Firefox öffnet selbständig neuen Tab zu Systweak/Reg cleaner pro

windchill · 10.02.2014, 21:27

Guten Abend,

ich habe leider das im Titel angegebene Problem. Das erste Mal trat es gestern Abend auf. Da ich außer Ebay keine weiteren Seiten geöffnet hatte, war ich stutzig geworden. Vorher hatte ich noch einen vollständigen Suchlauf mit Kaspersky gemacht und nix gefunden. Nach dem Auftreten des Kuriosums habe ich einen vollständigen Suchlauf mit Malwarebytes gemacht und da wurde auch nix gefunden.

Code:

ATTFilter

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2014.02.09.06

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Michael (Admin) :: SCHLEPPTOPF-PC [Administrator]

09.02.2014 20:46:38
mbam-log-2014-02-09 (20-46-38).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 473580
Laufzeit: 2 Stunde(n), 11 Minute(n), 37 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Heute Abend habe ich noch einen Suchlauf mit FRST gemacht. Hier die Logfiles:

FRST.txt:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 10-02-2014
Ran by Michael (ATTENTION: The logged in user is not administrator) on SCHLEPPTOPF-PC on 10-02-2014 20:11:04
Running from C:\Users\Michael\Desktop
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ 
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ 
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
() C:\Windows\tsnp2uvc.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Microsoft Corporation) C:\Windows\system32\wbem\unsecapp.exe
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\klwtblfs.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\IELowutil.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [NvCplDaemon] - C:\Windows\system32\NvCpl.dll [13605408 2009-02-10] (NVIDIA Corporation)
HKLM\...\Run: [NvMediaCenter] - C:\Windows\system32\NvMcTray.dll [92704 2009-02-10] (NVIDIA Corporation)
HKLM\...\Run: [RtHDVCpl] - C:\Windows\RtHDVCpl.exe [6265376 2008-07-24] (Realtek Semiconductor)
HKLM\...\Run: [tsnp2uvc] - C:\Windows\tsnp2uvc.exe [233472 2008-08-28] ()
HKLM\...\Run: [COMODO Firewall Pro] - "C:\Program Files\COMODO\Firewall\cfp.exe" -h
HKLM\...\Run: [WPCUMI] - C:\Windows\system32\WpcUmi.exe [176128 2006-11-02] (Microsoft Corporation)
HKLM\...\Run: [Skytel] - C:\Windows\Skytel.exe [1833504 2008-07-24] (Realtek Semiconductor Corp.)
HKLM\...\Run: [F-Secure Hoster (666)] - "C:\Program Files\F-Secure\fshoster32.exe" -app -hosterid:1
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\RunOnce: [*WerKernelReporting] - %SYSTEMROOT%\SYSTEM32\WerFault.exe -k -rq [217088 2009-04-11] (Microsoft Corporation)
HKLM\...\RunOnce: [ Malwarebytes Anti-Malware ] - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [532040 2013-04-04] (Malwarebytes Corporation)
HKU\.DEFAULT\...\Run: [MsnMsgr] - C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [3885408 2009-02-06] (Microsoft Corporation)
HKU\S-1-5-21-399314428-2372084609-4159001784-1003\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-399314428-2372084609-4159001784-1003\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-399314428-2372084609-4159001784-1003\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-399314428-2372084609-4159001784-1003\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-399314428-2372084609-4159001784-1003\...\MountPoints2: {07279b00-a77f-11dd-a0df-806e6f6e6963} - E:\autorun.exe
HKU\S-1-5-21-399314428-2372084609-4159001784-1003\...\MountPoints2: {f0acdc93-26fb-11e1-8510-001f1609b82b} - G:\AutoRun.exe
HKU\S-1-5-21-399314428-2372084609-4159001784-1003\...\MountPoints2: {f0acdca5-26fb-11e1-8510-001f1609b82b} - G:\AutoRun.exe
HKU\S-1-5-21-399314428-2372084609-4159001784-1003\...\MountPoints2: {f0acdcaf-26fb-11e1-8510-001f1609b82b} - G:\AutoRun.exe
HKU\S-1-5-21-399314428-2372084609-4159001784-1003\...\MountPoints2: {f0acdcb3-26fb-11e1-8510-001f1609b82b} - G:\AutoRun.exe
Lsa: [Notification Packages] C:\Program Files\EgisTec\VITAKEY\PwdFilter
Startup: C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office 2010\Office14\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.gmx.net/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/
HKCU\Software\Microsoft\Internet Explorer\Main,ICQ Search = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {6552C7DD-90A4-4387-B795-F8F96747DE19} URL = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
BHO: No Name - {53707962-6F74-2D53-2644-206D7942484F} -  No File
BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 2010\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\ye3p2czc.default
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.gmx.net/
FF Keyword.URL: hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.9&q=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_44.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MI7967~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.3 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MI7967~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=14.0.8064.0206 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\ye3p2czc.default\searchplugins\icqplugin-1.xml
FF SearchPlugin: C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\ye3p2czc.default\searchplugins\icqplugin.xml
FF SearchPlugin: C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\ye3p2czc.default\searchplugins\searchplugins-backup
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Flash Video Downloader - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\ye3p2czc.default\Extensions\artur.dubovoy@gmail.com [2014-01-25]
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\ye3p2czc.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi [2012-10-06]
FF Extension: NoScript - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\ye3p2czc.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2011-07-24]
FF Extension: Click to call with Skype - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-12-23]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM\...\Firefox\Extensions:  - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com [2014-01-08]
FF HKLM\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-01-08]
FF HKLM\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: Dangerous Websites Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com [2014-01-08]
FF HKLM\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com
FF Extension: Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com [2014-01-08]
FF HKLM\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com [2014-01-08]

========================== Services (Whitelisted) =================

R2 AVerRemote; C:\Program Files\Common Files\AVerMedia\Service\AVerRemote.exe [344064 2009-04-08] (AVerMedia)
R2 AVerScheduleService; C:\Program Files\Common Files\AVerMedia\Service\AVerScheduleService.exe [405504 2008-12-09] ()
R2 avp; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [214512 2013-10-17] (Kaspersky Lab ZAO)
R2 CVPND; C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [1528608 2008-04-17] (Cisco Systems, Inc.)
R2 IGBASVC; C:\Program Files\EgisTec\VITAKEY\BASVC.exe [2180392 2008-08-29] ()
R2 iphlpsvc; C:\Windows\System32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
R2 lmhosts; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
R2 MWLService; C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe [304688 2008-08-04] (EgisTec Inc.)
R2 NlaSvc; C:\Windows\System32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
R2 nsi; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
R2 ProtexisLicensing; C:\Windows\system32\PSIService.exe [177704 2007-06-05] ()
R2 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [241734 2008-06-29] ()
R2 srvcPVR; C:\Program Files\Sceneo\AbsolutTV\Services\PVR\PVRService.exe [1801216 2008-02-28] (Buhl Data Service GmbH)
R2 x10nets; C:\Program Files\Common Files\X10\Common\X10nets.exe [20480 2001-11-12] (X10)

==================== Drivers (Whitelisted) ====================

S3 AVerAF15DMBTH; C:\Windows\System32\Drivers\AVerAF15DMBTH.sys [487168 2009-01-05] (AVerMedia TECHNOLOGIES, Inc.)
S3 CVirtA; C:\Windows\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.)
R2 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [306299 2008-04-17] (Cisco Systems, Inc.)
R3 DNE; C:\Windows\System32\DRIVERS\dne2000.sys [125328 2008-03-29] (Deterministic Networks, Inc.)
R2 FPSensor; C:\Windows\System32\Drivers\FPSensor.sys [26920 2008-08-28] (LTT)
R0 FPWinIo; C:\Windows\System32\DRIVERS\FPWinIo.sys [66856 2008-08-28] ()
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [135776 2014-01-12] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [574560 2014-01-12] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [25696 2013-10-17] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [25696 2013-10-17] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [25696 2013-10-17] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [14432 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [45024 2013-05-14] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [144992 2014-01-12] (Kaspersky Lab ZAO)
R2 mwlPSDFilter; C:\Windows\System32\DRIVERS\mwlPSDFilter.sys [19504 2008-08-04] (Egis Incorporated.)
R2 mwlPSDNServ; C:\Windows\System32\DRIVERS\mwlPSDNServ.sys [16432 2008-08-04] (Egis Incorporated.)
R2 mwlPSDVDisk; C:\Windows\System32\DRIVERS\mwlPSDVDisk.sys [59952 2008-08-04] (Egis Incorporated.)
S3 PhilCap; C:\Windows\System32\DRIVERS\PhilCap.sys [908896 2007-07-31] (NXP Semiconductors Germany GmbH)
S3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1753984 2008-07-10] ()
R3 X10Hid; C:\Windows\System32\Drivers\x10hid.sys [13976 2006-11-17] (X10 Wireless Technology, Inc.)
R3 XUIF; C:\Windows\System32\Drivers\x10ufx2.sys [27416 2006-11-30] (X10 Wireless Technology, Inc.)
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [94304 2013-06-08] (Kaspersky Lab ZAO)
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-02-10 20:11 - 2014-02-10 20:11 - 00017645 _____ () C:\Users\Michael\Desktop\FRST.txt
2014-02-10 20:10 - 2014-02-10 20:11 - 00000000 ____D () C:\FRST
2014-02-10 19:45 - 2014-02-10 19:45 - 01139200 _____ (Farbar) C:\Users\Michael\Desktop\FRST.exe
2014-02-09 20:45 - 2014-02-09 20:45 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\Malwarebytes
2014-01-15 11:16 - 2013-12-18 21:10 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-01-15 11:16 - 2013-12-18 21:04 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-01-15 11:16 - 2013-12-18 21:04 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-01-15 11:16 - 2013-12-18 21:03 - 00174504 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-01-15 11:15 - 2014-01-15 11:16 - 00005315 _____ () C:\Windows\system32\jupdate-1.7.0_51-b13.log

==================== One Month Modified Files and Folders =======

2014-02-10 20:11 - 2014-02-10 20:11 - 00017645 _____ () C:\Users\Michael\Desktop\FRST.txt
2014-02-10 20:11 - 2014-02-10 20:10 - 00000000 ____D () C:\FRST
2014-02-10 20:10 - 2008-08-28 06:26 - 00000438 ____H () C:\Windows\Tasks\User_Feed_Synchronization-{103B65BD-4798-4CA0-9487-EB211B637804}.job
2014-02-10 20:05 - 2012-04-01 18:23 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-02-10 20:05 - 2011-05-20 10:52 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-02-10 20:05 - 2008-10-31 21:16 - 01830276 _____ () C:\Windows\WindowsUpdate.log
2014-02-10 20:04 - 2006-11-02 11:33 - 01567488 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-10 20:03 - 2008-08-28 05:28 - 00220409 _____ () C:\ProgramData\nvModes.001
2014-02-10 20:03 - 2008-08-28 05:22 - 00220409 _____ () C:\ProgramData\nvModes.dat
2014-02-10 20:02 - 2013-03-30 16:27 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-02-10 20:02 - 2013-01-26 00:58 - 00001112 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-10 19:59 - 2006-11-02 13:37 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-02-10 19:57 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-10 19:57 - 2006-11-02 13:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-10 19:57 - 2006-11-02 13:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-10 19:55 - 2008-08-28 03:21 - 00000012 _____ () C:\Windows\bthservsdp.dat
2014-02-10 19:55 - 2006-11-02 14:01 - 00032558 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-02-10 19:47 - 2013-01-26 00:58 - 00001116 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-10 19:45 - 2014-02-10 19:45 - 01139200 _____ (Farbar) C:\Users\Michael\Desktop\FRST.exe
2014-02-09 20:45 - 2014-02-09 20:45 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\Malwarebytes
2014-02-09 17:37 - 2008-11-10 14:44 - 00000680 _____ () C:\Users\Michael\AppData\Local\d3d9caps.dat
2014-02-07 22:03 - 2008-11-06 16:39 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\Skype
2014-02-04 21:36 - 2010-02-10 21:59 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\vlc
2014-02-04 21:20 - 2008-11-01 23:57 - 00000000 ____D () C:\xx
2014-01-16 08:10 - 2008-08-28 09:53 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-01-16 08:08 - 2013-08-26 02:12 - 00000000 ____D () C:\Windows\system32\MRT
2014-01-16 08:05 - 2006-11-02 11:24 - 83425928 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-01-15 11:16 - 2014-01-15 11:15 - 00005315 _____ () C:\Windows\system32\jupdate-1.7.0_51-b13.log
2014-01-15 11:16 - 2013-06-23 17:39 - 00000000 ____D () C:\Program Files\Java
2014-01-12 22:07 - 2013-10-17 15:47 - 00574560 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys
2014-01-12 22:07 - 2013-10-17 15:47 - 00135776 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\kl1.sys
2014-01-12 22:07 - 2013-06-06 17:38 - 00144992 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\kneps.sys

Some content of TEMP:
====================
C:\Users\Mama\AppData\Local\Temp\SearchWithGoogleUpdate.exe
C:\Users\Michael\AppData\Local\Temp\AskSLib.dll
C:\Users\Michael\AppData\Local\Temp\autorun.dll


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================

Addition.txt:

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 10-02-2014
Ran by Michael at 2014-02-10 20:11:32
Running from C:\Users\Michael\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Kaspersky Internet Security (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
AS: Kaspersky Internet Security (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}

==================== Installed Programs ======================

 Update for Microsoft Office 2007 (KB2508958) (Version:  - Microsoft)
7-Zip 9.20 (Version:  - )
Activation Assistant for the 2007 Microsoft Office suites (Version:  - Microsoft Corporation)
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0 - Microsoft Corporation) Hidden
Adobe Flash Player 12 Plugin (Version: 12.0.0.44 - Adobe Systems Incorporated)
Adobe Flash Player ActiveX (Version: 9.0.124.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) - Deutsch (Version: 11.0.06 - Adobe Systems Incorporated)
Adobe Shockwave Player 11 (Version: 11 - Adobe Systems, Inc.)
Any Video Converter 5 5.0.4 (Version:  - Any-Video-Converter.com)
AVerMedia A850 USB DMB-TH 1.0.0.26 (Version: 1.0.0.26 - AVerMedia TECHNOLOGIES, Inc.)
AVerTV (Version: 6.0.18 - AVerMedia Technologies, Inc.)
AVerTV (Version: 6.0.18 - AVerMedia Technologies, Inc.) Hidden
Bing Bar (Version: 7.0.850.0 - Microsoft Corporation)
CCleaner (Version: 3.22 - Piriform)
Choice Guard (Version: 1.2.87.0 - Microsoft Corporation) Hidden
Cisco Systems VPN Client 5.0.03.0530 (Version: 5.0.3 - Cisco Systems, Inc.)
Click to Call with Skype (Version: 5.6.8153 - Skype Technologies S.A.)
Compatibility Pack für 2007 Office System (Version: 12.0.6612.1000 - Microsoft Corporation)
Corel MediaOne (Version: 2.00.0000 - Corel Corporation)
CorelDRAW Essential Edition 3 (Version:  - Corel Corporation)
CorelDRAW Essential Edition 3 (Version: 3.0 - Corel Corporation) Hidden
CyberLink MediaShow (Version: 4.1.2014 - CyberLink Corp.)
CyberLink MediaShow (Version: 4.1.2014 - CyberLink Corp.) Hidden
CyberLink PhotoNow (Version: 1.1.5203 - CyberLink Corp.)
CyberLink PhotoNow (Version: 1.1.5203 - CyberLink Corp.) Hidden
CyberLink PowerDirector (Version: 7.0.2014 - CyberLink Corp.)
CyberLink PowerDirector (Version: 7.0.2014 - CyberLink Corp.) Hidden
CyberLink PowerProducer (Version: 5.0815 - CyberLink Corp.)
CyberLink PowerProducer (Version: 5.0815 - CyberLink Corp.) Hidden
CyberLink YouCam (Version: 2.0.1916 - CyberLink Corp.)
CyberLink YouCam (Version: 2.0.1916 - CyberLink Corp.) Hidden
DE (Version: 3.0 - Corel Corporation) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (Version:  - Microsoft)
e-Wörterbücher (Version:  - )
FILEminimizer Pictures (Version:  - balesio AG)
Foxlink Webcam (Version: 5.8.48000.201_WHQL - Sonix)
Freeciv 2.1.9 (GTK+ client) (Version:  - )
Garmin BaseCamp (Version: 3.2.2 - Garmin Ltd or its subsidiaries)
Garmin USB Drivers (Version: 2.3.0.0 - Garmin Ltd or its subsidiaries)
Google Earth Plug-in (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.22.3 - Google Inc.) Hidden
ICQ6.5 (Version: 6.5 - ICQ)
ICQ7.5 (HKCU Version: 7.5 - ICQ)
Java 7 Update 51 (Version: 7.0.510 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Junk Mail filter update (Version: 14.0.8064.206 - Microsoft Corporation) Hidden
Kaspersky Internet Security (Version: 14.0.0.4651 - Kaspersky Lab)
Kaspersky Internet Security (Version: 14.0.0.4651 - Kaspersky Lab) Hidden
Letstrade (Version: 1.00.0000 - Buhl Data Service)
LetsTrade Komponenten (Version:  - )
MakeDisc (Version: 3.0.2601 - CyberLink Corp.)
Malwarebytes Anti-Malware Version 1.75.0.1300 (Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 3.5 SP1 (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Fix it Center (Version: 1.0.0100 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Access MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2010 (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office OneNote MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint Viewer 2007 (German) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Publisher MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [DEU] (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (Version: 9.7.0621 - Microsoft Corporation)
Mozilla Firefox 26.0 (x86 de) (Version: 26.0 - Mozilla)
Mozilla Maintenance Service (Version: 26.0 - Mozilla)
Mozilla Thunderbird (3.1.7) (Version: 3.1.7 (de) - Mozilla)
MSVCRT (Version: 14.0.1468.721 - Microsoft) Hidden
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB941833) (Version: 4.20.9849.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0 - Microsoft Corporation)
MyWinLocker 3 (Version: 3.1.20.0 - EgisTec)
Nero 8 Essentials (Version: 8.3.124 - Nero AG)
neroxml (Version: 1.0.0 - Nero AG) Hidden
NVIDIA Drivers (Version: 1.4 - NVIDIA Corporation)
OpenOffice.org 3.0 (Version: 3.0.9358 - OpenOffice.org)
PowerDVD (Version: 7.0.3118.0 - PowerDVDCorp.)
Realtek 8169 8168 8101E 8102E Ethernet Driver (Version: 1.00.0000 - Realtek)
Realtek High Definition Audio Driver (Version: 6.0.1.5672 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (Version: 3.0.1.3 - Realtek Semiconductor Corp.)
Sceneo AbsolutTV (Version:  - )
Schiff-Simulator 2008 (Version:  - )
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (Version:  - Microsoft) Hidden
Skype™ 5.10 (Version: 5.10.116 - Skype Technologies S.A.)
Spelling Dictionaries Support For Adobe Reader 9 (Version: 9.0.0 - Adobe Systems Incorporated)
TVsweeper 3 (Version: 3.0.3 - Sonavis)
Update for 2007 Microsoft Office System (KB967642) (Version:  - Microsoft)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (Version:  - Microsoft)
Update Manager (Version: 4.60 - Corel Corporation) Hidden
VCRedistSetup (Version: 1.0.0 - Nero AG) Hidden
VITAKEY (Version: 6.0.1.41 - EgisTec)
VITAKEY (Version: 6.0.1.41 - EgisTec) Hidden
VLC media player 1.0.5 (Version: 1.0.5 - VideoLAN Team)
waterMark V2 (Version:  - )
Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (06/03/2009 2.3.0.0) (Version: 06/03/2009 2.3.0.0 - Garmin)
Windows Live Call (Version: 14.0.8064.0206 - Microsoft Corporation) Hidden
Windows Live Communications Platform (Version: 14.0.8064.206 - Microsoft Corporation) Hidden
Windows Live Essentials (Version: 14.0.8064.0206 - Microsoft Corporation)
Windows Live Essentials (Version: 14.0.8064.206 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 14.0.8064.206 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (Version: 14.0.8064.206 - Microsoft Corporation) Hidden
Windows Live ID-Anmelde-Assistent (Version: 6.500.3165.0 - Microsoft Corporation)
Windows Live Mail (Version: 14.0.8064.0206 - Microsoft Corporation) Hidden
Windows Live Messenger (Version: 14.0.8064.0206 - Microsoft Corporation) Hidden
Windows Live Movie Maker-Betaversion (Version: 14.0.8064.0206 - Microsoft Corporation) Hidden
Windows Live Sync (Version: 14.0.8064.206 - Microsoft Corporation)
Windows Live Writer (Version: 14.0.8064.0206 - Microsoft Corporation) Hidden
Windows Live-Uploadtool (Version: 14.0.8014.1029 - Microsoft Corporation)
WISO Mein Geld 2008 Professional (Version: 9.00.01.0023 - Buhl Data Service GmbH)
X10 Hardware(TM) (Version:  - )
Youtube Downloader HD v. 2.6 (Version:  - YoutubeDownloaderHD.com)

==================== Restore Points  =========================

Could not list Restore Points. Check "winmgmt" service or repair WMI.


==================== Hosts content: ==========================

2006-11-02 11:23 - 2012-10-04 22:01 - 00444414 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
127.0.0.1	www.007guard.com
127.0.0.1	007guard.com
127.0.0.1	008i.com
127.0.0.1	www.008k.com
127.0.0.1	008k.com
127.0.0.1	www.00hq.com
127.0.0.1	00hq.com
127.0.0.1	010402.com
127.0.0.1	www.032439.com
127.0.0.1	032439.com
127.0.0.1	www.0scan.com
127.0.0.1	0scan.com
127.0.0.1	100888290cs.com
127.0.0.1	www.100888290cs.com
127.0.0.1	www.100sexlinks.com
127.0.0.1	100sexlinks.com
127.0.0.1	10sek.com
127.0.0.1	www.10sek.com
127.0.0.1	123topsearch.com
127.0.0.1	www.123topsearch.com
127.0.0.1	132.com
127.0.0.1	www.132.com
127.0.0.1	www.136136.net
127.0.0.1	136136.net
127.0.0.1	163ns.com
127.0.0.1	www.163ns.com
127.0.0.1	171203.com
127.0.0.1	17-plus.com

There are 1000 more lines.


==================== Scheduled Tasks (whitelisted) =============

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => ?
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => ?
Task: C:\Windows\Tasks\User_Feed_Synchronization-{103B65BD-4798-4CA0-9487-EB211B637804}.job => ?

==================== Loaded Modules (whitelisted) =============

2013-06-17 12:35 - 2013-06-17 12:35 - 00478400 _____ () C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\dblite.dll
2008-08-28 10:58 - 2008-08-28 14:03 - 00233472 _____ () C:\Windows\tsnp2uvc.exe

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Faulty Device Manager Devices =============

Name: Microsoft-ISATAP-Adapter
Description: Microsoft-ISATAP-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Cisco Systems VPN Adapter
Description: Cisco Systems VPN Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: CVirtA
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Could not start eventlog service, could not read events.

Systemfehler 5 aufgetreten.

Zugriff verweigert


==================== Memory info =========================== 

Percentage of memory in use: 39%
Total physical RAM: 3065.96 MB
Available physical RAM: 1861.71 MB
Total Pagefile: 6332.89 MB
Available Pagefile: 4998.82 MB
Total Virtual: 2047.88 MB
Available Virtual: 1892.45 MB

==================== Drives ================================

Drive c: (BOOT) (Fixed) (Total:278.32 GB) (Free:62.49 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (RECOVER) (Fixed) (Total:19.76 GB) (Free:7.11 GB) FAT32

==================== MBR & Partition Table ==================

==================== End Of Log ============================

Vielen Dank schonmal im Voraus

schrauber · 10.02.2014, 22:33

hi,

Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

WICHTIG: Speichere Combofix auf deinem Desktop.

Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!

Wenn Combofix fertig ist, wird es ein Logfile erstellen.

Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

windchill · 11.02.2014, 21:13

Ich kann den Explorer nicht mehr öffnen. Ist das normal? Allerdings habe ich noch keinen Neustart gemacht. Hier die log.txt

Code:

ATTFilter

ComboFix 14-02-11.01 - Michael (Admin) 11.02.2014  20:51:12.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.3066.1516 [GMT 1:00]
ausgeführt von:: c:\users\Michael\Desktop\ComboFix.exe
AV: Kaspersky Internet Security *Disabled/Updated* {179979E8-273D-D14E-0543-2861940E4886}
FW: Kaspersky Internet Security *Disabled* {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}
SP: Kaspersky Internet Security *Disabled/Updated* {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\windows\system32\pthreadVC.dll
.
.
(((((((((((((((((((((((   Dateien erstellt von 2014-01-11 bis 2014-02-11  ))))))))))))))))))))))))))))))
.
.
2014-02-11 19:57 . 2014-02-11 19:58	--------	d-----w-	c:\users\Michael (Admin)\AppData\Local\temp
2014-02-11 19:57 . 2014-02-11 19:57	--------	d-----w-	c:\users\Mama\AppData\Local\temp
2014-02-11 19:57 . 2014-02-11 19:57	--------	d-----w-	c:\users\Default\AppData\Local\temp
2014-02-10 19:10 . 2014-02-10 20:32	--------	d-----w-	C:\FRST
2014-02-09 19:45 . 2014-02-09 19:45	--------	d-----w-	c:\users\Michael\AppData\Roaming\Malwarebytes
2014-01-15 10:16 . 2013-12-18 20:10	94632	----a-w-	c:\windows\system32\WindowsAccessBridge.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-02-10 19:05 . 2012-04-01 17:23	692616	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2014-02-10 19:05 . 2011-05-20 09:52	71048	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2014-01-12 21:07 . 2013-10-17 14:47	135776	----a-w-	c:\windows\system32\drivers\kl1.sys
2014-01-12 21:07 . 2013-06-06 16:38	144992	----a-w-	c:\windows\system32\drivers\kneps.sys
2013-11-14 22:50 . 2013-12-14 00:44	1806848	----a-w-	c:\windows\system32\jscript9.dll
2013-11-14 22:42 . 2013-12-14 00:44	1129472	----a-w-	c:\windows\system32\wininet.dll
2013-11-14 22:42 . 2013-12-14 00:44	1427968	----a-w-	c:\windows\system32\inetcpl.cpl
2013-11-14 22:38 . 2013-12-14 00:44	142848	----a-w-	c:\windows\system32\ieUnatt.exe
2013-11-14 22:38 . 2013-12-14 00:44	420864	----a-w-	c:\windows\system32\vbscript.dll
2013-11-14 22:35 . 2013-12-14 00:44	2382848	----a-w-	c:\windows\system32\mshtml.tlb
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-08-04 14:45	40496	----a-w-	c:\program files\EgisTec\MyWinLocker 3\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"="oobefldr.dll" [2009-04-11 2153472]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-02-10 13605408]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-02-10 92704]
"RtHDVCpl"="RtHDVCpl.exe" [2008-07-24 6265376]
"tsnp2uvc"="c:\windows\tsnp2uvc.exe" [2008-08-28 233472]
"WPCUMI"="c:\windows\system32\WpcUmi.exe" [2006-11-02 176128]
"Skytel"="Skytel.exe" [2008-07-24 1833504]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"*WerKernelReporting"="c:\windows\SYSTEM32\WerFault.exe" [2009-04-11 217088]
" Malwarebytes Anti-Malware "="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2013-04-04 532040]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408]
.
c:\users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680]
OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files\Microsoft Office 2010\Office14\ONENOTEM.EXE /tsr [2013-6-25 228552]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages	REG_MULTI_SZ   	c:\program files\EgisTec\VITAKEY\PwdFilter
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^AVer HID Receiver.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\AVer HID Receiver.lnk
backup=c:\windows\pss\AVer HID Receiver.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^AVerQuick.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\AVerQuick.lnk
backup=c:\windows\pss\AVerQuick.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^VPN Client.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\VPN Client.lnk
backup=c:\windows\pss\VPN Client.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Michael (Admin)^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.0.lnk]
path=c:\users\Michael (Admin)\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk
backup=c:\windows\pss\OpenOffice.org 3.0.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-11-21 16:57	959904	----a-w-	c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
2009-03-01 10:59	172792	----a-w-	c:\program files\ICQ6.5\ICQ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
2007-01-08 20:17	52256	----a-w-	c:\program files\HomeCinema\PowerDVD\Language\Language.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mwlDaemon]
2008-08-04 14:45	326192	----a-w-	c:\program files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2007-02-09 18:51	71216	----a-w-	c:\program files\HomeCinema\PowerDVD\PDVDServ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\toolbar_eula_launcher]
2007-02-09 20:54	16896	----a-w-	c:\program files\GoogleEULA\EULALauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UCam_Menu]
2008-06-13 16:11	210216	------w-	c:\program files\HomeCinema\YouCam\MUITransfer\MUIStartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VitaKeyPdtWzd]
2008-08-29 18:11	2303272	----a-w-	c:\program files\EgisTec\VITAKEY\PdtWzd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"FirewallOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs	REG_MULTI_SZ   	BthServ
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
.
Inhalt des "geplante Tasks" Ordners
.
2014-02-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-01-25 23:58]
.
2014-02-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-01-25 23:58]
.
2014-02-11 c:\windows\Tasks\User_Feed_Synchronization-{103B65BD-4798-4CA0-9487-EB211B637804}.job
- c:\windows\system32\msfeedssync.exe [2011-05-10 10:09]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.aldi.com/
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - 
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKCU-Run-SpybotSD TeaTimer - c:\program files\Spybot - Search & Destroy\TeaTimer.exe
HKLM-Run-COMODO Firewall Pro - c:\program files\COMODO\Firewall\cfp.exe
HKLM-Run-F-Secure Hoster (666) - c:\program files\F-Secure\fshoster32.exe
SafeBoot-WudfPf
SafeBoot-WudfRd
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe
MSConfigStartUp-BullGuard - c:\program files\BullGuard Ltd\BullGuard\BullGuard.exe
MSConfigStartUp-COMODO Internet Security - c:\program files\COMODO\Firewall\cfp.exe
MSConfigStartUp-Google Desktop Search - c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
AddRemove-_{ADDBE07D-95B8-4789-9C76-187FFF9624B4} - c:\program files\Corel\CorelDRAW Essential Edition 3\Programs\MSILauncher {ADDBE07D-95B8-4789-9C76-187FFF9624B4}
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2014-02-11 20:58
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-399314428-2372084609-4159001784-1001_Classes\CLSID]
@DACL=(02 0000)
.
[HKEY_USERS\S-1-5-21-399314428-2372084609-4159001784-1001_Classes\CLSID\{79376820-07D0-11CF-A24D-0020AFD79767}]
@DACL=(02 0000)
.
[HKEY_USERS\S-1-5-21-399314428-2372084609-4159001784-1003_Classes\CLSID]
@DACL=(02 0000)
.
[HKEY_USERS\S-1-5-21-399314428-2372084609-4159001784-1003_Classes\CLSID\{039B2CA5-3B41-4D93-AD77-47D3293FC5CB}]
@DACL=(02 0000)
@="ContentHost Control"
.
[HKEY_USERS\S-1-5-21-399314428-2372084609-4159001784-1003_Classes\CLSID\{42481700-CF3C-4D05-8EC6-F9A1C57E8DC0}]
@DACL=(02 0000)
@="WindowGroup Class"
.
[HKEY_USERS\S-1-5-21-399314428-2372084609-4159001784-1003_Classes\CLSID\{79376820-07D0-11CF-A24D-0020AFD79767}]
@DACL=(02 0000)
.
[HKEY_USERS\S-1-5-21-399314428-2372084609-4159001784-1003_Classes\CLSID\{BB6410D8-F879-4184-9C5C-6A02D16AE0B3}]
@DACL=(02 0000)
@="PluginWindow Helper"
.
[HKEY_USERS\S-1-5-21-399314428-2372084609-4159001784-1003_Classes\CLSID\{BD853A5B-5E2B-4AAC-B475-96FFA41B2C5E}]
@DACL=(02 0000)
.
[HKEY_USERS\S-1-5-21-399314428-2372084609-4159001784-1003_Classes\CLSID\{CA1073A2-5F3F-4445-8E5E-7109BDCEDDBE}]
@DACL=(02 0000)
@="GameController Class"
.
[HKEY_USERS\S-1-5-21-399314428-2372084609-4159001784-1003_Classes\CLSID\{D0D38C6E-BF64-4C42-840D-3E0019D9F7A6}]
@DACL=(02 0000)
@="DRMClient Helper version 2"
.
[HKEY_USERS\S-1-5-21-399314428-2372084609-4159001784-1003_Classes\CLSID\{D5A55D2D-C59D-42C3-A5BF-4C08EEE74339}]
@DACL=(02 0000)
@="NamedStrings Helper"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'lsass.exe'(776)
c:\program files\EgisTec\VITAKEY\PwdFilter.dll
.
Zeit der Fertigstellung: 2014-02-11  20:59:57
ComboFix-quarantined-files.txt  2014-02-11 19:59
.
Vor Suchlauf: 19 Verzeichnis(se), 66.691.334.144 Bytes frei
Nach Suchlauf: 25 Verzeichnis(se), 66.537.926.656 Bytes frei
.
- - End Of File - - E4D32DD90AAA1C479D7B1DD951861E93
5C616939100B85E558DA92B899A0FC36

Nachtrag: Explorer funktioniert wieder ganz normal. Neustart ging recht schnell.

Nachtrag 2: Ich war nach dem Scanvorgang auf einer Radsportseite und danach wieder auf Ebay. Es kam ein neues Popup, welches auf folgende Seite verweist: hxyp://ff.seitensprungarea.com/23/?WMID=86321&pid=1541-5W50&sub=11662&spub_id=

Ich habe den Link mal entschärft. Gern nehme ich ihn auch komplett raus. Oder ist da was mit Ebay faul?

Auf anderen Seiten werden keine solchen Tabs geöffnet.

schrauber · 12.02.2014, 18:15

Danach sollte merklich Ruhe sein.

Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

und ein frisches FRST log bitte.

windchill · 16.02.2014, 20:13

JRT hat bei mir nicht funktioniert. Das Programm schließt den Explorer und danach geht nichts mehr. Das Problem mit den neuen Tabs auf Ebay besteht übrigens weiterhin. Hier sind die restlichen Logs:

Malwarebytes:

Code:

ATTFilter

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2014.02.13.10

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Michael (Admin) :: SCHLEPPTOPF-PC [Administrator]

13.02.2014 20:47:51
mbam-log-2014-02-13 (20-47-51).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 262638
Laufzeit: 11 Minute(n), 29 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

AdwCleaner:

Code:

ATTFilter

# AdwCleaner v3.018 - Bericht erstellt am 13/02/2014 um 21:11:42
# Updated 28/01/2014 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzername : Michael (Admin) - SCHLEPPTOPF-PC
# Gestartet von : C:\Users\Michael\Desktop\adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\ye3p2czc.default\ICQToolbarData
Datei Gelöscht : C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\ye3p2czc.default\searchplugins\icqplugin.xml
Datei Gelöscht : C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\ye3p2czc.default\searchplugins\icqplugin-1.xml

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}

***** [ Browser ] *****

-\\ Internet Explorer v9.0.8112.16533


-\\ Mozilla Firefox v26.0 (de)

[ Datei : C:\Users\Michael (Admin)\AppData\Roaming\Mozilla\Firefox\Profiles\ic7c42si.default\prefs.js ]


[ Datei : C:\Users\Mama\AppData\Roaming\Mozilla\Firefox\Profiles\ircla028.default\prefs.js ]


[ Datei : C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\ye3p2czc.default\prefs.js ]

Zeile gelöscht : user_pref("icqtoolbar.allowSendURL", false);
Zeile gelöscht : user_pref("icqtoolbar.engineVerified", false);
Zeile gelöscht : user_pref("icqtoolbar.geolastmodified", 1311418238);
Zeile gelöscht : user_pref("icqtoolbar.hiddenElements", "itb_options");
Zeile gelöscht : user_pref("icqtoolbar.icqgeo", 49);
Zeile gelöscht : user_pref("icqtoolbar.installTime", "1311418238");
Zeile gelöscht : user_pref("icqtoolbar.newtab_state", "1");
Zeile gelöscht : user_pref("icqtoolbar.numberOfSearches", 0);
Zeile gelöscht : user_pref("icqtoolbar.skip_default_search", "no");
Zeile gelöscht : user_pref("icqtoolbar.suggestions", false);
Zeile gelöscht : user_pref("icqtoolbar.uninstStatSent", true);
Zeile gelöscht : user_pref("icqtoolbar.uniqueID", "131141328113114127851311418238457");
Zeile gelöscht : user_pref("icqtoolbar.usageStatstTimestamp", 1311418240);
Zeile gelöscht : user_pref("icqtoolbar.xmlEnableSuggestions", false);
Zeile gelöscht : user_pref("icqtoolbar.xmlLanguage", "de");
Zeile gelöscht : user_pref("keyword.URL", "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.9&q=");

*************************

AdwCleaner[R0].txt - [3185 octets] - [13/02/2014 21:03:38]
AdwCleaner[S0].txt - [3110 octets] - [13/02/2014 21:11:42]

########## EOF - \AdwCleaner\AdwCleaner[S0].txt - [3170 octets] ##########

FRST.txt

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-02-2014 01
Ran by Michael (ATTENTION: The logged in user is not administrator) on SCHLEPPTOPF-PC on 15-02-2014 22:04:56
Running from C:\Users\Michael\Desktop
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
() C:\Windows\tsnp2uvc.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 2010\Office14\ONENOTEM.EXE
(Microsoft Corporation) C:\Windows\system32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Windows\system32\sdclt.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [NvCplDaemon] - C:\Windows\system32\NvCpl.dll [13605408 2009-02-10] (NVIDIA Corporation)
HKLM\...\Run: [NvMediaCenter] - C:\Windows\system32\NvMcTray.dll [92704 2009-02-10] (NVIDIA Corporation)
HKLM\...\Run: [RtHDVCpl] - C:\Windows\RtHDVCpl.exe [6265376 2008-07-24] (Realtek Semiconductor)
HKLM\...\Run: [tsnp2uvc] - C:\Windows\tsnp2uvc.exe [233472 2008-08-28] ()
HKLM\...\Run: [WPCUMI] - C:\Windows\system32\WpcUmi.exe [176128 2006-11-02] (Microsoft Corporation)
HKLM\...\Run: [Skytel] - C:\Windows\Skytel.exe [1833504 2008-07-24] (Realtek Semiconductor Corp.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\RunOnce: [*WerKernelReporting] - %SYSTEMROOT%\SYSTEM32\WerFault.exe -k -rq [217088 2009-04-11] (Microsoft Corporation)
HKLM\...\RunOnce: [ Malwarebytes Anti-Malware ] - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [532040 2013-04-04] (Malwarebytes Corporation)
HKU\.DEFAULT\...\Run: [MsnMsgr] - C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [3885408 2009-02-06] (Microsoft Corporation)
HKU\S-1-5-21-399314428-2372084609-4159001784-1003\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-399314428-2372084609-4159001784-1003\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-399314428-2372084609-4159001784-1003\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-399314428-2372084609-4159001784-1003\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-399314428-2372084609-4159001784-1003\...\MountPoints2: {07279b00-a77f-11dd-a0df-806e6f6e6963} - E:\autorun.exe
HKU\S-1-5-21-399314428-2372084609-4159001784-1003\...\MountPoints2: {f0acdc93-26fb-11e1-8510-001f1609b82b} - G:\AutoRun.exe
HKU\S-1-5-21-399314428-2372084609-4159001784-1003\...\MountPoints2: {f0acdca5-26fb-11e1-8510-001f1609b82b} - G:\AutoRun.exe
HKU\S-1-5-21-399314428-2372084609-4159001784-1003\...\MountPoints2: {f0acdcaf-26fb-11e1-8510-001f1609b82b} - G:\AutoRun.exe
HKU\S-1-5-21-399314428-2372084609-4159001784-1003\...\MountPoints2: {f0acdcb3-26fb-11e1-8510-001f1609b82b} - G:\AutoRun.exe
Lsa: [Notification Packages] C:\Program Files\EgisTec\VITAKEY\PwdFilter
Startup: C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office 2010\Office14\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.gmx.net/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/
HKCU\Software\Microsoft\Internet Explorer\Main,ICQ Search = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {6552C7DD-90A4-4387-B795-F8F96747DE19} URL = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
BHO: No Name - {53707962-6F74-2D53-2644-206D7942484F} -  No File
BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 2010\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\ye3p2czc.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_44.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MI7967~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.3 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MI7967~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=14.0.8064.0206 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\ye3p2czc.default\searchplugins\searchplugins-backup
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Flash Video Downloader - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\ye3p2czc.default\Extensions\artur.dubovoy@gmail.com [2014-01-25]
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\ye3p2czc.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi [2012-10-06]
FF Extension: NoScript - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\ye3p2czc.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2011-07-24]
FF Extension: Click to call with Skype - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-12-23]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM\...\Firefox\Extensions:  - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com [2014-01-08]
FF HKLM\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-01-08]
FF HKLM\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: Dangerous Websites Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com [2014-01-08]
FF HKLM\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com
FF Extension: Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com [2014-01-08]
FF HKLM\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com [2014-01-08]

========================== Services (Whitelisted) =================

R2 AVerRemote; C:\Program Files\Common Files\AVerMedia\Service\AVerRemote.exe [344064 2009-04-08] (AVerMedia)
R2 AVerScheduleService; C:\Program Files\Common Files\AVerMedia\Service\AVerScheduleService.exe [405504 2008-12-09] ()
R2 avp; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [214512 2013-10-17] (Kaspersky Lab ZAO)
R2 CVPND; C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [1528608 2008-04-17] (Cisco Systems, Inc.)
R2 IGBASVC; C:\Program Files\EgisTec\VITAKEY\BASVC.exe [2180392 2008-08-29] ()
R2 iphlpsvc; C:\Windows\System32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
R2 lmhosts; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
R2 MWLService; C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe [304688 2008-08-04] (EgisTec Inc.)
R2 NlaSvc; C:\Windows\System32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
R2 nsi; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
R2 ProtexisLicensing; C:\Windows\system32\PSIService.exe [177704 2007-06-05] ()
R2 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [241734 2008-06-29] ()
R2 srvcPVR; C:\Program Files\Sceneo\AbsolutTV\Services\PVR\PVRService.exe [1801216 2008-02-28] (Buhl Data Service GmbH)
R2 x10nets; C:\Program Files\Common Files\X10\Common\X10nets.exe [20480 2001-11-12] (X10)

==================== Drivers (Whitelisted) ====================

S3 AVerAF15DMBTH; C:\Windows\System32\Drivers\AVerAF15DMBTH.sys [487168 2009-01-05] (AVerMedia TECHNOLOGIES, Inc.)
S3 CVirtA; C:\Windows\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.)
R2 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [306299 2008-04-17] (Cisco Systems, Inc.)
R3 DNE; C:\Windows\System32\DRIVERS\dne2000.sys [125328 2008-03-29] (Deterministic Networks, Inc.)
R2 FPSensor; C:\Windows\System32\Drivers\FPSensor.sys [26920 2008-08-28] (LTT)
R0 FPWinIo; C:\Windows\System32\DRIVERS\FPWinIo.sys [66856 2008-08-28] ()
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [135776 2014-01-12] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [574560 2014-01-12] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [25696 2013-10-17] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [25696 2013-10-17] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [25696 2013-10-17] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [14432 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [45024 2013-05-14] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [144992 2014-01-12] (Kaspersky Lab ZAO)
R2 mwlPSDFilter; C:\Windows\System32\DRIVERS\mwlPSDFilter.sys [19504 2008-08-04] (Egis Incorporated.)
R2 mwlPSDNServ; C:\Windows\System32\DRIVERS\mwlPSDNServ.sys [16432 2008-08-04] (Egis Incorporated.)
R2 mwlPSDVDisk; C:\Windows\System32\DRIVERS\mwlPSDVDisk.sys [59952 2008-08-04] (Egis Incorporated.)
S3 PhilCap; C:\Windows\System32\DRIVERS\PhilCap.sys [908896 2007-07-31] (NXP Semiconductors Germany GmbH)
S3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1753984 2008-07-10] ()
R3 X10Hid; C:\Windows\System32\Drivers\x10hid.sys [13976 2006-11-17] (X10 Wireless Technology, Inc.)
R3 XUIF; C:\Windows\System32\Drivers\x10ufx2.sys [27416 2006-11-30] (X10 Wireless Technology, Inc.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
S3 catchme; \??\C:\Users\MICHAE~1\AppData\Local\Temp\catchme.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [94304 2013-06-08] (Kaspersky Lab ZAO)
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-02-15 22:04 - 2014-02-15 22:06 - 00016564 _____ () C:\Users\Michael\Desktop\FRST.txt
2014-02-15 22:04 - 2014-02-15 22:04 - 00000000 ____D () C:\Users\Michael\Desktop\FRST-OlderVersion
2014-02-13 21:23 - 2014-02-13 21:23 - 00000000 ____D () C:\Windows\ERUNT
2014-02-13 21:21 - 2014-02-13 21:21 - 01037530 _____ (Thisisu) C:\Users\Michael\Desktop\JRT.exe
2014-02-13 21:03 - 2014-02-13 21:11 - 00000000 ____D () C:\AdwCleaner
2014-02-13 21:02 - 2014-02-13 21:02 - 01166132 _____ () C:\Users\Michael\Desktop\adwcleaner.exe
2014-02-12 03:03 - 2014-02-05 09:58 - 12345344 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-12 03:03 - 2014-02-05 09:56 - 01806848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-12 03:03 - 2014-02-05 09:53 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-12 03:03 - 2014-02-05 09:51 - 01105408 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-12 03:03 - 2014-02-05 09:50 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-12 03:03 - 2014-02-05 09:49 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-12 03:03 - 2014-02-05 09:49 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-02-12 03:03 - 2014-02-05 09:48 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-12 03:03 - 2014-02-05 09:48 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-02-12 03:03 - 2014-02-05 09:48 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-12 03:03 - 2014-02-05 09:48 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-12 03:03 - 2014-02-05 09:48 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-12 03:03 - 2014-02-05 09:47 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-12 03:03 - 2014-02-05 09:47 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-12 03:03 - 2014-02-05 09:47 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-02-12 03:03 - 2014-02-05 09:46 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-11 20:59 - 2014-02-11 20:59 - 00012673 _____ () C:\ComboFix.txt
2014-02-11 20:48 - 2014-02-11 21:00 - 00000000 ____D () C:\Qoobox
2014-02-11 20:48 - 2014-02-11 21:00 - 00000000 ____D () C:\ComboFix
2014-02-11 20:48 - 2013-12-05 03:12 - 01248768 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-02-11 20:48 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-02-11 20:48 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-02-11 20:48 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-02-11 20:48 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-02-11 20:48 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-02-11 20:48 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2014-02-11 20:48 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2014-02-11 20:48 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2014-02-11 20:47 - 2014-02-11 20:58 - 00000000 ____D () C:\Windows\erdnt
2014-02-11 20:41 - 2014-02-11 20:42 - 05180278 ____R (Swearware) C:\Users\Michael\Desktop\ComboFix.exe
2014-02-10 20:10 - 2014-02-15 22:04 - 00000000 ____D () C:\FRST
2014-02-10 19:45 - 2014-02-15 22:04 - 01141248 _____ (Farbar) C:\Users\Michael\Desktop\FRST.exe
2014-02-09 20:45 - 2014-02-09 20:45 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\Malwarebytes

==================== One Month Modified Files and Folders =======

2014-02-15 22:06 - 2014-02-15 22:04 - 00016564 _____ () C:\Users\Michael\Desktop\FRST.txt
2014-02-15 22:05 - 2008-08-28 06:26 - 00000438 ____H () C:\Windows\Tasks\User_Feed_Synchronization-{103B65BD-4798-4CA0-9487-EB211B637804}.job
2014-02-15 22:04 - 2014-02-15 22:04 - 00000000 ____D () C:\Users\Michael\Desktop\FRST-OlderVersion
2014-02-15 22:04 - 2014-02-10 20:10 - 00000000 ____D () C:\FRST
2014-02-15 22:04 - 2014-02-10 19:45 - 01141248 _____ (Farbar) C:\Users\Michael\Desktop\FRST.exe
2014-02-15 21:47 - 2013-01-26 00:58 - 00001116 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-15 21:38 - 2008-10-31 21:16 - 02066347 _____ () C:\Windows\WindowsUpdate.log
2014-02-15 21:03 - 2013-03-30 16:27 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-02-15 21:00 - 2013-01-26 00:58 - 00001112 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-15 21:00 - 2008-08-28 05:28 - 00220409 _____ () C:\ProgramData\nvModes.001
2014-02-15 21:00 - 2008-08-28 05:22 - 00220409 _____ () C:\ProgramData\nvModes.dat
2014-02-15 20:53 - 2006-11-02 11:33 - 01567488 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-15 20:48 - 2006-11-02 13:37 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-02-15 20:46 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-15 20:46 - 2006-11-02 13:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-15 20:46 - 2006-11-02 13:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-15 15:23 - 2008-08-28 03:21 - 00000012 _____ () C:\Windows\bthservsdp.dat
2014-02-15 15:23 - 2006-11-02 14:01 - 00032558 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-02-13 21:23 - 2014-02-13 21:23 - 00000000 ____D () C:\Windows\ERUNT
2014-02-13 21:21 - 2014-02-13 21:21 - 01037530 _____ (Thisisu) C:\Users\Michael\Desktop\JRT.exe
2014-02-13 21:11 - 2014-02-13 21:03 - 00000000 ____D () C:\AdwCleaner
2014-02-13 21:02 - 2014-02-13 21:02 - 01166132 _____ () C:\Users\Michael\Desktop\adwcleaner.exe
2014-02-12 03:48 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-02-12 03:17 - 2008-08-28 09:53 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-02-12 03:15 - 2013-08-26 02:12 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-12 03:11 - 2006-11-02 11:24 - 85946576 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-02-11 21:17 - 2012-10-06 18:51 - 00198180 _____ () C:\Windows\PFRO.log
2014-02-11 21:00 - 2014-02-11 20:48 - 00000000 ____D () C:\Qoobox
2014-02-11 21:00 - 2014-02-11 20:48 - 00000000 ____D () C:\ComboFix
2014-02-11 21:00 - 2006-11-02 12:18 - 00000000 __RHD () C:\Users\Default
2014-02-11 21:00 - 2006-11-02 12:18 - 00000000 ___RD () C:\Users\Public
2014-02-11 20:59 - 2014-02-11 20:59 - 00012673 _____ () C:\ComboFix.txt
2014-02-11 20:58 - 2014-02-11 20:47 - 00000000 ____D () C:\Windows\erdnt
2014-02-11 20:58 - 2006-11-02 11:23 - 00000215 _____ () C:\Windows\system.ini
2014-02-11 20:42 - 2014-02-11 20:41 - 05180278 ____R (Swearware) C:\Users\Michael\Desktop\ComboFix.exe
2014-02-10 21:12 - 2008-11-01 23:57 - 00000000 ____D () C:\xx
2014-02-10 20:05 - 2012-04-01 18:23 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-02-10 20:05 - 2011-05-20 10:52 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-02-09 20:45 - 2014-02-09 20:45 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\Malwarebytes
2014-02-09 17:37 - 2008-11-10 14:44 - 00000680 _____ () C:\Users\Michael\AppData\Local\d3d9caps.dat
2014-02-07 22:03 - 2008-11-06 16:39 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\Skype
2014-02-05 09:58 - 2014-02-12 03:03 - 12345344 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-05 09:56 - 2014-02-12 03:03 - 01806848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-05 09:53 - 2014-02-12 03:03 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-05 09:51 - 2014-02-12 03:03 - 01105408 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-05 09:50 - 2014-02-12 03:03 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-05 09:49 - 2014-02-12 03:03 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-05 09:49 - 2014-02-12 03:03 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-02-05 09:48 - 2014-02-12 03:03 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-05 09:48 - 2014-02-12 03:03 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-02-05 09:48 - 2014-02-12 03:03 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-05 09:48 - 2014-02-12 03:03 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-05 09:48 - 2014-02-12 03:03 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-05 09:47 - 2014-02-12 03:03 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-05 09:47 - 2014-02-12 03:03 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-05 09:47 - 2014-02-12 03:03 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-02-05 09:46 - 2014-02-12 03:03 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-04 21:36 - 2010-02-10 21:59 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\vlc

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================

--- --- ---

--- --- ---

Additions.txt

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 12-02-2014 01
Ran by Michael at 2014-02-15 22:06:34
Running from C:\Users\Michael\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Kaspersky Internet Security (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
AS: Kaspersky Internet Security (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}

==================== Installed Programs ======================

 Update for Microsoft Office 2007 (KB2508958) (Version:  - Microsoft)
7-Zip 9.20 (Version:  - )
Activation Assistant for the 2007 Microsoft Office suites (Version:  - Microsoft Corporation)
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0 - Microsoft Corporation) Hidden
Adobe Flash Player 12 Plugin (Version: 12.0.0.44 - Adobe Systems Incorporated)
Adobe Flash Player ActiveX (Version: 9.0.124.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) - Deutsch (Version: 11.0.06 - Adobe Systems Incorporated)
Adobe Shockwave Player 11 (Version: 11 - Adobe Systems, Inc.)
Any Video Converter 5 5.0.4 (Version:  - Any-Video-Converter.com)
AVerMedia A850 USB DMB-TH 1.0.0.26 (Version: 1.0.0.26 - AVerMedia TECHNOLOGIES, Inc.)
AVerTV (Version: 6.0.18 - AVerMedia Technologies, Inc.)
AVerTV (Version: 6.0.18 - AVerMedia Technologies, Inc.) Hidden
Bing Bar (Version: 7.0.850.0 - Microsoft Corporation)
CCleaner (Version: 3.22 - Piriform)
Choice Guard (Version: 1.2.87.0 - Microsoft Corporation) Hidden
Cisco Systems VPN Client 5.0.03.0530 (Version: 5.0.3 - Cisco Systems, Inc.)
Click to Call with Skype (Version: 5.6.8153 - Skype Technologies S.A.)
Compatibility Pack für 2007 Office System (Version: 12.0.6612.1000 - Microsoft Corporation)
Corel MediaOne (Version: 2.00.0000 - Corel Corporation)
CorelDRAW Essential Edition 3 (Version: 3.0 - Corel Corporation) Hidden
CyberLink MediaShow (Version: 4.1.2014 - CyberLink Corp.)
CyberLink MediaShow (Version: 4.1.2014 - CyberLink Corp.) Hidden
CyberLink PhotoNow (Version: 1.1.5203 - CyberLink Corp.)
CyberLink PhotoNow (Version: 1.1.5203 - CyberLink Corp.) Hidden
CyberLink PowerDirector (Version: 7.0.2014 - CyberLink Corp.)
CyberLink PowerDirector (Version: 7.0.2014 - CyberLink Corp.) Hidden
CyberLink PowerProducer (Version: 5.0815 - CyberLink Corp.)
CyberLink PowerProducer (Version: 5.0815 - CyberLink Corp.) Hidden
CyberLink YouCam (Version: 2.0.1916 - CyberLink Corp.)
CyberLink YouCam (Version: 2.0.1916 - CyberLink Corp.) Hidden
DE (Version: 3.0 - Corel Corporation) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (Version:  - Microsoft)
e-Wörterbücher (Version:  - )
FILEminimizer Pictures (Version:  - balesio AG)
Foxlink Webcam (Version: 5.8.48000.201_WHQL - Sonix)
Freeciv 2.1.9 (GTK+ client) (Version:  - )
Garmin BaseCamp (Version: 3.2.2 - Garmin Ltd or its subsidiaries)
Garmin USB Drivers (Version: 2.3.0.0 - Garmin Ltd or its subsidiaries)
Google Earth Plug-in (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.22.3 - Google Inc.) Hidden
ICQ6.5 (Version: 6.5 - ICQ)
ICQ7.5 (HKCU Version: 7.5 - ICQ)
Java 7 Update 51 (Version: 7.0.510 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Junk Mail filter update (Version: 14.0.8064.206 - Microsoft Corporation) Hidden
Kaspersky Internet Security (Version: 14.0.0.4651 - Kaspersky Lab)
Kaspersky Internet Security (Version: 14.0.0.4651 - Kaspersky Lab) Hidden
Letstrade (Version: 1.00.0000 - Buhl Data Service)
LetsTrade Komponenten (Version:  - )
MakeDisc (Version: 3.0.2601 - CyberLink Corp.)
Malwarebytes Anti-Malware Version 1.75.0.1300 (Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 3.5 SP1 (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Fix it Center (Version: 1.0.0100 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Access MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2010 (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office OneNote MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint Viewer 2007 (German) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Publisher MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [DEU] (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (Version: 9.7.0621 - Microsoft Corporation)
Mozilla Firefox 26.0 (x86 de) (Version: 26.0 - Mozilla)
Mozilla Maintenance Service (Version: 26.0 - Mozilla)
Mozilla Thunderbird (3.1.7) (Version: 3.1.7 (de) - Mozilla)
MSVCRT (Version: 14.0.1468.721 - Microsoft) Hidden
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB941833) (Version: 4.20.9849.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0 - Microsoft Corporation)
MyWinLocker 3 (Version: 3.1.20.0 - EgisTec)
Nero 8 Essentials (Version: 8.3.124 - Nero AG)
neroxml (Version: 1.0.0 - Nero AG) Hidden
NVIDIA Drivers (Version: 1.4 - NVIDIA Corporation)
OpenOffice.org 3.0 (Version: 3.0.9358 - OpenOffice.org)
PowerDVD (Version: 7.0.3118.0 - PowerDVDCorp.)
Realtek 8169 8168 8101E 8102E Ethernet Driver (Version: 1.00.0000 - Realtek)
Realtek High Definition Audio Driver (Version: 6.0.1.5672 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (Version: 3.0.1.3 - Realtek Semiconductor Corp.)
Sceneo AbsolutTV (Version:  - )
Schiff-Simulator 2008 (Version:  - )
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (Version:  - Microsoft) Hidden
Skype™ 5.10 (Version: 5.10.116 - Skype Technologies S.A.)
Spelling Dictionaries Support For Adobe Reader 9 (Version: 9.0.0 - Adobe Systems Incorporated)
TVsweeper 3 (Version: 3.0.3 - Sonavis)
Update for 2007 Microsoft Office System (KB967642) (Version:  - Microsoft)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837583) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2775360) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (Version:  - Microsoft)
Update Manager (Version: 4.60 - Corel Corporation) Hidden
VCRedistSetup (Version: 1.0.0 - Nero AG) Hidden
VITAKEY (Version: 6.0.1.41 - EgisTec)
VITAKEY (Version: 6.0.1.41 - EgisTec) Hidden
VLC media player 1.0.5 (Version: 1.0.5 - VideoLAN Team)
waterMark V2 (Version:  - )
Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (06/03/2009 2.3.0.0) (Version: 06/03/2009 2.3.0.0 - Garmin)
Windows Live Call (Version: 14.0.8064.0206 - Microsoft Corporation) Hidden
Windows Live Communications Platform (Version: 14.0.8064.206 - Microsoft Corporation) Hidden
Windows Live Essentials (Version: 14.0.8064.0206 - Microsoft Corporation)
Windows Live Essentials (Version: 14.0.8064.206 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 14.0.8064.206 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (Version: 14.0.8064.206 - Microsoft Corporation) Hidden
Windows Live ID-Anmelde-Assistent (Version: 6.500.3165.0 - Microsoft Corporation)
Windows Live Mail (Version: 14.0.8064.0206 - Microsoft Corporation) Hidden
Windows Live Messenger (Version: 14.0.8064.0206 - Microsoft Corporation) Hidden
Windows Live Movie Maker-Betaversion (Version: 14.0.8064.0206 - Microsoft Corporation) Hidden
Windows Live Sync (Version: 14.0.8064.206 - Microsoft Corporation)
Windows Live Writer (Version: 14.0.8064.0206 - Microsoft Corporation) Hidden
Windows Live-Uploadtool (Version: 14.0.8014.1029 - Microsoft Corporation)
WISO Mein Geld 2008 Professional (Version: 9.00.01.0023 - Buhl Data Service GmbH)
X10 Hardware(TM) (Version:  - )
Youtube Downloader HD v. 2.6 (Version:  - YoutubeDownloaderHD.com)

==================== Restore Points  =========================

Could not list Restore Points. Check "winmgmt" service or repair WMI.


==================== Hosts content: ==========================

2006-11-02 11:23 - 2014-02-11 20:58 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => ?
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => ?
Task: C:\Windows\Tasks\User_Feed_Synchronization-{103B65BD-4798-4CA0-9487-EB211B637804}.job => ?

==================== Loaded Modules (whitelisted) =============

2013-06-17 12:35 - 2013-06-17 12:35 - 00478400 _____ () C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\dblite.dll
2008-08-28 10:58 - 2008-08-28 14:03 - 00233472 _____ () C:\Windows\tsnp2uvc.exe

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Disabled items from MSCONFIG ==============

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^AVer HID Receiver.lnk => C:\Windows\pss\AVer HID Receiver.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^AVerQuick.lnk => C:\Windows\pss\AVerQuick.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^VPN Client.lnk => C:\Windows\pss\VPN Client.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Michael (Admin)^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.0.lnk => C:\Windows\pss\OpenOffice.org 3.0.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: ICQ => "C:\Program Files\ICQ6.5\ICQ.exe" silent
MSCONFIG\startupreg: LanguageShortcut => "C:\Program Files\HomeCinema\PowerDVD\Language\Language.exe"
MSCONFIG\startupreg: mwlDaemon => C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
MSCONFIG\startupreg: RemoteControl => "C:\Program Files\HomeCinema\PowerDVD\PDVDServ.exe"
MSCONFIG\startupreg: toolbar_eula_launcher => C:\Program Files\GoogleEULA\EULALauncher.exe
MSCONFIG\startupreg: UCam_Menu => "C:\Program Files\HomeCinema\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\HomeCinema\YouCam" update "Software\CyberLink\YouCam\2.0"
MSCONFIG\startupreg: VitaKeyPdtWzd => C:\Program Files\EgisTec\VITAKEY\PdtWzd.exe

==================== Faulty Device Manager Devices =============

Name: Microsoft-ISATAP-Adapter
Description: Microsoft-ISATAP-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Cisco Systems VPN Adapter
Description: Cisco Systems VPN Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: CVirtA
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Could not start eventlog service, could not read events.

Systemfehler 5 aufgetreten.

Zugriff verweigert


==================== Memory info =========================== 

Percentage of memory in use: 41%
Total physical RAM: 3065.96 MB
Available physical RAM: 1791.95 MB
Total Pagefile: 6330.94 MB
Available Pagefile: 4973.63 MB
Total Virtual: 2047.88 MB
Available Virtual: 1911.55 MB

==================== Drives ================================

Drive c: (BOOT) (Fixed) (Total:278.32 GB) (Free:55.63 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (RECOVER) (Fixed) (Total:19.76 GB) (Free:7.11 GB) FAT32

==================== MBR & Partition Table ==================

==================== End Of Log ============================

Meine Mutter hat auf ihrem Rechner übrigens genau das gleiche Problem (und auch hier nur auf Ebay).

schrauber · 17.02.2014, 14:25

Revo Uninstaller - Download - Filepony
damit Firefox deinstallieren, keine Daten behalten, Reste entfernen lassen, neu installieren.

Dann:
https://support.mozilla.org/de/kb/fi...einfach-loesen

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?

windchill · 20.02.2014, 21:50

Hallo,

ich versuche mal der Reihe nach vorzugehen:

1. Revo Uninstaller:

Bevor ich das durchgeführt habe, war Firefox bei jedem Öffnen des Programmes wieder im Grundzustand. Jegliche Änderungen, welche ich vorgenommen habe, wurden rückgängig gemacht. Den Uninstaller habe ich so durchlaufen lassen, dass sämtliche Daten und Einträge in der Registry gelöscht sein sollten. Trotzdem waren nach der Neuinstallation die Lesezeichen und die komplette Chronik noch vorhanden. Außerdem konnte ich komischerweise mit dem Internetexplorer die Installationsdatei für Firefox nicht herunterladen. Über Umwege konnte Firefox dann doch wieder installiert werden.

2. Eset Smartinstaller:

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=6a4c836927d9f24189ae4020fe5e7e38
# engine=17126
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-02-19 12:16:53
# local_time=2014-02-19 01:16:53 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=5892 16776574 100 100 35432073 230301741 0 0
# scanned=223103
# found=5
# cleaned=0
# scan_time=10147
sh=E32AA2E78D2C8F0E9316080E71A714BEFE851E6C ft=1 fh=374915f71a49693e vn="a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0H49YUIR\ApnIC[1].0"
sh=65F759B3A08AE92BE0704DC65BA34D5A460066C2 ft=1 fh=75c53bd01a87a8cc vn="a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application" ac=I fn="C:\xx\Allgemeine Computersoftware\avira_antivir_personal_de.exe"
sh=979982A8CD2681AA6FF9619598253DF4399C4DA9 ft=1 fh=9c666dd44fc1d084 vn="a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application" ac=I fn="C:\xx\Allgemeine Computersoftware\Avira\avira_free_antivirus_de_13.0.0.2688.exe"
sh=B876F5F15137EF8A1680C2AC04DC786D2A191DC9 ft=1 fh=850ac12ce80cbbb1 vn="Win32/Bundled.Toolbar.Google.E potentially unsafe application" ac=I fn="C:\xx\Allgemeine Computersoftware\CCleaner\ccsetup322.exe"
sh=8A6709AECCC17192725A8AF35421911DB26CEDB0 ft=1 fh=a909aa4eeedd8c6b vn="Win32/OpenCandy potentially unsafe application" ac=I fn="C:\xx\Allgemeine Computersoftware\Video Converter\avc504-free.exe"

3. SecurityCheck checkup.txt:

Code:

ATTFilter

 Results of screen317's Security Check version 0.99.79  
 Windows Vista Service Pack 2 x86 (UAC is enabled)  
 Internet Explorer 9  
 Internet Explorer 8  
``````````````Antivirus/Firewall Check:`````````````` 
Kaspersky Internet Security   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Malwarebytes Anti-Malware Version 1.75.0.1300  
 CCleaner     
 Java 7 Update 51  
 Adobe Flash Player 	12.0.0.44  
 Adobe Reader 9  
 Adobe Reader XI  
 Mozilla Thunderbird (3.1.7) Thunderbird out of Date!  
````````Process Check: objlist.exe by Laurent````````  
 Kaspersky Lab Kaspersky Internet Security 14.0.0 avp.exe  
 Kaspersky Lab Kaspersky Internet Security 14.0.0 avpui.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log``````````````````````

Nachtrag:
4. FRST
FRST.txt

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 20-02-2014
Ran by Michael (ATTENTION: The logged in user is not administrator) on SCHLEPPTOPF-PC on 20-02-2014 21:52:48
Running from C:\Users\Michael\Desktop
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
() C:\Windows\tsnp2uvc.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\system32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
(Microsoft Corporation) C:\Windows\system32\sdclt.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [NvCplDaemon] - C:\Windows\system32\NvCpl.dll [13605408 2009-02-10] (NVIDIA Corporation)
HKLM\...\Run: [NvMediaCenter] - C:\Windows\system32\NvMcTray.dll [92704 2009-02-10] (NVIDIA Corporation)
HKLM\...\Run: [RtHDVCpl] - C:\Windows\RtHDVCpl.exe [6265376 2008-07-24] (Realtek Semiconductor)
HKLM\...\Run: [tsnp2uvc] - C:\Windows\tsnp2uvc.exe [233472 2008-08-28] ()
HKLM\...\Run: [WPCUMI] - C:\Windows\system32\WpcUmi.exe [176128 2006-11-02] (Microsoft Corporation)
HKLM\...\Run: [Skytel] - C:\Windows\Skytel.exe [1833504 2008-07-24] (Realtek Semiconductor Corp.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\RunOnce: [*WerKernelReporting] - %SYSTEMROOT%\SYSTEM32\WerFault.exe -k -rq [217088 2009-04-11] (Microsoft Corporation)
HKLM\...\RunOnce: [ Malwarebytes Anti-Malware ] - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [532040 2013-04-04] (Malwarebytes Corporation)
HKU\.DEFAULT\...\Run: [MsnMsgr] - C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [3885408 2009-02-06] (Microsoft Corporation)
HKU\S-1-5-21-399314428-2372084609-4159001784-1003\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-399314428-2372084609-4159001784-1003\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-399314428-2372084609-4159001784-1003\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-399314428-2372084609-4159001784-1003\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-399314428-2372084609-4159001784-1003\...\MountPoints2: {07279b00-a77f-11dd-a0df-806e6f6e6963} - E:\autorun.exe
HKU\S-1-5-21-399314428-2372084609-4159001784-1003\...\MountPoints2: {f0acdc93-26fb-11e1-8510-001f1609b82b} - G:\AutoRun.exe
HKU\S-1-5-21-399314428-2372084609-4159001784-1003\...\MountPoints2: {f0acdca5-26fb-11e1-8510-001f1609b82b} - G:\AutoRun.exe
HKU\S-1-5-21-399314428-2372084609-4159001784-1003\...\MountPoints2: {f0acdcaf-26fb-11e1-8510-001f1609b82b} - G:\AutoRun.exe
HKU\S-1-5-21-399314428-2372084609-4159001784-1003\...\MountPoints2: {f0acdcb3-26fb-11e1-8510-001f1609b82b} - G:\AutoRun.exe
Lsa: [Notification Packages] C:\Program Files\EgisTec\VITAKEY\PwdFilter
Startup: C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office 2010\Office14\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.gmx.net/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/
HKCU\Software\Microsoft\Internet Explorer\Main,ICQ Search = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {6552C7DD-90A4-4387-B795-F8F96747DE19} URL = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
BHO: No Name - {53707962-6F74-2D53-2644-206D7942484F} -  No File
BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 2010\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\0lu3iyni.default-1392756081868
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_44.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MI7967~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.3 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MI7967~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=14.0.8064.0206 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

========================== Services (Whitelisted) =================

R2 AVerRemote; C:\Program Files\Common Files\AVerMedia\Service\AVerRemote.exe [344064 2009-04-08] (AVerMedia)
R2 AVerScheduleService; C:\Program Files\Common Files\AVerMedia\Service\AVerScheduleService.exe [405504 2008-12-09] ()
R2 avp; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [214512 2013-10-17] (Kaspersky Lab ZAO)
R2 CVPND; C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [1528608 2008-04-17] (Cisco Systems, Inc.)
R2 IGBASVC; C:\Program Files\EgisTec\VITAKEY\BASVC.exe [2180392 2008-08-29] ()
R2 iphlpsvc; C:\Windows\System32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
R2 lmhosts; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
R2 MWLService; C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe [304688 2008-08-04] (EgisTec Inc.)
R2 NlaSvc; C:\Windows\System32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
R2 nsi; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
R2 ProtexisLicensing; C:\Windows\system32\PSIService.exe [177704 2007-06-05] ()
R2 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [241734 2008-06-29] ()
R2 srvcPVR; C:\Program Files\Sceneo\AbsolutTV\Services\PVR\PVRService.exe [1801216 2008-02-28] (Buhl Data Service GmbH)
R2 x10nets; C:\Program Files\Common Files\X10\Common\X10nets.exe [20480 2001-11-12] (X10)

==================== Drivers (Whitelisted) ====================

S3 AVerAF15DMBTH; C:\Windows\System32\Drivers\AVerAF15DMBTH.sys [487168 2009-01-05] (AVerMedia TECHNOLOGIES, Inc.)
S3 CVirtA; C:\Windows\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.)
R2 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [306299 2008-04-17] (Cisco Systems, Inc.)
R3 DNE; C:\Windows\System32\DRIVERS\dne2000.sys [125328 2008-03-29] (Deterministic Networks, Inc.)
R2 FPSensor; C:\Windows\System32\Drivers\FPSensor.sys [26920 2008-08-28] (LTT)
R0 FPWinIo; C:\Windows\System32\DRIVERS\FPWinIo.sys [66856 2008-08-28] ()
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [135776 2014-01-12] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [576096 2014-02-18] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [25696 2013-10-17] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [25184 2014-02-18] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [25696 2013-10-17] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [14432 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [45024 2013-05-14] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [144992 2014-01-12] (Kaspersky Lab ZAO)
R2 mwlPSDFilter; C:\Windows\System32\DRIVERS\mwlPSDFilter.sys [19504 2008-08-04] (Egis Incorporated.)
R2 mwlPSDNServ; C:\Windows\System32\DRIVERS\mwlPSDNServ.sys [16432 2008-08-04] (Egis Incorporated.)
R2 mwlPSDVDisk; C:\Windows\System32\DRIVERS\mwlPSDVDisk.sys [59952 2008-08-04] (Egis Incorporated.)
S3 PhilCap; C:\Windows\System32\DRIVERS\PhilCap.sys [908896 2007-07-31] (NXP Semiconductors Germany GmbH)
S3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1753984 2008-07-10] ()
R3 X10Hid; C:\Windows\System32\Drivers\x10hid.sys [13976 2006-11-17] (X10 Wireless Technology, Inc.)
R3 XUIF; C:\Windows\System32\Drivers\x10ufx2.sys [27416 2006-11-30] (X10 Wireless Technology, Inc.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
S3 catchme; \??\C:\Users\MICHAE~1\AppData\Local\Temp\catchme.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [94304 2014-02-18] (Kaspersky Lab ZAO)
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-02-20 21:23 - 2014-02-20 21:23 - 00987425 _____ () C:\Users\Michael\Desktop\SecurityCheck.exe
2014-02-18 22:15 - 2014-02-18 22:15 - 00000000 ____D () C:\Program Files\ESET
2014-02-18 21:34 - 2014-02-18 21:34 - 00000915 _____ () C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-02-18 21:34 - 2014-02-18 21:34 - 00000907 _____ () C:\Users\Michael\Desktop\Mozilla Firefox.lnk
2014-02-18 21:34 - 2014-02-18 21:34 - 00000000 ____D () C:\Users\Michael\AppData\Local\Mozilla Firefox
2014-02-18 21:06 - 2014-02-18 21:06 - 00000000 ____D () C:\Program Files\VS Revo Group
2014-02-18 21:04 - 2014-02-18 21:04 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Michael\Desktop\revosetup95.exe
2014-02-15 22:06 - 2014-02-15 22:06 - 00018790 _____ () C:\Users\Michael\Desktop\Addition.txt
2014-02-15 22:04 - 2014-02-20 21:53 - 00013503 _____ () C:\Users\Michael\Desktop\FRST.txt
2014-02-15 22:04 - 2014-02-20 21:52 - 00000000 ____D () C:\Users\Michael\Desktop\FRST-OlderVersion
2014-02-13 21:23 - 2014-02-13 21:23 - 00000000 ____D () C:\Windows\ERUNT
2014-02-13 21:21 - 2014-02-13 21:21 - 01037530 _____ (Thisisu) C:\Users\Michael\Desktop\JRT.exe
2014-02-13 21:03 - 2014-02-16 20:33 - 00000000 ____D () C:\AdwCleaner
2014-02-13 21:02 - 2014-02-13 21:02 - 01166132 _____ () C:\Users\Michael\Desktop\adwcleaner.exe
2014-02-12 03:03 - 2014-02-05 09:58 - 12345344 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-12 03:03 - 2014-02-05 09:56 - 01806848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-12 03:03 - 2014-02-05 09:53 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-12 03:03 - 2014-02-05 09:51 - 01105408 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-12 03:03 - 2014-02-05 09:50 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-12 03:03 - 2014-02-05 09:49 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-12 03:03 - 2014-02-05 09:49 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-02-12 03:03 - 2014-02-05 09:48 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-12 03:03 - 2014-02-05 09:48 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-02-12 03:03 - 2014-02-05 09:48 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-12 03:03 - 2014-02-05 09:48 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-12 03:03 - 2014-02-05 09:48 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-12 03:03 - 2014-02-05 09:47 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-12 03:03 - 2014-02-05 09:47 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-12 03:03 - 2014-02-05 09:47 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-02-12 03:03 - 2014-02-05 09:46 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-11 20:59 - 2014-02-11 20:59 - 00012673 _____ () C:\ComboFix.txt
2014-02-11 20:48 - 2014-02-11 21:00 - 00000000 ____D () C:\Qoobox
2014-02-11 20:48 - 2014-02-11 21:00 - 00000000 ____D () C:\ComboFix
2014-02-11 20:48 - 2013-12-05 03:12 - 01248768 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-02-11 20:48 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-02-11 20:48 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-02-11 20:48 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-02-11 20:48 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-02-11 20:48 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-02-11 20:48 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2014-02-11 20:48 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2014-02-11 20:48 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2014-02-11 20:47 - 2014-02-11 20:58 - 00000000 ____D () C:\Windows\erdnt
2014-02-11 20:41 - 2014-02-11 20:42 - 05180278 ____R (Swearware) C:\Users\Michael\Desktop\ComboFix.exe
2014-02-10 20:10 - 2014-02-20 21:52 - 00000000 ____D () C:\FRST
2014-02-10 19:45 - 2014-02-20 21:52 - 01142784 _____ (Farbar) C:\Users\Michael\Desktop\FRST.exe
2014-02-09 20:45 - 2014-02-09 20:45 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\Malwarebytes

==================== One Month Modified Files and Folders =======

2014-02-20 21:53 - 2014-02-15 22:04 - 00013503 _____ () C:\Users\Michael\Desktop\FRST.txt
2014-02-20 21:52 - 2014-02-15 22:04 - 00000000 ____D () C:\Users\Michael\Desktop\FRST-OlderVersion
2014-02-20 21:52 - 2014-02-10 20:10 - 00000000 ____D () C:\FRST
2014-02-20 21:52 - 2014-02-10 19:45 - 01142784 _____ (Farbar) C:\Users\Michael\Desktop\FRST.exe
2014-02-20 21:51 - 2008-11-01 23:57 - 00000000 ____D () C:\xx
2014-02-20 21:50 - 2008-08-28 06:26 - 00000438 ____H () C:\Windows\Tasks\User_Feed_Synchronization-{103B65BD-4798-4CA0-9487-EB211B637804}.job
2014-02-20 21:23 - 2014-02-20 21:23 - 00987425 _____ () C:\Users\Michael\Desktop\SecurityCheck.exe
2014-02-20 21:23 - 2013-03-30 16:27 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-02-20 21:23 - 2008-08-28 05:28 - 00220409 _____ () C:\ProgramData\nvModes.001
2014-02-20 21:15 - 2006-11-02 11:33 - 01567488 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-20 21:14 - 2008-10-31 21:16 - 01091543 _____ () C:\Windows\WindowsUpdate.log
2014-02-20 21:10 - 2006-11-02 13:37 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-02-20 21:08 - 2013-01-26 00:58 - 00001112 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-20 21:08 - 2006-11-02 14:01 - 00032558 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-02-20 21:08 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-20 21:08 - 2006-11-02 13:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-20 21:08 - 2006-11-02 13:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-20 21:07 - 2008-08-28 03:21 - 00000012 _____ () C:\Windows\bthservsdp.dat
2014-02-20 21:00 - 2013-01-26 00:58 - 00001116 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-20 20:59 - 2008-08-28 05:22 - 00220409 _____ () C:\ProgramData\nvModes.dat
2014-02-20 19:44 - 2012-10-06 18:51 - 00198518 _____ () C:\Windows\PFRO.log
2014-02-18 22:15 - 2014-02-18 22:15 - 00000000 ____D () C:\Program Files\ESET
2014-02-18 21:34 - 2014-02-18 21:34 - 00000915 _____ () C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-02-18 21:34 - 2014-02-18 21:34 - 00000907 _____ () C:\Users\Michael\Desktop\Mozilla Firefox.lnk
2014-02-18 21:34 - 2014-02-18 21:34 - 00000000 ____D () C:\Users\Michael\AppData\Local\Mozilla Firefox
2014-02-18 21:11 - 2013-10-17 15:47 - 00576096 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys
2014-02-18 21:11 - 2013-10-17 15:47 - 00025184 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klkbdflt.sys
2014-02-18 21:11 - 2013-06-08 20:18 - 00094304 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klflt.sys
2014-02-18 21:06 - 2014-02-18 21:06 - 00000000 ____D () C:\Program Files\VS Revo Group
2014-02-18 21:04 - 2014-02-18 21:04 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Michael\Desktop\revosetup95.exe
2014-02-16 20:33 - 2014-02-13 21:03 - 00000000 ____D () C:\AdwCleaner
2014-02-15 22:06 - 2014-02-15 22:06 - 00018790 _____ () C:\Users\Michael\Desktop\Addition.txt
2014-02-13 21:23 - 2014-02-13 21:23 - 00000000 ____D () C:\Windows\ERUNT
2014-02-13 21:21 - 2014-02-13 21:21 - 01037530 _____ (Thisisu) C:\Users\Michael\Desktop\JRT.exe
2014-02-13 21:02 - 2014-02-13 21:02 - 01166132 _____ () C:\Users\Michael\Desktop\adwcleaner.exe
2014-02-12 03:48 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-02-12 03:17 - 2008-08-28 09:53 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-02-12 03:15 - 2013-08-26 02:12 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-12 03:11 - 2006-11-02 11:24 - 85946576 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-02-11 21:00 - 2014-02-11 20:48 - 00000000 ____D () C:\Qoobox
2014-02-11 21:00 - 2014-02-11 20:48 - 00000000 ____D () C:\ComboFix
2014-02-11 21:00 - 2006-11-02 12:18 - 00000000 __RHD () C:\Users\Default
2014-02-11 21:00 - 2006-11-02 12:18 - 00000000 ___RD () C:\Users\Public
2014-02-11 20:59 - 2014-02-11 20:59 - 00012673 _____ () C:\ComboFix.txt
2014-02-11 20:58 - 2014-02-11 20:47 - 00000000 ____D () C:\Windows\erdnt
2014-02-11 20:58 - 2006-11-02 11:23 - 00000215 _____ () C:\Windows\system.ini
2014-02-11 20:42 - 2014-02-11 20:41 - 05180278 ____R (Swearware) C:\Users\Michael\Desktop\ComboFix.exe
2014-02-10 20:05 - 2012-04-01 18:23 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-02-10 20:05 - 2011-05-20 10:52 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-02-09 20:45 - 2014-02-09 20:45 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\Malwarebytes
2014-02-09 17:37 - 2008-11-10 14:44 - 00000680 _____ () C:\Users\Michael\AppData\Local\d3d9caps.dat
2014-02-07 22:03 - 2008-11-06 16:39 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\Skype
2014-02-05 09:58 - 2014-02-12 03:03 - 12345344 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-05 09:56 - 2014-02-12 03:03 - 01806848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-05 09:53 - 2014-02-12 03:03 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-05 09:51 - 2014-02-12 03:03 - 01105408 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-05 09:50 - 2014-02-12 03:03 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-05 09:49 - 2014-02-12 03:03 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-05 09:49 - 2014-02-12 03:03 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-02-05 09:48 - 2014-02-12 03:03 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-05 09:48 - 2014-02-12 03:03 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-02-05 09:48 - 2014-02-12 03:03 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-05 09:48 - 2014-02-12 03:03 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-05 09:48 - 2014-02-12 03:03 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-05 09:47 - 2014-02-12 03:03 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-05 09:47 - 2014-02-12 03:03 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-05 09:47 - 2014-02-12 03:03 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-02-05 09:46 - 2014-02-12 03:03 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-04 21:36 - 2010-02-10 21:59 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\vlc

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================

--- --- ---

Addition.txt:

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 20-02-2014
Ran by Michael at 2014-02-20 21:53:53
Running from C:\Users\Michael\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Kaspersky Internet Security (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
AS: Kaspersky Internet Security (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}

==================== Installed Programs ======================

 Update for Microsoft Office 2007 (KB2508958) (Version:  - Microsoft)
7-Zip 9.20 (Version:  - )
Activation Assistant for the 2007 Microsoft Office suites (Version:  - Microsoft Corporation)
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0 - Microsoft Corporation) Hidden
Adobe Flash Player 12 Plugin (Version: 12.0.0.44 - Adobe Systems Incorporated)
Adobe Flash Player ActiveX (Version: 9.0.124.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) - Deutsch (Version: 11.0.06 - Adobe Systems Incorporated)
Adobe Shockwave Player 11 (Version: 11 - Adobe Systems, Inc.)
Any Video Converter 5 5.0.4 (Version:  - Any-Video-Converter.com)
AVerMedia A850 USB DMB-TH 1.0.0.26 (Version: 1.0.0.26 - AVerMedia TECHNOLOGIES, Inc.)
AVerTV (Version: 6.0.18 - AVerMedia Technologies, Inc.)
AVerTV (Version: 6.0.18 - AVerMedia Technologies, Inc.) Hidden
Bing Bar (Version: 7.0.850.0 - Microsoft Corporation)
CCleaner (Version: 3.22 - Piriform)
Choice Guard (Version: 1.2.87.0 - Microsoft Corporation) Hidden
Cisco Systems VPN Client 5.0.03.0530 (Version: 5.0.3 - Cisco Systems, Inc.)
Click to Call with Skype (Version: 5.6.8153 - Skype Technologies S.A.)
Compatibility Pack für 2007 Office System (Version: 12.0.6612.1000 - Microsoft Corporation)
Corel MediaOne (Version: 2.00.0000 - Corel Corporation)
CorelDRAW Essential Edition 3 (Version: 3.0 - Corel Corporation) Hidden
CyberLink MediaShow (Version: 4.1.2014 - CyberLink Corp.)
CyberLink MediaShow (Version: 4.1.2014 - CyberLink Corp.) Hidden
CyberLink PhotoNow (Version: 1.1.5203 - CyberLink Corp.)
CyberLink PhotoNow (Version: 1.1.5203 - CyberLink Corp.) Hidden
CyberLink PowerDirector (Version: 7.0.2014 - CyberLink Corp.)
CyberLink PowerDirector (Version: 7.0.2014 - CyberLink Corp.) Hidden
CyberLink PowerProducer (Version: 5.0815 - CyberLink Corp.)
CyberLink PowerProducer (Version: 5.0815 - CyberLink Corp.) Hidden
CyberLink YouCam (Version: 2.0.1916 - CyberLink Corp.)
CyberLink YouCam (Version: 2.0.1916 - CyberLink Corp.) Hidden
DE (Version: 3.0 - Corel Corporation) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (Version:  - Microsoft)
ESET Online Scanner v3 (Version:  - )
e-Wörterbücher (Version:  - )
FILEminimizer Pictures (Version:  - balesio AG)
Foxlink Webcam (Version: 5.8.48000.201_WHQL - Sonix)
Freeciv 2.1.9 (GTK+ client) (Version:  - )
Garmin BaseCamp (Version: 3.2.2 - Garmin Ltd or its subsidiaries)
Garmin USB Drivers (Version: 2.3.0.0 - Garmin Ltd or its subsidiaries)
Google Earth Plug-in (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.22.5 - Google Inc.) Hidden
ICQ6.5 (Version: 6.5 - ICQ)
ICQ7.5 (HKCU Version: 7.5 - ICQ)
Java 7 Update 51 (Version: 7.0.510 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Junk Mail filter update (Version: 14.0.8064.206 - Microsoft Corporation) Hidden
Kaspersky Internet Security (Version: 14.0.0.4651 - Kaspersky Lab)
Kaspersky Internet Security (Version: 14.0.0.4651 - Kaspersky Lab) Hidden
Letstrade (Version: 1.00.0000 - Buhl Data Service)
LetsTrade Komponenten (Version:  - )
MakeDisc (Version: 3.0.2601 - CyberLink Corp.)
Malwarebytes Anti-Malware Version 1.75.0.1300 (Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 3.5 SP1 (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Fix it Center (Version: 1.0.0100 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Access MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2010 (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office OneNote MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint Viewer 2007 (German) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Publisher MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [DEU] (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (Version: 9.7.0621 - Microsoft Corporation)
Mozilla Firefox 27.0.1 (x86 de) (HKCU Version: 27.0.1 - Mozilla)
Mozilla Thunderbird (3.1.7) (Version: 3.1.7 (de) - Mozilla)
MSVCRT (Version: 14.0.1468.721 - Microsoft) Hidden
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB941833) (Version: 4.20.9849.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0 - Microsoft Corporation)
MyWinLocker 3 (Version: 3.1.20.0 - EgisTec)
Nero 8 Essentials (Version: 8.3.124 - Nero AG)
neroxml (Version: 1.0.0 - Nero AG) Hidden
NVIDIA Drivers (Version: 1.4 - NVIDIA Corporation)
OpenOffice.org 3.0 (Version: 3.0.9358 - OpenOffice.org)
PowerDVD (Version: 7.0.3118.0 - PowerDVDCorp.)
Realtek 8169 8168 8101E 8102E Ethernet Driver (Version: 1.00.0000 - Realtek)
Realtek High Definition Audio Driver (Version: 6.0.1.5672 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (Version: 3.0.1.3 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (Version: 1.95 - VS Revo Group)
Sceneo AbsolutTV (Version:  - )
Schiff-Simulator 2008 (Version:  - )
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (Version:  - Microsoft) Hidden
Skype™ 5.10 (Version: 5.10.116 - Skype Technologies S.A.)
Spelling Dictionaries Support For Adobe Reader 9 (Version: 9.0.0 - Adobe Systems Incorporated)
TVsweeper 3 (Version: 3.0.3 - Sonavis)
Update for 2007 Microsoft Office System (KB967642) (Version:  - Microsoft)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837583) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2775360) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (Version:  - Microsoft)
Update Manager (Version: 4.60 - Corel Corporation) Hidden
VCRedistSetup (Version: 1.0.0 - Nero AG) Hidden
VITAKEY (Version: 6.0.1.41 - EgisTec)
VITAKEY (Version: 6.0.1.41 - EgisTec) Hidden
VLC media player 1.0.5 (Version: 1.0.5 - VideoLAN Team)
waterMark V2 (Version:  - )
Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (06/03/2009 2.3.0.0) (Version: 06/03/2009 2.3.0.0 - Garmin)
Windows Live Call (Version: 14.0.8064.0206 - Microsoft Corporation) Hidden
Windows Live Communications Platform (Version: 14.0.8064.206 - Microsoft Corporation) Hidden
Windows Live Essentials (Version: 14.0.8064.0206 - Microsoft Corporation)
Windows Live Essentials (Version: 14.0.8064.206 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 14.0.8064.206 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (Version: 14.0.8064.206 - Microsoft Corporation) Hidden
Windows Live ID-Anmelde-Assistent (Version: 6.500.3165.0 - Microsoft Corporation)
Windows Live Mail (Version: 14.0.8064.0206 - Microsoft Corporation) Hidden
Windows Live Messenger (Version: 14.0.8064.0206 - Microsoft Corporation) Hidden
Windows Live Movie Maker-Betaversion (Version: 14.0.8064.0206 - Microsoft Corporation) Hidden
Windows Live Sync (Version: 14.0.8064.206 - Microsoft Corporation)
Windows Live Writer (Version: 14.0.8064.0206 - Microsoft Corporation) Hidden
Windows Live-Uploadtool (Version: 14.0.8014.1029 - Microsoft Corporation)
WISO Mein Geld 2008 Professional (Version: 9.00.01.0023 - Buhl Data Service GmbH)
X10 Hardware(TM) (Version:  - )
Youtube Downloader HD v. 2.6 (Version:  - YoutubeDownloaderHD.com)

==================== Restore Points  =========================

Could not list Restore Points. Check "winmgmt" service or repair WMI.


==================== Hosts content: ==========================

2006-11-02 11:23 - 2014-02-11 20:58 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => ?
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => ?
Task: C:\Windows\Tasks\User_Feed_Synchronization-{103B65BD-4798-4CA0-9487-EB211B637804}.job => ?

==================== Loaded Modules (whitelisted) =============

2013-06-17 12:35 - 2013-06-17 12:35 - 00478400 _____ () C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\dblite.dll
2008-08-28 10:58 - 2008-08-28 14:03 - 00233472 _____ () C:\Windows\tsnp2uvc.exe

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Disabled items from MSCONFIG ==============

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^AVer HID Receiver.lnk => C:\Windows\pss\AVer HID Receiver.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^AVerQuick.lnk => C:\Windows\pss\AVerQuick.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^VPN Client.lnk => C:\Windows\pss\VPN Client.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Michael (Admin)^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.0.lnk => C:\Windows\pss\OpenOffice.org 3.0.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: ICQ => "C:\Program Files\ICQ6.5\ICQ.exe" silent
MSCONFIG\startupreg: LanguageShortcut => "C:\Program Files\HomeCinema\PowerDVD\Language\Language.exe"
MSCONFIG\startupreg: mwlDaemon => C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
MSCONFIG\startupreg: RemoteControl => "C:\Program Files\HomeCinema\PowerDVD\PDVDServ.exe"
MSCONFIG\startupreg: toolbar_eula_launcher => C:\Program Files\GoogleEULA\EULALauncher.exe
MSCONFIG\startupreg: UCam_Menu => "C:\Program Files\HomeCinema\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\HomeCinema\YouCam" update "Software\CyberLink\YouCam\2.0"
MSCONFIG\startupreg: VitaKeyPdtWzd => C:\Program Files\EgisTec\VITAKEY\PdtWzd.exe

==================== Faulty Device Manager Devices =============

Name: Microsoft-ISATAP-Adapter
Description: Microsoft-ISATAP-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Cisco Systems VPN Adapter
Description: Cisco Systems VPN Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: CVirtA
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Could not start eventlog service, could not read events.

Systemfehler 5 aufgetreten.

Zugriff verweigert


==================== Memory info =========================== 

Percentage of memory in use: 46%
Total physical RAM: 3065.96 MB
Available physical RAM: 1632.2 MB
Total Pagefile: 6332.89 MB
Available Pagefile: 4936.56 MB
Total Virtual: 2047.88 MB
Available Virtual: 1914.52 MB

==================== Drives ================================

Drive c: (BOOT) (Fixed) (Total:278.32 GB) (Free:49.42 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (RECOVER) (Fixed) (Total:19.76 GB) (Free:7.11 GB) FAT32
Drive z: (Diverses) (Network) (Total:1829.34 GB) (Free:1105.92 GB) NTFS

==================== MBR & Partition Table ==================

==================== End Of Log ============================

schrauber · 21.02.2014, 20:37

Wurde FF auch zurückgesetzt wie ich es verlinkt habe? Noch Probleme?

windchill · 23.02.2014, 20:41

Hallo. Ja, FF wurde wie oben verlinkt zurückgesetzt. Das Problem besteht nicht mehr. Allerdings muss ich sagen, dass ein anderer Computer, bei dem das Problem vorher auch bestand und an dem ich nichts getan habe, dieses Problem nun auch nicht mehr hat. Mir scheint das nicht ganz Koscher.

schrauber · 24.02.2014, 18:32

Speedprobleme und Co können auch vom Router kommen, trenn das Teil mal sauber 30 min vom Strom.

windchill · 24.02.2014, 20:52

Zu den Speedproblemen: Nach dem Durchlauf mit Combofix ging der Systemstart 2-3 Mal recht schnell. Danach wurde er wieder langsam. Mit dem Laptop bin ich über zwei verschiedene Router mit dem Internet verbunden gewesen (bei mir und bei meinen Eltern). Bei beiden trat das Problem mit den neuen Tabs auf.

Mir bereitet die Tatsache Sorgen, dass das Problem an Rechner 2 OHNE mein Zutun nicht mehr autritt. Wobei ich dazu sagen muss, dass an dem Rechner seit anderthalb Wochen niemand außer mir dran war.

schrauber · 25.02.2014, 18:58

Aber aktuell gibt es keine Probleme mehr? Beobachte das mal und melde dich wieder.

21.02.2014, 20:37	#8
schrauber /// the machine /// TB-Ausbilder	Firefox öffnet selbständig neuen Tab zu Systweak/Reg cleaner pro Wurde FF auch zurückgesetzt wie ich es verlinkt habe? Noch Probleme? __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

24.02.2014, 18:32	#10
schrauber /// the machine /// TB-Ausbilder	Firefox öffnet selbständig neuen Tab zu Systweak/Reg cleaner pro Speedprobleme und Co können auch vom Router kommen, trenn das Teil mal sauber 30 min vom Strom. __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

25.02.2014, 18:58	#12
schrauber /// the machine /// TB-Ausbilder	Firefox öffnet selbständig neuen Tab zu Systweak/Reg cleaner pro Aber aktuell gibt es keine Probleme mehr? Beobachte das mal und melde dich wieder. __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

Firefox öffnet selbständig neuen Tab zu Systweak/Reg cleaner pro

Plagegeister aller Art und deren Bekämpfung: Firefox öffnet selbständig neuen Tab zu Systweak/Reg cleaner pro