Windows 7: trojaner GVU/Bundespolizei fährt den Pc im abgesicherten Modus runter!

papy · 15.04.2014, 21:00

Hallo lieber Helfer,

ich habe letzter Woche ein Trojaner Bundespolizei auf mein pc bekommen. Nachdem ich mich einlogge, wird mein Bildschirm durch ein Bild mit der Bundeskanzlerin und ein polizist oben gesperrt. Links und rechts steht das Wort "Interpol". Er hat mein Webcam aktiviert, und ein Bild aufgenommen.

Ich habe letztes Jahr schon ein Trojaner gehabt, und ich konnte ihn über den abgesicherten Modus suchen und loschen. Dieses mal gelingt mir das nicht.
Wenn ich den Pc über den abgesicherter modus starte,mich einloggt, der Pc fährt nach 2-3 Sekunden runter. Ich kann gar nichts machen. wie kann ich diesen Trojaner entfernen?
Bitte helfen Sie mir!!!

Ich habe ein Frst-logfile erzeugt und lege es bei:

[
FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 14-04-2014
Ran by SYSTEM on MININT-H0EEBE0 on 15-04-2014 00:49:36
Running from H:\
Windows 7 Professional (X86) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.



==================== Registry (Whitelisted) ==================

HKLM\...\Run: [NeroCheck] => C:\Windows\system32\NeroCheck.exe [155648 2003-07-13] (Ahead Software Gmbh)
HKLM\...\Run: [WirelessAssistant] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [498744 2009-07-23] (Hewlett-Packard)
HKLM\...\Run: [NokiaMServer] => C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup
HKLM\...\Run: [NokiaMusic FastStart] => C:\Program Files\Nokia\Ovi Player\NokiaOviPlayer.exe [2090272 2009-11-06] (Nokia)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [FreePDF Assistant] => C:\Program Files\FreePDF_XP\fpassist.exe [385024 2009-09-05] (shbox.de)
HKLM\...\Run: [YSearchProtection] => C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe [111856 2009-02-23] (Yahoo! Inc)
HKLM\...\Run: [Pulse] => C:\Program Files\Common Files\Juniper Networks\JamUI\Pulse.exe [1698672 2010-10-23] (Juniper Networks)
HKLM\...\Run: [ITSecMng] => C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe [83336 2009-07-22] (TOSHIBA CORPORATION)
HKLM\...\Run: [DATAMNGR] => C:\Program Files\Searchqu Toolbar\Datamngr\datamngrUI.exe [1890744 2012-09-02] (Bandoo Media, inc)
HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [3830224 2013-05-16] (Safer-Networking Ltd.)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-20] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [ApnTBMon] => C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1558480 2013-07-26] (APN)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKU\Default\...\Run: [Sidebar] => C:\Program Files\Windows Sidebar\Sidebar.exe [1174016 2010-11-20] (Microsoft Corporation)
HKU\Default User\...\Run: [Sidebar] => C:\Program Files\Windows Sidebar\Sidebar.exe [1174016 2010-11-20] (Microsoft Corporation)
HKU\Gast\...\Run: [LightScribe Control Panel] => C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2009-06-17] (Hewlett-Packard Company)
HKU\Gast\...\Run: [msnmsgr] => C:\Program Files\Windows Live\Messenger\msnmsgr.exe [3883840 2009-07-26] (Microsoft Corporation)
HKU\Gast\...\Run: [LowRateVoip] => C:\Program Files\LowRateVoip.com\LowRateVoip\LowRateVoip.exe [19452736 2013-07-20] (LowRateVoip)
HKU\Mo.T*******\...\Run: [LightScribe Control Panel] => C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2009-06-17] (Hewlett-Packard Company)
HKU\Mo.T*******\...\Run: [msnmsgr] => C:\Program Files\Windows Live\Messenger\msnmsgr.exe [3883840 2009-07-26] (Microsoft Corporation)
HKU\Mo.T*******\...\Run: [] => [X]
HKU\Mo.T*******\...\Run: [NokiaOviSuite2] => C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe [401728 2009-12-10] (Nokia)
HKU\Mo.T*******\...\Run: [Sidebar] => C:\Program Files\Windows Sidebar\sidebar.exe [1174016 2010-11-20] (Microsoft Corporation)
HKU\Mo.T*******\...\Run: [Messenger (Yahoo!)] => C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [5252408 2010-06-01] (Yahoo! Inc.)
HKU\Mo.T*******\...\Run: [Search Protection] => C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe [111856 2009-02-23] (Yahoo! Inc)
HKU\Mo.T*******\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [354304 2009-07-14] (Microsoft Corporation)
HKU\Mo.T*******\...\Run: [DAEMON Tools Lite] => C:\Program Files\DAEMON Tools Lite\DTLite.exe [3672384 2012-04-11] (DT Soft Ltd)
HKU\Mo.T*******\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)
HKU\Mo.T*******\...\Run: [GarminExpressTrayApp] => C:\Program Files\Garmin\Express Tray\ExpressTray.exe [1093464 2013-08-28] (Garmin Ltd or its subsidiaries)
HKU\Mo.T*******\...\Command Processor: "C:\Users\MOA8BD~1.TCH\AppData\Local\Temp\webyeryb3460vavaw.exe" <===== ATTENTION!
AppInit_DLLs: C:\PROGRA~1\SEARCH~1\Datamngr\datamngr.dll => C:\Program Files\Searchqu Toolbar\Datamngr\datamngr.dll [1723320 2012-09-02] (Bandoo Media, inc)
AppInit_DLLs: C:\PROGRA~1\SEARCH~1\Datamngr\IEBHO.dll => C:\Program Files\Searchqu Toolbar\Datamngr\IEBHO.dll [1185208 2012-09-02] (Bandoo Media, inc)
Startup: C:\Users\Mo.T*******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\7hbodgmq.lnk
ShortcutTarget: 7hbodgmq.lnk -> C:\ProgramData\2992199F9A\qmgdobh7.cpp (Microsoft Corporation)
Startup: C:\Users\Mo.T*******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Mo.T*******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk
ShortcutTarget: OpenOffice.org 3.1.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()

========================== Services (Whitelisted) =================

S2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
S2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [1017424 2014-02-20] (Avira Operations GmbH & Co. KG)
S2 APNMCP; C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe [168400 2013-07-26] (APN LLC.)
S2 CVPND; C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [1528608 2008-08-29] (Cisco Systems, Inc.)
S2 dsNcService; C:\Program Files\Juniper Networks\Common Files\dsNcService.exe [660848 2010-08-27] (Juniper Networks)
S2 Garmin Core Update Service; C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [246616 2013-08-28] (Garmin Ltd or its subsidiaries)
S2 HP Health Check Service; C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [124928 2009-07-09] (Hewlett-Packard)
S2 JTAGServer; c:\altera\91\quartus\bin\jtagserver.exe [164352 2009-10-22] ()
S2 JuniperAccessService; C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe [198000 2010-10-22] (Juniper Networks)
S2 Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [1378040 2011-04-24] (Lavasoft)
S2 matlabserver; C:\MATLAB7\webserver\bin\win32\matlabserver.exe [536576 2004-04-24] ()
S4 RichVideo; C:\Program Files\CyberLink\Shared files\RichVideo.exe [247152 2009-01-21] ()
S2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1817560 2013-05-16] (Safer-Networking Ltd.)
S2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [1033688 2013-05-16] (Safer-Networking Ltd.)
S2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2013-05-15] (Safer-Networking Ltd.)
S2 Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3048136 2012-05-30] (Skype Technologies S.A.)
S2 Winmgmt; C:\ProgramData\2992199F9A\qmgdobh7.cpp [182561 2014-04-08] (Microsoft Corporation)
S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [X]

==================== Drivers (Whitelisted) ====================

S2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [90400 2013-12-17] (Avira Operations GmbH & Co. KG)
S1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135648 2013-12-17] (Avira Operations GmbH & Co. KG)
S1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-12-12] (Avira Operations GmbH & Co. KG)
S3 CVirtA; C:\Windows\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.)
S2 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [306299 2008-08-29] (Cisco Systems, Inc.)
S3 DCamUSBNovatek; C:\Windows\System32\Drivers\nvtcam.sys [2704640 2010-09-07] (Novatek)
S3 DNE; C:\Windows\System32\DRIVERS\dne2000.sys [125328 2008-03-29] (Deterministic Networks, Inc.)
S3 dsNcAdpt; C:\Windows\System32\DRIVERS\dsNcAdpt.sys [26624 2010-06-11] (Juniper Networks)
S1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [242240 2012-04-28] (DT Soft Ltd)
S3 grmnusb; C:\Windows\System32\drivers\grmnusb.sys [15720 2012-04-18] (GARMIN Corp.)
S3 jnprna; C:\Windows\System32\DRIVERS\jnprna.sys [420464 2010-07-22] (Juniper Networks, Inc.)
S3 jnprva; C:\Windows\System32\DRIVERS\jnprva.sys [25456 2010-07-22] (Juniper Networks, Inc.)
S3 JnprVaMgr; C:\Windows\System32\DRIVERS\jnprvamgr.sys [36776 2010-07-22] (Juniper Networks, Inc.)
S3 Lavasoft Kernexplorer; C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys [15264 2010-11-19] ()
S3 NPF; C:\Windows\System32\drivers\npf.sys [50704 2009-10-20] (CACE Technologies, Inc.)
S2 Sentinel; C:\Windows\System32\Drivers\SENTINEL.SYS [76288 2009-10-21] (Rainbow Technologies, Inc.)
S3 Sntnlusb; C:\Windows\System32\DRIVERS\SNTNLUSB.SYS [26120 2009-10-21] (Rainbow Technologies Inc.)
S1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-09-03] (Avira GmbH)
S3 StarOpen; C:\Windows\System32\Drivers\StarOpen.sys [7168 2009-11-12] ()
S3 WinDriver6; C:\Windows\System32\drivers\windrvr6.sys [194362 2010-09-16] (Jungo)
S3 XilinxFirmwareEmbeddedLpLoader; C:\Windows\System32\Drivers\xusb_emb.sys [17408 2010-09-16] (Xilinx, Inc.)
S2 XilinxPC4Driver; C:\Windows\System32\drivers\xpc4drvr.sys [16000 2010-09-16] (Xilinx, Inc.)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-15 00:21 - 2014-04-15 00:49 - 00000000 ____D () C:\FRST
2014-04-09 20:29 - 2014-04-09 20:29 - 00000000 ____D () C:\Windows\pss
2014-04-08 21:24 - 2014-04-09 22:50 - 00000000 ____D () C:\ProgramData\2992199F9A

==================== One Month Modified Files and Folders =======

2014-04-15 00:49 - 2014-04-15 00:21 - 00000000 ____D () C:\FRST
2014-04-14 23:10 - 2013-06-14 01:09 - 00015574 _____ () C:\Windows\setupact.log
2014-04-14 23:10 - 2010-09-27 07:39 - 00280335 _____ () C:\aaw7boot.log
2014-04-14 23:08 - 2010-01-20 00:36 - 01348046 _____ () C:\Windows\WindowsUpdate.log
2014-04-14 23:08 - 2009-07-14 05:34 - 00013792 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-14 23:08 - 2009-07-14 05:34 - 00013792 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-09 23:13 - 2010-12-09 18:51 - 00000000 ____D () C:\Users\Gast\Tracing
2014-04-09 22:52 - 2011-03-24 20:52 - 00000978 _____ () C:\Users\Mo.T*******\Desktop\Bluetooth-Informationsaustausch.lnk
2014-04-09 22:50 - 2014-04-08 21:24 - 00000000 ____D () C:\ProgramData\2992199F9A
2014-04-09 22:50 - 2010-01-31 18:56 - 00000000 ____D () C:\Users\Mo.T*******\Tracing
2014-04-09 21:32 - 2010-02-27 09:46 - 00007605 _____ () C:\Users\Mo.T*******\AppData\Local\Resmon.ResmonCfg
2014-04-09 20:29 - 2014-04-09 20:29 - 00000000 ____D () C:\Windows\pss
2014-04-08 23:22 - 2010-02-15 20:05 - 00000000 ____D () C:\Users\Mo.T*******\AppData\Roaming\Skype
2014-04-08 13:00 - 2014-02-26 22:53 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-04-03 20:14 - 2013-05-01 18:21 - 00000000 ____D () C:\Program Files\Common Files\Symantec Shared
2014-04-01 19:52 - 2010-01-20 00:50 - 01644734 _____ () C:\Windows\System32\PerfStringBackup.INI
2014-03-20 02:03 - 2010-02-15 20:05 - 00000000 ___RD () C:\Program Files\Skype
2014-03-20 02:02 - 2010-02-15 20:05 - 00000000 ____D () C:\ProgramData\Skype
2014-03-20 02:00 - 2013-08-16 09:13 - 00000000 ____D () C:\Windows\System32\MRT
2014-03-20 01:35 - 2010-01-31 19:43 - 87350280 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe

Some content of TEMP:
====================
C:\Users\Gast\AppData\Local\Temp\AskSLib.dll
C:\Users\Gast\AppData\Local\Temp\avgnt.exe
C:\Users\Gast\AppData\Local\Temp\drm_dialogs.dll
C:\Users\Gast\AppData\Local\Temp\drm_dyndata_7410004.dll
C:\Users\Gast\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Mo.T*******\AppData\Local\Temp\221056.exe
C:\Users\Mo.T*******\AppData\Local\Temp\247759.exe
C:\Users\Mo.T*******\AppData\Local\Temp\avgnt.exe
C:\Users\Mo.T*******\AppData\Local\Temp\~+JF8905281111587704911.dll


==================== Known DLLs (Whitelisted) ============


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================


==================== Memory info =========================== 

Percentage of memory in use: 12%
Total physical RAM: 3835.99 MB
Available physical RAM: 3344.24 MB
Total Pagefile: 3834.27 MB
Available Pagefile: 3356.2 MB
Total Virtual: 2047.88 MB
Available Virtual: 1962.54 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:149.27 GB) (Free:6.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:12.85 GB) (Free:2.11 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT32
Drive f: (Storage) (Fixed) (Total:135.67 GB) (Free:83.2 GB) NTFS
Drive g: (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.16 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive h: (MYUSB) (Removable) (Total:1.88 GB) (Free:1.87 GB) FAT
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: A6ACC5E4)

Partition: GPT Partition Type.

========================================================
Disk: 1 (Size: 2 GB) (Disk ID: 6B736964)
No partition Table on disk 1.


LastRegBack: 2014-04-03 20:14

==================== End Of Log ============================

--- --- ---
][/CODE]

Bootsektor · 16.04.2014, 07:42

Ich habe dein Thema in Arbeit und melde mich so schnell wie möglich mit weiteren Anweisungen.

Bootsektor · 16.04.2014, 08:11

Hallo papy.

Mein Name ist Sandra und ich werde Dir bei Deinem Problem behilflich sein.

Bitte arbeite alle Schritte der Reihe nach ab.
Lese die Anleitungen sorgfältig durch bevor Du beginnst. Wenn es Probleme gibt oder Du etwas nicht verstehst, dann stoppe mit Deiner Ausführung und beschreibe mir das Problem
Führe bitte nur Scans durch zu denen Du von mir aufgefordert wirst.
Bitte kein Crossposting ( posten in mehreren Foren).
Installiere oder deinstalliere während der Bereinigung keine Software, ausser Du wurdest dazu aufgefordert.
Speichere alle unsere Tools auf dem Desktop ab.
Poste die Logfiles direkt in deinen Thread in Code-Tags.
Bedenke, dass wir hier alle während unserer Freizeit tätig sind, wenn du innerhalb von 2 Tagen nichts von mir hörst, dann schreibe mir bitte eine PM.

Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der schnellere und bei einem Befall durch Malware immer der sicherste Weg. Adware lässt sich in den allermeisten Fällen problemlos entfernen.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis Dir jemand vom Team sagt, dass Du clean bist.

Posten in Code Tags
Bitte füge die Logs immer in Code-Tags ein. Wenn Du das nicht machst, erschwert es mir sehr das Auswerten. Danke.
Dazu:

Klicke über dem Antwortfenster auf die Raute #, dann steht dort in eckigen Klammern [code][/code]
Zwischen den beiden code-Bausteinen fügst Du dann deine Logfiles ein. Also [CODE] Logfile [/CODE]
Wenn die Logs zu lang sein sollten, dann teile sie bitte auf und poste sie dann hier in Deinem Thread, notfalls in mehreren Antworten.

Achte bitte darauf deinen Benutzernamen vor dem Fixen wieder einzufügen!
Kannst du den Rechner nach folgendem Fix wieder normal starten?
Schritt 1
Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

Startup: C:\Users\Mo.T*******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\7hbodgmq.lnk
ShortcutTarget: 7hbodgmq.lnk -> C:\ProgramData\2992199F9A\qmgdobh7.cpp (Microsoft Corporation)
S2 Winmgmt; C:\ProgramData\2992199F9A\qmgdobh7.cpp [182561 2014-04-08] (Microsoft Corporation)
C:\ProgramData\2992199F9A
C:\Users\Mo.T*******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\7hbodgmq.lnk

Speichere diese bitte als Fixlist.txt auf deinem USB Stick.

Starte deinen Rechner erneut in die Reparaturoptionen
Starte nun die FRST.exe erneut und klicke den Fix Button.

Das Tool erstellt eine Fixlog.txt auf deinem USB Stick. Poste den Inhalt bitte hier.

Achtung, auch wenn dein Rechner nach diesem Fix wieder normal startet, ist er weiterhin mit anderer Schadsoftware infiziert, bitte arbeite weiterhin mit!

papy · 16.04.2014, 17:07

Hallo Sandra,
hier ist den Fixlog:

Code:

ATTFilter

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 14-04-2014
Ran by SYSTEM at 2014-04-16 17:56:15 Run:1
Running from H:\
Boot Mode: Recovery

==============================================

Content of fixlist:
*****************
Startup: C:\Users\Mo.T*******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\7hbodgmq.lnk
ShortcutTarget: 7hbodgmq.lnk -> C:\ProgramData\2992199F9A\qmgdobh7.cpp (Microsoft Corporation)
S2 Winmgmt; C:\ProgramData\2992199F9A\qmgdobh7.cpp [182561 2014-04-08] (Microsoft Corporation)
C:\ProgramData\2992199F9A
C:\Users\Mo.T*******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\7hbodgmq.lnk
         
*****************

C:\Users\Mo.T*******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\7hbodgmq.lnk => Moved successfully.
C:\ProgramData\2992199F9A\qmgdobh7.cpp => Moved successfully.
Winmgmt => Service restored successfully.
C:\ProgramData\2992199F9A => Moved successfully.
"C:\Users\Mo.T*******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\7hbodgmq.lnk" => File/Directory not found.

==== End of Fixlog ====

vielen Dank im Voraus.

Bootsektor · 16.04.2014, 21:17

Hallo papy,

hattest du im Fix dran gedacht, überall deinen Namen wieder einzufügen?
startet der Computer denn wieder normal?

Dann bitte folgendes tun:
Schritt 1

Verschiebe nun die FRST.exe von deinem USB-Stick auf den Desktop deines Rechners.
Starte jetzt noch einmal FRST.

Setze den Haken bei addition.txt und drücke auf Scan.
Wenn der Scan abgeschlossen ist, werden zwei neue Logfiles FRST.txt und addition.txt erstellt und auf dem Desktop gespeichert.
Poste den Inhalt dieser Logfiles bitte hier in deinen Thread.

papy · 17.04.2014, 00:00

Hallo Sandra,

ja, bevor ich den Fix durchgeführt habe, habe ich meinen Name wiedereingefügt. Danach konnte der Pc ohne Sperrbild wieder normal starten .
Nun habe ich den Scan gemacht und die logfiles erzeugt...

FRST.txt:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 14-04-2014
Ran by Mo.T******* (administrator) on MOTCHUIKOU-PC on 17-04-2014 00:38:03
Running from C:\Users\Mo.T*******\Desktop
Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(Hewlett-Packard) C:\Windows\system32\Hpservice.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Lavasoft) C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(APN LLC.) C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe
(Cisco Systems, Inc.) C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
(Juniper Networks) C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
(Garmin Ltd or its subsidiaries) C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
() c:\altera\91\quartus\bin\jtagserver.exe
(Juniper Networks) C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
(Yahoo! Inc.) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corporation) C:\Windows\system32\wbem\unsecapp.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
(Nokia) C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(shbox.de) C:\Program Files\FreePDF_XP\fpassist.exe
(Yahoo! Inc) C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
(Juniper Networks) C:\Program Files\Common Files\Juniper Networks\JamUI\Pulse.exe
(Bandoo Media, inc) C:\Program Files\Searchqu Toolbar\Datamngr\datamngrUI.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(APN) C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
(Microsoft Corporation) C:\Program Files\Windows Live\Messenger\msnmsgr.exe
(Nokia) C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Garmin Ltd or its subsidiaries) C:\Program Files\Garmin\Express Tray\ExpressTray.exe
(TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
(THe UDS) C:\Program Files\InstantTimeZone\InstantTimeZone.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.bin
(TOSHIBA CORPORATION) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
(THe UDS) C:\Program Files\InstantTimeZone\InstantTimeZone.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
(TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
(TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
(TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
(Yahoo! Inc.) C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
() C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe
() C:\Program Files\Common Files\Nokia\NoA\nokiaaserver.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
(Nokia) C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
(Nokia) C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
(Nokia) C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
(Nokia) C:\Program Files\PC Connectivity Solution\Transports\NclToBTSrv.exe
(Lavasoft) C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
(Microsoft Corporation) C:\Windows\system32\wbem\WMIADAP.EXE
(Microsoft Corporation) C:\Windows\system32\wuauclt.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [NeroCheck] => C:\Windows\system32\NeroCheck.exe [155648 2003-07-13] (Ahead Software Gmbh)
HKLM\...\Run: [WirelessAssistant] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [498744 2009-07-23] (Hewlett-Packard)
HKLM\...\Run: [NokiaMServer] => C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup
HKLM\...\Run: [NokiaMusic FastStart] => C:\Program Files\Nokia\Ovi Player\NokiaOviPlayer.exe [2090272 2009-11-06] (Nokia)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [FreePDF Assistant] => C:\Program Files\FreePDF_XP\fpassist.exe [385024 2009-09-05] (shbox.de)
HKLM\...\Run: [YSearchProtection] => C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe [111856 2009-02-23] (Yahoo! Inc)
HKLM\...\Run: [Pulse] => C:\Program Files\Common Files\Juniper Networks\JamUI\Pulse.exe [1698672 2010-10-23] (Juniper Networks)
HKLM\...\Run: [ITSecMng] => C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe [83336 2009-07-22] (TOSHIBA CORPORATION)
HKLM\...\Run: [DATAMNGR] => C:\Program Files\Searchqu Toolbar\Datamngr\datamngrUI.exe [1890744 2012-09-02] (Bandoo Media, inc)
HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [3830224 2013-05-16] (Safer-Networking Ltd.)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-20] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [ApnTBMon] => C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1558480 2013-07-26] (APN)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKU\S-1-5-19\...\Run: [Sidebar] => C:\Program Files\Windows Sidebar\Sidebar.exe [1174016 2010-11-20] (Microsoft Corporation)
HKU\S-1-5-20\...\Run: [Sidebar] => C:\Program Files\Windows Sidebar\Sidebar.exe [1174016 2010-11-20] (Microsoft Corporation)
HKU\S-1-5-21-2441125889-3839948254-335534644-1000\...\Run: [LightScribe Control Panel] => C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2009-06-17] (Hewlett-Packard Company)
HKU\S-1-5-21-2441125889-3839948254-335534644-1000\...\Run: [msnmsgr] => C:\Program Files\Windows Live\Messenger\msnmsgr.exe [3883840 2009-07-26] (Microsoft Corporation)
HKU\S-1-5-21-2441125889-3839948254-335534644-1000\...\Run: [] => [X]
HKU\S-1-5-21-2441125889-3839948254-335534644-1000\...\Run: [NokiaOviSuite2] => C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe [401728 2009-12-10] (Nokia)
HKU\S-1-5-21-2441125889-3839948254-335534644-1000\...\Run: [Sidebar] => C:\Program Files\Windows Sidebar\sidebar.exe [1174016 2010-11-20] (Microsoft Corporation)
HKU\S-1-5-21-2441125889-3839948254-335534644-1000\...\Run: [Messenger (Yahoo!)] => C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [5252408 2010-06-01] (Yahoo! Inc.)
HKU\S-1-5-21-2441125889-3839948254-335534644-1000\...\Run: [Search Protection] => C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe [111856 2009-02-23] (Yahoo! Inc)
HKU\S-1-5-21-2441125889-3839948254-335534644-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [354304 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-2441125889-3839948254-335534644-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files\DAEMON Tools Lite\DTLite.exe [3672384 2012-04-11] (DT Soft Ltd)
HKU\S-1-5-21-2441125889-3839948254-335534644-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)
HKU\S-1-5-21-2441125889-3839948254-335534644-1000\...\Run: [GarminExpressTrayApp] => C:\Program Files\Garmin\Express Tray\ExpressTray.exe [1093464 2013-08-28] (Garmin Ltd or its subsidiaries)
HKU\S-1-5-21-2441125889-3839948254-335534644-1000\...\MountPoints2: H - H:\AutoRun.exe
HKU\S-1-5-21-2441125889-3839948254-335534644-1000\...\MountPoints2: I - I:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-2441125889-3839948254-335534644-1000\...\MountPoints2: {0df93878-198b-11e0-a313-91265f448b94} - H:\AutoRun.exe
HKU\S-1-5-21-2441125889-3839948254-335534644-1000\...\MountPoints2: {0df93886-198b-11e0-a313-967bdee9a9b0} - I:\AutoRun.exe
HKU\S-1-5-21-2441125889-3839948254-335534644-1000\...\MountPoints2: {1dfb02a9-a128-11e3-9981-d65de5f1a59d} - I:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-2441125889-3839948254-335534644-1000\...\MountPoints2: {7e07d585-9160-11e1-8b45-f20c468c9ea1} - H:\setup.exe
HKU\S-1-5-21-2441125889-3839948254-335534644-1000\...\MountPoints2: {cd1a3888-3ac9-11e0-93cb-8b8d165d4ff3} - H:\AutoRun.exe
HKU\S-1-5-21-2441125889-3839948254-335534644-1000\...\MountPoints2: {dc1bfdf4-274a-11e0-899c-e85aa09ff09b} - H:\AutoRun.exe
HKU\S-1-5-21-2441125889-3839948254-335534644-1000\...\MountPoints2: {f6f4b7f7-2a53-11e0-85d0-d5f49d1021be} - I:\AutoRun.exe
HKU\S-1-5-21-2441125889-3839948254-335534644-1000\...\Command Processor: "C:\Users\MOA8BD~1.TCH\AppData\Local\Temp\webyeryb3460vavaw.exe" <===== ATTENTION!
AppInit_DLLs: C:\PROGRA~1\SEARCH~1\Datamngr\datamngr.dll => C:\Program Files\Searchqu Toolbar\Datamngr\datamngr.dll [1723320 2012-09-02] (Bandoo Media, inc)
AppInit_DLLs:  C:\PROGRA~1\SEARCH~1\Datamngr\IEBHO.dll => C:\Program Files\Searchqu Toolbar\Datamngr\IEBHO.dll [1185208 2012-09-02] (Bandoo Media, inc)
Startup: C:\Users\Mo.T*******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Mo.T*******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk
ShortcutTarget: OpenOffice.org 3.1.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.searchnu.com/414
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xC00CCB7E1EB4CA01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
URLSearchHook: HKCU - pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\4.7\pdfforgeToolbarIE.dll (Spigot, Inc.)
URLSearchHook: HKCU - YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll (Yahoo! Inc.)
SearchScopes: HKLM - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2414} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=0&systemid=414&sr=0&q={searchTerms}
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2414} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=0&systemid=414&sr=0&q={searchTerms}
SearchScopes: HKCU - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2414} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=0&systemid=414&sr=0&q={searchTerms}
SearchScopes: HKCU - {15260EDB-65F3-41D3-9CA4-500D6C319CF3} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2625848
SearchScopes: HKCU - {5B291E6C-9A74-4034-971B-A4B007A0B315} URL = hxxp://radiobar.toolbarhome.com/search.aspx?q={searchTerms}&srch=dsp
SearchScopes: HKCU - {61DA61FF-CDAE-4D29-A3DD-CCA4690DB68E} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=302398&p={searchTerms}
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2414} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=0&systemid=414&sr=0&q={searchTerms}
BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll (Yahoo! Inc.)
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
BHO: Avira SearchFree Toolbar plus Web Protection - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.)
BHO: RadioBar Toolbar - {5B291E6C-9A74-4034-971B-A4B007A0B315} - C:\Program Files\RadioBar\toolbar.ni.dll (IMEDIX WEB TECHNOLOGIES LTD.)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
BHO: DataMngr - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\Program Files\Searchqu Toolbar\Datamngr\BrowserConnection.dll (Bandoo Media, inc)
BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\4.7\pdfforgeToolbarIE.dll (Spigot, Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
Toolbar: HKLM - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll (Yahoo! Inc.)
Toolbar: HKLM - RadioBar Toolbar - {5B291E6C-9A74-4034-971B-A4B007A0B315} - C:\Program Files\RadioBar\toolbar.ni.dll (IMEDIX WEB TECHNOLOGIES LTD.)
Toolbar: HKLM - EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
Toolbar: HKLM - pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\4.7\pdfforgeToolbarIE.dll (Spigot, Inc.)
Toolbar: HKLM - Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
Toolbar: HKLM - Avira SearchFree Toolbar plus Web Protection - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.)
Toolbar: HKCU - RadioBar Toolbar - {5B291E6C-9A74-4034-971B-A4B007A0B315} - C:\Program Files\RadioBar\toolbar.ni.dll (IMEDIX WEB TECHNOLOGIES LTD.)
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Toolbar: HKCU - EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler: toolbarchrome - {718733BC-AD64-4e5f-AC18-A85FBD75D54D} - C:\Program Files\RadioBar\toolbar.ni.dll (IMEDIX WEB TECHNOLOGIES LTD.)
Winsock: Catalog9 01 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 02 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 03 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 04 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 05 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 06 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 07 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 08 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 20 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Tcpip\..\Interfaces\{3EA79C1B-0DC0-4B9D-BF9C-F5BDE5A0B36D}: [NameServer]193.189.244.225 193.189.244.206
Tcpip\..\Interfaces\{685DD7D7-5179-4D4C-9659-4250856CC6AE}: [NameServer]193.189.244.225 193.189.244.206
Tcpip\..\Interfaces\{8884D693-2566-4B02-B8AC-E5C0F23E15E2}: [NameServer]193.189.244.225 193.189.244.206
Tcpip\..\Interfaces\{AB2CFAED-59BF-470F-B35C-508B1E345305}: [NameServer]132.195.249.13 132.195.20.3 132.195.20.3
Tcpip\..\Interfaces\{DF4F6289-7F96-4AF3-AEE8-6C2429ACD57E}: [NameServer]193.189.244.225 193.189.244.206

FireFox:
========
FF ProfilePath: C:\Users\Mo.T*******\AppData\Roaming\Mozilla\Firefox\Profiles\sqxnp5f4.default
FF user.js: detected! => C:\Users\Mo.T*******\AppData\Roaming\Mozilla\Firefox\Profiles\sqxnp5f4.default\user.js
FF DefaultSearchEngine: Search Results
FF SearchEngineOrder.1: Search Results
FF SelectedSearchEngine: Search Results
FF Homepage: hxxp://www.google.de
FF Keyword.URL: hxxp://dts.search-results.com/sr?src=ffb&appid=0&systemid=414&sr=0&q=
FF NetworkProxy: "ftp", "wwwproxy.fh-koeln.de"
FF NetworkProxy: "ftp_port", 8080
FF NetworkProxy: "gopher", "wwwproxy.fh-koeln.de"
FF NetworkProxy: "gopher_port", 8080
FF NetworkProxy: "http", "wwwproxy.fh-koeln.de"
FF NetworkProxy: "http_port", 8080
FF NetworkProxy: "no_proxies_on", "139.6.*,*.fh-koeln.de"
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "wwwproxy.fh-koeln.de"
FF NetworkProxy: "socks_port", 8080
FF NetworkProxy: "ssl", "wwwproxy.fh-koeln.de"
FF NetworkProxy: "ssl_port", 8080
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw_1203133.dll (Adobe Systems, Inc.)
FF Plugin: @java.com/DTPlugin,version=1.6.0_35 - C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=15.0.2.72 - C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprjplug;version=15.0.2.72 - C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpchromebrowserrecordext;version=15.0.2.72 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprphtml5videoshim;version=15.0.2.72 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=15.0.2.72 - C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprjplug.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF SearchPlugin: C:\Users\Mo.T*******\AppData\Roaming\Mozilla\Firefox\Profiles\sqxnp5f4.default\searchplugins\Search_Results.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: No Name - C:\Users\Mo.T*******\AppData\Roaming\Mozilla\Firefox\Profiles\sqxnp5f4.default\Extensions\staged [2013-04-22]
FF Extension: Garmin Communicator - C:\Users\Mo.T*******\AppData\Roaming\Mozilla\Firefox\Profiles\sqxnp5f4.default\Extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} [2013-12-12]
FF Extension: Yahoo! Toolbar - C:\Users\Mo.T*******\AppData\Roaming\Mozilla\Firefox\Profiles\sqxnp5f4.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2013-06-07]
FF Extension: Searchqu Toolbar - C:\Users\Mo.T*******\AppData\Roaming\Mozilla\Firefox\Profiles\sqxnp5f4.default\Extensions\{99079a25-328f-4bd4-be04-00955acaa0a7} [2013-05-11]
FF Extension: Personas Plus - C:\Users\Mo.T*******\AppData\Roaming\Mozilla\Firefox\Profiles\sqxnp5f4.default\Extensions\personas@christopher.beard.xpi [2013-03-02]
FF Extension: Avira SearchFree Toolbar plus Web Protection - C:\Users\Mo.T*******\AppData\Roaming\Mozilla\Firefox\Profiles\sqxnp5f4.default\Extensions\toolbar_AVIRA-V7@apn.ask.com.xpi [2013-07-26]
FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Users\Mo.T*******\AppData\Roaming\Mozilla\Firefox\Profiles\sqxnp5f4.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi [2012-11-22]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-02-26]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-02-26]
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011-07-01]

Chrome: 
=======
CHR HomePage: hxxp://www.searchnu.com/414
CHR RestoreOnStartup: "hxxp://www.searchnu.com/414"
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\27.0.1453.94\PepperFlash\pepflashplayer.dll No File
CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Users\Mo.T*******\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk [2011-07-01]
CHR Extension: (Skype Click to Call) - C:\Users\Mo.T*******\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-05-25]
CHR Extension: (DvdVideoSoft Free Youtube Download) - C:\Users\Mo.T*******\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp [2013-05-25]
CHR HKLM\...\Chrome\Extension: [aaaaacalgebmfelllfiaoknifldpngjh] - C:\ProgramData\AskPartnerNetwork\Toolbar\AVIRA-V7\CRX\ToolbarCR.crx [2013-07-26]
CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2011-07-01]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2012-05-30]

========================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [1017424 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 APNMCP; C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe [168400 2013-07-26] (APN LLC.)
R2 CVPND; C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [1528608 2008-08-29] (Cisco Systems, Inc.)
R2 dsNcService; C:\Program Files\Juniper Networks\Common Files\dsNcService.exe [660848 2010-08-27] (Juniper Networks)
R2 Garmin Core Update Service; C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [246616 2013-08-28] (Garmin Ltd or its subsidiaries)
R2 HP Health Check Service; C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [124928 2009-07-09] (Hewlett-Packard)
R2 JTAGServer; c:\altera\91\quartus\bin\jtagserver.exe [164352 2009-10-22] ()
R2 JuniperAccessService; C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe [198000 2010-10-22] (Juniper Networks)
R2 Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [1378040 2011-04-24] (Lavasoft)
S2 matlabserver; C:\MATLAB7\webserver\bin\win32\matlabserver.exe [536576 2004-04-24] ()
S4 RichVideo; C:\Program Files\CyberLink\Shared files\RichVideo.exe [247152 2009-01-21] ()
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1817560 2013-05-16] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [1033688 2013-05-16] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2013-05-15] (Safer-Networking Ltd.)
R2 Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3048136 2012-05-30] (Skype Technologies S.A.)
S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [X]

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [90400 2013-12-17] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135648 2013-12-17] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-12-12] (Avira Operations GmbH & Co. KG)
S3 CVirtA; C:\Windows\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.)
R2 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [306299 2008-08-29] (Cisco Systems, Inc.)
R3 DCamUSBNovatek; C:\Windows\System32\Drivers\nvtcam.sys [2704640 2010-09-07] (Novatek)
R3 DNE; C:\Windows\System32\DRIVERS\dne2000.sys [125328 2008-03-29] (Deterministic Networks, Inc.)
R3 dsNcAdpt; C:\Windows\System32\DRIVERS\dsNcAdpt.sys [26624 2010-06-11] (Juniper Networks)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [242240 2012-04-28] (DT Soft Ltd)
S3 grmnusb; C:\Windows\System32\drivers\grmnusb.sys [15720 2012-04-18] (GARMIN Corp.)
R3 jnprna; C:\Windows\System32\DRIVERS\jnprna.sys [420464 2010-07-23] (Juniper Networks, Inc.)
S3 jnprva; C:\Windows\System32\DRIVERS\jnprva.sys [25456 2010-07-23] (Juniper Networks, Inc.)
R3 JnprVaMgr; C:\Windows\System32\DRIVERS\jnprvamgr.sys [36776 2010-07-23] (Juniper Networks, Inc.)
S3 Lavasoft Kernexplorer; C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys [15264 2010-11-19] ()
S3 NPF; C:\Windows\System32\drivers\npf.sys [50704 2009-10-20] (CACE Technologies, Inc.)
R2 Sentinel; C:\Windows\System32\Drivers\SENTINEL.SYS [76288 2009-10-21] (Rainbow Technologies, Inc.)
S3 Sntnlusb; C:\Windows\System32\DRIVERS\SNTNLUSB.SYS [26120 2009-10-21] (Rainbow Technologies Inc.)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-09-03] (Avira GmbH)
S3 StarOpen; C:\Windows\system32\Drivers\StarOpen.sys [7168 2009-11-12] ()
R3 WinDriver6; C:\Windows\System32\drivers\windrvr6.sys [194362 2010-09-16] (Jungo)
S3 XilinxFirmwareEmbeddedLpLoader; C:\Windows\System32\Drivers\xusb_emb.sys [17408 2010-09-16] (Xilinx, Inc.)
R2 XilinxPC4Driver; C:\Windows\System32\drivers\xpc4drvr.sys [16000 2010-09-16] (Xilinx, Inc.)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-17 00:38 - 2014-04-17 00:38 - 00032060 _____ () C:\Users\Mo.T*******\Desktop\FRST.txt
2014-04-17 00:36 - 2014-04-14 21:53 - 01042944 _____ (Farbar) C:\Users\Mo.T*******\Desktop\FRST.exe
2014-04-15 01:21 - 2014-04-17 00:38 - 00000000 ____D () C:\FRST
2014-04-10 00:29 - 2014-04-17 00:36 - 00000370 _____ () C:\Windows\Tasks\Ad-Aware Update (Weekly).job
2014-04-09 21:29 - 2014-04-09 21:29 - 00000000 ____D () C:\Windows\pss

==================== One Month Modified Files and Folders =======

2014-04-17 00:38 - 2014-04-17 00:38 - 00032060 _____ () C:\Users\Mo.T*******\Desktop\FRST.txt
2014-04-17 00:38 - 2014-04-15 01:21 - 00000000 ____D () C:\FRST
2014-04-17 00:37 - 2010-01-20 01:36 - 01359087 _____ () C:\Windows\WindowsUpdate.log
2014-04-17 00:36 - 2014-04-10 00:29 - 00000370 _____ () C:\Windows\Tasks\Ad-Aware Update (Weekly).job
2014-04-17 00:34 - 2010-01-31 19:56 - 00000000 ____D () C:\Users\Mo.T*******\Tracing
2014-04-17 00:32 - 2011-07-01 19:52 - 00001104 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-17 00:31 - 2013-06-14 02:09 - 00015686 _____ () C:\Windows\setupact.log
2014-04-17 00:31 - 2010-09-27 08:39 - 00280783 _____ () C:\aaw7boot.log
2014-04-17 00:31 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-16 18:10 - 2009-07-14 06:34 - 00013792 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-16 18:10 - 2009-07-14 06:34 - 00013792 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-14 21:53 - 2014-04-17 00:36 - 01042944 _____ (Farbar) C:\Users\Mo.T*******\Desktop\FRST.exe
2014-04-10 00:13 - 2010-12-09 19:51 - 00000000 ____D () C:\Users\Gast\Tracing
2014-04-09 23:52 - 2011-03-24 21:52 - 00000978 _____ () C:\Users\Mo.T*******\Desktop\Bluetooth-Informationsaustausch.lnk
2014-04-09 22:48 - 2011-07-01 19:52 - 00001108 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-09 22:32 - 2010-02-27 10:46 - 00007605 _____ () C:\Users\Mo.T*******\AppData\Local\Resmon.ResmonCfg
2014-04-09 22:22 - 2012-08-12 20:11 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-09 21:29 - 2014-04-09 21:29 - 00000000 ____D () C:\Windows\pss
2014-04-09 00:22 - 2010-02-15 21:05 - 00000000 ____D () C:\Users\Mo.T*******\AppData\Roaming\Skype
2014-04-08 14:00 - 2014-02-26 23:53 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-04-08 02:30 - 2013-02-17 23:42 - 00000452 ____H () C:\Windows\Tasks\Norton Security Scan for Mo.T*******.job
2014-04-03 21:14 - 2013-05-01 19:21 - 00000000 ____D () C:\Program Files\Common Files\Symantec Shared
2014-04-01 20:52 - 2010-01-20 01:50 - 01644734 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-20 03:03 - 2010-02-15 21:05 - 00000000 ___RD () C:\Program Files\Skype
2014-03-20 03:02 - 2010-02-15 21:05 - 00000000 ____D () C:\ProgramData\Skype
2014-03-20 03:00 - 2013-08-16 10:13 - 00000000 ____D () C:\Windows\system32\MRT
2014-03-20 02:35 - 2010-01-31 20:43 - 87350280 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

Some content of TEMP:
====================
C:\Users\Gast\AppData\Local\Temp\AskSLib.dll
C:\Users\Gast\AppData\Local\Temp\avgnt.exe
C:\Users\Gast\AppData\Local\Temp\drm_dialogs.dll
C:\Users\Gast\AppData\Local\Temp\drm_dyndata_7410004.dll
C:\Users\Gast\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Mo.T*******\AppData\Local\Temp\221056.exe
C:\Users\Mo.T*******\AppData\Local\Temp\247759.exe
C:\Users\Mo.T*******\AppData\Local\Temp\avgnt.exe
C:\Users\Mo.T*******\AppData\Local\Temp\~+JF8905281111587704911.dll


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-04-03 21:14

==================== End Of Log ============================

--- --- ---

Addition.txt:

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 14-04-2014
Ran by Mo.T******* at 2014-04-17 00:39:21
Running from C:\Users\Mo.T*******\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Avira Desktop (Enabled - Out of date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Out of date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: Lavasoft Ad-Watch Live! (Disabled - Up to date) {61CDFD9D-3CAC-9270-C6FC-52325ACB795B}

==================== Installed Programs ======================

 Update for Microsoft Office 2007 (KB2508958) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version:  - Microsoft)
 Update for Microsoft Office 2007 (KB2508958) (HKLM\...\{91120000-0051-0000-0000-0000000FF1CE}_VISPROR_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version:  - Microsoft)
7-Zip 4.65 (HKLM\...\7-Zip) (Version:  - )
Acrobat.com (HKLM\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
ActiveCheck component for HP Active Support Library (Version: 3.0.0.1 - Hewlett-Packard) Hidden
Ad-Aware (Version: 8.3.0 - Lavasoft) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe AIR (Version: 1.5.0.7220 - Adobe Systems Inc.) Hidden
Adobe Flash Player 10 ActiveX (HKLM\...\{2BD2FA21-B51D-4F01-94A7-AC16737B2163}) (Version: 10.0.12.36 - Adobe Systems, Inc.)
Adobe Flash Player 12 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Reader 9.5.5 MUI (HKLM\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.5.5 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM\...\Adobe Shockwave Player) (Version: 12.0.3.133 - Adobe Systems, Inc.)
Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.3.350 - Avira)
Avira SearchFree Toolbar plus Web Protection (HKLM\...\{41564952-412D-5637-00A7-A758B70C0202}) (Version: 12.2.2.663 - Ask Partner Network)
Bluetooth Stack for Windows by Toshiba (HKLM\...\{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}) (Version: v7.00.11 - TOSHIBA CORPORATION)
Calment 1.0 (HKLM\...\{C3644198-E72E-4BFB-AC20-3029F03FADE7}_is1) (Version:  - TNM solutions, Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.02 - Piriform)
CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.1.4003 - CDBurnerXP)
Cisco Systems VPN Client 5.0.04.0300 (HKLM\...\{51FB15F4-AD27-43BC-AD4B-DD0354FB6BBD}) (Version: 5.0.4 - Cisco Systems, Inc.)
CodeVisionAVR Evaluation V2.04.9a (HKLM\...\{00C3EAEB-CD7B-4DB2-B0BC-3504FAA411E3}_is1) (Version: 2.04.9 - HP InfoTech s.r.l.)
Compatibility Pack für 2007 Office System (HKLM\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
CyberLink DVD Suite (HKLM\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 6.0.3101 - CyberLink Corp.)
CyberLink DVD Suite (Version: 6.0.3101 - CyberLink Corp.) Hidden
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 4.45.4.0314 - DT Soft Ltd)
Dropbox (HKCU\...\Dropbox) (Version: 2.2.8 - Dropbox, Inc.)
EAGLE 5.2.0 (HKLM\...\EAGLE 5.2.0) (Version: 5.2.0 - CadSoft Computer GmbH)
Elevated Installer (Version: 2.3.7.0 - Garmin Ltd or its subsidiaries) Hidden
EPSON Attach To Email (HKLM\...\InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}) (Version: 1.01.0000 - SEIKO EPSON)
EPSON Attach To Email (Version: 1.01.0000 - SEIKO EPSON) Hidden
EPSON Copy Utility 3 (HKLM\...\{67EDD823-135A-4D59-87BD-950616D6E857}) (Version: 3.1.5.0 - )
EPSON Easy Photo Print (HKLM\...\{5DA7BC15-18D3-41A0-9F59-838DA3EAEF17}) (Version: 1.1.0.0 - )
EPSON File Manager (HKLM\...\{E86BC406-944E-41F6-ADE6-2C136734C96B}) (Version: 1.1.0.0 - )
EPSON Image Clip Palette (HKLM\...\{314F6D08-A8B7-11D8-8446-0050BA1D384D}) (Version: 1.02.00 - )
EPSON Scan (HKLM\...\EPSON Scanner) (Version:  - )
EPSON Scan Assistant (HKLM\...\{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}) (Version: 1.02.00 - )
EPSON Web-To-Page (HKLM\...\{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}) (Version:  - )
EPSON-Drucker-Software (HKLM\...\EPSON Printer and Utilities) (Version:  - )
ESDX3800 Benutzerhandbuch (HKLM\...\ESDX3800 Benutzerhandbuch) (Version:  - )
Free Video Converter V 2.92 (HKLM\...\Free Video Converter_is1) (Version: 2.92.0.0 - Koyote Soft)
FreePDF (Remove only) (HKLM\...\FreePDF_XP) (Version:  - )
Garmin City Navigator Europe NT 2012.10 Update (HKLM\...\{41A00174-B4EA-4E79-9CAF-DC118A878B92}) (Version: 15.10.0.0 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM\...\{d0fa5283-14fe-4f9e-9716-3343b8925ff6}) (Version: 2.3.7.0 - Garmin Ltd or its subsidiaries)
Garmin Express (Version: 2.3.7.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (Version: 2.3.7.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin USB Drivers (HKLM\...\{ABA5E381-EC46-425C-86C5-5CD15BBFB4BF}) (Version: 2.3.1.0 - Garmin Ltd or its subsidiaries)
Garmin WebUpdater (HKLM\...\{F4DA4C73-026F-4D38-8C6B-85F0193E4B56}) (Version: 2.5.6 - Garmin Ltd or its subsidiaries)
Google Chrome (HKLM\...\Google Chrome) (Version: 33.0.1750.154 - Google Inc.)
Google Update Helper (Version: 1.3.23.9 - Google Inc.) Hidden
GPL Ghostscript 8.71 (HKLM\...\GPL Ghostscript 8.71) (Version:  - )
HP 3D DriveGuard (HKLM\...\{7FD7F421-39B2-4CAC-BC41-7D83DDBAB329}) (Version: 4.0.3.1 - Hewlett-Packard)
HP Customer Experience Enhancements (HKLM\...\{5B295588-59C1-4386-9F85-BB4BEDCB0D22}) (Version: 5.7.0.3036 - Hewlett-Packard)
HP Support Assistant (HKLM\...\{4F46FDB9-B906-47BF-B3D5-C62E01B3C5EE}) (Version: 4.1.11.3 - Hewlett-Packard)
HP Wireless Assistant (HKLM\...\{54CC7901-804D-4155-B353-21F0CC9112AB}) (Version: 3.50.9.1 - Hewlett-Packard)
HPAsset component for HP Active Support Library (Version: 3.0.0.2 - Hewlett-Packard) Hidden
InstantTimeZone (HKLM\...\InstantTimeZone) (Version:  - )
Java Auto Updater (Version: 2.0.7.1 - Sun Microsystems, Inc.) Hidden
Java(TM) 6 Update 35 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216035FF}) (Version: 6.0.350 - Oracle)
Juniper Networks Network Connect 7.0.0 (HKLM\...\Juniper Network Connect 7.0.0) (Version: 7.0.0.16499 - Juniper Networks)
Juniper Networks Setup Client (HKCU\...\Juniper_Setup_Client) (Version: 2.2.3.8885 - Juniper Networks)
Juniper Networks Setup Client Activex Control (HKLM\...\Juniper_Setup_Client Activex Control) (Version: 2.1.1.1 - Juniper Networks)
Junos Pulse (HKLM\...\Junos Pulse) (Version: 1.0 - Juniper Networks)
LabelPrint (HKLM\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1913 - CyberLink Corp.)
LabelPrint (Version: 2.5.1913 - CyberLink Corp.) Hidden
LightScribe System Software (HKLM\...\{82EF29B1-9B60-4142-A155-0599216DD053}) (Version: 1.18.6.1 - LightScribe)
LowRateVoip (HKLM\...\LowRateVoip_is1) (Version: 4.04 build 550 - Finarea S.A. Switzerland)
MATLAB Family of Products Release 14 (HKLM\...\MatlabR14) (Version:  - )
MATLAB R2010a (HKLM\...\MatlabR2010a) (Version: 7.10 - The MathWorks, Inc.)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Choice Guard (Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Groove MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint Viewer 2007 (German) (HKLM\...\{95120000-00AF-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM\...\{90110407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Visio 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-0051-0000-0000-0000000FF1CE}_VISPROR_{CE144BF4-4950-4CDB-A5F7-CCE1888F49CB}) (Version:  - Microsoft)
Microsoft Office Visio 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Visio MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Visio Professional 2007 (HKLM\...\VISPROR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Visio Professional 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Software Update for Web Folders  (English) 12 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM\...\{39D0E034-1042-4905-BECB-5502909FCB7C}) (Version: 9.7.0621 - Microsoft Corporation)
Mobile Partner (HKLM\...\Mobile Partner) (Version: 16.002.03.01.40 - Huawei Technologies Co.,Ltd)
Mozilla Firefox 27.0.1 (x86 de) (HKLM\...\Mozilla Firefox 27.0.1 (x86 de)) (Version: 27.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 27.0.1 - Mozilla)
MSVC80_x86_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x86 (Version: 1.0.1.2 - Nokia) Hidden
MSVCRT (Version: 14.0.1468.721 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nios II Embedded Design Suite 9.1 (HKLM\...\{384FE84E-AB86-42B6-A16A-A5BFFA7871EE}) (Version: 9.1 - Altera Corporation)
Nokia Connectivity Cable Driver (HKLM\...\{C50EF365-2898-489A-B6C7-30DAA466E9A2}) (Version: 7.1.23.0 - Nokia)
Nokia Download! (HKLM\...\{D353C323-5E95-4873-9825-9FEC1C8A3794}) (Version: 2.1.16.3 - Ihr Firmenname)
Nokia Map Loader (HKLM\...\{03528A01-7E5E-4C5F-94DF-1D8012E969EF}) (Version: 1.3.12 - Nokia)
Nokia Ovi Application Installer (Version: 6.85.3011 - Nokia) Hidden
Nokia Ovi Application Installer 6.85.3011 (HKLM\...\Nokia Ovi Application Installer) (Version:  - Nokia)
Nokia Ovi Content Copier (Version: 6.85.3011 - Nokia) Hidden
Nokia Ovi Content Copier 6.85.3011 (HKLM\...\Nokia Ovi Content Copier) (Version:  - Nokia)
Nokia Ovi One Touch Access (Version: 6.85.3019 - Nokia) Hidden
Nokia Ovi One Touch Access 6.85.3019 (HKLM\...\Nokia Ovi One Touch Access) (Version:  - Nokia)
Nokia Ovi Player (HKLM\...\{A528306A-C5EC-481C-A619-6106334E6800}) (Version: 2.0.1106 - Nokia Ovi Player)
Nokia Ovi Suite (HKLM\...\Nokia Ovi Suite) (Version: 2.0.2.42 - Nokia)
Nokia Ovi Suite (Version: 2.0.2.42 - Nokia) Hidden
Nokia Ovi Suite Software Updater (HKLM\...\{564B16F4-6B5B-47B0-9AB6-FF2E943947F7}) (Version: 01.08.010.40008 - Nokia Corporation)
Nokia Ovi System Utilities (Version: 6.85.3018 - Nokia) Hidden
Nokia Ovi System Utilities 6.85.3018 (HKLM\...\Nokia Ovi System Utilities) (Version:  - Nokia)
Nokia Photos (HKLM\...\{0EABFEF6-6D10-4C12-8667-3029C481D355}) (Version: 1.6.434 - Nokia)
Nokia Software Updater (HKLM\...\{9F59C3AE-81B0-4EF6-9762-D674BB079705}) (Version: 01.06.013.38541 - Nokia Corporation)
Nokia_Multimedia_Common_Components_2_5 (HKLM\...\{3762698E-E9DF-4DD8-99F1-8192D0F8EE06}) (Version: 2.5.197 - Nokia)
Norton Security Scan (HKLM\...\NSS) (Version: 4.0.3.24 - Symantec Corporation)
NTPort Library Driver 2.8 (HKLM\...\NTPort Library Driver) (Version: 2.8 - Zeal SoftStudio)
OpenOffice.org 3.1 (HKLM\...\{D765F1CE-5AE5-4C47-B134-AE58AC474740}) (Version: 3.1.9420 - OpenOffice.org)
Opera 12.16 (HKLM\...\Opera 12.16.1860) (Version: 12.16.1860 - Opera Software ASA)
Ovi Desktop Sync Engine (Version: 1.2.234.0 - Nokia) Hidden
OviMPlatform (Version: 2.6.40.0 - Nokia) Hidden
PC Connectivity Solution (HKLM\...\{4CE6B3C4-D8E2-4A5D-BEF5-5B69AF843B0C}) (Version: 9.45.0.0 - Nokia)
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.0.1 - Frank Heindörfer, Philip Chinery)
pdfforge Toolbar v4.7 (HKLM\...\{22CFB202-3D2D-44E2-BB7C-6F703B99919B}) (Version: 4.7 - Spigot, Inc.) <==== ATTENTION
PIF DESIGNER (HKLM\...\{B90450DF-E781-46FD-B1F1-0C86DA40E443}) (Version:  - )
Power2Go (HKLM\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.3101 - CyberLink Corp.)
Power2Go (Version: 6.0.3101 - CyberLink Corp.) Hidden
PowerDirector (HKLM\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.3101 - CyberLink Corp.)
PowerDirector (Version: 7.0.3101 - CyberLink Corp.) Hidden
Pro Evolution Soccer 2009 (HKLM\...\{A8DB611A-D80E-450D-85F6-3ACDD164BE31}) (Version: 1.00.0000 - KONAMI)
Quartus II 9.1 Web Edition (HKLM\...\{27BDABE9-4752-4BBF-8B3F-8714A3F7FD9B}) (Version: 9.1 - Altera Corporation)
RadioBar Toolbar (HKLM\...\RadioBar) (Version:  - )
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden
RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden
RedMon - Redirection Port Monitor (HKLM\...\Redirection Port Monitor) (Version:  - )
Searchqu Toolbar (HKLM\...\Searchqu Toolbar) (Version: 4.1.0.3114 - Bandoo Media Inc) <==== ATTENTION
SecureW2 EAP Suite 1.1.3 for Windows (HKLM\...\SecureW2 EAP Suite) (Version:  - )
Sentinel System Driver (HKLM\...\Rainbow Sentinel Driver) (Version:  - )
Skype Click to Call (HKLM\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.0.10201 - Skype Technologies S.A.)
Skype™ 6.11 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
SopCast 3.2.8 (HKLM\...\SopCast) (Version: 3.2.8 - www.sopcast.com)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.1.19 - Safer-Networking Ltd.)
SUPER © v2012.build.51 (April 7, 2012) Version v2012.build.51 (HKLM\...\{B93DCF58-AA57-41EC-8D69-B05C66C6312D}_is1) (Version: v2012.build.51 - eRightSoft)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TeamViewer 8 (HKLM\...\TeamViewer 8) (Version: 8.0.16642 - TeamViewer)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-0051-0000-0000-0000000FF1CE}_VISPROR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{91120000-0051-0000-0000-0000000FF1CE}_VISPROR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6FAA03BD-2B51-4029-9AD9-64A3B8E3C84C}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (HKLM\...\{91120000-0051-0000-0000-0000000FF1CE}_VISPROR_{6FAA03BD-2B51-4029-9AD9-64A3B8E3C84C}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{91120000-0051-0000-0000-0000000FF1CE}_VISPROR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{91120000-0051-0000-0000-0000000FF1CE}_VISPROR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office Access 2007 Help (KB963663) (HKLM\...\{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{6B76A18A-AA1E-42AB-A7AD-6C84BBB43987}) (Version:  - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version:  - Microsoft)
Update for Microsoft Office Infopath 2007 Help (KB963662) (HKLM\...\{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{716B81B8-B13C-41DF-8EAC-7A2F656CAB63}) (Version:  - Microsoft)
Update for Microsoft Office OneNote 2007 Help (KB963670) (HKLM\...\{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2744EF05-38E1-4D5D-B333-E021EDAEA245}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM\...\{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{ED38F8A3-4F61-494E-8BCA-E3AC7760C924}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Help (KB963677) (HKLM\...\{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{0451F231-E3E3-4943-AB9F-58EB96171784}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2878234) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{EC1934B0-AE0F-4BBD-8955-54BB3247ED9E}) (Version:  - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version:  - Microsoft)
Update for Microsoft Office Publisher 2007 Help (KB963667) (HKLM\...\{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2E40DE55-B289-4C8B-8901-5D369B16814F}) (Version:  - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version:  - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version:  - Microsoft)
Visual C++ 2008 x86 Runtime - (v9.0.30729) (Version: 9.0.30729 - Microsoft Corporation) Hidden
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (HKLM\...\{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01) (Version: 9.0.30729.01 - Microsoft Corporation)
VLC media player 1.0.3 (HKLM\...\VLC media player) (Version: 1.0.3 - VideoLAN Team)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (04/19/2012 2.3.1.0) (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 2.3.1.0 - Garmin)
Windows Live Anmelde-Assistent (HKLM\...\{52B97218-98CB-4B8B-9283-D213C85E1AA4}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Call (Version: 14.0.8064.0206 - Microsoft Corporation) Hidden
Windows Live Communications Platform (Version: 14.0.8098.930 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Essentials (Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Windows Live Messenger (Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live-Uploadtool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0) (HKLM\...\504244733D18C8F63FF584AEB290E3904E791693) (Version: 08/22/2008 7.0.0.0 - Nokia)
WinPcap 4.1.1 (HKLM\...\WinPcapInst) (Version: 4.1.0.1753 - CACE Technologies)
WISO Steuer 2013 (HKLM\...\{D6CC2FAF-F827-4091-96A1-D32CC9B69C79}) (Version: 20.00.8137 - Buhl Data Service GmbH)
Yahoo! Messenger (HKLM\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)
Yahoo! Software Update (HKLM\...\Yahoo! Software Update) (Version:  - )
Yahoo! Suche Schutzvorkehrung (HKLM\...\Yahoo! Search Defender) (Version:  - )
Yahoo! Toolbar (HKLM\...\Yahoo! Companion) (Version:  - Yahoo! Inc.)

==================== Restore Points  =========================


==================== Hosts content: ==========================

2009-07-14 04:04 - 2010-11-26 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {1FB63E96-329E-4200-9CA7-6BFE762034F5} - System32\Tasks\{DC0E895B-816B-479D-83B6-BC75FEA8A390} => Firefox.exe hxxp://ui.skype.com/ui/0/5.5.0.124.259/en/abandoninstall?page=tsPlugin&amp;installinfo=google-toolbar:notoffered;notincluded,google-chrome:notoffered;disabled
Task: {240A5264-49A5-44FE-96AD-CDBABF2BB8E5} - System32\Tasks\RunAsStdUser Task => c:\program files\matlab\r2010a\MATLAB R2010a.lnk [2012-06-07] () <==== ATTENTION
Task: {2CD02A0D-401F-442D-839B-0252F3D4D6F1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-07-01] (Google Inc.)
Task: {309BED6A-F0AD-44D7-B3B5-AF3A4494CEDE} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files\Spybot - Search &amp; Destroy 2\SDUpdate.exe
Task: {3B264BFF-7E8D-4927-8ABC-1D311CDE0666} - System32\Tasks\Norton Product InstallerIdle => C:\Windows\System32\Adobe\Shockwave 12\SymInstallStub.exe
Task: {49F78E84-DF8B-4AFB-B8BA-B302516EE2A5} - System32\Tasks\Real Player-Online-Aktualisierungsprogramm => C:\Program Files\Real\RealPlayer\Update\realsched.exe [2012-03-29] (RealNetworks, Inc.)
Task: {5576E878-57C9-4C79-B8A5-0EB664434B0E} - System32\Tasks\Ad-Aware Update (Weekly) => C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-04-24] (Lavasoft                                                              )
Task: {770788C2-CAD1-43B1-B62A-F5481067EE33} - System32\Tasks\Java Update Scheduler => C:\Program Files\Common Files\Java\Java Update\jusched.exe [2012-01-18] (Sun Microsystems, Inc.)
Task: {954A1C28-EC1A-4DA0-BCD1-381E83AF4A09} - System32\Tasks\HPCeeScheduleForMo.T******* => C:\Program Files\hewlett-packard\sdp\ceement\HPCEE.exe [2009-05-26] (Hewlett-Packard)
Task: {996A048F-BE32-4E45-9C7C-1655D1CEC7B1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-07-01] (Google Inc.)
Task: {9A716C2C-14DC-4780-8848-566F8979A61D} - System32\Tasks\Hewlett-Packard\HP Assistant\PC Tuneup => C:\Program Files\Hewlett-Packard\HP Support Framework\HPSF.exe [2009-07-09] (Hewlett-Packard)
Task: {A497BE6A-8C00-454A-892B-FE88519FD5AF} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files\Spybot - Search &amp; Destroy 2\SDImmunize.exe
Task: {A77CF587-784D-4C31-807E-451DD1E5379B} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files\Spybot - Search &amp; Destroy 2\SDScan.exe
Task: {B0F725F8-BB1C-4485-8AD5-823E16A3FDE8} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-2441125889-3839948254-335534644-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2012-01-30] (RealNetworks, Inc.)
Task: {B58DC175-3135-4525-B19C-79610BCA97FF} - System32\Tasks\Hewlett-Packard\HP Assistant\PC Health Analysis => C:\Program Files\Hewlett-Packard\HP Support Framework\HPSF.exe [2009-07-09] (Hewlett-Packard)
Task: {DBAC1F9E-E53D-4B90-B0BE-1CDCCF1E91A6} - System32\Tasks\Norton Security Scan for Mo.T******* => C:\Program Files\Norton Security Scan\Engine\4.0.3.24\Nss.exe [2013-08-19] (Symantec Corporation)
Task: {DFD1DBF6-F4E6-4402-A245-1D39BDA989CF} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-2441125889-3839948254-335534644-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2012-01-30] (RealNetworks, Inc.)
Task: {E3A97466-FB2B-4B25-BB76-3FC7F989ADA8} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-14] (Adobe Systems Incorporated)
Task: {F77B7806-095F-49B4-B770-EE6C5DEAB174} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04] (Adobe Systems Incorporated)
Task: {FCD40BA7-5EBD-4413-A709-3516E29EB617} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-05-24] (Piriform Ltd)
Task: C:\Windows\Tasks\Ad-Aware Update (Weekly).job => C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForMo.T*******.job => C:\Program Files\hewlett-packard\sdp\ceement\HPCEE.exe
Task: C:\Windows\Tasks\Norton Security Scan for Mo.T*******.job => C:\PROGRA~1\NORTON~2\Engine\403~1.24\Nss.exe

==================== Loaded Modules (whitelisted) =============

2010-09-08 14:59 - 2011-04-24 10:24 - 00272368 _____ () C:\Program Files\Lavasoft\Ad-Aware\RPAPI.dll
2010-09-08 14:59 - 2011-04-24 10:24 - 00177624 _____ () C:\Program Files\Lavasoft\Ad-Aware\viprebridge.dll
2010-09-08 14:59 - 2010-11-19 12:05 - 00300368 _____ () C:\Program Files\Lavasoft\Ad-Aware\Vipre.dll
2013-08-18 20:19 - 2014-03-07 11:57 - 00190752 _____ () C:\ProgramData\Lavasoft\Ad-Aware\Defs\Extended\libBase64.dll
2013-08-18 20:19 - 2014-03-07 11:57 - 00178464 _____ () C:\ProgramData\Lavasoft\Ad-Aware\Defs\Extended\libMachoUniv.dll
2010-09-26 09:58 - 2010-11-05 11:57 - 00403776 _____ () C:\ProgramData\Lavasoft\Ad-Aware\Defs\thorax.aaw
2010-08-09 20:39 - 2001-10-28 17:42 - 00116224 _____ () C:\Windows\System32\pdfcmnnt.dll
2010-07-15 17:16 - 2005-01-06 18:33 - 00116224 _____ () C:\Windows\System32\redmonnt.dll
2013-09-03 13:00 - 2013-09-03 12:57 - 00394824 _____ () C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
2008-08-29 14:58 - 2008-08-29 14:58 - 00197408 _____ () C:\Windows\system32\vpnapi.dll
2010-01-10 03:42 - 2009-10-22 01:32 - 00164352 ____N () c:\altera\91\quartus\bin\jtagserver.exe
2010-01-10 03:42 - 2009-10-22 01:13 - 00019456 ____N () c:\altera\91\quartus\bin\ccl_ver.dll
2010-01-10 03:42 - 2009-10-21 22:55 - 00694272 ____N () c:\altera\91\quartus\bin\dinkum_alt.dll
2013-06-14 00:33 - 2013-05-16 10:55 - 00113496 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2013-06-14 00:33 - 2013-05-16 10:55 - 00416600 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
2013-06-14 00:33 - 2013-05-16 10:55 - 00161112 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2013-06-14 00:33 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll
2013-06-14 00:33 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2010-09-08 14:59 - 2011-04-24 10:24 - 00250736 _____ () C:\Program Files\Lavasoft\Ad-Aware\ShellExt.dll
2009-06-17 12:40 - 2009-06-17 12:40 - 02121728 _____ () C:\Program Files\Common Files\LightScribe\QtCore4.dll
2009-06-17 12:40 - 2009-06-17 12:40 - 07745536 _____ () C:\Program Files\Common Files\LightScribe\QtGui4.dll
2009-06-17 12:40 - 2009-06-17 12:40 - 00135168 _____ () C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
2009-02-26 10:14 - 2009-02-26 10:14 - 07497216 _____ () C:\Program Files\Nokia\Nokia Ovi Suite\QtGui4.dll
2009-03-30 16:46 - 2009-03-30 16:46 - 02070016 _____ () C:\Program Files\Nokia\Nokia Ovi Suite\QtCore4.dll
2009-02-26 10:05 - 2009-02-26 10:05 - 00872960 _____ () C:\Program Files\Nokia\Nokia Ovi Suite\QtNetwork4.dll
2009-02-26 10:04 - 2009-02-26 10:04 - 00319488 _____ () C:\Program Files\Nokia\Nokia Ovi Suite\QtXml4.dll
2009-02-26 11:17 - 2009-02-26 11:17 - 00022016 _____ () C:\Program Files\Nokia\Nokia Ovi Suite\imageformats\qgif4.dll
2009-01-20 14:02 - 2009-01-20 14:02 - 00131072 _____ () C:\Program Files\Nokia\Nokia Ovi Suite\imageformats\qjpeg1.dll
2009-01-20 14:02 - 2009-01-20 14:02 - 00013824 _____ () C:\Program Files\Nokia\Nokia Ovi Suite\imageformats\qsvg1.dll
2009-02-26 10:23 - 2009-02-26 10:23 - 00246784 _____ () C:\Program Files\Nokia\Nokia Ovi Suite\QtSvg4.dll
2009-12-10 16:16 - 2009-12-10 16:16 - 00028160 _____ () C:\Program Files\Nokia\Nokia Ovi Suite\plugins\WhatsNew.dll
2009-12-10 16:02 - 2009-12-10 16:02 - 00570368 _____ () C:\Program Files\Nokia\Nokia Ovi Suite\Maps Service API.dll
2009-12-10 16:02 - 2009-12-10 16:02 - 00934912 _____ () C:\Program Files\Nokia\Nokia Ovi Suite\curllibRD.dll
2009-12-10 16:02 - 2009-12-10 16:02 - 00734720 _____ () C:\Program Files\Nokia\Nokia Ovi Suite\ZipArchive.dll
2009-10-21 11:32 - 2009-10-21 11:32 - 00147264 _____ () C:\Program Files\Nokia\Nokia Ovi Suite\noaipcclient.dll
2009-06-09 17:17 - 2009-06-09 17:17 - 00019968 _____ () C:\Program Files\Nokia\Nokia Ovi Suite\wrtserviceipcclient.dll
2009-11-06 06:33 - 2009-11-06 06:33 - 00241456 _____ () C:\Program Files\Nokia\Nokia Ovi Suite\OviShareLib.dll
2005-07-20 11:48 - 2005-07-20 11:48 - 00059904 _____ () C:\Program Files\Nokia\Nokia Ovi Suite\zlib1.dll
2009-08-18 16:54 - 2009-08-18 16:54 - 00970752 _____ () C:\Program Files\OpenOffice.org 3\program\libxml2.dll
2010-01-31 17:58 - 2010-06-01 10:17 - 00929792 _____ () C:\Program Files\Yahoo!\Messenger\yui.dll
2009-07-01 16:44 - 2009-07-01 16:44 - 00632888 _____ () C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe
2009-10-21 11:24 - 2009-10-21 11:24 - 00272384 _____ () C:\Program Files\Common Files\Nokia\NoA\nokiaaserver.exe
2009-08-31 12:33 - 2009-08-31 12:33 - 00016384 _____ () C:\Program Files\Common Files\Nokia\NoA\qtsecurestorage.dll
2009-08-31 12:33 - 2009-08-31 12:33 - 00013824 _____ () C:\Program Files\Common Files\Nokia\NoA\qtsecurestorageserver.dll
2009-08-31 12:33 - 2009-08-31 12:33 - 00014336 _____ () C:\Program Files\Common Files\Nokia\NoA\cryptodll.dll
2009-08-24 12:29 - 2009-08-24 12:29 - 02013184 _____ () C:\Program Files\Common Files\Nokia\NoA\QtCore4.dll
2009-08-31 12:11 - 2009-08-31 12:11 - 00025088 _____ () C:\Program Files\Common Files\Nokia\NoA\wrtserviceipcserver.dll
2009-06-20 12:10 - 2009-06-20 12:10 - 00875520 _____ () C:\Program Files\Common Files\Nokia\NoA\QtNetwork4.dll
2009-06-20 12:09 - 2009-06-20 12:09 - 00337408 _____ () C:\Program Files\Common Files\Nokia\NoA\QtXml4.dll
2009-06-20 12:21 - 2009-06-20 12:21 - 07464448 _____ () C:\Program Files\Common Files\Nokia\NoA\QtGui4.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Users\Mo.T*******\Documents\Wtrlt_ Studium 2012 - Jetzt bewerben.eml:OECustomProperty

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Lavasoft Ad-Aware Service => ""="Service"

==================== Disabled items from MSCONFIG ==============

MSCONFIG\Services: RichVideo => 2
MSCONFIG\startupfolder: C:^Users^Mo.T*******^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^7hbodgmq.lnk => C:\Windows\pss\7hbodgmq.lnk.Startup
MSCONFIG\startupreg: qcgce2mrvjq91kk1e7pnbb19m52fx => C:\Users\MOA8BD~1.TCH\AppData\Local\Temp\webyeryb3460vavaw.exe

==================== Faulty Device Manager Devices =============

Name: Cisco Systems VPN Adapter
Description: Cisco Systems VPN Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: CVirtA
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: ATI Mobility Radeon HD 4300 Series
Description: ATI Mobility Radeon HD 4300 Series
Class Guid: {4d36e968-e325-11ce-bfc1-08002be10318}
Manufacturer: ATI Technologies Inc.
Service: atikmdag
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (04/17/2014 00:34:49 AM) (Source: matlabserver) (User: )
Description: matlabserver error: 0Engine wait timeout 180 reached for instance 0.

Error: (04/17/2014 00:33:46 AM) (Source: matlabserver) (User: )
Description: matlabserver error: 0EngOpen() WORKER_THREAD_PROC failed.

Error: (04/16/2014 06:03:38 PM) (Source: matlabserver) (User: )
Description: matlabserver error: 0Engine wait timeout 180 reached for instance 0.

Error: (04/16/2014 06:02:35 PM) (Source: matlabserver) (User: )
Description: matlabserver error: 0EngOpen() WORKER_THREAD_PROC failed.

Error: (04/15/2014 00:04:23 AM) (Source: matlabserver) (User: )
Description: matlabserver error: 0Engine wait timeout 180 reached for instance 0.

Error: (04/15/2014 00:03:08 AM) (Source: matlabserver) (User: )
Description: matlabserver error: 0EngOpen() WORKER_THREAD_PROC failed.

Error: (04/14/2014 11:38:10 PM) (Source: matlabserver) (User: )
Description: matlabserver error: 0EngOpen() WORKER_THREAD_PROC failed.

Error: (04/14/2014 11:35:02 PM) (Source: matlabserver) (User: )
Description: matlabserver error: 0EngOpen() WORKER_THREAD_PROC failed.

Error: (04/14/2014 11:32:19 PM) (Source: matlabserver) (User: )
Description: matlabserver error: 0EngOpen() WORKER_THREAD_PROC failed.

Error: (04/10/2014 00:59:57 AM) (Source: matlabserver) (User: )
Description: matlabserver error: 0Engine wait timeout 180 reached for instance 0.


System errors:
=============
Error: (04/17/2014 00:36:18 AM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.

Error: (04/17/2014 00:36:17 AM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.

Error: (04/17/2014 00:36:12 AM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.

Error: (04/17/2014 00:36:10 AM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.

Error: (04/17/2014 00:36:08 AM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.

Error: (04/17/2014 00:35:03 AM) (Source: Service Control Manager) (User: )
Description: Dienst "MATLAB Server" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (04/17/2014 00:33:46 AM) (Source: DCOM) (User: )
Description: {72B715CE-4AD5-4561-B868-84DA80D5F31D}

Error: (04/17/2014 00:33:34 AM) (Source: DCOM) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (04/17/2014 00:31:34 AM) (Source: atikmdag) (User: )
Description: Display is not active

Error: (04/17/2014 00:31:34 AM) (Source: atikmdag) (User: )
Description: CPLIB :: General - Invalid Parameter


Microsoft Office Sessions:
=========================

==================== Memory info =========================== 

Percentage of memory in use: 49%
Total physical RAM: 3323.99 MB
Available physical RAM: 1665.98 MB
Total Pagefile: 6646.27 MB
Available Pagefile: 4783.75 MB
Total Virtual: 2047.88 MB
Available Virtual: 1925.72 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:149.27 GB) (Free:6.74 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:12.85 GB) (Free:2.11 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT32
Drive f: (Storage) (Fixed) (Total:135.67 GB) (Free:82.43 GB) NTFS
Drive g: (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.16 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive h: (MATHWORKS_R2010A) (CDROM) (Total:5.23 GB) (Free:0 GB) CDFS
Drive i: (MYUSB) (Removable) (Total:1.88 GB) (Free:1.87 GB) FAT

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: A6ACC5E4)

Partition: GPT Partition Type.

========================================================
Disk: 1 (Size: 2 GB) (Disk ID: 6B736964)
No partition Table on disk 1.

==================== End Of Log ============================

viele Grüße

Bootsektor · 17.04.2014, 22:04

Hallo papy,

was ist denn G: für ein Laufwerk?

Dein Antivirenprogramm hat keine aktuelle Datenbank, du solltest es sich regelmäßig aktualisieren lassen, desweiteren hast du mehrere Antispyprogramme auf dem Rechner, wenn du eins benutzen möchtest, dann wirklich nur eins und nicht mehrere.

Schritt 1
Bitte deinstalliere folgende Programme (falls vorhanden) :

pdfforge Toolbar v4.7
Searchqu Toolbar
Java(TM) 6 Update 35

Dazu gehe auf:
den Windowsbutton in der Taskleiste --> Systemsteuerung --> Programme (Unterpunkt Programme deinstallieren) --> Programm auswählen --> entfernen

Schritt 2

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

HKU\S-1-5-21-2441125889-3839948254-335534644-1000\...\Command Processor: "C:\Users\MOA8BD~1.TCH\AppData\Local\Temp\webyeryb3460vavaw.exe" 
AppInit_DLLs: C:\PROGRA~1\SEARCH~1\Datamngr\datamngr.dll => C:\Program Files\Searchqu Toolbar\Datamngr\datamngr.dll [1723320 2012-09-02] (Bandoo Media, inc)
AppInit_DLLs:  C:\PROGRA~1\SEARCH~1\Datamngr\IEBHO.dll => C:\Program Files\Searchqu Toolbar\Datamngr\IEBHO.dll [1185208 2012-09-02] (Bandoo Media, inc)
C:\Windows\pss\7hbodgmq.lnk.Startup
cmd: del "C:\Users\MOA8BD~1.TCH\AppData\Local\Temp\webyeryb3460vavaw.exe"
C:\Users\Gast\AppData\Local\Temp\*.dll
C:\Users\Gast\AppData\Local\Temp\*.exe
C:\Users\Mo.T*******\AppData\Local\Temp\*.exe
C:\Users\Mo.T*******\AppData\Local\Temp\*.dll

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Schritt 3
Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Schritt 4
Starte noch einmal FRST.

Setze den Haken bei addition.txt und drücke auf Scan.
Wenn der Scan abgeschlossen ist, werden zwei neue Logfiles FRST.txt und addition.txt erstellt und auf dem Desktop (oder in dem Verzeichnis in dem FRST liegt) gespeichert.
Poste den Inhalt dieser Logfiles bitte hier in deinen Thread.

papy · 18.04.2014, 09:41

Hallo Sandra,
G-Laufwerk? Ehrlich gesagt, ich erinnere mich nicht mehr wofür das ist!

ich werde es löschen..
ich habe die Programme deinstalliert, wie du im schritt 1 beschrieben hast. Ich habe alle anderen Schritte durchgeführt:

hier der Fixlog:

Code:

ATTFilter

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 14-04-2014
Ran by Mo.T******* at 2014-04-18 00:45:41 Run:2
Running from C:\Users\Mo.T*******\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
HKU\S-1-5-21-2441125889-3839948254-335534644-1000\...\Command Processor: "C:\Users\MOA8BD~1.TCH\AppData\Local\Temp\webyeryb3460vavaw.exe" 
AppInit_DLLs: C:\PROGRA~1\SEARCH~1\Datamngr\datamngr.dll => C:\Program Files\Searchqu Toolbar\Datamngr\datamngr.dll [1723320 2012-09-02] (Bandoo Media, inc)
AppInit_DLLs:  C:\PROGRA~1\SEARCH~1\Datamngr\IEBHO.dll => C:\Program Files\Searchqu Toolbar\Datamngr\IEBHO.dll [1185208 2012-09-02] (Bandoo Media, inc)
C:\Windows\pss\7hbodgmq.lnk.Startup
cmd: del "C:\Users\MOA8BD~1.TCH\AppData\Local\Temp\webyeryb3460vavaw.exe"
C:\Users\Gast\AppData\Local\Temp\*.dll
C:\Users\Gast\AppData\Local\Temp\*.exe
C:\Users\Mo.T*******\AppData\Local\Temp\*.exe
C:\Users\Mo.T*******\AppData\Local\Temp\*.dll
         

*****************

HKU\S-1-5-21-2441125889-3839948254-335534644-1000\Software\Microsoft\Command Processor\\AutoRun => Value deleted successfully.
"C:\PROGRA~1\SEARCH~1\Datamngr\datamngr.dll" => Value Data not found.
" C:\PROGRA~1\SEARCH~1\Datamngr\IEBHO.dll" => Value Data not found.
C:\Windows\pss\7hbodgmq.lnk.Startup => Moved successfully.

=========  del "C:\Users\MOA8BD~1.TCH\AppData\Local\Temp\webyeryb3460vavaw.exe" =========

C:\Users\MOA8BD~1.TCH\AppData\Local\Temp\webyeryb3460vavaw.exe konnte nicht gefunden werden

========= End of CMD: =========

C:\Users\Gast\AppData\Local\Temp\*.dll => Moved successfully.

"C:\Users\Gast\AppData\Local\Temp\*.exe" directory move:

Could not move "C:\Users\Gast\AppData\Local\Temp\*.exe" directory. => Scheduled to move on reboot.

C:\Users\Mo.T*******\AppData\Local\Temp\*.exe => Moved successfully.
C:\Users\Mo.T*******\AppData\Local\Temp\*.dll => Moved successfully.

=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-04-18 00:51:00)<=

"C:\Users\Gast\AppData\Local\Temp\*.exe" => Directory could not move.

==== End of Fixlog ====

Logfile Adwcleaner:

Code:

ATTFilter

# AdwCleaner v3.023 - Bericht erstellt am 18/04/2014 um 01:47:34
# Aktualisiert 01/04/2014 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (32 bits)
# Benutzername : Mo.T******* - MOT*******-PC
# Gestartet von : C:\Users\Mo.T*******\Desktop\adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\boost_interprocess
Ordner Gelöscht : C:\Program Files\Conduit
Ordner Gelöscht : C:\Users\Mo.T*******\AppData\Local\Conduit
Ordner Gelöscht : C:\Users\Mo.T*******\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\Mo.T*******\AppData\LocalLow\PriceGong
Ordner Gelöscht : C:\Users\Mo.T*******\AppData\Roaming\OpenCandy
Ordner Gelöscht : C:\Users\Gast\AppData\LocalLow\AskToolbar
Ordner Gelöscht : C:\Users\Gast\AppData\LocalLow\pdfforge
Ordner Gelöscht : C:\Users\Gast\AppData\LocalLow\Search Settings
Ordner Gelöscht : C:\Users\Gast\AppData\LocalLow\Searchqutoolbar
Ordner Gelöscht : C:\Users\Mo.T*******\AppData\Roaming\Mozilla\Firefox\Profiles\sqxnp5f4.default\Smartbar
Ordner Gelöscht : C:\Users\Mo.T*******\AppData\Roaming\Mozilla\Firefox\Profiles\sqxnp5f4.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
Datei Gelöscht : C:\Users\Mo.T*******\AppData\Roaming\Mozilla\Firefox\Profiles\sqxnp5f4.default\Extensions\{1FD91A9C-410C-4090-BBCC-55D3450EF433}
Datei Gelöscht : C:\END
Datei Gelöscht : C:\Users\Public\Desktop\Get The Best Facebook Chat Messenger.lnk
Datei Gelöscht : C:\Users\MOA8BD~1.TCH\AppData\Local\Temp\searchqutoolbar-manifest.xml
Datei Gelöscht : C:\Users\Mo.T*******\AppData\Roaming\Mozilla\Firefox\Profiles\sqxnp5f4.default\searchplugins\Search_Results.xml
Datei Gelöscht : C:\Users\Mo.T*******\AppData\Roaming\Mozilla\Firefox\Profiles\sqxnp5f4.default\user.js

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

[#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{240A5264-49A5-44FE-96AD-CDBABF2BB8E5}
Wert Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Search Protection]
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker-1_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker-1_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2625848
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6E4C89CF-3061-4EE4-B22A-B7A8AAEA5CB3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9D717F81-9148-4F12-8568-69135F087DB0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9D717F81-9148-4F12-8568-69135F087DB0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2414}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2414}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\DataMngr
Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\pdfforge
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\PriceGong
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\00E944CB89111313EAF35A0553F547F9
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\53F55AF3F4049ED3FA6EA6F88E414E24
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E4BF4B11615E03C97732FD581AB607
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CE3DDAB2D152683FBCEB4866BCD2B0F
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AF6CE16AFEA5C9A39B766468A8B35C21
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FB1E44269B58F433A8C8E671E37CFDCF

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.16521

Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]

-\\ Mozilla Firefox v27.0.1 (de)

[ Datei : C:\Users\Mo.T*******\AppData\Roaming\Mozilla\Firefox\Profiles\sqxnp5f4.default\prefs.js ]

Zeile gelöscht : user_pref("CT2625848.1000082.isDisplayHidden", "true");
Zeile gelöscht : user_pref("CT2625848.1000082.isPlayDisplay", "true");
Zeile gelöscht : user_pref("CT2625848.1000082.state", "{\"state\":\"stopped\",\"text\":\"Californi...\",\"description\":\"California Rock\",\"url\":\"hxxp://feedlive.net/california.asx\"}");
Zeile gelöscht : user_pref("CT2625848.2625848a129894023611240511000000paramsGK1.enc", "eyJ1cGRhdGVSZXFUaW1lIjoxMzY2NjU5OTEzOTcyLCJ1cGRhdGVSZXNwVGltZSI6MTM2NjY1OTkxOTM2NCwiZGF0YSI6eyJzZXR0aW5ncyI6eyJpY29uIjoiaHR0cDovL3[...]
Zeile gelöscht : user_pref("CT2625848.CBOpenMAMSettings.enc", "MA==");
Zeile gelöscht : user_pref("CT2625848.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Zeile gelöscht : user_pref("CT2625848.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
Zeile gelöscht : user_pref("CT2625848.FirstTime", "true");
Zeile gelöscht : user_pref("CT2625848.FirstTimeFF3", "true");
Zeile gelöscht : user_pref("CT2625848.LoginRevertSettingsEnabled", true);
Zeile gelöscht : user_pref("CT2625848.PG_ENABLE", "dHJ1ZQ==");
Zeile gelöscht : user_pref("CT2625848.RevertSettingsEnabled", true);
Zeile gelöscht : user_pref("CT2625848.SearchAppState.enc", "Mw==");
Zeile gelöscht : user_pref("CT2625848.SearchAppTracking.enc", "c2VudA==");
Zeile gelöscht : user_pref("CT2625848.UserID", "UN63934779191489186");
Zeile gelöscht : user_pref("CT2625848.addressBarTakeOverEnabledInHidden", "true");
Zeile gelöscht : user_pref("CT2625848.autoDisableScopes", -1);
Zeile gelöscht : user_pref("CT2625848.cb_experience_000.enc", "MTA=");
Zeile gelöscht : user_pref("CT2625848.cb_firstuse0100.enc", "MQ==");
Zeile gelöscht : user_pref("CT2625848.cb_user_id_000.enc", "Q0I2NjY5NTYwMTE3ODdfMTM2MjIxODc5NzM0MF9GaXJlZm94");
Zeile gelöscht : user_pref("CT2625848.cbcountry_001.enc", "REU=");
Zeile gelöscht : user_pref("CT2625848.cbfirsttime.enc", "U2F0IE5vdiAxNyAyMDEyIDAwOjEyOjI0IEdNVCswMTAw");
Zeile gelöscht : user_pref("CT2625848.defaultSearch", "false");
Zeile gelöscht : user_pref("CT2625848.embeddedsData", "[{\"appId\":\"129181467799155027\",\"apiPermissions\":{\"crossDomainAjax\":true,\"getMainFrameTitle\":true,\"getMainFrameUrl\":true,\"getSearchTerm\":true,\"insta[...]
Zeile gelöscht : user_pref("CT2625848.enableAlerts", "false");
Zeile gelöscht : user_pref("CT2625848.enableFix404ByUser", "TRUE");
Zeile gelöscht : user_pref("CT2625848.enableSearchFromAddressBar", "true");
Zeile gelöscht : user_pref("CT2625848.firstTimeDialogOpened", "true");
Zeile gelöscht : user_pref("CT2625848.fixPageNotFoundError", "true");
Zeile gelöscht : user_pref("CT2625848.fixPageNotFoundErrorByUser", "true");
Zeile gelöscht : user_pref("CT2625848.fixPageNotFoundErrorInHidden", "true");
Zeile gelöscht : user_pref("CT2625848.fixUrls", true);
Zeile gelöscht : user_pref("CT2625848.hxxp___www_socialgrowthtechnologies_com_couponbuddy_v001.APP_WIN_FEATURES.enc", "b3BlbnBvc2l0aW9uPW9mZnNldDo1MDs1MCxzYXZlbG9jYXRpb249MCxyZXNpemFibGU9bm8sc2Nyb2xsYmFycz1ubyx0aXRsZW[...]
Zeile gelöscht : user_pref("CT2625848.installId", "ConduitNSISIntegration");
Zeile gelöscht : user_pref("CT2625848.installType", "ConduitNSISIntegration");
Zeile gelöscht : user_pref("CT2625848.isCheckedStartAsHidden", true);
Zeile gelöscht : user_pref("CT2625848.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Zeile gelöscht : user_pref("CT2625848.isFirstTimeToolbarLoading", "false");
Zeile gelöscht : user_pref("CT2625848.isNewTabEnabled", false);
Zeile gelöscht : user_pref("CT2625848.isPerformedSmartBarTransition", "true");
Zeile gelöscht : user_pref("CT2625848.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Zeile gelöscht : user_pref("CT2625848.lastVersion", "10.15.0.562");
Zeile gelöscht : user_pref("CT2625848.migrateAppsAndComponents", true);
Zeile gelöscht : user_pref("CT2625848.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"\",\"EB_MAIN_FRAME_TITLE\":\"\",\"EB_TOOLBAR_SUB_DOMAIN\":\"hxxp://DVDVideoSoftTBDE.OurToolbar.com/\",\"E[...]
Zeile gelöscht : user_pref("CT2625848.newSettings", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Zeile gelöscht : user_pref("CT2625848.openThankYouPage", "false");
Zeile gelöscht : user_pref("CT2625848.openUninstallPage", "true");
Zeile gelöscht : user_pref("CT2625848.price-gong.bornDate", "{\"dataType\":\"string\",\"data\":\"{\\\"Response\\\":\\\"11\\\\/18\\\\/2012 01\\\"}\"}");
Zeile gelöscht : user_pref("CT2625848.price-gong.isManagedApp", "true");
Zeile gelöscht : user_pref("CT2625848.search.searchAppId", "129181467799155027");
Zeile gelöscht : user_pref("CT2625848.search.searchCount", "0");
Zeile gelöscht : user_pref("CT2625848.searchInNewTabEnabled", "false");
Zeile gelöscht : user_pref("CT2625848.searchInNewTabEnabledByUser", "false");
Zeile gelöscht : user_pref("CT2625848.searchInNewTabEnabledInHidden", "true");
Zeile gelöscht : user_pref("CT2625848.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Zeile gelöscht : user_pref("CT2625848.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Zeile gelöscht : user_pref("CT2625848.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\"}");
Zeile gelöscht : user_pref("CT2625848.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT2625848\"}");
Zeile gelöscht : user_pref("CT2625848.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"hxxp://DVDVideoSoftTBDE.OurToolbar.com//xpi\"}");
Zeile gelöscht : user_pref("CT2625848.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"DVDVideoSoftTB DE\"}");
Zeile gelöscht : user_pref("CT2625848.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
Zeile gelöscht : user_pref("CT2625848.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1366659997754");
Zeile gelöscht : user_pref("CT2625848.serviceLayer_services_appTracking_lastUpdate", "1353107536978");
Zeile gelöscht : user_pref("CT2625848.serviceLayer_services_appsMetadata_lastUpdate", "1366659997588");
Zeile gelöscht : user_pref("CT2625848.serviceLayer_services_clientErrorLog_lastUpdate", "1348870703668");
Zeile gelöscht : user_pref("CT2625848.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1366659997130");
Zeile gelöscht : user_pref("CT2625848.serviceLayer_services_location_lastUpdate", "1366659996353");
Zeile gelöscht : user_pref("CT2625848.serviceLayer_services_login_10.13.1.89_lastUpdate", "1352832824350");
Zeile gelöscht : user_pref("CT2625848.serviceLayer_services_login_10.13.40.15_lastUpdate", "1360885333955");
Zeile gelöscht : user_pref("CT2625848.serviceLayer_services_login_10.14.65.43_lastUpdate", "1364293462169");
Zeile gelöscht : user_pref("CT2625848.serviceLayer_services_login_10.15.0.562_lastUpdate", "1366659997598");
Zeile gelöscht : user_pref("CT2625848.serviceLayer_services_optimizer_lastUpdate", "1352832706960");
Zeile gelöscht : user_pref("CT2625848.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1366659997214");
Zeile gelöscht : user_pref("CT2625848.serviceLayer_services_searchAPI_lastUpdate", "1366659996491");
Zeile gelöscht : user_pref("CT2625848.serviceLayer_services_serviceMap_lastUpdate", "1366659996227");
Zeile gelöscht : user_pref("CT2625848.serviceLayer_services_setupAPI_lastUpdate", "1364293462157");
Zeile gelöscht : user_pref("CT2625848.serviceLayer_services_toolbarContextMenu_lastUpdate", "1366659997041");
Zeile gelöscht : user_pref("CT2625848.serviceLayer_services_toolbarSettings_lastUpdate", "1366659997292");
Zeile gelöscht : user_pref("CT2625848.serviceLayer_services_translation_lastUpdate", "1366659997018");
Zeile gelöscht : user_pref("CT2625848.serviceLayer_services_userApps1ec55dac-8dca-406b-9697-5d68893c1c0c_lastUpdate", "1366659877940");
Zeile gelöscht : user_pref("CT2625848.serviceLayer_services_userApps_lastUpdate", "1366659877969");
Zeile gelöscht : user_pref("CT2625848.settingsINI", true);
Zeile gelöscht : user_pref("CT2625848.shouldFirstTimeDialog", "false");
Zeile gelöscht : user_pref("CT2625848.showToolbarPermission", "false");
Zeile gelöscht : user_pref("CT2625848.smartbar.CTID", "CT2625848");
Zeile gelöscht : user_pref("CT2625848.smartbar.Uninstall", "0");
Zeile gelöscht : user_pref("CT2625848.smartbar.toolbarName", "DVDVideoSoftTB DE ");
Zeile gelöscht : user_pref("CT2625848.startPage", "false");
Zeile gelöscht : user_pref("CT2625848.toolbarBornServerTime", "26-9-2012");
Zeile gelöscht : user_pref("CT2625848.toolbarCurrentServerTime", "22-4-2013");
Zeile gelöscht : user_pref("CT2625848.toolbarLoginClientTime", "Tue Mar 26 2013 20:10:37 GMT+0100");
Zeile gelöscht : user_pref("CT2625848.url_history0001.enc", "aHR0cDovL3d3dy5hYmlkamFuc2hvdy5jb20vdjJ4L2hvbWUvYXVkaW8vaW5kZXg/aWQ9NzczNSZjYXRlZ29yaWU9MTkyOjo6Y2xpY2toYW5kbGVyOjo6MTM2MzU0MzYzOTU3NiwsLGh0dHA6Ly91bnRlcmhh[...]
Zeile gelöscht : user_pref("CT2625848_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1366659871144,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
Zeile gelöscht : user_pref("browser.search.defaultenginename", "Search Results");
Zeile gelöscht : user_pref("browser.search.order.1", "Search Results");
Zeile gelöscht : user_pref("browser.search.selectedEngine", "Search Results");
Zeile gelöscht : user_pref("keyword.URL", "hxxp://dts.search-results.com/sr?src=ffb&appid=0&systemid=414&sr=0&q=");
Zeile gelöscht : user_pref("smartbar.machineId", "NQWUK3PEPXULY+T8KYK7IFY+BED/ARPUF7RWLR4ZHYK+XF3B5EFAABPU7NWQPP9Q/273VKLXGN7UICNHTTD0KA");

[ Datei : C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\4e7o9yf3.default\prefs.js ]

Zeile gelöscht : user_pref("browser.startup.homepage", "hxxp://www.searchnu.com/414");
Zeile gelöscht : user_pref("keyword.URL", "hxxp://dts.search-results.com/sr?src=ffb&appid=0&systemid=414&sr=0&q=");

-\\ Google Chrome v33.0.1750.154

[ Datei : C:\Users\Mo.T*******\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Gelöscht : homepage
Gelöscht : urls_to_restore_on_startup

[ Datei : C:\Users\Gast\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [18957 octets] - [18/04/2014 01:03:51]
AdwCleaner[S0].txt - [18794 octets] - [18/04/2014 01:47:34]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [18855 octets] ##########

logfile frst:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 14-04-2014
Ran by Mo.T******* (administrator) on MOT*******-PC on 18-04-2014 01:58:59
Running from C:\Users\Mo.T*******\Desktop
Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(Hewlett-Packard) C:\Windows\system32\Hpservice.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Lavasoft) C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(APN LLC.) C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe
(Cisco Systems, Inc.) C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
(Juniper Networks) C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
(Garmin Ltd or its subsidiaries) C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
() c:\altera\91\quartus\bin\jtagserver.exe
(Juniper Networks) C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
(Yahoo! Inc.) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Microsoft Corporation) C:\Windows\system32\wbem\unsecapp.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
(Nokia) C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(shbox.de) C:\Program Files\FreePDF_XP\fpassist.exe
(Yahoo! Inc) C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
(Juniper Networks) C:\Program Files\Common Files\Juniper Networks\JamUI\Pulse.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(APN) C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Program Files\Windows Live\Messenger\msnmsgr.exe
(Nokia) C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Garmin Ltd or its subsidiaries) C:\Program Files\Garmin\Express Tray\ExpressTray.exe
(TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
(THe UDS) C:\Program Files\InstantTimeZone\InstantTimeZone.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.bin
(THe UDS) C:\Program Files\InstantTimeZone\InstantTimeZone.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
(TOSHIBA CORPORATION) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
(TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
(Yahoo! Inc.) C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
(TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
() C:\Program Files\Common Files\Nokia\NoA\nokiaaserver.exe
(TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
() C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe
(Nokia) C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
(Nokia) C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
(Nokia) C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
(Nokia) C:\Program Files\PC Connectivity Solution\Transports\NclToBTSrv.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
(Lavasoft) C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
(Microsoft Corporation) C:\Windows\system32\wuauclt.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [NeroCheck] => C:\Windows\system32\NeroCheck.exe [155648 2003-07-13] (Ahead Software Gmbh)
HKLM\...\Run: [WirelessAssistant] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [498744 2009-07-23] (Hewlett-Packard)
HKLM\...\Run: [NokiaMServer] => C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup
HKLM\...\Run: [NokiaMusic FastStart] => C:\Program Files\Nokia\Ovi Player\NokiaOviPlayer.exe [2090272 2009-11-06] (Nokia)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [FreePDF Assistant] => C:\Program Files\FreePDF_XP\fpassist.exe [385024 2009-09-05] (shbox.de)
HKLM\...\Run: [YSearchProtection] => C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe [111856 2009-02-23] (Yahoo! Inc)
HKLM\...\Run: [Pulse] => C:\Program Files\Common Files\Juniper Networks\JamUI\Pulse.exe [1698672 2010-10-23] (Juniper Networks)
HKLM\...\Run: [ITSecMng] => C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe [83336 2009-07-22] (TOSHIBA CORPORATION)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-20] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [ApnTBMon] => C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1558480 2013-07-26] (APN)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
HKU\S-1-5-19\...\Run: [Sidebar] => C:\Program Files\Windows Sidebar\Sidebar.exe [1174016 2010-11-20] (Microsoft Corporation)
HKU\S-1-5-20\...\Run: [Sidebar] => C:\Program Files\Windows Sidebar\Sidebar.exe [1174016 2010-11-20] (Microsoft Corporation)
HKU\S-1-5-21-2441125889-3839948254-335534644-1000\...\Run: [LightScribe Control Panel] => C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2009-06-17] (Hewlett-Packard Company)
HKU\S-1-5-21-2441125889-3839948254-335534644-1000\...\Run: [msnmsgr] => C:\Program Files\Windows Live\Messenger\msnmsgr.exe [3883840 2009-07-26] (Microsoft Corporation)
HKU\S-1-5-21-2441125889-3839948254-335534644-1000\...\Run: [] => [X]
HKU\S-1-5-21-2441125889-3839948254-335534644-1000\...\Run: [NokiaOviSuite2] => C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe [401728 2009-12-10] (Nokia)
HKU\S-1-5-21-2441125889-3839948254-335534644-1000\...\Run: [Sidebar] => C:\Program Files\Windows Sidebar\sidebar.exe [1174016 2010-11-20] (Microsoft Corporation)
HKU\S-1-5-21-2441125889-3839948254-335534644-1000\...\Run: [Messenger (Yahoo!)] => C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [5252408 2010-06-01] (Yahoo! Inc.)
HKU\S-1-5-21-2441125889-3839948254-335534644-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [354304 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-2441125889-3839948254-335534644-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files\DAEMON Tools Lite\DTLite.exe [3672384 2012-04-11] (DT Soft Ltd)
HKU\S-1-5-21-2441125889-3839948254-335534644-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)
HKU\S-1-5-21-2441125889-3839948254-335534644-1000\...\Run: [GarminExpressTrayApp] => C:\Program Files\Garmin\Express Tray\ExpressTray.exe [1093464 2013-08-28] (Garmin Ltd or its subsidiaries)
HKU\S-1-5-21-2441125889-3839948254-335534644-1000\...\MountPoints2: H - H:\AutoRun.exe
HKU\S-1-5-21-2441125889-3839948254-335534644-1000\...\MountPoints2: I - I:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-2441125889-3839948254-335534644-1000\...\MountPoints2: {0df93878-198b-11e0-a313-91265f448b94} - H:\AutoRun.exe
HKU\S-1-5-21-2441125889-3839948254-335534644-1000\...\MountPoints2: {0df93886-198b-11e0-a313-967bdee9a9b0} - I:\AutoRun.exe
HKU\S-1-5-21-2441125889-3839948254-335534644-1000\...\MountPoints2: {1dfb02a9-a128-11e3-9981-d65de5f1a59d} - I:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-2441125889-3839948254-335534644-1000\...\MountPoints2: {7e07d585-9160-11e1-8b45-f20c468c9ea1} - H:\setup.exe
HKU\S-1-5-21-2441125889-3839948254-335534644-1000\...\MountPoints2: {cd1a3888-3ac9-11e0-93cb-8b8d165d4ff3} - H:\AutoRun.exe
HKU\S-1-5-21-2441125889-3839948254-335534644-1000\...\MountPoints2: {dc1bfdf4-274a-11e0-899c-e85aa09ff09b} - H:\AutoRun.exe
HKU\S-1-5-21-2441125889-3839948254-335534644-1000\...\MountPoints2: {f6f4b7f7-2a53-11e0-85d0-d5f49d1021be} - I:\AutoRun.exe
Startup: C:\Users\Mo.T*******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Mo.T*******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk
ShortcutTarget: OpenOffice.org 3.1.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()

==================== Internet (Whitelisted) ====================

ProxyServer: :0
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xC00CCB7E1EB4CA01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
URLSearchHook: HKCU - YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll (Yahoo! Inc.)
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {15260EDB-65F3-41D3-9CA4-500D6C319CF3} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2625848
SearchScopes: HKCU - {5B291E6C-9A74-4034-971B-A4B007A0B315} URL = hxxp://radiobar.toolbarhome.com/search.aspx?q={searchTerms}&srch=dsp
SearchScopes: HKCU - {61DA61FF-CDAE-4D29-A3DD-CCA4690DB68E} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=302398&p={searchTerms}
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
BHO: Avira SearchFree Toolbar plus Web Protection - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.)
BHO: RadioBar Toolbar - {5B291E6C-9A74-4034-971B-A4B007A0B315} - C:\Program Files\RadioBar\toolbar.ni.dll (IMEDIX WEB TECHNOLOGIES LTD.)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: No Name - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -  No File
BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
Toolbar: HKLM - RadioBar Toolbar - {5B291E6C-9A74-4034-971B-A4B007A0B315} - C:\Program Files\RadioBar\toolbar.ni.dll (IMEDIX WEB TECHNOLOGIES LTD.)
Toolbar: HKLM - EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
Toolbar: HKLM - No Name - !{41564952-412D-5637-00A7-7A786E7484D7} -  No File
Toolbar: HKCU - RadioBar Toolbar - {5B291E6C-9A74-4034-971B-A4B007A0B315} - C:\Program Files\RadioBar\toolbar.ni.dll (IMEDIX WEB TECHNOLOGIES LTD.)
Toolbar: HKCU - EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler: toolbarchrome - {718733BC-AD64-4e5f-AC18-A85FBD75D54D} - C:\Program Files\RadioBar\toolbar.ni.dll (IMEDIX WEB TECHNOLOGIES LTD.)
Winsock: Catalog9 01 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 02 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 03 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 04 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 05 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 06 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 07 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 08 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 20 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Tcpip\..\Interfaces\{3EA79C1B-0DC0-4B9D-BF9C-F5BDE5A0B36D}: [NameServer]193.189.244.225 193.189.244.206
Tcpip\..\Interfaces\{685DD7D7-5179-4D4C-9659-4250856CC6AE}: [NameServer]193.189.244.225 193.189.244.206
Tcpip\..\Interfaces\{8884D693-2566-4B02-B8AC-E5C0F23E15E2}: [NameServer]193.189.244.225 193.189.244.206
Tcpip\..\Interfaces\{AB2CFAED-59BF-470F-B35C-508B1E345305}: [NameServer]132.195.249.13 132.195.20.3 132.195.20.3
Tcpip\..\Interfaces\{DF4F6289-7F96-4AF3-AEE8-6C2429ACD57E}: [NameServer]193.189.244.225 193.189.244.206

FireFox:
========
FF ProfilePath: C:\Users\Mo.T*******\AppData\Roaming\Mozilla\Firefox\Profiles\sqxnp5f4.default
FF Homepage: hxxp://www.google.de
FF NetworkProxy: "ftp", "wwwproxy.fh-koeln.de"
FF NetworkProxy: "ftp_port", 8080
FF NetworkProxy: "gopher", "wwwproxy.fh-koeln.de"
FF NetworkProxy: "gopher_port", 8080
FF NetworkProxy: "http", "wwwproxy.fh-koeln.de"
FF NetworkProxy: "http_port", 8080
FF NetworkProxy: "no_proxies_on", "139.6.*,*.fh-koeln.de"
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "wwwproxy.fh-koeln.de"
FF NetworkProxy: "socks_port", 8080
FF NetworkProxy: "ssl", "wwwproxy.fh-koeln.de"
FF NetworkProxy: "ssl_port", 8080
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw_1203133.dll (Adobe Systems, Inc.)
FF Plugin: @java.com/DTPlugin,version=1.6.0_35 - C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=15.0.2.72 - C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprjplug;version=15.0.2.72 - C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpchromebrowserrecordext;version=15.0.2.72 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprphtml5videoshim;version=15.0.2.72 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=15.0.2.72 - C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprjplug.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: No Name - C:\Users\Mo.T*******\AppData\Roaming\Mozilla\Firefox\Profiles\sqxnp5f4.default\Extensions\staged [2013-04-22]
FF Extension: Garmin Communicator - C:\Users\Mo.T*******\AppData\Roaming\Mozilla\Firefox\Profiles\sqxnp5f4.default\Extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} [2013-12-12]
FF Extension: Personas Plus - C:\Users\Mo.T*******\AppData\Roaming\Mozilla\Firefox\Profiles\sqxnp5f4.default\Extensions\personas@christopher.beard.xpi [2013-03-02]
FF Extension: Avira SearchFree Toolbar plus Web Protection - C:\Users\Mo.T*******\AppData\Roaming\Mozilla\Firefox\Profiles\sqxnp5f4.default\Extensions\toolbar_AVIRA-V7@apn.ask.com.xpi [2013-07-26]
FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Users\Mo.T*******\AppData\Roaming\Mozilla\Firefox\Profiles\sqxnp5f4.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi [2012-11-22]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-02-26]
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011-07-01]

Chrome: 
=======
CHR HomePage: hxxp://www.google.com
CHR RestoreOnStartup: "hxxp://www.google.com"
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\27.0.1453.94\PepperFlash\pepflashplayer.dll No File
CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Users\Mo.T*******\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk [2011-07-01]
CHR Extension: (Skype Click to Call) - C:\Users\Mo.T*******\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-05-25]
CHR Extension: (DvdVideoSoft Free Youtube Download) - C:\Users\Mo.T*******\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp [2013-05-25]
CHR HKLM\...\Chrome\Extension: [aaaaacalgebmfelllfiaoknifldpngjh] - C:\ProgramData\AskPartnerNetwork\Toolbar\AVIRA-V7\CRX\ToolbarCR.crx [2013-07-26]
CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2011-07-01]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2012-05-30]

========================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [1017424 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 APNMCP; C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe [168400 2013-07-26] (APN LLC.)
R2 CVPND; C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [1528608 2008-08-29] (Cisco Systems, Inc.)
R2 dsNcService; C:\Program Files\Juniper Networks\Common Files\dsNcService.exe [660848 2010-08-27] (Juniper Networks)
R2 Garmin Core Update Service; C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [246616 2013-08-28] (Garmin Ltd or its subsidiaries)
R2 HP Health Check Service; C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [124928 2009-07-09] (Hewlett-Packard)
R2 JTAGServer; c:\altera\91\quartus\bin\jtagserver.exe [164352 2009-10-22] ()
R2 JuniperAccessService; C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe [198000 2010-10-22] (Juniper Networks)
R2 Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [1378040 2011-04-24] (Lavasoft)
S2 matlabserver; C:\MATLAB7\webserver\bin\win32\matlabserver.exe [536576 2004-04-24] ()
S4 RichVideo; C:\Program Files\CyberLink\Shared files\RichVideo.exe [247152 2009-01-21] ()
R2 Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3048136 2012-05-30] (Skype Technologies S.A.)
S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [X]

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [90400 2013-12-17] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135648 2013-12-17] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-12-12] (Avira Operations GmbH & Co. KG)
S3 CVirtA; C:\Windows\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.)
R2 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [306299 2008-08-29] (Cisco Systems, Inc.)
R3 DCamUSBNovatek; C:\Windows\System32\Drivers\nvtcam.sys [2704640 2010-09-07] (Novatek)
R3 DNE; C:\Windows\System32\DRIVERS\dne2000.sys [125328 2008-03-29] (Deterministic Networks, Inc.)
R3 dsNcAdpt; C:\Windows\System32\DRIVERS\dsNcAdpt.sys [26624 2010-06-11] (Juniper Networks)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [242240 2012-04-28] (DT Soft Ltd)
S3 grmnusb; C:\Windows\System32\drivers\grmnusb.sys [15720 2012-04-18] (GARMIN Corp.)
R3 jnprna; C:\Windows\System32\DRIVERS\jnprna.sys [420464 2010-07-23] (Juniper Networks, Inc.)
S3 jnprva; C:\Windows\System32\DRIVERS\jnprva.sys [25456 2010-07-23] (Juniper Networks, Inc.)
R3 JnprVaMgr; C:\Windows\System32\DRIVERS\jnprvamgr.sys [36776 2010-07-23] (Juniper Networks, Inc.)
S3 Lavasoft Kernexplorer; C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys [15264 2010-11-19] ()
S3 NPF; C:\Windows\System32\drivers\npf.sys [50704 2009-10-20] (CACE Technologies, Inc.)
R2 Sentinel; C:\Windows\System32\Drivers\SENTINEL.SYS [76288 2009-10-21] (Rainbow Technologies, Inc.)
S3 Sntnlusb; C:\Windows\System32\DRIVERS\SNTNLUSB.SYS [26120 2009-10-21] (Rainbow Technologies Inc.)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-09-03] (Avira GmbH)
S3 StarOpen; C:\Windows\system32\Drivers\StarOpen.sys [7168 2009-11-12] ()
R3 WinDriver6; C:\Windows\System32\drivers\windrvr6.sys [194362 2010-09-16] (Jungo)
S3 XilinxFirmwareEmbeddedLpLoader; C:\Windows\System32\Drivers\xusb_emb.sys [17408 2010-09-16] (Xilinx, Inc.)
R2 XilinxPC4Driver; C:\Windows\System32\drivers\xpc4drvr.sys [16000 2010-09-16] (Xilinx, Inc.)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-18 01:54 - 2014-04-18 01:54 - 00000370 _____ () C:\Windows\Tasks\Ad-Aware Update (Weekly).job
2014-04-18 01:03 - 2014-04-18 01:48 - 00000000 ____D () C:\AdwCleaner
2014-04-18 01:02 - 2014-04-18 01:01 - 01426178 _____ () C:\Users\Mo.T*******\Desktop\adwcleaner.exe
2014-04-18 00:23 - 2014-04-18 00:23 - 00000079 _____ () C:\Windows\wininit.ini
2014-04-17 00:39 - 2014-04-17 00:40 - 00040832 _____ () C:\Users\Mo.T*******\Desktop\Addition.txt
2014-04-17 00:38 - 2014-04-18 02:00 - 00026460 _____ () C:\Users\Mo.T*******\Desktop\FRST.txt
2014-04-17 00:36 - 2014-04-14 21:53 - 01042944 _____ (Farbar) C:\Users\Mo.T*******\Desktop\FRST.exe
2014-04-15 01:21 - 2014-04-18 01:58 - 00000000 ____D () C:\FRST
2014-04-09 21:29 - 2014-04-18 00:45 - 00000000 ____D () C:\Windows\pss

==================== One Month Modified Files and Folders =======

2014-04-18 02:00 - 2014-04-17 00:38 - 00026460 _____ () C:\Users\Mo.T*******\Desktop\FRST.txt
2014-04-18 01:59 - 2009-07-14 06:34 - 00013792 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-18 01:59 - 2009-07-14 06:34 - 00013792 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-18 01:58 - 2014-04-15 01:21 - 00000000 ____D () C:\FRST
2014-04-18 01:56 - 2010-01-20 01:36 - 01401631 _____ () C:\Windows\WindowsUpdate.log
2014-04-18 01:54 - 2014-04-18 01:54 - 00000370 _____ () C:\Windows\Tasks\Ad-Aware Update (Weekly).job
2014-04-18 01:54 - 2010-02-06 10:30 - 00000346 _____ () C:\Windows\Tasks\HPCeeScheduleForMo.T*******.job
2014-04-18 01:52 - 2010-01-31 19:56 - 00000000 ____D () C:\Users\Mo.T*******\Tracing
2014-04-18 01:50 - 2013-06-14 02:09 - 00015910 _____ () C:\Windows\setupact.log
2014-04-18 01:50 - 2011-07-01 19:52 - 00001104 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-18 01:50 - 2010-09-27 08:39 - 00281679 _____ () C:\aaw7boot.log
2014-04-18 01:50 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-18 01:48 - 2014-04-18 01:03 - 00000000 ____D () C:\AdwCleaner
2014-04-18 01:48 - 2011-07-01 19:52 - 00001108 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-18 01:21 - 2012-08-12 20:11 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-18 01:01 - 2014-04-18 01:02 - 01426178 _____ () C:\Users\Mo.T*******\Desktop\adwcleaner.exe
2014-04-18 01:00 - 2010-02-15 21:05 - 00000000 ____D () C:\Users\Mo.T*******\AppData\Roaming\Skype
2014-04-18 00:45 - 2014-04-09 21:29 - 00000000 ____D () C:\Windows\pss
2014-04-18 00:40 - 2013-06-18 22:40 - 00207862 _____ () C:\Windows\PFRO.log
2014-04-18 00:25 - 2011-05-20 21:43 - 00000000 ____D () C:\Program Files\Free Video Converter
2014-04-18 00:23 - 2014-04-18 00:23 - 00000079 _____ () C:\Windows\wininit.ini
2014-04-17 00:40 - 2014-04-17 00:39 - 00040832 _____ () C:\Users\Mo.T*******\Desktop\Addition.txt
2014-04-17 00:40 - 2010-01-20 01:50 - 01644734 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-14 21:53 - 2014-04-17 00:36 - 01042944 _____ (Farbar) C:\Users\Mo.T*******\Desktop\FRST.exe
2014-04-10 00:13 - 2010-12-09 19:51 - 00000000 ____D () C:\Users\Gast\Tracing
2014-04-09 23:52 - 2011-03-24 21:52 - 00000978 _____ () C:\Users\Mo.T*******\Desktop\Bluetooth-Informationsaustausch.lnk
2014-04-09 22:32 - 2010-02-27 10:46 - 00007605 _____ () C:\Users\Mo.T*******\AppData\Local\Resmon.ResmonCfg
2014-04-08 14:00 - 2014-02-26 23:53 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-04-08 02:30 - 2013-02-17 23:42 - 00000452 ____H () C:\Windows\Tasks\Norton Security Scan for Mo.T*******.job
2014-04-03 21:14 - 2013-05-01 19:21 - 00000000 ____D () C:\Program Files\Common Files\Symantec Shared
2014-03-20 03:03 - 2010-02-15 21:05 - 00000000 ___RD () C:\Program Files\Skype
2014-03-20 03:02 - 2010-02-15 21:05 - 00000000 ____D () C:\ProgramData\Skype
2014-03-20 03:00 - 2013-08-16 10:13 - 00000000 ____D () C:\Windows\system32\MRT
2014-03-20 02:35 - 2010-01-31 20:43 - 87350280 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

Some content of TEMP:
====================
C:\Users\Gast\AppData\Local\Temp\avgnt.exe
C:\Users\Gast\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Mo.T*******\AppData\Local\Temp\avgnt.exe
C:\Users\Mo.T*******\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-04-03 21:14

==================== End Of Log ============================

--- --- ---

logfile Addition:

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 14-04-2014
Ran by Mo.T******* at 2014-04-18 02:02:19
Running from C:\Users\Mo.T*******\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Lavasoft Ad-Watch Live! (Disabled - Up to date) {61CDFD9D-3CAC-9270-C6FC-52325ACB795B}

==================== Installed Programs ======================

 Update for Microsoft Office 2007 (KB2508958) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version:  - Microsoft)
 Update for Microsoft Office 2007 (KB2508958) (HKLM\...\{91120000-0051-0000-0000-0000000FF1CE}_VISPROR_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version:  - Microsoft)
7-Zip 4.65 (HKLM\...\7-Zip) (Version:  - )
Acrobat.com (HKLM\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
ActiveCheck component for HP Active Support Library (Version: 3.0.0.1 - Hewlett-Packard) Hidden
Ad-Aware (Version: 8.3.0 - Lavasoft) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe AIR (Version: 1.5.0.7220 - Adobe Systems Inc.) Hidden
Adobe Flash Player 10 ActiveX (HKLM\...\{2BD2FA21-B51D-4F01-94A7-AC16737B2163}) (Version: 10.0.12.36 - Adobe Systems, Inc.)
Adobe Flash Player 12 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Reader 9.5.5 MUI (HKLM\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.5.5 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM\...\Adobe Shockwave Player) (Version: 12.0.3.133 - Adobe Systems, Inc.)
Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.3.350 - Avira)
Avira SearchFree Toolbar plus Web Protection (HKLM\...\{41564952-412D-5637-00A7-A758B70C0202}) (Version: 12.2.2.663 - Ask Partner Network)
Bluetooth Stack for Windows by Toshiba (HKLM\...\{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}) (Version: v7.00.11 - TOSHIBA CORPORATION)
Calment 1.0 (HKLM\...\{C3644198-E72E-4BFB-AC20-3029F03FADE7}_is1) (Version:  - TNM solutions, Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.02 - Piriform)
CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.1.4003 - CDBurnerXP)
Cisco Systems VPN Client 5.0.04.0300 (HKLM\...\{51FB15F4-AD27-43BC-AD4B-DD0354FB6BBD}) (Version: 5.0.4 - Cisco Systems, Inc.)
CodeVisionAVR Evaluation V2.04.9a (HKLM\...\{00C3EAEB-CD7B-4DB2-B0BC-3504FAA411E3}_is1) (Version: 2.04.9 - HP InfoTech s.r.l.)
Compatibility Pack für 2007 Office System (HKLM\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
CyberLink DVD Suite (HKLM\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 6.0.3101 - CyberLink Corp.)
CyberLink DVD Suite (Version: 6.0.3101 - CyberLink Corp.) Hidden
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 4.45.4.0314 - DT Soft Ltd)
Dropbox (HKCU\...\Dropbox) (Version: 2.2.8 - Dropbox, Inc.)
EAGLE 5.2.0 (HKLM\...\EAGLE 5.2.0) (Version: 5.2.0 - CadSoft Computer GmbH)
Elevated Installer (Version: 2.3.7.0 - Garmin Ltd or its subsidiaries) Hidden
EPSON Attach To Email (HKLM\...\InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}) (Version: 1.01.0000 - SEIKO EPSON)
EPSON Attach To Email (Version: 1.01.0000 - SEIKO EPSON) Hidden
EPSON Copy Utility 3 (HKLM\...\{67EDD823-135A-4D59-87BD-950616D6E857}) (Version: 3.1.5.0 - )
EPSON Easy Photo Print (HKLM\...\{5DA7BC15-18D3-41A0-9F59-838DA3EAEF17}) (Version: 1.1.0.0 - )
EPSON File Manager (HKLM\...\{E86BC406-944E-41F6-ADE6-2C136734C96B}) (Version: 1.1.0.0 - )
EPSON Image Clip Palette (HKLM\...\{314F6D08-A8B7-11D8-8446-0050BA1D384D}) (Version: 1.02.00 - )
EPSON Scan (HKLM\...\EPSON Scanner) (Version:  - )
EPSON Scan Assistant (HKLM\...\{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}) (Version: 1.02.00 - )
EPSON Web-To-Page (HKLM\...\{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}) (Version:  - )
EPSON-Drucker-Software (HKLM\...\EPSON Printer and Utilities) (Version:  - )
ESDX3800 Benutzerhandbuch (HKLM\...\ESDX3800 Benutzerhandbuch) (Version:  - )
FreePDF (Remove only) (HKLM\...\FreePDF_XP) (Version:  - )
Garmin City Navigator Europe NT 2012.10 Update (HKLM\...\{41A00174-B4EA-4E79-9CAF-DC118A878B92}) (Version: 15.10.0.0 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM\...\{d0fa5283-14fe-4f9e-9716-3343b8925ff6}) (Version: 2.3.7.0 - Garmin Ltd or its subsidiaries)
Garmin Express (Version: 2.3.7.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (Version: 2.3.7.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin USB Drivers (HKLM\...\{ABA5E381-EC46-425C-86C5-5CD15BBFB4BF}) (Version: 2.3.1.0 - Garmin Ltd or its subsidiaries)
Garmin WebUpdater (HKLM\...\{F4DA4C73-026F-4D38-8C6B-85F0193E4B56}) (Version: 2.5.6 - Garmin Ltd or its subsidiaries)
Google Chrome (HKLM\...\Google Chrome) (Version: 33.0.1750.154 - Google Inc.)
Google Update Helper (Version: 1.3.23.9 - Google Inc.) Hidden
GPL Ghostscript 8.71 (HKLM\...\GPL Ghostscript 8.71) (Version:  - )
HP 3D DriveGuard (HKLM\...\{7FD7F421-39B2-4CAC-BC41-7D83DDBAB329}) (Version: 4.0.3.1 - Hewlett-Packard)
HP Customer Experience Enhancements (HKLM\...\{5B295588-59C1-4386-9F85-BB4BEDCB0D22}) (Version: 5.7.0.3036 - Hewlett-Packard)
HP Support Assistant (HKLM\...\{4F46FDB9-B906-47BF-B3D5-C62E01B3C5EE}) (Version: 4.1.11.3 - Hewlett-Packard)
HP Wireless Assistant (HKLM\...\{54CC7901-804D-4155-B353-21F0CC9112AB}) (Version: 3.50.9.1 - Hewlett-Packard)
HPAsset component for HP Active Support Library (Version: 3.0.0.2 - Hewlett-Packard) Hidden
InstantTimeZone (HKLM\...\InstantTimeZone) (Version:  - )
Juniper Networks Network Connect 7.0.0 (HKLM\...\Juniper Network Connect 7.0.0) (Version: 7.0.0.16499 - Juniper Networks)
Juniper Networks Setup Client (HKCU\...\Juniper_Setup_Client) (Version: 2.2.3.8885 - Juniper Networks)
Juniper Networks Setup Client Activex Control (HKLM\...\Juniper_Setup_Client Activex Control) (Version: 2.1.1.1 - Juniper Networks)
Junos Pulse (HKLM\...\Junos Pulse) (Version: 1.0 - Juniper Networks)
LabelPrint (HKLM\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1913 - CyberLink Corp.)
LabelPrint (Version: 2.5.1913 - CyberLink Corp.) Hidden
LightScribe System Software (HKLM\...\{82EF29B1-9B60-4142-A155-0599216DD053}) (Version: 1.18.6.1 - LightScribe)
LowRateVoip (HKLM\...\LowRateVoip_is1) (Version: 4.04 build 550 - Finarea S.A. Switzerland)
MATLAB Family of Products Release 14 (HKLM\...\MatlabR14) (Version:  - )
MATLAB R2010a (HKLM\...\MatlabR2010a) (Version: 7.10 - The MathWorks, Inc.)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Choice Guard (Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Groove MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint Viewer 2007 (German) (HKLM\...\{95120000-00AF-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM\...\{90110407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Visio 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-0051-0000-0000-0000000FF1CE}_VISPROR_{CE144BF4-4950-4CDB-A5F7-CCE1888F49CB}) (Version:  - Microsoft)
Microsoft Office Visio 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Visio MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Visio Professional 2007 (HKLM\...\VISPROR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Visio Professional 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Software Update for Web Folders  (English) 12 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM\...\{39D0E034-1042-4905-BECB-5502909FCB7C}) (Version: 9.7.0621 - Microsoft Corporation)
Mobile Partner (HKLM\...\Mobile Partner) (Version: 16.002.03.01.40 - Huawei Technologies Co.,Ltd)
Mozilla Firefox 27.0.1 (x86 de) (HKLM\...\Mozilla Firefox 27.0.1 (x86 de)) (Version: 27.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 27.0.1 - Mozilla)
MSVC80_x86_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x86 (Version: 1.0.1.2 - Nokia) Hidden
MSVCRT (Version: 14.0.1468.721 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nios II Embedded Design Suite 9.1 (HKLM\...\{384FE84E-AB86-42B6-A16A-A5BFFA7871EE}) (Version: 9.1 - Altera Corporation)
Nokia Connectivity Cable Driver (HKLM\...\{C50EF365-2898-489A-B6C7-30DAA466E9A2}) (Version: 7.1.23.0 - Nokia)
Nokia Download! (HKLM\...\{D353C323-5E95-4873-9825-9FEC1C8A3794}) (Version: 2.1.16.3 - Ihr Firmenname)
Nokia Map Loader (HKLM\...\{03528A01-7E5E-4C5F-94DF-1D8012E969EF}) (Version: 1.3.12 - Nokia)
Nokia Ovi Application Installer (Version: 6.85.3011 - Nokia) Hidden
Nokia Ovi Application Installer 6.85.3011 (HKLM\...\Nokia Ovi Application Installer) (Version:  - Nokia)
Nokia Ovi Content Copier (Version: 6.85.3011 - Nokia) Hidden
Nokia Ovi Content Copier 6.85.3011 (HKLM\...\Nokia Ovi Content Copier) (Version:  - Nokia)
Nokia Ovi One Touch Access (Version: 6.85.3019 - Nokia) Hidden
Nokia Ovi One Touch Access 6.85.3019 (HKLM\...\Nokia Ovi One Touch Access) (Version:  - Nokia)
Nokia Ovi Player (HKLM\...\{A528306A-C5EC-481C-A619-6106334E6800}) (Version: 2.0.1106 - Nokia Ovi Player)
Nokia Ovi Suite (HKLM\...\Nokia Ovi Suite) (Version: 2.0.2.42 - Nokia)
Nokia Ovi Suite (Version: 2.0.2.42 - Nokia) Hidden
Nokia Ovi Suite Software Updater (HKLM\...\{564B16F4-6B5B-47B0-9AB6-FF2E943947F7}) (Version: 01.08.010.40008 - Nokia Corporation)
Nokia Ovi System Utilities (Version: 6.85.3018 - Nokia) Hidden
Nokia Ovi System Utilities 6.85.3018 (HKLM\...\Nokia Ovi System Utilities) (Version:  - Nokia)
Nokia Photos (HKLM\...\{0EABFEF6-6D10-4C12-8667-3029C481D355}) (Version: 1.6.434 - Nokia)
Nokia Software Updater (HKLM\...\{9F59C3AE-81B0-4EF6-9762-D674BB079705}) (Version: 01.06.013.38541 - Nokia Corporation)
Nokia_Multimedia_Common_Components_2_5 (HKLM\...\{3762698E-E9DF-4DD8-99F1-8192D0F8EE06}) (Version: 2.5.197 - Nokia)
Norton Security Scan (HKLM\...\NSS) (Version: 4.0.3.24 - Symantec Corporation)
NTPort Library Driver 2.8 (HKLM\...\NTPort Library Driver) (Version: 2.8 - Zeal SoftStudio)
OpenOffice.org 3.1 (HKLM\...\{D765F1CE-5AE5-4C47-B134-AE58AC474740}) (Version: 3.1.9420 - OpenOffice.org)
Opera 12.16 (HKLM\...\Opera 12.16.1860) (Version: 12.16.1860 - Opera Software ASA)
Ovi Desktop Sync Engine (Version: 1.2.234.0 - Nokia) Hidden
OviMPlatform (Version: 2.6.40.0 - Nokia) Hidden
PC Connectivity Solution (HKLM\...\{4CE6B3C4-D8E2-4A5D-BEF5-5B69AF843B0C}) (Version: 9.45.0.0 - Nokia)
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.0.1 - Frank Heindörfer, Philip Chinery)
PIF DESIGNER (HKLM\...\{B90450DF-E781-46FD-B1F1-0C86DA40E443}) (Version:  - )
Power2Go (HKLM\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.3101 - CyberLink Corp.)
Power2Go (Version: 6.0.3101 - CyberLink Corp.) Hidden
PowerDirector (HKLM\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.3101 - CyberLink Corp.)
PowerDirector (Version: 7.0.3101 - CyberLink Corp.) Hidden
Pro Evolution Soccer 2009 (HKLM\...\{A8DB611A-D80E-450D-85F6-3ACDD164BE31}) (Version: 1.00.0000 - KONAMI)
Quartus II 9.1 Web Edition (HKLM\...\{27BDABE9-4752-4BBF-8B3F-8714A3F7FD9B}) (Version: 9.1 - Altera Corporation)
RadioBar Toolbar (HKLM\...\RadioBar) (Version:  - )
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden
RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden
RedMon - Redirection Port Monitor (HKLM\...\Redirection Port Monitor) (Version:  - )
SecureW2 EAP Suite 1.1.3 for Windows (HKLM\...\SecureW2 EAP Suite) (Version:  - )
Sentinel System Driver (HKLM\...\Rainbow Sentinel Driver) (Version:  - )
Skype Click to Call (HKLM\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.0.10201 - Skype Technologies S.A.)
Skype™ 6.11 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
SopCast 3.2.8 (HKLM\...\SopCast) (Version: 3.2.8 - www.sopcast.com)
SUPER © v2012.build.51 (April 7, 2012) Version v2012.build.51 (HKLM\...\{B93DCF58-AA57-41EC-8D69-B05C66C6312D}_is1) (Version: v2012.build.51 - eRightSoft)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TeamViewer 8 (HKLM\...\TeamViewer 8) (Version: 8.0.16642 - TeamViewer)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-0051-0000-0000-0000000FF1CE}_VISPROR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{91120000-0051-0000-0000-0000000FF1CE}_VISPROR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6FAA03BD-2B51-4029-9AD9-64A3B8E3C84C}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (HKLM\...\{91120000-0051-0000-0000-0000000FF1CE}_VISPROR_{6FAA03BD-2B51-4029-9AD9-64A3B8E3C84C}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{91120000-0051-0000-0000-0000000FF1CE}_VISPROR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{91120000-0051-0000-0000-0000000FF1CE}_VISPROR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office Access 2007 Help (KB963663) (HKLM\...\{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{6B76A18A-AA1E-42AB-A7AD-6C84BBB43987}) (Version:  - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version:  - Microsoft)
Update for Microsoft Office Infopath 2007 Help (KB963662) (HKLM\...\{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{716B81B8-B13C-41DF-8EAC-7A2F656CAB63}) (Version:  - Microsoft)
Update for Microsoft Office OneNote 2007 Help (KB963670) (HKLM\...\{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2744EF05-38E1-4D5D-B333-E021EDAEA245}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM\...\{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{ED38F8A3-4F61-494E-8BCA-E3AC7760C924}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Help (KB963677) (HKLM\...\{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{0451F231-E3E3-4943-AB9F-58EB96171784}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2878234) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{EC1934B0-AE0F-4BBD-8955-54BB3247ED9E}) (Version:  - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version:  - Microsoft)
Update for Microsoft Office Publisher 2007 Help (KB963667) (HKLM\...\{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2E40DE55-B289-4C8B-8901-5D369B16814F}) (Version:  - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version:  - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version:  - Microsoft)
Visual C++ 2008 x86 Runtime - (v9.0.30729) (Version: 9.0.30729 - Microsoft Corporation) Hidden
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (HKLM\...\{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01) (Version: 9.0.30729.01 - Microsoft Corporation)
VLC media player 1.0.3 (HKLM\...\VLC media player) (Version: 1.0.3 - VideoLAN Team)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (04/19/2012 2.3.1.0) (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 2.3.1.0 - Garmin)
Windows Live Anmelde-Assistent (HKLM\...\{52B97218-98CB-4B8B-9283-D213C85E1AA4}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Call (Version: 14.0.8064.0206 - Microsoft Corporation) Hidden
Windows Live Communications Platform (Version: 14.0.8098.930 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Essentials (Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Windows Live Messenger (Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live-Uploadtool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0) (HKLM\...\504244733D18C8F63FF584AEB290E3904E791693) (Version: 08/22/2008 7.0.0.0 - Nokia)
WinPcap 4.1.1 (HKLM\...\WinPcapInst) (Version: 4.1.0.1753 - CACE Technologies)
WISO Steuer 2013 (HKLM\...\{D6CC2FAF-F827-4091-96A1-D32CC9B69C79}) (Version: 20.00.8137 - Buhl Data Service GmbH)
Yahoo! Messenger (HKLM\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)
Yahoo! Software Update (HKLM\...\Yahoo! Software Update) (Version:  - )
Yahoo! Suche Schutzvorkehrung (HKLM\...\Yahoo! Search Defender) (Version:  - )
Yahoo! Toolbar (HKLM\...\Yahoo! Companion) (Version:  - Yahoo! Inc.)

==================== Restore Points  =========================

17-04-2014 22:17:44 Removed Java(TM) 6 Update 35
17-04-2014 22:19:43 Removed pdfforge Toolbar v4.7.

==================== Hosts content: ==========================

2009-07-14 04:04 - 2010-11-26 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {1FB63E96-329E-4200-9CA7-6BFE762034F5} - System32\Tasks\{DC0E895B-816B-479D-83B6-BC75FEA8A390} => Firefox.exe hxxp://ui.skype.com/ui/0/5.5.0.124.259/en/abandoninstall?page=tsPlugin&amp;installinfo=google-toolbar:notoffered;notincluded,google-chrome:notoffered;disabled
Task: {2CD02A0D-401F-442D-839B-0252F3D4D6F1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-07-01] (Google Inc.)
Task: {3B264BFF-7E8D-4927-8ABC-1D311CDE0666} - System32\Tasks\Norton Product InstallerIdle => C:\Windows\System32\Adobe\Shockwave 12\SymInstallStub.exe
Task: {49F78E84-DF8B-4AFB-B8BA-B302516EE2A5} - System32\Tasks\Real Player-Online-Aktualisierungsprogramm => C:\Program Files\Real\RealPlayer\Update\realsched.exe [2012-03-29] (RealNetworks, Inc.)
Task: {6BEAF1E8-FC83-435B-85B1-5EF30814F4E5} - System32\Tasks\Ad-Aware Update (Weekly) => C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-04-24] (Lavasoft                                                              )
Task: {770788C2-CAD1-43B1-B62A-F5481067EE33} - System32\Tasks\Java Update Scheduler => C:\Program Files\Common Files\Java\Java Update\jusched.exe
Task: {954A1C28-EC1A-4DA0-BCD1-381E83AF4A09} - System32\Tasks\HPCeeScheduleForMo.T******* => C:\Program Files\hewlett-packard\sdp\ceement\HPCEE.exe [2009-05-26] (Hewlett-Packard)
Task: {996A048F-BE32-4E45-9C7C-1655D1CEC7B1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-07-01] (Google Inc.)
Task: {9A716C2C-14DC-4780-8848-566F8979A61D} - System32\Tasks\Hewlett-Packard\HP Assistant\PC Tuneup => C:\Program Files\Hewlett-Packard\HP Support Framework\HPSF.exe [2009-07-09] (Hewlett-Packard)
Task: {B0F725F8-BB1C-4485-8AD5-823E16A3FDE8} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-2441125889-3839948254-335534644-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2012-01-30] (RealNetworks, Inc.)
Task: {B58DC175-3135-4525-B19C-79610BCA97FF} - System32\Tasks\Hewlett-Packard\HP Assistant\PC Health Analysis => C:\Program Files\Hewlett-Packard\HP Support Framework\HPSF.exe [2009-07-09] (Hewlett-Packard)
Task: {DBAC1F9E-E53D-4B90-B0BE-1CDCCF1E91A6} - System32\Tasks\Norton Security Scan for Mo.T******* => C:\Program Files\Norton Security Scan\Engine\4.0.3.24\Nss.exe [2013-08-19] (Symantec Corporation)
Task: {DFD1DBF6-F4E6-4402-A245-1D39BDA989CF} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-2441125889-3839948254-335534644-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2012-01-30] (RealNetworks, Inc.)
Task: {E3A97466-FB2B-4B25-BB76-3FC7F989ADA8} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-14] (Adobe Systems Incorporated)
Task: {F77B7806-095F-49B4-B770-EE6C5DEAB174} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04] (Adobe Systems Incorporated)
Task: {FCD40BA7-5EBD-4413-A709-3516E29EB617} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-05-24] (Piriform Ltd)
Task: C:\Windows\Tasks\Ad-Aware Update (Weekly).job => C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForMo.T*******.job => C:\Program Files\hewlett-packard\sdp\ceement\HPCEE.exe
Task: C:\Windows\Tasks\Norton Security Scan for Mo.T*******.job => C:\PROGRA~1\NORTON~2\Engine\403~1.24\Nss.exe

==================== Loaded Modules (whitelisted) =============

2010-09-08 14:59 - 2011-04-24 10:24 - 00272368 _____ () C:\Program Files\Lavasoft\Ad-Aware\RPAPI.dll
2010-09-08 14:59 - 2011-04-24 10:24 - 00177624 _____ () C:\Program Files\Lavasoft\Ad-Aware\viprebridge.dll
2010-09-08 14:59 - 2010-11-19 12:05 - 00300368 _____ () C:\Program Files\Lavasoft\Ad-Aware\Vipre.dll
2013-08-18 20:19 - 2014-03-07 11:57 - 00190752 _____ () C:\ProgramData\Lavasoft\Ad-Aware\Defs\Extended\libBase64.dll
2013-08-18 20:19 - 2014-03-07 11:57 - 00178464 _____ () C:\ProgramData\Lavasoft\Ad-Aware\Defs\Extended\libMachoUniv.dll
2010-09-26 09:58 - 2010-11-05 11:57 - 00403776 _____ () C:\ProgramData\Lavasoft\Ad-Aware\Defs\thorax.aaw
2010-08-09 20:39 - 2001-10-28 17:42 - 00116224 _____ () C:\Windows\System32\pdfcmnnt.dll
2010-07-15 17:16 - 2005-01-06 18:33 - 00116224 _____ () C:\Windows\System32\redmonnt.dll
2013-09-03 13:00 - 2013-09-03 12:57 - 00394824 _____ () C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
2008-08-29 14:58 - 2008-08-29 14:58 - 00197408 _____ () C:\Windows\system32\vpnapi.dll
2010-01-10 03:42 - 2009-10-22 01:32 - 00164352 ____N () c:\altera\91\quartus\bin\jtagserver.exe
2010-01-10 03:42 - 2009-10-22 01:13 - 00019456 ____N () c:\altera\91\quartus\bin\ccl_ver.dll
2010-01-10 03:42 - 2009-10-21 22:55 - 00694272 ____N () c:\altera\91\quartus\bin\dinkum_alt.dll
2009-06-17 12:40 - 2009-06-17 12:40 - 02121728 _____ () C:\Program Files\Common Files\LightScribe\QtCore4.dll
2009-06-17 12:40 - 2009-06-17 12:40 - 07745536 _____ () C:\Program Files\Common Files\LightScribe\QtGui4.dll
2009-06-17 12:40 - 2009-06-17 12:40 - 00135168 _____ () C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
2009-02-26 10:14 - 2009-02-26 10:14 - 07497216 _____ () C:\Program Files\Nokia\Nokia Ovi Suite\QtGui4.dll
2009-03-30 16:46 - 2009-03-30 16:46 - 02070016 _____ () C:\Program Files\Nokia\Nokia Ovi Suite\QtCore4.dll
2009-02-26 10:05 - 2009-02-26 10:05 - 00872960 _____ () C:\Program Files\Nokia\Nokia Ovi Suite\QtNetwork4.dll
2009-02-26 10:04 - 2009-02-26 10:04 - 00319488 _____ () C:\Program Files\Nokia\Nokia Ovi Suite\QtXml4.dll
2009-02-26 11:17 - 2009-02-26 11:17 - 00022016 _____ () C:\Program Files\Nokia\Nokia Ovi Suite\imageformats\qgif4.dll
2009-01-20 14:02 - 2009-01-20 14:02 - 00131072 _____ () C:\Program Files\Nokia\Nokia Ovi Suite\imageformats\qjpeg1.dll
2009-01-20 14:02 - 2009-01-20 14:02 - 00013824 _____ () C:\Program Files\Nokia\Nokia Ovi Suite\imageformats\qsvg1.dll
2009-02-26 10:23 - 2009-02-26 10:23 - 00246784 _____ () C:\Program Files\Nokia\Nokia Ovi Suite\QtSvg4.dll
2009-12-10 16:16 - 2009-12-10 16:16 - 00028160 _____ () C:\Program Files\Nokia\Nokia Ovi Suite\plugins\WhatsNew.dll
2009-12-10 16:02 - 2009-12-10 16:02 - 00570368 _____ () C:\Program Files\Nokia\Nokia Ovi Suite\Maps Service API.dll
2009-12-10 16:02 - 2009-12-10 16:02 - 00934912 _____ () C:\Program Files\Nokia\Nokia Ovi Suite\curllibRD.dll
2009-12-10 16:02 - 2009-12-10 16:02 - 00734720 _____ () C:\Program Files\Nokia\Nokia Ovi Suite\ZipArchive.dll
2009-10-21 11:32 - 2009-10-21 11:32 - 00147264 _____ () C:\Program Files\Nokia\Nokia Ovi Suite\noaipcclient.dll
2009-06-09 17:17 - 2009-06-09 17:17 - 00019968 _____ () C:\Program Files\Nokia\Nokia Ovi Suite\wrtserviceipcclient.dll
2009-11-06 06:33 - 2009-11-06 06:33 - 00241456 _____ () C:\Program Files\Nokia\Nokia Ovi Suite\OviShareLib.dll
2005-07-20 11:48 - 2005-07-20 11:48 - 00059904 _____ () C:\Program Files\Nokia\Nokia Ovi Suite\zlib1.dll
2009-08-18 16:54 - 2009-08-18 16:54 - 00970752 _____ () C:\Program Files\OpenOffice.org 3\program\libxml2.dll
2010-01-31 17:58 - 2010-06-01 10:17 - 00929792 _____ () C:\Program Files\Yahoo!\Messenger\yui.dll
2009-10-21 11:24 - 2009-10-21 11:24 - 00272384 _____ () C:\Program Files\Common Files\Nokia\NoA\nokiaaserver.exe
2009-08-31 12:33 - 2009-08-31 12:33 - 00016384 _____ () C:\Program Files\Common Files\Nokia\NoA\qtsecurestorage.dll
2009-08-31 12:33 - 2009-08-31 12:33 - 00013824 _____ () C:\Program Files\Common Files\Nokia\NoA\qtsecurestorageserver.dll
2009-08-31 12:33 - 2009-08-31 12:33 - 00014336 _____ () C:\Program Files\Common Files\Nokia\NoA\cryptodll.dll
2009-08-24 12:29 - 2009-08-24 12:29 - 02013184 _____ () C:\Program Files\Common Files\Nokia\NoA\QtCore4.dll
2009-08-31 12:11 - 2009-08-31 12:11 - 00025088 _____ () C:\Program Files\Common Files\Nokia\NoA\wrtserviceipcserver.dll
2009-06-20 12:10 - 2009-06-20 12:10 - 00875520 _____ () C:\Program Files\Common Files\Nokia\NoA\QtNetwork4.dll
2009-06-20 12:09 - 2009-06-20 12:09 - 00337408 _____ () C:\Program Files\Common Files\Nokia\NoA\QtXml4.dll
2009-06-20 12:21 - 2009-06-20 12:21 - 07464448 _____ () C:\Program Files\Common Files\Nokia\NoA\QtGui4.dll
2009-07-01 16:44 - 2009-07-01 16:44 - 00632888 _____ () C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Users\Mo.T*******\Documents\Wtrlt_ Studium 2012 - Jetzt bewerben.eml:OECustomProperty

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Lavasoft Ad-Aware Service => ""="Service"

==================== Disabled items from MSCONFIG ==============

MSCONFIG\Services: RichVideo => 2
MSCONFIG\startupfolder: C:^Users^Mo.T*******^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^7hbodgmq.lnk => C:\Windows\pss\7hbodgmq.lnk.Startup
MSCONFIG\startupreg: qcgce2mrvjq91kk1e7pnbb19m52fx => C:\Users\MOA8BD~1.TCH\AppData\Local\Temp\webyeryb3460vavaw.exe

==================== Faulty Device Manager Devices =============

Name: Cisco Systems VPN Adapter
Description: Cisco Systems VPN Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: CVirtA
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: ATI Mobility Radeon HD 4300 Series
Description: ATI Mobility Radeon HD 4300 Series
Class Guid: {4d36e968-e325-11ce-bfc1-08002be10318}
Manufacturer: ATI Technologies Inc.
Service: atikmdag
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (04/18/2014 01:53:30 AM) (Source: matlabserver) (User: )
Description: matlabserver error: 0Engine wait timeout 180 reached for instance 0.

Error: (04/18/2014 01:52:28 AM) (Source: matlabserver) (User: )
Description: matlabserver error: 0EngOpen() WORKER_THREAD_PROC failed.

Error: (04/18/2014 00:51:34 AM) (Source: matlabserver) (User: )
Description: matlabserver error: 0Engine wait timeout 180 reached for instance 0.

Error: (04/18/2014 00:50:29 AM) (Source: matlabserver) (User: )
Description: matlabserver error: 0EngOpen() WORKER_THREAD_PROC failed.

Error: (04/18/2014 00:44:30 AM) (Source: matlabserver) (User: )
Description: matlabserver error: 0Engine wait timeout 180 reached for instance 0.

Error: (04/18/2014 00:43:26 AM) (Source: matlabserver) (User: )
Description: matlabserver error: 0EngOpen() WORKER_THREAD_PROC failed.

Error: (04/18/2014 00:09:24 AM) (Source: matlabserver) (User: )
Description: matlabserver error: 0Engine wait timeout 180 reached for instance 0.

Error: (04/18/2014 00:07:17 AM) (Source: matlabserver) (User: )
Description: matlabserver error: 0EngOpen() WORKER_THREAD_PROC failed.

Error: (04/17/2014 00:34:49 AM) (Source: matlabserver) (User: )
Description: matlabserver error: 0Engine wait timeout 180 reached for instance 0.

Error: (04/17/2014 00:33:46 AM) (Source: matlabserver) (User: )
Description: matlabserver error: 0EngOpen() WORKER_THREAD_PROC failed.


System errors:
=============
Error: (04/18/2014 01:53:30 AM) (Source: Service Control Manager) (User: )
Description: Dienst "MATLAB Server" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (04/18/2014 01:52:28 AM) (Source: DCOM) (User: )
Description: {72B715CE-4AD5-4561-B868-84DA80D5F31D}

Error: (04/18/2014 01:50:12 AM) (Source: atikmdag) (User: )
Description: Display is not active

Error: (04/18/2014 01:50:12 AM) (Source: atikmdag) (User: )
Description: CPLIB :: General - Invalid Parameter

Error: (04/18/2014 01:02:17 AM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.

Error: (04/18/2014 01:02:15 AM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.

Error: (04/18/2014 00:51:35 AM) (Source: Service Control Manager) (User: )
Description: Dienst "MATLAB Server" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (04/18/2014 00:50:29 AM) (Source: DCOM) (User: )
Description: {72B715CE-4AD5-4561-B868-84DA80D5F31D}

Error: (04/18/2014 00:48:13 AM) (Source: atikmdag) (User: )
Description: Display is not active

Error: (04/18/2014 00:48:13 AM) (Source: atikmdag) (User: )
Description: CPLIB :: General - Invalid Parameter


Microsoft Office Sessions:
=========================

==================== Memory info =========================== 

Percentage of memory in use: 45%
Total physical RAM: 3323.99 MB
Available physical RAM: 1814.74 MB
Total Pagefile: 6646.27 MB
Available Pagefile: 4861.5 MB
Total Virtual: 2047.88 MB
Available Virtual: 1921.86 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:149.27 GB) (Free:6.54 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:12.85 GB) (Free:2.11 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT32
Drive f: (Storage) (Fixed) (Total:135.67 GB) (Free:82.43 GB) NTFS
Drive g: (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.16 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive h: (MATHWORKS_R2010A) (CDROM) (Total:5.23 GB) (Free:0 GB) CDFS
Drive i: (MYUSB) (Removable) (Total:1.88 GB) (Free:1.86 GB) FAT

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: A6ACC5E4)

Partition: GPT Partition Type.

========================================================
Disk: 1 (Size: 2 GB) (Disk ID: 6B736964)
No partition Table on disk 1.

==================== End Of Log ============================

Danke und viele Grüße

Bootsektor · 20.04.2014, 11:41

Hallo papy,

Zitat:

G-Laufwerk? Ehrlich gesagt, ich erinnere mich nicht mehr wofür das ist! ich werde es löschen..

Hast du das nun schon gelöscht? Wenn nicht, dann lösche es bitte noch nicht.

Schritt 1
Downloade dir bitte

TDSSKiller.exe und speichere diese Datei auf dem Desktop

Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
Drücke Start Scan
Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt

Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

papy · 20.04.2014, 12:45

Hallo Sandra,

Ich habe den G-laufwerk nicht gelöscht.
Ich habe den Scan mit TDSSkiller durchgeführt und habe nichts gefunden. Anscheinend ist der PC schon sauber

hier das TDSSkiller_log:

Code:

ATTFilter

13:20:15.0509 0364  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
13:20:15.0554 0364  ============================================================
13:20:15.0554 0364  Current date / time: 2014/04/20 13:20:15.0554
13:20:15.0554 0364  SystemInfo:
13:20:15.0554 0364  
13:20:15.0554 0364  OS Version: 6.1.7601 ServicePack: 1.0
13:20:15.0554 0364  Product type: Workstation
13:20:15.0554 0364  ComputerName: MOT*******-PC
13:20:15.0555 0364  UserName: Mo.T*******
13:20:15.0555 0364  Windows directory: C:\Windows
13:20:15.0555 0364  System windows directory: C:\Windows
13:20:15.0555 0364  Processor architecture: Intel x86
13:20:15.0555 0364  Number of processors: 2
13:20:15.0555 0364  Page size: 0x1000
13:20:15.0555 0364  Boot type: Normal boot
13:20:15.0555 0364  ============================================================
13:20:17.0705 0364  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
13:20:17.0705 0364  ============================================================
13:20:17.0705 0364  \Device\Harddisk0\DR0:
13:20:17.0705 0364  MBR partitions:
13:20:17.0705 0364  Initialize success
13:20:17.0705 0364  ============================================================
13:20:51.0935 2284  ============================================================
13:20:51.0935 2284  Scan started
13:20:51.0935 2284  Mode: Manual; SigCheck; TDLFS; 
13:20:51.0935 2284  ============================================================
13:20:52.0877 2284  ================ Scan system memory ========================
13:20:52.0877 2284  System memory - ok
13:20:52.0887 2284  ================ Scan services =============================
13:20:52.0947 2284  1394ohci - ok
13:20:52.0972 2284  Accelerometer - ok
13:20:53.0019 2284  ACPI - ok
13:20:53.0039 2284  AcpiPmi - ok
13:20:53.0099 2284  AdobeFlashPlayerUpdateSvc - ok
13:20:53.0109 2284  adp94xx - ok
13:20:53.0119 2284  adpahci - ok
13:20:53.0139 2284  adpu320 - ok
13:20:53.0149 2284  AeLookupSvc - ok
13:20:53.0181 2284  AFD - ok
13:20:53.0193 2284  agp440 - ok
13:20:53.0212 2284  aic78xx - ok
13:20:53.0229 2284  ALG - ok
13:20:53.0242 2284  aliide - ok
13:20:53.0261 2284  AMD External Events Utility - ok
13:20:53.0281 2284  amdagp - ok
13:20:53.0291 2284  amdide - ok
13:20:53.0310 2284  AmdK8 - ok
13:20:53.0323 2284  AmdPPM - ok
13:20:53.0336 2284  amdsata - ok
13:20:53.0350 2284  amdsbs - ok
13:20:53.0363 2284  amdxata - ok
13:20:53.0381 2284  AntiVirSchedulerService - ok
13:20:53.0395 2284  AntiVirService - ok
13:20:53.0410 2284  AntiVirWebService - ok
13:20:53.0424 2284  APNMCP - ok
13:20:53.0439 2284  AppID - ok
13:20:53.0453 2284  AppIDSvc - ok
13:20:53.0471 2284  Appinfo - ok
13:20:53.0486 2284  AppMgmt - ok
13:20:53.0500 2284  arc - ok
13:20:53.0512 2284  arcsas - ok
13:20:53.0573 2284  aspnet_state - ok
13:20:53.0593 2284  AsyncMac - ok
13:20:53.0603 2284  atapi - ok
13:20:53.0613 2284  athr - ok
13:20:53.0639 2284  atikmdag - ok
13:20:53.0653 2284  AudioEndpointBuilder - ok
13:20:53.0665 2284  Audiosrv - ok
13:20:53.0680 2284  avgntflt - ok
13:20:53.0695 2284  avipbb - ok
13:20:53.0715 2284  avkmgr - ok
13:20:53.0735 2284  AxInstSV - ok
13:20:53.0745 2284  b06bdrv - ok
13:20:53.0769 2284  b57nd60x - ok
13:20:53.0788 2284  BDESVC - ok
13:20:53.0802 2284  Beep - ok
13:20:53.0815 2284  BFE - ok
13:20:53.0829 2284  BITS - ok
13:20:53.0842 2284  blbdrive - ok
13:20:53.0861 2284  bowser - ok
13:20:53.0874 2284  BrFiltLo - ok
13:20:53.0886 2284  BrFiltUp - ok
13:20:53.0900 2284  Browser - ok
13:20:53.0913 2284  Brserid - ok
13:20:53.0931 2284  BrSerWdm - ok
13:20:53.0944 2284  BrUsbMdm - ok
13:20:53.0956 2284  BrUsbSer - ok
13:20:53.0997 2284  BthEnum - ok
13:20:54.0007 2284  BTHMODEM - ok
13:20:54.0017 2284  BthPan - ok
13:20:54.0037 2284  BTHPORT - ok
13:20:54.0047 2284  bthserv - ok
13:20:54.0057 2284  BTHUSB - ok
13:20:54.0097 2284  cdfs - ok
13:20:54.0109 2284  cdrom - ok
13:20:54.0119 2284  CertPropSvc - ok
13:20:54.0129 2284  circlass - ok
13:20:54.0149 2284  CLFS - ok
13:20:54.0164 2284  clr_optimization_v2.0.50727_32 - ok
13:20:54.0187 2284  clr_optimization_v4.0.30319_32 - ok
13:20:54.0200 2284  CmBatt - ok
13:20:54.0213 2284  cmdide - ok
13:20:54.0231 2284  CNG - ok
13:20:54.0244 2284  Compbatt - ok
13:20:54.0258 2284  CompositeBus - ok
13:20:54.0273 2284  COMSysApp - ok
13:20:54.0285 2284  crcdisk - ok
13:20:54.0307 2284  CryptSvc - ok
13:20:54.0319 2284  CSC - ok
13:20:54.0327 2284  CscService - ok
13:20:54.0345 2284  CVirtA - ok
13:20:54.0360 2284  CVPND - ok
13:20:54.0372 2284  CVPNDRVA - ok
13:20:54.0393 2284  DCamUSBNovatek - ok
13:20:54.0413 2284  DcomLaunch - ok
13:20:54.0425 2284  defragsvc - ok
13:20:54.0442 2284  DfsC - ok
13:20:54.0456 2284  Dhcp - ok
13:20:54.0474 2284  discache - ok
13:20:54.0496 2284  Disk - ok
13:20:54.0510 2284  DNE - ok
13:20:54.0526 2284  Dnscache - ok
13:20:54.0540 2284  dot3svc - ok
13:20:54.0552 2284  DPS - ok
13:20:54.0599 2284  drmkaud - ok
13:20:54.0609 2284  dsNcAdpt - ok
13:20:54.0629 2284  dsNcService - ok
13:20:54.0649 2284  dtsoftbus01 - ok
13:20:54.0659 2284  DXGKrnl - ok
13:20:54.0679 2284  EapHost - ok
13:20:54.0698 2284  ebdrv - ok
13:20:54.0711 2284  EFS - ok
13:20:54.0724 2284  ehRecvr - ok
13:20:54.0739 2284  ehSched - ok
13:20:54.0753 2284  elxstor - ok
13:20:54.0767 2284  ErrDev - ok
13:20:54.0798 2284  EventSystem - ok
13:20:54.0801 2284  ewusbnet - ok
13:20:54.0811 2284  exfat - ok
13:20:54.0821 2284  fastfat - ok
13:20:54.0831 2284  Fax - ok
13:20:54.0844 2284  fdc - ok
13:20:54.0853 2284  fdPHost - ok
13:20:54.0863 2284  FDResPub - ok
13:20:54.0872 2284  FileInfo - ok
13:20:54.0882 2284  Filetrace - ok
13:20:54.0892 2284  flpydisk - ok
13:20:54.0903 2284  FltMgr - ok
13:20:54.0913 2284  FontCache - ok
13:20:54.0922 2284  FontCache3.0.0.0 - ok
13:20:54.0952 2284  FsDepends - ok
13:20:54.0958 2284  Fs_Rec - ok
13:20:54.0996 2284  fvevol - ok
13:20:55.0023 2284  gagp30kx - ok
13:20:55.0064 2284  Garmin Core Update Service - ok
13:20:55.0077 2284  gpsvc - ok
13:20:55.0091 2284  grmnusb - ok
13:20:55.0113 2284  gupdate - ok
13:20:55.0133 2284  gupdatem - ok
13:20:55.0143 2284  hcw85cir - ok
13:20:55.0177 2284  HdAudAddService - ok
13:20:55.0194 2284  HDAudBus - ok
13:20:55.0205 2284  HidBatt - ok
13:20:55.0215 2284  HidBth - ok
13:20:55.0238 2284  HidIr - ok
13:20:55.0252 2284  hidserv - ok
13:20:55.0270 2284  HidUsb - ok
13:20:55.0284 2284  hkmsvc - ok
13:20:55.0297 2284  HomeGroupListener - ok
13:20:55.0310 2284  HomeGroupProvider - ok
13:20:55.0335 2284  HP Health Check Service - ok
13:20:55.0347 2284  hpdskflt - ok
13:20:55.0357 2284  hpqwmiex - ok
13:20:55.0367 2284  HpSAMD - ok
13:20:55.0387 2284  hpsrv - ok
13:20:55.0406 2284  HTTP - ok
13:20:55.0419 2284  hwdatacard - ok
13:20:55.0439 2284  hwpolicy - ok
13:20:55.0460 2284  hwusbdev - ok
13:20:55.0485 2284  i8042prt - ok
13:20:55.0498 2284  iaStorV - ok
13:20:55.0513 2284  idsvc - ok
13:20:55.0591 2284  IEEtwCollectorService - ok
13:20:55.0601 2284  iirsp - ok
13:20:55.0621 2284  IKEEXT - ok
13:20:55.0641 2284  intelide - ok
13:20:55.0657 2284  intelppm - ok
13:20:55.0663 2284  IPBusEnum - ok
13:20:55.0683 2284  IpFilterDriver - ok
13:20:55.0693 2284  iphlpsvc - ok
13:20:55.0708 2284  IPMIDRV - ok
13:20:55.0722 2284  IPNAT - ok
13:20:55.0741 2284  IRENUM - ok
13:20:55.0754 2284  isapnp - ok
13:20:55.0768 2284  iScsiPrt - ok
13:20:55.0780 2284  jnprna - ok
13:20:55.0794 2284  jnprva - ok
13:20:55.0808 2284  JnprVaMgr - ok
13:20:55.0822 2284  JTAGServer - ok
13:20:55.0845 2284  JuniperAccessService - ok
13:20:55.0855 2284  kbdclass - ok
13:20:55.0875 2284  kbdhid - ok
13:20:55.0885 2284  KeyIso - ok
13:20:55.0895 2284  KSecDD - ok
13:20:55.0917 2284  KSecPkg - ok
13:20:55.0929 2284  KtmRm - ok
13:20:55.0943 2284  LanmanServer - ok
13:20:55.0957 2284  LanmanWorkstation - ok
13:20:55.0987 2284  Lavasoft Ad-Aware Service - ok
13:20:56.0017 2284  Lavasoft Kernexplorer - ok
13:20:56.0037 2284  LightScribeService - ok
13:20:56.0057 2284  lltdio - ok
13:20:56.0067 2284  lltdsvc - ok
13:20:56.0077 2284  lmhosts - ok
13:20:56.0104 2284  LSI_FC - ok
13:20:56.0118 2284  LSI_SAS - ok
13:20:56.0132 2284  LSI_SAS2 - ok
13:20:56.0141 2284  LSI_SCSI - ok
13:20:56.0152 2284  luafv - ok
13:20:56.0165 2284  matlabserver - ok
13:20:56.0178 2284  Mcx2Svc - ok
13:20:56.0189 2284  megasas - ok
13:20:56.0201 2284  MegaSR - ok
13:20:56.0214 2284  Microsoft Office Groove Audit Service - ok
13:20:56.0225 2284  MMCSS - ok
13:20:56.0233 2284  Modem - ok
13:20:56.0245 2284  monitor - ok
13:20:56.0257 2284  mouclass - ok
13:20:56.0269 2284  mouhid - ok
13:20:56.0281 2284  mountmgr - ok
13:20:56.0309 2284  MozillaMaintenance - ok
13:20:56.0319 2284  mpio - ok
13:20:56.0329 2284  mpsdrv - ok
13:20:56.0339 2284  MpsSvc - ok
13:20:56.0360 2284  MRxDAV - ok
13:20:56.0377 2284  mrxsmb - ok
13:20:56.0389 2284  mrxsmb10 - ok
13:20:56.0403 2284  mrxsmb20 - ok
13:20:56.0417 2284  msahci - ok
13:20:56.0430 2284  msdsm - ok
13:20:56.0443 2284  MSDTC - ok
13:20:56.0469 2284  Msfs - ok
13:20:56.0488 2284  mshidkmdf - ok
13:20:56.0501 2284  msisadrv - ok
13:20:56.0514 2284  MSiSCSI - ok
13:20:56.0524 2284  msiserver - ok
13:20:56.0581 2284  MSKSSRV - ok
13:20:56.0591 2284  MSPCLOCK - ok
13:20:56.0601 2284  MSPQM - ok
13:20:56.0622 2284  MsRPC - ok
13:20:56.0644 2284  mssmbios - ok
13:20:56.0658 2284  MSTEE - ok
13:20:56.0671 2284  MTConfig - ok
13:20:56.0684 2284  Mup - ok
13:20:56.0696 2284  napagent - ok
13:20:56.0711 2284  NativeWifiP - ok
13:20:56.0723 2284  NDIS - ok
13:20:56.0742 2284  NdisCap - ok
13:20:56.0757 2284  NdisTapi - ok
13:20:56.0768 2284  Ndisuio - ok
13:20:56.0778 2284  NdisWan - ok
13:20:56.0796 2284  NDProxy - ok
13:20:56.0805 2284  NetBIOS - ok
13:20:56.0822 2284  NetBT - ok
13:20:56.0834 2284  Netlogon - ok
13:20:56.0863 2284  Netman - ok
13:20:56.0883 2284  NetMsmqActivator - ok
13:20:56.0903 2284  NetPipeActivator - ok
13:20:56.0913 2284  netprofm - ok
13:20:56.0923 2284  NetTcpActivator - ok
13:20:56.0933 2284  NetTcpPortSharing - ok
13:20:56.0953 2284  nfrd960 - ok
13:20:57.0003 2284  NlaSvc - ok
13:20:57.0013 2284  nmwcd - ok
13:20:57.0043 2284  nmwcdc - ok
13:20:57.0053 2284  NPF - ok
13:20:57.0074 2284  Npfs - ok
13:20:57.0088 2284  nsi - ok
13:20:57.0101 2284  nsiproxy - ok
13:20:57.0121 2284  Ntfs - ok
13:20:57.0126 2284  Null - ok
13:20:57.0171 2284  nvraid - ok
13:20:57.0176 2284  nvstor - ok
13:20:57.0196 2284  nv_agp - ok
13:20:57.0196 2284  odserv - ok
13:20:57.0219 2284  ohci1394 - ok
13:20:57.0237 2284  ose - ok
13:20:57.0271 2284  p2pimsvc - ok
13:20:57.0284 2284  p2psvc - ok
13:20:57.0297 2284  Parport - ok
13:20:57.0311 2284  partmgr - ok
13:20:57.0325 2284  Parvdm - ok
13:20:57.0338 2284  PcaSvc - ok
13:20:57.0357 2284  pccsmcfd - ok
13:20:57.0371 2284  pci - ok
13:20:57.0385 2284  pciide - ok
13:20:57.0399 2284  pcmcia - ok
13:20:57.0412 2284  pcw - ok
13:20:57.0426 2284  PEAUTH - ok
13:20:57.0440 2284  PeerDistSvc - ok
13:20:57.0481 2284  pla - ok
13:20:57.0500 2284  PlugPlay - ok
13:20:57.0514 2284  PNRPAutoReg - ok
13:20:57.0525 2284  PNRPsvc - ok
13:20:57.0543 2284  PolicyAgent - ok
13:20:57.0563 2284  Power - ok
13:20:57.0577 2284  PptpMiniport - ok
13:20:57.0590 2284  Processor - ok
13:20:57.0605 2284  ProfSvc - ok
13:20:57.0619 2284  ProtectedStorage - ok
13:20:57.0648 2284  Psched - ok
13:20:57.0658 2284  ql2300 - ok
13:20:57.0668 2284  ql40xx - ok
13:20:57.0678 2284  QWAVE - ok
13:20:57.0702 2284  QWAVEdrv - ok
13:20:57.0716 2284  RasAcd - ok
13:20:57.0725 2284  RasAgileVpn - ok
13:20:57.0744 2284  RasAuto - ok
13:20:57.0762 2284  Rasl2tp - ok
13:20:57.0790 2284  RasMan - ok
13:20:57.0800 2284  RasPppoe - ok
13:20:57.0810 2284  RasSstp - ok
13:20:57.0831 2284  rdbss - ok
13:20:57.0845 2284  rdpbus - ok
13:20:57.0859 2284  RDPCDD - ok
13:20:57.0879 2284  RDPDR - ok
13:20:57.0892 2284  RDPENCDD - ok
13:20:57.0912 2284  RDPREFMP - ok
13:20:57.0922 2284  RDPWD - ok
13:20:57.0943 2284  rdyboost - ok
13:20:57.0957 2284  RemoteAccess - ok
13:20:57.0971 2284  RemoteRegistry - ok
13:20:57.0992 2284  RFCOMM - ok
13:20:58.0014 2284  RichVideo - ok
13:20:58.0024 2284  ROOTMODEM - ok
13:20:58.0055 2284  rpcapd - ok
13:20:58.0070 2284  RpcEptMapper - ok
13:20:58.0084 2284  RpcLocator - ok
13:20:58.0096 2284  RpcSs - ok
13:20:58.0125 2284  rspndr - ok
13:20:58.0136 2284  RTL8167 - ok
13:20:58.0146 2284  s3cap - ok
13:20:58.0166 2284  SamSs - ok
13:20:58.0182 2284  sbp2port - ok
13:20:58.0197 2284  SCardSvr - ok
13:20:58.0210 2284  scfilter - ok
13:20:58.0224 2284  Schedule - ok
13:20:58.0238 2284  SCPolicySvc - ok
13:20:58.0253 2284  SDRSVC - ok
13:20:58.0265 2284  secdrv - ok
13:20:58.0278 2284  seclogon - ok
13:20:58.0291 2284  SENS - ok
13:20:58.0312 2284  SensrSvc - ok
13:20:58.0318 2284  Sentinel - ok
13:20:58.0328 2284  Serenum - ok
13:20:58.0338 2284  Serial - ok
13:20:58.0359 2284  sermouse - ok
13:20:58.0372 2284  ServiceLayer - ok
13:20:58.0404 2284  SessionEnv - ok
13:20:58.0416 2284  sffdisk - ok
13:20:58.0429 2284  sffp_mmc - ok
13:20:58.0441 2284  sffp_sd - ok
13:20:58.0452 2284  sfloppy - ok
13:20:58.0465 2284  SharedAccess - ok
13:20:58.0478 2284  ShellHWDetection - ok
13:20:58.0489 2284  sisagp - ok
13:20:58.0504 2284  SiSRaid2 - ok
13:20:58.0518 2284  SiSRaid4 - ok
13:20:58.0570 2284  Skype C2C Service - ok
13:20:58.0600 2284  SkypeUpdate - ok
13:20:58.0610 2284  Smb - ok
13:20:58.0640 2284  SNMPTRAP - ok
13:20:58.0656 2284  Sntnlusb - ok
13:20:58.0667 2284  spldr - ok
13:20:58.0687 2284  Spooler - ok
13:20:58.0698 2284  sppsvc - ok
13:20:58.0711 2284  sppuinotify - ok
13:20:58.0725 2284  srv - ok
13:20:58.0732 2284  srv2 - ok
13:20:58.0745 2284  srvnet - ok
13:20:58.0757 2284  SSDPSRV - ok
13:20:58.0771 2284  ssmdrv - ok
13:20:58.0784 2284  SstpSvc - ok
13:20:58.0798 2284  StarOpen - ok
13:20:58.0810 2284  stexstor - ok
13:20:58.0823 2284  StiSvc - ok
13:20:58.0836 2284  storflt - ok
13:20:58.0847 2284  StorSvc - ok
13:20:58.0860 2284  storvsc - ok
13:20:58.0870 2284  swenum - ok
13:20:58.0881 2284  swprv - ok
13:20:58.0895 2284  SysMain - ok
13:20:58.0908 2284  TabletInputService - ok
13:20:58.0919 2284  TapiSrv - ok
13:20:58.0932 2284  TBS - ok
13:20:58.0945 2284  Tcpip - ok
13:20:58.0958 2284  TCPIP6 - ok
13:20:58.0977 2284  tcpipreg - ok
13:20:59.0011 2284  TDPIPE - ok
13:20:59.0023 2284  TDTCP - ok
13:20:59.0036 2284  tdx - ok
13:20:59.0066 2284  TeamViewer8 - ok
13:20:59.0079 2284  TermDD - ok
13:20:59.0093 2284  TermService - ok
13:20:59.0108 2284  Themes - ok
13:20:59.0122 2284  THREADORDER - ok
13:20:59.0148 2284  TOSHIBA Bluetooth Service - ok
13:20:59.0163 2284  tosporte - ok
13:20:59.0178 2284  tosrfbd - ok
13:20:59.0193 2284  tosrfbnp - ok
13:20:59.0207 2284  Tosrfcom - ok
13:20:59.0222 2284  Tosrfhid - ok
13:20:59.0241 2284  tosrfnds - ok
13:20:59.0255 2284  TosRfSnd - ok
13:20:59.0265 2284  Tosrfusb - ok
13:20:59.0275 2284  TrkWks - ok
13:20:59.0285 2284  TrustedInstaller - ok
13:20:59.0299 2284  tssecsrv - ok
13:20:59.0309 2284  TsUsbFlt - ok
13:20:59.0325 2284  tunnel - ok
13:20:59.0342 2284  uagp35 - ok
13:20:59.0355 2284  udfs - ok
13:20:59.0384 2284  UI0Detect - ok
13:20:59.0399 2284  uliagpkx - ok
13:20:59.0413 2284  umbus - ok
13:20:59.0427 2284  UmPass - ok
13:20:59.0441 2284  UmRdpService - ok
13:20:59.0455 2284  upnphost - ok
13:20:59.0481 2284  upperdev - ok
13:20:59.0492 2284  usbccgp - ok
13:20:59.0502 2284  usbcir - ok
13:20:59.0524 2284  usbehci - ok
13:20:59.0541 2284  usbhub - ok
13:20:59.0554 2284  usbohci - ok
13:20:59.0569 2284  usbprint - ok
13:20:59.0583 2284  usbscan - ok
13:20:59.0608 2284  usbser - ok
13:20:59.0618 2284  UsbserFilt - ok
13:20:59.0628 2284  USBSTOR - ok
13:20:59.0639 2284  usbuhci - ok
13:20:59.0648 2284  usbvideo - ok
13:20:59.0658 2284  UxSms - ok
13:20:59.0668 2284  VaultSvc - ok
13:20:59.0678 2284  vdrvroot - ok
13:20:59.0687 2284  vds - ok
13:20:59.0696 2284  vga - ok
13:20:59.0706 2284  VgaSave - ok
13:20:59.0716 2284  vhdmp - ok
13:20:59.0746 2284  viaagp - ok
13:20:59.0766 2284  ViaC7 - ok
13:20:59.0774 2284  viaide - ok
13:20:59.0785 2284  vmbus - ok
13:20:59.0796 2284  VMBusHID - ok
13:20:59.0805 2284  volmgr - ok
13:20:59.0815 2284  volmgrx - ok
13:20:59.0825 2284  volsnap - ok
13:20:59.0851 2284  vsmraid - ok
13:20:59.0852 2284  VSS - ok
13:20:59.0872 2284  vwifibus - ok
13:20:59.0882 2284  vwififlt - ok
13:20:59.0904 2284  vwifimp - ok
13:20:59.0919 2284  W32Time - ok
13:20:59.0940 2284  WacomPen - ok
13:20:59.0955 2284  WANARP - ok
13:20:59.0969 2284  Wanarpv6 - ok
13:20:59.0985 2284  WatAdminSvc - ok
13:20:59.0998 2284  wbengine - ok
13:21:00.0012 2284  WbioSrvc - ok
13:21:00.0027 2284  wcncsvc - ok
13:21:00.0047 2284  WcsPlugInService - ok
13:21:00.0062 2284  Wd - ok
13:21:00.0077 2284  Wdf01000 - ok
13:21:00.0091 2284  WdiServiceHost - ok
13:21:00.0103 2284  WdiSystemHost - ok
13:21:00.0118 2284  WebClient - ok
13:21:00.0131 2284  Wecsvc - ok
13:21:00.0146 2284  wercplsupport - ok
13:21:00.0163 2284  WerSvc - ok
13:21:00.0185 2284  WfpLwf - ok
13:21:00.0200 2284  WIMMount - ok
13:21:00.0213 2284  WinDefend - ok
13:21:00.0264 2284  WinDriver6 - ok
13:21:00.0284 2284  WinHttpAutoProxySvc - ok
13:21:00.0304 2284  Winmgmt - ok
13:21:00.0314 2284  WinRM - ok
13:21:00.0349 2284  WinUsb - ok
13:21:00.0363 2284  Wlansvc - ok
13:21:00.0377 2284  WmiAcpi - ok
13:21:00.0399 2284  wmiApSrv - ok
13:21:00.0414 2284  WMPNetworkSvc - ok
13:21:00.0428 2284  WPCSvc - ok
13:21:00.0441 2284  WPDBusEnum - ok
13:21:00.0455 2284  ws2ifsl - ok
13:21:00.0470 2284  wscsvc - ok
13:21:00.0484 2284  WSearch - ok
13:21:00.0506 2284  wuauserv - ok
13:21:00.0521 2284  WudfPf - ok
13:21:00.0586 2284  WUDFRd - ok
13:21:00.0616 2284  wudfsvc - ok
13:21:00.0636 2284  WwanSvc - ok
13:21:00.0668 2284  XilinxFirmwareEmbeddedLpLoader - ok
13:21:00.0684 2284  XilinxPC4Driver - ok
13:21:00.0713 2284  YahooAUService - ok
13:21:00.0738 2284  zntport - ok
13:21:00.0871 2284  ================ Scan global ===============================
13:21:00.0879 2284  [Global] - ok
13:21:00.0880 2284  ================ Scan MBR ==================================
13:21:00.0900 2284  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
13:21:01.0482 2284  \Device\Harddisk0\DR0 - ok
13:21:01.0482 2284  ================ Scan VBR ==================================
13:21:01.0482 2284  ============================================================
13:21:01.0482 2284  Scan finished
13:21:01.0482 2284  ============================================================
13:21:01.0502 5608  Detected object count: 0
13:21:01.0502 5608  Actual detected object count: 0

Grüße

Bootsektor · 20.04.2014, 22:12

Hallo papy,

Zitat:

Anscheinend ist der PC schon sauber

Ja, das sieht so aus.

Dann machen wir jetzt die Kontrollscans.

Den Proxyserver hast du gesetzt?

Zitat:

ProxyServer: :0

Schritt 1
Bitte deinstalliere folgende Programme (falls vorhanden) :
RadioBar Toolbar
Dazu gehe auf:
den Windowsbutton in der Taskleiste --> Systemsteuerung --> Programme (Unterpunkt Programme deinstallieren) --> Programm auswählen --> entfernen

Schritt 2

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

SearchScopes: HKLM - DefaultScope value is missing.
C:\Program Files\Searchqu Toolbar

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Schritt 3
Downloade Dir bitte Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad.
Windows Vista und höher: mit Rechtsklick "als Administrator starten"
Starte Malwarebytes' Anti-Malware (MBAM).
Sollte die Benutzeroberfläche noch in Englisch sein, klicke auf Settings und wähle bei Language German aus.
Klicke auf Armaturenbrett und auf Jetzt aktualisieren, um die Datenbank zu updaten.
Klicke im Anschluss auf Suchlauf, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf jetzt starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Aktionen anwenden.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Suchlauf-Protokoll aus und klicke auf Ansicht. Wähle Exportieren auf Textdatei (.txt) und speichere die Datei als mbam.txt auf dem Desktop ab.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Schritt 4
Da der Scan mit Eset sehr gründlich ist, kann er unter Umständen mehrere Stunden dauern

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Schritt 5
Starte noch einmal FRST.

Ändere keine der Voreinstellungen und drücke auf Scan.
Wenn der Scan abgeschlossen ist, wird ein neues Logfile FRST.txt erstellt und auf dem Desktop gespeichert.
Poste den Inhalt dieses Logfiles bitte hier in deinen Thread.

papy · 26.04.2014, 18:12

Hallo Sandra,

ich habe Schritt 1 bis Schritt 3 problemlos durchgeführt. Die Logfiles findest du unten.

Schritt 4:
Es ist nicht bis zum Ende gelaufen. da der Scan zu lange gedauert hat, ist mein Laptop immer in Sparmodus gegangen, danach ausgeschaltet und somit hat er den Scan gestoppt... Ich habe mehrmals versucht...ich konnte maximal 12% scannen und er hat dabei 2 Trojaner gefunden. Logfile findest du auch unten.

Schritt 2: Fixlog

Code:

ATTFilter

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 14-04-2014
Ran by Mo.T******* at 2014-04-21 12:48:29 Run:3
Running from C:\Users\Mo.T*******\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
SearchScopes: HKLM - DefaultScope value is missing.
C:\Program Files\Searchqu Toolbar

*****************

HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
"C:\Program Files\Searchqu Toolbar" => File/Directory not found.

==== End of Fixlog ====

Schritt 3: mbamlog

Code:

ATTFilter

 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 21.04.2014
Suchlauf-Zeit: 21:24:47
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.1.1004
Malware Datenbank: v2014.04.21.04
Rootkit Datenbank: v2014.03.27.01
Lizenz: Testversion
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Chameleon: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x86
Dateisystem: NTFS
Benutzer: Mo.T*******

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 271642
Verstrichene Zeit: 6 Std, 39 Min, 0 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Shuriken: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 4
PUP.Optional.SearchQu, HKU\S-1-5-21-2441125889-3839948254-335534644-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{99079A25-328F-4BD4-BE04-00955ACAA0A7}, In Quarantäne, [807814187a01cd69c2651cfeb54d25db], 
PUP.Optional.Bandoo.A, HKU\S-1-5-21-2441125889-3839948254-335534644-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{9D717F81-9148-4F12-8568-69135F087DB0}, In Quarantäne, [c830f23accaf5cdaa149aca037cbd927], 
PUP.Optional.DataMngr.A, HKU\S-1-5-21-2441125889-3839948254-335534644-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\DataMngr, In Quarantäne, [995f16168bf0ad89b74be5b1e91a4eb2], 
PUP.Optional.DataMngr.A, HKU\S-1-5-21-2441125889-3839948254-335534644-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\DataMngr_Toolbar, In Quarantäne, [01f750dc710a3afcf50c128439cafb05], 

Registrierungswerte: 0
(No malicious items detected)

Registrierungsdaten: 0
(No malicious items detected)

Ordner: 0
(No malicious items detected)

Dateien: 4
PUP.Optional.JumpyApps, C:\Users\Gast\AppData\Local\Temp\JeajkaBm.exe.part, In Quarantäne, [896fd25a3f3cf541a070417be41f6799], 
Trojan.Agent.TPL, C:\ProgramData\2433f433, In Quarantäne, [3bbd47e5f6859d991397a7e2aa59fd03], 
Trojan.Agent.TPL, C:\Users\Mo.T*******\AppData\Roaming\2433f433, In Quarantäne, [797fc765dd9ec86ef1b91277847f5ea2], 
Trojan.Agent.TPL, C:\Users\Mo.T*******\AppData\Local\2433f433, In Quarantäne, [d82065c782f9be78208b4e3b4eb548b8], 

Physische Sektoren: 0
(No malicious items detected)


(end)

Schritt 5: FRSTlog

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 26-04-2014 03
Ran by Mo.T******* (administrator) on MOT*******-PC on 26-04-2014 18:14:49
Running from C:\Users\Mo.T*******\Desktop
Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Hewlett-Packard) C:\Windows\system32\Hpservice.exe
(Lavasoft) C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(APN LLC.) C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe
(Cisco Systems, Inc.) C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
(Juniper Networks) C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
(Garmin Ltd or its subsidiaries) C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
() c:\altera\91\quartus\bin\jtagserver.exe
(Juniper Networks) C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
(Yahoo! Inc.) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Microsoft Corporation) C:\Windows\system32\wbem\unsecapp.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbam.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
(Nokia) C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(shbox.de) C:\Program Files\FreePDF_XP\fpassist.exe
(Yahoo! Inc) C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
(Juniper Networks) C:\Program Files\Common Files\Juniper Networks\JamUI\Pulse.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(APN) C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
(Microsoft Corporation) C:\Program Files\Windows Live\Messenger\msnmsgr.exe
(Nokia) C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Garmin Ltd or its subsidiaries) C:\Program Files\Garmin\Express Tray\ExpressTray.exe
(TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
(THe UDS) C:\Program Files\InstantTimeZone\InstantTimeZone.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.exe
(THe UDS) C:\Program Files\InstantTimeZone\InstantTimeZone.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.bin
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
() C:\Program Files\Common Files\Nokia\NoA\nokiaaserver.exe
(Yahoo! Inc.) C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
(Nokia) C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
(Lavasoft) C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
(TOSHIBA CORPORATION) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
(TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
(TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
() C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
(TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
(Microsoft Corporation) C:\Windows\system32\wuauclt.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
(Nokia) C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
(Nokia) C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
(Nokia) C:\Program Files\PC Connectivity Solution\Transports\NclToBTSrv.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [NeroCheck] => C:\Windows\system32\NeroCheck.exe [155648 2003-07-13] (Ahead Software Gmbh)
HKLM\...\Run: [WirelessAssistant] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [498744 2009-07-23] (Hewlett-Packard)
HKLM\...\Run: [NokiaMServer] => C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup
HKLM\...\Run: [NokiaMusic FastStart] => C:\Program Files\Nokia\Ovi Player\NokiaOviPlayer.exe [2090272 2009-11-06] (Nokia)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [FreePDF Assistant] => C:\Program Files\FreePDF_XP\fpassist.exe [385024 2009-09-05] (shbox.de)
HKLM\...\Run: [YSearchProtection] => C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe [111856 2009-02-23] (Yahoo! Inc)
HKLM\...\Run: [Pulse] => C:\Program Files\Common Files\Juniper Networks\JamUI\Pulse.exe [1698672 2010-10-23] (Juniper Networks)
HKLM\...\Run: [ITSecMng] => C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe [83336 2009-07-22] (TOSHIBA CORPORATION)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-20] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [ApnTBMon] => C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1558480 2013-07-26] (APN)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
HKU\S-1-5-21-2441125889-3839948254-335534644-1000\...\Run: [LightScribe Control Panel] => C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2009-06-17] (Hewlett-Packard Company)
HKU\S-1-5-21-2441125889-3839948254-335534644-1000\...\Run: [msnmsgr] => C:\Program Files\Windows Live\Messenger\msnmsgr.exe [3883840 2009-07-26] (Microsoft Corporation)
HKU\S-1-5-21-2441125889-3839948254-335534644-1000\...\Run: [] => [X]
HKU\S-1-5-21-2441125889-3839948254-335534644-1000\...\Run: [NokiaOviSuite2] => C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe [401728 2009-12-10] (Nokia)
HKU\S-1-5-21-2441125889-3839948254-335534644-1000\...\Run: [Messenger (Yahoo!)] => C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [5252408 2010-06-01] (Yahoo! Inc.)
HKU\S-1-5-21-2441125889-3839948254-335534644-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [354304 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-2441125889-3839948254-335534644-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files\DAEMON Tools Lite\DTLite.exe [3672384 2012-04-11] (DT Soft Ltd)
HKU\S-1-5-21-2441125889-3839948254-335534644-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)
HKU\S-1-5-21-2441125889-3839948254-335534644-1000\...\Run: [GarminExpressTrayApp] => C:\Program Files\Garmin\Express Tray\ExpressTray.exe [1093464 2013-08-28] (Garmin Ltd or its subsidiaries)
HKU\S-1-5-21-2441125889-3839948254-335534644-1000\...\MountPoints2: H - H:\AutoRun.exe
HKU\S-1-5-21-2441125889-3839948254-335534644-1000\...\MountPoints2: I - I:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-2441125889-3839948254-335534644-1000\...\MountPoints2: {0df93878-198b-11e0-a313-91265f448b94} - H:\AutoRun.exe
HKU\S-1-5-21-2441125889-3839948254-335534644-1000\...\MountPoints2: {0df93886-198b-11e0-a313-967bdee9a9b0} - I:\AutoRun.exe
HKU\S-1-5-21-2441125889-3839948254-335534644-1000\...\MountPoints2: {1dfb02a9-a128-11e3-9981-d65de5f1a59d} - I:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-2441125889-3839948254-335534644-1000\...\MountPoints2: {7e07d585-9160-11e1-8b45-f20c468c9ea1} - H:\setup.exe
HKU\S-1-5-21-2441125889-3839948254-335534644-1000\...\MountPoints2: {cd1a3888-3ac9-11e0-93cb-8b8d165d4ff3} - H:\AutoRun.exe
HKU\S-1-5-21-2441125889-3839948254-335534644-1000\...\MountPoints2: {dc1bfdf4-274a-11e0-899c-e85aa09ff09b} - H:\AutoRun.exe
HKU\S-1-5-21-2441125889-3839948254-335534644-1000\...\MountPoints2: {f6f4b7f7-2a53-11e0-85d0-d5f49d1021be} - I:\AutoRun.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth Manager.lnk
ShortcutTarget: Bluetooth Manager.lnk -> C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\InstantTimeZone.lnk
ShortcutTarget: InstantTimeZone.lnk -> C:\Program Files\InstantTimeZone\InstantTimeZone.exe (THe UDS)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\VPN Client.lnk
ShortcutTarget: VPN Client.lnk -> C:\Windows\Installer\{51FB15F4-AD27-43BC-AD4B-DD0354FB6BBD}\Icon3E5562ED7.ico ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Steuer-Sparbuch heute.lnk
ShortcutTarget: WISO Mein Steuer-Sparbuch heute.lnk -> C:\Program Files\WISO\Steuersoftware 2013\mshaktuell.exe ()
Startup: C:\Users\Mo.T*******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Mo.T*******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk
ShortcutTarget: OpenOffice.org 3.1.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()

==================== Internet (Whitelisted) ====================

ProxyServer: :0
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xC00CCB7E1EB4CA01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
URLSearchHook: HKCU - YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll (Yahoo! Inc.)
SearchScopes: HKCU - {15260EDB-65F3-41D3-9CA4-500D6C319CF3} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2625848
SearchScopes: HKCU - {5B291E6C-9A74-4034-971B-A4B007A0B315} URL = hxxp://radiobar.toolbarhome.com/search.aspx?q={searchTerms}&srch=dsp
SearchScopes: HKCU - {61DA61FF-CDAE-4D29-A3DD-CCA4690DB68E} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=302398&p={searchTerms}
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
BHO: Avira SearchFree Toolbar plus Web Protection - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: No Name - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -  No File
BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
Toolbar: HKLM - EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
Toolbar: HKLM - No Name - !{41564952-412D-5637-00A7-7A786E7484D7} -  No File
Toolbar: HKCU - RadioBar Toolbar - {5B291E6C-9A74-4034-971B-A4B007A0B315} -  No File
Toolbar: HKCU - EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog9 01 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 02 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 03 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 04 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 05 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 06 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 07 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 08 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 20 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{3EA79C1B-0DC0-4B9D-BF9C-F5BDE5A0B36D}: [NameServer]193.189.244.225 193.189.244.206
Tcpip\..\Interfaces\{685DD7D7-5179-4D4C-9659-4250856CC6AE}: [NameServer]193.189.244.225 193.189.244.206
Tcpip\..\Interfaces\{8884D693-2566-4B02-B8AC-E5C0F23E15E2}: [NameServer]193.189.244.225 193.189.244.206
Tcpip\..\Interfaces\{AB2CFAED-59BF-470F-B35C-508B1E345305}: [NameServer]132.195.249.13 132.195.20.3 132.195.20.3
Tcpip\..\Interfaces\{DF4F6289-7F96-4AF3-AEE8-6C2429ACD57E}: [NameServer]193.189.244.225 193.189.244.206

FireFox:
========
FF ProfilePath: C:\Users\Mo.T*******\AppData\Roaming\Mozilla\Firefox\Profiles\sqxnp5f4.default
FF Homepage: hxxp://www.google.de
FF NetworkProxy: "ftp", "wwwproxy.fh-koeln.de"
FF NetworkProxy: "ftp_port", 8080
FF NetworkProxy: "gopher", "wwwproxy.fh-koeln.de"
FF NetworkProxy: "gopher_port", 8080
FF NetworkProxy: "http", "wwwproxy.fh-koeln.de"
FF NetworkProxy: "http_port", 8080
FF NetworkProxy: "no_proxies_on", "139.6.*,*.fh-koeln.de"
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "wwwproxy.fh-koeln.de"
FF NetworkProxy: "socks_port", 8080
FF NetworkProxy: "ssl", "wwwproxy.fh-koeln.de"
FF NetworkProxy: "ssl_port", 8080
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw_1203133.dll (Adobe Systems, Inc.)
FF Plugin: @java.com/DTPlugin,version=1.6.0_35 - C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=15.0.2.72 - C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprjplug;version=15.0.2.72 - C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpchromebrowserrecordext;version=15.0.2.72 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprphtml5videoshim;version=15.0.2.72 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=15.0.2.72 - C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprjplug.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: No Name - C:\Users\Mo.T*******\AppData\Roaming\Mozilla\Firefox\Profiles\sqxnp5f4.default\Extensions\staged [2013-04-22]
FF Extension: Garmin Communicator - C:\Users\Mo.T*******\AppData\Roaming\Mozilla\Firefox\Profiles\sqxnp5f4.default\Extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} [2013-12-12]
FF Extension: Yahoo! Toolbar - C:\Users\Mo.T*******\AppData\Roaming\Mozilla\Firefox\Profiles\sqxnp5f4.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2014-04-24]
FF Extension: Personas Plus - C:\Users\Mo.T*******\AppData\Roaming\Mozilla\Firefox\Profiles\sqxnp5f4.default\Extensions\personas@christopher.beard.xpi [2013-03-02]
FF Extension: Avira SearchFree Toolbar plus Web Protection - C:\Users\Mo.T*******\AppData\Roaming\Mozilla\Firefox\Profiles\sqxnp5f4.default\Extensions\toolbar_AVIRA-V7@apn.ask.com.xpi [2013-07-26]
FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Users\Mo.T*******\AppData\Roaming\Mozilla\Firefox\Profiles\sqxnp5f4.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi [2012-11-22]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-02-26]
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011-07-01]

Chrome: 
=======
CHR HomePage: hxxp://www.google.com
CHR RestoreOnStartup: "hxxp://www.google.com"
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\27.0.1453.94\PepperFlash\pepflashplayer.dll No File
CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Users\Mo.T*******\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk [2011-07-01]
CHR Extension: (Skype Click to Call) - C:\Users\Mo.T*******\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-05-25]
CHR Extension: (DvdVideoSoft Free Youtube Download) - C:\Users\Mo.T*******\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp [2013-05-25]
CHR HKLM\...\Chrome\Extension: [aaaaacalgebmfelllfiaoknifldpngjh] - C:\ProgramData\AskPartnerNetwork\Toolbar\AVIRA-V7\CRX\ToolbarCR.crx [2013-07-26]
CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2011-07-01]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2012-05-30]

========================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [1017424 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 APNMCP; C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe [168400 2013-07-26] (APN LLC.)
R2 CVPND; C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [1528608 2008-08-29] (Cisco Systems, Inc.)
R2 dsNcService; C:\Program Files\Juniper Networks\Common Files\dsNcService.exe [660848 2010-08-27] (Juniper Networks)
R2 Garmin Core Update Service; C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [246616 2013-08-28] (Garmin Ltd or its subsidiaries)
R2 HP Health Check Service; C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [124928 2009-07-09] (Hewlett-Packard)
R2 JTAGServer; c:\altera\91\quartus\bin\jtagserver.exe [164352 2009-10-22] ()
R2 JuniperAccessService; C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe [198000 2010-10-22] (Juniper Networks)
R2 Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [1378040 2011-04-24] (Lavasoft)
S2 matlabserver; C:\MATLAB7\webserver\bin\win32\matlabserver.exe [536576 2004-04-24] ()
R2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation)
S4 RichVideo; C:\Program Files\CyberLink\Shared files\RichVideo.exe [247152 2009-01-21] ()
R2 Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3048136 2012-05-30] (Skype Technologies S.A.)
S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [X]

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [90400 2013-12-17] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135648 2013-12-17] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-12-12] (Avira Operations GmbH & Co. KG)
S3 CVirtA; C:\Windows\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.)
R2 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [306299 2008-08-29] (Cisco Systems, Inc.)
R3 DCamUSBNovatek; C:\Windows\System32\Drivers\nvtcam.sys [2704640 2010-09-07] (Novatek)
R3 DNE; C:\Windows\System32\DRIVERS\dne2000.sys [125328 2008-03-29] (Deterministic Networks, Inc.)
R3 dsNcAdpt; C:\Windows\System32\DRIVERS\dsNcAdpt.sys [26624 2010-06-11] (Juniper Networks)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [242240 2012-04-28] (DT Soft Ltd)
S3 grmnusb; C:\Windows\System32\drivers\grmnusb.sys [15720 2012-04-18] (GARMIN Corp.)
R3 jnprna; C:\Windows\System32\DRIVERS\jnprna.sys [420464 2010-07-23] (Juniper Networks, Inc.)
S3 jnprva; C:\Windows\System32\DRIVERS\jnprva.sys [25456 2010-07-23] (Juniper Networks, Inc.)
R3 JnprVaMgr; C:\Windows\System32\DRIVERS\jnprvamgr.sys [36776 2010-07-23] (Juniper Networks, Inc.)
S3 Lavasoft Kernexplorer; C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys [15264 2010-11-19] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-04-03] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [107736 2014-04-26] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51416 2014-04-03] (Malwarebytes Corporation)
S3 NPF; C:\Windows\System32\drivers\npf.sys [50704 2009-10-20] (CACE Technologies, Inc.)
R2 Sentinel; C:\Windows\System32\Drivers\SENTINEL.SYS [76288 2009-10-21] (Rainbow Technologies, Inc.)
S3 Sntnlusb; C:\Windows\System32\DRIVERS\SNTNLUSB.SYS [26120 2009-10-21] (Rainbow Technologies Inc.)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-09-03] (Avira GmbH)
S3 StarOpen; C:\Windows\system32\Drivers\StarOpen.sys [7168 2009-11-12] ()
R3 WinDriver6; C:\Windows\System32\drivers\windrvr6.sys [194362 2010-09-16] (Jungo)
S3 XilinxFirmwareEmbeddedLpLoader; C:\Windows\System32\Drivers\xusb_emb.sys [17408 2010-09-16] (Xilinx, Inc.)
R2 XilinxPC4Driver; C:\Windows\System32\drivers\xpc4drvr.sys [16000 2010-09-16] (Xilinx, Inc.)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-26 18:14 - 2014-04-26 18:14 - 00000000 ____D () C:\Users\Mo.T*******\Desktop\FRST-OlderVersion
2014-04-24 23:57 - 2014-04-26 14:29 - 00000370 _____ () C:\Windows\Tasks\Ad-Aware Update (Weekly).job
2014-04-24 21:59 - 2014-04-24 21:59 - 00000201 _____ () C:\Users\Mo.T*******\Desktop\eset_report.txt
2014-04-22 11:27 - 2014-04-22 11:27 - 00000000 ____D () C:\Users\Mo.T*******\AppData\Roaming\EPSON
2014-04-21 21:47 - 2014-04-21 21:43 - 02347384 _____ (ESET) C:\Users\Mo.T*******\Desktop\esetsmartinstaller_enu.exe
2014-04-21 14:44 - 2014-04-26 17:06 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-21 14:43 - 2014-04-21 14:43 - 00001060 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-04-21 14:43 - 2014-04-21 14:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-04-21 14:43 - 2014-04-21 14:43 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-21 14:43 - 2014-04-21 14:43 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2014-04-21 14:43 - 2014-04-03 09:51 - 00073432 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-21 14:43 - 2014-04-03 09:51 - 00051416 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-21 14:43 - 2014-04-03 09:50 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-21 14:40 - 2014-03-31 02:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-21 14:40 - 2014-03-31 01:57 - 17073152 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-21 14:40 - 2014-03-04 11:17 - 00868352 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-04-21 14:40 - 2014-02-04 04:07 - 00234432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2014-04-21 14:40 - 2014-02-04 04:07 - 00149440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-04-21 14:40 - 2014-02-04 04:07 - 00027072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2014-04-21 14:40 - 2014-02-04 04:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
2014-04-21 14:40 - 2014-01-24 04:18 - 01212352 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-04-21 14:39 - 2014-04-21 02:28 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Mo.T*******\Desktop\mbam-setup-2.0.1.1004.exe
2014-04-21 12:16 - 2014-04-21 12:16 - 00000000 ____D () C:\Users\Mo.T*******\AppData\Local\AskPartnerNetwork
2014-04-20 13:18 - 2014-04-20 13:08 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\Mo.T*******\Desktop\tdsskiller.exe
2014-04-18 01:03 - 2014-04-18 01:48 - 00000000 ____D () C:\AdwCleaner
2014-04-18 01:02 - 2014-04-18 01:01 - 01426178 _____ () C:\Users\Mo.T*******\Desktop\adwcleaner.exe
2014-04-18 00:23 - 2014-04-18 00:23 - 00000079 _____ () C:\Windows\wininit.ini
2014-04-17 00:39 - 2014-04-18 02:07 - 00038700 _____ () C:\Users\Mo.T*******\Desktop\Addition.txt
2014-04-17 00:38 - 2014-04-26 18:14 - 00027494 _____ () C:\Users\Mo.T*******\Desktop\FRST.txt
2014-04-17 00:36 - 2014-04-26 18:14 - 01049088 _____ (Farbar) C:\Users\Mo.T*******\Desktop\FRST.exe
2014-04-15 01:21 - 2014-04-26 18:14 - 00000000 ____D () C:\FRST
2014-04-09 21:29 - 2014-04-18 00:45 - 00000000 ____D () C:\Windows\pss

==================== One Month Modified Files and Folders =======

2014-04-26 18:15 - 2014-04-17 00:38 - 00027494 _____ () C:\Users\Mo.T*******\Desktop\FRST.txt
2014-04-26 18:14 - 2014-04-26 18:14 - 00000000 ____D () C:\Users\Mo.T*******\Desktop\FRST-OlderVersion
2014-04-26 18:14 - 2014-04-17 00:36 - 01049088 _____ (Farbar) C:\Users\Mo.T*******\Desktop\FRST.exe
2014-04-26 18:14 - 2014-04-15 01:21 - 00000000 ____D () C:\FRST
2014-04-26 18:12 - 2011-07-01 19:52 - 00001108 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-26 17:21 - 2012-08-12 20:11 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-26 17:06 - 2014-04-21 14:44 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-26 16:46 - 2010-01-20 01:36 - 01864158 _____ () C:\Windows\WindowsUpdate.log
2014-04-26 14:35 - 2009-07-14 06:34 - 00013792 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-26 14:35 - 2009-07-14 06:34 - 00013792 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-26 14:29 - 2014-04-24 23:57 - 00000370 _____ () C:\Windows\Tasks\Ad-Aware Update (Weekly).job
2014-04-26 14:27 - 2010-01-31 19:56 - 00000000 ____D () C:\Users\Mo.T*******\Tracing
2014-04-26 14:26 - 2011-07-01 19:52 - 00001104 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-26 14:25 - 2013-06-14 02:09 - 00016358 _____ () C:\Windows\setupact.log
2014-04-26 14:25 - 2010-09-27 08:39 - 00283471 _____ () C:\aaw7boot.log
2014-04-26 14:25 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-26 03:23 - 2010-02-15 21:05 - 00000000 ____D () C:\Users\Mo.T*******\AppData\Roaming\Skype
2014-04-24 23:19 - 2014-02-26 23:53 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-04-24 21:59 - 2014-04-24 21:59 - 00000201 _____ () C:\Users\Mo.T*******\Desktop\eset_report.txt
2014-04-24 03:05 - 2010-01-20 01:58 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-04-22 12:33 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\rescache
2014-04-22 11:52 - 2013-06-18 22:40 - 00209624 _____ () C:\Windows\PFRO.log
2014-04-22 11:51 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\de-DE
2014-04-22 11:27 - 2014-04-22 11:27 - 00000000 ____D () C:\Users\Mo.T*******\AppData\Roaming\EPSON
2014-04-22 07:24 - 2013-08-16 10:13 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-22 06:40 - 2010-01-31 20:43 - 88028728 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-04-21 21:43 - 2014-04-21 21:47 - 02347384 _____ (ESET) C:\Users\Mo.T*******\Desktop\esetsmartinstaller_enu.exe
2014-04-21 21:28 - 2009-07-14 06:53 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-04-21 14:56 - 2011-07-01 19:53 - 00002040 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-04-21 14:43 - 2014-04-21 14:43 - 00001060 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-04-21 14:43 - 2014-04-21 14:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-04-21 14:43 - 2014-04-21 14:43 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-21 14:43 - 2014-04-21 14:43 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2014-04-21 12:16 - 2014-04-21 12:16 - 00000000 ____D () C:\Users\Mo.T*******\AppData\Local\AskPartnerNetwork
2014-04-21 12:16 - 2010-03-02 02:25 - 00000000 ____D () C:\Program Files\RadioBar
2014-04-21 02:28 - 2014-04-21 14:39 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Mo.T*******\Desktop\mbam-setup-2.0.1.1004.exe
2014-04-20 13:08 - 2014-04-20 13:18 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\Mo.T*******\Desktop\tdsskiller.exe
2014-04-18 02:07 - 2014-04-17 00:39 - 00038700 _____ () C:\Users\Mo.T*******\Desktop\Addition.txt
2014-04-18 01:54 - 2010-02-06 10:30 - 00000346 _____ () C:\Windows\Tasks\HPCeeScheduleForMo.T*******.job
2014-04-18 01:48 - 2014-04-18 01:03 - 00000000 ____D () C:\AdwCleaner
2014-04-18 01:01 - 2014-04-18 01:02 - 01426178 _____ () C:\Users\Mo.T*******\Desktop\adwcleaner.exe
2014-04-18 00:45 - 2014-04-09 21:29 - 00000000 ____D () C:\Windows\pss
2014-04-18 00:25 - 2011-05-20 21:43 - 00000000 ____D () C:\Program Files\Free Video Converter
2014-04-18 00:23 - 2014-04-18 00:23 - 00000079 _____ () C:\Windows\wininit.ini
2014-04-17 00:40 - 2010-01-20 01:50 - 01644734 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-10 00:13 - 2010-12-09 19:51 - 00000000 ____D () C:\Users\Gast\Tracing
2014-04-09 23:52 - 2011-03-24 21:52 - 00000978 _____ () C:\Users\Mo.T*******\Desktop\Bluetooth-Informationsaustausch.lnk
2014-04-09 22:32 - 2010-02-27 10:46 - 00007605 _____ () C:\Users\Mo.T*******\AppData\Local\Resmon.ResmonCfg
2014-04-08 02:30 - 2013-02-17 23:42 - 00000452 ____H () C:\Windows\Tasks\Norton Security Scan for Mo.T*******.job
2014-04-03 21:14 - 2013-05-01 19:21 - 00000000 ____D () C:\Program Files\Common Files\Symantec Shared
2014-04-03 09:51 - 2014-04-21 14:43 - 00073432 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-03 09:51 - 2014-04-21 14:43 - 00051416 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-03 09:50 - 2014-04-21 14:43 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-03-31 02:13 - 2014-04-21 14:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-31 01:57 - 2014-04-21 14:40 - 17073152 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

Some content of TEMP:
====================
C:\Users\Gast\AppData\Local\Temp\avgnt.exe
C:\Users\Gast\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Mo.T*******\AppData\Local\Temp\avgnt.exe
C:\Users\Mo.T*******\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-04-22 12:23

==================== End Of Log ============================

--- --- ---

Bootsektor · 26.04.2014, 20:01

Hallo papy,

es wäre gut,wenn du den ESET-Scan noch machen könntest.

Eset dauert lange, den Laptop kann man aber so einstellen, dass er nicht in den Sparmodus geht, du müsstest in der Systemsteuerung einen Menüpunkt haben, der Energieoptionen heißt, schau da einmal nach.

Schritt 1

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

SearchScopes: HKCU - {15260EDB-65F3-41D3-9CA4-500D6C319CF3} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2625848
SearchScopes: HKCU - {5B291E6C-9A74-4034-971B-A4B007A0B315} URL = hxxp://radiobar.toolbarhome.com/search.aspx?q={searchTerms}&srch=dsp
C:\Program Files\RadioBar

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Schritt 2
Starte noch einmal FRST.

Ändere keine der Voreinstellungen und drücke auf Scan.
Wenn der Scan abgeschlossen ist, wird ein neues Logfile FRST.txt erstellt und auf dem Desktop gespeichert.
Poste den Inhalt dieses Logfiles bitte hier in deinen Thread.

papy · 28.04.2014, 21:06

Hallo Sandra,
hab nochmal ESet laufen gelassen und dieses Mal mit deaktiviertem Sparmodus. das hat funktioniert! (^_^)

nun die logfiles:

Fixlog:

Code:

ATTFilter

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 27-04-2014
Ran by Mo.T******* at 2014-04-27 18:11:49 Run:4
Running from C:\Users\Mo.T*******\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
SearchScopes: HKCU - {15260EDB-65F3-41D3-9CA4-500D6C319CF3} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2625848
SearchScopes: HKCU - {5B291E6C-9A74-4034-971B-A4B007A0B315} URL = hxxp://radiobar.toolbarhome.com/search.aspx?q={searchTerms}&srch=dsp
C:\Program Files\RadioBar
         
*****************

HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{15260EDB-65F3-41D3-9CA4-500D6C319CF3} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{15260EDB-65F3-41D3-9CA4-500D6C319CF3} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5B291E6C-9A74-4034-971B-A4B007A0B315} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{5B291E6C-9A74-4034-971B-A4B007A0B315} => Key not found.
C:\Program Files\RadioBar => Moved successfully.

==== End of Fixlog ====

FRST:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 27-04-2014
Ran by Mo.T******* (administrator) on MOT*******-PC on 27-04-2014 18:15:03
Running from C:\Users\Mo.T*******\Desktop
Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Hewlett-Packard) C:\Windows\system32\Hpservice.exe
(Lavasoft) C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(APN LLC.) C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe
(Cisco Systems, Inc.) C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
(Juniper Networks) C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
(Garmin Ltd or its subsidiaries) C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
() c:\altera\91\quartus\bin\jtagserver.exe
(Juniper Networks) C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
(Yahoo! Inc.) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Microsoft Corporation) C:\Windows\system32\wbem\unsecapp.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbam.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
(Nokia) C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(shbox.de) C:\Program Files\FreePDF_XP\fpassist.exe
(Yahoo! Inc) C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
(Juniper Networks) C:\Program Files\Common Files\Juniper Networks\JamUI\Pulse.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(APN) C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
(Microsoft Corporation) C:\Program Files\Windows Live\Messenger\msnmsgr.exe
(Nokia) C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Garmin Ltd or its subsidiaries) C:\Program Files\Garmin\Express Tray\ExpressTray.exe
(TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
(THe UDS) C:\Program Files\InstantTimeZone\InstantTimeZone.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.exe
(THe UDS) C:\Program Files\InstantTimeZone\InstantTimeZone.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.bin
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
() C:\Program Files\Common Files\Nokia\NoA\nokiaaserver.exe
(Yahoo! Inc.) C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
(Nokia) C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
(Lavasoft) C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
(TOSHIBA CORPORATION) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
(TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
(TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
() C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
(TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
(Microsoft Corporation) C:\Windows\system32\wuauclt.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
(Opera Software) C:\Program Files\Opera\Opera.exe
(Microsoft Corporation) C:\Windows\system32\calc.exe
(Nokia) C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
(Nokia) C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
(Nokia) C:\Program Files\PC Connectivity Solution\Transports\NclToBTSrv.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [NeroCheck] => C:\Windows\system32\NeroCheck.exe [155648 2003-07-13] (Ahead Software Gmbh)
HKLM\...\Run: [WirelessAssistant] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [498744 2009-07-23] (Hewlett-Packard)
HKLM\...\Run: [NokiaMServer] => C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup
HKLM\...\Run: [NokiaMusic FastStart] => C:\Program Files\Nokia\Ovi Player\NokiaOviPlayer.exe [2090272 2009-11-06] (Nokia)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [FreePDF Assistant] => C:\Program Files\FreePDF_XP\fpassist.exe [385024 2009-09-05] (shbox.de)
HKLM\...\Run: [YSearchProtection] => C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe [111856 2009-02-23] (Yahoo! Inc)
HKLM\...\Run: [Pulse] => C:\Program Files\Common Files\Juniper Networks\JamUI\Pulse.exe [1698672 2010-10-23] (Juniper Networks)
HKLM\...\Run: [ITSecMng] => C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe [83336 2009-07-22] (TOSHIBA CORPORATION)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-20] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [ApnTBMon] => C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1558480 2013-07-26] (APN)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
HKU\S-1-5-21-2441125889-3839948254-335534644-1000\...\Run: [LightScribe Control Panel] => C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2009-06-17] (Hewlett-Packard Company)
HKU\S-1-5-21-2441125889-3839948254-335534644-1000\...\Run: [msnmsgr] => C:\Program Files\Windows Live\Messenger\msnmsgr.exe [3883840 2009-07-26] (Microsoft Corporation)
HKU\S-1-5-21-2441125889-3839948254-335534644-1000\...\Run: [] => [X]
HKU\S-1-5-21-2441125889-3839948254-335534644-1000\...\Run: [NokiaOviSuite2] => C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe [401728 2009-12-10] (Nokia)
HKU\S-1-5-21-2441125889-3839948254-335534644-1000\...\Run: [Messenger (Yahoo!)] => C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [5252408 2010-06-01] (Yahoo! Inc.)
HKU\S-1-5-21-2441125889-3839948254-335534644-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [354304 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-2441125889-3839948254-335534644-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files\DAEMON Tools Lite\DTLite.exe [3672384 2012-04-11] (DT Soft Ltd)
HKU\S-1-5-21-2441125889-3839948254-335534644-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)
HKU\S-1-5-21-2441125889-3839948254-335534644-1000\...\Run: [GarminExpressTrayApp] => C:\Program Files\Garmin\Express Tray\ExpressTray.exe [1093464 2013-08-28] (Garmin Ltd or its subsidiaries)
HKU\S-1-5-21-2441125889-3839948254-335534644-1000\...\MountPoints2: H - H:\AutoRun.exe
HKU\S-1-5-21-2441125889-3839948254-335534644-1000\...\MountPoints2: I - I:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-2441125889-3839948254-335534644-1000\...\MountPoints2: {0df93878-198b-11e0-a313-91265f448b94} - H:\AutoRun.exe
HKU\S-1-5-21-2441125889-3839948254-335534644-1000\...\MountPoints2: {0df93886-198b-11e0-a313-967bdee9a9b0} - I:\AutoRun.exe
HKU\S-1-5-21-2441125889-3839948254-335534644-1000\...\MountPoints2: {1dfb02a9-a128-11e3-9981-d65de5f1a59d} - I:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-2441125889-3839948254-335534644-1000\...\MountPoints2: {7e07d585-9160-11e1-8b45-f20c468c9ea1} - H:\setup.exe
HKU\S-1-5-21-2441125889-3839948254-335534644-1000\...\MountPoints2: {cd1a3888-3ac9-11e0-93cb-8b8d165d4ff3} - H:\AutoRun.exe
HKU\S-1-5-21-2441125889-3839948254-335534644-1000\...\MountPoints2: {dc1bfdf4-274a-11e0-899c-e85aa09ff09b} - H:\AutoRun.exe
HKU\S-1-5-21-2441125889-3839948254-335534644-1000\...\MountPoints2: {f6f4b7f7-2a53-11e0-85d0-d5f49d1021be} - I:\AutoRun.exe
HKU\S-1-5-21-2441125889-3839948254-335534644-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [LightScribe Control Panel] => C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2009-06-17] (Hewlett-Packard Company)
HKU\S-1-5-21-2441125889-3839948254-335534644-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [msnmsgr] => C:\Program Files\Windows Live\Messenger\msnmsgr.exe [3883840 2009-07-26] (Microsoft Corporation)
HKU\S-1-5-21-2441125889-3839948254-335534644-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [] => [X]
HKU\S-1-5-21-2441125889-3839948254-335534644-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [NokiaOviSuite2] => C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe [401728 2009-12-10] (Nokia)
HKU\S-1-5-21-2441125889-3839948254-335534644-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Messenger (Yahoo!)] => C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [5252408 2010-06-01] (Yahoo! Inc.)
HKU\S-1-5-21-2441125889-3839948254-335534644-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [354304 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-2441125889-3839948254-335534644-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [DAEMON Tools Lite] => C:\Program Files\DAEMON Tools Lite\DTLite.exe [3672384 2012-04-11] (DT Soft Ltd)
HKU\S-1-5-21-2441125889-3839948254-335534644-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)
HKU\S-1-5-21-2441125889-3839948254-335534644-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [GarminExpressTrayApp] => C:\Program Files\Garmin\Express Tray\ExpressTray.exe [1093464 2013-08-28] (Garmin Ltd or its subsidiaries)
HKU\S-1-5-21-2441125889-3839948254-335534644-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: H - H:\AutoRun.exe
HKU\S-1-5-21-2441125889-3839948254-335534644-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: I - I:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-2441125889-3839948254-335534644-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {0df93878-198b-11e0-a313-91265f448b94} - H:\AutoRun.exe
HKU\S-1-5-21-2441125889-3839948254-335534644-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {0df93886-198b-11e0-a313-967bdee9a9b0} - I:\AutoRun.exe
HKU\S-1-5-21-2441125889-3839948254-335534644-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {1dfb02a9-a128-11e3-9981-d65de5f1a59d} - I:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-2441125889-3839948254-335534644-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {7e07d585-9160-11e1-8b45-f20c468c9ea1} - H:\setup.exe
HKU\S-1-5-21-2441125889-3839948254-335534644-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {cd1a3888-3ac9-11e0-93cb-8b8d165d4ff3} - H:\AutoRun.exe
HKU\S-1-5-21-2441125889-3839948254-335534644-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {dc1bfdf4-274a-11e0-899c-e85aa09ff09b} - H:\AutoRun.exe
HKU\S-1-5-21-2441125889-3839948254-335534644-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {f6f4b7f7-2a53-11e0-85d0-d5f49d1021be} - I:\AutoRun.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth Manager.lnk
ShortcutTarget: Bluetooth Manager.lnk -> C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\InstantTimeZone.lnk
ShortcutTarget: InstantTimeZone.lnk -> C:\Program Files\InstantTimeZone\InstantTimeZone.exe (THe UDS)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\VPN Client.lnk
ShortcutTarget: VPN Client.lnk -> C:\Windows\Installer\{51FB15F4-AD27-43BC-AD4B-DD0354FB6BBD}\Icon3E5562ED7.ico ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Steuer-Sparbuch heute.lnk
ShortcutTarget: WISO Mein Steuer-Sparbuch heute.lnk -> C:\Program Files\WISO\Steuersoftware 2013\mshaktuell.exe ()
Startup: C:\Users\Mo.T*******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Mo.T*******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk
ShortcutTarget: OpenOffice.org 3.1.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()

==================== Internet (Whitelisted) ====================

ProxyServer: :0
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xC00CCB7E1EB4CA01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
URLSearchHook: HKCU - YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll (Yahoo! Inc.)
SearchScopes: HKCU - {61DA61FF-CDAE-4D29-A3DD-CCA4690DB68E} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=302398&p={searchTerms}
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
BHO: Avira SearchFree Toolbar plus Web Protection - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: No Name - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -  No File
BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
Toolbar: HKLM - EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
Toolbar: HKLM - No Name - !{41564952-412D-5637-00A7-7A786E7484D7} -  No File
Toolbar: HKCU - RadioBar Toolbar - {5B291E6C-9A74-4034-971B-A4B007A0B315} -  No File
Toolbar: HKCU - EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog9 01 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 02 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 03 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 04 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 05 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 06 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 07 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 08 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 20 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{3EA79C1B-0DC0-4B9D-BF9C-F5BDE5A0B36D}: [NameServer]193.189.244.225 193.189.244.206
Tcpip\..\Interfaces\{685DD7D7-5179-4D4C-9659-4250856CC6AE}: [NameServer]193.189.244.225 193.189.244.206
Tcpip\..\Interfaces\{8884D693-2566-4B02-B8AC-E5C0F23E15E2}: [NameServer]193.189.244.225 193.189.244.206
Tcpip\..\Interfaces\{AB2CFAED-59BF-470F-B35C-508B1E345305}: [NameServer]132.195.249.13 132.195.20.3 132.195.20.3
Tcpip\..\Interfaces\{DF4F6289-7F96-4AF3-AEE8-6C2429ACD57E}: [NameServer]193.189.244.225 193.189.244.206

FireFox:
========
FF ProfilePath: C:\Users\Mo.T*******\AppData\Roaming\Mozilla\Firefox\Profiles\sqxnp5f4.default
FF Homepage: hxxp://www.google.de
FF NetworkProxy: "ftp", "wwwproxy.fh-koeln.de"
FF NetworkProxy: "ftp_port", 8080
FF NetworkProxy: "gopher", "wwwproxy.fh-koeln.de"
FF NetworkProxy: "gopher_port", 8080
FF NetworkProxy: "http", "wwwproxy.fh-koeln.de"
FF NetworkProxy: "http_port", 8080
FF NetworkProxy: "no_proxies_on", "139.6.*,*.fh-koeln.de"
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "wwwproxy.fh-koeln.de"
FF NetworkProxy: "socks_port", 8080
FF NetworkProxy: "ssl", "wwwproxy.fh-koeln.de"
FF NetworkProxy: "ssl_port", 8080
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw_1203133.dll (Adobe Systems, Inc.)
FF Plugin: @java.com/DTPlugin,version=1.6.0_35 - C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=15.0.2.72 - C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprjplug;version=15.0.2.72 - C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpchromebrowserrecordext;version=15.0.2.72 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprphtml5videoshim;version=15.0.2.72 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=15.0.2.72 - C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprjplug.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: No Name - C:\Users\Mo.T*******\AppData\Roaming\Mozilla\Firefox\Profiles\sqxnp5f4.default\Extensions\staged [2013-04-22]
FF Extension: Garmin Communicator - C:\Users\Mo.T*******\AppData\Roaming\Mozilla\Firefox\Profiles\sqxnp5f4.default\Extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} [2013-12-12]
FF Extension: Yahoo! Toolbar - C:\Users\Mo.T*******\AppData\Roaming\Mozilla\Firefox\Profiles\sqxnp5f4.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2014-04-24]
FF Extension: Personas Plus - C:\Users\Mo.T*******\AppData\Roaming\Mozilla\Firefox\Profiles\sqxnp5f4.default\Extensions\personas@christopher.beard.xpi [2013-03-02]
FF Extension: Avira SearchFree Toolbar plus Web Protection - C:\Users\Mo.T*******\AppData\Roaming\Mozilla\Firefox\Profiles\sqxnp5f4.default\Extensions\toolbar_AVIRA-V7@apn.ask.com.xpi [2013-07-26]
FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Users\Mo.T*******\AppData\Roaming\Mozilla\Firefox\Profiles\sqxnp5f4.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi [2012-11-22]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-02-26]
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011-07-01]

Chrome: 
=======
CHR HomePage: hxxp://www.google.com
CHR RestoreOnStartup: "hxxp://www.google.com"
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\27.0.1453.94\PepperFlash\pepflashplayer.dll No File
CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Users\Mo.T*******\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk [2011-07-01]
CHR Extension: (Skype Click to Call) - C:\Users\Mo.T*******\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-05-25]
CHR Extension: (DvdVideoSoft Free Youtube Download) - C:\Users\Mo.T*******\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp [2013-05-25]
CHR HKLM\...\Chrome\Extension: [aaaaacalgebmfelllfiaoknifldpngjh] - C:\ProgramData\AskPartnerNetwork\Toolbar\AVIRA-V7\CRX\ToolbarCR.crx [2013-07-26]
CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2011-07-01]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2012-05-30]

========================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [1017424 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 APNMCP; C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe [168400 2013-07-26] (APN LLC.)
R2 CVPND; C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [1528608 2008-08-29] (Cisco Systems, Inc.)
R2 dsNcService; C:\Program Files\Juniper Networks\Common Files\dsNcService.exe [660848 2010-08-27] (Juniper Networks)
R2 Garmin Core Update Service; C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [246616 2013-08-28] (Garmin Ltd or its subsidiaries)
R2 HP Health Check Service; C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [124928 2009-07-09] (Hewlett-Packard)
R2 JTAGServer; c:\altera\91\quartus\bin\jtagserver.exe [164352 2009-10-22] ()
R2 JuniperAccessService; C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe [198000 2010-10-22] (Juniper Networks)
R2 Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [1378040 2011-04-24] (Lavasoft)
S2 matlabserver; C:\MATLAB7\webserver\bin\win32\matlabserver.exe [536576 2004-04-24] ()
R2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation)
S4 RichVideo; C:\Program Files\CyberLink\Shared files\RichVideo.exe [247152 2009-01-21] ()
R2 Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3048136 2012-05-30] (Skype Technologies S.A.)
S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [X]

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [90400 2013-12-17] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135648 2013-12-17] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-12-12] (Avira Operations GmbH & Co. KG)
S3 CVirtA; C:\Windows\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.)
R2 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [306299 2008-08-29] (Cisco Systems, Inc.)
R3 DCamUSBNovatek; C:\Windows\System32\Drivers\nvtcam.sys [2704640 2010-09-07] (Novatek)
R3 DNE; C:\Windows\System32\DRIVERS\dne2000.sys [125328 2008-03-29] (Deterministic Networks, Inc.)
R3 dsNcAdpt; C:\Windows\System32\DRIVERS\dsNcAdpt.sys [26624 2010-06-11] (Juniper Networks)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [242240 2012-04-28] (DT Soft Ltd)
S3 grmnusb; C:\Windows\System32\drivers\grmnusb.sys [15720 2012-04-18] (GARMIN Corp.)
R3 jnprna; C:\Windows\System32\DRIVERS\jnprna.sys [420464 2010-07-23] (Juniper Networks, Inc.)
S3 jnprva; C:\Windows\System32\DRIVERS\jnprva.sys [25456 2010-07-23] (Juniper Networks, Inc.)
R3 JnprVaMgr; C:\Windows\System32\DRIVERS\jnprvamgr.sys [36776 2010-07-23] (Juniper Networks, Inc.)
S3 Lavasoft Kernexplorer; C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys [15264 2010-11-19] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-04-03] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [107736 2014-04-27] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51416 2014-04-03] (Malwarebytes Corporation)
S3 NPF; C:\Windows\System32\drivers\npf.sys [50704 2009-10-20] (CACE Technologies, Inc.)
R2 Sentinel; C:\Windows\System32\Drivers\SENTINEL.SYS [76288 2009-10-21] (Rainbow Technologies, Inc.)
S3 Sntnlusb; C:\Windows\System32\DRIVERS\SNTNLUSB.SYS [26120 2009-10-21] (Rainbow Technologies Inc.)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-09-03] (Avira GmbH)
S3 StarOpen; C:\Windows\system32\Drivers\StarOpen.sys [7168 2009-11-12] ()
R3 WinDriver6; C:\Windows\System32\drivers\windrvr6.sys [194362 2010-09-16] (Jungo)
S3 XilinxFirmwareEmbeddedLpLoader; C:\Windows\System32\Drivers\xusb_emb.sys [17408 2010-09-16] (Xilinx, Inc.)
R2 XilinxPC4Driver; C:\Windows\System32\drivers\xpc4drvr.sys [16000 2010-09-16] (Xilinx, Inc.)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-26 18:14 - 2014-04-27 18:11 - 00000000 ____D () C:\Users\Mo.T*******\Desktop\FRST-OlderVersion
2014-04-24 23:57 - 2014-04-26 14:29 - 00000370 _____ () C:\Windows\Tasks\Ad-Aware Update (Weekly).job
2014-04-24 21:59 - 2014-04-24 21:59 - 00000201 _____ () C:\Users\Mo.T*******\Desktop\eset_report.txt
2014-04-22 11:27 - 2014-04-22 11:27 - 00000000 ____D () C:\Users\Mo.T*******\AppData\Roaming\EPSON
2014-04-21 21:47 - 2014-04-21 21:43 - 02347384 _____ (ESET) C:\Users\Mo.T*******\Desktop\esetsmartinstaller_enu.exe
2014-04-21 14:44 - 2014-04-27 17:46 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-21 14:43 - 2014-04-21 14:43 - 00001060 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-04-21 14:43 - 2014-04-21 14:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-04-21 14:43 - 2014-04-21 14:43 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-21 14:43 - 2014-04-21 14:43 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2014-04-21 14:43 - 2014-04-03 09:51 - 00073432 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-21 14:43 - 2014-04-03 09:51 - 00051416 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-21 14:43 - 2014-04-03 09:50 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-21 14:40 - 2014-03-31 02:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-21 14:40 - 2014-03-31 01:57 - 17073152 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-21 14:40 - 2014-03-04 11:17 - 00868352 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-04-21 14:40 - 2014-02-04 04:07 - 00234432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2014-04-21 14:40 - 2014-02-04 04:07 - 00149440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-04-21 14:40 - 2014-02-04 04:07 - 00027072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2014-04-21 14:40 - 2014-02-04 04:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
2014-04-21 14:40 - 2014-01-24 04:18 - 01212352 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-04-21 14:39 - 2014-04-21 02:28 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Mo.T*******\Desktop\mbam-setup-2.0.1.1004.exe
2014-04-21 12:16 - 2014-04-21 12:16 - 00000000 ____D () C:\Users\Mo.T*******\AppData\Local\AskPartnerNetwork
2014-04-20 13:18 - 2014-04-20 13:08 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\Mo.T*******\Desktop\tdsskiller.exe
2014-04-18 01:03 - 2014-04-18 01:48 - 00000000 ____D () C:\AdwCleaner
2014-04-18 01:02 - 2014-04-18 01:01 - 01426178 _____ () C:\Users\Mo.T*******\Desktop\adwcleaner.exe
2014-04-18 00:23 - 2014-04-18 00:23 - 00000079 _____ () C:\Windows\wininit.ini
2014-04-17 00:39 - 2014-04-18 02:07 - 00038700 _____ () C:\Users\Mo.T*******\Desktop\Addition.txt
2014-04-17 00:38 - 2014-04-27 18:15 - 00030579 _____ () C:\Users\Mo.T*******\Desktop\FRST.txt
2014-04-17 00:36 - 2014-04-27 18:11 - 01049600 _____ (Farbar) C:\Users\Mo.T*******\Desktop\FRST.exe
2014-04-15 01:21 - 2014-04-27 18:15 - 00000000 ____D () C:\FRST
2014-04-09 21:29 - 2014-04-18 00:45 - 00000000 ____D () C:\Windows\pss

==================== One Month Modified Files and Folders =======

2014-04-27 18:15 - 2014-04-17 00:38 - 00030579 _____ () C:\Users\Mo.T*******\Desktop\FRST.txt
2014-04-27 18:15 - 2014-04-15 01:21 - 00000000 ____D () C:\FRST
2014-04-27 18:11 - 2014-04-26 18:14 - 00000000 ____D () C:\Users\Mo.T*******\Desktop\FRST-OlderVersion
2014-04-27 18:11 - 2014-04-17 00:36 - 01049600 _____ (Farbar) C:\Users\Mo.T*******\Desktop\FRST.exe
2014-04-27 17:47 - 2011-07-01 19:52 - 00001108 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-27 17:46 - 2014-04-21 14:44 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-27 17:46 - 2012-08-12 20:11 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-27 17:46 - 2010-01-20 01:36 - 01904631 _____ () C:\Windows\WindowsUpdate.log
2014-04-27 17:45 - 2010-02-15 21:05 - 00000000 ____D () C:\Users\Mo.T*******\AppData\Roaming\Skype
2014-04-27 00:47 - 2011-07-01 19:52 - 00001104 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-26 14:35 - 2009-07-14 06:34 - 00013792 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-26 14:35 - 2009-07-14 06:34 - 00013792 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-26 14:29 - 2014-04-24 23:57 - 00000370 _____ () C:\Windows\Tasks\Ad-Aware Update (Weekly).job
2014-04-26 14:27 - 2010-01-31 19:56 - 00000000 ____D () C:\Users\Mo.T*******\Tracing
2014-04-26 14:25 - 2013-06-14 02:09 - 00016358 _____ () C:\Windows\setupact.log
2014-04-26 14:25 - 2010-09-27 08:39 - 00283471 _____ () C:\aaw7boot.log
2014-04-26 14:25 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-24 23:19 - 2014-02-26 23:53 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-04-24 21:59 - 2014-04-24 21:59 - 00000201 _____ () C:\Users\Mo.T*******\Desktop\eset_report.txt
2014-04-24 03:05 - 2010-01-20 01:58 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-04-22 12:33 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\rescache
2014-04-22 11:52 - 2013-06-18 22:40 - 00209624 _____ () C:\Windows\PFRO.log
2014-04-22 11:51 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\de-DE
2014-04-22 11:27 - 2014-04-22 11:27 - 00000000 ____D () C:\Users\Mo.T*******\AppData\Roaming\EPSON
2014-04-22 07:24 - 2013-08-16 10:13 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-22 06:40 - 2010-01-31 20:43 - 88028728 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-04-21 21:43 - 2014-04-21 21:47 - 02347384 _____ (ESET) C:\Users\Mo.T*******\Desktop\esetsmartinstaller_enu.exe
2014-04-21 21:28 - 2009-07-14 06:53 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-04-21 14:56 - 2011-07-01 19:53 - 00002040 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-04-21 14:43 - 2014-04-21 14:43 - 00001060 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-04-21 14:43 - 2014-04-21 14:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-04-21 14:43 - 2014-04-21 14:43 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-21 14:43 - 2014-04-21 14:43 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2014-04-21 12:16 - 2014-04-21 12:16 - 00000000 ____D () C:\Users\Mo.T*******\AppData\Local\AskPartnerNetwork
2014-04-21 02:28 - 2014-04-21 14:39 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Mo.T*******\Desktop\mbam-setup-2.0.1.1004.exe
2014-04-20 13:08 - 2014-04-20 13:18 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\Mo.T*******\Desktop\tdsskiller.exe
2014-04-18 02:07 - 2014-04-17 00:39 - 00038700 _____ () C:\Users\Mo.T*******\Desktop\Addition.txt
2014-04-18 01:54 - 2010-02-06 10:30 - 00000346 _____ () C:\Windows\Tasks\HPCeeScheduleForMo.T*******.job
2014-04-18 01:48 - 2014-04-18 01:03 - 00000000 ____D () C:\AdwCleaner
2014-04-18 01:01 - 2014-04-18 01:02 - 01426178 _____ () C:\Users\Mo.T*******\Desktop\adwcleaner.exe
2014-04-18 00:45 - 2014-04-09 21:29 - 00000000 ____D () C:\Windows\pss
2014-04-18 00:25 - 2011-05-20 21:43 - 00000000 ____D () C:\Program Files\Free Video Converter
2014-04-18 00:23 - 2014-04-18 00:23 - 00000079 _____ () C:\Windows\wininit.ini
2014-04-17 00:40 - 2010-01-20 01:50 - 01644734 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-10 00:13 - 2010-12-09 19:51 - 00000000 ____D () C:\Users\Gast\Tracing
2014-04-09 23:52 - 2011-03-24 21:52 - 00000978 _____ () C:\Users\Mo.T*******\Desktop\Bluetooth-Informationsaustausch.lnk
2014-04-09 22:32 - 2010-02-27 10:46 - 00007605 _____ () C:\Users\Mo.T*******\AppData\Local\Resmon.ResmonCfg
2014-04-08 02:30 - 2013-02-17 23:42 - 00000452 ____H () C:\Windows\Tasks\Norton Security Scan for Mo.T*******.job
2014-04-03 21:14 - 2013-05-01 19:21 - 00000000 ____D () C:\Program Files\Common Files\Symantec Shared
2014-04-03 09:51 - 2014-04-21 14:43 - 00073432 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-03 09:51 - 2014-04-21 14:43 - 00051416 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-03 09:50 - 2014-04-21 14:43 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-03-31 02:13 - 2014-04-21 14:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-31 01:57 - 2014-04-21 14:40 - 17073152 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

Some content of TEMP:
====================
C:\Users\Gast\AppData\Local\Temp\avgnt.exe
C:\Users\Gast\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Mo.T*******\AppData\Local\Temp\avgnt.exe
C:\Users\Mo.T*******\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-04-22 12:23

==================== End Of Log ============================

--- --- ---

Eset logfile:

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=94c5622c20e8e6448499f92372ba5969
# engine=18048
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-04-28 08:49:41
# local_time=2014-04-28 10:49:41 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 95 61410 20469279 54139 0
# compatibility_mode=5893 16776574 100 94 20532136 150306172 0 0
# scanned=829081
# found=13
# cleaned=0
# scan_time=58557
sh=0C1D479B0B31810B8F11DB7FE186886C4D8B24B3 ft=1 fh=7f268c3d1b926f69 vn="Win32/Reveton.V trojan" ac=I fn="C:\FRST\Quarantine\C\ProgramData\2992199F9A\qmgdobh7.cpp.xBAD"
sh=0C1D479B0B31810B8F11DB7FE186886C4D8B24B3 ft=1 fh=7f268c3d1b926f69 vn="Win32/Reveton.V trojan" ac=I fn="C:\FRST\Quarantine\C\Users\Mo.T*******\AppData\Local\Temp\~+JF8905281111587704911.dll.xBAD"
sh=E0A8E5BFD2DCE720F737EFF846E60C037CA56A01 ft=0 fh=0000000000000000 vn="Java/Exploit.CVE-2012-1723.CB trojan" ac=I fn="C:\Users\Mo.T*******\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13\10be564d-2c468997"
sh=389094364B7452F27EFDC963A987C4BDA839F94C ft=0 fh=0000000000000000 vn="Java/TrojanDownloader.OpenStream.NBX trojan" ac=I fn="C:\Users\Mo.T*******\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16\6ed50410-5556451d"
sh=2F310EF06659DAC551DD57B805026E95554DF416 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\Users\Mo.T*******\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19\10d32b13-5d23bfcb"
sh=825BB007AB27B36B8F408E953495913BAD0B3095 ft=1 fh=70a9464a25ac9f0d vn="a variant of Win32/Kryptik.ACQF trojan" ac=I fn="C:\Users\Mo.T*******\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2\619c95c2-747f1635"
sh=5FF5E4AEA236D998DB89C62E61976C66DB19840E ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\Users\Mo.T*******\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22\4fea3bd6-520faaf2"
sh=5FF5E4AEA236D998DB89C62E61976C66DB19840E ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\Users\Mo.T*******\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22\4fea3bd6-56097ba9"
sh=1B3D3A6FD2A50CBC9BCAF9D5828E4232792631D2 ft=0 fh=0000000000000000 vn="Java/Exploit.Agent.NVV trojan" ac=I fn="C:\Users\Mo.T*******\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30\32e8505e-6cab6b77"
sh=85EC035F158030BE32C4FD8C4EDA97749A986CFB ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\Users\Mo.T*******\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37\22d83725-758d068c"
sh=06A52BAB880B91D58ADE3CCBB43994606DD779EE ft=0 fh=0000000000000000 vn="a variant of Java/Exploit.Agent.QZU trojan" ac=I fn="C:\Users\Mo.T*******\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\16fad505-48b16c81"
sh=9EE86F1BF00B85D299567DACD297E264115FD743 ft=0 fh=0000000000000000 vn="a variant of Java/TrojanDownloader.Agent.NDR trojan" ac=I fn="C:\Users\Mo.T*******\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60\40f44a3c-21e7e981"
sh=DC1F8192A6EDF3F430CBFDC34A971AAFD62F5F56 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\Users\Mo.T*******\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\2d212bff-52380b80"

Danke und Grüße.

Bootsektor · 28.04.2014, 22:38

Hallo papy,

Zitat:

hab nochmal ESet laufen gelassen und dieses Mal mit deaktiviertem Sparmodus. das hat funktioniert! (^_^)

Sehr gut!

Funde von Eset sind im Cache und in unseren Quarantäne, die beseitigen wir gleich

Was war jetzt mit dem Proxyserver?

Zitat:

ProxyServer: :0

der im Firefox ist von der Fachhochschule Köln ?

Zitat:

FF NetworkProxy: "ftp", "wwwproxy.fh-koeln.de"
FF NetworkProxy: "ftp_port", 8080
FF NetworkProxy: "gopher", "wwwproxy.fh-koeln.de"
FF NetworkProxy: "gopher_port", 8080
FF NetworkProxy: "http", "wwwproxy.fh-koeln.de"
FF NetworkProxy: "http_port", 8080
FF NetworkProxy: "no_proxies_on", "139.6.*,*.fh-koeln.de"
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "wwwproxy.fh-koeln.de"
FF NetworkProxy: "socks_port", 8080
FF NetworkProxy: "ssl", "wwwproxy.fh-koeln.de"
FF NetworkProxy: "ssl_port", 8080

Schritt 1
Java Cache löschen
Gehe auf:
Start => Systemsteuerung => Programme => Java => Allgemein => Temporäre Internet-Dateien "Einstellungen" => Dateien löschen => Haken bei "gecachte Anwendungen und Applets" sowie bei "Verfolgungs- und Protokolldateien" (Trace und Logdateien") setzen => OK

Ausführliche Anleitung [url=http://www.java.com/de/download/help/plugin_cache.xml]

Schritt 2

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

(APN LLC.) C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe
HKLM\...\Run: [ApnTBMon] => C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1558480 2013-07-26] (APN)
SearchScopes: HKCU - {15260EDB-65F3-41D3-9CA4-500D6C319CF3} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2625848
SearchScopes: HKCU - {5B291E6C-9A74-4034-971B-A4B007A0B315} URL = hxxp://radiobar.toolbarhome.com/search.aspx?q={searchTerms}&srch=dsp
R2 APNMCP; C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe [168400 2013-07-26] (APN LLC.)
C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe
C:\Program Files\RadioBar

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

16.04.2014, 07:42	#2
Bootsektor Ruhe in Frieden † 2019	Windows 7: trojaner GVU/Bundespolizei fährt den Pc im abgesicherten Modus runter! Ich habe dein Thema in Arbeit und melde mich so schnell wie möglich mit weiteren Anweisungen. __________________ __________________

Windows 7: trojaner GVU/Bundespolizei fährt den Pc im abgesicherten Modus runter!

Log-Analyse und Auswertung: Windows 7: trojaner GVU/Bundespolizei fährt den Pc im abgesicherten Modus runter!