AVAST und Malwarebytes melden mehrere Funde

cosinus · 23.04.2014, 23:40

Schön

Okay, dann bitte Kontrollscans mit MBAM und ESET bitte:

Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Dragon79 · 24.04.2014, 02:19

Code:

ATTFilter

 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 24.04.2014
Suchlauf-Zeit: 00:55:35
Logdatei: fgfggfgf.txt
Administrator: Nein

Version: 2.00.1.1004
Malware Datenbank: v2014.04.23.09
Rootkit Datenbank: v2014.03.27.01
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Chameleon: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: DTM

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 208389
Verstrichene Zeit: 10 Min, 12 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Shuriken: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 28
PUP.Optional.DynConIE.A, HKLM\SOFTWARE\CLASSES\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}, Löschen bei Neustart, [6d58a885c0bba690da16ee2bba4845bb], 
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{0400EBCA-042C-4000-AA89-9713FBEDB671}, Löschen bei Neustart, [af1651dc1c5f95a1c7f275d9a35f3bc5], 
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\TypeLib\{FBC322D5-407E-4854-8C0B-555B951FD8E3}, In Quarantäne, [e2e3ef3e5e1d3204229792bc56ac738d], 
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{0BD19251-4B4B-4B94-AB16-617106245BB7}, Löschen bei Neustart, [e2e3ef3e5e1d3204229792bc56ac738d], 
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{3281114F-BCAB-45E3-80D9-A6CD64D4E636}, Löschen bei Neustart, [e2e3ef3e5e1d3204229792bc56ac738d], 
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{44533FCB-F9FB-436A-8B6B-CF637B2D465A}, Löschen bei Neustart, [e2e3ef3e5e1d3204229792bc56ac738d], 
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{44B29DDD-CF7A-454A-A275-A322A398D93F}, Löschen bei Neustart, [e2e3ef3e5e1d3204229792bc56ac738d], 
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{A4DE94DB-DF03-45A3-8A5D-D1B7464B242D}, Löschen bei Neustart, [e2e3ef3e5e1d3204229792bc56ac738d], 
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{AA0F50A8-2618-4AE4-A779-9F7378555A8F}, Löschen bei Neustart, [e2e3ef3e5e1d3204229792bc56ac738d], 
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{B2DB115C-8278-4947-9A07-57B53D1C4215}, Löschen bei Neustart, [e2e3ef3e5e1d3204229792bc56ac738d], 
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{B97FC455-DB33-431D-84DB-6F1514110BD5}, Löschen bei Neustart, [e2e3ef3e5e1d3204229792bc56ac738d], 
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{C67281E0-78F5-4E49-9FAE-4B1B2ADAF17B}, Löschen bei Neustart, [e2e3ef3e5e1d3204229792bc56ac738d], 
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{E72E9312-0367-4216-BFC7-21485FA8390B}, Löschen bei Neustart, [e2e3ef3e5e1d3204229792bc56ac738d], 
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{F6CCB6C9-127E-44AE-8552-B94356F39FFE}, Löschen bei Neustart, [e2e3ef3e5e1d3204229792bc56ac738d], 
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{FFD25630-2734-4AE9-88E6-21BF6525F3FE}, Löschen bei Neustart, [e2e3ef3e5e1d3204229792bc56ac738d], 
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{0BD19251-4B4B-4B94-AB16-617106245BB7}, Löschen bei Neustart, [e2e3ef3e5e1d3204229792bc56ac738d], 
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{3281114F-BCAB-45E3-80D9-A6CD64D4E636}, Löschen bei Neustart, [e2e3ef3e5e1d3204229792bc56ac738d], 
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{44533FCB-F9FB-436A-8B6B-CF637B2D465A}, Löschen bei Neustart, [e2e3ef3e5e1d3204229792bc56ac738d], 
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{44B29DDD-CF7A-454A-A275-A322A398D93F}, Löschen bei Neustart, [e2e3ef3e5e1d3204229792bc56ac738d], 
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{A4DE94DB-DF03-45A3-8A5D-D1B7464B242D}, Löschen bei Neustart, [e2e3ef3e5e1d3204229792bc56ac738d], 
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{AA0F50A8-2618-4AE4-A779-9F7378555A8F}, Löschen bei Neustart, [e2e3ef3e5e1d3204229792bc56ac738d], 
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{B2DB115C-8278-4947-9A07-57B53D1C4215}, Löschen bei Neustart, [e2e3ef3e5e1d3204229792bc56ac738d], 
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{B97FC455-DB33-431D-84DB-6F1514110BD5}, Löschen bei Neustart, [e2e3ef3e5e1d3204229792bc56ac738d], 
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{C67281E0-78F5-4E49-9FAE-4B1B2ADAF17B}, Löschen bei Neustart, [e2e3ef3e5e1d3204229792bc56ac738d], 
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{E72E9312-0367-4216-BFC7-21485FA8390B}, Löschen bei Neustart, [e2e3ef3e5e1d3204229792bc56ac738d], 
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{F6CCB6C9-127E-44AE-8552-B94356F39FFE}, Löschen bei Neustart, [e2e3ef3e5e1d3204229792bc56ac738d], 
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{FFD25630-2734-4AE9-88E6-21BF6525F3FE}, Löschen bei Neustart, [e2e3ef3e5e1d3204229792bc56ac738d], 
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TypeLib\{FBC322D5-407E-4854-8C0B-555B951FD8E3}, In Quarantäne, [17ae191427541c1a417896b8c43e31cf], 

Registrierungswerte: 0
(No malicious items detected)

Registrierungsdaten: 0
(No malicious items detected)

Ordner: 0
(No malicious items detected)

Dateien: 0
(No malicious items detected)

Physische Sektoren: 0
(No malicious items detected)


(end)

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6889
# api_version=3.0.2
# EOSSerial=f539af377a2502408d1a65c8cda10ad0
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2013-01-27 09:33:51
# local_time=2013-01-27 10:33:51 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=774 16777213 100 91 7901 136032303 0 0
# compatibility_mode=5893 16776573 100 94 147359 110952281 0 0
# scanned=141536
# found=0
# cleaned=0
# scan_time=2124
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=f539af377a2502408d1a65c8cda10ad0
# engine=13093
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2013-02-10 10:06:17
# local_time=2013-02-10 11:06:17 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=774 16777213 100 91 90844 137243849 0 0
# compatibility_mode=5893 16776574 100 94 1355305 112163827 0 0
# scanned=115952
# found=3
# cleaned=3
# scan_time=2849
sh=71435DDB11E00D0243380C4902324853FE4ECE8F ft=1 fh=12b0cd2dde452d65 vn="Variante von Win32/Bundled.Toolbar.Ask Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\Carsten\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D8230ZA5\ApnIC[1].0"
sh=71435DDB11E00D0243380C4902324853FE4ECE8F ft=1 fh=12b0cd2dde452d65 vn="Variante von Win32/Bundled.Toolbar.Ask Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\Carsten\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZHMSP7JG\ApnIC[1].0"
sh=71435DDB11E00D0243380C4902324853FE4ECE8F ft=1 fh=12b0cd2dde452d65 vn="Variante von Win32/Bundled.Toolbar.Ask Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\Carsten\AppData\Local\Temp\AskSLib.dll"
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=f539af377a2502408d1a65c8cda10ad0
# engine=13117
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2013-02-10 11:15:31
# local_time=2013-02-11 12:15:31 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=774 16777213 100 91 98598 137248003 0 0
# compatibility_mode=5893 16776574 100 94 1363059 112167981 0 0
# scanned=115784
# found=0
# cleaned=0
# scan_time=2700
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=f539af377a2502408d1a65c8cda10ad0
# engine=13171
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2013-02-16 04:22:43
# local_time=2013-02-16 05:22:43 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=774 16777213 100 91 332389 137741635 0 0
# compatibility_mode=5893 16776574 100 94 1853091 112661613 0 0
# scanned=118687
# found=0
# cleaned=0
# scan_time=2969
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=f539af377a2502408d1a65c8cda10ad0
# engine=14346
# end=stopped
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2013-07-10 10:30:41
# local_time=2013-07-11 12:30:41 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=774 16777213 85 91 85219 150205313 0 0
# compatibility_mode=5893 16776574 100 94 85096 125125291 0 0
# scanned=104093
# found=3
# cleaned=0
# scan_time=3349
sh=5DB117E423FA14205BCB026FA011ADBCF22F01E6 ft=1 fh=7357e4ea35d32fbb vn="Win32/OpenCandy Anwendung" ac=I fn="C:\Program Files (x86)\Alternative Flash Player Auto-Updater\update.exe"
sh=F7C72C5EC5334C58465B8A4257978531B19C4098 ft=1 fh=0ab1d01b6bb0271d vn="Win32/OpenCandy Anwendung" ac=I fn="C:\Users\DTM\Desktop\FreeYouTubeDownload_3.2.1.320.exe"
sh=5DB117E423FA14205BCB026FA011ADBCF22F01E6 ft=1 fh=7357e4ea35d32fbb vn="Win32/OpenCandy Anwendung" ac=I fn="C:\Users\DTM\Documents\Alternative Flash Player Auto-Updater\update.exe"
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=f539af377a2502408d1a65c8cda10ad0
# engine=14358
# end=stopped
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2013-07-11 06:24:53
# local_time=2013-07-11 08:24:53 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=774 16777213 85 91 3179 150276965 0 0
# compatibility_mode=5893 16776574 100 94 156748 125196943 0 0
# scanned=327
# found=0
# cleaned=0
# scan_time=13
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=f539af377a2502408d1a65c8cda10ad0
# engine=14358
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2013-07-11 07:52:13
# local_time=2013-07-11 09:52:13 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=774 16777213 85 91 8419 150282205 0 0
# compatibility_mode=5893 16776574 100 94 161988 125202183 0 0
# scanned=134720
# found=3
# cleaned=3
# scan_time=4955
sh=5DB117E423FA14205BCB026FA011ADBCF22F01E6 ft=1 fh=7357e4ea35d32fbb vn="Win32/OpenCandy Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Program Files (x86)\Alternative Flash Player Auto-Updater\update.exe"
sh=F7C72C5EC5334C58465B8A4257978531B19C4098 ft=1 fh=0ab1d01b6bb0271d vn="Win32/OpenCandy Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\DTM\Desktop\FreeYouTubeDownload_3.2.1.320.exe"
sh=5DB117E423FA14205BCB026FA011ADBCF22F01E6 ft=1 fh=7357e4ea35d32fbb vn="Win32/OpenCandy Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\DTM\Documents\Alternative Flash Player Auto-Updater\update.exe"
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=f539af377a2502408d1a65c8cda10ad0
# engine=14364
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-07-12 01:57:00
# local_time=2013-07-12 03:57:00 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=774 16777213 85 91 73506 150347292 0 0
# compatibility_mode=5893 16776574 100 94 227075 125267270 0 0
# scanned=134969
# found=0
# cleaned=0
# scan_time=5152
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=f539af377a2502408d1a65c8cda10ad0
# engine=14605
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2013-07-31 08:36:38
# local_time=2013-07-31 10:36:38 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=774 16777213 85 91 535236 152012870 0 0
# compatibility_mode=5893 16776574 100 94 1892653 126932848 0 0
# scanned=136189
# found=0
# cleaned=0
# scan_time=5452
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=f539af377a2502408d1a65c8cda10ad0
# engine=14776
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2013-08-14 09:10:42
# local_time=2013-08-14 11:10:42 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=774 16777213 85 91 354628 153224514 0 0
# compatibility_mode=5893 16776574 100 94 3104297 128144492 0 0
# scanned=138954
# found=1
# cleaned=1
# scan_time=4242
sh=E64481B860A007799D011E1EC6E79226D9E070EB ft=1 fh=e5fcce4834a4a98e vn="Win32/OpenCandy Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\DTM\Documents\Alternative Flash Player Auto-Updater\update.exe"
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=f539af377a2502408d1a65c8cda10ad0
# engine=14920
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2013-08-27 03:39:06
# local_time=2013-08-27 05:39:06 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=774 16777213 85 91 447305 154327818 0 0
# compatibility_mode=5893 16776574 100 94 4207601 129247796 0 0
# scanned=138103
# found=2
# cleaned=2
# scan_time=4121
sh=F7C72C5EC5334C58465B8A4257978531B19C4098 ft=1 fh=0ab1d01b6bb0271d vn="Win32/OpenCandy Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\DTM\Desktop\FreeYouTubeDownload_3.2.1.320.exe"
sh=5DB117E423FA14205BCB026FA011ADBCF22F01E6 ft=1 fh=7357e4ea35d32fbb vn="Win32/OpenCandy Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\DTM\Documents\Alternative Flash Player Auto-Updater\update.exe"
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=f539af377a2502408d1a65c8cda10ad0
# engine=15094
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2013-09-11 07:31:37
# local_time=2013-09-11 09:31:37 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=774 16777213 85 91 196448 155637769 0 0
# compatibility_mode=5893 16776574 100 94 5517552 130557747 0 0
# scanned=138615
# found=2
# cleaned=2
# scan_time=4084
sh=5DB117E423FA14205BCB026FA011ADBCF22F01E6 ft=1 fh=7357e4ea35d32fbb vn="Win32/OpenCandy Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Program Files (x86)\Alternative Flash Player Auto-Updater\update.exe"
sh=5DB117E423FA14205BCB026FA011ADBCF22F01E6 ft=1 fh=7357e4ea35d32fbb vn="Win32/OpenCandy Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\DTM\Documents\Alternative Flash Player Auto-Updater\update.exe"
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=f539af377a2502408d1a65c8cda10ad0
# engine=15177
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2013-09-18 03:31:35
# local_time=2013-09-18 05:31:35 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=774 16777213 85 91 230172 156228167 0 0
# compatibility_mode=5893 16776574 100 94 6107950 131148145 0 0
# scanned=138709
# found=2
# cleaned=2
# scan_time=4285
sh=6BFA513F3622B36A6213132F5BEF5053FA935068 ft=1 fh=ea5a920848189c63 vn="möglicherweise unbekannter Virus NewHeur_PE Virus (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Program Files (x86)\Auslogics\DiskDefrag\DiskDefrag.exe"
sh=5D11E337A024E939DA4DC2D917698EA807D46A19 ft=1 fh=d4ac60c0f829146a vn="Variante von Win32/DownloadSponsor.A Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\DTM\Downloads\Passfoto Manager Installer.exe"
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=f539af377a2502408d1a65c8cda10ad0
# engine=15874
# end=stopped
# remove_checked=false
# archives_checked=false
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-11-13 10:10:35
# local_time=2013-11-13 11:10:35 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=774 16777213 85 83 108541 161090507 0 0
# compatibility_mode=5893 16776574 100 94 10970290 136010485 0 0
# scanned=139671
# found=0
# cleaned=0
# scan_time=4435
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=f539af377a2502408d1a65c8cda10ad0
# engine=16787
# end=stopped
# remove_checked=false
# archives_checked=false
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-01-24 07:33:32
# local_time=2014-01-24 08:33:32 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=774 16777213 85 77 2413462 2417218 0 0
# compatibility_mode=5893 16776574 100 94 17181667 142221862 0 0
# scanned=7516
# found=0
# cleaned=0
# scan_time=353
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=f539af377a2502408d1a65c8cda10ad0
# engine=16940
# end=stopped
# remove_checked=false
# archives_checked=false
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-02-04 10:13:08
# local_time=2014-02-04 11:13:08 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=774 16777213 85 77 10349 89421 0 0
# compatibility_mode=5893 16776574 100 94 18141643 143181838 0 0
# scanned=125289
# found=0
# cleaned=0
# scan_time=4194
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=f539af377a2502408d1a65c8cda10ad0
# engine=17087
# end=stopped
# remove_checked=false
# archives_checked=false
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-02-15 04:50:12
# local_time=2014-02-15 05:50:12 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=774 16777213 85 77 944973 1020445 0 0
# compatibility_mode=5893 16776574 100 94 19072667 144112862 0 0
# scanned=833
# found=0
# cleaned=0
# scan_time=36
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=f539af377a2502408d1a65c8cda10ad0
# engine=17087
# end=stopped
# remove_checked=false
# archives_checked=false
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-02-15 06:09:07
# local_time=2014-02-15 07:09:07 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=774 16777213 85 77 946108 1025180 0 0
# compatibility_mode=5893 16776574 100 94 19077402 144117597 0 0
# scanned=20390
# found=0
# cleaned=0
# scan_time=597
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=f539af377a2502408d1a65c8cda10ad0
# engine=17949
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-04-18 08:22:04
# local_time=2014-04-18 10:22:04 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=774 16777213 85 76 2149370 2153057 0 0
# compatibility_mode=5893 16776574 100 94 24442179 149482374 0 0
# scanned=146357
# found=4
# cleaned=4
# scan_time=4303
sh=246E1AD3A4ABA80BA61B1B98A10091D8A66D5883 ft=1 fh=a0d15ac9403ef03f vn="Win32/BrowseFox.C evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\lucky leap\luckyleapUninstall.exe.vir"
sh=16068B8977B4DC562AE782D91BC009472667E331 ft=1 fh=c3b5a87b7d152749 vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Carsten\AppData\Local\Temp\OCS\ocs_v71a.exe.vir"
sh=1F086C18C59F6F0CBE7C0A03C111F4F5B43DDCDB ft=1 fh=f9b46d7c76787cfa vn="Win32/OpenCandy potenziell unsichere Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\DTM\Downloads\Youtube Downloader\FreeYouTubeDownload-3.2.20.1230.exe"
sh=8FCF97C2F1FE60E407CCEB0E19CF28B0C96C8CC1 ft=1 fh=35272a6e1d023cfd vn="Variante von Win32/Toolbar.Widgi.B evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\DTM\Downloads\Youtube Downloader\YTD471Setup.exe"
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=f539af377a2502408d1a65c8cda10ad0
# engine=18006
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-04-24 01:06:37
# local_time=2014-04-24 03:06:37 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=774 16777213 85 76 30633 2602130 0 0
# compatibility_mode=5893 16776574 100 94 24891252 149931447 0 0
# scanned=145845
# found=3
# cleaned=3
# scan_time=7068
sh=77E3B8C01D35824C5A7690FC16CAC4DB5F56B84F ft=0 fh=0000000000000000 vn="Win32/BrowseFox.B evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Carsten\AppData\Roaming\Mozilla\Firefox\Profiles\i87wetys.default\Extensions\firefox@luckyleap.net.xpi.vir"
sh=1F086C18C59F6F0CBE7C0A03C111F4F5B43DDCDB ft=1 fh=f9b46d7c76787cfa vn="Win32/OpenCandy potenziell unsichere Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\DTM\Downloads\Youtube Downloader\FreeYouTubeDownload-3.2.20.1230.exe"
sh=8FCF97C2F1FE60E407CCEB0E19CF28B0C96C8CC1 ft=1 fh=35272a6e1d023cfd vn="Variante von Win32/Toolbar.Widgi.B evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\DTM\Downloads\Youtube Downloader\YTD471Setup.exe"

cosinus · 24.04.2014, 08:23

Nur ein paar Reste.

TFC - Temp File Cleaner

Lade dir

TFC (TempFileCleaner von Oldtimer) herunter und speichere es auf den Desktop.

Öffne die TFC.exe.
Vista und Win 7 User mit Rechtsklick "als Administrator starten".
Schließe alle anderen Programme.
Drücke auf den Button Start.
Falls du zu einem Neustart aufgefordert wirst, bestätige diesen.

Sieht soweit ok aus

Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat. Ist aber nur optional. Um Usertracking zu verhindern kann man gut die Firefox-Erweiterung Ghostery verwenden.

Info: Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie )

Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller
Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird.

Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?

Dragon79 · 24.04.2014, 17:06

Laut Malwarebytes ist mein System nicht in Ordnung das geht ja schon aus dem oberen Log hervor.
Komischerweise wurde laut Log File alles in Quarantäne verschoben und nach dem Neustart gelöscht. Nur findet der Scanner den gleichen Müll nun wieder

Hier neues Malwarebytes Log:

Code:

ATTFilter

 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 24.04.2014
Suchlauf-Zeit: 17:55:54
Logdatei: dfdfghg.txt
Administrator: Nein

Version: 2.00.1.1004
Malware Datenbank: v2014.04.24.07
Rootkit Datenbank: v2014.03.27.01
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Chameleon: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: DTM

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 209599
Verstrichene Zeit: 11 Min, 5 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Shuriken: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 28
PUP.Optional.DynConIE.A, HKLM\SOFTWARE\CLASSES\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}, Löschen bei Neustart, [c562c56908735ed84b2c8e8c0bf743bd], 
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{0400EBCA-042C-4000-AA89-9713FBEDB671}, Löschen bei Neustart, [a780c26c94e75cda68d88cc3f40e6e92], 
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\TypeLib\{FBC322D5-407E-4854-8C0B-555B951FD8E3}, In Quarantäne, [6fb81e102754ee48b18f54fbc0429e62], 
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{0BD19251-4B4B-4B94-AB16-617106245BB7}, Löschen bei Neustart, [6fb81e102754ee48b18f54fbc0429e62], 
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{3281114F-BCAB-45E3-80D9-A6CD64D4E636}, Löschen bei Neustart, [6fb81e102754ee48b18f54fbc0429e62], 
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{44533FCB-F9FB-436A-8B6B-CF637B2D465A}, Löschen bei Neustart, [6fb81e102754ee48b18f54fbc0429e62], 
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{44B29DDD-CF7A-454A-A275-A322A398D93F}, Löschen bei Neustart, [6fb81e102754ee48b18f54fbc0429e62], 
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{A4DE94DB-DF03-45A3-8A5D-D1B7464B242D}, Löschen bei Neustart, [6fb81e102754ee48b18f54fbc0429e62], 
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{AA0F50A8-2618-4AE4-A779-9F7378555A8F}, Löschen bei Neustart, [6fb81e102754ee48b18f54fbc0429e62], 
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{B2DB115C-8278-4947-9A07-57B53D1C4215}, Löschen bei Neustart, [6fb81e102754ee48b18f54fbc0429e62], 
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{B97FC455-DB33-431D-84DB-6F1514110BD5}, Löschen bei Neustart, [6fb81e102754ee48b18f54fbc0429e62], 
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{C67281E0-78F5-4E49-9FAE-4B1B2ADAF17B}, Löschen bei Neustart, [6fb81e102754ee48b18f54fbc0429e62], 
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{E72E9312-0367-4216-BFC7-21485FA8390B}, Löschen bei Neustart, [6fb81e102754ee48b18f54fbc0429e62], 
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{F6CCB6C9-127E-44AE-8552-B94356F39FFE}, Löschen bei Neustart, [6fb81e102754ee48b18f54fbc0429e62], 
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{FFD25630-2734-4AE9-88E6-21BF6525F3FE}, Löschen bei Neustart, [6fb81e102754ee48b18f54fbc0429e62], 
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{0BD19251-4B4B-4B94-AB16-617106245BB7}, Löschen bei Neustart, [6fb81e102754ee48b18f54fbc0429e62], 
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{3281114F-BCAB-45E3-80D9-A6CD64D4E636}, Löschen bei Neustart, [6fb81e102754ee48b18f54fbc0429e62], 
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{44533FCB-F9FB-436A-8B6B-CF637B2D465A}, Löschen bei Neustart, [6fb81e102754ee48b18f54fbc0429e62], 
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{44B29DDD-CF7A-454A-A275-A322A398D93F}, Löschen bei Neustart, [6fb81e102754ee48b18f54fbc0429e62], 
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{A4DE94DB-DF03-45A3-8A5D-D1B7464B242D}, Löschen bei Neustart, [6fb81e102754ee48b18f54fbc0429e62], 
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{AA0F50A8-2618-4AE4-A779-9F7378555A8F}, Löschen bei Neustart, [6fb81e102754ee48b18f54fbc0429e62], 
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{B2DB115C-8278-4947-9A07-57B53D1C4215}, Löschen bei Neustart, [6fb81e102754ee48b18f54fbc0429e62], 
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{B97FC455-DB33-431D-84DB-6F1514110BD5}, Löschen bei Neustart, [6fb81e102754ee48b18f54fbc0429e62], 
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{C67281E0-78F5-4E49-9FAE-4B1B2ADAF17B}, Löschen bei Neustart, [6fb81e102754ee48b18f54fbc0429e62], 
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{E72E9312-0367-4216-BFC7-21485FA8390B}, Löschen bei Neustart, [6fb81e102754ee48b18f54fbc0429e62], 
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{F6CCB6C9-127E-44AE-8552-B94356F39FFE}, Löschen bei Neustart, [6fb81e102754ee48b18f54fbc0429e62], 
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{FFD25630-2734-4AE9-88E6-21BF6525F3FE}, Löschen bei Neustart, [6fb81e102754ee48b18f54fbc0429e62], 
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TypeLib\{FBC322D5-407E-4854-8C0B-555B951FD8E3}, In Quarantäne, [9b8cbc729fdc41f5c977b39c3dc5ca36], 

Registrierungswerte: 0
(No malicious items detected)

Registrierungsdaten: 0
(No malicious items detected)

Ordner: 0
(No malicious items detected)

Dateien: 0
(No malicious items detected)

Physische Sektoren: 0
(No malicious items detected)


(end)

cosinus · 24.04.2014, 22:47

Mach bitte morgen früh nochmal nen Scan mit aktuellen Signaturen

Dragon79 · 25.04.2014, 11:00

Ohne Worte

Code:

ATTFilter

 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 25.04.2014
Suchlauf-Zeit: 11:58:51
Logdatei: hjkk.txt
Administrator: Nein

Version: 2.00.1.1004
Malware Datenbank: v2014.04.25.04
Rootkit Datenbank: v2014.03.27.01
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Chameleon: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: DTM

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 209757
Verstrichene Zeit: 12 Min, 25 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Shuriken: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 28
PUP.Optional.DynConIE.A, HKLM\SOFTWARE\CLASSES\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}, Löschen bei Neustart, [ea9eb47a364539fd7a5593870bf7f907], 
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{0400EBCA-042C-4000-AA89-9713FBEDB671}, Löschen bei Neustart, [55339e903249f6406731f25d37cb28d8], 
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\TypeLib\{FBC322D5-407E-4854-8C0B-555B951FD8E3}, In Quarantäne, [741456d896e587af8315e7687f839f61], 
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{0BD19251-4B4B-4B94-AB16-617106245BB7}, Löschen bei Neustart, [741456d896e587af8315e7687f839f61], 
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{3281114F-BCAB-45E3-80D9-A6CD64D4E636}, Löschen bei Neustart, [741456d896e587af8315e7687f839f61], 
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{44533FCB-F9FB-436A-8B6B-CF637B2D465A}, Löschen bei Neustart, [741456d896e587af8315e7687f839f61], 
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{44B29DDD-CF7A-454A-A275-A322A398D93F}, Löschen bei Neustart, [741456d896e587af8315e7687f839f61], 
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{A4DE94DB-DF03-45A3-8A5D-D1B7464B242D}, Löschen bei Neustart, [741456d896e587af8315e7687f839f61], 
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{AA0F50A8-2618-4AE4-A779-9F7378555A8F}, Löschen bei Neustart, [741456d896e587af8315e7687f839f61], 
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{B2DB115C-8278-4947-9A07-57B53D1C4215}, Löschen bei Neustart, [741456d896e587af8315e7687f839f61], 
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{B97FC455-DB33-431D-84DB-6F1514110BD5}, Löschen bei Neustart, [741456d896e587af8315e7687f839f61], 
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{C67281E0-78F5-4E49-9FAE-4B1B2ADAF17B}, Löschen bei Neustart, [741456d896e587af8315e7687f839f61], 
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{E72E9312-0367-4216-BFC7-21485FA8390B}, Löschen bei Neustart, [741456d896e587af8315e7687f839f61], 
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{F6CCB6C9-127E-44AE-8552-B94356F39FFE}, Löschen bei Neustart, [741456d896e587af8315e7687f839f61], 
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{FFD25630-2734-4AE9-88E6-21BF6525F3FE}, Löschen bei Neustart, [741456d896e587af8315e7687f839f61], 
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{0BD19251-4B4B-4B94-AB16-617106245BB7}, Löschen bei Neustart, [741456d896e587af8315e7687f839f61], 
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{3281114F-BCAB-45E3-80D9-A6CD64D4E636}, Löschen bei Neustart, [741456d896e587af8315e7687f839f61], 
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{44533FCB-F9FB-436A-8B6B-CF637B2D465A}, Löschen bei Neustart, [741456d896e587af8315e7687f839f61], 
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{44B29DDD-CF7A-454A-A275-A322A398D93F}, Löschen bei Neustart, [741456d896e587af8315e7687f839f61], 
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{A4DE94DB-DF03-45A3-8A5D-D1B7464B242D}, Löschen bei Neustart, [741456d896e587af8315e7687f839f61], 
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{AA0F50A8-2618-4AE4-A779-9F7378555A8F}, Löschen bei Neustart, [741456d896e587af8315e7687f839f61], 
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{B2DB115C-8278-4947-9A07-57B53D1C4215}, Löschen bei Neustart, [741456d896e587af8315e7687f839f61], 
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{B97FC455-DB33-431D-84DB-6F1514110BD5}, Löschen bei Neustart, [741456d896e587af8315e7687f839f61], 
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{C67281E0-78F5-4E49-9FAE-4B1B2ADAF17B}, Löschen bei Neustart, [741456d896e587af8315e7687f839f61], 
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{E72E9312-0367-4216-BFC7-21485FA8390B}, Löschen bei Neustart, [741456d896e587af8315e7687f839f61], 
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{F6CCB6C9-127E-44AE-8552-B94356F39FFE}, Löschen bei Neustart, [741456d896e587af8315e7687f839f61], 
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{FFD25630-2734-4AE9-88E6-21BF6525F3FE}, Löschen bei Neustart, [741456d896e587af8315e7687f839f61], 
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TypeLib\{FBC322D5-407E-4854-8C0B-555B951FD8E3}, In Quarantäne, [fd8b47e7dc9f0f270791064939c92ad6], 

Registrierungswerte: 0
(No malicious items detected)

Registrierungsdaten: 0
(No malicious items detected)

Ordner: 0
(No malicious items detected)

Dateien: 0
(No malicious items detected)

Physische Sektoren: 0
(No malicious items detected)


(end)

cosinus · 25.04.2014, 11:29

Adware/Junkware/Toolbars entfernen

Alle Tools neu runterladen!

1. Schritt: adwCleaner

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

2. Schritt: JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

3. Schritt: Frisches Log mit FRST

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

Dragon79 · 25.04.2014, 20:48

Code:

ATTFilter

# AdwCleaner v3.202 - Bericht erstellt am 25/04/2014 um 21:12:02
# Aktualisiert 23/04/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Carsten - CARSTEN-PC
# Gestartet von : C:\Users\DTM\Desktop\adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{00B11DA2-75ED-4364-ABA5-9A95B1F5E946}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0BD19251-4B4B-4B94-AB16-617106245BB7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3281114F-BCAB-45E3-80D9-A6CD64D4E636}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{44533FCB-F9FB-436A-8B6B-CF637B2D465A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{44B29DDD-CF7A-454A-A275-A322A398D93F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A4DE94DB-DF03-45A3-8A5D-D1B7464B242D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{AA0F50A8-2618-4AE4-A779-9F7378555A8F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B2DB115C-8278-4947-9A07-57B53D1C4215}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B97FC455-DB33-431D-84DB-6F1514110BD5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C67281E0-78F5-4E49-9FAE-4B1B2ADAF17B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E72E9312-0367-4216-BFC7-21485FA8390B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F6CCB6C9-127E-44AE-8552-B94356F39FFE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FFD25630-2734-4AE9-88E6-21BF6525F3FE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{0400EBCA-042C-4000-AA89-9713FBEDB671}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{0BD19251-4B4B-4B94-AB16-617106245BB7}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{2830488C-079B-45C2-88B6-AFE4EAA2DF85}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{3281114F-BCAB-45E3-80D9-A6CD64D4E636}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{44533FCB-F9FB-436A-8B6B-CF637B2D465A}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{44B29DDD-CF7A-454A-A275-A322A398D93F}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{A4DE94DB-DF03-45A3-8A5D-D1B7464B242D}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{AA0F50A8-2618-4AE4-A779-9F7378555A8F}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{B2DB115C-8278-4947-9A07-57B53D1C4215}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{B97FC455-DB33-431D-84DB-6F1514110BD5}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{C67281E0-78F5-4E49-9FAE-4B1B2ADAF17B}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{E72E9312-0367-4216-BFC7-21485FA8390B}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{F6CCB6C9-127E-44AE-8552-B94356F39FFE}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{FFD25630-2734-4AE9-88E6-21BF6525F3FE}
Wert Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{318A227B-5E9F-45BD-8999-7F8F10CA4CF5}]
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VIS

***** [ Browser ] *****

-\\ Internet Explorer v0.0.0.0


-\\ Mozilla Firefox v28.0 (de)

[ Datei : C:\Users\Carsten\AppData\Roaming\Mozilla\Firefox\Profiles\i87wetys.default\prefs.js ]


[ Datei : C:\Users\DTM\AppData\Roaming\Mozilla\Firefox\Profiles\juns1ahh.default\prefs.js ]


*************************

AdwCleaner[R7].txt - [4792 octets] - [25/04/2014 21:10:42]
AdwCleaner[S5].txt - [4583 octets] - [25/04/2014 21:12:02]
AdwCleaner[S8].txt - [2587 octets] - [22/04/2014 20:57:19]

########## EOF - \AdwCleaner\AdwCleaner[S5].txt - [4703 octets] ##########

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by Carsten on 25.04.2014 at 21:17:53,93
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 25.04.2014 at 21:40:16,04
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-04-2014 03
Ran by DTM (ATTENTION: The logged in user is not administrator) on CARSTEN-PC on 25-04-2014 21:45:31
Running from C:\Users\DTM\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Ashampoo Development GmbH & Co. KG) C:\Program Files (x86)\Ashampoo\Ashampoo HDD Control 2\AHDDC2_Guard.exe
(O&O Software GmbH) C:\Program Files\OO Software\DiskImage\ooditray.exe
() C:\Program Files (x86)\FeedReader30\feedreader.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATIHJE.EXE
(Polenter - Software Solutions) C:\Program Files (x86)\Desktop-Reminder 2\DesktopReminder2.exe
(ZONER software) C:\Program Files\Zoner\Photo Studio 16\Program32\ZPSTray.exe
(Secure Banking) C:\Program Files (x86)\Secure Banking\SecureBanking.exe
(Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
() C:\Program Files (x86)\Secure Banking\sbservice.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_182.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_182.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [391296 2010-08-21] (Acronis)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [307768 2010-04-28] ()
HKLM\...\Run: [ETDWare] => C:\Program Files\Elantech\ETDCtrl.exe [649608 2010-04-13] (ELAN Microelectronic Corp.)
HKLM\...\Run: [Ashampoo HDD-Control 2 Guard] => C:\Program Files (x86)\Ashampoo\Ashampoo HDD Control 2\AHDDC2_Guard.exe [3783592 2012-07-30] (Ashampoo Development GmbH & Co. KG)
HKLM\...\Run: [OODITRAY.EXE] => C:\Program Files\OO Software\DiskImage\ooditray.exe [5059880 2014-01-10] (O&O Software GmbH)
HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [5493736 2010-08-21] (Acronis)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-03-10] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [5732992 2010-08-17] (ASUS)
HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-10-07] (ASUS)
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3854640 2014-03-25] (AVAST Software)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311616 2014-01-29] (Samsung Electronics Co., Ltd.)
HKU\S-1-5-21-897203139-1112560925-3423631613-1001\...\Run: [feedreader.exe] => C:\Program Files (x86)\FeedReader30\feedreader.exe [2058240 2009-03-29] ()
HKU\S-1-5-21-897203139-1112560925-3423631613-1001\...\Run: [TomTomHOME.exe] => C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe [248208 2013-08-27] (TomTom)
HKU\S-1-5-21-897203139-1112560925-3423631613-1001\...\Run: [Aufgaben] => C:\Program Files (x86)\Holliesoft\Aufgaben\Aufgaben.exe
HKU\S-1-5-21-897203139-1112560925-3423631613-1001\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIHJE.EXE [283232 2012-02-29] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-897203139-1112560925-3423631613-1001\...\Run: [DesktopReminder2ByPolenter] => C:\Program Files (x86)\Desktop-Reminder 2\DesktopReminder2.exe [2743344 2013-01-06] (Polenter - Software Solutions)
HKU\S-1-5-21-897203139-1112560925-3423631613-1001\...\Run: [Zoner Photo Studio Autoupdate] => C:\Program Files\Zoner\Photo Studio 16\Program32\ZPSTRAY.EXE [831488 2013-12-13] (ZONER software)
HKU\S-1-5-21-897203139-1112560925-3423631613-1001\...\MountPoints2: {70da489a-fec2-11e2-81e1-20cf30c6160e} - E:\IRDApp.exe http://www.iradiopop.com/IRD/pages/register.do?fx=visit
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\O&O Defrag Tray.lnk
ShortcutTarget: O&O Defrag Tray.lnk -> C:\Windows\Installer\{253C418F-F466-4303-86C5-68E656A65551}\app_icon.ico ()
Startup: C:\Users\DTM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Secure Banking.lnk
ShortcutTarget: Secure Banking.lnk -> C:\Program Files (x86)\Secure Banking\SecureBanking.exe (Secure Banking)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x5AB601B84714CE01
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = 
BHO: ExplorerWnd Helper - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll (IObit)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\DTM\AppData\Roaming\Mozilla\Firefox\Profiles\juns1ahh.default
FF Homepage: hxxp://www.swr3.de/spass/dtm2014/Gewinne-eine-Renntaxi-Fahrt-mit-Nico-Rosberg/-/id=2707178/did=2707022/bpfh5g/index.html|hxxp://www.nicolaidis-stiftung.de/hilfsangebote/angebote-fuer-erwachsene/|https://www.rundfunkbeitrag.de/anmelden_und_aendern/aendern/|https://www.rundfunkbeitrag.de/e1645/e1756/Buergerinnen_und_Buerger_Wohnungsabmeldung_0106.pdf|hxxp://www.oeffnungszeitenbuch.de/filiale/Saarbruecken-Amtsgericht%2BHeidenkopferdell-668836X.html|hxxp://www.booklooker.de/B%C3%BCcher/Bleker+Herzliche-Anteilnahme/id/A01uz94Y01ZZ0|hxxp://www.youtube.com/watch?v=ULjAfC3Tc-E|https://www.google.de/search?q=Festnetzt+Nummer+unterdr%C3%BCcken&ie=utf-8&oe=utf-8&rls=org.mozilla:de:official&client=firefox-a&channel=sb&gfe_rd=ctrl&ei=YSkjU-j6G6He8geCs4CYCQ&gws_rd=cr#channel=sb&q=Festnetznummer+unterdr%C3%BCcken&rls=org.mozilla:de:official&spell=1|hxxp://www.welt.de/wirtschaft/webwelt/article125537769/Ab-April-werden-deutsche-E-Mails-verschluesselt.html|hxxp://www.kdi-sulzbach.de/pdf/Abfallinfo.pdf|hxxp://www.focus.de/finanzen/banken/umstellung-von-xp-auf-windows-7-95-prozent-betroffen-deutschen-geldautomaten-droht-der-totalausfall_id_3696896.html?fbc=FACEBOOK-FOCUS-Online&utm_campaign=FACEBOOK-FOCUS-Online&ts=201403181226|hxxp://www.einrichtungspartnerring.de/gewinnspiel/Seite-4-Gewinnspiel.html
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_182.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_182.dll ()
FF Plugin-x32: @nitropdf.com/NitroPDF - C:\Program Files (x86)\Nitro PDF\Professional 7\npnitromozilla.dll ( )
FF SearchPlugin: C:\Users\DTM\AppData\Roaming\Mozilla\Firefox\Profiles\juns1ahh.default\searchplugins\ixquick-https---deutsch.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: German Dictionary - C:\Users\DTM\AppData\Roaming\Mozilla\Firefox\Profiles\juns1ahh.default\Extensions\de-DE@dictionaries.addons.mozilla.org [2013-01-26]
FF Extension: ColorfulTabs - C:\Users\DTM\AppData\Roaming\Mozilla\Firefox\Profiles\juns1ahh.default\Extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe} [2014-03-19]
FF Extension: DownloadHelper - C:\Users\DTM\AppData\Roaming\Mozilla\Firefox\Profiles\juns1ahh.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-03-25]
FF Extension: Personas Plus - C:\Users\DTM\AppData\Roaming\Mozilla\Firefox\Profiles\juns1ahh.default\Extensions\personas@christopher.beard.xpi [2013-01-26]
FF Extension: Secure Login - C:\Users\DTM\AppData\Roaming\Mozilla\Firefox\Profiles\juns1ahh.default\Extensions\secureLogin@blueimp.net.xpi [2013-01-27]
FF Extension: Undo Closed Tabs Button - C:\Users\DTM\AppData\Roaming\Mozilla\Firefox\Profiles\juns1ahh.default\Extensions\undoclosedtabsbutton@supernova00.biz.xpi [2013-01-26]
FF Extension: NoScript - C:\Users\DTM\AppData\Roaming\Mozilla\Firefox\Profiles\juns1ahh.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2013-01-26]
FF Extension: Adblock Plus - C:\Users\DTM\AppData\Roaming\Mozilla\Firefox\Profiles\juns1ahh.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-01-26]
FF Extension: BetterPrivacy - C:\Users\DTM\AppData\Roaming\Mozilla\Firefox\Profiles\juns1ahh.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2013-01-26]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-01-26]

Chrome: 
=======
CHR Extension: (Google Docs) - C:\Users\DTM\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-02-04]
CHR Extension: (Google Drive) - C:\Users\DTM\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-02-04]
CHR Extension: (YouTube) - C:\Users\DTM\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-02-04]
CHR Extension: (Google-Suche) - C:\Users\DTM\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-02-04]
CHR Extension: (Google Wallet) - C:\Users\DTM\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-04]
CHR Extension: (Google Mail) - C:\Users\DTM\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-02-04]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-03-25]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

S4 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
S4 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2013-02-10] (Adobe Systems)
R2 AHDDC2; C:\Program Files (x86)\Ashampoo\Ashampoo HDD Control 2\AHDDC2_Service.exe [1518504 2012-07-30] ()
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-03-25] (AVAST Software)
R2 DfSdkS; C:\Program Files (x86)\Ashampoo\Ashampoo HDD Control 2\DfsdkS64.exe [544768 2009-08-24] (mst software GmbH, Germany)
R2 hmpalertsvc; C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe [1876816 2014-04-23] (SurfRight B.V.)
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2153792 2014-03-19] (IObit)
R2 lmhosts; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation)
R2 NitroDriverReadSpool2; C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe [216072 2012-07-26] (Nitro PDF Software)
R2 NlaSvc; C:\Windows\System32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 nsi; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 OO DiskImage; C:\Program Files\OO Software\DiskImage\oodiag.exe [6337832 2014-01-10] (O&O Software GmbH)
R2 OODefragAgent; C:\Program Files\OO Software\Defrag\oodag.exe [1657128 2014-01-24] (O&O Software GmbH)
S2 NitroDriverReadSpool9; "C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe" [X]
S2 nlsX86cc; C:\Windows\SysWOW64\NLSSRV32.EXE [X]

==================== Drivers (Whitelisted) ====================

R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-03-25] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-03-25] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-03-25] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-03-25] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-03-25] (AVAST Software)
S3 aswStm; C:\Windows\system32\drivers\aswStm.sys [84816 2014-03-25] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208928 2014-03-25] ()
R2 hmpalert; C:\Windows\System32\drivers\hmpalert.sys [93144 2014-04-23] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-04-03] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63192 2014-04-03] (Malwarebytes Corporation)
R0 oodivd; C:\Windows\System32\DRIVERS\oodivd.sys [255680 2013-11-05] (O&O Software GmbH)
R0 oodivdh; C:\Windows\System32\DRIVERS\oodivdh.sys [44736 2013-11-05] (O&O Software GmbH)
R1 SLEE_18_DRIVER; C:\Windows\Sleen1864.sys [108648 2012-07-24] (Softwareentwicklung Remus - ArchiCrypt - )
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [386680 2014-04-07] (Duplex Secure Ltd.)
R1 UimBus; C:\Windows\System32\DRIVERS\uimx64.sys [59184 2011-11-17] (Windows (R) 2000 DDK provider)
R1 Uim_IM; C:\Windows\System32\Drivers\Uim_IMx64.sys [572336 2011-11-17] (Paragon)
R1 Uim_VIM; C:\Windows\System32\Drivers\uim_vimx64.sys [352816 2011-11-17] (Paragon)
S3 cleanhlp; \??\F:\Emsisoft Emergency Kit (Viren Scanner portable)\Run\cleanhlp64.sys [X]
S3 keycrypt; system32\DRIVERS\KeyCrypt64.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-25 21:45 - 2014-04-25 21:45 - 00016357 _____ () C:\Users\DTM\Desktop\FRST.txt
2014-04-25 21:44 - 2014-04-25 21:40 - 00000761 _____ () C:\Users\DTM\Desktop\JRT.txt
2014-04-25 21:42 - 2014-04-25 21:42 - 00000000 ____D () C:\Users\Carsten\AppData\Local\CrashDumps
2014-04-25 21:16 - 2014-04-25 21:12 - 00004853 _____ () C:\Users\DTM\Desktop\AdwCleaner[S5].txt
2014-04-25 21:09 - 2014-04-25 21:09 - 02061824 _____ (Farbar) C:\Users\DTM\Desktop\FRST64.exe
2014-04-25 21:09 - 2014-04-25 21:09 - 01016261 _____ (Thisisu) C:\Users\DTM\Desktop\JRT.exe
2014-04-25 21:08 - 2014-04-25 21:08 - 01365865 _____ () C:\Users\DTM\Desktop\adwcleaner.exe
2014-04-24 21:59 - 2014-04-24 21:59 - 00000000 ____D () C:\Users\DTM\Desktop\Trauerbewältigung
2014-04-24 17:33 - 2014-04-24 20:12 - 00000000 ____D () C:\Users\DTM\Desktop\Trauerfeier
2014-04-24 03:16 - 2014-04-24 03:16 - 00000000 ____D () C:\Program Files (x86)\Auslogics
2014-04-24 00:04 - 2014-04-24 00:04 - 00003008 _____ () C:\Users\DTM\Desktop\MeinProjekt.sedprj
2014-04-23 22:23 - 2014-04-25 21:12 - 00000560 _____ () C:\Windows\setupact.log
2014-04-23 22:23 - 2014-04-23 22:23 - 00000000 _____ () C:\Windows\setuperr.log
2014-04-23 22:18 - 2014-04-25 21:42 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-23 22:17 - 2014-04-23 22:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-04-23 22:17 - 2014-04-23 22:17 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-23 22:17 - 2014-04-23 22:17 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-04-23 22:17 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-23 22:17 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-23 22:17 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-23 22:00 - 2014-04-23 22:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-04-23 20:04 - 2014-04-14 04:24 - 00465408 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-04-23 20:04 - 2014-04-14 04:19 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-04-23 20:04 - 2014-02-04 04:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2014-04-23 20:04 - 2014-02-04 04:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-04-23 20:04 - 2014-02-04 04:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2014-04-23 20:04 - 2014-02-04 04:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
2014-04-23 20:04 - 2014-02-04 04:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll
2014-04-23 20:02 - 2014-03-04 11:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-04-23 20:02 - 2014-03-04 11:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2014-04-23 20:02 - 2014-03-04 11:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2014-04-23 20:02 - 2014-03-04 11:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2014-04-23 20:02 - 2014-03-04 11:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2014-04-23 20:02 - 2014-03-04 11:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2014-04-23 20:02 - 2014-03-04 11:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-04-23 20:02 - 2014-03-04 11:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2014-04-23 20:02 - 2014-03-04 11:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2014-04-23 20:02 - 2014-03-04 10:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2014-04-23 20:02 - 2014-03-04 10:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2014-04-23 20:02 - 2014-01-24 04:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-04-23 19:16 - 2014-04-23 19:16 - 00000000 ____D () C:\Users\Carsten\AppData\Roaming\Malwarebytes
2014-04-20 00:06 - 2014-04-25 21:45 - 00000000 ____D () C:\FRST
2014-04-20 00:02 - 2014-04-20 00:02 - 00000000 ____D () C:\Users\Carsten\AppData\Roaming\DesktopReminder
2014-04-20 00:01 - 2014-04-25 21:43 - 00000000 ____D () C:\Users\Carsten\Documents\DesktopReminder
2014-04-20 00:01 - 2014-04-20 00:01 - 00000000 ____D () C:\Users\Carsten\AppData\Local\Polenter_-_Software_Solut
2014-04-18 21:29 - 2014-04-18 21:29 - 00000000 ____D () C:\Users\DTM\Desktop\Wiederspruch ALG 2
2014-04-10 19:45 - 2014-04-10 19:45 - 00000000 ____D () C:\Users\DTM\Desktop\Ring Card
2014-04-08 20:25 - 2014-04-23 18:33 - 00000000 ____D () C:\Users\DTM\Downloads\Fotosoftware
2014-04-08 13:45 - 2014-04-08 13:46 - 08940095 _____ () C:\Users\DTM\Desktop\Die Grüne Hölle.mp4
2014-04-07 21:39 - 2014-04-07 21:39 - 00000000 ____D () C:\Users\DTM\AppData\Local\AquaSoft
2014-04-07 16:05 - 2014-04-24 22:20 - 00000000 ____D () C:\Users\DTM\Downloads\Sonnenuntergänge Trauer
2014-04-05 20:25 - 2014-04-25 21:13 - 00000476 _____ () C:\Windows\Tasks\OO DiskImage {71f57001-bbc8-4dd2-9f24-35d049457fb1}.job
2014-04-05 09:16 - 2014-04-05 09:22 - 00000000 ____D () C:\Users\DTM\Desktop\Lieder Mutti Stick
2014-03-31 21:35 - 2014-03-31 21:43 - 00000000 ____D () C:\Users\DTM\Downloads\Datenrettung
2014-03-30 20:08 - 2014-04-13 18:40 - 00000000 ____D () C:\Users\DTM\Desktop\VLN 2014 (Racing News)
2014-03-28 21:48 - 2014-04-07 21:02 - 00000000 ____D () C:\Users\DTM\Desktop\Video Doku (Angstdiagnose Krebs)
2014-03-26 01:15 - 2014-03-26 01:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 4.2
2014-03-26 01:14 - 2014-03-26 01:15 - 00000000 ____D () C:\Program Files (x86)\LibreOffice 4

==================== One Month Modified Files and Folders =======

2014-04-25 21:45 - 2014-04-25 21:45 - 00016357 _____ () C:\Users\DTM\Desktop\FRST.txt
2014-04-25 21:45 - 2014-04-20 00:06 - 00000000 ____D () C:\FRST
2014-04-25 21:44 - 2013-01-26 19:48 - 00000000 ____D () C:\Users\DTM\AppData\Roaming\Macromedia
2014-04-25 21:44 - 2009-07-14 19:58 - 00654400 _____ () C:\Windows\system32\perfh007.dat
2014-04-25 21:44 - 2009-07-14 19:58 - 00130240 _____ () C:\Windows\system32\perfc007.dat
2014-04-25 21:44 - 2009-07-14 07:13 - 01498742 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-25 21:43 - 2014-04-20 00:01 - 00000000 ____D () C:\Users\Carsten\Documents\DesktopReminder
2014-04-25 21:42 - 2014-04-25 21:42 - 00000000 ____D () C:\Users\Carsten\AppData\Local\CrashDumps
2014-04-25 21:42 - 2014-04-23 22:18 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-25 21:41 - 2014-02-11 21:57 - 00000000 ____D () C:\Users\DTM\Documents\DesktopReminder
2014-04-25 21:40 - 2014-04-25 21:44 - 00000761 _____ () C:\Users\DTM\Desktop\JRT.txt
2014-04-25 21:35 - 2013-01-26 19:48 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-25 21:20 - 2009-07-14 06:45 - 00014928 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-25 21:20 - 2009-07-14 06:45 - 00014928 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-25 21:16 - 2013-12-22 01:29 - 01860635 _____ () C:\Windows\WindowsUpdate.log
2014-04-25 21:13 - 2014-04-05 20:25 - 00000476 _____ () C:\Windows\Tasks\OO DiskImage {71f57001-bbc8-4dd2-9f24-35d049457fb1}.job
2014-04-25 21:12 - 2014-04-25 21:16 - 00004853 _____ () C:\Users\DTM\Desktop\AdwCleaner[S5].txt
2014-04-25 21:12 - 2014-04-23 22:23 - 00000560 _____ () C:\Windows\setupact.log
2014-04-25 21:12 - 2013-10-16 15:54 - 00000000 ____D () C:\AdwCleaner
2014-04-25 21:12 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-25 21:10 - 2014-03-19 18:29 - 00000000 ____D () C:\Windows\CryptoGuard
2014-04-25 21:09 - 2014-04-25 21:09 - 02061824 _____ (Farbar) C:\Users\DTM\Desktop\FRST64.exe
2014-04-25 21:09 - 2014-04-25 21:09 - 01016261 _____ (Thisisu) C:\Users\DTM\Desktop\JRT.exe
2014-04-25 21:08 - 2014-04-25 21:08 - 01365865 _____ () C:\Users\DTM\Desktop\adwcleaner.exe
2014-04-25 12:45 - 2013-08-07 23:18 - 00000000 ____D () C:\Users\DTM\Downloads\Sprüche Und Video
2014-04-24 22:20 - 2014-04-07 16:05 - 00000000 ____D () C:\Users\DTM\Downloads\Sonnenuntergänge Trauer
2014-04-24 21:59 - 2014-04-24 21:59 - 00000000 ____D () C:\Users\DTM\Desktop\Trauerbewältigung
2014-04-24 21:58 - 2013-01-26 19:01 - 00000000 ____D () C:\Users\DTM\AppData\Roaming\Nitro PDF
2014-04-24 21:58 - 2009-07-14 07:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-04-24 20:12 - 2014-04-24 17:33 - 00000000 ____D () C:\Users\DTM\Desktop\Trauerfeier
2014-04-24 17:28 - 2013-01-26 17:36 - 00000000 ____D () C:\Program Files\CCleaner
2014-04-24 03:16 - 2014-04-24 03:16 - 00000000 ____D () C:\Program Files (x86)\Auslogics
2014-04-24 03:16 - 2014-02-02 05:11 - 00000000 ____D () C:\Users\DTM\Downloads\Youtube Downloader
2014-04-24 02:41 - 2013-01-27 00:48 - 00000000 ____D () C:\Users\DTM\AppData\Roaming\vlc
2014-04-24 01:53 - 2014-01-14 00:25 - 00000000 ____D () C:\Users\DTM\Desktop\Verkauf
2014-04-24 01:00 - 2013-01-27 21:28 - 00000000 ___RD () C:\Users\DTM\Desktop\Toolbars und ungewünschte Programme entfernen
2014-04-24 00:55 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\tracing
2014-04-24 00:04 - 2014-04-24 00:04 - 00003008 _____ () C:\Users\DTM\Desktop\MeinProjekt.sedprj
2014-04-24 00:01 - 2014-02-10 03:24 - 00000000 ____D () C:\Users\DTM\AppData\Roaming\Ashampoo Slideshow Studio HD 3
2014-04-23 22:23 - 2014-04-23 22:23 - 00000000 _____ () C:\Windows\setuperr.log
2014-04-23 22:17 - 2014-04-23 22:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-04-23 22:17 - 2014-04-23 22:17 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-23 22:17 - 2014-04-23 22:17 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-04-23 22:00 - 2014-04-23 22:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-04-23 21:17 - 2014-03-18 19:32 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-04-23 20:25 - 2014-03-21 23:01 - 00000000 ____D () C:\Users\DTM\Desktop\VLN 2014
2014-04-23 20:11 - 2013-06-14 19:56 - 00000000 ____D () C:\Users\DTM\AppData\Local\Paint.NET
2014-04-23 19:29 - 2014-03-19 18:29 - 00000000 ____D () C:\Program Files (x86)\HitmanPro.Alert
2014-04-23 19:27 - 2014-03-19 18:29 - 00548424 _____ (SurfRight) C:\Windows\system32\hmpalert.dll
2014-04-23 19:27 - 2014-03-19 18:29 - 00477008 _____ (SurfRight) C:\Windows\SysWOW64\hmpalert.dll
2014-04-23 19:27 - 2014-03-19 18:29 - 00093144 _____ () C:\Windows\system32\Drivers\hmpalert.sys
2014-04-23 19:25 - 2013-04-26 14:23 - 00000000 ____D () C:\Users\DTM\AppData\Local\CrashDumps
2014-04-23 19:16 - 2014-04-23 19:16 - 00000000 ____D () C:\Users\Carsten\AppData\Roaming\Malwarebytes
2014-04-23 19:16 - 2013-01-26 06:32 - 00000000 ____D () C:\Users\Carsten
2014-04-23 19:15 - 2013-01-26 07:17 - 00000000 ____D () C:\Users\DTM
2014-04-23 18:33 - 2014-04-08 20:25 - 00000000 ____D () C:\Users\DTM\Downloads\Fotosoftware
2014-04-23 18:33 - 2014-02-11 21:54 - 00000000 ____D () C:\Program Files (x86)\Desktop-Reminder 2
2014-04-23 18:33 - 2014-02-06 21:05 - 00000000 ____D () C:\Users\DTM\AppData\Local\CrashRpt
2014-04-23 18:33 - 2014-02-04 21:22 - 00000000 ____D () C:\Users\DTM\AppData\Roaming\ProductData
2014-04-23 18:33 - 2014-02-03 23:27 - 00000000 ____D () C:\Users\Carsten\AppData\Roaming\ProductData
2014-04-23 18:33 - 2013-11-15 00:26 - 00000000 ____D () C:\ProgramData\ProductData
2014-04-23 18:33 - 2013-07-17 22:44 - 00000000 ____D () C:\Program Files (x86)\TomTom HOME 2
2014-04-23 18:33 - 2013-02-02 21:12 - 00000000 ____D () C:\Users\DTM\AppData\Roaming\Feedreader
2014-04-23 18:33 - 2013-02-02 21:12 - 00000000 ____D () C:\Program Files (x86)\FeedReader30
2014-04-23 18:33 - 2013-01-26 21:53 - 00000000 ____D () C:\Program Files (x86)\Secure Banking
2014-04-23 18:33 - 2013-01-26 21:03 - 00000000 ____D () C:\Program Files\Elantech
2014-04-23 18:33 - 2013-01-26 07:17 - 00000000 ___RD () C:\Users\DTM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-04-23 18:33 - 2009-07-14 05:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
2014-04-23 18:33 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\L2Schemas
2014-04-23 18:32 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\registration
2014-04-23 18:31 - 2013-01-27 00:59 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-04-23 18:31 - 2013-01-26 17:50 - 00000000 ____D () C:\Users\Carsten\AppData\Roaming\Mozilla
2014-04-23 18:31 - 2013-01-26 17:32 - 00000000 ____D () C:\Users\DTM\AppData\Local\Mozilla
2014-04-21 21:34 - 2013-05-21 23:01 - 00000000 ____D () C:\Users\DTM\Desktop\Riester Rente (Union Investment)
2014-04-20 21:24 - 2013-10-04 19:57 - 00000000 ____D () C:\Users\DTM\Desktop\Klingelton
2014-04-20 00:02 - 2014-04-20 00:02 - 00000000 ____D () C:\Users\Carsten\AppData\Roaming\DesktopReminder
2014-04-20 00:01 - 2014-04-20 00:01 - 00000000 ____D () C:\Users\Carsten\AppData\Local\Polenter_-_Software_Solut
2014-04-18 21:29 - 2014-04-18 21:29 - 00000000 ____D () C:\Users\DTM\Desktop\Wiederspruch ALG 2
2014-04-18 21:28 - 2013-01-26 19:06 - 00000000 ____D () C:\Users\DTM\Desktop\Handbücher
2014-04-16 19:56 - 2013-01-26 07:23 - 00095288 _____ () C:\Users\Carsten\AppData\Local\GDIPFONTCACHEV1.DAT
2014-04-15 20:16 - 2009-07-14 07:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-04-14 04:24 - 2014-04-23 20:04 - 00465408 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-04-14 04:19 - 2014-04-23 20:04 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-04-13 19:03 - 2013-02-05 21:00 - 00000000 ____D () C:\Users\DTM\AppData\Local\photoOptimizeHistoryDataBase
2014-04-13 18:40 - 2014-03-30 20:08 - 00000000 ____D () C:\Users\DTM\Desktop\VLN 2014 (Racing News)
2014-04-10 19:45 - 2014-04-10 19:45 - 00000000 ____D () C:\Users\DTM\Desktop\Ring Card
2014-04-09 19:33 - 2014-03-19 18:29 - 00548424 _____ (SurfRight) C:\Windows\system32\hmpalert(38).dll
2014-04-09 19:33 - 2014-03-19 18:29 - 00477008 _____ (SurfRight) C:\Windows\SysWOW64\hmpalert(39).dll
2014-04-08 20:26 - 2013-11-13 22:33 - 00000000 ____D () C:\Users\Carsten\AppData\Local\Adobe
2014-04-08 20:25 - 2013-01-26 19:48 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-04-08 20:25 - 2013-01-26 19:48 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-04-08 13:46 - 2014-04-08 13:45 - 08940095 _____ () C:\Users\DTM\Desktop\Die Grüne Hölle.mp4
2014-04-07 21:39 - 2014-04-07 21:39 - 00000000 ____D () C:\Users\DTM\AppData\Local\AquaSoft
2014-04-07 21:39 - 2013-04-30 15:36 - 00386680 _____ (Duplex Secure Ltd.) C:\Windows\system32\Drivers\sptd.sys
2014-04-07 21:02 - 2014-03-28 21:48 - 00000000 ____D () C:\Users\DTM\Desktop\Video Doku (Angstdiagnose Krebs)
2014-04-07 18:11 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-04-05 09:22 - 2014-04-05 09:16 - 00000000 ____D () C:\Users\DTM\Desktop\Lieder Mutti Stick
2014-04-03 09:51 - 2014-04-23 22:17 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-03 09:51 - 2014-04-23 22:17 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-03 09:50 - 2014-04-23 22:17 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-03-31 21:43 - 2014-03-31 21:35 - 00000000 ____D () C:\Users\DTM\Downloads\Datenrettung
2014-03-31 21:32 - 2013-01-28 02:14 - 00000000 ____D () C:\Users\DTM\Desktop\LibreOffice Vorlagen
2014-03-28 21:49 - 2014-03-17 21:36 - 00000000 ____D () C:\Users\DTM\Desktop\Unheilig noch auf stick
2014-03-28 21:44 - 2013-01-31 04:09 - 00000000 ____D () C:\FFOutput
2014-03-28 21:29 - 2013-01-29 02:12 - 00000000 ____D () C:\Users\DTM\Desktop\MozBackup´s
2014-03-26 20:20 - 2013-01-26 21:15 - 00095288 _____ () C:\Users\DTM\AppData\Local\GDIPFONTCACHEV1.DAT
2014-03-26 20:19 - 2009-07-14 06:45 - 00392216 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-26 01:15 - 2014-03-26 01:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 4.2
2014-03-26 01:15 - 2014-03-26 01:14 - 00000000 ____D () C:\Program Files (x86)\LibreOffice 4

Some content of TEMP:
====================
C:\Users\Carsten\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================

--- --- ---

cosinus · 25.04.2014, 22:40

Zitat:

Ran by DTM (ATTENTION: The logged in user is not administrator)

Warum hast du keine Adminrechte? So kann man nichts bereinigen.

Dragon79 · 25.04.2014, 23:39

Zitat:

Zitat von cosinus

Warum hast du keine Adminrechte? So kann man nichts bereinigen.

Weil ich zwei Benutzerkonten habe eins mit Admin Rechten und eins mit eingeschränkten Rechten.
Aber sobald ich die Tools starte wird ja automatisch das Admin Passwort verlangt, das ich dann auch eingebe.

Bei FRST sieht das dann aber anders aus, ich starte das Tool und ich befinde mich dann irgendwann automatisch im Admin Konto wenn ich das richtig gesehen habe.

cosinus · 26.04.2014, 12:19

Führe FRST mit einem Konto aus, das Adminrechte hat. Also als Admin einloggen, nicht per ausführen als oder so

Dragon79 · 26.04.2014, 13:01

Hoffe das ist so jetzt besser.

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-04-2014 03
Ran by Carsten (administrator) on CARSTEN-PC on 26-04-2014 13:55:43
Running from C:\Users\Carsten\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(SurfRight B.V.) C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe
(AMD) C:\Windows\system32\atiesrxx.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
() C:\Program Files (x86)\Ashampoo\Ashampoo HDD Control 2\AHDDC2_Service.exe
(mst software GmbH, Germany) C:\Program Files (x86)\Ashampoo\Ashampoo HDD Control 2\DfsdkS64.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe
(O&O Software GmbH) C:\Program Files\OO Software\Defrag\oodag.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(O&O Software GmbH) C:\Program Files\OO Software\DiskImage\oodiag.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(Microsoft Corporation) C:\Windows\System32\vdsldr.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Ashampoo Development GmbH & Co. KG) C:\Program Files (x86)\Ashampoo\Ashampoo HDD Control 2\AHDDC2_Guard.exe
(O&O Software GmbH) C:\Program Files\OO Software\DiskImage\ooditray.exe
() C:\Program Files (x86)\FeedReader30\feedreader.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATIHJE.EXE
(Polenter - Software Solutions) C:\Program Files (x86)\Desktop-Reminder 2\DesktopReminder2.exe
(ZONER software) C:\Program Files\Zoner\Photo Studio 16\Program32\ZPSTray.exe
(Secure Banking) C:\Program Files (x86)\Secure Banking\SecureBanking.exe
(Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
() C:\Program Files (x86)\Secure Banking\sbservice.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Microsoft Corporation) C:\Windows\system32\wbem\WMIADAP.EXE
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Ashampoo Development GmbH & Co. KG) C:\Program Files (x86)\Ashampoo\Ashampoo HDD Control 2\AHDDC2_Guard.exe
(O&O Software GmbH) C:\Program Files\OO Software\DiskImage\ooditray.exe
(Secure Banking) C:\Program Files (x86)\Secure Banking\SecureBanking.exe
(ZONER software) C:\Program Files\Zoner\Photo Studio 16\Program32\ZPSTray.exe
(Polenter - Software Solutions) C:\Program Files (x86)\Desktop-Reminder 2\DesktopReminder2.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
() C:\Program Files (x86)\Secure Banking\sbservice.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [391296 2010-08-21] (Acronis)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [307768 2010-04-28] ()
HKLM\...\Run: [ETDWare] => C:\Program Files\Elantech\ETDCtrl.exe [649608 2010-04-13] (ELAN Microelectronic Corp.)
HKLM\...\Run: [Ashampoo HDD-Control 2 Guard] => C:\Program Files (x86)\Ashampoo\Ashampoo HDD Control 2\AHDDC2_Guard.exe [3783592 2012-07-30] (Ashampoo Development GmbH & Co. KG)
HKLM\...\Run: [OODITRAY.EXE] => C:\Program Files\OO Software\DiskImage\ooditray.exe [5059880 2014-01-10] (O&O Software GmbH)
HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [5493736 2010-08-21] (Acronis)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-03-10] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [5732992 2010-08-17] (ASUS)
HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-10-07] (ASUS)
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3873704 2014-04-26] (AVAST Software)
HKU\S-1-5-21-897203139-1112560925-3423631613-1000\...\Run: [SecureBanking] => C:\Program Files (x86)\Secure Banking\SecureBanking.exe [507904 2013-06-30] (Secure Banking)
HKU\S-1-5-21-897203139-1112560925-3423631613-1000\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIHJE.EXE [283232 2012-02-29] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-897203139-1112560925-3423631613-1000\...\Run: [Zoner Photo Studio Autoupdate] => C:\Program Files\Zoner\Photo Studio 16\Program32\ZPSTRAY.EXE [831488 2013-12-13] (ZONER software)
HKU\S-1-5-21-897203139-1112560925-3423631613-1000\...\Run: [Zoner Photo Studio Service 16] => C:\Program Files\Zoner\Photo Studio 16\Program32\ZPSService.exe [27648 2013-12-13] ()
HKU\S-1-5-21-897203139-1112560925-3423631613-1000\...\Run: [DesktopReminder2ByPolenter] => C:\Program Files (x86)\Desktop-Reminder 2\DesktopReminder2.exe [2743344 2013-01-06] (Polenter - Software Solutions)
HKU\S-1-5-21-897203139-1112560925-3423631613-1000\...\MountPoints2: {93431013-6770-11e2-9859-806e6f6e6963} - D:\InstallNavi.exe
HKU\S-1-5-21-897203139-1112560925-3423631613-1001\...\Run: [feedreader.exe] => C:\Program Files (x86)\FeedReader30\feedreader.exe [2058240 2009-03-29] ()
HKU\S-1-5-21-897203139-1112560925-3423631613-1001\...\Run: [TomTomHOME.exe] => C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe [248208 2013-08-27] (TomTom)
HKU\S-1-5-21-897203139-1112560925-3423631613-1001\...\Run: [Aufgaben] => C:\Program Files (x86)\Holliesoft\Aufgaben\Aufgaben.exe
HKU\S-1-5-21-897203139-1112560925-3423631613-1001\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIHJE.EXE [283232 2012-02-29] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-897203139-1112560925-3423631613-1001\...\Run: [DesktopReminder2ByPolenter] => C:\Program Files (x86)\Desktop-Reminder 2\DesktopReminder2.exe [2743344 2013-01-06] (Polenter - Software Solutions)
HKU\S-1-5-21-897203139-1112560925-3423631613-1001\...\Run: [Zoner Photo Studio Autoupdate] => C:\Program Files\Zoner\Photo Studio 16\Program32\ZPSTRAY.EXE [831488 2013-12-13] (ZONER software)
HKU\S-1-5-21-897203139-1112560925-3423631613-1001\...\MountPoints2: {70da489a-fec2-11e2-81e1-20cf30c6160e} - E:\IRDApp.exe http://www.iradiopop.com/IRD/pages/register.do?fx=visit
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\O&O Defrag Tray.lnk
ShortcutTarget: O&O Defrag Tray.lnk -> C:\Windows\Installer\{253C418F-F466-4303-86C5-68E656A65551}\app_icon.ico ()
Startup: C:\Users\DTM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Secure Banking.lnk
ShortcutTarget: Secure Banking.lnk -> C:\Program Files (x86)\Secure Banking\SecureBanking.exe (Secure Banking)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x2B7E588486FBCD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
SearchScopes: HKLM - DefaultScope value is missing.
BHO: ExplorerWnd Helper - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll (IObit)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Carsten\AppData\Roaming\Mozilla\Firefox\Profiles\i87wetys.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_182.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_182.dll ()
FF Plugin-x32: @nitropdf.com/NitroPDF - C:\Program Files (x86)\Nitro PDF\Professional 7\npnitromozilla.dll ( )
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-01-26]

==================== Services (Whitelisted) =================

S4 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
S4 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2013-02-10] (Adobe Systems)
R2 AHDDC2; C:\Program Files (x86)\Ashampoo\Ashampoo HDD Control 2\AHDDC2_Service.exe [1518504 2012-07-30] ()
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-04-26] (AVAST Software)
R2 DfSdkS; C:\Program Files (x86)\Ashampoo\Ashampoo HDD Control 2\DfsdkS64.exe [544768 2009-08-24] (mst software GmbH, Germany)
R2 hmpalertsvc; C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe [1876816 2014-04-23] (SurfRight B.V.)
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2153792 2014-03-19] (IObit)
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation)
R2 NitroDriverReadSpool2; C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe [216072 2012-07-26] (Nitro PDF Software)
R2 OO DiskImage; C:\Program Files\OO Software\DiskImage\oodiag.exe [6337832 2014-01-10] (O&O Software GmbH)
R2 OODefragAgent; C:\Program Files\OO Software\Defrag\oodag.exe [1657128 2014-01-24] (O&O Software GmbH)
S2 NitroDriverReadSpool9; "C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe" [X]
S2 nlsX86cc; C:\Windows\SysWOW64\NLSSRV32.EXE [X]

==================== Drivers (Whitelisted) ====================

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-04-26] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-04-26] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-04-26] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-04-26] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-04-26] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-04-26] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [85328 2014-04-26] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208416 2014-04-26] ()
S3 cleanhlp; F:\Emsisoft Emergency Kit (Viren Scanner portable)\Run\cleanhlp64.sys [57032 2013-07-11] (Emsisoft GmbH)
R2 hmpalert; C:\Windows\System32\drivers\hmpalert.sys [93144 2014-04-23] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-04-03] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-04-26] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63192 2014-04-03] (Malwarebytes Corporation)
R0 oodivd; C:\Windows\System32\DRIVERS\oodivd.sys [255680 2013-11-05] (O&O Software GmbH)
R0 oodivdh; C:\Windows\System32\DRIVERS\oodivdh.sys [44736 2013-11-05] (O&O Software GmbH)
R1 SLEE_18_DRIVER; C:\Windows\Sleen1864.sys [108648 2012-07-24] (Softwareentwicklung Remus - ArchiCrypt - )
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [386680 2014-04-07] (Duplex Secure Ltd.)
R1 UimBus; C:\Windows\System32\DRIVERS\uimx64.sys [59184 2011-11-17] (Windows (R) 2000 DDK provider)
R1 Uim_IM; C:\Windows\System32\Drivers\Uim_IMx64.sys [572336 2011-11-17] (Paragon)
R1 Uim_VIM; C:\Windows\System32\Drivers\uim_vimx64.sys [352816 2011-11-17] (Paragon)
S3 keycrypt; system32\DRIVERS\KeyCrypt64.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-26 13:55 - 2014-04-26 13:56 - 00016142 _____ () C:\Users\Carsten\Desktop\FRST.txt
2014-04-26 13:55 - 2014-04-25 21:09 - 02061824 _____ (Farbar) C:\Users\Carsten\Desktop\FRST64.exe
2014-04-26 13:23 - 2014-04-26 13:23 - 00000610 _____ () C:\Windows\PFRO.log
2014-04-26 10:08 - 2014-04-26 10:08 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-04-26 10:08 - 2014-04-26 10:08 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-04-26 02:00 - 2014-04-26 02:25 - 00000000 ____D () C:\Users\DTM\Desktop\Mal gucken HDR
2014-04-26 01:15 - 2014-04-26 01:18 - 18829671 _____ () C:\Users\DTM\Desktop\Unheilig - Mein Stern ( Abschied ).mp4
2014-04-25 21:42 - 2014-04-26 13:56 - 00000000 ____D () C:\Users\Carsten\AppData\Local\CrashDumps
2014-04-25 21:09 - 2014-04-25 21:09 - 02061824 _____ (Farbar) C:\Users\DTM\Desktop\FRST64.exe
2014-04-25 21:09 - 2014-04-25 21:09 - 01016261 _____ (Thisisu) C:\Users\DTM\Desktop\JRT.exe
2014-04-25 21:08 - 2014-04-25 21:08 - 01365865 _____ () C:\Users\DTM\Desktop\adwcleaner.exe
2014-04-24 21:59 - 2014-04-24 21:59 - 00000000 ____D () C:\Users\DTM\Desktop\Trauerbewältigung
2014-04-24 17:33 - 2014-04-26 01:51 - 00000000 ____D () C:\Users\DTM\Desktop\Trauerfeier
2014-04-24 03:16 - 2014-04-24 03:16 - 00000000 ____D () C:\Program Files (x86)\Auslogics
2014-04-24 00:04 - 2014-04-24 00:04 - 00003008 _____ () C:\Users\DTM\Desktop\MeinProjekt.sedprj
2014-04-23 22:23 - 2014-04-26 13:23 - 00000672 _____ () C:\Windows\setupact.log
2014-04-23 22:23 - 2014-04-23 22:23 - 00000000 _____ () C:\Windows\setuperr.log
2014-04-23 22:18 - 2014-04-26 13:54 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-23 22:17 - 2014-04-23 22:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-04-23 22:17 - 2014-04-23 22:17 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-23 22:17 - 2014-04-23 22:17 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-04-23 22:17 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-23 22:17 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-23 22:17 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-23 22:00 - 2014-04-23 22:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-04-23 20:04 - 2014-04-14 04:24 - 00465408 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-04-23 20:04 - 2014-04-14 04:19 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-04-23 20:04 - 2014-02-04 04:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2014-04-23 20:04 - 2014-02-04 04:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-04-23 20:04 - 2014-02-04 04:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2014-04-23 20:04 - 2014-02-04 04:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
2014-04-23 20:04 - 2014-02-04 04:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll
2014-04-23 20:02 - 2014-03-04 11:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-04-23 20:02 - 2014-03-04 11:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2014-04-23 20:02 - 2014-03-04 11:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2014-04-23 20:02 - 2014-03-04 11:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2014-04-23 20:02 - 2014-03-04 11:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2014-04-23 20:02 - 2014-03-04 11:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2014-04-23 20:02 - 2014-03-04 11:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-04-23 20:02 - 2014-03-04 11:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2014-04-23 20:02 - 2014-03-04 11:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2014-04-23 20:02 - 2014-03-04 10:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2014-04-23 20:02 - 2014-03-04 10:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2014-04-23 20:02 - 2014-01-24 04:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-04-23 19:16 - 2014-04-23 19:16 - 00000000 ____D () C:\Users\Carsten\AppData\Roaming\Malwarebytes
2014-04-20 00:06 - 2014-04-26 13:55 - 00000000 ____D () C:\FRST
2014-04-20 00:02 - 2014-04-20 00:02 - 00000000 ____D () C:\Users\Carsten\AppData\Roaming\DesktopReminder
2014-04-20 00:01 - 2014-04-26 13:55 - 00000000 ____D () C:\Users\Carsten\Documents\DesktopReminder
2014-04-20 00:01 - 2014-04-20 00:01 - 00000000 ____D () C:\Users\Carsten\AppData\Local\Polenter_-_Software_Solut
2014-04-18 21:29 - 2014-04-18 21:29 - 00000000 ____D () C:\Users\DTM\Desktop\Wiederspruch ALG 2
2014-04-10 19:45 - 2014-04-10 19:45 - 00000000 ____D () C:\Users\DTM\Desktop\Ring Card
2014-04-08 20:25 - 2014-04-23 18:33 - 00000000 ____D () C:\Users\DTM\Downloads\Fotosoftware
2014-04-08 13:45 - 2014-04-08 13:46 - 08940095 _____ () C:\Users\DTM\Desktop\Die Grüne Hölle.mp4
2014-04-07 21:39 - 2014-04-07 21:39 - 00000000 ____D () C:\Users\DTM\AppData\Local\AquaSoft
2014-04-07 16:05 - 2014-04-26 13:30 - 00000000 ____D () C:\Users\DTM\Downloads\Sonnenuntergänge Trauer
2014-04-05 20:25 - 2014-04-26 13:25 - 00002950 _____ () C:\Windows\System32\Tasks\OO DiskImage {71f57001-bbc8-4dd2-9f24-35d049457fb1}
2014-04-05 20:25 - 2014-04-26 13:25 - 00000476 _____ () C:\Windows\Tasks\OO DiskImage {71f57001-bbc8-4dd2-9f24-35d049457fb1}.job
2014-04-05 09:16 - 2014-04-05 09:22 - 00000000 ____D () C:\Users\DTM\Desktop\Lieder Mutti Stick
2014-03-31 21:35 - 2014-03-31 21:43 - 00000000 ____D () C:\Users\DTM\Downloads\Datenrettung
2014-03-30 20:08 - 2014-04-13 18:40 - 00000000 ____D () C:\Users\DTM\Desktop\VLN 2014 (Racing News)
2014-03-28 21:48 - 2014-04-07 21:02 - 00000000 ____D () C:\Users\DTM\Desktop\Video Doku (Angstdiagnose Krebs)

==================== One Month Modified Files and Folders =======

2014-04-26 13:56 - 2014-04-26 13:55 - 00016142 _____ () C:\Users\Carsten\Desktop\FRST.txt
2014-04-26 13:56 - 2014-04-25 21:42 - 00000000 ____D () C:\Users\Carsten\AppData\Local\CrashDumps
2014-04-26 13:55 - 2014-04-20 00:06 - 00000000 ____D () C:\FRST
2014-04-26 13:55 - 2014-04-20 00:01 - 00000000 ____D () C:\Users\Carsten\Documents\DesktopReminder
2014-04-26 13:54 - 2014-04-23 22:18 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-26 13:48 - 2013-01-26 19:48 - 00000000 ____D () C:\Users\DTM\AppData\Roaming\Macromedia
2014-04-26 13:47 - 2013-06-14 19:56 - 00000000 ____D () C:\Users\DTM\AppData\Local\Paint.NET
2014-04-26 13:39 - 2013-08-07 23:18 - 00000000 ____D () C:\Users\DTM\Downloads\Sprüche Und Video
2014-04-26 13:35 - 2013-01-26 19:48 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-26 13:31 - 2009-07-14 06:45 - 00014928 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-26 13:31 - 2009-07-14 06:45 - 00014928 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-26 13:30 - 2014-04-07 16:05 - 00000000 ____D () C:\Users\DTM\Downloads\Sonnenuntergänge Trauer
2014-04-26 13:29 - 2013-12-22 01:29 - 01921201 _____ () C:\Windows\WindowsUpdate.log
2014-04-26 13:26 - 2014-02-11 21:57 - 00000000 ____D () C:\Users\DTM\Documents\DesktopReminder
2014-04-26 13:25 - 2014-04-05 20:25 - 00002950 _____ () C:\Windows\System32\Tasks\OO DiskImage {71f57001-bbc8-4dd2-9f24-35d049457fb1}
2014-04-26 13:25 - 2014-04-05 20:25 - 00000476 _____ () C:\Windows\Tasks\OO DiskImage {71f57001-bbc8-4dd2-9f24-35d049457fb1}.job
2014-04-26 13:23 - 2014-04-26 13:23 - 00000610 _____ () C:\Windows\PFRO.log
2014-04-26 13:23 - 2014-04-23 22:23 - 00000672 _____ () C:\Windows\setupact.log
2014-04-26 13:23 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-26 10:09 - 2013-01-26 20:04 - 00003924 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-04-26 10:08 - 2014-04-26 10:08 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-04-26 10:08 - 2014-04-26 10:08 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-04-26 10:08 - 2013-12-27 23:07 - 00085328 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-04-26 10:08 - 2013-02-28 20:11 - 00208416 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-04-26 10:08 - 2013-02-28 20:11 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-04-26 10:08 - 2013-01-26 20:04 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-04-26 10:08 - 2013-01-26 20:04 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-04-26 10:08 - 2013-01-26 20:04 - 00334648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-04-26 10:08 - 2013-01-26 20:04 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-04-26 10:08 - 2013-01-26 20:04 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-04-26 02:25 - 2014-04-26 02:00 - 00000000 ____D () C:\Users\DTM\Desktop\Mal gucken HDR
2014-04-26 02:04 - 2014-03-19 18:29 - 00000000 ____D () C:\Windows\CryptoGuard
2014-04-26 01:51 - 2014-04-24 17:33 - 00000000 ____D () C:\Users\DTM\Desktop\Trauerfeier
2014-04-26 01:18 - 2014-04-26 01:15 - 18829671 _____ () C:\Users\DTM\Desktop\Unheilig - Mein Stern ( Abschied ).mp4
2014-04-25 22:42 - 2013-01-26 19:01 - 00000000 ____D () C:\Users\DTM\AppData\Roaming\Nitro PDF
2014-04-25 22:42 - 2009-07-14 07:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-04-25 21:44 - 2009-07-14 19:58 - 00654400 _____ () C:\Windows\system32\perfh007.dat
2014-04-25 21:44 - 2009-07-14 19:58 - 00130240 _____ () C:\Windows\system32\perfc007.dat
2014-04-25 21:44 - 2009-07-14 07:13 - 01498742 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-25 21:12 - 2013-10-16 15:54 - 00000000 ____D () C:\AdwCleaner
2014-04-25 21:09 - 2014-04-26 13:55 - 02061824 _____ (Farbar) C:\Users\Carsten\Desktop\FRST64.exe
2014-04-25 21:09 - 2014-04-25 21:09 - 02061824 _____ (Farbar) C:\Users\DTM\Desktop\FRST64.exe
2014-04-25 21:09 - 2014-04-25 21:09 - 01016261 _____ (Thisisu) C:\Users\DTM\Desktop\JRT.exe
2014-04-25 21:08 - 2014-04-25 21:08 - 01365865 _____ () C:\Users\DTM\Desktop\adwcleaner.exe
2014-04-24 21:59 - 2014-04-24 21:59 - 00000000 ____D () C:\Users\DTM\Desktop\Trauerbewältigung
2014-04-24 17:28 - 2013-01-26 17:36 - 00000000 ____D () C:\Program Files\CCleaner
2014-04-24 03:16 - 2014-04-24 03:16 - 00000000 ____D () C:\Program Files (x86)\Auslogics
2014-04-24 03:16 - 2014-02-02 05:11 - 00000000 ____D () C:\Users\DTM\Downloads\Youtube Downloader
2014-04-24 02:41 - 2013-01-27 00:48 - 00000000 ____D () C:\Users\DTM\AppData\Roaming\vlc
2014-04-24 01:53 - 2014-01-14 00:25 - 00000000 ____D () C:\Users\DTM\Desktop\Verkauf
2014-04-24 01:00 - 2013-01-27 21:28 - 00000000 ___RD () C:\Users\DTM\Desktop\Toolbars und ungewünschte Programme entfernen
2014-04-24 00:55 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\tracing
2014-04-24 00:04 - 2014-04-24 00:04 - 00003008 _____ () C:\Users\DTM\Desktop\MeinProjekt.sedprj
2014-04-24 00:01 - 2014-02-10 03:24 - 00000000 ____D () C:\Users\DTM\AppData\Roaming\Ashampoo Slideshow Studio HD 3
2014-04-23 22:23 - 2014-04-23 22:23 - 00000000 _____ () C:\Windows\setuperr.log
2014-04-23 22:17 - 2014-04-23 22:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-04-23 22:17 - 2014-04-23 22:17 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-23 22:17 - 2014-04-23 22:17 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-04-23 22:00 - 2014-04-23 22:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-04-23 21:17 - 2014-03-18 19:32 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-04-23 20:25 - 2014-03-21 23:01 - 00000000 ____D () C:\Users\DTM\Desktop\VLN 2014
2014-04-23 19:29 - 2014-03-19 18:29 - 00000000 ____D () C:\Program Files (x86)\HitmanPro.Alert
2014-04-23 19:27 - 2014-03-19 18:29 - 00548424 _____ (SurfRight) C:\Windows\system32\hmpalert.dll
2014-04-23 19:27 - 2014-03-19 18:29 - 00477008 _____ (SurfRight) C:\Windows\SysWOW64\hmpalert.dll
2014-04-23 19:27 - 2014-03-19 18:29 - 00093144 _____ () C:\Windows\system32\Drivers\hmpalert.sys
2014-04-23 19:25 - 2013-04-26 14:23 - 00000000 ____D () C:\Users\DTM\AppData\Local\CrashDumps
2014-04-23 19:16 - 2014-04-23 19:16 - 00000000 ____D () C:\Users\Carsten\AppData\Roaming\Malwarebytes
2014-04-23 19:16 - 2013-01-26 06:32 - 00000000 ____D () C:\Users\Carsten
2014-04-23 19:15 - 2013-01-26 07:17 - 00000000 ____D () C:\Users\DTM
2014-04-23 18:33 - 2014-04-08 20:25 - 00000000 ____D () C:\Users\DTM\Downloads\Fotosoftware
2014-04-23 18:33 - 2014-02-11 21:54 - 00000000 ____D () C:\Program Files (x86)\Desktop-Reminder 2
2014-04-23 18:33 - 2014-02-06 21:05 - 00000000 ____D () C:\Users\DTM\AppData\Local\CrashRpt
2014-04-23 18:33 - 2014-02-04 21:22 - 00000000 ____D () C:\Users\DTM\AppData\Roaming\ProductData
2014-04-23 18:33 - 2014-02-03 23:27 - 00000000 ____D () C:\Users\Carsten\AppData\Roaming\ProductData
2014-04-23 18:33 - 2013-11-15 00:26 - 00000000 ____D () C:\ProgramData\ProductData
2014-04-23 18:33 - 2013-07-17 22:44 - 00000000 ____D () C:\Program Files (x86)\TomTom HOME 2
2014-04-23 18:33 - 2013-02-02 21:12 - 00000000 ____D () C:\Users\DTM\AppData\Roaming\Feedreader
2014-04-23 18:33 - 2013-02-02 21:12 - 00000000 ____D () C:\Program Files (x86)\FeedReader30
2014-04-23 18:33 - 2013-01-26 21:53 - 00000000 ____D () C:\Program Files (x86)\Secure Banking
2014-04-23 18:33 - 2013-01-26 21:03 - 00000000 ____D () C:\Program Files\Elantech
2014-04-23 18:33 - 2013-01-26 07:17 - 00000000 ___RD () C:\Users\DTM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-04-23 18:33 - 2009-07-14 05:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
2014-04-23 18:33 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\L2Schemas
2014-04-23 18:32 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\registration
2014-04-23 18:31 - 2013-01-27 00:59 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-04-23 18:31 - 2013-01-26 17:50 - 00000000 ____D () C:\Users\Carsten\AppData\Roaming\Mozilla
2014-04-23 18:31 - 2013-01-26 17:32 - 00000000 ____D () C:\Users\DTM\AppData\Local\Mozilla
2014-04-21 21:34 - 2013-05-21 23:01 - 00000000 ____D () C:\Users\DTM\Desktop\Riester Rente (Union Investment)
2014-04-20 21:24 - 2013-10-04 19:57 - 00000000 ____D () C:\Users\DTM\Desktop\Klingelton
2014-04-20 00:02 - 2014-04-20 00:02 - 00000000 ____D () C:\Users\Carsten\AppData\Roaming\DesktopReminder
2014-04-20 00:01 - 2014-04-20 00:01 - 00000000 ____D () C:\Users\Carsten\AppData\Local\Polenter_-_Software_Solut
2014-04-18 21:29 - 2014-04-18 21:29 - 00000000 ____D () C:\Users\DTM\Desktop\Wiederspruch ALG 2
2014-04-18 21:28 - 2013-01-26 19:06 - 00000000 ____D () C:\Users\DTM\Desktop\Handbücher
2014-04-16 19:56 - 2013-01-26 07:23 - 00095288 _____ () C:\Users\Carsten\AppData\Local\GDIPFONTCACHEV1.DAT
2014-04-15 20:16 - 2009-07-14 07:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-04-14 04:24 - 2014-04-23 20:04 - 00465408 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-04-14 04:19 - 2014-04-23 20:04 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-04-13 19:03 - 2013-02-05 21:00 - 00000000 ____D () C:\Users\DTM\AppData\Local\photoOptimizeHistoryDataBase
2014-04-13 18:40 - 2014-03-30 20:08 - 00000000 ____D () C:\Users\DTM\Desktop\VLN 2014 (Racing News)
2014-04-10 19:45 - 2014-04-10 19:45 - 00000000 ____D () C:\Users\DTM\Desktop\Ring Card
2014-04-09 19:33 - 2014-03-19 18:29 - 00548424 _____ (SurfRight) C:\Windows\system32\hmpalert(38).dll
2014-04-09 19:33 - 2014-03-19 18:29 - 00477008 _____ (SurfRight) C:\Windows\SysWOW64\hmpalert(39).dll
2014-04-08 20:26 - 2013-11-13 22:33 - 00000000 ____D () C:\Users\Carsten\AppData\Local\Adobe
2014-04-08 20:25 - 2013-01-26 19:48 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-04-08 20:25 - 2013-01-26 19:48 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-04-08 20:25 - 2013-01-26 19:48 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-04-08 13:46 - 2014-04-08 13:45 - 08940095 _____ () C:\Users\DTM\Desktop\Die Grüne Hölle.mp4
2014-04-07 21:39 - 2014-04-07 21:39 - 00000000 ____D () C:\Users\DTM\AppData\Local\AquaSoft
2014-04-07 21:39 - 2013-04-30 15:36 - 00386680 _____ (Duplex Secure Ltd.) C:\Windows\system32\Drivers\sptd.sys
2014-04-07 21:02 - 2014-03-28 21:48 - 00000000 ____D () C:\Users\DTM\Desktop\Video Doku (Angstdiagnose Krebs)
2014-04-07 18:11 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-04-05 09:22 - 2014-04-05 09:16 - 00000000 ____D () C:\Users\DTM\Desktop\Lieder Mutti Stick
2014-04-03 09:51 - 2014-04-23 22:17 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-03 09:51 - 2014-04-23 22:17 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-03 09:50 - 2014-04-23 22:17 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-03-31 21:43 - 2014-03-31 21:35 - 00000000 ____D () C:\Users\DTM\Downloads\Datenrettung
2014-03-31 21:32 - 2013-01-28 02:14 - 00000000 ____D () C:\Users\DTM\Desktop\LibreOffice Vorlagen
2014-03-28 21:49 - 2014-03-17 21:36 - 00000000 ____D () C:\Users\DTM\Desktop\Unheilig noch auf stick
2014-03-28 21:44 - 2013-01-31 04:09 - 00000000 ____D () C:\FFOutput
2014-03-28 21:29 - 2013-01-29 02:12 - 00000000 ____D () C:\Users\DTM\Desktop\MozBackup´s

Some content of TEMP:
====================
C:\Users\Carsten\AppData\Local\Temp\Quarantine.exe
C:\Users\DTM\AppData\Local\Temp\Photooptimizer.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-04-07 18:00

==================== End Of Log ============================

--- --- ---

cosinus · 27.04.2014, 21:18

Bitte auch mit neuer Addition.txt. Haken setzen bei addition.txt dann auf Scan klicken

Dragon79 · 28.04.2014, 16:46

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-04-2014 03
Ran by Carsten at 2014-04-28 17:42:31
Running from F:\1
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
ABBYY FineReader 9.0 Sprint (HKLM-x32\...\ABBYY FineReader 9.0 Sprint) (Version: 9.01.513.58212 - ABBYY)
ABBYY FineReader 9.0 Sprint (x32 Version: 9.01.513.58212 - ABBYY) Hidden
Acronis*True*Image*Home 2011 (HKLM-x32\...\{04A3A6B0-8E19-49BB-82FF-65C5A55F917D}) (Version: 14.0.5105 - Acronis)
Adobe Bridge 1.0 (x32 Version: 001.000.001 - Adobe Systems) Hidden
Adobe Common File Installer (x32 Version: 1.00.001 - Adobe System Incorporated) Hidden
Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.182 - Adobe Systems Incorporated)
Adobe Help Center 1.0 (x32 Version: 1.0.1 - Adobe Systems) Hidden
Adobe Photoshop CS2 (HKLM-x32\...\Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0407-1E257A25E34D}) (Version: 9.0 - Adobe Systems, Inc.)
Adobe Photoshop CS2 (x32 Version: 9.0 - Adobe Systems, Inc.) Hidden
Adobe Stock Photos 1.0 (x32 Version: 1.0.1 - Adobe Systems) Hidden
AMD APP SDK Runtime (Version: 2.4.595.1 - Advanced Micro Devices Inc.) Hidden
Ashampoo Burning Studio 14 v.14.0.1 (HKLM-x32\...\{91B33C97-7BCF-CDFE-4321-58EBF3E8641C}_is1) (Version: 14.0.1 - Ashampoo GmbH & Co. KG)
Ashampoo HDD Control 2 v.2.1.0 (HKLM-x32\...\Ashampoo HDD Control 2_is1) (Version: 2.1.0 - Ashampoo GmbH & Co. KG)
Ashampoo Photo Commander 11 v.11.0.1 (HKLM-x32\...\{0A11EA01-0F9C-8526-5DF1-0A2FD0FB33D9}_is1) (Version: 11.0.1 - Ashampoo GmbH & Co. KG)
Ashampoo Photo Optimizer 5 v.5.0.2 (HKLM-x32\...\Ashampoo Photo Optimizer 5_is1) (Version: 5.0.2 - Ashampoo GmbH & Co. KG)
Ashampoo Slideshow Studio HD 2 v.2.0.6 (HKLM-x32\...\{91B33C97-C201-47CC-5004-C35C8472437F}_is1) (Version: 2.0.6 - Ashampoo GmbH & Co. KG)
Ashampoo Slideshow Studio HD 3 v.3.0.1 (HKLM-x32\...\{91B33C97-16DF-4A79-3990-449F9E068D76}_is1) (Version: 3.0.1 - Ashampoo GmbH & Co. KG)
Ashampoo Slideshow Studio HD 3 v.3.0.2 (HKLM-x32\...\{91B33C97-0CE8-6ABD-1CF4-0DAF2CCF492A}_is1) (Version: 3.0.2 - Ashampoo GmbH & Co. KG)
ATI AVIVO64 Codecs (Version: 11.6.0.10309 - ATI Technologies Inc.) Hidden
ATI Catalyst Install Manager (HKLM\...\{363836F9-D52D-8976-EC20-8C6965A4D045}) (Version: 3.0.820.0 - ATI Technologies, Inc.)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0009 - ASUS)
avast! Free Antivirus (HKLM-x32\...\avast) (Version: 9.0.2018 - Avast Software)
Azteca (HKLM-x32\...\Azteca_is1) (Version: 1.0 - Media Contact LLC)
Benutzerhandbuch EPSON SX130 Series (HKLM-x32\...\EPSON SX130 Series Useg) (Version:  - )
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center (x32 Version: 2011.0309.2206.39672 - Ihr Firmenname) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2011.0309.2206.39672 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2011.0309.2206.39672 - ATI) Hidden
CCC Help Chinese Standard (x32 Version: 2011.0309.2205.39672 - ATI) Hidden
CCC Help Chinese Traditional (x32 Version: 2011.0309.2205.39672 - ATI) Hidden
CCC Help Czech (x32 Version: 2011.0309.2205.39672 - ATI) Hidden
CCC Help Danish (x32 Version: 2011.0309.2205.39672 - ATI) Hidden
CCC Help Dutch (x32 Version: 2011.0309.2205.39672 - ATI) Hidden
CCC Help English (x32 Version: 2011.0309.2205.39672 - ATI) Hidden
CCC Help Finnish (x32 Version: 2011.0309.2205.39672 - ATI) Hidden
CCC Help French (x32 Version: 2011.0309.2205.39672 - ATI) Hidden
CCC Help German (x32 Version: 2011.0309.2205.39672 - ATI) Hidden
CCC Help Greek (x32 Version: 2011.0309.2205.39672 - ATI) Hidden
CCC Help Hungarian (x32 Version: 2011.0309.2205.39672 - ATI) Hidden
CCC Help Italian (x32 Version: 2011.0309.2205.39672 - ATI) Hidden
CCC Help Japanese (x32 Version: 2011.0309.2205.39672 - ATI) Hidden
CCC Help Korean (x32 Version: 2011.0309.2205.39672 - ATI) Hidden
CCC Help Norwegian (x32 Version: 2011.0309.2205.39672 - ATI) Hidden
CCC Help Polish (x32 Version: 2011.0309.2205.39672 - ATI) Hidden
CCC Help Portuguese (x32 Version: 2011.0309.2205.39672 - ATI) Hidden
CCC Help Russian (x32 Version: 2011.0309.2205.39672 - ATI) Hidden
CCC Help Spanish (x32 Version: 2011.0309.2205.39672 - ATI) Hidden
CCC Help Swedish (x32 Version: 2011.0309.2205.39672 - ATI) Hidden
CCC Help Thai (x32 Version: 2011.0309.2205.39672 - ATI) Hidden
CCC Help Turkish (x32 Version: 2011.0309.2205.39672 - ATI) Hidden
ccc-utility64 (Version: 2011.0309.2206.39672 - ATI) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.13 - Piriform)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.127.0.63 - Conexant)
Desktop-Reminder 2 (HKLM-x32\...\Desktop-Reminder 2) (Version: 2.56 - Polenter - Software Solutions)
Desktop-Reminder 2 (x32 Version: 2.56 - Polenter - Software Solutions) Hidden
Epson Easy Photo Print 2 (HKLM-x32\...\{A02D7029-C4EF-44C1-9FD4-C0D3CA518113}) (Version: 2.2.4.0 - SEIKO EPSON CORPORATION)
Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) (HKLM-x32\...\{B2D55EB8-32C5-4B43-9006-9E97DECBA178}) (Version: 1.00.0000 - SEIKO EPSON CORPORATION)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON SX130 Series Printer Uninstall (HKLM\...\EPSON SX130 Series) (Version:  - SEIKO EPSON Corporation)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
ETDWare PS/2-x64 7.0.5.11_WHQL (HKLM\...\Elantech) (Version: 7.0.5.11 - ELAN Microelectronics Corp.)
EVEREST Ultimate Edition v5.50 (HKLM-x32\...\EVEREST Ultimate Edition_is1) (Version: 5.50 - Lavalys, Inc.)
FeedReader (HKLM-x32\...\FeedReader_is1) (Version:  - i-Systems Inc.)
FileWing (HKLM-x32\...\FileWing_is1) (Version: 2.3 - Abelssoft)
FormatFactory 3.0.1 (HKLM-x32\...\FormatFactory) (Version: 3.0.1 - Free Time)
Free YouTube Download version 3.2.20.1230 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.2.20.1230 - DVDVideoSoft Ltd.)
Führerschein 2012-2013 Installation & Registrierung (HKLM-x32\...\{E0A5D44A-FBDD-449D-82DF-78273CB86D6D}_is1) (Version:  - Abamsoft, dadagoo GmbH)
Google Update Helper (x32 Version: 1.3.22.3 - Google Inc.) Hidden
HitmanPro.Alert (HKLM\...\HitmanPro.Alert) (Version: 2.6.5.77 - SurfRight B.V.)
Inpaint 4.5 (HKLM-x32\...\{2AEDC172-479F-47AE-8A48-A0524D4AED5B}_is1) (Version:  - Teorex)
IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 3.2.9.10 - IObit)
JMicron Ethernet Adapter NDIS Driver (HKLM-x32\...\{96DCEE2F-98EE-4F80-8C0F-7C04D1FB9D7F}) (Version: 6.0.27.6 - JMicron Technology Corp.)
JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.33.2 - JMicron Technology Corp.)
LibreOffice 4.2.2.1 (HKLM-x32\...\{0ECDB550-79ED-4E9E-851B-19A8B2B4EBFA}) (Version: 4.2.2.1 - The Document Foundation)
Light Image Resizer 4.4.1.0 (HKLM-x32\...\{EBE030DD-D404-4D92-85E9-8C3624820808}_is1) (Version: 4.4.1.0 - ObviousIdea)
Malwarebytes Anti-Malware Version 2.0.1.1004 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
MozBackup 1.5.1 (HKLM-x32\...\MozBackup) (Version:  - Pavel Cvrcek)
Mozilla Firefox 28.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 28.0 (x86 de)) (Version: 28.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
Mozilla Thunderbird 24.0.1 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 24.0.1 (x86 de)) (Version: 24.0.1 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Multimedia-Führerschein & Verkehr 2012-13 (HKLM-x32\...\{EFE197C2-C6C7-47F9-A735-245D35D56E45}) (Version: 1.00.0000 - bhv)
Nitro Pro 7 (HKLM\...\{1FD29C34-110D-43E8-8261-8A358E4E7204}) (Version: 7.5.0.22 - Nitro PDF Software)
O&O Defrag Professional (HKLM\...\{253C418F-F466-4303-86C5-68E656A65551}) (Version: 17.0.504 - O&O Software GmbH)
O&O DiskImage Professional (HKLM\...\{E6B8311A-1E4B-4B47-83D3-57178800B8A6}) (Version: 8.0.78 - O&O Software GmbH)
Opera Stable 20.0.1387.82 (HKLM-x32\...\Opera 20.0.1387.82) (Version: 20.0.1387.82 - Opera Software ASA)
Opera Stable 20.0.1387.91 (HKLM-x32\...\Opera 20.0.1387.91) (Version: 20.0.1387.91 - Opera Software ASA)
Paint.NET v3.5.11 (HKLM\...\{72EF03F5-0507-4861-9A44-D99FD4C41418}) (Version: 3.61.0 - dotPDN LLC)
Paragon Backup & Recovery™ 2012 Free (HKLM-x32\...\{C268B5E1-A5DA-11DF-A289-005056C00008}) (Version: 90.00.0003 - Paragon Software)
Perfect Effects 4.0.4 (HKLM-x32\...\{385E6A4D-A440-43E2-9BAF-A012FB5FC2E2}) (Version: 4.0.4 - onOne Software)
PhotoFiltre 7 (HKCU\...\PhotoFiltre 7) (Version:  - )
Photomatix Pro version 4.2.6 (HKLM-x32\...\PhotomatixPro42x32_is1) (Version: 4.2.6 - HDRsoft Ltd)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.1.13105_7 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.6.1.13105_7 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.29.0 - SAMSUNG Electronics Co., Ltd.)
Secure Banking Version 1.5.1 (HKLM-x32\...\{207E9B74-F4D3-4FD7-8142-16FF41825BC4}_is1) (Version: 1.5.1 - Hopfgartner Niklas)
Steganos Safe 2012 (HKLM-x32\...\{FADC3DC0-BCD9-4F6A-BB9D-360D695C5791}) (Version: 13.0.5 - Steganos Software GmbH)
StreamTransport version: 1.0.2.2171 (HKLM-x32\...\{FA0BBB87-91A1-4BFD-9005-EB058BBA0E14}_is1) (Version:  - )
SugarBook 4.0 (HKLM-x32\...\SugarBook4_is1) (Version:  - Lars Lakomski)
TomTom HOME (HKLM-x32\...\{99072AB4-D795-44D5-9D65-E3C9F8322C97}) (Version: 2.9.7 - Ihr Firmenname)
TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
TuneUp Utilities 2014 (de-DE) (x32 Version: 14.0.1000.89 - TuneUp Software) Hidden
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2836939) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2836939v3) (Version: 3 - Microsoft Corporation)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
waterMark V2 (HKLM-x32\...\waterMark V2) (Version:  - )
Zoner Photo Studio 16 (HKLM\...\ZonerPhotoStudio16_DE_is1) (Version: 16.0.1.5 - ZONER software)

==================== Restore Points  =========================

23-04-2014 16:25:49 Wiederherstellungsvorgang
23-04-2014 16:34:55 avast! antivirus system restore point
23-04-2014 18:04:30 Windows Update
25-04-2014 19:07:21 Programme funktionieren bestens
26-04-2014 08:03:18 avast! antivirus system restore point

==================== Hosts content: ==========================

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {0851E440-191F-4ABB-B1CC-B75ABC498154} - System32\Tasks\Uninstaller_SkipUac_Administrator => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2014-03-19] (IObit)
Task: {0E74798E-5787-40D6-9F0B-B42585A9A255} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-04-17] (Piriform Ltd)
Task: {4F60C7ED-373B-437D-B6EA-9C99B4CA8023} - \MySearchDial No Task File <==== ATTENTION
Task: {9A05CB73-B915-476E-899A-7D6CBA114ADC} - System32\Tasks\ATKOSD2 => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [2010-08-17] (ASUS)
Task: {C9F19A4F-3048-48F5-A099-CAA90C492BB0} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-04-26] (AVAST Software)
Task: {E3078653-27FC-43BD-A8E7-90817A57E47F} - System32\Tasks\OO DiskImage {71f57001-bbc8-4dd2-9f24-35d049457fb1} => C:\Program Files\OO Software\DiskImage\oodiag.exe [2014-01-10] (O&O Software GmbH)
Task: {FBA05D17-55FD-4098-9FFD-54851BD053D8} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-04-08] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\OO DiskImage {71f57001-bbc8-4dd2-9f24-35d049457fb1}.job => C:\Program Files\OO Software\DiskImage\oodiag.exe

==================== Loaded Modules (whitelisted) =============

2013-01-30 23:37 - 2012-07-30 11:48 - 01518504 _____ () C:\Program Files (x86)\Ashampoo\Ashampoo HDD Control 2\AHDDC2_Service.exe
2014-01-10 19:55 - 2014-01-10 19:55 - 00326440 _____ () C:\Program Files\OO Software\DiskImage\oodiagrs.dll
2014-01-10 19:56 - 2014-01-10 19:56 - 00069928 _____ () C:\Program Files\OO Software\DiskImage\oodiagpsx64.dll
2014-01-10 19:55 - 2014-01-10 19:55 - 00344872 _____ () C:\Program Files\OO Software\DiskImage\oodishrs.dll
2014-01-10 19:55 - 2014-01-10 19:55 - 00553768 _____ () C:\Program Files\OO Software\DiskImage\ooditrrs.dll
2013-02-02 21:12 - 2009-03-29 12:30 - 02058240 _____ () C:\Program Files (x86)\FeedReader30\feedreader.exe
2013-01-26 21:53 - 2013-06-30 17:54 - 00002560 _____ () C:\Program Files (x86)\Secure Banking\sbservice.exe
2011-03-14 15:21 - 2011-03-14 15:21 - 00016384 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2011-03-10 00:05 - 2011-03-10 00:05 - 00243712 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2014-04-27 19:24 - 2014-04-27 19:24 - 02252800 _____ () C:\Program Files\AVAST Software\Avast\defs\14042701\algo.dll
2014-04-28 17:35 - 2014-04-28 17:35 - 02252800 _____ () C:\Program Files\AVAST Software\Avast\defs\14042800\algo.dll
2012-01-23 23:00 - 2012-01-23 23:00 - 00015872 _____ () C:\Program Files (x86)\Desktop-Reminder 2\de\DevExpress.XtraBars.v11.1.resources.dll
2012-01-23 23:00 - 2012-01-23 23:00 - 00061440 _____ () C:\Program Files (x86)\Desktop-Reminder 2\de\DevExpress.XtraEditors.v11.1.resources.dll
2012-01-23 23:00 - 2012-01-23 23:00 - 00053248 _____ () C:\Program Files (x86)\Desktop-Reminder 2\de\DevExpress.XtraScheduler.v11.1.Core.resources.dll
2012-01-23 23:00 - 2012-01-23 23:00 - 00016384 _____ () C:\Program Files (x86)\Desktop-Reminder 2\de\DevExpress.XtraScheduler.v11.1.Extensions.resources.dll
2012-01-23 23:00 - 2012-01-23 23:00 - 00010240 _____ () C:\Program Files (x86)\Desktop-Reminder 2\de\DevExpress.XtraLayout.v11.1.resources.dll
2009-07-13 23:03 - 2009-07-14 03:15 - 00364544 _____ () C:\Windows\SysWOW64\msjetoledb40.dll
2013-01-26 21:53 - 2013-06-30 17:54 - 00017920 _____ () C:\Program Files (x86)\Secure Banking\SecureBanking.dll
2013-01-26 21:53 - 2013-06-30 17:54 - 00008704 _____ () C:\Program Files (x86)\Secure Banking\funcs.dll
2013-10-15 17:49 - 2013-10-15 17:49 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-03-18 19:32 - 2014-03-18 19:32 - 03642480 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2013-10-14 01:12 - 2014-03-19 16:57 - 03018864 _____ () C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll
2013-10-14 01:12 - 2014-03-19 16:56 - 00158832 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAP32V60.dll
2013-10-14 01:12 - 2014-03-19 16:56 - 00023152 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAPPR32V60.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Windows:nlsPreferences

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"

==================== Disabled items from MSCONFIG ==============

MSCONFIG\Services: ABBYY.Licensing.FineReader.Sprint.9.0 => 2
MSCONFIG\Services: Adobe LM Service => 3
MSCONFIG\Services: Video downloader Updater => 2
MSCONFIG\Services: WerSvc => 3
MSCONFIG\Services: WinDefend => 2
MSCONFIG\startupfolder: C:^Users^Carsten^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma.lnk => C:\Windows\pss\Adobe Gamma.lnk.Startup
MSCONFIG\startupreg: KiesAirMessage => C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
MSCONFIG\startupreg: KiesPreload => C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload
MSCONFIG\startupreg: KiesTrayAgent => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
MSCONFIG\startupreg: SAFE2012 File Redirection Starter => "C:\Program Files (x86)\Steganos Safe 2012\fredirstarter.exe"
MSCONFIG\startupreg: SAFE2012 HotKeys => "C:\Program Files (x86)\Steganos Safe 2012\SteganosHotKeyService.exe"
MSCONFIG\startupreg: WinPatrol => C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe -expressboot
MSCONFIG\startupreg: Zoner Photo Studio Autoupdate => "C:\Program Files\Zoner\Photo Studio 16\Program32\ZPSTRAY.EXE"
MSCONFIG\startupreg: Zoner Photo Studio Service 16 => "C:\Program Files\Zoner\Photo Studio 16\Program32\ZPSTRAY.EXEC:\Program Files\Zoner\Photo Studio 16\Program32\ZPSService.exe"

==================== Faulty Device Manager Devices =============

Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (04/27/2014 08:05:37 PM) (Source: AHDDC2_Service.exe) (User: )
Description: Cannot terminate an externally created thread

Error: (04/27/2014 06:46:11 PM) (Source: AHDDC2_Service.exe) (User: )
Description: Cannot terminate an externally created thread

Error: (04/27/2014 06:45:40 PM) (Source: Windows Search Service) (User: )
Description: Die Liste der eingeschlossenen und ausgeschlossenen Adressen konnte vvon Windows Search nicht verarbeitet werden. Fehler: <30, 0x80040d07, "iehistory://{S-1-5-21-897203139-1112560925-3423631613-1001}/">.

Error: (04/27/2014 05:03:21 PM) (Source: Windows Search Service) (User: )
Description: Die Liste der eingeschlossenen und ausgeschlossenen Adressen konnte vvon Windows Search nicht verarbeitet werden. Fehler: <30, 0x80040d07, "iehistory://{S-1-5-21-897203139-1112560925-3423631613-1001}/">.

Error: (04/27/2014 01:20:48 AM) (Source: AHDDC2_Service.exe) (User: )
Description: Cannot terminate an externally created thread

Error: (04/26/2014 08:05:22 PM) (Source: AHDDC2_Service.exe) (User: )
Description: Cannot terminate an externally created thread

Error: (04/26/2014 08:04:40 PM) (Source: Windows Search Service) (User: )
Description: Die Liste der eingeschlossenen und ausgeschlossenen Adressen konnte vvon Windows Search nicht verarbeitet werden. Fehler: <30, 0x80040d07, "iehistory://{S-1-5-21-897203139-1112560925-3423631613-1001}/">.

Error: (04/26/2014 07:02:18 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7601.17567, Zeitstempel: 0x4d672ee4
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000003e10fd8
ID des fehlerhaften Prozesses: 0xcbc
Startzeit der fehlerhaften Anwendung: 0xExplorer.EXE0
Pfad der fehlerhaften Anwendung: Explorer.EXE1
Pfad des fehlerhaften Moduls: Explorer.EXE2
Berichtskennung: Explorer.EXE3

Error: (04/26/2014 02:06:14 PM) (Source: AHDDC2_Service.exe) (User: )
Description: Cannot terminate an externally created thread

Error: (04/26/2014 01:55:46 PM) (Source: Windows Search Service) (User: )
Description: Die Liste der eingeschlossenen und ausgeschlossenen Adressen konnte vvon Windows Search nicht verarbeitet werden. Fehler: <30, 0x80040d07, "iehistory://{S-1-5-21-897203139-1112560925-3423631613-1000}/">.


System errors:
=============
Error: (04/28/2014 05:34:27 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Nalpeiron Licensing Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (04/28/2014 05:34:27 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NitroPDFDriverCreatorReadSpool9" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (04/27/2014 08:05:27 PM) (Source: DCOM) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (04/27/2014 08:05:22 PM) (Source: DCOM) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (04/27/2014 07:22:16 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Nalpeiron Licensing Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (04/27/2014 07:22:16 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NitroPDFDriverCreatorReadSpool9" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (04/27/2014 06:45:59 PM) (Source: DCOM) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (04/27/2014 05:01:04 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Nalpeiron Licensing Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (04/27/2014 05:01:04 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NitroPDFDriverCreatorReadSpool9" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (04/27/2014 01:20:36 AM) (Source: DCOM) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}


Microsoft Office Sessions:
=========================
Error: (04/27/2014 08:05:37 PM) (Source: AHDDC2_Service.exe)(User: )
Description: Cannot terminate an externally created thread

Error: (04/27/2014 06:46:11 PM) (Source: AHDDC2_Service.exe)(User: )
Description: Cannot terminate an externally created thread

Error: (04/27/2014 06:45:40 PM) (Source: Windows Search Service)(User: )
Description: 300x80040d07iehistory://{S-1-5-21-897203139-1112560925-3423631613-1001}/

Error: (04/27/2014 05:03:21 PM) (Source: Windows Search Service)(User: )
Description: 300x80040d07iehistory://{S-1-5-21-897203139-1112560925-3423631613-1001}/

Error: (04/27/2014 01:20:48 AM) (Source: AHDDC2_Service.exe)(User: )
Description: Cannot terminate an externally created thread

Error: (04/26/2014 08:05:22 PM) (Source: AHDDC2_Service.exe)(User: )
Description: Cannot terminate an externally created thread

Error: (04/26/2014 08:04:40 PM) (Source: Windows Search Service)(User: )
Description: 300x80040d07iehistory://{S-1-5-21-897203139-1112560925-3423631613-1001}/

Error: (04/26/2014 07:02:18 PM) (Source: Application Error)(User: )
Description: Explorer.EXE6.1.7601.175674d672ee4unknown0.0.0.000000000c00000050000000003e10fd8cbc01cf616dea677fc1C:\Windows\Explorer.EXEunknown85b460ec-cd64-11e3-8195-20cf30c6160e

Error: (04/26/2014 02:06:14 PM) (Source: AHDDC2_Service.exe)(User: )
Description: Cannot terminate an externally created thread

Error: (04/26/2014 01:55:46 PM) (Source: Windows Search Service)(User: )
Description: 300x80040d07iehistory://{S-1-5-21-897203139-1112560925-3423631613-1000}/


CodeIntegrity Errors:
===================================
  Date: 2014-04-28 17:34:16.103
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-04-27 20:05:21.995
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-04-27 19:51:02.897
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-04-27 19:37:42.669
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-04-27 19:22:05.571
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-04-27 17:48:45.933
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-04-27 17:29:33.005
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-04-27 17:00:55.023
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-04-27 01:12:38.248
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-04-27 00:44:03.112
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Percentage of memory in use: 55%
Total physical RAM: 3948.54 MB
Available physical RAM: 1743.07 MB
Total Pagefile: 7895.27 MB
Available Pagefile: 4925.82 MB
Total Virtual: 8192 MB
Available Virtual: 8191.87 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:278.47 GB) (Free:203.26 GB) NTFS
Drive f: () (Removable) (Total:3.76 GB) (Free:1.12 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: 1B72BB33)
Partition 1: (Not Active) - (Size=20 GB) - (Type=1C)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=278 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 4 GB) (Disk ID: 2C6B7369)
No partition Table on disk 1.

==================== End Of Log ============================

cosinus · 29.04.2014, 09:41

Aus dem MBAM Log:

Zitat:

Administrator: Nein

Und das seh ich jetzt erst

24.04.2014, 22:47	#20
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	AVAST und Malwarebytes melden mehrere Funde Mach bitte morgen früh nochmal nen Scan mit aktuellen Signaturen __________________ Logfiles bitte immer in CODE-Tags posten

26.04.2014, 12:19	#26
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	AVAST und Malwarebytes melden mehrere Funde Führe FRST mit einem Konto aus, das Adminrechte hat. Also als Admin einloggen, nicht per ausführen als oder so __________________ Logfiles bitte immer in CODE-Tags posten

27.04.2014, 21:18	#28
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	AVAST und Malwarebytes melden mehrere Funde Bitte auch mit neuer Addition.txt. Haken setzen bei addition.txt dann auf Scan klicken __________________ Logfiles bitte immer in CODE-Tags posten

AVAST und Malwarebytes melden mehrere Funde

Plagegeister aller Art und deren Bekämpfung: AVAST und Malwarebytes melden mehrere Funde