Snap.do und Sanp.do engine lassen sich nicht aus Systemsteuerung entfernen

wolly0209 · 18.04.2014, 10:37

Hallo,
in meinem Rechner mit Windows 7 hat sich snap.do eingenistet und ich kann es über die Systemsteuerung nicht entfernen.
Habe bereits mit Malwarebytes und adwcleaner gearbeitet, soweit also wieder "rein" bis wohl auf die Einträge in der Systemsteuerung.

schrauber · 18.04.2014, 14:17

hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

wolly0209 · 18.04.2014, 15:39

Hier die frst.txt:

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 17-04-2014 01
Ran by xxx (administrator) on HODAN-LAPTOP on 18-04-2014 16:26:50
Running from C:\Users\xxx\Desktop
Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\MsMpEng.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkUserAgent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkUI.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
(Google) C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\system32\Macromed\Flash\FlashUtil32_13_0_0_182_ActiveX.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [NPSStartup] => [X]
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [OPSE reminder] => "C:\Program Files\ScanSoft\OmniPageSE2.0\EregGer\Ereg.exe" -r "C:\Program Files\ScanSoft\OmniPageSE2.0\EregGer\ereg.ini"
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2011-11-02] (Apple Inc.)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [951576 2014-03-11] (Microsoft Corporation)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-20] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [NvBackend] => C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe [2279712 2013-12-10] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\nvspcap.dll [982232 2013-12-10] (NVIDIA Corporation)
HKU\S-1-5-21-1598076674-1139964559-1205766370-1001\...\MountPoints2: {cfaa2137-7da3-11e1-b82a-001f1614721a} - H:\autorun.exe setup.exe -suppressUpToDateInfo

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x17946135C7D2CC00
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\ycmfar0d.default
FF Homepage: hxxp://192.168.178.1/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @nvidia.com/3DVision - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Snap.Do  - C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\ycmfar0d.default\Extensions\{3dfb2c3b-d442-99b1-f854-4556b56061a6} [2014-04-09]
FF StartMenuInternet: FIREFOX.EXE - firefox.exe

Chrome: 
=======
CHR HomePage: hxxp://192.168.178.1/
CHR StartupUrls: "hxxp://192.168.178.1/"
CHR DefaultSearchKeyword: search.snapdo.com
CHR DefaultSearchProvider: Web
CHR DefaultSearchURL: hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fQbYPFkTjj8jzRyB0rQvzyej3yvtCjyXXnQme9oxsQRSyyp0Bo9KEfZ_1cdn4mTZFiAfeV8SqAsM1aIp690Wf4xa9eMCj7k4vwYOS8Gv2QeMkyOb5Yg7d7SlITQJQk5Gp9kZKV0fKH3SUK1zHrFZr3LR32LheJv8kZJOBj7UmORWFByP&q={searchTerms}
CHR DefaultNewTabURL: 
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\34.0.1847.116\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\34.0.1847.116\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\34.0.1847.116\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U21) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File
CHR Extension: (Google Docs) - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-01-15]
CHR Extension: (Google Wallet) - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-06]

========================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 DisplayLinkService; C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe [8238384 2014-02-24] (DisplayLink Corp.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2014-03-11] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [279776 2014-03-11] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe [1494304 2013-12-10] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [14658848 2013-12-10] (NVIDIA Corporation)

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [90400 2013-12-17] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135648 2013-12-17] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-11-25] (Avira Operations GmbH & Co. KG)
R3 AVMCOWAN; C:\Windows\System32\DRIVERS\AVMCOWAN.sys [64000 2009-07-14] (AVM GmbH)
R3 AX88772; C:\Windows\System32\DRIVERS\ax88772.sys [69632 2013-12-03] (ASIX Electronics Corp.)
R3 DisplayLinkUsbIo; C:\Windows\System32\DRIVERS\DisplayLinkUsbIo_7.5.54018.0.sys [38192 2014-02-25] ()
R3 dlkmd; C:\Windows\system32\drivers\dlkmd.sys [340784 2014-02-24] (DisplayLink Corp.)
R0 dlkmdldr; C:\Windows\System32\drivers\dlkmdldr.sys [16688 2014-02-24] (DisplayLink Corp.)
S3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [36608 2010-06-14] ()
S3 FXUSBASE; C:\Windows\System32\DRIVERS\fxusbase.sys [588928 2009-07-14] (AVM Berlin)
S3 KMWDFILTERx86; C:\Windows\System32\DRIVERS\KMWDFILTER.sys [25088 2009-04-29] (Windows (R) Codename Longhorn DDK provider)
S3 LAN9500; C:\Windows\System32\DRIVERS\lan9500-x86-n51f.sys [57344 2012-04-03] (SMSC)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231960 2014-01-25] (Microsoft Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad32v.sys [34080 2013-12-05] (NVIDIA Corporation)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-03-03] (Avira GmbH)
S3 DisplayLinkUsbPort; system32\DRIVERS\DisplayLinkUsbPort_6.3.40660.0.sys [X]
S3 dlcdbus; system32\DRIVERS\dlcdbus.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-18 16:26 - 2014-04-18 16:27 - 00012286 _____ () C:\Users\xxx\Desktop\FRST.txt
2014-04-18 16:26 - 2014-04-18 16:26 - 00000000 ____D () C:\FRST
2014-04-18 16:25 - 2014-04-18 16:25 - 01146880 _____ (Farbar) C:\Users\xxx\Desktop\FRST.exe
2014-04-18 11:10 - 2014-04-18 11:30 - 00000000 ____D () C:\AdwCleaner
2014-04-18 11:08 - 2014-04-18 11:08 - 01426178 _____ () C:\Users\xxx\Downloads\adwcleaner.exe
2014-04-18 10:07 - 2014-04-14 20:13 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-04-18 10:07 - 2014-04-14 20:05 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-04-18 10:07 - 2014-04-14 20:05 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-04-18 10:07 - 2014-04-14 20:04 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-04-18 10:05 - 2014-04-18 10:07 - 00004212 _____ () C:\Windows\system32\jupdate-1.7.0_55-b14.log
2014-04-10 22:58 - 2014-04-10 22:58 - 00000000 __SHD () C:\Users\xxx\AppData\Local\EmieUserList
2014-04-10 22:58 - 2014-04-10 22:58 - 00000000 __SHD () C:\Users\xxx\AppData\Local\EmieSiteList
2014-04-10 12:50 - 2014-04-18 12:50 - 00000000 ____D () C:\Users\xxx\AppData\Roaming\FileAdvisor
2014-04-10 10:30 - 2014-03-06 11:19 - 17387008 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-10 10:30 - 2014-03-06 10:32 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-10 10:30 - 2014-03-06 10:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-04-10 10:30 - 2014-03-06 10:02 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-04-10 10:30 - 2014-03-06 10:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-04-10 10:30 - 2014-03-06 10:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-04-10 10:30 - 2014-03-06 09:47 - 02178048 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-04-10 10:30 - 2014-03-06 09:46 - 04254720 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-04-10 10:30 - 2014-03-06 09:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-04-10 10:30 - 2014-03-06 09:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-04-10 10:30 - 2014-03-06 09:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-04-10 10:30 - 2014-03-06 09:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-04-10 10:30 - 2014-03-06 09:38 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-04-10 10:30 - 2014-03-06 09:36 - 00592896 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-04-10 10:30 - 2014-03-06 09:28 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-04-10 10:30 - 2014-03-06 09:22 - 00367616 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-04-10 10:30 - 2014-03-06 09:18 - 00575488 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-04-10 10:30 - 2014-03-06 09:13 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-04-10 10:30 - 2014-03-06 09:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-04-10 10:30 - 2014-03-06 09:01 - 00244224 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-04-10 10:30 - 2014-03-06 08:46 - 00524288 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-04-10 10:30 - 2014-03-06 08:40 - 01967104 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-04-10 10:30 - 2014-03-06 08:36 - 11745792 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-04-10 10:30 - 2014-03-06 07:43 - 00704512 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-04-10 10:30 - 2014-03-06 07:41 - 01789440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-04-10 10:30 - 2014-03-06 07:36 - 01143808 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-04-10 10:25 - 2014-03-04 11:17 - 00868352 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-04-10 10:25 - 2014-02-04 04:07 - 00234432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2014-04-10 10:25 - 2014-02-04 04:07 - 00149440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-04-10 10:25 - 2014-02-04 04:07 - 00027072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2014-04-10 10:25 - 2014-02-04 04:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
2014-04-10 10:25 - 2014-01-24 04:18 - 01212352 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-04-09 12:49 - 2014-04-18 12:50 - 00000000 ____D () C:\Program Files\File Type Advisor
2014-03-28 17:45 - 2014-02-24 10:52 - 00340784 _____ (DisplayLink Corp.) C:\Windows\system32\Drivers\dlkmd.sys
2014-03-28 17:45 - 2014-02-24 10:52 - 00016688 _____ (DisplayLink Corp.) C:\Windows\system32\Drivers\dlkmdldr.sys

==================== One Month Modified Files and Folders =======

2014-04-18 16:27 - 2014-04-18 16:26 - 00012286 _____ () C:\Users\xxx\Desktop\FRST.txt
2014-04-18 16:26 - 2014-04-18 16:26 - 00000000 ____D () C:\FRST
2014-04-18 16:25 - 2014-04-18 16:25 - 01146880 _____ (Farbar) C:\Users\xxx\Desktop\FRST.exe
2014-04-18 16:16 - 2012-03-31 21:47 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-18 15:40 - 2012-11-16 18:31 - 00001114 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-18 12:50 - 2014-04-10 12:50 - 00000000 ____D () C:\Users\xxx\AppData\Roaming\FileAdvisor
2014-04-18 12:50 - 2014-04-09 12:49 - 00000000 ____D () C:\Program Files\File Type Advisor
2014-04-18 11:39 - 2010-11-20 23:01 - 01629442 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-18 11:39 - 2009-07-14 06:34 - 00022048 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-18 11:39 - 2009-07-14 06:34 - 00022048 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-18 11:35 - 2012-01-14 15:47 - 01993433 _____ () C:\Windows\WindowsUpdate.log
2014-04-18 11:32 - 2012-11-16 18:31 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-18 11:31 - 2012-01-16 19:10 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-04-18 11:31 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-18 11:31 - 2009-07-14 06:39 - 00106616 _____ () C:\Windows\setupact.log
2014-04-18 11:30 - 2014-04-18 11:10 - 00000000 ____D () C:\AdwCleaner
2014-04-18 11:16 - 2012-11-16 18:30 - 00000000 ____D () C:\Program Files\Google
2014-04-18 11:16 - 2010-11-20 23:48 - 00878332 _____ () C:\Windows\PFRO.log
2014-04-18 11:08 - 2014-04-18 11:08 - 01426178 _____ () C:\Users\xxx\Downloads\adwcleaner.exe
2014-04-18 10:57 - 2012-11-16 18:30 - 00000000 ____D () C:\Users\xxx\AppData\Local\Google
2014-04-18 10:09 - 2013-11-24 14:27 - 00000000 ____D () C:\ProgramData\Oracle
2014-04-18 10:07 - 2014-04-18 10:05 - 00004212 _____ () C:\Windows\system32\jupdate-1.7.0_55-b14.log
2014-04-18 10:07 - 2012-12-28 00:13 - 00000000 ____D () C:\Program Files\Java
2014-04-16 18:43 - 2012-01-15 10:47 - 00000000 ____D () C:\Users\xxx\AppData\Roaming\Mp3tag
2014-04-14 20:13 - 2014-04-18 10:07 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-04-14 20:05 - 2014-04-18 10:07 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-04-14 20:05 - 2014-04-18 10:07 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-04-14 20:04 - 2014-04-18 10:07 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-04-14 09:01 - 2012-01-16 22:49 - 00000000 ____D () C:\Users\xxx\AppData\Local\Adobe
2014-04-14 09:00 - 2012-03-31 21:47 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-04-14 09:00 - 2012-01-15 14:57 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-04-11 18:38 - 2013-05-25 16:54 - 00000000 ____D () C:\Users\xxx\Documents\Online-BankingPlus
2014-04-11 11:37 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\rescache
2014-04-10 22:58 - 2014-04-10 22:58 - 00000000 __SHD () C:\Users\xxx\AppData\Local\EmieUserList
2014-04-10 22:58 - 2014-04-10 22:58 - 00000000 __SHD () C:\Users\xxx\AppData\Local\EmieSiteList
2014-04-10 22:18 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\de-DE
2014-04-10 10:33 - 2009-07-14 04:04 - 00000528 _____ () C:\Windows\win.ini
2014-04-10 10:30 - 2013-07-11 18:03 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-10 10:27 - 2012-01-14 17:27 - 88028728 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-04-09 18:28 - 2012-01-15 15:10 - 00000000 ____D () C:\Users\xxx\AppData\Roaming\Free YouTube to MP3 Converter Studio
2014-04-09 14:42 - 2012-09-02 17:43 - 00000000 ____D () C:\Users\xxx\AppData\Roaming\MyPhoneExplorer
2014-04-09 13:37 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Registration
2014-04-09 12:49 - 2012-01-15 15:10 - 00000000 ____D () C:\Program Files\Free YouTube to MP3 Converter Studio
2014-04-01 18:13 - 2013-12-01 12:59 - 00000000 ____D () C:\Users\xxx\AppData\Roaming\HpUpdate
2014-03-28 18:15 - 2012-04-03 20:40 - 00000000 ____D () C:\Users\xxx\AppData\Local\FRITZ!
2014-03-28 17:45 - 2012-04-12 18:21 - 00000000 ____D () C:\Program Files\DisplayLink Core Software
2014-03-26 19:06 - 2012-09-24 21:26 - 00001912 _____ () C:\Windows\epplauncher.mif
2014-03-26 19:05 - 2012-11-12 21:29 - 00000000 ____D () C:\Program Files\Microsoft Security Client

Some content of TEMP:
====================
C:\Users\Jutta\AppData\Local\Temp\AskSLib.dll
C:\Users\Jutta\AppData\Local\Temp\avgnt.exe
C:\Users\xxx\AppData\Local\Temp\avgnt.exe
C:\Users\xxx\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\xxx\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\xxx\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\xxx\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\xxx\AppData\Local\Temp\nvStInst.exe
C:\Users\xxx\AppData\Local\Temp\Quarantine.exe
C:\Users\xxx\AppData\Local\Temp\tmp426F.exe
C:\Users\xxx\AppData\Local\Temp\tmpFAB5.exe
C:\Users\xxx\AppData\Local\Temp\unrar.dll


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-04-09 10:18

==================== End Of Log ============================

--- --- ---

--- --- ---

und hier die Additon.txt:

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 17-04-2014 01
Ran by xxx at 2014-04-18 16:27:29
Running from C:\Users\xxx\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

==================== Installed Programs ======================

Adobe Flash Player 12 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Flash Player 13 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 13.0.0.182 - Adobe Systems Incorporated)
Adobe Reader X (10.1.9) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)
Apple Application Support (HKLM\...\{343666E2-A059-48AC-AD67-230BF74E2DB2}) (Version: 2.1.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{8153ED9A-C94A-426E-9880-5E6775C08B62}) (Version: 4.0.0.97 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArcSoft PhotoStudio 5.5 (HKLM\...\{85309D89-7BE9-4094-BB17-24999C6118FC}) (Version:  - ArcSoft)
Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.3.350 - Avira)
AVM FRITZ! (HKLM\...\FRITZ! 2.0) (Version:  - AVM Berlin)
CDex - Open Source Digital Audio CD Extractor (HKLM\...\CDex) (Version: 1.70.4.2009 - Georgy Berdyshev)
Chart Navigator Light (HKLM\...\Chart Navigator Light) (Version:  - )
Compatibility Pack für 2007 Office System (HKLM\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
DisplayLink Core Software (HKLM\...\{ED278935-5D2E-4A11-BD83-06B15367A59B}) (Version: 7.5.54018.0 - DisplayLink Corp.)
DisplayLink Graphics (HKLM\...\{848275F8-110A-48FA-8FCF-3F28F93F87BD}) (Version: 5.5.29194.0 - DisplayLink Corp.)
Easy-WebPrint (HKLM\...\Easy-WebPrint) (Version:  - )
Feurio! CD-Writer (HKLM\...\Feurio) (Version:  - )
File Type Advisor 1.3 (HKLM\...\File Type Advisor_is1) (Version:  - filetypeadvisor.com)
FinePrint (HKLM\...\FinePrint) (Version: 6.25 - FinePrint Software, LLC)
Free M4a to MP3 Converter 7.0 (HKLM\...\Free M4a to MP3 Converter_is1) (Version:  - ManiacTools.com)
Free WMA to MP3 Converter 1.08 (HKLM\...\Free WMA to MP3 Converter_is1) (Version:  - Jodix Technologies Ltd.)
Free YouTube to MP3 Converter Studio 8.2 (HKLM\...\Free YouTube to MP3 Converter Studio_is1) (Version:  - ManiacTools.com)
GeForce Experience NvStream Client Components (Version: 1.6.28 - NVIDIA Corporation) Hidden
Google Calendar Sync (HKLM\...\Google Calendar Sync) (Version:  - )
Google Chrome (HKLM\...\Google Chrome) (Version: 34.0.1847.116 - Google Inc.)
Google Earth Plug-in (HKLM\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.23.9 - Google Inc.) Hidden
HP Deskjet 3520 series - Grundlegende Software für das Gerät (HKLM\...\{9F9D4CE4-E4B9-4745-98C9-5A934DD0CE8C}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Deskjet 3520 series Hilfe (HKLM\...\{6B953497-169C-4929-9AA9-A9F510347468}) (Version: 27.0.0 - Hewlett Packard)
HP Deskjet 3520 series Setup Guide (HKLM\...\{AEEDCEB7-00B8-4BE1-B492-AB04803D5F1E}) (Version: 27.0.0 - Hewlett Packard)
HP FWUpdateEDO2 (HKLM\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Update (HKLM\...\{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}) (Version: 5.003.003.001 - Hewlett-Packard)
Java 7 Update 55 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217017FF}) (Version: 7.0.550 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
LPT System Updater Service (Version: 1.0.0.0 - LPT) Hidden <==== ATTENTION
Malwarebytes Anti-Malware Version 1.75.0.1300 (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office Basic Edition 2003 (HKLM\...\{91130407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{09298F26-A95C-31E2-9D95-2C60F586F075}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 21.0 (x86 de) (HKLM\...\Mozilla Firefox 21.0 (x86 de)) (Version: 21.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 21.0 - Mozilla)
Mp3tag v2.58 (HKLM\...\Mp3tag) (Version: v2.58 - Florian Heidenreich)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyPhoneExplorer (HKLM\...\MPE) (Version: 1.8.5 - F.J. Wechselberger)
NVIDIA 3D Vision Treiber 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 335.23 - NVIDIA Corporation)
NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 1.6 - NVIDIA Corporation)
NVIDIA GeForce Experience 1.8.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.8.1 - NVIDIA Corporation)
NVIDIA Grafiktreiber 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 335.23 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.147.1067 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA PhysX (Version: 9.13.1220 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
NVIDIA ShadowPlay 10.11.15 (Version: 10.11.15 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (Version: 7.17.13.3523 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 335.23 (Version: 335.23 - NVIDIA Corporation) Hidden
NVIDIA Update 10.11.15 (Version: 10.11.15 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 10.11.15 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.19 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver) (Version: 1.2.19 - NVIDIA Corporation)
Online-Banking+ (HKLM\...\Online-Banking+) (Version:  - Buhl Data Service GmbH)
Online-Banking+ (Version: 15.2.1.18 - Buhl Data Service GmbH) Hidden
PolarEdit9750 v 0.2.6 (HKLM\...\{086AB3E1-D390-4B30-8EF3-A28AE0AD76B7}_is1) (Version:  - Polarstern)
SHIELD Streaming (Version: 1.6.85 - NVIDIA Corporation) Hidden
Snap.Do (HKLM\...\{D08D2971-64C8-43FA-B251-E0BBBE9E87E3}) (Version: 11.42.1.16270 - ReSoft Ltd.) <==== ATTENTION
Snap.Do Engine (HKCU\...\{81831c69-b261-4d68-8a80-b90b510e1cf6}) (Version: 11.42.1.16270 - ReSoft Ltd.) <==== ATTENTION
streamWriter (HKLM\...\streamWriter_is1) (Version:  - )
Sun Secure Global Desktop Client (HKLM\...\{C9F28F40-BB2E-4A83-9DA1-D04916310D42}) (Version: 4.50.907 - Ihr Firmenname)
USB PortReplicator PR07 (HKLM\...\{1617DDB6-D786-46A0-9A68-912603B9A2DF}) (Version: 1.01 - Fujitsu)
Winamp (HKLM\...\Winamp) (Version: 5.623  - Nullsoft, Inc)
WinRAR Archivierer (HKLM\...\WinRAR archiver) (Version:  - )

==================== Restore Points  =========================

26-03-2014 16:53:07 Windows Update
26-03-2014 17:04:49 Windows Update
28-03-2014 15:42:17 Installed DisplayLink Core Software
30-03-2014 08:06:44 Windows Update
30-03-2014 17:00:09 Windows-Sicherung
02-04-2014 16:06:57 Windows Update
06-04-2014 08:15:29 Windows Update
06-04-2014 17:00:13 Windows-Sicherung
10-04-2014 08:25:44 Windows Update
13-04-2014 13:53:36 Windows Update
13-04-2014 17:00:12 Windows-Sicherung
18-04-2014 08:04:47 Installed Java 7 Update 55
18-04-2014 08:10:53 Windows Update

==================== Hosts content: ==========================

2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {267A808D-9527-4ACA-8CA1-EA5620D7278C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-04-14] (Adobe Systems Incorporated)
Task: {3D2676CA-FC19-49D3-A7DD-77BB26FA08A7} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {680BA395-EDFC-487C-B8E7-719C27BAC06D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-11-16] (Google Inc.)
Task: {855970AE-96F0-46C9-8FB6-684279C7330A} - System32\Tasks\FileAdvisorCheck => C:\Program Files\File Type Advisor\file-type-advisor.exe [2013-08-19] (filetypeadvisor.com                                         )
Task: {C8B21A06-E909-4BDA-A0BD-074CD6BD24ED} - System32\Tasks\FileAdvisorUpdate => C:\Program Files\File Type Advisor\fileadvisor.exe [2013-08-19] (File Type Advisor)
Task: {D388AA40-6F03-4684-BF07-FE353E16B39F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-11-16] (Google Inc.)
Task: {DF375268-0E22-4BB8-9039-31AD1AFD3AA5} - System32\Tasks\{38E2B3E4-2EBB-4DE4-93BF-3BE8D04D5C1B} => C:\Program Files\Musikminister\MM.EXE [1992-12-01] ()
Task: {E3A7EF3D-EF08-42CA-A3D3-05307467E4F8} - System32\Tasks\{29BD7A74-F235-4885-9F8E-AE6734B59778} => C:\android-sdk\SDKManager.exe
Task: {F2BBF9F2-88F2-4269-97AC-1A5282A6E777} - System32\Tasks\{989A62EC-10D4-4E0D-9E6C-88E2A1E990D1} => C:\android-sdk\SDKManager.exe
Task: {F3829216-E3D0-4E6A-A045-D845BFCB48E8} - System32\Tasks\{DD073320-1F60-42A3-A305-1EF81B855F6B} => C:\Program Files\Musikminister\MM.EXE [1992-12-01] ()
Task: {FE1C9DF1-0CDA-43CF-BAE6-C1980535F04C} - System32\Tasks\{D81AF0BC-6C24-45B6-BA00-A254626D557E} => C:\Program Files\Musikminister\MM.EXE [1992-12-01] ()
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-01-15 19:05 - 2014-03-04 14:34 - 00109000 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll
2013-03-03 16:24 - 2013-03-03 16:17 - 00397704 _____ () C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
2011-11-02 00:26 - 2011-11-02 00:26 - 00087912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2011-11-02 00:26 - 2011-11-02 00:26 - 01242472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/18/2014 03:33:21 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005

Error: (04/18/2014 00:22:37 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (04/18/2014 11:33:25 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/18/2014 11:30:47 AM) (Source: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe) (User: )
Description: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeCan't get user token [1008]

Error: (04/18/2014 11:18:32 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/18/2014 10:18:16 AM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005

Error: (04/18/2014 10:04:00 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: MyPhoneExplorer.exe, Version: 1.8.0.5, Zeitstempel: 0x5224f76d
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18229, Zeitstempel: 0x51fb10c6
Ausnahmecode: 0xc000008f
Fehleroffset: 0x0000812f
ID des fehlerhaften Prozesses: 0xdf8
Startzeit der fehlerhaften Anwendung: 0xMyPhoneExplorer.exe0
Pfad der fehlerhaften Anwendung: MyPhoneExplorer.exe1
Pfad des fehlerhaften Moduls: MyPhoneExplorer.exe2
Berichtskennung: MyPhoneExplorer.exe3

Error: (04/18/2014 09:59:20 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/16/2014 09:29:48 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (04/16/2014 09:06:21 AM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005


System errors:
=============
Error: (04/18/2014 09:58:38 AM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.

Error: (04/18/2014 09:58:36 AM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.

Error: (04/18/2014 09:58:36 AM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.

Error: (04/16/2014 00:59:30 PM) (Source: Schannel) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.

Error: (04/16/2014 10:57:33 AM) (Source: Schannel) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.

Error: (04/16/2014 10:57:32 AM) (Source: Schannel) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.

Error: (04/16/2014 10:57:32 AM) (Source: Schannel) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.

Error: (04/16/2014 08:32:33 AM) (Source: Schannel) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10.

Error: (04/16/2014 08:31:33 AM) (Source: Schannel) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10.

Error: (04/16/2014 08:29:45 AM) (Source: Schannel) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10.


Microsoft Office Sessions:
=========================
Error: (04/18/2014 03:33:21 PM) (Source: Customer Experience Improvement Program)(User: )
Description: 80004005

Error: (04/18/2014 00:22:37 PM) (Source: SideBySide)(User: )
Description: Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\Program Files\HP\HP Deskjet 3520 series\DriverStore\Pipeline\amd64\hpinkinsB011.exe

Error: (04/18/2014 11:33:25 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/18/2014 11:30:47 AM) (Source: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe)(User: )
Description: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeCan't get user token [1008]

Error: (04/18/2014 11:18:32 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/18/2014 10:18:16 AM) (Source: Customer Experience Improvement Program)(User: )
Description: 80004005

Error: (04/18/2014 10:04:00 AM) (Source: Application Error)(User: )
Description: MyPhoneExplorer.exe1.8.0.55224f76dKERNELBASE.dll6.1.7601.1822951fb10c6c000008f0000812fdf801cf5adc8d93efc3C:\Program Files\MyPhoneExplorer\MyPhoneExplorer.exeC:\Windows\system32\KERNELBASE.dllfeffbc26-c6cf-11e3-8f41-0050b652542c

Error: (04/18/2014 09:59:20 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/16/2014 09:29:48 AM) (Source: SideBySide)(User: )
Description: Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\Program Files\HP\HP Deskjet 3520 series\DriverStore\Pipeline\amd64\hpinkinsB011.exe

Error: (04/16/2014 09:06:21 AM) (Source: Customer Experience Improvement Program)(User: )
Description: 80004005


==================== Memory info =========================== 

Percentage of memory in use: 35%
Total physical RAM: 3066.88 MB
Available physical RAM: 1975.15 MB
Total Pagefile: 6132.04 MB
Available Pagefile: 4886.04 MB
Total Virtual: 2047.88 MB
Available Virtual: 1894.39 MB

==================== Drives ================================

Drive c: (System) (Fixed) (Total:278.08 GB) (Free:230.2 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (SICHERUNG) (Fixed) (Total:20 GB) (Free:8.72 GB) FAT32
Drive g: (DATEN 4) (Fixed) (Total:931.28 GB) (Free:467.4 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: 366F456C)
Partition 1: (Active) - (Size=278 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=20 GB) - (Type=0C)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 932 GB) (Disk ID: 48AF3B0C)
Partition 1: (Active) - (Size=932 GB) - (Type=0C)

==================== End Of Log ============================

Ich habe den Namen durch "xxx" ersetzt.

Danke für die weitere Hilfe.

wolly0209

schrauber · 19.04.2014, 10:14

Revo Uninstaller - Download - Filepony
Damit alles deinstallieren was Du in der Additional.txt findest mit dem Zusatz <== ATTENTION

Mit Revo auch Moderat die Reste entfernen lassen.

Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

und ein frisches FRST log bitte.

wolly0209 · 20.04.2014, 11:32

Hallo schrauber,

habe nun alles erledigt, hier die jeweiligen Dateien:

Code:

ATTFilter

 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 20.04.2014
Suchlauf-Zeit: 11:53:43
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.1.1004
Malware Datenbank: v2014.04.20.03
Rootkit Datenbank: v2014.03.27.01
Lizenz: Testversion
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Chameleon: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x86
Dateisystem: NTFS
Benutzer: xxx

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 266603
Verstrichene Zeit: 37 Min, 22 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Shuriken: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 0
(No malicious items detected)

Registrierungswerte: 0
(No malicious items detected)

Registrierungsdaten: 0
(No malicious items detected)

Ordner: 0
(No malicious items detected)

Dateien: 1
PUP.Optional.Snapdo.A, C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Preferences, Gut: (), Schlecht: (      "search_url": "hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fQbYPFkTjj8jzRyB0rQvzyej3yvtCjyXXnQme9oxsQRSyyp0Bo9KEfZ_1cdn4mTZFiAfeV8SqAsM1aIp690Wf4xa9eMCj7k4vwYOS8Gv2QeMkyOb5Yg7d7SlITQJQk5Gp9kZKV0fKH3SUK1zHrFZr3LR32LheJv8kZJOBj7UmORWFByP&q={searchTerms}",), Ersetzt,[50b037c931cf1de39c4f7dd632d2dc24]

Physische Sektoren: 0
(No malicious items detected)


(end)

Code:

ATTFilter

# AdwCleaner v3.100 - Bericht erstellt am 20/04/2014 um 12:03:53
# Aktualisiert 20/04/2014 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (32 bits)
# Benutzername : xxx - HODAN-LAPTOP
# Gestartet von : C:\Users\xxx\Desktop\adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

[#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1EC9510D-A439-4950-9399-B6399EDF9EA7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\updatewhilokii_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\updatewhilokii_rasmancs
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17041


-\\ Mozilla Firefox v21.0 (de)

[ Datei : C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\ycmfar0d.default\prefs.js ]


[ Datei : C:\Users\Jutta\AppData\Roaming\Mozilla\Firefox\Profiles\v1rsim5w.default\prefs.js ]


-\\ Google Chrome v34.0.1847.116

[ Datei : C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Gelöscht : icon_url
Gelöscht : keyword

[ Datei : C:\Users\Jutta\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [7993 octets] - [18/04/2014 11:10:40]
AdwCleaner[R1].txt - [6512 octets] - [18/04/2014 11:13:50]
AdwCleaner[R2].txt - [1402 octets] - [18/04/2014 11:28:59]
AdwCleaner[R3].txt - [1994 octets] - [20/04/2014 12:02:06]
AdwCleaner[S0].txt - [1186 octets] - [18/04/2014 11:13:23]
AdwCleaner[S1].txt - [6645 octets] - [18/04/2014 11:15:11]
AdwCleaner[S2].txt - [1463 octets] - [18/04/2014 11:30:33]
AdwCleaner[S3].txt - [1919 octets] - [20/04/2014 12:03:53]

########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [1979 octets] ##########

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.3 (03.23.2014:1)
OS: Windows 7 Professional x86
Ran by xxx on 20.04.2014 at 12:16:23,88
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\xxx\AppData\Roaming\mozilla\firefox\profiles\ycmfar0d.default\minidumps [2 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 20.04.2014 at 12:22:07,54
Computer was rebooted
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 19-04-2014
Ran by xxx (administrator) on HODAN-LAPTOP on 20-04-2014 12:23:27
Running from C:\Users\xxx\Desktop
Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\MsMpEng.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkUserAgent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkUI.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbam.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Google) C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\NisSrv.exe
(Adobe Systems Incorporated) C:\Windows\system32\Macromed\Flash\FlashUtil32_13_0_0_182_ActiveX.exe
(Nullsoft, Inc.) C:\Program Files\Winamp\winamp.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [NPSStartup] => [X]
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [OPSE reminder] => "C:\Program Files\ScanSoft\OmniPageSE2.0\EregGer\Ereg.exe" -r "C:\Program Files\ScanSoft\OmniPageSE2.0\EregGer\ereg.ini"
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2011-11-02] (Apple Inc.)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [951576 2014-03-11] (Microsoft Corporation)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-20] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [NvBackend] => C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe [2279712 2013-12-10] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\nvspcap.dll [982232 2013-12-10] (NVIDIA Corporation)
HKU\S-1-5-21-1598076674-1139964559-1205766370-1001\...\MountPoints2: {cfaa2137-7da3-11e1-b82a-001f1614721a} - H:\autorun.exe setup.exe -suppressUpToDateInfo

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x17946135C7D2CC00
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\ycmfar0d.default
FF Homepage: hxxp://192.168.178.1/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @nvidia.com/3DVision - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Snap.Do  - C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\ycmfar0d.default\Extensions\{3dfb2c3b-d442-99b1-f854-4556b56061a6} [2014-04-09]
FF StartMenuInternet: FIREFOX.EXE - firefox.exe

Chrome: 
=======
CHR HomePage: hxxp://192.168.178.1/
CHR StartupUrls: "hxxp://192.168.178.1/"
CHR DefaultSearchProvider: Web
CHR DefaultNewTabURL: 
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\34.0.1847.116\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\34.0.1847.116\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\34.0.1847.116\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U21) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File
CHR Extension: (Google Docs) - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-01-15]
CHR Extension: (Google Wallet) - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-06]

========================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 DisplayLinkService; C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe [8238384 2014-02-24] (DisplayLink Corp.)
R2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2014-03-11] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [279776 2014-03-11] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe [1494304 2013-12-10] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [14658848 2013-12-10] (NVIDIA Corporation)

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [90400 2013-12-17] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135648 2013-12-17] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-11-25] (Avira Operations GmbH & Co. KG)
R3 AVMCOWAN; C:\Windows\System32\DRIVERS\AVMCOWAN.sys [64000 2009-07-14] (AVM GmbH)
R3 AX88772; C:\Windows\System32\DRIVERS\ax88772.sys [69632 2013-12-03] (ASIX Electronics Corp.)
R3 DisplayLinkUsbIo; C:\Windows\System32\DRIVERS\DisplayLinkUsbIo_7.5.54018.0.sys [38192 2014-02-25] ()
R3 dlkmd; C:\Windows\system32\drivers\dlkmd.sys [340784 2014-02-24] (DisplayLink Corp.)
R0 dlkmdldr; C:\Windows\System32\drivers\dlkmdldr.sys [16688 2014-02-24] (DisplayLink Corp.)
S3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [36608 2010-06-14] ()
S3 FXUSBASE; C:\Windows\System32\DRIVERS\fxusbase.sys [588928 2009-07-14] (AVM Berlin)
S3 KMWDFILTERx86; C:\Windows\System32\DRIVERS\KMWDFILTER.sys [25088 2009-04-29] (Windows (R) Codename Longhorn DDK provider)
S3 LAN9500; C:\Windows\System32\DRIVERS\lan9500-x86-n51f.sys [57344 2012-04-03] (SMSC)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-04-03] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [107736 2014-04-20] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51416 2014-04-03] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231960 2014-01-25] (Microsoft Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad32v.sys [34080 2013-12-05] (NVIDIA Corporation)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-03-03] (Avira GmbH)
S3 DisplayLinkUsbPort; system32\DRIVERS\DisplayLinkUsbPort_6.3.40660.0.sys [X]
S3 dlcdbus; system32\DRIVERS\dlcdbus.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-20 12:23 - 2014-04-20 12:23 - 00000000 ____D () C:\Users\xxx\Desktop\FRST-OlderVersion
2014-04-20 12:22 - 2014-04-20 12:22 - 00000797 _____ () C:\Users\xxx\Desktop\JRT.txt
2014-04-20 12:06 - 2014-04-20 12:06 - 00002059 _____ () C:\Users\xxx\Desktop\AdwCleaner[S3].txt
2014-04-20 12:01 - 2014-04-20 12:01 - 01308369 _____ () C:\Users\xxx\Desktop\adwcleaner.exe
2014-04-20 11:57 - 2014-04-20 11:58 - 00001548 _____ () C:\Users\xxx\Desktop\mbam.txt
2014-04-20 11:14 - 2014-04-20 12:16 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-20 11:14 - 2014-04-20 11:14 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2014-04-20 11:14 - 2014-04-03 09:51 - 00073432 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-20 11:14 - 2014-04-03 09:51 - 00051416 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-20 11:13 - 2014-04-20 11:13 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\xxx\Desktop\mbam-setup-2.0.1.1004.exe
2014-04-20 11:07 - 2014-04-20 11:07 - 01016261 _____ (Thisisu) C:\Users\xxx\Desktop\JRT.exe
2014-04-20 10:51 - 2014-04-20 10:51 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\xxx\Desktop\revosetup95.exe
2014-04-20 10:51 - 2014-04-20 10:51 - 00001232 _____ () C:\Users\xxx\Desktop\Revo Uninstaller.lnk
2014-04-20 10:51 - 2014-04-20 10:51 - 00000000 ____D () C:\Program Files\VS Revo Group
2014-04-18 16:27 - 2014-04-18 16:33 - 00021576 _____ () C:\Users\xxx\Desktop\Addition.txt
2014-04-18 16:26 - 2014-04-20 12:23 - 00012640 _____ () C:\Users\xxx\Desktop\FRST.txt
2014-04-18 16:26 - 2014-04-20 12:23 - 00000000 ____D () C:\FRST
2014-04-18 16:25 - 2014-04-20 12:23 - 01043968 _____ (Farbar) C:\Users\xxx\Desktop\FRST.exe
2014-04-18 11:10 - 2014-04-20 12:03 - 00000000 ____D () C:\AdwCleaner
2014-04-18 10:07 - 2014-04-14 20:13 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-04-18 10:07 - 2014-04-14 20:05 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-04-18 10:07 - 2014-04-14 20:05 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-04-18 10:07 - 2014-04-14 20:04 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-04-18 10:05 - 2014-04-18 10:07 - 00004212 _____ () C:\Windows\system32\jupdate-1.7.0_55-b14.log
2014-04-10 22:58 - 2014-04-10 22:58 - 00000000 __SHD () C:\Users\xxx\AppData\Local\EmieUserList
2014-04-10 22:58 - 2014-04-10 22:58 - 00000000 __SHD () C:\Users\xxx\AppData\Local\EmieSiteList
2014-04-10 12:50 - 2014-04-18 12:50 - 00000000 ____D () C:\Users\xxx\AppData\Roaming\FileAdvisor
2014-04-10 10:30 - 2014-03-06 11:19 - 17387008 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-10 10:30 - 2014-03-06 10:32 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-10 10:30 - 2014-03-06 10:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-04-10 10:30 - 2014-03-06 10:02 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-04-10 10:30 - 2014-03-06 10:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-04-10 10:30 - 2014-03-06 10:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-04-10 10:30 - 2014-03-06 09:47 - 02178048 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-04-10 10:30 - 2014-03-06 09:46 - 04254720 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-04-10 10:30 - 2014-03-06 09:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-04-10 10:30 - 2014-03-06 09:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-04-10 10:30 - 2014-03-06 09:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-04-10 10:30 - 2014-03-06 09:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-04-10 10:30 - 2014-03-06 09:38 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-04-10 10:30 - 2014-03-06 09:36 - 00592896 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-04-10 10:30 - 2014-03-06 09:28 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-04-10 10:30 - 2014-03-06 09:22 - 00367616 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-04-10 10:30 - 2014-03-06 09:18 - 00575488 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-04-10 10:30 - 2014-03-06 09:13 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-04-10 10:30 - 2014-03-06 09:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-04-10 10:30 - 2014-03-06 09:01 - 00244224 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-04-10 10:30 - 2014-03-06 08:46 - 00524288 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-04-10 10:30 - 2014-03-06 08:40 - 01967104 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-04-10 10:30 - 2014-03-06 08:36 - 11745792 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-04-10 10:30 - 2014-03-06 07:43 - 00704512 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-04-10 10:30 - 2014-03-06 07:41 - 01789440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-04-10 10:30 - 2014-03-06 07:36 - 01143808 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-04-10 10:25 - 2014-03-04 11:17 - 00868352 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-04-10 10:25 - 2014-02-04 04:07 - 00234432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2014-04-10 10:25 - 2014-02-04 04:07 - 00149440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-04-10 10:25 - 2014-02-04 04:07 - 00027072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2014-04-10 10:25 - 2014-02-04 04:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
2014-04-10 10:25 - 2014-01-24 04:18 - 01212352 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-04-09 12:49 - 2014-04-18 12:50 - 00000000 ____D () C:\Program Files\File Type Advisor
2014-03-28 17:45 - 2014-02-24 10:52 - 00340784 _____ (DisplayLink Corp.) C:\Windows\system32\Drivers\dlkmd.sys
2014-03-28 17:45 - 2014-02-24 10:52 - 00016688 _____ (DisplayLink Corp.) C:\Windows\system32\Drivers\dlkmdldr.sys

==================== One Month Modified Files and Folders =======

2014-04-20 12:23 - 2014-04-20 12:23 - 00000000 ____D () C:\Users\xxx\Desktop\FRST-OlderVersion
2014-04-20 12:23 - 2014-04-18 16:26 - 00012640 _____ () C:\Users\xxx\Desktop\FRST.txt
2014-04-20 12:23 - 2014-04-18 16:26 - 00000000 ____D () C:\FRST
2014-04-20 12:23 - 2014-04-18 16:25 - 01043968 _____ (Farbar) C:\Users\xxx\Desktop\FRST.exe
2014-04-20 12:23 - 2009-07-14 06:34 - 00022048 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-20 12:23 - 2009-07-14 06:34 - 00022048 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-20 12:22 - 2014-04-20 12:22 - 00000797 _____ () C:\Users\xxx\Desktop\JRT.txt
2014-04-20 12:21 - 2010-11-20 23:01 - 01629442 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-20 12:16 - 2014-04-20 11:14 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-20 12:16 - 2012-03-31 21:47 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-20 12:14 - 2012-11-16 18:31 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-20 12:14 - 2012-01-16 19:10 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-04-20 12:14 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-20 12:14 - 2009-07-14 06:39 - 00107176 _____ () C:\Windows\setupact.log
2014-04-20 12:12 - 2012-01-14 15:47 - 02046998 _____ () C:\Windows\WindowsUpdate.log
2014-04-20 12:06 - 2014-04-20 12:06 - 00002059 _____ () C:\Users\xxx\Desktop\AdwCleaner[S3].txt
2014-04-20 12:03 - 2014-04-18 11:10 - 00000000 ____D () C:\AdwCleaner
2014-04-20 12:01 - 2014-04-20 12:01 - 01308369 _____ () C:\Users\xxx\Desktop\adwcleaner.exe
2014-04-20 11:58 - 2014-04-20 11:57 - 00001548 _____ () C:\Users\xxx\Desktop\mbam.txt
2014-04-20 11:40 - 2012-11-16 18:31 - 00001114 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-20 11:14 - 2014-04-20 11:14 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2014-04-20 11:14 - 2013-10-31 23:45 - 00001070 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-04-20 11:14 - 2013-10-31 23:45 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-20 11:13 - 2014-04-20 11:13 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\xxx\Desktop\mbam-setup-2.0.1.1004.exe
2014-04-20 11:07 - 2014-04-20 11:07 - 01016261 _____ (Thisisu) C:\Users\xxx\Desktop\JRT.exe
2014-04-20 10:51 - 2014-04-20 10:51 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\xxx\Desktop\revosetup95.exe
2014-04-20 10:51 - 2014-04-20 10:51 - 00001232 _____ () C:\Users\xxx\Desktop\Revo Uninstaller.lnk
2014-04-20 10:51 - 2014-04-20 10:51 - 00000000 ____D () C:\Program Files\VS Revo Group
2014-04-18 16:33 - 2014-04-18 16:27 - 00021576 _____ () C:\Users\xxx\Desktop\Addition.txt
2014-04-18 12:50 - 2014-04-10 12:50 - 00000000 ____D () C:\Users\xxx\AppData\Roaming\FileAdvisor
2014-04-18 12:50 - 2014-04-09 12:49 - 00000000 ____D () C:\Program Files\File Type Advisor
2014-04-18 11:16 - 2012-11-16 18:30 - 00000000 ____D () C:\Program Files\Google
2014-04-18 11:16 - 2010-11-20 23:48 - 00878332 _____ () C:\Windows\PFRO.log
2014-04-18 10:57 - 2012-11-16 18:30 - 00000000 ____D () C:\Users\xxx\AppData\Local\Google
2014-04-18 10:09 - 2013-11-24 14:27 - 00000000 ____D () C:\ProgramData\Oracle
2014-04-18 10:07 - 2014-04-18 10:05 - 00004212 _____ () C:\Windows\system32\jupdate-1.7.0_55-b14.log
2014-04-18 10:07 - 2012-12-28 00:13 - 00000000 ____D () C:\Program Files\Java
2014-04-16 18:43 - 2012-01-15 10:47 - 00000000 ____D () C:\Users\xxx\AppData\Roaming\Mp3tag
2014-04-14 20:13 - 2014-04-18 10:07 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-04-14 20:05 - 2014-04-18 10:07 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-04-14 20:05 - 2014-04-18 10:07 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-04-14 20:04 - 2014-04-18 10:07 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-04-14 09:01 - 2012-01-16 22:49 - 00000000 ____D () C:\Users\xxx\AppData\Local\Adobe
2014-04-14 09:00 - 2012-03-31 21:47 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-04-14 09:00 - 2012-01-15 14:57 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-04-11 18:38 - 2013-05-25 16:54 - 00000000 ____D () C:\Users\xxx\Documents\Online-BankingPlus
2014-04-11 11:37 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\rescache
2014-04-10 22:58 - 2014-04-10 22:58 - 00000000 __SHD () C:\Users\xxx\AppData\Local\EmieUserList
2014-04-10 22:58 - 2014-04-10 22:58 - 00000000 __SHD () C:\Users\xxx\AppData\Local\EmieSiteList
2014-04-10 22:18 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\de-DE
2014-04-10 10:33 - 2009-07-14 04:04 - 00000528 _____ () C:\Windows\win.ini
2014-04-10 10:30 - 2013-07-11 18:03 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-10 10:27 - 2012-01-14 17:27 - 88028728 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-04-09 18:28 - 2012-01-15 15:10 - 00000000 ____D () C:\Users\xxx\AppData\Roaming\Free YouTube to MP3 Converter Studio
2014-04-09 14:42 - 2012-09-02 17:43 - 00000000 ____D () C:\Users\xxx\AppData\Roaming\MyPhoneExplorer
2014-04-09 13:37 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Registration
2014-04-09 12:49 - 2012-01-15 15:10 - 00000000 ____D () C:\Program Files\Free YouTube to MP3 Converter Studio
2014-04-03 09:51 - 2014-04-20 11:14 - 00073432 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-03 09:51 - 2014-04-20 11:14 - 00051416 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-03 09:50 - 2013-10-31 23:45 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-01 18:13 - 2013-12-01 12:59 - 00000000 ____D () C:\Users\xxx\AppData\Roaming\HpUpdate
2014-03-28 18:15 - 2012-04-03 20:40 - 00000000 ____D () C:\Users\xxx\AppData\Local\FRITZ!
2014-03-28 17:45 - 2012-04-12 18:21 - 00000000 ____D () C:\Program Files\DisplayLink Core Software
2014-03-26 19:06 - 2012-09-24 21:26 - 00001912 _____ () C:\Windows\epplauncher.mif
2014-03-26 19:05 - 2012-11-12 21:29 - 00000000 ____D () C:\Program Files\Microsoft Security Client

Some content of TEMP:
====================
C:\Users\Jutta\AppData\Local\Temp\AskSLib.dll
C:\Users\Jutta\AppData\Local\Temp\avgnt.exe
C:\Users\xxx\AppData\Local\Temp\avgnt.exe
C:\Users\xxx\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\xxx\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\xxx\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\xxx\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\xxx\AppData\Local\Temp\nvStInst.exe
C:\Users\xxx\AppData\Local\Temp\Quarantine.exe
C:\Users\xxx\AppData\Local\Temp\tmp426F.exe
C:\Users\xxx\AppData\Local\Temp\tmpFAB5.exe
C:\Users\xxx\AppData\Local\Temp\unrar.dll


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-04-09 10:18

==================== End Of Log ============================

--- --- ---

--- --- ---

Habe wieder den Namen durch xxx ersetzt.

Wie geht es jetzt weiter?

Danke
wolly0209

schrauber · 20.04.2014, 18:34

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?

wolly0209 · 21.04.2014, 08:20

Guten Morgen,

hier die Dateien:

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=ebb3ec86e60bbb4a80d2fcb62cdb6cbe
# engine=17961
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-04-21 03:00:32
# local_time=2014-04-21 05:00:32 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 97 43972 168720537 28773 0
# compatibility_mode=5893 16776574 100 94 24559376 149680423 0 0
# scanned=489454
# found=4
# cleaned=0
# scan_time=33123
sh=8A62D975000A557E19C45A7D7BBEDA729788F776 ft=0 fh=0000000000000000 vn="HTML/Hoax.FastDownload.C.Gen application" ac=I fn="C:\Documents and Settings\Jutta\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K3GFK3MA\firstload_com[1].htm"
sh=8A62D975000A557E19C45A7D7BBEDA729788F776 ft=0 fh=0000000000000000 vn="HTML/Hoax.FastDownload.C.Gen application" ac=I fn="C:\Dokumente und Einstellungen\Jutta\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K3GFK3MA\firstload_com[1].htm"
sh=8A62D975000A557E19C45A7D7BBEDA729788F776 ft=0 fh=0000000000000000 vn="HTML/Hoax.FastDownload.C.Gen application" ac=I fn="C:\Users\Jutta\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K3GFK3MA\firstload_com[1].htm"
sh=26DC58B1798A3301FF8FA0DFA5A38E1F56B4E9CE ft=0 fh=0000000000000000 vn="JS/Agent.NCA trojan" ac=I fn="G:\Eigene Dateien\Musik\MP3\_Sampler\Zusammenstellungen\Hitparaden\Billboard hot 100 singles & tracks year end charts\1957 - uv\Billboard top 100 - 1957.htm"

Leider kann ich die security.exe nicht herunterladen.

Hier aber die frst:

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 20-04-2014 02
Ran by xxx (administrator) on HODAN-LAPTOP on 21-04-2014 08:42:55
Running from C:\Users\xxx\Desktop
Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\MsMpEng.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkUserAgent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkUI.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Google) C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [NPSStartup] => [X]
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [OPSE reminder] => "C:\Program Files\ScanSoft\OmniPageSE2.0\EregGer\Ereg.exe" -r "C:\Program Files\ScanSoft\OmniPageSE2.0\EregGer\ereg.ini"
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2011-11-02] (Apple Inc.)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [951576 2014-03-11] (Microsoft Corporation)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-20] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [NvBackend] => C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe [2279712 2013-12-10] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\nvspcap.dll [982232 2013-12-10] (NVIDIA Corporation)
HKU\S-1-5-21-1598076674-1139964559-1205766370-1001\...\MountPoints2: {cfaa2137-7da3-11e1-b82a-001f1614721a} - H:\autorun.exe setup.exe -suppressUpToDateInfo

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x17946135C7D2CC00
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\ycmfar0d.default
FF Homepage: hxxp://192.168.178.1/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @nvidia.com/3DVision - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Snap.Do  - C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\ycmfar0d.default\Extensions\{3dfb2c3b-d442-99b1-f854-4556b56061a6} [2014-04-09]
FF StartMenuInternet: FIREFOX.EXE - firefox.exe

Chrome: 
=======
CHR HomePage: hxxp://192.168.178.1/
CHR StartupUrls: "hxxp://192.168.178.1/"
CHR DefaultSearchProvider: Web
CHR DefaultNewTabURL: 
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\34.0.1847.116\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\34.0.1847.116\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\34.0.1847.116\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U21) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File
CHR Extension: (Google Docs) - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-01-15]
CHR Extension: (Google Wallet) - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-06]

========================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 DisplayLinkService; C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe [8238384 2014-02-24] (DisplayLink Corp.)
S2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2014-03-11] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [279776 2014-03-11] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe [1494304 2013-12-10] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [14658848 2013-12-10] (NVIDIA Corporation)

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [90400 2013-12-17] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135648 2013-12-17] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-11-25] (Avira Operations GmbH & Co. KG)
R3 AVMCOWAN; C:\Windows\System32\DRIVERS\AVMCOWAN.sys [64000 2009-07-14] (AVM GmbH)
R3 AX88772; C:\Windows\System32\DRIVERS\ax88772.sys [69632 2013-12-03] (ASIX Electronics Corp.)
R3 DisplayLinkUsbIo; C:\Windows\System32\DRIVERS\DisplayLinkUsbIo_7.5.54018.0.sys [38192 2014-02-25] ()
R3 dlkmd; C:\Windows\system32\drivers\dlkmd.sys [340784 2014-02-24] (DisplayLink Corp.)
R0 dlkmdldr; C:\Windows\System32\drivers\dlkmdldr.sys [16688 2014-02-24] (DisplayLink Corp.)
S3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [36608 2010-06-14] ()
S3 FXUSBASE; C:\Windows\System32\DRIVERS\fxusbase.sys [588928 2009-07-14] (AVM Berlin)
S3 KMWDFILTERx86; C:\Windows\System32\DRIVERS\KMWDFILTER.sys [25088 2009-04-29] (Windows (R) Codename Longhorn DDK provider)
S3 LAN9500; C:\Windows\System32\DRIVERS\lan9500-x86-n51f.sys [57344 2012-04-03] (SMSC)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-04-03] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231960 2014-01-25] (Microsoft Corporation)
R1 MpKsl15cad167; C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{05694513-E9FB-4A88-A206-50CDFCBFB85E}\MpKsl15cad167.sys [39464 2014-04-20] (Microsoft Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad32v.sys [34080 2013-12-05] (NVIDIA Corporation)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-03-03] (Avira GmbH)
S3 DisplayLinkUsbPort; system32\DRIVERS\DisplayLinkUsbPort_6.3.40660.0.sys [X]
S3 dlcdbus; system32\DRIVERS\dlcdbus.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-20 19:44 - 2014-04-20 19:44 - 02347384 _____ (ESET) C:\Users\xxx\Desktop\esetsmartinstaller_enu.exe
2014-04-20 12:23 - 2014-04-21 08:42 - 00000000 ____D () C:\Users\xxx\Desktop\FRST-OlderVersion
2014-04-20 12:22 - 2014-04-20 12:27 - 00000775 _____ () C:\Users\xxx\Desktop\JRT.txt
2014-04-20 12:06 - 2014-04-20 12:26 - 00002015 _____ () C:\Users\xxx\Desktop\AdwCleaner[S3].txt
2014-04-20 12:01 - 2014-04-20 12:01 - 01308369 _____ () C:\Users\xxx\Desktop\adwcleaner.exe
2014-04-20 11:57 - 2014-04-20 12:26 - 00001537 _____ () C:\Users\xxx\Desktop\mbam.txt
2014-04-20 11:14 - 2014-04-20 19:25 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-20 11:14 - 2014-04-20 11:14 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2014-04-20 11:14 - 2014-04-03 09:51 - 00073432 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-20 11:14 - 2014-04-03 09:51 - 00051416 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-20 11:13 - 2014-04-20 11:13 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\xxx\Desktop\mbam-setup-2.0.1.1004.exe
2014-04-20 11:07 - 2014-04-20 11:07 - 01016261 _____ (Thisisu) C:\Users\xxx\Desktop\JRT.exe
2014-04-20 10:51 - 2014-04-20 10:51 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\xxx\Desktop\revosetup95.exe
2014-04-20 10:51 - 2014-04-20 10:51 - 00001232 _____ () C:\Users\xxx\Desktop\Revo Uninstaller.lnk
2014-04-20 10:51 - 2014-04-20 10:51 - 00000000 ____D () C:\Program Files\VS Revo Group
2014-04-18 16:27 - 2014-04-18 16:33 - 00021576 _____ () C:\Users\xxx\Desktop\Addition.txt
2014-04-18 16:26 - 2014-04-21 08:42 - 00012417 _____ () C:\Users\xxx\Desktop\FRST.txt
2014-04-18 16:26 - 2014-04-21 08:42 - 00000000 ____D () C:\FRST
2014-04-18 16:25 - 2014-04-21 08:42 - 01044480 _____ (Farbar) C:\Users\xxx\Desktop\FRST.exe
2014-04-18 11:10 - 2014-04-20 12:03 - 00000000 ____D () C:\AdwCleaner
2014-04-18 10:07 - 2014-04-14 20:13 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-04-18 10:07 - 2014-04-14 20:05 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-04-18 10:07 - 2014-04-14 20:05 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-04-18 10:07 - 2014-04-14 20:04 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-04-18 10:05 - 2014-04-18 10:07 - 00004212 _____ () C:\Windows\system32\jupdate-1.7.0_55-b14.log
2014-04-10 22:58 - 2014-04-10 22:58 - 00000000 __SHD () C:\Users\xxx\AppData\Local\EmieUserList
2014-04-10 22:58 - 2014-04-10 22:58 - 00000000 __SHD () C:\Users\xxx\AppData\Local\EmieSiteList
2014-04-10 12:50 - 2014-04-20 12:50 - 00000000 ____D () C:\Users\xxx\AppData\Roaming\FileAdvisor
2014-04-10 10:30 - 2014-03-06 11:19 - 17387008 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-10 10:30 - 2014-03-06 10:32 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-10 10:30 - 2014-03-06 10:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-04-10 10:30 - 2014-03-06 10:02 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-04-10 10:30 - 2014-03-06 10:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-04-10 10:30 - 2014-03-06 10:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-04-10 10:30 - 2014-03-06 09:47 - 02178048 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-04-10 10:30 - 2014-03-06 09:46 - 04254720 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-04-10 10:30 - 2014-03-06 09:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-04-10 10:30 - 2014-03-06 09:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-04-10 10:30 - 2014-03-06 09:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-04-10 10:30 - 2014-03-06 09:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-04-10 10:30 - 2014-03-06 09:38 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-04-10 10:30 - 2014-03-06 09:36 - 00592896 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-04-10 10:30 - 2014-03-06 09:28 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-04-10 10:30 - 2014-03-06 09:22 - 00367616 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-04-10 10:30 - 2014-03-06 09:18 - 00575488 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-04-10 10:30 - 2014-03-06 09:13 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-04-10 10:30 - 2014-03-06 09:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-04-10 10:30 - 2014-03-06 09:01 - 00244224 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-04-10 10:30 - 2014-03-06 08:46 - 00524288 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-04-10 10:30 - 2014-03-06 08:40 - 01967104 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-04-10 10:30 - 2014-03-06 08:36 - 11745792 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-04-10 10:30 - 2014-03-06 07:43 - 00704512 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-04-10 10:30 - 2014-03-06 07:41 - 01789440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-04-10 10:30 - 2014-03-06 07:36 - 01143808 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-04-10 10:25 - 2014-03-04 11:17 - 00868352 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-04-10 10:25 - 2014-02-04 04:07 - 00234432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2014-04-10 10:25 - 2014-02-04 04:07 - 00149440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-04-10 10:25 - 2014-02-04 04:07 - 00027072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2014-04-10 10:25 - 2014-02-04 04:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
2014-04-10 10:25 - 2014-01-24 04:18 - 01212352 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-04-09 12:49 - 2014-04-20 12:50 - 00000000 ____D () C:\Program Files\File Type Advisor
2014-03-28 17:45 - 2014-02-24 10:52 - 00340784 _____ (DisplayLink Corp.) C:\Windows\system32\Drivers\dlkmd.sys
2014-03-28 17:45 - 2014-02-24 10:52 - 00016688 _____ (DisplayLink Corp.) C:\Windows\system32\Drivers\dlkmdldr.sys

==================== One Month Modified Files and Folders =======

2014-04-21 08:43 - 2014-04-18 16:26 - 00012417 _____ () C:\Users\xxx\Desktop\FRST.txt
2014-04-21 08:42 - 2014-04-20 12:23 - 00000000 ____D () C:\Users\xxx\Desktop\FRST-OlderVersion
2014-04-21 08:42 - 2014-04-18 16:26 - 00000000 ____D () C:\FRST
2014-04-21 08:42 - 2014-04-18 16:25 - 01044480 _____ (Farbar) C:\Users\xxx\Desktop\FRST.exe
2014-04-21 08:40 - 2012-11-16 18:31 - 00001114 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-21 08:16 - 2012-03-31 21:47 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-20 19:44 - 2014-04-20 19:44 - 02347384 _____ (ESET) C:\Users\xxx\Desktop\esetsmartinstaller_enu.exe
2014-04-20 19:33 - 2012-01-14 15:47 - 02078981 _____ () C:\Windows\WindowsUpdate.log
2014-04-20 19:25 - 2014-04-20 11:14 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-20 17:40 - 2012-11-16 18:31 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-20 12:50 - 2014-04-10 12:50 - 00000000 ____D () C:\Users\xxx\AppData\Roaming\FileAdvisor
2014-04-20 12:50 - 2014-04-09 12:49 - 00000000 ____D () C:\Program Files\File Type Advisor
2014-04-20 12:27 - 2014-04-20 12:22 - 00000775 _____ () C:\Users\xxx\Desktop\JRT.txt
2014-04-20 12:26 - 2014-04-20 12:06 - 00002015 _____ () C:\Users\xxx\Desktop\AdwCleaner[S3].txt
2014-04-20 12:26 - 2014-04-20 11:57 - 00001537 _____ () C:\Users\xxx\Desktop\mbam.txt
2014-04-20 12:23 - 2009-07-14 06:34 - 00022048 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-20 12:23 - 2009-07-14 06:34 - 00022048 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-20 12:21 - 2010-11-20 23:01 - 01629442 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-20 12:14 - 2012-01-16 19:10 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-04-20 12:14 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-20 12:14 - 2009-07-14 06:39 - 00107176 _____ () C:\Windows\setupact.log
2014-04-20 12:03 - 2014-04-18 11:10 - 00000000 ____D () C:\AdwCleaner
2014-04-20 12:01 - 2014-04-20 12:01 - 01308369 _____ () C:\Users\xxx\Desktop\adwcleaner.exe
2014-04-20 11:14 - 2014-04-20 11:14 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2014-04-20 11:14 - 2013-10-31 23:45 - 00001070 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-04-20 11:14 - 2013-10-31 23:45 - 00000000 ____D () C:\Users\xxx\AppData\Roaming\Malwarebytes
2014-04-20 11:14 - 2013-10-31 23:45 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-20 11:13 - 2014-04-20 11:13 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\xxx\Desktop\mbam-setup-2.0.1.1004.exe
2014-04-20 11:07 - 2014-04-20 11:07 - 01016261 _____ (Thisisu) C:\Users\xxx\Desktop\JRT.exe
2014-04-20 10:51 - 2014-04-20 10:51 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\xxx\Desktop\revosetup95.exe
2014-04-20 10:51 - 2014-04-20 10:51 - 00001232 _____ () C:\Users\xxx\Desktop\Revo Uninstaller.lnk
2014-04-20 10:51 - 2014-04-20 10:51 - 00000000 ____D () C:\Program Files\VS Revo Group
2014-04-18 16:33 - 2014-04-18 16:27 - 00021576 _____ () C:\Users\xxx\Desktop\Addition.txt
2014-04-18 11:16 - 2012-11-16 18:30 - 00000000 ____D () C:\Program Files\Google
2014-04-18 11:16 - 2010-11-20 23:48 - 00878332 _____ () C:\Windows\PFRO.log
2014-04-18 10:57 - 2012-11-16 18:30 - 00000000 ____D () C:\Users\xxx\AppData\Local\Google
2014-04-18 10:09 - 2013-11-24 14:27 - 00000000 ____D () C:\ProgramData\Oracle
2014-04-18 10:07 - 2014-04-18 10:05 - 00004212 _____ () C:\Windows\system32\jupdate-1.7.0_55-b14.log
2014-04-18 10:07 - 2012-12-28 00:13 - 00000000 ____D () C:\Program Files\Java
2014-04-16 18:43 - 2012-01-15 10:47 - 00000000 ____D () C:\Users\xxx\AppData\Roaming\Mp3tag
2014-04-14 20:13 - 2014-04-18 10:07 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-04-14 20:05 - 2014-04-18 10:07 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-04-14 20:05 - 2014-04-18 10:07 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-04-14 20:04 - 2014-04-18 10:07 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-04-14 09:01 - 2012-01-16 22:49 - 00000000 ____D () C:\Users\xxx\AppData\Local\Adobe
2014-04-14 09:00 - 2012-03-31 21:47 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-04-14 09:00 - 2012-01-15 14:57 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-04-11 18:38 - 2013-05-25 16:54 - 00000000 ____D () C:\Users\xxx\Documents\Online-BankingPlus
2014-04-11 11:37 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\rescache
2014-04-10 22:58 - 2014-04-10 22:58 - 00000000 __SHD () C:\Users\xxx\AppData\Local\EmieUserList
2014-04-10 22:58 - 2014-04-10 22:58 - 00000000 __SHD () C:\Users\xxx\AppData\Local\EmieSiteList
2014-04-10 22:18 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\de-DE
2014-04-10 10:33 - 2009-07-14 04:04 - 00000528 _____ () C:\Windows\win.ini
2014-04-10 10:30 - 2013-07-11 18:03 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-10 10:27 - 2012-01-14 17:27 - 88028728 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-04-09 18:28 - 2012-01-15 15:10 - 00000000 ____D () C:\Users\xxx\AppData\Roaming\Free YouTube to MP3 Converter Studio
2014-04-09 14:42 - 2012-09-02 17:43 - 00000000 ____D () C:\Users\xxx\AppData\Roaming\MyPhoneExplorer
2014-04-09 13:37 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Registration
2014-04-09 12:49 - 2012-01-15 15:10 - 00000000 ____D () C:\Program Files\Free YouTube to MP3 Converter Studio
2014-04-03 09:51 - 2014-04-20 11:14 - 00073432 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-03 09:51 - 2014-04-20 11:14 - 00051416 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-03 09:50 - 2013-10-31 23:45 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-01 18:13 - 2013-12-01 12:59 - 00000000 ____D () C:\Users\xxx\AppData\Roaming\HpUpdate
2014-03-28 18:15 - 2012-04-03 20:40 - 00000000 ____D () C:\Users\xxx\AppData\Local\FRITZ!
2014-03-28 17:45 - 2012-04-12 18:21 - 00000000 ____D () C:\Program Files\DisplayLink Core Software
2014-03-26 19:06 - 2012-09-24 21:26 - 00001912 _____ () C:\Windows\epplauncher.mif
2014-03-26 19:05 - 2012-11-12 21:29 - 00000000 ____D () C:\Program Files\Microsoft Security Client

Some content of TEMP:
====================
C:\Users\Jutta\AppData\Local\Temp\AskSLib.dll
C:\Users\Jutta\AppData\Local\Temp\avgnt.exe
C:\Users\xxx\AppData\Local\Temp\avgnt.exe
C:\Users\xxx\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\xxx\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\xxx\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\xxx\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\xxx\AppData\Local\Temp\nvStInst.exe
C:\Users\xxx\AppData\Local\Temp\Quarantine.exe
C:\Users\xxx\AppData\Local\Temp\tmp426F.exe
C:\Users\xxx\AppData\Local\Temp\tmpFAB5.exe
C:\Users\xxx\AppData\Local\Temp\unrar.dll


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-04-20 13:07

==================== End Of Log ============================

--- --- ---

--- --- ---

Wie geht es jetzt weiter?

Danke weiterhin
wolly0209

schrauber · 21.04.2014, 20:51

Fertig

Die Reihenfolge ist hier entscheidend.

Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
- Windowstaste + R > Combofix /Uninstall (eingeben) > OK
- Alternative: Combofix.exe in uninstall.exe umbenennen und starten
- Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
Downloade Dir bitte auf jeden Fall DelFix auf deinen Desktop:
- Schließe alle offenen Programme.
- Starte die delfix.exe mit einem Doppelklick.
- Setze vor jede Funktion ein Häkchen.
- Klicke auf Start.
- Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
- Starte deinen Rechner abschließend neu.
Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.

Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun

Hier noch ein paar Tipps zur Absicherung deines Systems.

Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.

Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
Windows Updates
- Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
- Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
Gehe sicher das die automatischen Updates aktiviert sind.
Software Updates
Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.

Anti- Viren Software

Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.

Zusätzlicher Schutz

MalwareBytes Anti Malware
Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
Ein Tutorial zur Verwendung findest Du hier.
WinPatrol
Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.

Sicheres Browsen

SpywareBlaster
Eine kurze Einführung findest du Hier
MVPs hosts file
Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
WOT (Web of trust)
Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.

Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.

Opera
Mozilla Firefox.
- Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
- NoScript
  Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
- AdblockPlus
  Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
  Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )

Don'ts

Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe

Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.

Snap.do und Sanp.do engine lassen sich nicht aus Systemsteuerung entfernen

Plagegeister aller Art und deren Bekämpfung: Snap.do und Sanp.do engine lassen sich nicht aus Systemsteuerung entfernen