Moldflow\bin\mitsijm.exe
(Autodesk, Inc.) C:\Program Files\Autodesk\Inventor 2014\Moldflow\bin\mitsijm.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\SmoothView\SmoothView.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TECO\Teco.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\ReelTime\TosReelTimeMonitor.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe
(Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe
(Toshiba Europe GmbH) C:\Program Files\Toshiba\Registration\ToshibaReminder.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
(Microsoft Corporation) C:\Users\User\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
() C:\Program Files\Toshiba\FlashCards\Hotkey\TCrdKBB.exe
(Akamai Technologies, Inc.) C:\Users\User\AppData\Local\Akamai\netsession_win.exe
(Autodesk, Inc.) C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtMng.exe
(Dropbox, Inc.) C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Akamai Technologies, Inc.) C:\Users\User\AppData\Local\Akamai\netsession_win.exe
(AVM Berlin) C:\Users\User\AppData\Local\Apps\2.0\CYN3ZPHY.T37\4J0RP2L5.DLH\frit..tion_8488884cfbcefd60_0002.0003_f406d43803d5433d\fritzbox-usb-fernanschluss.exe
(Nero AG) C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe
(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(TOSHIBA Corporation) C:\Program Files\Toshiba\TECO\TecoService.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSENotify.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TPHM\TPCHWMsg.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosA2dp.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtHid.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TRCMan\TRCMan.exe
() C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ReModem.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtHSP.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
(InterVideo) C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
() C:\Users\User\Desktop\SecurityCheck.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [TPwrMain] - C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [505696 2009-11-05] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] - C:\Program Files\TOSHIBA\TBS\HSON.exe [52600 2009-03-09] (TOSHIBA Corporation)
HKLM\...\Run: [SmoothView] - C:\Program Files\Toshiba\SmoothView\SmoothView.exe [570680 2009-08-13] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] - C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [913720 2010-03-25] (TOSHIBA Corporation)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10134560 2010-03-22] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [896032 2010-03-22] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2052392 2010-03-10] (Synaptics Incorporated)
HKLM\...\Run: [ThpSrv] - C:\windows\system32\thpsrv /logon
HKLM\...\Run: [Teco] - C:\Program Files\TOSHIBA\TECO\Teco.exe [1519016 2010-07-28] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [709976 2010-02-05] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] - C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [711576 2010-07-22] (TOSHIBA Corporation)
HKLM\...\Run: [SmartFaceVWatcher] - C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe [238080 2009-10-19] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] - C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [38304 2010-07-09] (TOSHIBA Corporation)
HKLM\...\Run: [TosNC] - C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [595816 2010-04-23] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] - C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [Toshiba TEMPRO] - C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe [1050072 2010-05-11] (Toshiba Europe GmbH)
HKLM\...\Run: [Toshiba Registration] - C:\Program Files\Toshiba\Registration\ToshibaReminder.exe [136136 2010-04-19] (Toshiba Europe GmbH)
HKLM-x32\...\Run: [NBAgent] - C:\Program Files (x86)\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe [1086760 2010-03-09] (Nero AG)
HKLM-x32\...\Run: [SVPWUTIL] - C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe [352256 2010-02-22] (TOSHIBA)
HKLM-x32\...\Run: [HWSetup] - C:\Program Files\TOSHIBA\Utilities\HWSetup.exe [423936 2010-03-04] (TOSHIBA Electronics, Inc.)
HKLM-x32\...\Run: [KeNotify] - C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe [34160 2009-12-25] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [ITSecMng] - C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe [83336 2009-07-22] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [ToshibaServiceStation] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1294136 2009-10-06] (TOSHIBA Corporation)
HKLM-x32\...\Run: [TRCMan] - C:\Program Files (x86)\TOSHIBA\TRCMan\TRCMan.exe [714104 2010-06-02] (TOSHIBA Corporation)
HKLM-x32\...\Run: [TWebCamera] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe [2454840 2010-05-01] (TOSHIBA CORPORATION.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [IndexSearch] - C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe [46368 2010-03-08] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PaperPort PTD] - C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe [29984 2010-03-08] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PPort12reminder] - C:\Program Files (x86)\Nuance\PaperPort\Ereg\Ereg.exe [328992 2010-02-09] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDFHook] - C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe [636192 2010-03-05] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDF5 Registry Controller] - C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe [62752 2010-03-05] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [ControlCenter4] - C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [139264 2010-10-28] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] - C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [2621440 2010-06-10] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [684600 2014-01-14] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [DLSService] - "C:\Program Files (x86)\DYMO\DYMO Label Software\DLSService.exe"
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-10-01] (Apple Inc.)
HKU\.DEFAULT\...\Run: [TOSHIBA Online Product Information] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [4581280 2010-03-03] (TOSHIBA)
HKU\.DEFAULT\...\Run: [Autodesk Sync] - C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [1081224 2013-02-05] (Autodesk, Inc.)
HKU\S-1-5-21-554711917-2863548098-4266043090-1000\...\Run: [AVMUSBFernanschluss] - C:\Users\User\AppData\Local\Apps\2.0\CYN3ZPHY.T37\4J0RP2L5.DLH\frit..tion_8488884cfbcefd60_0002.0003_f406d43803d5433d\AVMAutoStart.exe [139264 2013-01-10] (AVM Berlin)
HKU\S-1-5-21-554711917-2863548098-4266043090-1000\...\Run: [ISUSPM] - C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation)
HKU\S-1-5-21-554711917-2863548098-4266043090-1000\...\Run: [SkyDrive] - C:\Users\User\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [257136 2013-08-18] (Microsoft Corporation)
HKU\S-1-5-21-554711917-2863548098-4266043090-1000\...\Run: [iCloudServices] - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-09-14] (Apple Inc.)
HKU\S-1-5-21-554711917-2863548098-4266043090-1000\...\Run: [ApplePhotoStreams] - C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-09-15] (Apple Inc.)
HKU\S-1-5-21-554711917-2863548098-4266043090-1000\...\Run: [Akamai NetSession Interface] - C:\Users\User\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.)
HKU\S-1-5-21-554711917-2863548098-4266043090-1000\...\Run: [Autodesk Sync] - C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [1081224 2013-02-05] (Autodesk, Inc.)
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => File Not Found
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
URLSearchHook: HKCU - UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll No File
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {02D554C9-5BAC-4088-B940-D8CF85D0F79B} URL =
SearchScopes: HKCU - {1695F057-E9E5-4E67-BBE9-5011183B6D99} URL = hxxp://www.amazon.de/gp/search?ie=UTF8&keywords={searchTerms}&tag=tochibade-win7-ie-search-21&index=blended&linkCode=ur2
SearchScopes: HKCU - {BA55DABC-4256-4A3B-A8B1-030ECDB2AE7E} URL =
SearchScopes: HKCU - {BF9D5AAF-D3A8-4171-944F-6199F1997E09} URL = hxxp://rover.ebay.com/rover/1/707-44556-9400-9/4?satitle={searchTerms}
BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL No File
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll No File
BHO-x32: PlusIEEventHelper Class - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll (Zeon Corporation)
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\uhwqlx47.default
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_12_0_0_43.dll ()
FF Plugin: @java.com/DTPlugin,version=10.7.2 - C:\windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.7.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.5 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.8 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_43.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @dymo.com/DymoLabelFramework - C:\Program Files (x86)\DYMO\DYMO Label Software\Framework\npDYMOLabelFramework.dll ( Sanford L.P.)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\uhwqlx47.default\searchplugins\conduit-search-1.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Easy YouTube Video Downloader - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\uhwqlx47.default\Extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi [2013-06-15]
==================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376 2014-01-14] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376 2014-01-14] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1011768 2014-01-14] (Avira Operations GmbH & Co. KG)
R2 DymoPnpService; C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe [32368 2012-10-09] (Sanford, L.P.)
R2 mitsijm2013; C:\Program Files\Autodesk\Inventor 2013\Moldflow\bin\mitsijm.exe [339776 2012-01-31] ( )
R2 mitsijm2014; C:\Program Files\Autodesk\Inventor 2014\Moldflow\bin\mitsijm.exe [952608 2013-01-25] (Autodesk, Inc.)
R2 NitroDriverReadSpool2; C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe [204296 2012-04-12] (Nitro PDF Software)
R2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [144672 2010-03-08] (Nuance Communications, Inc.)
S3 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [124368 2010-05-11] (Toshiba Europe GmbH)
==================== Drivers (Whitelisted) ====================
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-19] (Avira Operations GmbH & Co. KG)
R3 avmaudio; C:\Windows\System32\DRIVERS\avmaudio.sys [116480 2013-01-10] (AVM Berlin)
R3 avmaura; C:\Windows\System32\DRIVERS\avmaura.sys [116480 2012-12-21] (AVM Berlin)
S1 SSHDRV76; C:\windows\SysWOW64\drivers\SSHDRV76.sys [53760 2013-05-30] ()
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-02-01 22:24 - 2014-02-01 22:24 - 00987425 _____ () C:\Users\User\Desktop\SecurityCheck.exe
2014-02-01 11:12 - 2014-02-01 11:12 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-01-30 22:16 - 2014-01-30 22:16 - 02347384 _____ (ESET) C:\Users\User\Desktop\esetsmartinstaller_enu.exe
2014-01-30 15:09 - 2014-01-31 19:33 - 00000112 _____ () C:\windows\setupact.log
2014-01-30 15:09 - 2014-01-30 15:09 - 00000000 _____ () C:\windows\setuperr.log
2014-01-29 18:53 - 2014-01-29 18:53 - 00000000 ____D () C:\windows\ERUNT
2014-01-29 18:39 - 2014-01-29 18:44 - 00000000 ____D () C:\AdwCleaner
2014-01-28 16:11 - 2014-01-29 17:24 - 00000000 ____D () C:\Program Files (x86)\McAfee Security Scan
2014-01-26 21:41 - 2014-01-26 21:41 - 00000000 ____D () C:\Users\User\AppData\Roaming\Malwarebytes
2014-01-26 21:40 - 2014-01-26 21:40 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-01-26 21:40 - 2014-01-26 21:40 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-26 21:40 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-01-26 19:09 - 2014-01-26 19:09 - 00000000 ____D () C:\Users\User\Documents\Any Video Converter
2014-01-26 19:08 - 2014-01-26 19:08 - 00000000 ____D () C:\Users\User\AppData\Roaming\AnvSoft
2014-01-26 19:08 - 2014-01-26 19:08 - 00000000 ____D () C:\Program Files (x86)\AnvSoft
2014-01-26 19:06 - 2014-01-26 19:07 - 37146216 _____ (Any-Video-Converter.com ) C:\Users\User\Downloads\avc-free.exe
2014-01-26 13:23 - 2014-02-01 22:31 - 00000000 ____D () C:\FRST
2014-01-26 13:22 - 2014-02-01 22:31 - 00000000 ____D () C:\Users\User\Downloads\Trojaner Board
2014-01-24 22:19 - 2014-01-24 22:22 - 00000000 ____D () C:\Users\User\Downloads\VWL
2014-01-24 21:30 - 2013-12-18 21:09 - 00096168 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2014-01-24 21:30 - 2013-12-18 21:04 - 00264616 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe
2014-01-24 21:30 - 2013-12-18 21:04 - 00175016 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe
2014-01-24 21:30 - 2013-12-18 21:03 - 00174504 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe
2014-01-24 21:29 - 2014-01-24 21:30 - 00005327 _____ () C:\windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-01-21 21:54 - 2014-01-21 21:54 - 00000000 ___SD () C:\Users\User\Documents\Meine Datenquellen
2014-01-19 17:17 - 2014-01-19 17:18 - 00000000 ____D () C:\ProgramData\TuneUp Software
2014-01-19 17:17 - 2014-01-19 17:17 - 00000000 __SHD () C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2014-01-19 17:17 - 2014-01-19 17:17 - 00000000 ____D () C:\Users\User\AppData\Roaming\TuneUp Software
2014-01-19 10:18 - 2014-01-19 10:18 - 00000000 ____D () C:\Users\User\Downloads\FOM
2014-01-15 16:15 - 2013-11-27 02:41 - 00343040 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbhub.sys
2014-01-15 16:15 - 2013-11-27 02:41 - 00325120 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbport.sys
2014-01-15 16:15 - 2013-11-27 02:41 - 00099840 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbccgp.sys
2014-01-15 16:15 - 2013-11-27 02:41 - 00053248 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbehci.sys
2014-01-15 16:15 - 2013-11-27 02:41 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbuhci.sys
2014-01-15 16:15 - 2013-11-27 02:41 - 00025600 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbohci.sys
2014-01-15 16:15 - 2013-11-27 02:41 - 00007808 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbd.sys
2014-01-15 16:15 - 2013-11-26 12:40 - 00376768 _____ (Microsoft Corporation) C:\windows\system32\Drivers\netio.sys
2014-01-15 16:15 - 2013-11-26 11:32 - 03156480 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-01-07 23:35 - 2014-01-07 23:35 - 00002050 _____ () C:\Users\Public\Desktop\Autodesk ReCap.lnk
2014-01-07 23:35 - 2014-01-07 23:35 - 00000000 ____D () C:\ProgramData\FARO
2014-01-07 23:30 - 2014-01-07 23:30 - 00001236 _____ () C:\Users\Public\Desktop\Autodesk Vault Basic 2014.lnk
2014-01-07 22:49 - 2014-01-07 22:49 - 00002238 _____ () C:\Users\Public\Desktop\Autodesk Inventor Professional 2014.lnk
2014-01-07 22:08 - 2014-01-07 22:08 - 00002014 _____ () C:\Users\Public\Desktop\Autodesk 360.lnk
2014-01-07 22:02 - 2014-01-07 22:02 - 00002146 _____ () C:\Users\Public\Desktop\DWG TrueView 2014.lnk
2014-01-07 22:00 - 2014-01-07 22:00 - 00000000 ____D () C:\Program Files (x86)\DWG TrueView 2014
2014-01-07 21:25 - 2014-01-07 21:26 - 00000000 ____D () C:\Users\User\AppData\Local\Akamai
2014-01-07 21:11 - 2014-01-08 19:20 - 00000000 ____D () C:\Users\User\Downloads\Autodesk Inventor 2014
==================== One Month Modified Files and Folders =======
2014-02-01 22:31 - 2014-01-26 13:23 - 00000000 ____D () C:\FRST
2014-02-01 22:31 - 2014-01-26 13:22 - 00000000 ____D () C:\Users\User\Downloads\Trojaner Board
2014-02-01 22:24 - 2014-02-01 22:24 - 00987425 _____ () C:\Users\User\Desktop\SecurityCheck.exe
2014-02-01 21:57 - 2012-07-12 11:38 - 01092159 _____ () C:\windows\WindowsUpdate.log
2014-02-01 18:29 - 2012-07-13 16:15 - 00000000 ____D () C:\Users\User\Documents\Outlook-Dateien
2014-02-01 11:12 - 2014-02-01 11:12 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-01-31 20:07 - 2012-08-27 20:57 - 00000000 ____D () C:\Users\User\AppData\Roaming\Dropbox
2014-01-31 19:44 - 2009-07-14 05:45 - 00016080 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-31 19:44 - 2009-07-14 05:45 - 00016080 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-31 19:36 - 2012-08-27 21:00 - 00000000 ___RD () C:\Users\User\Dropbox
2014-01-31 19:35 - 2013-06-28 18:14 - 00000000 ___RD () C:\Users\User\SkyDrive
2014-01-31 19:33 - 2014-01-30 15:09 - 00000112 _____ () C:\windows\setupact.log
2014-01-30 22:16 - 2014-01-30 22:16 - 02347384 _____ (ESET) C:\Users\User\Desktop\esetsmartinstaller_enu.exe
2014-01-30 15:09 - 2014-01-30 15:09 - 00000000 _____ () C:\windows\setuperr.log
2014-01-29 20:19 - 2012-07-17 20:06 - 00000000 ____D () C:\windows\Minidump
2014-01-29 18:53 - 2014-01-29 18:53 - 00000000 ____D () C:\windows\ERUNT
2014-01-29 18:44 - 2014-01-29 18:39 - 00000000 ____D () C:\AdwCleaner
2014-01-29 18:33 - 2012-07-12 11:35 - 00520066 _____ () C:\windows\PFRO.log
2014-01-29 17:24 - 2014-01-28 16:11 - 00000000 ____D () C:\Program Files (x86)\McAfee Security Scan
2014-01-28 16:11 - 2012-07-13 17:53 - 00692616 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-01-28 16:11 - 2012-07-13 17:53 - 00071048 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-01-28 16:11 - 2012-07-13 17:48 - 00000000 ____D () C:\Users\User\AppData\Local\Adobe
2014-01-28 16:11 - 2010-09-20 20:11 - 00000000 ____D () C:\ProgramData\McAfee
2014-01-27 22:05 - 2012-07-13 18:25 - 00000000 ____D () C:\Users\User\AppData\Local\Deployment
2014-01-27 18:48 - 2009-07-14 18:58 - 00699666 _____ () C:\windows\system32\perfh007.dat
2014-01-27 18:48 - 2009-07-14 18:58 - 00149774 _____ () C:\windows\system32\perfc007.dat
2014-01-27 18:48 - 2009-07-14 06:13 - 01620612 _____ () C:\windows\system32\PerfStringBackup.INI
2014-01-26 21:41 - 2014-01-26 21:41 - 00000000 ____D () C:\Users\User\AppData\Roaming\Malwarebytes
2014-01-26 21:40 - 2014-01-26 21:40 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-01-26 21:40 - 2014-01-26 21:40 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-26 21:19 - 2012-07-13 18:08 - 00000000 ____D () C:\Users\User\AppData\Roaming\UseNeXT
2014-01-26 21:09 - 2012-07-13 18:08 - 00000000 ____D () C:\Users\User\Documents\UseNeXT
2014-01-26 19:09 - 2014-01-26 19:09 - 00000000 ____D () C:\Users\User\Documents\Any Video Converter
2014-01-26 19:08 - 2014-01-26 19:08 - 00000000 ____D () C:\Users\User\AppData\Roaming\AnvSoft
2014-01-26 19:08 - 2014-01-26 19:08 - 00000000 ____D () C:\Program Files (x86)\AnvSoft
2014-01-26 19:07 - 2014-01-26 19:06 - 37146216 _____ (Any-Video-Converter.com ) C:\Users\User\Downloads\avc-free.exe
2014-01-26 17:17 - 2013-01-13 21:03 - 00000000 ____D () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Apache Friends
2014-01-24 22:22 - 2014-01-24 22:19 - 00000000 ____D () C:\Users\User\Downloads\VWL
2014-01-24 21:30 - 2014-01-24 21:29 - 00005327 _____ () C:\windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-01-24 21:30 - 2013-10-18 19:24 - 00000000 ____D () C:\ProgramData\Oracle
2014-01-24 21:30 - 2010-09-20 19:44 - 00000000 ____D () C:\Program Files (x86)\Java
2014-01-24 21:24 - 2012-07-12 12:55 - 00000000 ____D () C:\Users\User\AppData\Roaming\Toshiba
2014-01-23 18:39 - 2012-07-13 14:45 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-01-23 18:39 - 2009-07-14 03:34 - 00000478 _____ () C:\windows\win.ini
2014-01-23 18:38 - 2012-09-12 16:49 - 00000039 _____ () C:\windows\vbaddin.ini
2014-01-21 21:54 - 2014-01-21 21:54 - 00000000 ___SD () C:\Users\User\Documents\Meine Datenquellen
2014-01-21 19:00 - 2012-07-14 15:24 - 00000000 ____D () C:\Users\User\AppData\Roaming\Nitro PDF
2014-01-19 17:48 - 2013-04-16 18:14 - 00000000 ____D () C:\Program Files (x86)\UltraMixer
2014-01-19 17:18 - 2014-01-19 17:17 - 00000000 ____D () C:\ProgramData\TuneUp Software
2014-01-19 17:17 - 2014-01-19 17:17 - 00000000 __SHD () C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2014-01-19 17:17 - 2014-01-19 17:17 - 00000000 ____D () C:\Users\User\AppData\Roaming\TuneUp Software
2014-01-19 14:43 - 2012-08-03 14:43 - 00000000 ____D () C:\Users\User\AppData\Roaming\Skype
2014-01-19 10:18 - 2014-01-19 10:18 - 00000000 ____D () C:\Users\User\Downloads\FOM
2014-01-19 09:40 - 2010-09-20 20:02 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-01-19 09:40 - 2010-09-20 20:02 - 00000000 ____D () C:\ProgramData\Skype
2014-01-15 20:55 - 2009-07-14 05:45 - 00559968 _____ () C:\windows\system32\FNTCACHE.DAT
2014-01-15 20:49 - 2013-08-18 21:02 - 00000000 ____D () C:\windows\system32\MRT
2014-01-15 20:46 - 2012-07-17 13:45 - 86054176 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-01-15 18:19 - 2013-11-13 15:53 - 00000000 ____D () C:\Users\User\AppData\Roaming\vlc
2014-01-15 17:58 - 2013-05-15 17:32 - 00000000 ____D () C:\Users\User\AppData\Roaming\dvdcss
2014-01-11 12:39 - 2012-07-30 17:29 - 00000000 ____D () C:\Users\User\AppData\Roaming\Autodesk
2014-01-08 22:49 - 2012-07-29 09:41 - 01594892 _____ () C:\windows\SysWOW64\PerfStringBackup.INI
2014-01-08 22:33 - 2012-07-31 20:55 - 00000000 ____D () C:\Users\User\AppData\Local\Autodesk,_Inc
2014-01-08 19:20 - 2014-01-07 21:11 - 00000000 ____D () C:\Users\User\Downloads\Autodesk Inventor 2014
2014-01-08 05:18 - 2012-07-12 12:55 - 00179512 _____ () C:\Users\User\AppData\Local\GDIPFONTCACHEV1.DAT
2014-01-07 23:35 - 2014-01-07 23:35 - 00002050 _____ () C:\Users\Public\Desktop\Autodesk ReCap.lnk
2014-01-07 23:35 - 2014-01-07 23:35 - 00000000 ____D () C:\ProgramData\FARO
2014-01-07 23:35 - 2012-07-31 14:39 - 00000000 ____D () C:\Program Files\Autodesk
2014-01-07 23:35 - 2012-07-30 17:29 - 00000000 ____D () C:\ProgramData\Autodesk
2014-01-07 23:30 - 2014-01-07 23:30 - 00001236 _____ () C:\Users\Public\Desktop\Autodesk Vault Basic 2014.lnk
2014-01-07 23:30 - 2012-07-31 14:51 - 00000000 ____D () C:\Users\User\Documents\Inventor
2014-01-07 23:30 - 2012-07-31 14:42 - 00000000 ____D () C:\Users\Public\Documents\Autodesk
2014-01-07 22:53 - 2012-07-31 14:39 - 00000000 ____D () C:\Users\User\AppData\Local\Autodesk
2014-01-07 22:49 - 2014-01-07 22:49 - 00002238 _____ () C:\Users\Public\Desktop\Autodesk Inventor Professional 2014.lnk
2014-01-07 22:47 - 2012-10-26 20:12 - 00000000 ____D () C:\Program Files\Common Files\Autodesk Shared
2014-01-07 22:08 - 2014-01-07 22:08 - 00002014 _____ () C:\Users\Public\Desktop\Autodesk 360.lnk
2014-01-07 22:02 - 2014-01-07 22:02 - 00002146 _____ () C:\Users\Public\Desktop\DWG TrueView 2014.lnk
2014-01-07 22:00 - 2014-01-07 22:00 - 00000000 ____D () C:\Program Files (x86)\DWG TrueView 2014
2014-01-07 21:47 - 2009-07-14 04:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-01-07 21:26 - 2014-01-07 21:25 - 00000000 ____D () C:\Users\User\AppData\Local\Akamai
2014-01-07 21:25 - 2012-07-31 14:12 - 00000000 ____D () C:\Autodesk
2014-01-07 20:47 - 2012-08-27 21:00 - 00001031 _____ () C:\Users\User\Desktop\Dropbox.lnk
2014-01-07 20:47 - 2012-08-27 20:58 - 00000000 ____D () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-01-07 20:47 - 2012-07-12 12:49 - 00000000 ___RD () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Some content of TEMP:
====================
C:\Users\User\AppData\Local\Temp\avgnt.exe
C:\Users\User\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-09-04 20:59
==================== End Of Log ============================
--- --- --- |
|
02.02.2014, 07:37
| #10 |
| /// the machine /// TB-Ausbilder | Search Protect - Conduit kann nicht deinstalliert werden Flash und Adobe updaten. Downloade dir bitte  Farbar Service Scanner
Poste bitte den Inhalt hier.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
02.02.2014, 17:28
| #11 |
| | Search Protect - Conduit kann nicht deinstalliert werdenCode:
ATTFilter Farbar Service Scanner Version: 02-02-2014
Ran by User (administrator) on 02-02-2014 at 17:28:43
Running from "C:\Users\User\Desktop"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
Windows Firewall:
=============
Firewall Disabled Policy:
==================
System Restore:
============
System Restore Disabled Policy:
========================
Action Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is set to Demand. The default start type is Auto.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.
Windows Update:
============
Windows Autoupdate Disabled Policy:
============================
Windows Defender:
==============
Other Services:
==============
File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
**** End of log ****
|
|
03.02.2014, 16:13
| #12 |
| /// the machine /// TB-Ausbilder | Search Protect - Conduit kann nicht deinstalliert werden Downloade dir bitte Windows Repair (All In One) von hier.
Frisches FSS und FRST log bitte. Noch probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
05.02.2014, 21:18
| #13 |
| | Search Protect - Conduit kann nicht deinstalliert werdenCode:
ATTFilter Farbar Service Scanner Version: 02-02-2014
Ran by User (administrator) on 05-02-2014 at 21:07:31
Running from "C:\Users\User\Desktop"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
Windows Firewall:
=============
Firewall Disabled Policy:
==================
System Restore:
============
System Restore Disabled Policy:
========================
Action Center:
============
Windows Update:
============
Windows Autoupdate Disabled Policy:
============================
Windows Defender:
==============
Other Services:
==============
File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
**** End of log ****
FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-02-2014
Ran by User (administrator) on XXX on 05-02-2014 21:09:49
Running from C:\Users\User\Downloads\Trojaner Board
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Sanford, L.P.) C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\SmoothView\SmoothView.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TECO\Teco.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\ReelTime\TosReelTimeMonitor.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe
(Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe
(Toshiba Europe GmbH) C:\Program Files\Toshiba\Registration\ToshibaReminder.exe
() C:\Program Files\Toshiba\FlashCards\Hotkey\TCrdKBB.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
(Microsoft Corporation) C:\Users\User\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Akamai Technologies, Inc.) C:\Users\User\AppData\Local\Akamai\netsession_win.exe
(Autodesk, Inc.) C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtMng.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Dropbox, Inc.) C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe
( ) C:\Program Files\Autodesk\Inventor 2013\Moldflow\bin\mitsijm.exe
(Akamai Technologies, Inc.) C:\Users\User\AppData\Local\Akamai\netsession_win.exe
(AVM Berlin) C:\Users\User\AppData\Local\Apps\2.0\CYN3ZPHY.T37\4J0RP2L5.DLH\frit..tion_8488884cfbcefd60_0002.0003_f406d43803d5433d\fritzbox-usb-fernanschluss.exe
(Autodesk, Inc.) C:\Program Files\Autodesk\Inventor 2014\Moldflow\bin\mitsijm.exe
(Nero AG) C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TECO\TecoService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TPHM\TPCHSrv.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSENotify.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosA2dp.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TPHM\TPCHWMsg.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtHid.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TRCMan\TRCMan.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtHSP.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosAVRC.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\tosOBEX.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
(InterVideo) C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [TPwrMain] - C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [505696 2009-11-05] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] - C:\Program Files\TOSHIBA\TBS\HSON.exe [52600 2009-03-09] (TOSHIBA Corporation)
HKLM\...\Run: [SmoothView] - C:\Program Files\Toshiba\SmoothView\SmoothView.exe [570680 2009-08-13] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] - C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [913720 2010-03-25] (TOSHIBA Corporation)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10134560 2010-03-22] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [896032 2010-03-22] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2052392 2010-03-10] (Synaptics Incorporated)
HKLM\...\Run: [ThpSrv] - C:\windows\system32\thpsrv /logon
HKLM\...\Run: [Teco] - C:\Program Files\TOSHIBA\TECO\Teco.exe [1519016 2010-07-28] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [709976 2010-02-05] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] - C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [711576 2010-07-22] (TOSHIBA Corporation)
HKLM\...\Run: [SmartFaceVWatcher] - C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe [238080 2009-10-19] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] - C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [38304 2010-07-09] (TOSHIBA Corporation)
HKLM\...\Run: [TosNC] - C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [595816 2010-04-23] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] - C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [Toshiba TEMPRO] - C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe [1050072 2010-05-11] (Toshiba Europe GmbH)
HKLM\...\Run: [Toshiba Registration] - C:\Program Files\Toshiba\Registration\ToshibaReminder.exe [136136 2010-04-19] (Toshiba Europe GmbH)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472984 2013-12-10] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [NBAgent] - C:\Program Files (x86)\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe [1086760 2010-03-09] (Nero AG)
HKLM-x32\...\Run: [SVPWUTIL] - C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe [352256 2010-02-22] (TOSHIBA)
HKLM-x32\...\Run: [HWSetup] - C:\Program Files\TOSHIBA\Utilities\HWSetup.exe [423936 2010-03-04] (TOSHIBA Electronics, Inc.)
HKLM-x32\...\Run: [KeNotify] - C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe [34160 2009-12-25] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [ITSecMng] - C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe [83336 2009-07-22] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [ToshibaServiceStation] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1294136 2009-10-06] (TOSHIBA Corporation)
HKLM-x32\...\Run: [TRCMan] - C:\Program Files (x86)\TOSHIBA\TRCMan\TRCMan.exe [714104 2010-06-02] (TOSHIBA Corporation)
HKLM-x32\...\Run: [TWebCamera] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe [2454840 2010-05-01] (TOSHIBA CORPORATION.)
HKLM-x32\...\Run: [IndexSearch] - C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe [46368 2010-03-08] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PaperPort PTD] - C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe [29984 2010-03-08] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PPort12reminder] - C:\Program Files (x86)\Nuance\PaperPort\Ereg\Ereg.exe [328992 2010-02-09] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDFHook] - C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe [636192 2010-03-05] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDF5 Registry Controller] - C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe [62752 2010-03-05] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [ControlCenter4] - C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [139264 2010-10-28] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] - C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [2621440 2010-06-10] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [] - [X]
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [684600 2014-01-14] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [DLSService] - "C:\Program Files (x86)\DYMO\DYMO Label Software\DLSService.exe"
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-10-01] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Creative Cloud] - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2239376 2013-12-19] (Adobe Systems Incorporated)
HKU\.DEFAULT\...\Run: [TOSHIBA Online Product Information] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [4581280 2010-03-03] (TOSHIBA)
HKU\.DEFAULT\...\Run: [Autodesk Sync] - C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [1081224 2013-02-05] (Autodesk, Inc.)
HKU\S-1-5-21-554711917-2863548098-4266043090-1000\...\Run: [AVMUSBFernanschluss] - C:\Users\User\AppData\Local\Apps\2.0\CYN3ZPHY.T37\4J0RP2L5.DLH\frit..tion_8488884cfbcefd60_0002.0003_f406d43803d5433d\AVMAutoStart.exe [139264 2013-01-10] (AVM Berlin)
HKU\S-1-5-21-554711917-2863548098-4266043090-1000\...\Run: [ISUSPM] - C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation)
HKU\S-1-5-21-554711917-2863548098-4266043090-1000\...\Run: [SkyDrive] - C:\Users\User\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [257136 2013-08-18] (Microsoft Corporation)
HKU\S-1-5-21-554711917-2863548098-4266043090-1000\...\Run: [iCloudServices] - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-09-14] (Apple Inc.)
HKU\S-1-5-21-554711917-2863548098-4266043090-1000\...\Run: [ApplePhotoStreams] - C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-09-15] (Apple Inc.)
HKU\S-1-5-21-554711917-2863548098-4266043090-1000\...\Run: [Akamai NetSession Interface] - C:\Users\User\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.)
HKU\S-1-5-21-554711917-2863548098-4266043090-1000\...\Run: [Autodesk Sync] - C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [1081224 2013-02-05] (Autodesk, Inc.)
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => File Not Found
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
URLSearchHook: HKCU - UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll No File
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {02D554C9-5BAC-4088-B940-D8CF85D0F79B} URL =
SearchScopes: HKCU - {1695F057-E9E5-4E67-BBE9-5011183B6D99} URL = hxxp://www.amazon.de/gp/search?ie=UTF8&keywords={searchTerms}&tag=tochibade-win7-ie-search-21&index=blended&linkCode=ur2
SearchScopes: HKCU - {BA55DABC-4256-4A3B-A8B1-030ECDB2AE7E} URL =
SearchScopes: HKCU - {BF9D5AAF-D3A8-4171-944F-6199F1997E09} URL = hxxp://rover.ebay.com/rover/1/707-44556-9400-9/4?satitle={searchTerms}
BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL No File
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll No File
BHO-x32: PlusIEEventHelper Class - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll (Zeon Corporation)
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\uhwqlx47.default
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_12_0_0_43.dll ()
FF Plugin: @java.com/DTPlugin,version=10.7.2 - C:\windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.7.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.5 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.8 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect_x86_64 - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_43.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @dymo.com/DymoLabelFramework - C:\Program Files (x86)\DYMO\DYMO Label Software\Framework\npDYMOLabelFramework.dll ( Sanford L.P.)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)
FF SearchPlugin: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\uhwqlx47.default\searchplugins\conduit-search-1.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Easy YouTube Video Downloader - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\uhwqlx47.default\Extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi [2013-06-15]
==================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376 2014-01-14] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376 2014-01-14] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1011768 2014-01-14] (Avira Operations GmbH & Co. KG)
R2 DymoPnpService; C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe [32368 2012-10-09] (Sanford, L.P.)
R2 mitsijm2013; C:\Program Files\Autodesk\Inventor 2013\Moldflow\bin\mitsijm.exe [339776 2012-01-31] ( )
R2 mitsijm2014; C:\Program Files\Autodesk\Inventor 2014\Moldflow\bin\mitsijm.exe [952608 2013-01-25] (Autodesk, Inc.)
R2 NitroDriverReadSpool2; C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe [204296 2012-04-12] (Nitro PDF Software)
R2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [144672 2010-03-08] (Nuance Communications, Inc.)
S3 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [124368 2010-05-11] (Toshiba Europe GmbH)
==================== Drivers (Whitelisted) ====================
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-19] (Avira Operations GmbH & Co. KG)
R3 avmaudio; C:\Windows\System32\DRIVERS\avmaudio.sys [116480 2013-01-10] (AVM Berlin)
R3 avmaura; C:\Windows\System32\DRIVERS\avmaura.sys [116480 2012-12-21] (AVM Berlin)
S1 SSHDRV76; C:\windows\SysWOW64\drivers\SSHDRV76.sys [53760 2013-05-30] ()
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-02-05 20:19 - 2014-02-05 20:34 - 00181064 _____ (Sysinternals) C:\windows\PSEXESVC.EXE
2014-02-05 20:17 - 2014-02-05 20:17 - 00000207 _____ () C:\windows\tweaking.com-regbackup-LAPTOPCARSTEN-Microsoft-Windows-7-Home-Premium-(64-bit).dat
2014-02-05 20:16 - 2014-02-05 20:16 - 00000000 ____D () C:\RegBackup
2014-02-04 15:12 - 2014-02-04 15:12 - 00009864 ____N () C:\bootsqm.dat
2014-02-03 22:08 - 2014-02-03 22:08 - 00000000 ____D () C:\Users\User\Downloads\Windows Repair
2014-02-03 21:47 - 2014-02-03 21:47 - 00000364 _____ () C:\windows\Tasks\AdobeAAMUpdater-1.0-LAPTOPCARSTEN-User.job
2014-02-03 21:46 - 2014-02-03 21:46 - 00000000 ____D () C:\Users\User\AppData\Roaming\PDAppFlex
2014-02-03 21:45 - 2014-02-03 21:47 - 00000000 ____D () C:\ProgramData\regid.1986-12.com.adobe
2014-02-03 17:08 - 2014-02-03 17:08 - 00000000 ____D () C:\ProgramData\ALM
2014-02-03 16:25 - 2014-02-03 16:25 - 00001070 _____ () C:\Users\Public\Desktop\Adobe Creative Cloud.lnk
2014-02-03 16:22 - 2014-02-03 16:22 - 02844536 _____ (Adobe Systems Incorporated) C:\Users\User\Downloads\CreativeCloudSet-Up.exe
2014-02-02 17:28 - 2014-02-05 21:07 - 00002080 _____ () C:\Users\User\Desktop\FSS.txt
2014-02-02 17:28 - 2014-02-02 17:28 - 00453632 _____ (Farbar) C:\Users\User\Desktop\FSS.exe
2014-02-02 17:25 - 2014-02-02 17:25 - 00002030 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk
2014-02-01 22:24 - 2014-02-01 22:24 - 00987425 _____ () C:\Users\User\Desktop\SecurityCheck.exe
2014-02-01 11:12 - 2014-02-01 11:12 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-01-30 22:16 - 2014-01-30 22:16 - 02347384 _____ (ESET) C:\Users\User\Desktop\esetsmartinstaller_enu.exe
2014-01-30 15:09 - 2014-02-05 20:48 - 00000710 _____ () C:\windows\setupact.log
2014-01-30 15:09 - 2014-01-30 15:09 - 00000000 _____ () C:\windows\setuperr.log
2014-01-29 18:53 - 2014-01-29 18:53 - 00000000 ____D () C:\windows\ERUNT
2014-01-29 18:39 - 2014-01-29 18:44 - 00000000 ____D () C:\AdwCleaner
2014-01-28 16:11 - 2014-01-29 17:24 - 00000000 ____D () C:\Program Files (x86)\McAfee Security Scan
2014-01-26 21:41 - 2014-01-26 21:41 - 00000000 ____D () C:\Users\User\AppData\Roaming\Malwarebytes
2014-01-26 21:40 - 2014-01-26 21:40 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-01-26 21:40 - 2014-01-26 21:40 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-26 21:40 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-01-26 19:09 - 2014-01-26 19:09 - 00000000 ____D () C:\Users\User\Documents\Any Video Converter
2014-01-26 19:08 - 2014-01-26 19:08 - 00000000 ____D () C:\Users\User\AppData\Roaming\AnvSoft
2014-01-26 19:08 - 2014-01-26 19:08 - 00000000 ____D () C:\Program Files (x86)\AnvSoft
2014-01-26 19:06 - 2014-01-26 19:07 - 37146216 _____ (Any-Video-Converter.com ) C:\Users\User\Downloads\avc-free.exe
2014-01-26 13:23 - 2014-02-05 21:09 - 00000000 ____D () C:\FRST
2014-01-26 13:22 - 2014-02-05 21:09 - 00000000 ____D () C:\Users\User\Downloads\Trojaner Board
2014-01-24 22:19 - 2014-01-24 22:22 - 00000000 ____D () C:\Users\User\Downloads\VWL
2014-01-24 21:30 - 2013-12-18 21:09 - 00096168 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2014-01-24 21:30 - 2013-12-18 21:04 - 00264616 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe
2014-01-24 21:30 - 2013-12-18 21:04 - 00175016 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe
2014-01-24 21:30 - 2013-12-18 21:03 - 00174504 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe
2014-01-24 21:29 - 2014-01-24 21:30 - 00005327 _____ () C:\windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-01-21 21:54 - 2014-01-21 21:54 - 00000000 ___SD () C:\Users\User\Documents\Meine Datenquellen
2014-01-19 17:17 - 2014-01-19 17:18 - 00000000 ____D () C:\ProgramData\TuneUp Software
2014-01-19 17:17 - 2014-01-19 17:17 - 00000000 __SHD () C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2014-01-19 17:17 - 2014-01-19 17:17 - 00000000 ____D () C:\Users\User\AppData\Roaming\TuneUp Software
2014-01-19 10:18 - 2014-01-19 10:18 - 00000000 ____D () C:\Users\User\Downloads\FOM
2014-01-15 16:15 - 2013-11-27 02:41 - 00343040 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbhub.sys
2014-01-15 16:15 - 2013-11-27 02:41 - 00325120 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbport.sys
2014-01-15 16:15 - 2013-11-27 02:41 - 00099840 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbccgp.sys
2014-01-15 16:15 - 2013-11-27 02:41 - 00053248 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbehci.sys
2014-01-15 16:15 - 2013-11-27 02:41 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbuhci.sys
2014-01-15 16:15 - 2013-11-27 02:41 - 00025600 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbohci.sys
2014-01-15 16:15 - 2013-11-27 02:41 - 00007808 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbd.sys
2014-01-15 16:15 - 2013-11-26 12:40 - 00376768 _____ (Microsoft Corporation) C:\windows\system32\Drivers\netio.sys
2014-01-15 16:15 - 2013-11-26 11:32 - 03156480 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-01-07 23:35 - 2014-01-07 23:35 - 00002050 _____ () C:\Users\Public\Desktop\Autodesk ReCap.lnk
2014-01-07 23:35 - 2014-01-07 23:35 - 00000000 ____D () C:\ProgramData\FARO
2014-01-07 23:30 - 2014-01-07 23:30 - 00001236 _____ () C:\Users\Public\Desktop\Autodesk Vault Basic 2014.lnk
2014-01-07 22:49 - 2014-01-07 22:49 - 00002238 _____ () C:\Users\Public\Desktop\Autodesk Inventor Professional 2014.lnk
2014-01-07 22:08 - 2014-01-07 22:08 - 00002014 _____ () C:\Users\Public\Desktop\Autodesk 360.lnk
2014-01-07 22:02 - 2014-01-07 22:02 - 00002146 _____ () C:\Users\Public\Desktop\DWG TrueView 2014.lnk
2014-01-07 22:00 - 2014-01-07 22:00 - 00000000 ____D () C:\Program Files (x86)\DWG TrueView 2014
2014-01-07 21:25 - 2014-01-07 21:26 - 00000000 ____D () C:\Users\User\AppData\Local\Akamai
2014-01-07 21:11 - 2014-01-08 19:20 - 00000000 ____D () C:\Users\User\Downloads\Autodesk Inventor 2014
==================== One Month Modified Files and Folders =======
2014-02-05 21:09 - 2014-01-26 13:23 - 00000000 ____D () C:\FRST
2014-02-05 21:09 - 2014-01-26 13:22 - 00000000 ____D () C:\Users\User\Downloads\Trojaner Board
2014-02-05 21:07 - 2014-02-02 17:28 - 00002080 _____ () C:\Users\User\Desktop\FSS.txt
2014-02-05 20:57 - 2009-07-14 05:45 - 00016080 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-05 20:57 - 2009-07-14 05:45 - 00016080 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-05 20:55 - 2009-07-14 18:58 - 00685804 _____ () C:\windows\system32\perfh007.dat
2014-02-05 20:55 - 2009-07-14 18:58 - 00145604 _____ () C:\windows\system32\perfc007.dat
2014-02-05 20:55 - 2009-07-14 06:13 - 01620612 _____ () C:\windows\system32\PerfStringBackup.INI
2014-02-05 20:54 - 2009-07-14 05:45 - 05226608 _____ () C:\windows\system32\FNTCACHE.DAT
2014-02-05 20:53 - 2012-08-27 21:00 - 00000000 ___RD () C:\Users\User\Dropbox
2014-02-05 20:53 - 2012-08-27 20:57 - 00000000 ____D () C:\Users\User\AppData\Roaming\Dropbox
2014-02-05 20:51 - 2013-06-28 18:14 - 00000000 ___RD () C:\Users\User\SkyDrive
2014-02-05 20:51 - 2009-07-14 19:18 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-02-05 20:49 - 2012-07-12 12:55 - 00179512 _____ () C:\Users\User\AppData\Local\GDIPFONTCACHEV1.DAT
2014-02-05 20:48 - 2014-01-30 15:09 - 00000710 _____ () C:\windows\setupact.log
2014-02-05 20:48 - 2009-07-14 06:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-02-05 20:47 - 2012-07-12 11:35 - 00521714 _____ () C:\windows\PFRO.log
2014-02-05 20:34 - 2014-02-05 20:19 - 00181064 _____ (Sysinternals) C:\windows\PSEXESVC.EXE
2014-02-05 20:32 - 2009-07-14 03:34 - 00000514 _____ () C:\windows\win.ini
2014-02-05 20:23 - 2012-07-12 11:38 - 01267426 _____ () C:\windows\WindowsUpdate.log
2014-02-05 20:17 - 2014-02-05 20:17 - 00000207 _____ () C:\windows\tweaking.com-regbackup-LAPTOPCARSTEN-Microsoft-Windows-7-Home-Premium-(64-bit).dat
2014-02-05 20:16 - 2014-02-05 20:16 - 00000000 ____D () C:\RegBackup
2014-02-05 19:05 - 2012-07-13 17:48 - 00000000 ____D () C:\Users\User\AppData\Local\Adobe
2014-02-04 18:14 - 2012-07-13 18:25 - 00000000 ____D () C:\Users\User\AppData\Local\Deployment
2014-02-04 15:12 - 2014-02-04 15:12 - 00009864 ____N () C:\bootsqm.dat
2014-02-03 22:08 - 2014-02-03 22:08 - 00000000 ____D () C:\Users\User\Downloads\Windows Repair
2014-02-03 22:08 - 2013-10-24 11:10 - 00000000 ____D () C:\Users\User\Downloads
2014-02-03 21:53 - 2012-07-13 16:15 - 00000000 ____D () C:\Users\User\Documents\Outlook-Dateien
2014-02-03 21:47 - 2014-02-03 21:47 - 00000364 _____ () C:\windows\Tasks\AdobeAAMUpdater-1.0-LAPTOPCARSTEN-User.job
2014-02-03 21:47 - 2014-02-03 21:45 - 00000000 ____D () C:\ProgramData\regid.1986-12.com.adobe
2014-02-03 21:46 - 2014-02-03 21:46 - 00000000 ____D () C:\Users\User\AppData\Roaming\PDAppFlex
2014-02-03 21:46 - 2012-07-13 16:07 - 00000000 ____D () C:\Users\User\AppData\Roaming\Adobe
2014-02-03 17:23 - 2012-10-05 17:50 - 00000000 ____D () C:\Program Files\Adobe
2014-02-03 17:20 - 2012-07-13 17:48 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-02-03 17:11 - 2010-09-20 19:51 - 00000000 ____D () C:\ProgramData\Adobe
2014-02-03 17:08 - 2014-02-03 17:08 - 00000000 ____D () C:\ProgramData\ALM
2014-02-03 17:08 - 2012-10-05 17:51 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-02-03 16:25 - 2014-02-03 16:25 - 00001070 _____ () C:\Users\Public\Desktop\Adobe Creative Cloud.lnk
2014-02-03 16:22 - 2014-02-03 16:22 - 02844536 _____ (Adobe Systems Incorporated) C:\Users\User\Downloads\CreativeCloudSet-Up.exe
2014-02-02 17:28 - 2014-02-02 17:28 - 00453632 _____ (Farbar) C:\Users\User\Desktop\FSS.exe
2014-02-02 17:25 - 2014-02-02 17:25 - 00002030 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk
2014-02-02 17:21 - 2012-07-13 17:53 - 00692616 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-02-02 17:21 - 2012-07-13 17:53 - 00071048 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-02 17:10 - 2012-07-12 13:15 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-02-02 17:04 - 2012-07-12 11:53 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-02-01 22:24 - 2014-02-01 22:24 - 00987425 _____ () C:\Users\User\Desktop\SecurityCheck.exe
2014-02-01 11:12 - 2014-02-01 11:12 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-01-30 22:16 - 2014-01-30 22:16 - 02347384 _____ (ESET) C:\Users\User\Desktop\esetsmartinstaller_enu.exe
2014-01-30 15:09 - 2014-01-30 15:09 - 00000000 _____ () C:\windows\setuperr.log
2014-01-29 20:19 - 2012-07-17 20:06 - 00000000 ____D () C:\windows\Minidump
2014-01-29 18:53 - 2014-01-29 18:53 - 00000000 ____D () C:\windows\ERUNT
2014-01-29 18:44 - 2014-01-29 18:39 - 00000000 ____D () C:\AdwCleaner
2014-01-29 17:24 - 2014-01-28 16:11 - 00000000 ____D () C:\Program Files (x86)\McAfee Security Scan
2014-01-28 16:11 - 2010-09-20 20:11 - 00000000 ____D () C:\ProgramData\McAfee
2014-01-26 21:41 - 2014-01-26 21:41 - 00000000 ____D () C:\Users\User\AppData\Roaming\Malwarebytes
2014-01-26 21:40 - 2014-01-26 21:40 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-01-26 21:40 - 2014-01-26 21:40 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-26 21:19 - 2012-07-13 18:08 - 00000000 ____D () C:\Users\User\AppData\Roaming\UseNeXT
2014-01-26 21:09 - 2012-07-13 18:08 - 00000000 ____D () C:\Users\User\Documents
2014-01-26 19:09 - 2014-01-26 19:09 - 00000000 ____D () C:\Users\User\Documents\Any Video Converter
2014-01-26 19:08 - 2014-01-26 19:08 - 00000000 ____D () C:\Users\User\AppData\Roaming\AnvSoft
2014-01-26 19:08 - 2014-01-26 19:08 - 00000000 ____D () C:\Program Files (x86)\AnvSoft
2014-01-26 19:07 - 2014-01-26 19:06 - 37146216 _____ (Any-Video-Converter.com ) C:\Users\User\Downloads\avc-free.exe
2014-01-26 17:17 - 2013-01-13 21:03 - 00000000 ____D () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Apache Friends
2014-01-24 22:22 - 2014-01-24 22:19 - 00000000 ____D () C:\Users\User\Downloads\VWL
2014-01-24 21:30 - 2014-01-24 21:29 - 00005327 _____ () C:\windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-01-24 21:30 - 2013-10-18 19:24 - 00000000 ____D () C:\ProgramData\Oracle
2014-01-24 21:30 - 2010-09-20 19:44 - 00000000 ____D () C:\Program Files (x86)\Java
2014-01-24 21:24 - 2012-07-12 12:55 - 00000000 ____D () C:\Users\User\AppData\Roaming\Toshiba
2014-01-23 18:39 - 2012-07-13 14:45 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-01-23 18:38 - 2012-09-12 16:49 - 00000039 _____ () C:\windows\vbaddin.ini
2014-01-21 21:54 - 2014-01-21 21:54 - 00000000 ___SD () C:\Users\User\Documents\Meine Datenquellen
2014-01-21 19:00 - 2012-07-14 15:24 - 00000000 ____D () C:\Users\User\AppData\Roaming\Nitro PDF
2014-01-19 17:48 - 2013-04-16 18:14 - 00000000 ____D () C:\Program Files (x86)\UltraMixer
2014-01-19 17:18 - 2014-01-19 17:17 - 00000000 ____D () C:\ProgramData\TuneUp Software
2014-01-19 17:17 - 2014-01-19 17:17 - 00000000 __SHD () C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2014-01-19 17:17 - 2014-01-19 17:17 - 00000000 ____D () C:\Users\User\AppData\Roaming\TuneUp Software
2014-01-19 14:43 - 2012-08-03 14:43 - 00000000 ____D () C:\Users\User\AppData\Roaming\Skype
2014-01-19 10:18 - 2014-01-19 10:18 - 00000000 ____D () C:\Users\User\Downloads\FOM
2014-01-19 09:40 - 2010-09-20 20:02 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-01-19 09:40 - 2010-09-20 20:02 - 00000000 ____D () C:\ProgramData\Skype
2014-01-15 20:49 - 2013-08-18 21:02 - 00000000 ____D () C:\windows\system32\MRT
2014-01-15 20:46 - 2012-07-17 13:45 - 86054176 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-01-15 18:19 - 2013-11-13 15:53 - 00000000 ____D () C:\Users\User\AppData\Roaming\vlc
2014-01-15 17:58 - 2013-05-15 17:32 - 00000000 ____D () C:\Users\User\AppData\Roaming\dvdcss
2014-01-11 12:39 - 2012-07-30 17:29 - 00000000 ____D () C:\Users\User\AppData\Roaming\Autodesk
2014-01-08 22:49 - 2012-07-29 09:41 - 01594892 _____ () C:\windows\SysWOW64\PerfStringBackup.INI
2014-01-08 22:33 - 2012-07-31 20:55 - 00000000 ____D () C:\Users\User\AppData\Local\Autodesk,_Inc
2014-01-08 19:20 - 2014-01-07 21:11 - 00000000 ____D () C:\Users\User\Downloads\Autodesk Inventor 2014
2014-01-07 23:35 - 2014-01-07 23:35 - 00002050 _____ () C:\Users\Public\Desktop\Autodesk ReCap.lnk
2014-01-07 23:35 - 2014-01-07 23:35 - 00000000 ____D () C:\ProgramData\FARO
2014-01-07 23:35 - 2012-07-31 14:39 - 00000000 ____D () C:\Program Files\Autodesk
2014-01-07 23:35 - 2012-07-30 17:29 - 00000000 ____D () C:\ProgramData\Autodesk
2014-01-07 23:30 - 2014-01-07 23:30 - 00001236 _____ () C:\Users\Public\Desktop\Autodesk Vault Basic 2014.lnk
2014-01-07 23:30 - 2012-07-31 14:51 - 00000000 ____D () C:\Users\User\Documents\Inventor
2014-01-07 23:30 - 2012-07-31 14:42 - 00000000 ____D () C:\Users\Public\Documents\Autodesk
2014-01-07 22:53 - 2012-07-31 14:39 - 00000000 ____D () C:\Users\User\AppData\Local\Autodesk
2014-01-07 22:49 - 2014-01-07 22:49 - 00002238 _____ () C:\Users\Public\Desktop\Autodesk Inventor Professional 2014.lnk
2014-01-07 22:47 - 2012-10-26 20:12 - 00000000 ____D () C:\Program Files\Common Files\Autodesk Shared
2014-01-07 22:08 - 2014-01-07 22:08 - 00002014 _____ () C:\Users\Public\Desktop\Autodesk 360.lnk
2014-01-07 22:02 - 2014-01-07 22:02 - 00002146 _____ () C:\Users\Public\Desktop\DWG TrueView 2014.lnk
2014-01-07 22:00 - 2014-01-07 22:00 - 00000000 ____D () C:\Program Files (x86)\DWG TrueView 2014
2014-01-07 21:47 - 2009-07-14 04:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-01-07 21:26 - 2014-01-07 21:25 - 00000000 ____D () C:\Users\User\AppData\Local\Akamai
2014-01-07 21:25 - 2012-07-31 14:12 - 00000000 ____D () C:\Autodesk
2014-01-07 20:47 - 2012-08-27 21:00 - 00001031 _____ () C:\Users\User\Desktop\Dropbox.lnk
2014-01-07 20:47 - 2012-08-27 20:58 - 00000000 ____D () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-01-07 20:47 - 2012-07-12 12:49 - 00000000 ___RD () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Some content of TEMP:
====================
C:\Users\User\AppData\Local\Temp\avgnt.exe
C:\Users\User\AppData\Local\Temp\Creative Cloud Helper.exe
C:\Users\User\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-09-04 20:59
==================== End Of Log ============================
--- --- --- --- --- --- Das Problem was ich habe, das der Laptop echt langsam geworden ist, weiß aber nicht, ob das nun durch die ganzen Aktionen gekommen ist, oder ob das vorher auch schon so langsam war...  |
|
06.02.2014, 15:04
| #14 |
| /// the machine /// TB-Ausbilder | Search Protect - Conduit kann nicht deinstalliert werden bei was ist er langsam?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
07.02.2014, 18:22
| #15 |
| | Search Protect - Conduit kann nicht deinstalliert werden Wenn man den Laptop hoch fährt, dann dauert es verdammt lange, bis alles gestartet ist. Meine das ging vorher schneller. Sonst läuft er, wenn alles hochgefahren ist, wieder echt gut. |
|
| Themen zu Search Protect - Conduit kann nicht deinstalliert werden |
| 64 bit, deinstalliere, deinstallieren, glaube, hoffe, liebe, problem, pup.bprotector, pup.optional.babylon.a, pup.optional.bprotector.a, pup.optional.conduit.a, pup.optional.datamngr.a, pup.optional.delta.a, pup.optional.filescout.a, pup.optional.filesfrog.a, pup.optional.opencandy, pup.optional.searchprotect.a, pup.optional.somoto.a, search, systemsteuerung, troja, trojaner, windows 7, würde |
Linear-Darstellung
