Avast findet win32:dropper-gen & win32:malware-gen

lehmanc · 16.04.2014, 14:18

Anlage 2

cosinus · 16.04.2014, 14:27

Adware/Junkware/Toolbars entfernen

1. Schritt: adwCleaner

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

2. Schritt: JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

3. Schritt: Frisches Log mit FRST

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

lehmanc · 16.04.2014, 15:28

AdwCleaner

Code:

ATTFilter

# AdwCleaner v3.023 - Bericht erstellt am 16/04/2014 um 15:38:44
# Aktualisiert 01/04/2014 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzername : lehmanco - LEHMANCO-PC
# Gestartet von : C:\Users\lehmanco\Downloads\adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Datei Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
Datei Gelöscht : C:\Users\lehmanco\AppData\Roaming\Mozilla\Firefox\Profiles\lvhmzsre.default\user.js

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

[#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{70D4318E-665C-4B0E-BB01-9390F546567B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}
Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar

***** [ Browser ] *****

-\\ Internet Explorer v8.0.6001.19518


-\\ Mozilla Firefox v28.0 (de)

[ Datei : C:\Users\lehmanco\AppData\Roaming\Mozilla\Firefox\Profiles\lvhmzsre.default\prefs.js ]


-\\ Google Chrome v34.0.1847.116

[ Datei : C:\Users\lehmanco\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [1652 octets] - [16/04/2014 15:35:14]
AdwCleaner[S0].txt - [1577 octets] - [16/04/2014 15:38:44]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1637 octets] ##########

JRT

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows Vista (TM) Home Premium x86
Ran by lehmanco on 16.04.2014 at 15:49:47,41
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{B04AE6E7-285A-418B-9D0D-B435133906BC}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{E84DDDCD-0521-4175-B8E5-4B2248648D6E}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{B04AE6E7-285A-418B-9D0D-B435133906BC}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{E84DDDCD-0521-4175-B8E5-4B2248648D6E}



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\lehmanco\AppData\Roaming\mozilla\firefox\profiles\lvhmzsre.default\minidumps [42 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 16.04.2014 at 15:54:25,29
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

FRST-Editor

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 16-04-2014 01
Ran by lehmanco (administrator) on LEHMANCO-PC on 16-04-2014 16:18:35
Running from C:\Users\lehmanco\Downloads
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Hewlett-Packard Company) c:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Hewlett-Packard Company) C:\hp\support\hpsysdrv.exe
(OsdMaestro) C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
() C:\Windows\System32\spool\drivers\w32x86\3\WrtMon.exe
(RealNetworks, Inc.) C:\Program Files\Real\realplayer\Update\realsched.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
() C:\Users\lehmanco\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
() C:\Windows\System32\spool\drivers\w32x86\3\WrtProc.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Hewlett-Packard) c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
(Hewlett-Packard Company) C:\hp\kbd\kbd.exe
(Microsoft Corporation) C:\Windows\system32\WerFault.exe
(Microsoft Corporation) C:\Windows\system32\conime.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-19] (Microsoft Corporation)
HKLM\...\Run: [hpsysdrv] => c:\hp\support\hpsysdrv.exe [65536 2007-04-18] (Hewlett-Packard Company)
HKLM\...\Run: [KBD] => C:\HP\KBD\KbdStub.EXE [65536 2006-12-08] ()
HKLM\...\Run: [OsdMaestro] => C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe [118784 2007-02-15] (OsdMaestro)
HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [178712 2007-07-12] (Intel Corporation)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [NvSvc] => C:\Windows\system32\nvsvc.dll [92704 2008-01-10] (NVIDIA Corporation)
HKLM\...\Run: [NvCplDaemon] => C:\Windows\system32\NvCpl.dll [8530464 2008-01-10] (NVIDIA Corporation)
HKLM\...\Run: [NvMediaCenter] => C:\Windows\system32\NvMcTray.dll [88608 2008-01-10] (NVIDIA Corporation)
HKLM\...\Run: [WrtMon.exe] => C:\Windows\system32\spool\drivers\w32x86\3\WrtMon.exe [20480 2006-09-20] ()
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-10-11] (Apple Inc.)
HKLM\...\Run: [TkBellExe] => c:\program files\real\realplayer\Update\realsched.exe [295072 2012-12-20] (RealNetworks, Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4874240 2008-01-15] (Realtek Semiconductor)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3854640 2014-04-12] (AVAST Software)
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-2961654822-264804067-3346831401-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-19] (Microsoft Corporation)
HKU\S-1-5-21-2961654822-264804067-3346831401-1000\...\Run: [SpybotSD TeaTimer] => C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
HKU\S-1-5-21-2961654822-264804067-3346831401-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-19] (Microsoft Corporation)
HKU\S-1-5-21-2961654822-264804067-3346831401-1000\...\Run: [Amazon Cloud Player] => C:\Users\lehmanco\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe [3145536 2013-12-12] ()
HKU\S-1-5-21-2961654822-264804067-3346831401-1000\...\MountPoints2: {304db934-cb6c-11de-987f-001e8c5b218d} - K:\preinst.exe

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
SearchScopes: HKLM - DefaultScope value is missing.
BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0045-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\lehmanco\AppData\Roaming\Mozilla\Firefox\Profiles\lvhmzsre.default
FF Homepage: hxxp://www.google.de/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin: @bittorrent.com/BitTorrentDNA - C:\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
FF Plugin: @garmin.com/GpsControl - C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @pack.google.com/Google Updater;version=14 - C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF Plugin: @real.com/nppl3260;version=16.0.0.282 - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.0 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.0 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.0 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=16.0.0.282 - c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npbittorrent.dll (BitTorrent, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpplugin.dll (RealPlayer)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Garmin Communicator - C:\Users\lehmanco\AppData\Roaming\Mozilla\Firefox\Profiles\lvhmzsre.default\Extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} [2013-11-27]
FF Extension: Microsoft .NET Framework Assistant - C:\Users\lehmanco\AppData\Roaming\Mozilla\Firefox\Profiles\lvhmzsre.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010-04-27]
FF Extension: NoScript - C:\Users\lehmanco\AppData\Roaming\Mozilla\Firefox\Profiles\lvhmzsre.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-02-28]
FF Extension: Adblock Plus - C:\Users\lehmanco\AppData\Roaming\Mozilla\Firefox\Profiles\lvhmzsre.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-02-28]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2014-03-29]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-03-29]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM\...\Firefox\Extensions: [{34712C68-7391-4c47-94F3-8F88D49AD632}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ []
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-04-10]
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2012-12-20]

Chrome: 
=======
CHR HomePage: hxxp://www.google.com
CHR Extension: (YouTube) - C:\Users\lehmanco\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-01-01]
CHR Extension: (Google-Suche) - C:\Users\lehmanco\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-01-01]
CHR Extension: (RealDownloader) - C:\Users\lehmanco\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2014-04-10]
CHR Extension: (Google Wallet) - C:\Users\lehmanco\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-10]
CHR Extension: (Google Mail) - C:\Users\lehmanco\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-01-01]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-04-10]
CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2012-11-29]

========================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-04-12] (AVAST Software)
S2 gupdate1ca774368ec4777; C:\Program Files\Google\Update\GoogleUpdate.exe [133104 2009-12-07] (Google Inc.)
R2 HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [65536 2007-09-19] (Hewlett-Packard)
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [38608 2012-11-29] ()
S3 EHOSU; C:\Users\lehmanco\AppData\Local\Temp\EHOSU.exe [X]
S3 WXY; C:\Users\lehmanco\AppData\Local\Temp\WXY.exe [X]

==================== Drivers (Whitelisted) ====================

R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-04-12] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [54832 2014-04-12] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-04-12] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [776976 2014-04-12] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [411552 2014-04-12] (AVAST Software)
R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [57672 2014-04-12] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [180760 2014-04-12] ()
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2014-03-02] (Avira Operations GmbH & Co. KG)
S3 AVMUNET; C:\Windows\System32\DRIVERS\avmunet.sys [15104 2005-02-22] (AVM GmbH)
R2 Hardlock; C:\Windows\system32\drivers\hardlock.sys [693760 2006-11-22] (Aladdin Knowledge Systems Ltd.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 SymIM; system32\DRIVERS\SymIM.sys [X]
S3 SymIMMP; system32\DRIVERS\SymIM.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-16 16:18 - 2014-04-16 16:18 - 00033468 _____ () C:\Users\lehmanco\Downloads\FRST_2.txt
2014-04-16 16:15 - 2014-04-16 16:16 - 01146368 _____ (Farbar) C:\Users\lehmanco\Downloads\FRST.exe
2014-04-16 16:01 - 2014-04-16 16:01 - 00033642 _____ () C:\Users\lehmanco\Downloads\FRST_1.txt
2014-04-16 15:54 - 2014-04-16 15:54 - 00001592 _____ () C:\Users\lehmanco\Downloads\JRT.txt
2014-04-16 15:54 - 2014-04-16 15:54 - 00001592 _____ () C:\Users\lehmanco\Desktop\JRT.txt
2014-04-16 15:48 - 2014-04-16 15:48 - 00000000 ____D () C:\Windows\ERUNT
2014-04-16 15:45 - 2014-04-16 15:45 - 00001717 _____ () C:\Users\lehmanco\Downloads\AdwCleaner[S0].txt
2014-04-16 15:40 - 2014-04-16 15:40 - 00000586 _____ () C:\Windows\PFRO.log
2014-04-16 15:34 - 2014-04-16 15:38 - 00000000 ____D () C:\AdwCleaner
2014-04-16 15:32 - 2014-04-16 15:32 - 01016261 _____ (Thisisu) C:\Users\lehmanco\Downloads\JRT.exe
2014-04-16 15:31 - 2014-04-16 15:31 - 01426178 _____ () C:\Users\lehmanco\Downloads\adwcleaner.exe
2014-04-16 10:36 - 2014-04-16 10:40 - 00033379 _____ () C:\Users\lehmanco\Downloads\Addition.txt
2014-04-16 10:35 - 2014-04-16 16:18 - 00016650 _____ () C:\Users\lehmanco\Downloads\FRST.txt
2014-04-16 10:35 - 2014-04-16 16:18 - 00000000 ____D () C:\FRST
2014-04-15 18:05 - 2014-04-15 19:37 - 00023898 _____ () C:\Users\lehmanco\Documents\ffd.odt
2014-04-12 09:44 - 2014-04-12 09:44 - 00776976 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-04-12 09:44 - 2014-04-12 09:44 - 00411552 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-04-12 09:44 - 2014-04-12 09:44 - 00271264 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-04-12 09:44 - 2014-04-12 09:44 - 00180760 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-04-12 09:44 - 2014-04-12 09:44 - 00067824 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-04-12 09:44 - 2014-04-12 09:44 - 00057672 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2014-04-12 09:44 - 2014-04-12 09:44 - 00054832 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr.sys
2014-04-12 09:44 - 2014-04-12 09:44 - 00049944 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-04-12 09:44 - 2014-04-12 09:44 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-04-12 09:44 - 2014-04-12 09:44 - 00001875 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-04-12 09:38 - 2014-04-12 09:40 - 88551496 _____ (AVAST Software) C:\Users\lehmanco\Downloads\avast_free_antivirus_setup_9.0.2016.exe
2014-04-12 09:20 - 2014-04-12 09:20 - 00000000 ____D () C:\Users\lehmanco\Downloads\avira_registry_cleaner_de
2014-04-12 08:52 - 2014-04-12 08:52 - 00088626 _____ () C:\Users\lehmanco\Downloads\avira_registry_cleaner_de.zip
2014-04-12 08:52 - 2014-04-12 08:52 - 00062138 _____ () C:\Users\lehmanco\Downloads\AV10  Anleitung für die manuelle Deinstallation.htm
2014-04-12 08:51 - 2014-04-12 08:51 - 04464256 _____ (Avira Operations GmbH & Co. KG) C:\Users\lehmanco\Downloads\avira_de_av___ws.exe
2014-04-11 23:31 - 2014-02-23 12:53 - 00916992 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-04-11 23:31 - 2014-02-23 12:52 - 01213440 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-04-11 23:31 - 2014-02-23 12:52 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-04-11 23:31 - 2014-02-23 12:50 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-04-11 23:31 - 2014-02-23 12:48 - 06020096 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-11 23:31 - 2014-02-23 12:48 - 00630272 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-04-11 23:31 - 2014-02-23 12:48 - 00611840 _____ (Microsoft Corporation) C:\Windows\system32\mstime.dll
2014-04-11 23:31 - 2014-02-23 12:48 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-04-11 23:31 - 2014-02-23 12:48 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-04-11 23:31 - 2014-02-23 12:47 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-04-11 23:31 - 2014-02-23 12:47 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-04-11 23:31 - 2014-02-23 12:46 - 11111424 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-04-11 23:31 - 2014-02-23 12:46 - 02005504 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-04-11 23:31 - 2014-02-23 12:46 - 01469440 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-04-11 23:31 - 2014-02-23 12:46 - 00387584 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-04-11 23:31 - 2014-02-23 12:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-04-11 23:31 - 2014-02-23 12:46 - 00164352 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-04-11 23:31 - 2014-02-23 12:46 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-04-11 23:31 - 2014-02-23 12:46 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-04-11 23:31 - 2014-02-23 12:46 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-04-11 23:31 - 2014-02-23 12:44 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\corpol.dll
2014-04-11 23:31 - 2014-02-23 11:12 - 00385024 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-04-11 23:31 - 2014-02-23 09:25 - 00174080 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-04-11 23:31 - 2014-02-23 09:25 - 00133632 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-04-11 23:31 - 2014-02-23 09:23 - 01638912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-11 23:31 - 2014-02-23 09:23 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-04-11 23:31 - 2014-02-06 03:56 - 00894464 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-04-11 11:04 - 2014-04-11 11:05 - 00000000 ____D () C:\Program Files\QuickTime(20)
2014-04-10 09:13 - 2014-04-10 09:13 - 00000000 ____D () C:\Users\lehmanco\AppData\Roaming\AVAST Software
2014-04-10 09:10 - 2014-04-10 09:10 - 00000000 ____D () C:\Program Files\AVAST Software
2014-04-10 09:08 - 2014-04-10 09:08 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-04-09 18:18 - 2014-04-09 18:18 - 00000000 ____D () C:\Users\lehmanco\AppData\Roaming\WinRAR
2014-04-08 19:49 - 2014-04-08 19:49 - 00000000 ____D () C:\Program Files\WinRAR
2014-04-05 15:21 - 2014-04-11 19:09 - 00000000 ____D () C:\Users\lehmanco\AppData\Roaming\LumacDaemon
2014-04-05 15:19 - 2014-04-05 15:19 - 00000000 ____D () C:\Program Files\Lumac
2014-04-05 15:17 - 2014-04-05 15:17 - 00000000 ____D () C:\Program Files\VideoLAN
2014-03-31 16:15 - 2014-04-02 08:36 - 00016312 _____ () C:\Users\lehmanco\Documents\amtsgericht_14_03_31.odt
2014-03-31 07:25 - 2014-03-31 08:24 - 00017417 _____ () C:\Users\lehmanco\Documents\gericht_14_03_31.odt
2014-03-31 07:24 - 2014-03-31 07:24 - 00025048 _____ () C:\Users\lehmanco\Documents\gericht_14_02_05.odt
2014-03-29 11:47 - 2014-03-29 11:47 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-03-27 16:35 - 2014-03-28 20:39 - 00012279 _____ () C:\Users\lehmanco\Documents\amtsgericht_140327.odt
2014-03-21 10:41 - 2014-03-21 10:41 - 04765152 _____ (Piriform Ltd) C:\Users\lehmanco\Downloads\ccsetup411.exe

==================== One Month Modified Files and Folders =======

2014-04-16 16:18 - 2014-04-16 16:18 - 00033468 _____ () C:\Users\lehmanco\Downloads\FRST_2.txt
2014-04-16 16:18 - 2014-04-16 10:35 - 00016650 _____ () C:\Users\lehmanco\Downloads\FRST.txt
2014-04-16 16:18 - 2014-04-16 10:35 - 00000000 ____D () C:\FRST
2014-04-16 16:16 - 2014-04-16 16:15 - 01146368 _____ (Farbar) C:\Users\lehmanco\Downloads\FRST.exe
2014-04-16 16:11 - 2009-12-07 15:51 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-16 16:08 - 2008-01-08 01:02 - 01312890 _____ () C:\Windows\WindowsUpdate.log
2014-04-16 16:05 - 2009-12-07 15:51 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-16 16:05 - 2006-11-02 15:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-16 16:05 - 2006-11-02 14:47 - 00003568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-16 16:05 - 2006-11-02 14:47 - 00003568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-16 16:02 - 2006-11-02 15:01 - 00032564 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-04-16 16:01 - 2014-04-16 16:01 - 00033642 _____ () C:\Users\lehmanco\Downloads\FRST_1.txt
2014-04-16 15:54 - 2014-04-16 15:54 - 00001592 _____ () C:\Users\lehmanco\Downloads\JRT.txt
2014-04-16 15:54 - 2014-04-16 15:54 - 00001592 _____ () C:\Users\lehmanco\Desktop\JRT.txt
2014-04-16 15:48 - 2014-04-16 15:48 - 00000000 ____D () C:\Windows\ERUNT
2014-04-16 15:45 - 2014-04-16 15:45 - 00001717 _____ () C:\Users\lehmanco\Downloads\AdwCleaner[S0].txt
2014-04-16 15:40 - 2014-04-16 15:40 - 00000586 _____ () C:\Windows\PFRO.log
2014-04-16 15:38 - 2014-04-16 15:34 - 00000000 ____D () C:\AdwCleaner
2014-04-16 15:32 - 2014-04-16 15:32 - 01016261 _____ (Thisisu) C:\Users\lehmanco\Downloads\JRT.exe
2014-04-16 15:31 - 2014-04-16 15:31 - 01426178 _____ () C:\Users\lehmanco\Downloads\adwcleaner.exe
2014-04-16 14:27 - 2009-01-28 17:27 - 00001052 _____ () C:\Windows\Tasks\Google Software Updater.job
2014-04-16 10:40 - 2014-04-16 10:36 - 00033379 _____ () C:\Users\lehmanco\Downloads\Addition.txt
2014-04-16 10:15 - 2006-11-02 12:33 - 01572206 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-16 10:07 - 2012-10-25 19:01 - 00000000 ____D () C:\Program Files\Amazon
2014-04-16 10:06 - 2008-04-01 18:54 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-04-16 10:06 - 2008-04-01 18:54 - 00000000 ____D () C:\Program Files\Adobe
2014-04-16 10:05 - 2008-02-29 16:07 - 00000538 _____ () C:\Windows\BewEingVor.Dat
2014-04-16 10:05 - 2008-02-29 16:05 - 00000000 ____D () C:\Progamm
2014-04-15 19:37 - 2014-04-15 18:05 - 00023898 _____ () C:\Users\lehmanco\Documents\ffd.odt
2014-04-15 18:42 - 2008-02-16 20:05 - 00000424 ____H () C:\Windows\Tasks\User_Feed_Synchronization-{8AFAF6A5-EC56-4781-8D03-2B9EF22E2F53}.job
2014-04-12 17:13 - 2009-12-07 15:44 - 00001965 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-04-12 09:44 - 2014-04-12 09:44 - 00776976 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-04-12 09:44 - 2014-04-12 09:44 - 00411552 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-04-12 09:44 - 2014-04-12 09:44 - 00271264 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-04-12 09:44 - 2014-04-12 09:44 - 00180760 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-04-12 09:44 - 2014-04-12 09:44 - 00067824 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-04-12 09:44 - 2014-04-12 09:44 - 00057672 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2014-04-12 09:44 - 2014-04-12 09:44 - 00054832 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr.sys
2014-04-12 09:44 - 2014-04-12 09:44 - 00049944 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-04-12 09:44 - 2014-04-12 09:44 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-04-12 09:44 - 2014-04-12 09:44 - 00001875 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-04-12 09:43 - 2006-11-02 14:37 - 00000000 ____D () C:\Program Files\Windows Sidebar
2014-04-12 09:40 - 2014-04-12 09:38 - 88551496 _____ (AVAST Software) C:\Users\lehmanco\Downloads\avast_free_antivirus_setup_9.0.2016.exe
2014-04-12 09:27 - 2006-11-02 14:47 - 00363520 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-04-12 09:20 - 2014-04-12 09:20 - 00000000 ____D () C:\Users\lehmanco\Downloads\avira_registry_cleaner_de
2014-04-12 08:52 - 2014-04-12 08:52 - 00088626 _____ () C:\Users\lehmanco\Downloads\avira_registry_cleaner_de.zip
2014-04-12 08:52 - 2014-04-12 08:52 - 00062138 _____ () C:\Users\lehmanco\Downloads\AV10  Anleitung für die manuelle Deinstallation.htm
2014-04-12 08:51 - 2014-04-12 08:51 - 04464256 _____ (Avira Operations GmbH & Co. KG) C:\Users\lehmanco\Downloads\avira_de_av___ws.exe
2014-04-12 08:22 - 2013-08-15 09:36 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-12 08:20 - 2006-11-02 12:24 - 88028728 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-04-11 23:13 - 2013-12-13 17:47 - 00000000 ____D () C:\Users\lehmanco\AppData\Local\Amazon Cloud Player
2014-04-11 23:13 - 2008-11-12 15:54 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-04-11 23:11 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\system32\Msdtc
2014-04-11 23:10 - 2008-03-31 00:00 - 00000000 ____D () C:\Users\lehmanco
2014-04-11 23:10 - 2006-11-02 12:22 - 49283072 _____ () C:\Windows\system32\config\components_previous
2014-04-11 23:10 - 2006-11-02 12:22 - 47710208 _____ () C:\Windows\system32\config\software_previous
2014-04-11 23:10 - 2006-11-02 12:22 - 24903680 _____ () C:\Windows\system32\config\system_previous
2014-04-11 23:10 - 2006-11-02 12:22 - 04194304 _____ () C:\Windows\system32\config\default_previous
2014-04-11 23:10 - 2006-11-02 12:22 - 00262144 _____ () C:\Windows\system32\config\security_previous
2014-04-11 23:10 - 2006-11-02 12:22 - 00262144 _____ () C:\Windows\system32\config\sam_previous
2014-04-11 23:09 - 2013-12-13 17:47 - 00000000 ____D () C:\Users\lehmanco\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon Cloud Player
2014-04-11 23:09 - 2013-02-24 11:45 - 00000000 ____D () C:\ProgramData\Apple Computer
2014-04-11 23:09 - 2013-02-24 11:45 - 00000000 ____D () C:\Program Files\QuickTime
2014-04-11 23:09 - 2012-10-31 16:41 - 00000000 ____D () C:\Program Files\Avira
2014-04-11 23:09 - 2008-11-12 15:54 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy
2014-04-11 23:09 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\system32\spool
2014-04-11 23:08 - 2009-11-23 11:20 - 00000000 ____D () C:\ProgramData\Real
2014-04-11 23:08 - 2006-11-02 00:00 - 00000000 ____D () C:\Windows\registration
2014-04-11 19:09 - 2014-04-05 15:21 - 00000000 ____D () C:\Users\lehmanco\AppData\Roaming\LumacDaemon
2014-04-11 11:05 - 2014-04-11 11:04 - 00000000 ____D () C:\Program Files\QuickTime(20)
2014-04-10 17:27 - 2008-02-16 19:21 - 00000000 ____D () C:\Users\lehmanco\AppData\Local\Adobe
2014-04-10 17:11 - 2012-10-25 19:01 - 00000000 ____D () C:\Users\lehmanco\AppData\Roaming\Amazon
2014-04-10 09:13 - 2014-04-10 09:13 - 00000000 ____D () C:\Users\lehmanco\AppData\Roaming\AVAST Software
2014-04-10 09:10 - 2014-04-10 09:10 - 00000000 ____D () C:\Program Files\AVAST Software
2014-04-10 09:08 - 2014-04-10 09:08 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-04-09 18:18 - 2014-04-09 18:18 - 00000000 ____D () C:\Users\lehmanco\AppData\Roaming\WinRAR
2014-04-08 19:49 - 2014-04-08 19:49 - 00000000 ____D () C:\Program Files\WinRAR
2014-04-05 15:19 - 2014-04-05 15:19 - 00000000 ____D () C:\Program Files\Lumac
2014-04-05 15:19 - 2007-12-12 21:53 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-04-05 15:17 - 2014-04-05 15:17 - 00000000 ____D () C:\Program Files\VideoLAN
2014-04-02 08:36 - 2014-03-31 16:15 - 00016312 _____ () C:\Users\lehmanco\Documents\amtsgericht_14_03_31.odt
2014-03-31 08:24 - 2014-03-31 07:25 - 00017417 _____ () C:\Users\lehmanco\Documents\gericht_14_03_31.odt
2014-03-31 07:24 - 2014-03-31 07:24 - 00025048 _____ () C:\Users\lehmanco\Documents\gericht_14_02_05.odt
2014-03-30 08:25 - 2012-05-19 22:28 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-03-29 11:47 - 2014-03-29 11:47 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-03-28 20:39 - 2014-03-27 16:35 - 00012279 _____ () C:\Users\lehmanco\Documents\amtsgericht_140327.odt
2014-03-21 10:42 - 2011-03-05 17:20 - 00000000 ____D () C:\Program Files\CCleaner
2014-03-21 10:41 - 2014-03-21 10:41 - 04765152 _____ (Piriform Ltd) C:\Users\lehmanco\Downloads\ccsetup411.exe

Files to move or delete:
====================
C:\Users\lehmanco\CTX.DAT


Some content of TEMP:
====================
C:\Users\lehmanco\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-04-16 16:10

==================== End Of Log ============================

--- --- ---

FRST-Addition

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 16-04-2014 01
Ran by lehmanco at 2014-04-16 16:18:53
Running from C:\Users\lehmanco\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

5.0.1 (HKLM\...\GPS-Track-Analyse.NET_is1) (Version:  - )
7-Zip 9.20 (HKLM\...\7-Zip) (Version:  - )
Adobe Flash Player 10 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 10.0.32.18 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Reader X (10.1.9) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)
Amazon Cloud Player (HKCU\...\Amazon Amazon Cloud Player) (Version: 2.2.0.399 - Amazon Services LLC)
Apple Application Support (HKLM\...\{F5266D28-E0B2-4130-BFC5-EE155AD514DC}) (Version: 2.3 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArcSoft PhotoStudio 5.5 (HKLM\...\{85309D89-7BE9-4094-BB17-24999C6118FC}) (Version:  - ArcSoft)
Audiograbber 1.83 SE  (HKLM\...\Audiograbber) (Version: 1.83 SE  - Audiograbber Deutschland)
avast! Free Antivirus (HKLM\...\Avast) (Version: 9.0.2016 - Avast Software)
BDE 5 (HKLM\...\BDE 5) (Version:  - )
Canon MP Navigator EX 1.0 (HKLM\...\MP Navigator EX 1.0) (Version:  - )
Canon My Printer (HKLM\...\CanonMyPrinter) (Version:  - )
Canon Utilities Easy-PhotoPrint EX (HKLM\...\Easy-PhotoPrint EX) (Version:  - )
Canon Utilities Solution Menu (HKLM\...\CanonSolutionMenu) (Version:  - )
CanoScan 8800F (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ4805) (Version:  - )
CanoScan Toolbox Ver4.1 (HKLM\...\{BCE46757-7674-4416-BEDB-68205A60409E}) (Version:  - )
Cards_Calendar_OrderGift_DoMorePlugout (Version: 1.00.0000 - Hewlett-Packard) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.11 - Piriform)
CD-LabelPrint (HKLM\...\MediaNavigation.CDLabelPrint) (Version:  - )
Compatibility Pack für 2007 Office System (HKLM\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
CorelDRAW Graphics Suite X4 - Capture (Version: 14.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - Content (Version: 14.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - Draw (Version: 14.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - Extra Content (Version: 14.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - Filters (Version: 14.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - FontNav (Version: 14.1 - Corel Corporation) Hidden
CorelDRAW Graphics SUite X4 - ICA (Version: 14.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - IPM (Version: 14.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - Lang BR (Version: 14.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - Lang CZ (Version: 14.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - Lang DE (Version: 14.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - Lang EN (Version: 14.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - Lang ES (Version: 14.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - Lang FR (Version: 14.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - Lang IT (Version: 14.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - Lang NL (Version: 14.1 - Uw bedrijfsnaam) Hidden
CorelDRAW Graphics Suite X4 - Lang PL (Version: 14.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - Lang SU (Version: 14.1 - Yrityksen nimi) Hidden
CorelDRAW Graphics Suite X4 - Lang SV (Version: 14.1 - Ditt företagsnamn) Hidden
CorelDRAW Graphics Suite X4 - PP (Version: 14.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - VBA (Version: 14.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 (Version: 14.1 - Corel Corporation) Hidden
CorelDRAW(R) Graphics Suite X4 - Extra Content (HKLM\...\_{80FDAE30-CDB6-4015-AFC7-86A762A5AD9B}) (Version:  - Corel Corporation)
CorelDRAW(R) Graphics Suite X4 - Windows Shell Extension (HKLM\...\_{CE2DA11A-917F-4CF5-AB55-755EC115DD10}) (Version:  - Corel Corporation)
CorelDRAW(R) Graphics Suite X4 - Windows Shell Extension (Version: 1.1 - Corel Corporation) Hidden
CorelDRAW(R) Graphics Suite X4 (HKLM\...\_{7F05E704-30A6-421A-97A7-8EEB1C7FF010}) (Version:  - Corel Corporation)
CyberLink DVD Suite Deluxe (HKLM\...\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 5.5.1019 - CyberLink Corp.)
DHTML Editing Component (HKLM\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
ElsterFormular (HKLM\...\ElsterFormular 13.1.1.8531k) (Version: 14.1.11318 - Landesfinanzdirektion Thüringen)
Garmin City Navigator Europe NT 2010 (HKLM\...\{C07B86C3-1816-4C59-927E-0287925DFB96}) (Version: 13.0.0.0 - Garmin Ltd or its subsidiaries)
Garmin MapSource (HKLM\...\{58FA5D40-E35A-47ED-8AFA-68CCC758559E}) (Version: 6.15.11 - Garmin Ltd or its subsidiaries)
Garmin USB Drivers (HKLM\...\{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}) (Version: 2.3.0.0 - Garmin Ltd or its subsidiaries)
Garmin USB Drivers (HKLM\...\{B1102A25-3AA3-446B-AA0F-A699B07A02FD}) (Version: 1.0.0.0 - Garmin Ltd or its subsidiaries)
Google Chrome (HKLM\...\Google Chrome) (Version: 34.0.1847.116 - Google Inc.)
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.23.9 - Google Inc.) Hidden
Google Updater (HKLM\...\Google Updater) (Version: 2.4.2432.1652 - Google Inc.)
Hardlock Device Driver (HKLM\...\Hardlock Device Driver) (Version:  - )
Hardlock Gerätetreiber (HKLM\...\Hardlock Gerätetreiber) (Version:  - )
Hardware Diagnose Tools (HKLM\...\PC-Doctor 5 for Windows) (Version: 5.00.4589.14 - PC-Doctor, Inc.)
Hauppauge MCE XP/Vista Software Encoder (2.0.25180) (HKLM\...\Hauppauge MCE2005 Software Encoder) (Version: 2.0.25180 - Hauppauge Computer Works, Inc.)
Hewlett-Packard Active Check (Version: 1.1.11.0 - Hewlett-Packard) Hidden
Hewlett-Packard Asset Agent for Health Check (Version: 2.0.62.5 - HP) Hidden
HP Active Support Library (HKLM\...\{11BB336F-0E58-4977-B866-F24FA334616B}) (Version: 2.3.0.2 - Hewlett-Packard)
HP Customer Experience Enhancements (HKLM\...\{AFAD41A9-9687-48A3-848F-693C11451433}) (Version: 5.4.0.2360 - Hewlett-Packard)
HP Customer Feedback (Version: 1.0.0 - Hewlett-Packard) Hidden
HP Easy Setup - Frontend (HKLM\...\{9885A11E-60E4-417C-B58B-8B31B21C0B8A}) (Version: 5.4.0.2430 - Hewlett-Packard)
HP On-Screen Cap/Num/Scroll Lock Indicator (HKLM\...\OsdMaestro) (Version:  - Hewlett-Packard)
HP Photosmart Essential 2.5 (HKLM\...\HP Photosmart Essential) (Version: 2.5 - HP)
HP Photosmart Essential 2.5 (Version: 1.02.0000 - Hewlett-Packard) Hidden
HP Picasso Media Center Add-In (Version: 1.0.0 - HP) Hidden
HP Total Care Advisor (HKLM\...\{e96b3d28-47d6-43cc-98fd-7069eeab6b11}) (Version: 1.4.20.2435 - Hewlett-Packard)
HP Update (HKLM\...\{11B83AD3-7A46-4C2E-A568-9505981D4C6F}) (Version: 4.000.007.003 - Hewlett-Packard)
HPPhotoSmartPhotobookWebPack1 (Version: 1.00.0000 - Hewlett-Packard) Hidden
Intel(R) Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - )
Java 7 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
jetAudio Basic VX (HKLM\...\{DF8195AF-8E6F-4487-A0EE-196F7E3F4B8A}) (Version: 8.0.16 - COWON)
LabelPrint (HKLM\...\{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.2.2209 - CyberLink Corp.)
LightScribe System Software  1.10.16.1 (HKLM\...\{E6CFBFB5-9232-410C-B353-AF6E614B2681}) (Version: 1.10.16.1 - Ihr Firmenname)
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint Viewer 2007 (German) (HKLM\...\{95120000-00AF-0407-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM\...\{39D0E034-1042-4905-BECB-5502909FCB7C}) (Version: 9.7.0621 - Microsoft Corporation)
Mozilla Firefox 28.0 (x86 de) (HKLM\...\Mozilla Firefox 28.0 (x86 de)) (Version: 28.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
muvee autoProducer 6.1 (HKLM\...\{E8C2622C-9FF1-4F60-8008-A0208154F9F3}) (Version: 6.10.050 - muvee Technologies)
My HP Games (HKLM\...\WildTangent hp Master Uninstall) (Version: HPCMPQ1902 - WildTangent)
Nero - Burning Rom (HKLM\...\{A4D7B764-4140-11D4-88EB-0050DA3579C0}) (Version: 5.5.8.0 - ahead software gmbh)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version:  - )
OpenOffice.org 3.0 (HKLM\...\{04B45310-A5FE-4425-BFCA-1A6D8920DE74}) (Version: 3.0.9358 - OpenOffice.org)
Optimierte Multimedia-Tastatur-Lösung (HKLM\...\KBD) (Version:  - Hewlett-Packard)
Power2Go (HKLM\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.3417 - CyberLink Corp.)
PowerDirector (HKLM\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 6.5.2209 - CyberLink Corp.)
PowerDirector (Version: 6.5.2209 - CyberLink Corp.) Hidden
Presto! PageManager 7.15.16 (HKLM\...\{D2D6B9EB-C6DC-4DAA-B4DE-BB7D9735E7DA}) (Version: 7.15.16 - NewSoft Technology Corporation)
PSSWCORE (Version: 2.02.0000 - Hewlett-Packard) Hidden
Python 2.5 (HKLM\...\{0A2C5854-557E-48C8-835A-3B9F074BDCAA}) (Version: 2.5.150 - Martin v. Löwis)
QuickTime (HKLM\...\{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}) (Version: 7.73.80.64 - Apple Inc.)
RealDownloader (Version: 1.3.0 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM\...\RealPlayer 16.0) (Version: 16.0.0 - RealNetworks)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5548 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden
ScanSoft OmniPage SE 4 (HKLM\...\{DEE88727-779B-47A9-ACEF-F87CA5F92A65}) (Version: 15.2.0020 - Nuance Communications, Inc.)
Security Task Manager 1.6e (HKLM\...\Security Task Manager) (Version: 1.6e - Neuber GbR)
SPIRIT 15 (HKLM\...\SPIRIT 15_is1) (Version:  - SOFTTECH GmbH)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.0 - Safer Networking Limited)
Supreme Auction (HKLM\...\Supreme Auction_is1) (Version:  - )
Testversion von Microsoft Office Home and Student 2007 (HKLM\...\OfficeTrial) (Version:  - )
Trojan Remover 6.7.4 (HKLM\...\Trojan Remover_is1) (Version: 6.7.4 - Simply Super Software)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
VideoToolkit01 (Version: 100.0.128.000 - Hewlett-Packard) Hidden
Visual Basic for Applications (R) Core - English (Version: 6.4.99.69 - Microsoft Corporation) Hidden
Visual Basic for Applications (R) Core - German (Version: 6.4.99.69 - Microsoft Corporation) Hidden
Visual Basic for Applications (R) Core (Version: 6.4.99.69 - Microsoft Corporation) Hidden
Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (06/03/2009 2.3.0.0) (HKLM\...\49CF605F02C7954F4E139D18828DE298CD59217C) (Version: 06/03/2009 2.3.0.0 - Garmin)
Xvid Video Codec (HKLM\...\Xvid Video Codec 1.3.2) (Version: 1.3.2 - Xvid Team)

==================== Restore Points  =========================

25-03-2014 18:22:10 Geplanter Prüfpunkt
26-03-2014 12:03:28 Geplanter Prüfpunkt
27-03-2014 14:00:25 Geplanter Prüfpunkt
28-03-2014 13:56:39 Geplanter Prüfpunkt
29-03-2014 16:23:30 Geplanter Prüfpunkt
30-03-2014 17:49:59 Geplanter Prüfpunkt
31-03-2014 17:33:09 Geplanter Prüfpunkt
01-04-2014 11:14:08 Geplanter Prüfpunkt
02-04-2014 16:37:40 Geplanter Prüfpunkt
03-04-2014 17:00:42 Geplanter Prüfpunkt
04-04-2014 11:22:32 Geplanter Prüfpunkt
05-04-2014 13:06:52 Geplanter Prüfpunkt
05-04-2014 13:19:32 Installed Lumac
06-04-2014 18:12:54 Geplanter Prüfpunkt
07-04-2014 16:38:47 Geplanter Prüfpunkt
08-04-2014 15:57:38 Geplanter Prüfpunkt
09-04-2014 09:05:35 Geplanter Prüfpunkt
09-04-2014 21:31:28 Windows Update
10-04-2014 07:09:09 avast! antivirus system restore point
11-04-2014 21:02:07 Wiederherstellungsvorgang
12-04-2014 06:19:14 Windows Update
12-04-2014 07:42:08 avast! antivirus system restore point
13-04-2014 07:44:23 Geplanter Prüfpunkt
14-04-2014 11:43:24 Geplanter Prüfpunkt
15-04-2014 12:31:28 Geplanter Prüfpunkt
16-04-2014 12:27:53 Geplanter Prüfpunkt

==================== Hosts content: ==========================

2006-11-02 12:23 - 2010-02-25 09:48 - 00380346 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
127.0.0.1	www.007guard.com
127.0.0.1	007guard.com
127.0.0.1	008i.com
127.0.0.1	www.008k.com
127.0.0.1	008k.com
127.0.0.1	www.00hq.com
127.0.0.1	00hq.com
127.0.0.1	010402.com
127.0.0.1	www.032439.com
127.0.0.1	032439.com
127.0.0.1	www.0scan.com
127.0.0.1	0scan.com
127.0.0.1	www.1000gratisproben.com
127.0.0.1	1000gratisproben.com
127.0.0.1	www.1001namen.com
127.0.0.1	1001namen.com
127.0.0.1	100888290cs.com
127.0.0.1	www.100888290cs.com
127.0.0.1	100sexlinks.com
127.0.0.1	www.100sexlinks.com
127.0.0.1	10sek.com
127.0.0.1	www.10sek.com
127.0.0.1	www.1-2005-search.com
127.0.0.1	1-2005-search.com
127.0.0.1	123haustiereundmehr.com
127.0.0.1	www.123haustiereundmehr.com
127.0.0.1	123moviedownload.com
127.0.0.1	www.123moviedownload.com

There are 1000 more lines.


==================== Scheduled Tasks (whitelisted) =============

Task: {1B2AFE08-CE76-45B4-942B-0F4B29A081E7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2009-12-07] (Google Inc.)
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {2B462BA8-1718-40A6-9549-E3E4A5C9D39A} - System32\Tasks\JavaUpdatelehmanco => C:\Windows\system32\jusched.exe
Task: {2E30B115-0DDD-4A6C-AD8C-4AA0D7FE37F4} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-04-12] (AVAST Software)
Task: {377CABE7-9E4F-4741-B67E-51A808FC9A36} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2009-12-07] (Google Inc.)
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-19] (Microsoft Corporation)
Task: {7D36BD2F-AB8D-478C-95B9-26FE6D5C7613} - System32\Tasks\JavaUpdateAdministrator => C:\Windows\system32\jusched.exe
Task: {7D84659A-0FB3-4FAD-BE8B-C3AFA07CA145} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - lehmanco => C:\Program Files\Windows Calendar\WinCal.exe [2009-04-11] (Microsoft Corporation)
Task: {855EBBCA-B5FD-43D3-9EBA-A5406A388B67} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-02-20] (Piriform Ltd)
Task: {8BB8CF1D-AC45-4D09-881A-64596F96E3A5} - System32\Tasks\PC-Doctor\Scheduled Maintanence => C:\Program Files\PC-Doctor 5 for Windows\RunProfiler.exe [2007-06-25] (PC-Doctor, Inc.)
Task: {9B60838B-E566-4E8E-9522-E629C160D81F} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {9B6A50B7-5B48-4532-A707-7A3DE9D68DAC} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2961654822-264804067-3346831401-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2012-11-30] (RealNetworks, Inc.)
Task: {E20165C5-8F48-42E5-A6AC-A0353FC8E248} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2961654822-264804067-3346831401-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2012-11-30] (RealNetworks, Inc.)
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-05] ()
Task: {E606CF7A-AEED-441F-912B-86FDD4EF5709} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-2961654822-264804067-3346831401-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2012-11-30] (RealNetworks, Inc.)
Task: {F2948D04-92B6-49F5-889C-1ECDD83B64C5} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {F4980378-8457-4CC4-95E9-5B69E6261171} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-2961654822-264804067-3346831401-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2012-11-30] (RealNetworks, Inc.)
Task: C:\Windows\Tasks\Google Software Updater.job => C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\User_Feed_Synchronization-{8AFAF6A5-EC56-4781-8D03-2B9EF22E2F53}.job => C:\Windows\system32\msfeedssync.exe

==================== Loaded Modules (whitelisted) =============

2014-04-16 13:07 - 2014-04-16 13:07 - 02213376 _____ () C:\Program Files\AVAST Software\Avast\defs\14041600\algo.dll
2012-11-29 21:31 - 2012-11-29 21:31 - 00038608 _____ () C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
2009-02-10 16:36 - 2006-09-20 09:35 - 00020480 _____ () C:\Windows\System32\spool\drivers\w32x86\3\WrtMon.exe
2014-04-12 09:44 - 2014-04-12 09:44 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2013-12-13 17:47 - 2013-12-12 21:56 - 03145536 _____ () C:\Users\lehmanco\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
2009-02-10 16:36 - 2006-10-30 17:59 - 00024576 _____ () C:\Windows\System32\spool\drivers\w32x86\3\WrtProc.exe
2014-03-29 11:47 - 2014-03-29 11:47 - 03642480 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\TEMP:A8ADE5D8
AlternateDataStreams: C:\ProgramData\TEMP:CB0AACC9
AlternateDataStreams: C:\ProgramData\TEMP:DFC5A2B2
AlternateDataStreams: C:\Users\lehmanco\Downloads\lynnejb021312-whitebedvid_full.mov:TOC.WMV

==================== Safe Mode (whitelisted) ===================


==================== Disabled items from MSCONFIG ==============

MSCONFIG\startupreg: CanonMyPrinter => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
MSCONFIG\startupreg: CanonSolutionMenu => C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
MSCONFIG\startupreg: HP Health Check Scheduler => [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
MSCONFIG\startupreg: HP Software Update => c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: HPAdvisor => C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun
MSCONFIG\startupreg: OpwareSE4 => "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: RtHDVCpl => RtHDVCpl.exe
MSCONFIG\startupreg: SSBkgdUpdate => "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
MSCONFIG\startupreg: TrojanScanner => C:\Program Files\Trojan Remover\Trjscan.exe
MSCONFIG\startupreg: WMPNSCFG => C:\Program Files\Windows Media Player\WMPNSCFG.exe
MSCONFIG\startupreg: Xvid => C:\Program Files\Xvid\CheckUpdate.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/16/2014 04:16:21 PM) (Source: Application Error) (User: )
Description: Fehlerhafte Anwendung FRST.exe, Version 3.3.10.2, Zeitstempel 0x534e7e0c, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000, Ausnahmecode 0xc0000005, Fehleroffset 0x00000000,
Prozess-ID 0x1330, Anwendungsstartzeit FRST.exe0.


System errors:
=============
Error: (04/16/2014 04:06:40 PM) (Source: Service Control Manager) (User: )
Description: i8042prt

Error: (04/16/2014 04:05:17 PM) (Source: Microsoft-Windows-TaskScheduler) (User: NT-AUTORITÄT)
Description: 2147942402


Microsoft Office Sessions:
=========================
Error: (04/16/2014 04:16:21 PM) (Source: Application Error)(User: )
Description: FRST.exe3.3.10.2534e7e0cunknown0.0.0.000000000c000000500000000133001cf597e6c1f189a


CodeIntegrity Errors:
===================================
  Date: 2014-04-10 19:05:59.052
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-04-10 19:05:58.771
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-04-10 19:05:58.490
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-04-10 19:05:58.194
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-04-10 19:05:57.882
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-04-10 19:05:57.585
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-04-10 19:05:57.242
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_b38d4a937f96be60\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-04-10 19:05:56.961
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_b38d4a937f96be60\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-04-10 19:05:56.634
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_b38d4a937f96be60\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-04-10 19:05:56.337
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_b38d4a937f96be60\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Percentage of memory in use: 56%
Total physical RAM: 2046.58 MB
Available physical RAM: 886.75 MB
Total Pagefile: 4336.17 MB
Available Pagefile: 2935.79 MB
Total Virtual: 2047.88 MB
Available Virtual: 1914.87 MB

==================== Drives ================================

Drive c: (HP) (Fixed) (Total:688.54 GB) (Free:536.74 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (FACTORY_IMAGE) (Fixed) (Total:10.1 GB) (Free:1.37 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive k: (TOSHIBA EXT) (Fixed) (Total:931.51 GB) (Free:766.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 699 GB) (Disk ID: 1549F232)
Partition 1: (Active) - (Size=689 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=10 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: B2785FB0)

Partition: GPT Partition Type.

==================== End Of Log ============================

schon mal vorab danke für die weitere Hilfe

ich gerade eine fehlermelfung bekommen => Aut2Exe funktioniert nicht mehr => was bedeutet das ?

kannst du mir vielleicht ein kurzes Feedback/meinung in bezug auf
- Fritzbox => ist das so wie ich befürchte oder spinne ich....
- ist der 2.Fund schon seit dem 18.01. auf dem PC

danke und gruß

cosinus · 16.04.2014, 21:12

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

C:\Users\lehmanco\CTX.DAT
C:\Windows\BewEingVor.Dat
C:\Users\lehmanco\AppData\Local\Temp\EHOSU.exe
C:\Users\lehmanco\AppData\Local\Temp\WXY.exe
S3 EHOSU; C:\Users\lehmanco\AppData\Local\Temp\EHOSU.exe [X]
S3 WXY; C:\Users\lehmanco\AppData\Local\Temp\WXY.exe [X]

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

lehmanc · 17.04.2014, 07:51

guten morgen, anbei das fixlog

Code:

ATTFilter

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 17-04-2014
Ran by lehmanco at 2014-04-17 08:49:44 Run:1
Running from C:\Users\lehmanco\Downloads
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
C:\Users\lehmanco\CTX.DAT
C:\Windows\BewEingVor.Dat
C:\Users\lehmanco\AppData\Local\Temp\EHOSU.exe
C:\Users\lehmanco\AppData\Local\Temp\WXY.exe
S3 EHOSU; C:\Users\lehmanco\AppData\Local\Temp\EHOSU.exe [X]
S3 WXY; C:\Users\lehmanco\AppData\Local\Temp\WXY.exe [X]
         
*****************

C:\Users\lehmanco\CTX.DAT => Moved successfully.
C:\Windows\BewEingVor.Dat => Moved successfully.
"C:\Users\lehmanco\AppData\Local\Temp\EHOSU.exe" => File/Directory not found.
"C:\Users\lehmanco\AppData\Local\Temp\WXY.exe" => File/Directory not found.
EHOSU => Service deleted successfully.
WXY => Service deleted successfully.

==== End of Fixlog ====

cosinus · 17.04.2014, 07:56

Dann zeig mal frische FRST Logs. Haken setzen bei addition.txt dann auf Scan klicken

lehmanc · 17.04.2014, 08:22

anbei

FRST-editor

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 17-04-2014
Ran by lehmanco (administrator) on LEHMANCO-PC on 17-04-2014 09:16:29
Running from C:\Users\lehmanco\Downloads
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Hewlett-Packard Company) c:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
(Hewlett-Packard) c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
(Hewlett-Packard Company) C:\hp\support\hpsysdrv.exe
(OsdMaestro) C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
() C:\Windows\System32\spool\drivers\w32x86\3\WrtMon.exe
(RealNetworks, Inc.) C:\Program Files\Real\realplayer\Update\realsched.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
() C:\Windows\System32\spool\drivers\w32x86\3\WrtProc.exe
() C:\Users\lehmanco\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Hewlett-Packard Company) C:\hp\kbd\kbd.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
(Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-19] (Microsoft Corporation)
HKLM\...\Run: [hpsysdrv] => c:\hp\support\hpsysdrv.exe [65536 2007-04-18] (Hewlett-Packard Company)
HKLM\...\Run: [KBD] => C:\HP\KBD\KbdStub.EXE [65536 2006-12-08] ()
HKLM\...\Run: [OsdMaestro] => C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe [118784 2007-02-15] (OsdMaestro)
HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [178712 2007-07-12] (Intel Corporation)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [NvSvc] => C:\Windows\system32\nvsvc.dll [92704 2008-01-10] (NVIDIA Corporation)
HKLM\...\Run: [NvCplDaemon] => C:\Windows\system32\NvCpl.dll [8530464 2008-01-10] (NVIDIA Corporation)
HKLM\...\Run: [NvMediaCenter] => C:\Windows\system32\NvMcTray.dll [88608 2008-01-10] (NVIDIA Corporation)
HKLM\...\Run: [WrtMon.exe] => C:\Windows\system32\spool\drivers\w32x86\3\WrtMon.exe [20480 2006-09-20] ()
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-10-11] (Apple Inc.)
HKLM\...\Run: [TkBellExe] => c:\program files\real\realplayer\Update\realsched.exe [295072 2012-12-20] (RealNetworks, Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4874240 2008-01-15] (Realtek Semiconductor)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3854640 2014-04-12] (AVAST Software)
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-2961654822-264804067-3346831401-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-19] (Microsoft Corporation)
HKU\S-1-5-21-2961654822-264804067-3346831401-1000\...\Run: [SpybotSD TeaTimer] => C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
HKU\S-1-5-21-2961654822-264804067-3346831401-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-19] (Microsoft Corporation)
HKU\S-1-5-21-2961654822-264804067-3346831401-1000\...\Run: [Amazon Cloud Player] => C:\Users\lehmanco\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe [3145536 2013-12-12] ()
HKU\S-1-5-21-2961654822-264804067-3346831401-1000\...\MountPoints2: {304db934-cb6c-11de-987f-001e8c5b218d} - K:\preinst.exe

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
SearchScopes: HKLM - DefaultScope value is missing.
BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0045-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\lehmanco\AppData\Roaming\Mozilla\Firefox\Profiles\lvhmzsre.default
FF Homepage: hxxp://www.google.de/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin: @bittorrent.com/BitTorrentDNA - C:\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
FF Plugin: @garmin.com/GpsControl - C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @pack.google.com/Google Updater;version=14 - C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF Plugin: @real.com/nppl3260;version=16.0.0.282 - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.0 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.0 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.0 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=16.0.0.282 - c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npbittorrent.dll (BitTorrent, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpplugin.dll (RealPlayer)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Garmin Communicator - C:\Users\lehmanco\AppData\Roaming\Mozilla\Firefox\Profiles\lvhmzsre.default\Extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} [2013-11-27]
FF Extension: Microsoft .NET Framework Assistant - C:\Users\lehmanco\AppData\Roaming\Mozilla\Firefox\Profiles\lvhmzsre.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010-04-27]
FF Extension: NoScript - C:\Users\lehmanco\AppData\Roaming\Mozilla\Firefox\Profiles\lvhmzsre.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-02-28]
FF Extension: Adblock Plus - C:\Users\lehmanco\AppData\Roaming\Mozilla\Firefox\Profiles\lvhmzsre.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-02-28]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2014-03-29]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-03-29]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM\...\Firefox\Extensions: [{34712C68-7391-4c47-94F3-8F88D49AD632}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ []
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-04-10]
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2012-12-20]

Chrome: 
=======
CHR HomePage: hxxp://www.google.com
CHR StartupUrls: "hxxp://www.google.com"
CHR Extension: (YouTube) - C:\Users\lehmanco\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-01-01]
CHR Extension: (Google-Suche) - C:\Users\lehmanco\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-01-01]
CHR Extension: (RealDownloader) - C:\Users\lehmanco\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2014-04-10]
CHR Extension: (Google Wallet) - C:\Users\lehmanco\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-10]
CHR Extension: (Google Mail) - C:\Users\lehmanco\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-01-01]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-04-10]
CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2012-11-29]

========================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-04-12] (AVAST Software)
S2 gupdate1ca774368ec4777; C:\Program Files\Google\Update\GoogleUpdate.exe [133104 2009-12-07] (Google Inc.)
R2 HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [65536 2007-09-19] (Hewlett-Packard)
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [38608 2012-11-29] ()

==================== Drivers (Whitelisted) ====================

R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-04-12] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [54832 2014-04-12] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-04-12] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [776976 2014-04-12] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [411552 2014-04-12] (AVAST Software)
R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [57672 2014-04-12] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [180760 2014-04-12] ()
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2014-03-02] (Avira Operations GmbH & Co. KG)
S3 AVMUNET; C:\Windows\System32\DRIVERS\avmunet.sys [15104 2005-02-22] (AVM GmbH)
R2 Hardlock; C:\Windows\system32\drivers\hardlock.sys [693760 2006-11-22] (Aladdin Knowledge Systems Ltd.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 SymIM; system32\DRIVERS\SymIM.sys [X]
S3 SymIMMP; system32\DRIVERS\SymIM.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-16 16:22 - 2014-04-16 16:22 - 00027133 _____ () C:\Users\lehmanco\Downloads\Addition_1.txt
2014-04-16 16:18 - 2014-04-16 16:18 - 00033468 _____ () C:\Users\lehmanco\Downloads\FRST_2.txt
2014-04-16 16:15 - 2014-04-17 08:40 - 01146880 _____ (Farbar) C:\Users\lehmanco\Downloads\FRST.exe
2014-04-16 16:01 - 2014-04-16 16:01 - 00033642 _____ () C:\Users\lehmanco\Downloads\FRST_1.txt
2014-04-16 15:54 - 2014-04-16 15:54 - 00001592 _____ () C:\Users\lehmanco\Downloads\JRT.txt
2014-04-16 15:54 - 2014-04-16 15:54 - 00001592 _____ () C:\Users\lehmanco\Desktop\JRT.txt
2014-04-16 15:48 - 2014-04-16 15:48 - 00000000 ____D () C:\Windows\ERUNT
2014-04-16 15:45 - 2014-04-16 15:45 - 00001717 _____ () C:\Users\lehmanco\Downloads\AdwCleaner[S0].txt
2014-04-16 15:34 - 2014-04-16 15:38 - 00000000 ____D () C:\AdwCleaner
2014-04-16 15:32 - 2014-04-16 15:32 - 01016261 _____ (Thisisu) C:\Users\lehmanco\Downloads\JRT.exe
2014-04-16 15:31 - 2014-04-16 15:31 - 01426178 _____ () C:\Users\lehmanco\Downloads\adwcleaner.exe
2014-04-16 10:36 - 2014-04-16 16:21 - 00027133 _____ () C:\Users\lehmanco\Downloads\Addition.txt
2014-04-16 10:35 - 2014-04-17 09:16 - 00016655 _____ () C:\Users\lehmanco\Downloads\FRST.txt
2014-04-16 10:35 - 2014-04-17 09:16 - 00000000 ____D () C:\FRST
2014-04-15 18:05 - 2014-04-15 19:37 - 00023898 _____ () C:\Users\lehmanco\Documents\ffd.odt
2014-04-12 09:44 - 2014-04-12 09:44 - 00776976 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-04-12 09:44 - 2014-04-12 09:44 - 00411552 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-04-12 09:44 - 2014-04-12 09:44 - 00271264 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-04-12 09:44 - 2014-04-12 09:44 - 00180760 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-04-12 09:44 - 2014-04-12 09:44 - 00067824 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-04-12 09:44 - 2014-04-12 09:44 - 00057672 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2014-04-12 09:44 - 2014-04-12 09:44 - 00054832 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr.sys
2014-04-12 09:44 - 2014-04-12 09:44 - 00049944 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-04-12 09:44 - 2014-04-12 09:44 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-04-12 09:44 - 2014-04-12 09:44 - 00001875 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-04-12 09:38 - 2014-04-12 09:40 - 88551496 _____ (AVAST Software) C:\Users\lehmanco\Downloads\avast_free_antivirus_setup_9.0.2016.exe
2014-04-12 09:20 - 2014-04-12 09:20 - 00000000 ____D () C:\Users\lehmanco\Downloads\avira_registry_cleaner_de
2014-04-12 08:52 - 2014-04-12 08:52 - 00088626 _____ () C:\Users\lehmanco\Downloads\avira_registry_cleaner_de.zip
2014-04-12 08:52 - 2014-04-12 08:52 - 00062138 _____ () C:\Users\lehmanco\Downloads\AV10  Anleitung für die manuelle Deinstallation.htm
2014-04-12 08:51 - 2014-04-12 08:51 - 04464256 _____ (Avira Operations GmbH & Co. KG) C:\Users\lehmanco\Downloads\avira_de_av___ws.exe
2014-04-11 23:31 - 2014-02-23 12:53 - 00916992 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-04-11 23:31 - 2014-02-23 12:52 - 01213440 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-04-11 23:31 - 2014-02-23 12:52 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-04-11 23:31 - 2014-02-23 12:50 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-04-11 23:31 - 2014-02-23 12:48 - 06020096 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-11 23:31 - 2014-02-23 12:48 - 00630272 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-04-11 23:31 - 2014-02-23 12:48 - 00611840 _____ (Microsoft Corporation) C:\Windows\system32\mstime.dll
2014-04-11 23:31 - 2014-02-23 12:48 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-04-11 23:31 - 2014-02-23 12:48 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-04-11 23:31 - 2014-02-23 12:47 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-04-11 23:31 - 2014-02-23 12:47 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-04-11 23:31 - 2014-02-23 12:46 - 11111424 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-04-11 23:31 - 2014-02-23 12:46 - 02005504 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-04-11 23:31 - 2014-02-23 12:46 - 01469440 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-04-11 23:31 - 2014-02-23 12:46 - 00387584 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-04-11 23:31 - 2014-02-23 12:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-04-11 23:31 - 2014-02-23 12:46 - 00164352 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-04-11 23:31 - 2014-02-23 12:46 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-04-11 23:31 - 2014-02-23 12:46 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-04-11 23:31 - 2014-02-23 12:46 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-04-11 23:31 - 2014-02-23 12:44 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\corpol.dll
2014-04-11 23:31 - 2014-02-23 11:12 - 00385024 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-04-11 23:31 - 2014-02-23 09:25 - 00174080 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-04-11 23:31 - 2014-02-23 09:25 - 00133632 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-04-11 23:31 - 2014-02-23 09:23 - 01638912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-11 23:31 - 2014-02-23 09:23 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-04-11 23:31 - 2014-02-06 03:56 - 00894464 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-04-11 11:04 - 2014-04-11 11:05 - 00000000 ____D () C:\Program Files\QuickTime(20)
2014-04-10 09:13 - 2014-04-10 09:13 - 00000000 ____D () C:\Users\lehmanco\AppData\Roaming\AVAST Software
2014-04-10 09:10 - 2014-04-10 09:10 - 00000000 ____D () C:\Program Files\AVAST Software
2014-04-10 09:08 - 2014-04-10 09:08 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-04-09 18:18 - 2014-04-09 18:18 - 00000000 ____D () C:\Users\lehmanco\AppData\Roaming\WinRAR
2014-04-08 19:49 - 2014-04-08 19:49 - 00000000 ____D () C:\Program Files\WinRAR
2014-04-05 15:21 - 2014-04-11 19:09 - 00000000 ____D () C:\Users\lehmanco\AppData\Roaming\LumacDaemon
2014-04-05 15:19 - 2014-04-05 15:19 - 00000000 ____D () C:\Program Files\Lumac
2014-04-05 15:17 - 2014-04-05 15:17 - 00000000 ____D () C:\Program Files\VideoLAN
2014-03-31 16:15 - 2014-04-02 08:36 - 00016312 _____ () C:\Users\lehmanco\Documents\amtsgericht_14_03_31.odt
2014-03-31 07:25 - 2014-03-31 08:24 - 00017417 _____ () C:\Users\lehmanco\Documents\gericht_14_03_31.odt
2014-03-31 07:24 - 2014-03-31 07:24 - 00025048 _____ () C:\Users\lehmanco\Documents\gericht_14_02_05.odt
2014-03-29 11:47 - 2014-03-29 11:47 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-03-27 16:35 - 2014-03-28 20:39 - 00012279 _____ () C:\Users\lehmanco\Documents\amtsgericht_140327.odt
2014-03-21 10:41 - 2014-03-21 10:41 - 04765152 _____ (Piriform Ltd) C:\Users\lehmanco\Downloads\ccsetup411.exe

==================== One Month Modified Files and Folders =======

2014-04-17 09:16 - 2014-04-16 10:35 - 00016655 _____ () C:\Users\lehmanco\Downloads\FRST.txt
2014-04-17 09:16 - 2014-04-16 10:35 - 00000000 ____D () C:\FRST
2014-04-17 09:11 - 2009-12-07 15:51 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-17 09:10 - 2008-01-08 01:02 - 01325785 _____ () C:\Windows\WindowsUpdate.log
2014-04-17 08:49 - 2008-03-31 00:00 - 00000000 ____D () C:\Users\lehmanco
2014-04-17 08:40 - 2014-04-16 16:15 - 01146880 _____ (Farbar) C:\Users\lehmanco\Downloads\FRST.exe
2014-04-17 08:31 - 2009-12-07 15:51 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-17 08:20 - 2006-11-02 15:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-17 08:20 - 2006-11-02 14:47 - 00003568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-17 08:20 - 2006-11-02 14:47 - 00003568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-16 19:55 - 2006-11-02 15:01 - 00032564 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-04-16 16:22 - 2014-04-16 16:22 - 00027133 _____ () C:\Users\lehmanco\Downloads\Addition_1.txt
2014-04-16 16:21 - 2014-04-16 10:36 - 00027133 _____ () C:\Users\lehmanco\Downloads\Addition.txt
2014-04-16 16:18 - 2014-04-16 16:18 - 00033468 _____ () C:\Users\lehmanco\Downloads\FRST_2.txt
2014-04-16 16:01 - 2014-04-16 16:01 - 00033642 _____ () C:\Users\lehmanco\Downloads\FRST_1.txt
2014-04-16 15:54 - 2014-04-16 15:54 - 00001592 _____ () C:\Users\lehmanco\Downloads\JRT.txt
2014-04-16 15:54 - 2014-04-16 15:54 - 00001592 _____ () C:\Users\lehmanco\Desktop\JRT.txt
2014-04-16 15:48 - 2014-04-16 15:48 - 00000000 ____D () C:\Windows\ERUNT
2014-04-16 15:45 - 2014-04-16 15:45 - 00001717 _____ () C:\Users\lehmanco\Downloads\AdwCleaner[S0].txt
2014-04-16 15:38 - 2014-04-16 15:34 - 00000000 ____D () C:\AdwCleaner
2014-04-16 15:32 - 2014-04-16 15:32 - 01016261 _____ (Thisisu) C:\Users\lehmanco\Downloads\JRT.exe
2014-04-16 15:31 - 2014-04-16 15:31 - 01426178 _____ () C:\Users\lehmanco\Downloads\adwcleaner.exe
2014-04-16 14:27 - 2009-01-28 17:27 - 00001052 _____ () C:\Windows\Tasks\Google Software Updater.job
2014-04-16 10:15 - 2006-11-02 12:33 - 01572206 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-16 10:07 - 2012-10-25 19:01 - 00000000 ____D () C:\Program Files\Amazon
2014-04-16 10:06 - 2008-04-01 18:54 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-04-16 10:06 - 2008-04-01 18:54 - 00000000 ____D () C:\Program Files\Adobe
2014-04-16 10:05 - 2008-02-29 16:05 - 00000000 ____D () C:\Progamm
2014-04-15 19:37 - 2014-04-15 18:05 - 00023898 _____ () C:\Users\lehmanco\Documents\ffd.odt
2014-04-15 18:42 - 2008-02-16 20:05 - 00000424 ____H () C:\Windows\Tasks\User_Feed_Synchronization-{8AFAF6A5-EC56-4781-8D03-2B9EF22E2F53}.job
2014-04-12 17:13 - 2009-12-07 15:44 - 00001965 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-04-12 09:44 - 2014-04-12 09:44 - 00776976 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-04-12 09:44 - 2014-04-12 09:44 - 00411552 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-04-12 09:44 - 2014-04-12 09:44 - 00271264 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-04-12 09:44 - 2014-04-12 09:44 - 00180760 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-04-12 09:44 - 2014-04-12 09:44 - 00067824 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-04-12 09:44 - 2014-04-12 09:44 - 00057672 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2014-04-12 09:44 - 2014-04-12 09:44 - 00054832 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr.sys
2014-04-12 09:44 - 2014-04-12 09:44 - 00049944 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-04-12 09:44 - 2014-04-12 09:44 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-04-12 09:44 - 2014-04-12 09:44 - 00001875 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-04-12 09:43 - 2006-11-02 14:37 - 00000000 ____D () C:\Program Files\Windows Sidebar
2014-04-12 09:40 - 2014-04-12 09:38 - 88551496 _____ (AVAST Software) C:\Users\lehmanco\Downloads\avast_free_antivirus_setup_9.0.2016.exe
2014-04-12 09:27 - 2006-11-02 14:47 - 00363520 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-04-12 09:20 - 2014-04-12 09:20 - 00000000 ____D () C:\Users\lehmanco\Downloads\avira_registry_cleaner_de
2014-04-12 08:52 - 2014-04-12 08:52 - 00088626 _____ () C:\Users\lehmanco\Downloads\avira_registry_cleaner_de.zip
2014-04-12 08:52 - 2014-04-12 08:52 - 00062138 _____ () C:\Users\lehmanco\Downloads\AV10  Anleitung für die manuelle Deinstallation.htm
2014-04-12 08:51 - 2014-04-12 08:51 - 04464256 _____ (Avira Operations GmbH & Co. KG) C:\Users\lehmanco\Downloads\avira_de_av___ws.exe
2014-04-12 08:22 - 2013-08-15 09:36 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-12 08:20 - 2006-11-02 12:24 - 88028728 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-04-11 23:13 - 2013-12-13 17:47 - 00000000 ____D () C:\Users\lehmanco\AppData\Local\Amazon Cloud Player
2014-04-11 23:13 - 2008-11-12 15:54 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-04-11 23:11 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\system32\Msdtc
2014-04-11 23:10 - 2006-11-02 12:22 - 49283072 _____ () C:\Windows\system32\config\components_previous
2014-04-11 23:10 - 2006-11-02 12:22 - 47710208 _____ () C:\Windows\system32\config\software_previous
2014-04-11 23:10 - 2006-11-02 12:22 - 24903680 _____ () C:\Windows\system32\config\system_previous
2014-04-11 23:10 - 2006-11-02 12:22 - 04194304 _____ () C:\Windows\system32\config\default_previous
2014-04-11 23:10 - 2006-11-02 12:22 - 00262144 _____ () C:\Windows\system32\config\security_previous
2014-04-11 23:10 - 2006-11-02 12:22 - 00262144 _____ () C:\Windows\system32\config\sam_previous
2014-04-11 23:09 - 2013-12-13 17:47 - 00000000 ____D () C:\Users\lehmanco\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon Cloud Player
2014-04-11 23:09 - 2013-02-24 11:45 - 00000000 ____D () C:\ProgramData\Apple Computer
2014-04-11 23:09 - 2013-02-24 11:45 - 00000000 ____D () C:\Program Files\QuickTime
2014-04-11 23:09 - 2012-10-31 16:41 - 00000000 ____D () C:\Program Files\Avira
2014-04-11 23:09 - 2008-11-12 15:54 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy
2014-04-11 23:09 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\system32\spool
2014-04-11 23:08 - 2009-11-23 11:20 - 00000000 ____D () C:\ProgramData\Real
2014-04-11 23:08 - 2006-11-02 00:00 - 00000000 ____D () C:\Windows\registration
2014-04-11 19:09 - 2014-04-05 15:21 - 00000000 ____D () C:\Users\lehmanco\AppData\Roaming\LumacDaemon
2014-04-11 11:05 - 2014-04-11 11:04 - 00000000 ____D () C:\Program Files\QuickTime(20)
2014-04-10 17:27 - 2008-02-16 19:21 - 00000000 ____D () C:\Users\lehmanco\AppData\Local\Adobe
2014-04-10 17:11 - 2012-10-25 19:01 - 00000000 ____D () C:\Users\lehmanco\AppData\Roaming\Amazon
2014-04-10 09:13 - 2014-04-10 09:13 - 00000000 ____D () C:\Users\lehmanco\AppData\Roaming\AVAST Software
2014-04-10 09:10 - 2014-04-10 09:10 - 00000000 ____D () C:\Program Files\AVAST Software
2014-04-10 09:08 - 2014-04-10 09:08 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-04-09 18:18 - 2014-04-09 18:18 - 00000000 ____D () C:\Users\lehmanco\AppData\Roaming\WinRAR
2014-04-08 19:49 - 2014-04-08 19:49 - 00000000 ____D () C:\Program Files\WinRAR
2014-04-05 15:19 - 2014-04-05 15:19 - 00000000 ____D () C:\Program Files\Lumac
2014-04-05 15:19 - 2007-12-12 21:53 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-04-05 15:17 - 2014-04-05 15:17 - 00000000 ____D () C:\Program Files\VideoLAN
2014-04-02 08:36 - 2014-03-31 16:15 - 00016312 _____ () C:\Users\lehmanco\Documents\amtsgericht_14_03_31.odt
2014-03-31 08:24 - 2014-03-31 07:25 - 00017417 _____ () C:\Users\lehmanco\Documents\gericht_14_03_31.odt
2014-03-31 07:24 - 2014-03-31 07:24 - 00025048 _____ () C:\Users\lehmanco\Documents\gericht_14_02_05.odt
2014-03-30 08:25 - 2012-05-19 22:28 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-03-29 11:47 - 2014-03-29 11:47 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-03-28 20:39 - 2014-03-27 16:35 - 00012279 _____ () C:\Users\lehmanco\Documents\amtsgericht_140327.odt
2014-03-21 10:42 - 2011-03-05 17:20 - 00000000 ____D () C:\Program Files\CCleaner
2014-03-21 10:41 - 2014-03-21 10:41 - 04765152 _____ (Piriform Ltd) C:\Users\lehmanco\Downloads\ccsetup411.exe

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-04-17 08:35

==================== End Of Log ============================

--- --- ---

FRST-Addition

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 17-04-2014
Ran by lehmanco at 2014-04-17 09:16:53
Running from C:\Users\lehmanco\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

5.0.1 (HKLM\...\GPS-Track-Analyse.NET_is1) (Version:  - )
7-Zip 9.20 (HKLM\...\7-Zip) (Version:  - )
Adobe Flash Player 10 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 10.0.32.18 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Reader X (10.1.9) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)
Amazon Cloud Player (HKCU\...\Amazon Amazon Cloud Player) (Version: 2.2.0.399 - Amazon Services LLC)
Apple Application Support (HKLM\...\{F5266D28-E0B2-4130-BFC5-EE155AD514DC}) (Version: 2.3 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArcSoft PhotoStudio 5.5 (HKLM\...\{85309D89-7BE9-4094-BB17-24999C6118FC}) (Version:  - ArcSoft)
Audiograbber 1.83 SE  (HKLM\...\Audiograbber) (Version: 1.83 SE  - Audiograbber Deutschland)
avast! Free Antivirus (HKLM\...\Avast) (Version: 9.0.2016 - Avast Software)
BDE 5 (HKLM\...\BDE 5) (Version:  - )
Canon MP Navigator EX 1.0 (HKLM\...\MP Navigator EX 1.0) (Version:  - )
Canon My Printer (HKLM\...\CanonMyPrinter) (Version:  - )
Canon Utilities Easy-PhotoPrint EX (HKLM\...\Easy-PhotoPrint EX) (Version:  - )
Canon Utilities Solution Menu (HKLM\...\CanonSolutionMenu) (Version:  - )
CanoScan 8800F (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ4805) (Version:  - )
CanoScan Toolbox Ver4.1 (HKLM\...\{BCE46757-7674-4416-BEDB-68205A60409E}) (Version:  - )
Cards_Calendar_OrderGift_DoMorePlugout (Version: 1.00.0000 - Hewlett-Packard) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.11 - Piriform)
CD-LabelPrint (HKLM\...\MediaNavigation.CDLabelPrint) (Version:  - )
Compatibility Pack für 2007 Office System (HKLM\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
CorelDRAW Graphics Suite X4 - Capture (Version: 14.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - Content (Version: 14.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - Draw (Version: 14.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - Extra Content (Version: 14.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - Filters (Version: 14.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - FontNav (Version: 14.1 - Corel Corporation) Hidden
CorelDRAW Graphics SUite X4 - ICA (Version: 14.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - IPM (Version: 14.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - Lang BR (Version: 14.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - Lang CZ (Version: 14.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - Lang DE (Version: 14.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - Lang EN (Version: 14.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - Lang ES (Version: 14.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - Lang FR (Version: 14.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - Lang IT (Version: 14.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - Lang NL (Version: 14.1 - Uw bedrijfsnaam) Hidden
CorelDRAW Graphics Suite X4 - Lang PL (Version: 14.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - Lang SU (Version: 14.1 - Yrityksen nimi) Hidden
CorelDRAW Graphics Suite X4 - Lang SV (Version: 14.1 - Ditt företagsnamn) Hidden
CorelDRAW Graphics Suite X4 - PP (Version: 14.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - VBA (Version: 14.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 (Version: 14.1 - Corel Corporation) Hidden
CorelDRAW(R) Graphics Suite X4 - Extra Content (HKLM\...\_{80FDAE30-CDB6-4015-AFC7-86A762A5AD9B}) (Version:  - Corel Corporation)
CorelDRAW(R) Graphics Suite X4 - Windows Shell Extension (HKLM\...\_{CE2DA11A-917F-4CF5-AB55-755EC115DD10}) (Version:  - Corel Corporation)
CorelDRAW(R) Graphics Suite X4 - Windows Shell Extension (Version: 1.1 - Corel Corporation) Hidden
CorelDRAW(R) Graphics Suite X4 (HKLM\...\_{7F05E704-30A6-421A-97A7-8EEB1C7FF010}) (Version:  - Corel Corporation)
CyberLink DVD Suite Deluxe (HKLM\...\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 5.5.1019 - CyberLink Corp.)
DHTML Editing Component (HKLM\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
ElsterFormular (HKLM\...\ElsterFormular 13.1.1.8531k) (Version: 14.1.11318 - Landesfinanzdirektion Thüringen)
Garmin City Navigator Europe NT 2010 (HKLM\...\{C07B86C3-1816-4C59-927E-0287925DFB96}) (Version: 13.0.0.0 - Garmin Ltd or its subsidiaries)
Garmin MapSource (HKLM\...\{58FA5D40-E35A-47ED-8AFA-68CCC758559E}) (Version: 6.15.11 - Garmin Ltd or its subsidiaries)
Garmin USB Drivers (HKLM\...\{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}) (Version: 2.3.0.0 - Garmin Ltd or its subsidiaries)
Garmin USB Drivers (HKLM\...\{B1102A25-3AA3-446B-AA0F-A699B07A02FD}) (Version: 1.0.0.0 - Garmin Ltd or its subsidiaries)
Google Chrome (HKLM\...\Google Chrome) (Version: 34.0.1847.116 - Google Inc.)
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.23.9 - Google Inc.) Hidden
Google Updater (HKLM\...\Google Updater) (Version: 2.4.2432.1652 - Google Inc.)
Hardlock Device Driver (HKLM\...\Hardlock Device Driver) (Version:  - )
Hardlock Gerätetreiber (HKLM\...\Hardlock Gerätetreiber) (Version:  - )
Hardware Diagnose Tools (HKLM\...\PC-Doctor 5 for Windows) (Version: 5.00.4589.14 - PC-Doctor, Inc.)
Hauppauge MCE XP/Vista Software Encoder (2.0.25180) (HKLM\...\Hauppauge MCE2005 Software Encoder) (Version: 2.0.25180 - Hauppauge Computer Works, Inc.)
Hewlett-Packard Active Check (Version: 1.1.11.0 - Hewlett-Packard) Hidden
Hewlett-Packard Asset Agent for Health Check (Version: 2.0.62.5 - HP) Hidden
HP Active Support Library (HKLM\...\{11BB336F-0E58-4977-B866-F24FA334616B}) (Version: 2.3.0.2 - Hewlett-Packard)
HP Customer Experience Enhancements (HKLM\...\{AFAD41A9-9687-48A3-848F-693C11451433}) (Version: 5.4.0.2360 - Hewlett-Packard)
HP Customer Feedback (Version: 1.0.0 - Hewlett-Packard) Hidden
HP Easy Setup - Frontend (HKLM\...\{9885A11E-60E4-417C-B58B-8B31B21C0B8A}) (Version: 5.4.0.2430 - Hewlett-Packard)
HP On-Screen Cap/Num/Scroll Lock Indicator (HKLM\...\OsdMaestro) (Version:  - Hewlett-Packard)
HP Photosmart Essential 2.5 (HKLM\...\HP Photosmart Essential) (Version: 2.5 - HP)
HP Photosmart Essential 2.5 (Version: 1.02.0000 - Hewlett-Packard) Hidden
HP Picasso Media Center Add-In (Version: 1.0.0 - HP) Hidden
HP Total Care Advisor (HKLM\...\{e96b3d28-47d6-43cc-98fd-7069eeab6b11}) (Version: 1.4.20.2435 - Hewlett-Packard)
HP Update (HKLM\...\{11B83AD3-7A46-4C2E-A568-9505981D4C6F}) (Version: 4.000.007.003 - Hewlett-Packard)
HPPhotoSmartPhotobookWebPack1 (Version: 1.00.0000 - Hewlett-Packard) Hidden
Intel(R) Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - )
Java 7 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
jetAudio Basic VX (HKLM\...\{DF8195AF-8E6F-4487-A0EE-196F7E3F4B8A}) (Version: 8.0.16 - COWON)
LabelPrint (HKLM\...\{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.2.2209 - CyberLink Corp.)
LightScribe System Software  1.10.16.1 (HKLM\...\{E6CFBFB5-9232-410C-B353-AF6E614B2681}) (Version: 1.10.16.1 - Ihr Firmenname)
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint Viewer 2007 (German) (HKLM\...\{95120000-00AF-0407-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM\...\{39D0E034-1042-4905-BECB-5502909FCB7C}) (Version: 9.7.0621 - Microsoft Corporation)
Mozilla Firefox 28.0 (x86 de) (HKLM\...\Mozilla Firefox 28.0 (x86 de)) (Version: 28.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
muvee autoProducer 6.1 (HKLM\...\{E8C2622C-9FF1-4F60-8008-A0208154F9F3}) (Version: 6.10.050 - muvee Technologies)
My HP Games (HKLM\...\WildTangent hp Master Uninstall) (Version: HPCMPQ1902 - WildTangent)
Nero - Burning Rom (HKLM\...\{A4D7B764-4140-11D4-88EB-0050DA3579C0}) (Version: 5.5.8.0 - ahead software gmbh)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version:  - )
OpenOffice.org 3.0 (HKLM\...\{04B45310-A5FE-4425-BFCA-1A6D8920DE74}) (Version: 3.0.9358 - OpenOffice.org)
Optimierte Multimedia-Tastatur-Lösung (HKLM\...\KBD) (Version:  - Hewlett-Packard)
Power2Go (HKLM\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.3417 - CyberLink Corp.)
PowerDirector (HKLM\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 6.5.2209 - CyberLink Corp.)
PowerDirector (Version: 6.5.2209 - CyberLink Corp.) Hidden
Presto! PageManager 7.15.16 (HKLM\...\{D2D6B9EB-C6DC-4DAA-B4DE-BB7D9735E7DA}) (Version: 7.15.16 - NewSoft Technology Corporation)
PSSWCORE (Version: 2.02.0000 - Hewlett-Packard) Hidden
Python 2.5 (HKLM\...\{0A2C5854-557E-48C8-835A-3B9F074BDCAA}) (Version: 2.5.150 - Martin v. Löwis)
QuickTime (HKLM\...\{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}) (Version: 7.73.80.64 - Apple Inc.)
RealDownloader (Version: 1.3.0 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM\...\RealPlayer 16.0) (Version: 16.0.0 - RealNetworks)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5548 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden
ScanSoft OmniPage SE 4 (HKLM\...\{DEE88727-779B-47A9-ACEF-F87CA5F92A65}) (Version: 15.2.0020 - Nuance Communications, Inc.)
Security Task Manager 1.6e (HKLM\...\Security Task Manager) (Version: 1.6e - Neuber GbR)
SPIRIT 15 (HKLM\...\SPIRIT 15_is1) (Version:  - SOFTTECH GmbH)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.0 - Safer Networking Limited)
Supreme Auction (HKLM\...\Supreme Auction_is1) (Version:  - )
Testversion von Microsoft Office Home and Student 2007 (HKLM\...\OfficeTrial) (Version:  - )
Trojan Remover 6.7.4 (HKLM\...\Trojan Remover_is1) (Version: 6.7.4 - Simply Super Software)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
VideoToolkit01 (Version: 100.0.128.000 - Hewlett-Packard) Hidden
Visual Basic for Applications (R) Core - English (Version: 6.4.99.69 - Microsoft Corporation) Hidden
Visual Basic for Applications (R) Core - German (Version: 6.4.99.69 - Microsoft Corporation) Hidden
Visual Basic for Applications (R) Core (Version: 6.4.99.69 - Microsoft Corporation) Hidden
Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (06/03/2009 2.3.0.0) (HKLM\...\49CF605F02C7954F4E139D18828DE298CD59217C) (Version: 06/03/2009 2.3.0.0 - Garmin)
Xvid Video Codec (HKLM\...\Xvid Video Codec 1.3.2) (Version: 1.3.2 - Xvid Team)

==================== Restore Points  =========================

25-03-2014 18:22:10 Geplanter Prüfpunkt
26-03-2014 12:03:28 Geplanter Prüfpunkt
27-03-2014 14:00:25 Geplanter Prüfpunkt
28-03-2014 13:56:39 Geplanter Prüfpunkt
29-03-2014 16:23:30 Geplanter Prüfpunkt
30-03-2014 17:49:59 Geplanter Prüfpunkt
31-03-2014 17:33:09 Geplanter Prüfpunkt
01-04-2014 11:14:08 Geplanter Prüfpunkt
02-04-2014 16:37:40 Geplanter Prüfpunkt
03-04-2014 17:00:42 Geplanter Prüfpunkt
04-04-2014 11:22:32 Geplanter Prüfpunkt
05-04-2014 13:06:52 Geplanter Prüfpunkt
05-04-2014 13:19:32 Installed Lumac
06-04-2014 18:12:54 Geplanter Prüfpunkt
07-04-2014 16:38:47 Geplanter Prüfpunkt
08-04-2014 15:57:38 Geplanter Prüfpunkt
09-04-2014 09:05:35 Geplanter Prüfpunkt
09-04-2014 21:31:28 Windows Update
10-04-2014 07:09:09 avast! antivirus system restore point
11-04-2014 21:02:07 Wiederherstellungsvorgang
12-04-2014 06:19:14 Windows Update
12-04-2014 07:42:08 avast! antivirus system restore point
13-04-2014 07:44:23 Geplanter Prüfpunkt
14-04-2014 11:43:24 Geplanter Prüfpunkt
15-04-2014 12:31:28 Geplanter Prüfpunkt
16-04-2014 12:27:53 Geplanter Prüfpunkt

==================== Hosts content: ==========================

2006-11-02 12:23 - 2010-02-25 09:48 - 00380346 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
127.0.0.1	www.007guard.com
127.0.0.1	007guard.com
127.0.0.1	008i.com
127.0.0.1	www.008k.com
127.0.0.1	008k.com
127.0.0.1	www.00hq.com
127.0.0.1	00hq.com
127.0.0.1	010402.com
127.0.0.1	www.032439.com
127.0.0.1	032439.com
127.0.0.1	www.0scan.com
127.0.0.1	0scan.com
127.0.0.1	www.1000gratisproben.com
127.0.0.1	1000gratisproben.com
127.0.0.1	www.1001namen.com
127.0.0.1	1001namen.com
127.0.0.1	100888290cs.com
127.0.0.1	www.100888290cs.com
127.0.0.1	100sexlinks.com
127.0.0.1	www.100sexlinks.com
127.0.0.1	10sek.com
127.0.0.1	www.10sek.com
127.0.0.1	www.1-2005-search.com
127.0.0.1	1-2005-search.com
127.0.0.1	123haustiereundmehr.com
127.0.0.1	www.123haustiereundmehr.com
127.0.0.1	123moviedownload.com
127.0.0.1	www.123moviedownload.com

There are 1000 more lines.


==================== Scheduled Tasks (whitelisted) =============

Task: {1B2AFE08-CE76-45B4-942B-0F4B29A081E7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2009-12-07] (Google Inc.)
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {2B462BA8-1718-40A6-9549-E3E4A5C9D39A} - System32\Tasks\JavaUpdatelehmanco => C:\Windows\system32\jusched.exe
Task: {2E30B115-0DDD-4A6C-AD8C-4AA0D7FE37F4} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-04-12] (AVAST Software)
Task: {377CABE7-9E4F-4741-B67E-51A808FC9A36} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2009-12-07] (Google Inc.)
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-19] (Microsoft Corporation)
Task: {7D36BD2F-AB8D-478C-95B9-26FE6D5C7613} - System32\Tasks\JavaUpdateAdministrator => C:\Windows\system32\jusched.exe
Task: {7D84659A-0FB3-4FAD-BE8B-C3AFA07CA145} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - lehmanco => C:\Program Files\Windows Calendar\WinCal.exe [2009-04-11] (Microsoft Corporation)
Task: {855EBBCA-B5FD-43D3-9EBA-A5406A388B67} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-02-20] (Piriform Ltd)
Task: {8BB8CF1D-AC45-4D09-881A-64596F96E3A5} - System32\Tasks\PC-Doctor\Scheduled Maintanence => C:\Program Files\PC-Doctor 5 for Windows\RunProfiler.exe [2007-06-25] (PC-Doctor, Inc.)
Task: {9B60838B-E566-4E8E-9522-E629C160D81F} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {9B6A50B7-5B48-4532-A707-7A3DE9D68DAC} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2961654822-264804067-3346831401-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2012-11-30] (RealNetworks, Inc.)
Task: {E20165C5-8F48-42E5-A6AC-A0353FC8E248} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2961654822-264804067-3346831401-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2012-11-30] (RealNetworks, Inc.)
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-05] ()
Task: {E606CF7A-AEED-441F-912B-86FDD4EF5709} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-2961654822-264804067-3346831401-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2012-11-30] (RealNetworks, Inc.)
Task: {F2948D04-92B6-49F5-889C-1ECDD83B64C5} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {F4980378-8457-4CC4-95E9-5B69E6261171} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-2961654822-264804067-3346831401-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2012-11-30] (RealNetworks, Inc.)
Task: C:\Windows\Tasks\Google Software Updater.job => C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\User_Feed_Synchronization-{8AFAF6A5-EC56-4781-8D03-2B9EF22E2F53}.job => C:\Windows\system32\msfeedssync.exe

==================== Loaded Modules (whitelisted) =============

2014-04-17 08:20 - 2014-04-17 08:20 - 02215424 _____ () C:\Program Files\AVAST Software\Avast\defs\14041601\algo.dll
2012-11-29 21:31 - 2012-11-29 21:31 - 00038608 _____ () C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
2009-02-10 16:36 - 2006-09-20 09:35 - 00020480 _____ () C:\Windows\System32\spool\drivers\w32x86\3\WrtMon.exe
2014-04-12 09:44 - 2014-04-12 09:44 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2009-02-10 16:36 - 2006-10-30 17:59 - 00024576 _____ () C:\Windows\System32\spool\drivers\w32x86\3\WrtProc.exe
2013-12-13 17:47 - 2013-12-12 21:56 - 03145536 _____ () C:\Users\lehmanco\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
2014-03-29 11:47 - 2014-03-29 11:47 - 03642480 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2014-03-13 13:19 - 2014-03-13 13:19 - 16276872 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\TEMP:A8ADE5D8
AlternateDataStreams: C:\ProgramData\TEMP:CB0AACC9
AlternateDataStreams: C:\ProgramData\TEMP:DFC5A2B2
AlternateDataStreams: C:\Users\lehmanco\Downloads\lynnejb021312-whitebedvid_full.mov:TOC.WMV

==================== Safe Mode (whitelisted) ===================


==================== Disabled items from MSCONFIG ==============

MSCONFIG\startupreg: CanonMyPrinter => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
MSCONFIG\startupreg: CanonSolutionMenu => C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
MSCONFIG\startupreg: HP Health Check Scheduler => [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
MSCONFIG\startupreg: HP Software Update => c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: HPAdvisor => C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun
MSCONFIG\startupreg: OpwareSE4 => "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: RtHDVCpl => RtHDVCpl.exe
MSCONFIG\startupreg: SSBkgdUpdate => "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
MSCONFIG\startupreg: TrojanScanner => C:\Program Files\Trojan Remover\Trjscan.exe
MSCONFIG\startupreg: WMPNSCFG => C:\Program Files\Windows Media Player\WMPNSCFG.exe
MSCONFIG\startupreg: Xvid => C:\Program Files\Xvid\CheckUpdate.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/16/2014 04:16:21 PM) (Source: Application Error) (User: )
Description: Fehlerhafte Anwendung FRST.exe, Version 3.3.10.2, Zeitstempel 0x534e7e0c, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000, Ausnahmecode 0xc0000005, Fehleroffset 0x00000000,
Prozess-ID 0x1330, Anwendungsstartzeit FRST.exe0.


System errors:
=============
Error: (04/17/2014 08:21:39 AM) (Source: Service Control Manager) (User: )
Description: i8042prt

Error: (04/17/2014 08:20:17 AM) (Source: Microsoft-Windows-TaskScheduler) (User: NT-AUTORITÄT)
Description: 2147942402

Error: (04/16/2014 04:06:40 PM) (Source: Service Control Manager) (User: )
Description: i8042prt

Error: (04/16/2014 04:05:17 PM) (Source: Microsoft-Windows-TaskScheduler) (User: NT-AUTORITÄT)
Description: 2147942402


Microsoft Office Sessions:
=========================
Error: (04/16/2014 04:16:21 PM) (Source: Application Error)(User: )
Description: FRST.exe3.3.10.2534e7e0cunknown0.0.0.000000000c000000500000000133001cf597e6c1f189a


CodeIntegrity Errors:
===================================
  Date: 2014-04-10 19:05:59.052
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-04-10 19:05:58.771
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-04-10 19:05:58.490
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-04-10 19:05:58.194
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-04-10 19:05:57.882
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-04-10 19:05:57.585
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-04-10 19:05:57.242
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_b38d4a937f96be60\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-04-10 19:05:56.961
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_b38d4a937f96be60\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-04-10 19:05:56.634
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_b38d4a937f96be60\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-04-10 19:05:56.337
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_b38d4a937f96be60\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Percentage of memory in use: 58%
Total physical RAM: 2046.58 MB
Available physical RAM: 858.39 MB
Total Pagefile: 4332.17 MB
Available Pagefile: 2664.74 MB
Total Virtual: 2047.88 MB
Available Virtual: 1910.88 MB

==================== Drives ================================

Drive c: (HP) (Fixed) (Total:688.54 GB) (Free:536.79 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (FACTORY_IMAGE) (Fixed) (Total:10.1 GB) (Free:1.37 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive k: (TOSHIBA EXT) (Fixed) (Total:931.51 GB) (Free:766.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 699 GB) (Disk ID: 1549F232)
Partition 1: (Active) - (Size=689 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=10 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: B2785FB0)
Partition 1: (Not Active) - (Size=932 GB) - (Type=07 NTFS)

==================== End Of Log ============================

cosinus · 17.04.2014, 11:50

Okay, dann bitte Kontrollscans mit MBAM und ESET bitte:

Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

lehmanc · 17.04.2014, 16:11

anbei als erstes

ESET

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=a871095c35c76c49b7066dd2b44815c4
# engine=17925
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-04-17 03:04:24
# local_time=2014-04-17 05:04:24 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=774 16777213 71 74 458412 458442 0 0
# compatibility_mode=1797 16774142 0 1 460698 460698 0 0
# compatibility_mode=5892 16776574 100 91 496499 235279792 0 0
# scanned=223399
# found=0
# cleaned=0
# scan_time=6912

mbam

Code:

ATTFilter

 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 17.04.2014
Suchlauf-Zeit: 15:01:46
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.1.1004
Malware Datenbank: v2014.04.17.03
Rootkit Datenbank: v2014.03.27.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Chameleon: Deaktiviert

Betriebssystem: Windows Vista Service Pack 2
CPU: x86
Dateisystem: NTFS
Benutzer: lehmanco

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 227556
Verstrichene Zeit: 10 Min, 16 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Shuriken: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 0
(No malicious items detected)

Registrierungswerte: 0
(No malicious items detected)

Registrierungsdaten: 0
(No malicious items detected)

Ordner: 0
(No malicious items detected)

Dateien: 0
(No malicious items detected)

Physische Sektoren: 0
(No malicious items detected)


(end)

cosinus · 19.04.2014, 21:02

TFC - Temp File Cleaner

Lade dir

TFC (TempFileCleaner von Oldtimer) herunter und speichere es auf den Desktop.

Öffne die TFC.exe.
Vista und Win 7 User mit Rechtsklick "als Administrator starten".
Schließe alle anderen Programme.
Drücke auf den Button Start.
Falls du zu einem Neustart aufgefordert wirst, bestätige diesen.

Dann wären wir durch!

Falls du noch Lob oder Kritik loswerden möchtest => Lob, Kritik und Wünsche - Trojaner-Board

Die Programme, die hier zum Einsatz kamen, können alle deinstalliert werden. Es empfiehlt sich Malwarebytes Anti-Malware zu behalten und damit wöchentlich nach Malware zu scannen.

Helfen kann dir dabei delfix:

Die Reihenfolge ist hier entscheidend.

Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
- Windowstaste + R > Combofix /Uninstall (eingeben) > OK
- Alternative: Combofix.exe in uninstall.exe umbenennen und starten
- Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
Downloade Dir bitte auf jeden Fall DelFix auf deinen Desktop:
- Schließe alle offenen Programme.
- Starte die delfix.exe mit einem Doppelklick.
- Setze vor jede Funktion ein Häkchen.
- Klicke auf Start.
- Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
- Starte deinen Rechner abschließend neu.
Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.

Bitte abschließend noch die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden.
Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern.

Microsoftupdate
Windows XP:Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.
Windows Vista/7: Start, Systemsteuerung, Windows-Update

PDF-Reader aktualisieren
Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast)

Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers:
Prüfen => Adobe - Flash Player
Downloadlinks findest du hier => Browsers and Plugins - FilePony.de

Alle Plugins im Firefox-Browser kannst du auch ganz einfach hier auf Aktualität prüfen => https://www.mozilla.org/de/plugincheck

Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind.

Java-Update
Veraltete Java-Installationen sind ein großes Sicherheitsrisiko, daher solltest Du die alten Versionen deinstallieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software (bzw. Programme und Funktionen) und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.

17.04.2014, 07:56	#21
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Avast findet win32:dropper-gen & win32:malware-gen Dann zeig mal frische FRST Logs. Haken setzen bei addition.txt dann auf Scan klicken __________________ --> Avast findet win32:dropper-gen & win32:malware-gen

Avast findet win32:dropper-gen & win32:malware-gen

Plagegeister aller Art und deren Bekämpfung: Avast findet win32:dropper-gen & win32:malware-gen