Hallo liebe Trojaner-Board Gemeinde,

meine Schwester hat einen Brief von der Telekom erhalten, daß sich auf ihrem Rechner/Laptop wohl Trojaner befinden.

Ich habe erstmal Malwarebytes auf ihrem Laptop installiert, Bedrohungssuchlauf gemacht, Funde wurden angezeigt und in Quarantäne verschoben.
Das anschließend installierte Avira hat keine Funde angezeigt (hatte bei der Installation Probleme aufgrund von McAfee welches sich nicht restlos deinstallieren lassen wollte).
Aber ich befürchte, daß das System noch nicht sauber ist.
Wie sollte ich weiter vorgehen?

DANKE schonmal im Voraus!
Gruß,
Tanja

MWBAM > wo finde ich die "richtige" Log-Datei??

Code: Alles auswählenAufklappen

ATTFilter

 Malwarebytes Anti-Malware 
www.malwarebytes.org


Protection, 06.05.2014 16:18:03, SYSTEM, INA-PC, Protection, Malware Protection, Starting, 
Protection, 06.05.2014 16:18:03, SYSTEM, INA-PC, Protection, Malware Protection, Started, 
Protection, 06.05.2014 16:18:03, SYSTEM, INA-PC, Protection, Malicious Website Protection, Starting, 
Protection, 06.05.2014 16:18:03, SYSTEM, INA-PC, Protection, Malicious Website Protection, Started, 
Detection, 06.05.2014 16:19:39, SYSTEM, INA-PC, Protection, Malware Protection, File, Trojan.0Access, C:\$Recycle.Bin\S-1-5-21-1871111397-3539990770-1974983793-1000\$01829c4843ffed9910a98819c8a86cd2\U\00000004.@, Quarantine, [2d1c857a2c4ead89082234b0b050ed13]
Detection, 06.05.2014 16:19:46, SYSTEM, INA-PC, Protection, Malware Protection, File, Trojan.0Access, C:\$Recycle.Bin\S-1-5-21-1871111397-3539990770-1974983793-1000\$01829c4843ffed9910a98819c8a86cd2\U\80000032.@, Quarantine, [1732f60991e95fd75cce489ce917a25e]
Detection, 06.05.2014 16:20:01, SYSTEM, INA-PC, Protection, Malware Protection, File, Trojan.0Access, C:\$Recycle.Bin\S-1-5-21-1871111397-3539990770-1974983793-1000\$01829c4843ffed9910a98819c8a86cd2\n, Quarantine, [1c2dae5195e51422d5571fc5bc4445bb]
Protection, 06.05.2014 16:20:01, SYSTEM, INA-PC, Protection, DeleteFile, 5, Failed, C:\$Recycle.Bin\S-1-5-21-1871111397-3539990770-1974983793-1000\$01829c4843ffed9910a98819c8a86cd2\n, 
Error, 06.05.2014 16:20:01, SYSTEM, INA-PC, Protection, DeleteFile, 5, Failed, C:\$Recycle.Bin\S-1-5-21-1871111397-3539990770-1974983793-1000\$01829c4843ffed9910a98819c8a86cd2\n, 
Detection, 06.05.2014 16:20:01, SYSTEM, INA-PC, Protection, Malware Protection, File, Trojan.0Access, C:\$Recycle.Bin\S-1-5-21-1871111397-3539990770-1974983793-1000\$01829c4843ffed9910a98819c8a86cd2\U\80000000.@, Quarantine, [a3a6fc03c1b977bf6ec237c3fe0224dc]
Detection, 06.05.2014 16:20:11, SYSTEM, INA-PC, Protection, Malware Protection, File, Trojan.0Access, c:\$recycle.bin\s-1-5-21-1871111397-3539990770-1974983793-1000\$01829c4843ffed9910a98819c8a86cd2\u\00000004.@, Quarantine, [2d1c857a2c4ead89082234b0b050ed13]
Protection, 06.05.2014 16:20:11, SYSTEM, INA-PC, Protection, SDKQuarantine, 1, Failed, c:\$recycle.bin\s-1-5-21-1871111397-3539990770-1974983793-1000\$01829c4843ffed9910a98819c8a86cd2\u\00000004.@, 
Error, 06.05.2014 16:20:11, SYSTEM, INA-PC, Protection, SDKQuarantine, 1, Failed, c:\$recycle.bin\s-1-5-21-1871111397-3539990770-1974983793-1000\$01829c4843ffed9910a98819c8a86cd2\u\00000004.@, 
Detection, 06.05.2014 16:20:17, SYSTEM, INA-PC, Protection, Malware Protection, File, Trojan.0Access, C:\$Recycle.Bin\S-1-5-21-1871111397-3539990770-1974983793-1000\$01829c4843ffed9910a98819c8a86cd2\n, Quarantine, [1c2dae5195e51422d5571fc5bc4445bb]
Protection, 06.05.2014 16:20:17, SYSTEM, INA-PC, Protection, DeleteFile, 5, Failed, C:\$Recycle.Bin\S-1-5-21-1871111397-3539990770-1974983793-1000\$01829c4843ffed9910a98819c8a86cd2\n, 
Error, 06.05.2014 16:20:17, SYSTEM, INA-PC, Protection, DeleteFile, 5, Failed, C:\$Recycle.Bin\S-1-5-21-1871111397-3539990770-1974983793-1000\$01829c4843ffed9910a98819c8a86cd2\n, 
Detection, 06.05.2014 16:20:17, SYSTEM, INA-PC, Protection, Malware Protection, File, Trojan.0Access, c:\$recycle.bin\s-1-5-21-1871111397-3539990770-1974983793-1000\$01829c4843ffed9910a98819c8a86cd2\u\80000000.@, Quarantine, [a3a6fc03c1b977bf6ec237c3fe0224dc]
Protection, 06.05.2014 16:20:17, SYSTEM, INA-PC, Protection, SDKQuarantine, 1, Failed, c:\$recycle.bin\s-1-5-21-1871111397-3539990770-1974983793-1000\$01829c4843ffed9910a98819c8a86cd2\u\80000000.@, 
Error, 06.05.2014 16:20:17, SYSTEM, INA-PC, Protection, SDKQuarantine, 1, Failed, c:\$recycle.bin\s-1-5-21-1871111397-3539990770-1974983793-1000\$01829c4843ffed9910a98819c8a86cd2\u\80000000.@, 
Protection, 06.05.2014 16:20:17, SYSTEM, INA-PC, Protection, SDKQuarantine, 1, Failed, c:\$recycle.bin\s-1-5-21-1871111397-3539990770-1974983793-1000\$01829c4843ffed9910a98819c8a86cd2\u\80000032.@, 
Error, 06.05.2014 16:20:17, SYSTEM, INA-PC, Protection, SDKQuarantine, 1, Failed, c:\$recycle.bin\s-1-5-21-1871111397-3539990770-1974983793-1000\$01829c4843ffed9910a98819c8a86cd2\u\80000032.@, 
Detection, 06.05.2014 16:20:17, SYSTEM, INA-PC, Protection, Malware Protection, File, Trojan.0Access, C:\$Recycle.Bin\S-1-5-21-1871111397-3539990770-1974983793-1000\$01829c4843ffed9910a98819c8a86cd2\U\000000cb.@, Quarantine, [bf8a26d9007a40f6b179bf25b9470ff1]
Detection, 06.05.2014 16:20:26, SYSTEM, INA-PC, Protection, Malware Protection, File, Trojan.0Access, C:\$Recycle.Bin\S-1-5-21-1871111397-3539990770-1974983793-1000\$01829c4843ffed9910a98819c8a86cd2\n, Quarantine, [1c2dae5195e51422d5571fc5bc4445bb]
Detection, 06.05.2014 16:20:26, SYSTEM, INA-PC, Protection, Malware Protection, File, Trojan.0Access, c:\$recycle.bin\s-1-5-21-1871111397-3539990770-1974983793-1000\$01829c4843ffed9910a98819c8a86cd2\u\80000032.@, Quarantine, [1732f60991e95fd75cce489ce917a25e]
Protection, 06.05.2014 16:20:26, SYSTEM, INA-PC, Protection, DeleteFile, 5, Failed, C:\$Recycle.Bin\S-1-5-21-1871111397-3539990770-1974983793-1000\$01829c4843ffed9910a98819c8a86cd2\n, 
Error, 06.05.2014 16:20:26, SYSTEM, INA-PC, Protection, DeleteFile, 5, Failed, C:\$Recycle.Bin\S-1-5-21-1871111397-3539990770-1974983793-1000\$01829c4843ffed9910a98819c8a86cd2\n, 
Detection, 06.05.2014 16:20:26, SYSTEM, INA-PC, Protection, Malware Protection, File, Trojan.0Access, c:\$recycle.bin\s-1-5-21-1871111397-3539990770-1974983793-1000\$01829c4843ffed9910a98819c8a86cd2\u\000000cb.@, Quarantine, [bf8a26d9007a40f6b179bf25b9470ff1]
Protection, 06.05.2014 16:20:26, SYSTEM, INA-PC, Protection, SDKQuarantine, 1, Failed, c:\$recycle.bin\s-1-5-21-1871111397-3539990770-1974983793-1000\$01829c4843ffed9910a98819c8a86cd2\u\80000032.@, 
Error, 06.05.2014 16:20:26, SYSTEM, INA-PC, Protection, SDKQuarantine, 1, Failed, c:\$recycle.bin\s-1-5-21-1871111397-3539990770-1974983793-1000\$01829c4843ffed9910a98819c8a86cd2\u\80000032.@, 
Detection, 06.05.2014 16:20:26, SYSTEM, INA-PC, Protection, Malware Protection, File, Trojan.0Access, c:\$recycle.bin\s-1-5-21-1871111397-3539990770-1974983793-1000\$01829c4843ffed9910a98819c8a86cd2\u\80000000.@, Quarantine, [a3a6fc03c1b977bf6ec237c3fe0224dc]
Protection, 06.05.2014 16:20:27, SYSTEM, INA-PC, Protection, SDKQuarantine, 1, Failed, c:\$recycle.bin\s-1-5-21-1871111397-3539990770-1974983793-1000\$01829c4843ffed9910a98819c8a86cd2\u\000000cb.@, 
Error, 06.05.2014 16:20:27, SYSTEM, INA-PC, Protection, SDKQuarantine, 1, Failed, c:\$recycle.bin\s-1-5-21-1871111397-3539990770-1974983793-1000\$01829c4843ffed9910a98819c8a86cd2\u\000000cb.@, 
Protection, 06.05.2014 16:20:27, SYSTEM, INA-PC, Protection, SDKQuarantine, 1, Failed, c:\$recycle.bin\s-1-5-21-1871111397-3539990770-1974983793-1000\$01829c4843ffed9910a98819c8a86cd2\u\80000000.@, 
Detection, 06.05.2014 16:20:27, SYSTEM, INA-PC, Protection, Malware Protection, File, Trojan.0Access, c:\$recycle.bin\s-1-5-21-1871111397-3539990770-1974983793-1000\$01829c4843ffed9910a98819c8a86cd2\u\00000004.@, Quarantine, [2d1c857a2c4ead89082234b0b050ed13]
Error, 06.05.2014 16:20:27, SYSTEM, INA-PC, Protection, SDKQuarantine, 1, Failed, c:\$recycle.bin\s-1-5-21-1871111397-3539990770-1974983793-1000\$01829c4843ffed9910a98819c8a86cd2\u\80000000.@, 
Protection, 06.05.2014 16:20:27, SYSTEM, INA-PC, Protection, SDKQuarantine, 1, Failed, c:\$recycle.bin\s-1-5-21-1871111397-3539990770-1974983793-1000\$01829c4843ffed9910a98819c8a86cd2\u\00000004.@, 
Error, 06.05.2014 16:20:27, SYSTEM, INA-PC, Protection, SDKQuarantine, 1, Failed, c:\$recycle.bin\s-1-5-21-1871111397-3539990770-1974983793-1000\$01829c4843ffed9910a98819c8a86cd2\u\00000004.@, 
Detection, 06.05.2014 16:21:54, SYSTEM, INA-PC, Protection, Malicious Website Protection, IP, 195.3.145.57, 59811, Outbound, C:\Windows\explorer.exe, 
Detection, 06.05.2014 16:21:54, SYSTEM, INA-PC, Protection, Malicious Website Protection, IP, 195.3.145.57, 59811, Outbound, C:\Windows\explorer.exe, 
Update, 06.05.2014 16:22:23, SYSTEM, INA-PC, Manual, Rootkit Database, 2014.2.20.1, 2014.3.27.1, 
Update, 06.05.2014 16:22:26, SYSTEM, INA-PC, Manual, Malware Database, 2014.3.4.9, 2014.5.6.6, 
Protection, 06.05.2014 16:22:27, SYSTEM, INA-PC, Protection, Refresh, Starting, 
Protection, 06.05.2014 16:22:27, SYSTEM, INA-PC, Protection, Malicious Website Protection, Stopping, 
Protection, 06.05.2014 16:22:28, SYSTEM, INA-PC, Protection, Malicious Website Protection, Stopped, 
Protection, 06.05.2014 16:22:33, SYSTEM, INA-PC, Protection, Refresh, Success, 
Protection, 06.05.2014 16:22:33, SYSTEM, INA-PC, Protection, Malicious Website Protection, Starting, 
Protection, 06.05.2014 16:22:33, SYSTEM, INA-PC, Protection, Malicious Website Protection, Started, 

(end)
         

Farbar's Recovery Scan Tool

Code: Alles auswählenAufklappen

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:07-05-2014
Ran by ina (administrator) on INA-PC on 07-05-2014 15:54:37
Running from C:\Users\ina\Desktop
Microsoft Windows 7 Home Premium  (X86) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ 
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ 
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe
() C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe
() C:\Program Files\CyberLink\Shared files\RichVideo.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbam.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(CyberLink) C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
(CyberLink Corp.) C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Adobe Systems Inc.) C:\Program Files\Acrobat 8.0\Acrobat\acrotray.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(1und1 Mail und Media GmbH) C:\Program Files\GMX MailCheck\IE\GMX_MailCheck_Broker.exe
(Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(1&1 Mail & Media GmbH) C:\Program Files\GMX\GMX Upload-Manager\DAVSRV.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Dropbox, Inc.) C:\Users\ina\AppData\Roaming\Dropbox\bin\Dropbox.exe
(SEC) C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
(SAMSUNG Electronics) C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.bin
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Macrovision Europe Ltd.) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
() C:\Program Files\Samsung\Samsung Update Plus\SUPNotifier.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashUtil10l_ActiveX.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [8092192 2009-11-21] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1578280 2009-10-10] (Synaptics Incorporated)
HKLM\...\Run: [UpdateLBPShortCut] => C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM\...\Run: [CLMLServer] => C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe [103720 2009-06-03] (CyberLink)
HKLM\...\Run: [UpdateP2GoShortCut] => C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM\...\Run: [UpdatePDRShortCut] => C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe [222504 2008-01-04] (CyberLink Corp.)
HKLM\...\Run: [RemoteControl8] => C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe [91432 2009-04-15] (CyberLink Corp.)
HKLM\...\Run: [PDVD8LanguageShortcut] => C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe [50472 2009-04-15] (CyberLink Corp.)
HKLM\...\Run: [UpdatePPShortCut] => C:\Program Files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe [218408 2008-12-03] (CyberLink Corp.)
HKLM\...\Run: [UpdatePSTShortCut] => C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe [210216 2009-07-21] (CyberLink Corp.)
HKLM\...\Run: [APLangApp] => C:\Program Files\AnyPC Client\APLangApp.exe [13312 2009-10-20] (DoctorSoft)
HKLM\...\Run: [UCam_Menu] => C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM\...\Run: [Adobe_ID0EYTHM] => C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3Tray.exe [1884160 2007-03-20] (Adobe Systems Incorporated)
HKLM\...\Run: [Acrobat Assistant 8.0] => C:\Program Files\Acrobat 8.0\Acrobat\Acrotray.exe [620152 2006-10-22] (Adobe Systems Inc.)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-11-28] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152544 2012-12-12] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [MailCheck IE Broker] => C:\Program Files\GMX MailCheck\IE\GMX_MailCheck_Broker.exe [1728064 2013-10-17] (1und1 Mail und Media GmbH)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-25] (Avira Operations GmbH & Co. KG)
HKLM\...\RunOnce: [MailCheck IE Update] - "C:\ProgramData\1&1 Mail & Media GmbH\MailCheck IE\Update\nsjB4E0.tmp\GMX_MailCheck_IE_Update_2.5.1.0.exe" /S /QUIET=1 [3037168 2014-05-07] (1&1 Mail & Media GmbH)
HKU\S-1-5-21-1871111397-3539990770-1974983793-1000\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-01-17] (Google Inc.)
HKU\S-1-5-21-1871111397-3539990770-1974983793-1000\...\Run: [GMX_GMX Upload-Manager] => C:\Program Files\GMX\GMX Upload-Manager\DAVSRV.EXE [940128 2010-11-19] (1&1 Mail & Media GmbH)
HKU\S-1-5-21-1871111397-3539990770-1974983793-1000\...\RunOnce: [FlashPlayerUpdate] - C:\windows\system32\Macromed\Flash\FlashUtil10l_ActiveX.exe [233936 2011-01-17] (Adobe Systems, Inc.)
HKU\S-1-5-21-1871111397-3539990770-1974983793-1000\...409d6c4515e9\InprocServer32: [Default-shell32] C:\$Recycle.Bin\S-1-5-21-1871111397-3539990770-1974983793-1000\$01829c4843ffed9910a98819c8a86cd2\n. ATTENTION! ====> ZeroAccess?
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat - Schnellstart.lnk
ShortcutTarget: Adobe Acrobat - Schnellstart.lnk -> C:\Windows\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_Acrobat.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
ShortcutTarget: Adobe Reader Synchronizer.lnk -> C:\Program Files\Acrobat 8.0\Acrobat\AdobeCollabSync.exe ()
Startup: C:\Users\ina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\ina\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\ina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
SearchScopes: HKLM - DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN
SearchScopes: HKLM - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN
SearchScopes: HKCU - DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN_de
SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN_de
SearchScopes: HKCU - {7C9F9AFC-1B2A-4269-8E91-6613FF649847} URL = hxxp://search.gmx.com/web?q={searchTerms}&origin=tb_splugin_ie
SearchScopes: HKCU - {7DD472E5-D1C1-41BB-959C-FEDAD33D7FDD} URL = hxxp://go.web.de/tb/ie_searchplugin/?su={searchTerms}
SearchScopes: HKCU - {906B5895-30B2-4904-914C-650974005CB7} URL = hxxp://go.1und1.de/tb/ie_searchplugin/?su={searchTerms}
SearchScopes: HKCU - {BCB191CC-9A3A-416B-ACE2-2500BAC00922} URL = hxxp://go.gmx.net/tb/ie_searchplugin/?su={searchTerms}
BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
BHO: GMX MailCheck BHO - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Program Files\GMX MailCheck\IE\GMX_MailCheck.dll (1und1 Mail und Media GmbH)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - GMX MailCheck - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Program Files\GMX MailCheck\IE\GMX_MailCheck.dll (1und1 Mail und Media GmbH)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - GMX MailCheck - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Program Files\GMX MailCheck\IE\GMX_MailCheck.dll (1und1 Mail und Media GmbH)
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E4CF4E86-D0DC-4864-8F0E-4F6EA2526334} hxxp://img.ui-portal.de/webde/smartdrive/activex/gmxnet_osupload_2002.cab
Handler: gmx - {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Program Files\GMX MailCheck\IE\GMX_MailCheck.dll (1und1 Mail und Media GmbH)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\3.0.40624.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.3 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)

========================== Services (Whitelisted) =================

S3 Adobe Version Cue CS3; C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe [153792 2007-03-20] (Adobe Systems Incorporated)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [440400 2014-02-25] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-25] (Avira Operations GmbH & Co. KG)
R2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation)
R2 OberonGameConsoleService; C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe [44312 2009-08-13] ()
R2 RichVideo; C:\Program Files\CyberLink\Shared files\RichVideo.exe [247152 2009-07-07] ()
S2 McMPFSvc; "C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [X]

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\windows\System32\DRIVERS\avgntflt.sys [90400 2014-02-25] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\windows\System32\DRIVERS\avipbb.sys [135648 2014-02-25] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\windows\System32\DRIVERS\avkmgr.sys [37352 2014-02-25] (Avira Operations GmbH & Co. KG)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [23256 2014-04-03] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [107736 2014-05-07] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [51416 2014-04-03] (Malwarebytes Corporation)
S1 ssmdrv; C:\windows\System32\DRIVERS\ssmdrv.sys [28520 2014-02-25] (Avira GmbH)
R1 uigxrdr; C:\windows\System32\DRIVERS\uigxrdr.sys [144896 2010-11-19] (1&1 Mail & Media GmbH)
R3 yukonw7; C:\windows\System32\DRIVERS\yk62x86.sys [315392 2009-09-28] ()

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-07 15:54 - 2014-05-07 15:55 - 00016118 _____ () C:\Users\ina\Desktop\FRST.txt
2014-05-07 15:54 - 2014-05-07 15:54 - 00000000 ____D () C:\FRST
2014-05-07 15:41 - 2014-05-07 15:41 - 01053184 _____ (Farbar) C:\Users\ina\Desktop\FRST.exe
2014-05-07 15:29 - 2014-05-07 15:29 - 00013824 ___SH () C:\Users\ina\Desktop\Thumbs.db
2014-05-07 15:29 - 2014-05-07 15:29 - 00008749 _____ () C:\Users\ina\Desktop\mwbam.txt
2014-05-07 14:19 - 2014-05-07 14:19 - 00069240 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avnetflt.sys
2014-05-07 14:03 - 2014-05-07 14:03 - 00000000 ____D () C:\Users\ina\AppData\Roaming\Avira
2014-05-07 14:00 - 2014-05-07 14:00 - 00002016 _____ () C:\Users\Public\Desktop\Avira Control Center.lnk
2014-05-07 14:00 - 2014-05-07 14:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-05-07 14:00 - 2014-05-07 14:00 - 00000000 ____D () C:\ProgramData\Avira
2014-05-07 14:00 - 2014-05-07 14:00 - 00000000 ____D () C:\Program Files\Avira
2014-05-07 14:00 - 2014-02-25 11:41 - 00135648 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avipbb.sys
2014-05-07 14:00 - 2014-02-25 11:41 - 00090400 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avgntflt.sys
2014-05-07 14:00 - 2014-02-25 11:41 - 00037352 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avkmgr.sys
2014-05-07 14:00 - 2014-02-25 11:41 - 00028520 _____ (Avira GmbH) C:\windows\system32\Drivers\ssmdrv.sys
2014-05-07 13:52 - 2014-05-07 13:52 - 00000000 ____D () C:\ProgramData\UUdb
2014-05-07 13:51 - 2014-05-07 13:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-05-07 13:51 - 2014-05-07 13:51 - 00000000 ____D () C:\Program Files\CCleaner
2014-05-07 13:49 - 2014-05-07 13:49 - 00004241 _____ () C:\windows\system32\jupdate-1.7.0_55-b14.log
2014-05-07 13:49 - 2014-05-07 13:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-05-07 13:49 - 2014-04-14 20:13 - 00094632 _____ (Oracle Corporation) C:\windows\system32\WindowsAccessBridge.dll
2014-05-07 13:49 - 2014-04-14 20:05 - 00264616 _____ (Oracle Corporation) C:\windows\system32\javaws.exe
2014-05-07 13:49 - 2014-04-14 20:05 - 00175528 _____ (Oracle Corporation) C:\windows\system32\javaw.exe
2014-05-07 13:49 - 2014-04-14 20:04 - 00175016 _____ (Oracle Corporation) C:\windows\system32\java.exe
2014-05-06 16:18 - 2014-05-07 13:43 - 00107736 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-06 16:17 - 2014-05-06 16:17 - 00001064 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-05-06 16:17 - 2014-05-06 16:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-05-06 16:17 - 2014-05-06 16:17 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-06 16:17 - 2014-05-06 16:17 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2014-05-06 16:17 - 2014-04-03 09:51 - 00073432 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-05-06 16:17 - 2014-04-03 09:51 - 00051416 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-05-06 16:17 - 2014-04-03 09:50 - 00023256 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-05-06 16:16 - 2014-05-06 16:00 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\ina\Desktop\mbam-setup-2.0.1.1004.exe
2014-05-06 16:15 - 2014-05-06 16:03 - 138607664 _____ () C:\Users\ina\Desktop\avira_free_antivirus614_de.exe
2014-04-25 21:13 - 2014-04-25 21:13 - 00129814 _____ () C:\Users\ina\Downloads\kontoauszüge.zip
2014-04-25 20:56 - 2014-05-07 13:43 - 00000000 ___RD () C:\Users\ina\Dropbox
2014-04-25 20:56 - 2014-04-25 20:56 - 00001035 _____ () C:\Users\ina\Desktop\Dropbox.lnk
2014-04-25 20:52 - 2014-04-25 20:56 - 00000000 ____D () C:\Users\ina\AppData\Roaming\DropboxMaster
2014-04-25 20:52 - 2014-04-25 20:52 - 00000000 ____D () C:\Users\ina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-04-25 20:49 - 2014-05-07 13:43 - 00000000 ____D () C:\Users\ina\AppData\Roaming\Dropbox
2014-04-14 21:10 - 2014-04-14 21:10 - 00001309 _____ () C:\Users\ina\Downloads\altmuehltal_Mo.mpjs
2014-04-09 10:47 - 2014-04-09 10:47 - 00618496 _____ () C:\Users\ina\Documents\Kundeninfomailing Esprit spring Flyer 2014.ppt
2014-04-09 10:43 - 2014-04-09 10:43 - 00039456 _____ () C:\Users\ina\Downloads\adressen infomailing rabattaktion flyer.xlsx
2014-04-09 09:45 - 2014-04-09 09:45 - 00626622 _____ () C:\Users\ina\Downloads\Kundeninfomailing Esprit spring Flyer 2014.pptx
2014-04-07 21:28 - 2014-04-07 21:29 - 00005523 _____ () C:\windows\system32\jupdate-1.7.0_51-b13.log
2014-04-07 21:15 - 2014-04-07 21:15 - 00092382 _____ () C:\Users\ina\Downloads\KONTOAUSZUEGE.zip

==================== One Month Modified Files and Folders =======

2014-05-07 15:55 - 2014-05-07 15:54 - 00016118 _____ () C:\Users\ina\Desktop\FRST.txt
2014-05-07 15:54 - 2014-05-07 15:54 - 00000000 ____D () C:\FRST
2014-05-07 15:54 - 2009-12-05 04:40 - 01207450 _____ () C:\windows\WindowsUpdate.log
2014-05-07 15:48 - 2011-01-17 22:04 - 00001092 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-07 15:41 - 2014-05-07 15:41 - 01053184 _____ (Farbar) C:\Users\ina\Desktop\FRST.exe
2014-05-07 15:29 - 2014-05-07 15:29 - 00013824 ___SH () C:\Users\ina\Desktop\Thumbs.db
2014-05-07 15:29 - 2014-05-07 15:29 - 00008749 _____ () C:\Users\ina\Desktop\mwbam.txt
2014-05-07 14:19 - 2014-05-07 14:19 - 00069240 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avnetflt.sys
2014-05-07 14:03 - 2014-05-07 14:03 - 00000000 ____D () C:\Users\ina\AppData\Roaming\Avira
2014-05-07 14:00 - 2014-05-07 14:00 - 00002016 _____ () C:\Users\Public\Desktop\Avira Control Center.lnk
2014-05-07 14:00 - 2014-05-07 14:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-05-07 14:00 - 2014-05-07 14:00 - 00000000 ____D () C:\ProgramData\Avira
2014-05-07 14:00 - 2014-05-07 14:00 - 00000000 ____D () C:\Program Files\Avira
2014-05-07 13:54 - 2010-09-27 21:13 - 00000000 ____D () C:\Users\ina\Tracing
2014-05-07 13:54 - 2009-07-26 22:57 - 00000000 ____D () C:\windows\Panther
2014-05-07 13:52 - 2014-05-07 13:52 - 00000000 ____D () C:\ProgramData\UUdb
2014-05-07 13:52 - 2013-09-02 20:57 - 00001978 _____ () C:\Users\ina\Desktop\Amazon.lnk
2014-05-07 13:52 - 2013-09-02 20:57 - 00001972 _____ () C:\Users\ina\Desktop\GMX.lnk
2014-05-07 13:52 - 2013-09-02 20:57 - 00001970 _____ () C:\Users\ina\Desktop\eBay.lnk
2014-05-07 13:52 - 2013-09-02 20:57 - 00000000 ____D () C:\ProgramData\DesktopIcons
2014-05-07 13:52 - 2013-09-02 20:57 - 00000000 ____D () C:\Program Files\1und1Softwareaktualisierung
2014-05-07 13:51 - 2014-05-07 13:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-05-07 13:51 - 2014-05-07 13:51 - 00000000 ____D () C:\Program Files\CCleaner
2014-05-07 13:49 - 2014-05-07 13:49 - 00004241 _____ () C:\windows\system32\jupdate-1.7.0_55-b14.log
2014-05-07 13:49 - 2014-05-07 13:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-05-07 13:49 - 2013-09-16 22:25 - 00000000 ____D () C:\ProgramData\Oracle
2014-05-07 13:49 - 2011-07-02 15:42 - 00000000 ____D () C:\Program Files\Java
2014-05-07 13:49 - 2009-07-14 06:34 - 00014512 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-07 13:49 - 2009-07-14 06:34 - 00014512 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-07 13:43 - 2014-05-06 16:18 - 00107736 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-07 13:43 - 2014-04-25 20:56 - 00000000 ___RD () C:\Users\ina\Dropbox
2014-05-07 13:43 - 2014-04-25 20:49 - 00000000 ____D () C:\Users\ina\AppData\Roaming\Dropbox
2014-05-07 13:42 - 2011-01-17 22:04 - 00001088 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-07 13:42 - 2010-04-30 20:34 - 00000000 ____D () C:\Users\ina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite
2014-05-07 13:42 - 2009-07-14 06:53 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-05-07 13:36 - 2009-07-26 22:06 - 01472002 _____ () C:\windows\system32\PerfStringBackup.INI
2014-05-06 16:17 - 2014-05-06 16:17 - 00001064 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-05-06 16:17 - 2014-05-06 16:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-05-06 16:17 - 2014-05-06 16:17 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-06 16:17 - 2014-05-06 16:17 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2014-05-06 16:12 - 2009-12-05 04:57 - 00000000 ____D () C:\Program Files\Common Files\McAfee
2014-05-06 16:03 - 2014-05-06 16:15 - 138607664 _____ () C:\Users\ina\Desktop\avira_free_antivirus614_de.exe
2014-05-06 16:00 - 2014-05-06 16:16 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\ina\Desktop\mbam-setup-2.0.1.1004.exe
2014-04-25 21:15 - 2011-10-06 20:30 - 00678912 ___SH () C:\Users\ina\Downloads\Thumbs.db
2014-04-25 21:13 - 2014-04-25 21:13 - 00129814 _____ () C:\Users\ina\Downloads\kontoauszüge.zip
2014-04-25 20:56 - 2014-04-25 20:56 - 00001035 _____ () C:\Users\ina\Desktop\Dropbox.lnk
2014-04-25 20:56 - 2014-04-25 20:52 - 00000000 ____D () C:\Users\ina\AppData\Roaming\DropboxMaster
2014-04-25 20:56 - 2010-04-30 20:34 - 00000000 ____D () C:\Users\ina
2014-04-25 20:52 - 2014-04-25 20:52 - 00000000 ____D () C:\Users\ina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-04-14 21:10 - 2014-04-14 21:10 - 00001309 _____ () C:\Users\ina\Downloads\altmuehltal_Mo.mpjs
2014-04-14 20:13 - 2014-05-07 13:49 - 00094632 _____ (Oracle Corporation) C:\windows\system32\WindowsAccessBridge.dll
2014-04-14 20:05 - 2014-05-07 13:49 - 00264616 _____ (Oracle Corporation) C:\windows\system32\javaws.exe
2014-04-14 20:05 - 2014-05-07 13:49 - 00175528 _____ (Oracle Corporation) C:\windows\system32\javaw.exe
2014-04-14 20:04 - 2014-05-07 13:49 - 00175016 _____ (Oracle Corporation) C:\windows\system32\java.exe
2014-04-09 10:47 - 2014-04-09 10:47 - 00618496 _____ () C:\Users\ina\Documents\Kundeninfomailing Esprit spring Flyer 2014.ppt
2014-04-09 10:43 - 2014-04-09 10:43 - 00039456 _____ () C:\Users\ina\Downloads\adressen infomailing rabattaktion flyer.xlsx
2014-04-09 09:45 - 2014-04-09 09:45 - 00626622 _____ () C:\Users\ina\Downloads\Kundeninfomailing Esprit spring Flyer 2014.pptx
2014-04-07 21:29 - 2014-04-07 21:28 - 00005523 _____ () C:\windows\system32\jupdate-1.7.0_51-b13.log
2014-04-07 21:15 - 2014-04-07 21:15 - 00092382 _____ () C:\Users\ina\Downloads\KONTOAUSZUEGE.zip

ZeroAccess:
C:\$Recycle.Bin\S-1-5-21-1871111397-3539990770-1974983793-1000\$01829c4843ffed9910a98819c8a86cd2

Some content of TEMP:
====================
C:\Users\ina\AppData\Local\Temp\0020201399462798mcinst.exe
C:\Users\ina\AppData\Local\Temp\avgnt.exe
C:\Users\ina\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpxcfbtp.dll
C:\Users\ina\AppData\Local\Temp\GMX_Toolbar_IE_Setup.exe


==================== Bamital & volsnap Check =================

C:\windows\explorer.exe => MD5 is legit
C:\windows\system32\winlogon.exe => MD5 is legit
C:\windows\system32\wininit.exe => MD5 is legit
C:\windows\system32\svchost.exe => MD5 is legit
C:\windows\system32\services.exe => MD5 is legit
C:\windows\system32\User32.dll => MD5 is legit
C:\windows\system32\userinit.exe => MD5 is legit
C:\windows\system32\rpcss.dll => MD5 is legit
C:\windows\system32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-05-06 16:55

==================== End Of Log ============================
         

Addition

Code: Alles auswählenAufklappen

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x86) Version:07-05-2014
Ran by ina at 2014-05-07 15:55:24
Running from C:\Users\ina\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: McAfee  Anti-Virus und Anti-Spyware (Enabled - Up to date) {86355677-4064-3EA7-ABB3-1B136EB04637}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee  Anti-Virus und Anti-Spyware (Enabled - Up to date) {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee  Firewall (Enabled) {BE0ED752-0A0B-3FFF-80EC-B2269063014C}

==================== Installed Programs ======================

Adobe Acrobat 8 Professional - English, Français, Deutsch (Version: 8.0.0 - Adobe Systems) Hidden
Adobe Anchor Service CS3 (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Asset Services CS3 (Version: 3 - Adobe Systems Incorporated) Hidden
Adobe Bridge CS3 (Version: 2 - Adobe Systems Incorporated) Hidden
Adobe Bridge Start Meeting (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe BridgeTalk Plugin CS3 (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Camera Raw 4.0 (Version: 4.0 - Adobe Systems Incorporated) Hidden
Adobe CMaps (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Color - Photoshop Specific (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Color Common Settings (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Color EU Recommended Settings (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Color JA Extra Settings (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Color NA Extra Settings (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Creative Suite 3 Design Premium (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Creative Suite 3 Design Premium hinzufügen oder entfernen (HKLM\...\Adobe_061850775b1c6d22bf2a145678e05e0) (Version: 1.0 - Adobe Systems Incorporated)
Adobe Default Language CS3 (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Device Central CS3 (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Dreamweaver CS3 (Version: 9 - Adobe Systems Incorporated) Hidden
Adobe ExtendScript Toolkit 2 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Extension Manager CS3 (Version: 1.8 - Adobe Systems Incorporated) Hidden
Adobe Flash CS3 (Version: 9.0 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 10 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 10.1.102.64 - Adobe Systems Incorporated)
Adobe Flash Player 9 Plugin (HKLM\...\{88D422DB-E9C7-4E16-9D80-2999F4FD6AD9}) (Version: 9.0.45.0 - Adobe Systems, Inc.)
Adobe Flash Video Encoder (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Fonts All (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Help Viewer CS3 (Version: 1 - Adobe Systems Incorporated) Hidden
Adobe Illustrator CS3 (Version: 13.0 - Adobe Systems Incorporated) Hidden
Adobe InDesign CS3 (Version: 5.0 - Adobe Systems Incorporated) Hidden
Adobe InDesign CS3 Icon Handler (Version: 5.0 - Adobe Systems Incorporated) Hidden
Adobe Linguistics CS3 (Version: 3.0.0 - Adobe Systems Incorporated) Hidden
Adobe MotionPicture Color Files (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe PDF Library Files (Version: 8.0 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS3 (Version: 10 - Adobe Systems Incorporated) Hidden
Adobe Setup (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe SING CS3 (Version: 0.1 - Adobe Systems Incorporated) Hidden
Adobe Stock Photos CS3 (Version: 1.5 - Adobe Systems Incorporated) Hidden
Adobe Type Support (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Update Manager CS3 (Version: 5.1.0 - Adobe Systems Incorporated) Hidden
Adobe Version Cue CS3 Client (Version: 3 - Adobe Systems Incorporated) Hidden
Adobe Version Cue CS3 Server (Version: 3.0 - Adobe Systems Incorporated) Hidden
Adobe WAS CS3 (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe WinSoft Linguistics Plugin (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe XMP Panels CS3 (Version: 1.0 - Adobe Systems Incorporated) Hidden
AHV content for Acrobat and Flash (Version: 1 - Adobe Systems Incorporated) Hidden
Alice Greenfingers (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}) (Version:  - Oberon Media)
AnyPC Client (HKLM\...\{1AFA1FEF-8CF9-4A51-AC46-64FAA7F3D9E2}) (Version: 1.0.0.23 - Doctorsoft)
Apple Application Support (HKLM\...\{CCE825DB-347A-4004-A186-5F4A6FDD8547}) (Version: 2.3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{459699C3-9430-4381-964B-4248D87B49F9}) (Version: 6.0.1.3 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Client Installation Program (HKLM\...\{D1434266-0486-4469-B338-A60082CC04E1}) (Version: 1.0.1.0805 - Atheros)
Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.3.350 - Avira)
BatteryLifeExtender (HKLM\...\{853F8A41-A3C9-43FA-87FA-1AE74FC6F3F7}) (Version: 1.0.1 - Samsung)
Bertelsmann Fotowelt (HKLM\...\Bertelsmann Fotowelt) (Version: 5.0.4 - CEWE COLOR AG u Co. OHG)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.13 - Piriform)
Compatibility Pack für 2007 Office System (HKLM\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
CyberLink DVD Suite (HKLM\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 6.0.2806 - CyberLink Corp.)
CyberLink DVD Suite (Version: 6.0.2806 - CyberLink Corp.) Hidden
CyberLink LabelPrint (HKLM\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1916 - CyberLink Corp.)
CyberLink LabelPrint (Version: 2.5.1916 - CyberLink Corp.) Hidden
CyberLink Power2Go (HKLM\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.3108a - CyberLink Corp.)
CyberLink Power2Go (Version: 6.0.3108a - CyberLink Corp.) Hidden
CyberLink PowerDirector (HKLM\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.3213 - CyberLink Corp.)
CyberLink PowerDirector (Version: 7.0.3213 - CyberLink Corp.) Hidden
CyberLink PowerDVD 8 (HKLM\...\InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}) (Version: 8.0.2815b - CyberLink Corp.)
CyberLink PowerDVD 8 (Version: 8.0.2815b - CyberLink Corp.) Hidden
CyberLink PowerProducer (HKLM\...\InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}) (Version: 5.0.1.1812 - CyberLink Corp.)
CyberLink PowerProducer (Version: 5.0.1.1812 - CyberLink Corp.) Hidden
CyberLink YouCam (HKLM\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 2.0.3304 - CyberLink Corp.)
CyberLink YouCam (Version: 2.0.3304 - CyberLink Corp.) Hidden
Dairy Dash (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115053100}) (Version:  - Oberon Media)
Dropbox (HKCU\...\Dropbox) (Version: 2.6.31 - Dropbox, Inc.)
Easy Display Manager (HKLM\...\{17283B95-21A8-4996-97DA-547A48DB266F}) (Version: 3.0 - Samsung Electronics Co., Ltd.)
Easy Network Manager (HKLM\...\{A5675A9E-F073-414A-9A04-F9BCD50459D7}) (Version: 4.2.6 - Samsung)
Easy SpeedUp Manager (HKLM\...\{EF367AA4-070B-493C-9575-85BE59D789C9}) (Version: 3.0.0.5 - Samsung Electronics Co.,Ltd.)
EasyBatteryManager (HKLM\...\{178EE5F4-0F86-4BF0-A0D1-9790AFF409D1}) (Version: 4.0.0.3 - Samsung)
Farm Frenzy 2 (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}) (Version:  - Oberon Media)
Game Pack (HKLM\...\{63eafc52-b963-4297-a7eb-d412944e7065}_is1) (Version: 5.3.0.10 - Oberon Media, Inc.)
GMX Desktop Icons (HKLM\...\1&1 Mail & Media GmbH 1und1DesktopIconsInstaller) (Version: 3.0.5.0 - 1&1 Mail & Media GmbH)
GMX MailCheck für Internet Explorer (HKLM\...\1&1 Mail & Media GmbH Toolbar IE8) (Version: 2.4.0.0 - 1&1 Mail & Media GmbH)
GMX Softwareaktualisierung (HKLM\...\1&1 Mail & Media GmbH 1und1Softwareaktualisierung) (Version: 3.0.0.55 - 1&1 Mail & Media GmbH)
GMX Upload-Manager (HKLM\...\GMX Upload-Manager) (Version: 2.0.636 - 1&1 Mail & Media GmbH)
Go-Go Gourmet (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-114072167}) (Version:  - Oberon Media)
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.23.9 - Google Inc.) Hidden
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1892 - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
iTunes (HKLM\...\{B0261E53-B6F1-474A-864B-E7C3CBF468E0}) (Version: 11.0.1.12 - Apple Inc.)
Java 7 Update 55 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217040FF}) (Version: 7.0.550 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Junk Mail filter update (Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware Version 2.0.1.1004 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)
Marvell Miniport Driver (HKLM\...\Marvell Miniport Driver) (Version: 11.22.3.3 - Marvell)
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Choice Guard (Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft Office Live Add-in 1.3 (HKLM\...\{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}) (Version: 2.0.2313.0 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 3.0.40624.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM\...\{39D0E034-1042-4905-BECB-5502909FCB7C}) (Version: 9.7.0621 - Microsoft Corporation)
MSVCRT (Version: 14.0.1468.721 - Microsoft) Hidden
OpenOffice.org 3.3 (HKLM\...\{4286716B-1287-48E7-9078-3DC8248DBA96}) (Version: 3.3.9567 - OpenOffice.org)
PDF Settings (Version: 1.0 - Adobe Systems Incorporated) Hidden
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5986 - Realtek Semiconductor Corp.)
Samsung Recovery Solution 4 (HKLM\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 4.0.0.4 - Samsung)
Samsung Support Center (HKLM\...\{CCC2B140-B47A-45FA-AAE3-BD60DA41AE00}) (Version: 1.0.21 - Samsung)
Samsung Update Plus (HKLM\...\{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}) (Version: 2.0 - Samsung Electronics Co., Ltd.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 14.0.10.0 - Synaptics Incorporated)
T-Online 6.0 (HKLM\...\{B1275E23-717A-4D52-997A-1AD1E24BC7F3}) (Version:  - )
T-Online WLAN-Access Finder (HKLM\...\{295C31E5-3F91-498E-9623-DA24D2FA2B6A}) (Version:  - )
User Guide (HKLM\...\{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}) (Version: 1.0 - )
Windows Live Call (Version: 14.0.8064.0206 - Microsoft Corporation) Hidden
Windows Live Communications Platform (Version: 14.0.8064.206 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Essentials (Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 14.0.8093.805 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (Version: 14.0.8081.709 - Microsoft Corporation) Hidden
Windows Live Mail (Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live Messenger (Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live Movie Maker (Version: 14.0.8091.0730 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM\...\{76618402-179D-4699-A66B-D351C59436BC}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live Writer (Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live-Uploadtool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)

==================== Restore Points  =========================

16-09-2013 20:22:36 Removed Java(TM) 6 Update 22
16-09-2013 20:24:03 Installed Java 7 Update 40
27-09-2013 10:22:48 Geplanter Prüfpunkt
07-04-2014 19:27:46 Installed Java 7 Update 51
07-05-2014 11:48:32 Installed Java 7 Update 55

==================== Hosts content: ==========================

2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {110619EF-A0A9-4992-9497-EF4A242695BE} - System32\Tasks\advSRS4 => C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe [2009-10-07] (SEC)
Task: {210FA61D-92F6-4FEE-B312-06AF7D4D93D5} - System32\Tasks\APSchedulerC => C:\Program Files\AnyPC Client\APLanMgrC.exe [2009-10-20] (DoctorSoft)
Task: {2D577A20-059C-43FE-B6C0-1FB82EC956F8} - System32\Tasks\BatteryLifeExtender => C:\Program Files\Samsung\BatteryLifeExtender\BatteryLifeExtender.exe [2009-11-19] (Samsung Electronics. Co. Ltd.)
Task: {36AE1841-8B96-49C1-B110-E620D8D7DB28} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-04-17] (Piriform Ltd)
Task: {3B9AB2A9-EB92-41E8-819C-2440A7A09029} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-01-17] (Google Inc.)
Task: {48A6287D-9267-44E7-99FD-21FCA0982FF8} - System32\Tasks\SUPBackground => C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe [2009-07-24] ()
Task: {672F06DF-7CC5-48DD-9A71-A8F6E27B3CA4} - System32\Tasks\Registration 1und1 Task => C:\Program Files\1und1Softwareaktualisierung\cdsupdclient.exe [2013-06-18] (1&1 Mail & Media GmbH)
Task: {88A49655-48B3-4C5D-8CD2-9B43A4A79D2F} - System32\Tasks\EasyDisplayMgr => C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe [2009-11-04] (Samsung Electronics Co., Ltd.)
Task: {8D4D5684-8FAB-4077-95EB-C9C0BBB68E80} - System32\Tasks\EasySpeedUpManager => C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe [2009-10-13] (Samsung Electronics Co., Ltd.)
Task: {9A171F4D-432A-42AF-A3CC-EBCB4A1C5430} - System32\Tasks\SamsungSupportCenter => C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe [2009-10-26] (SAMSUNG Electronics)
Task: {C02A9DB1-4C19-44BF-BBF5-C2832C7AE439} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {CC0D875C-93E1-46F8-B7B7-80E0B3BCFA41} - System32\Tasks\EasyBatteryManager => C:\Program Files\Samsung\EasyBatteryManager\EasyBatteryMgr4.exe [2009-10-16] (SAMSUNG Electronics co., LTD.)
Task: {D3618680-E03A-4147-BB35-A0A3126DD8DE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-01-17] (Google Inc.)
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2012-11-28 15:13 - 2012-11-28 15:13 - 00087952 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2012-11-28 15:13 - 2012-11-28 15:13 - 01242512 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2010-04-30 20:36 - 2009-08-13 21:58 - 00044312 _____ () C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe
2009-12-05 04:50 - 2009-07-07 20:23 - 00247152 ____N () C:\Program Files\CyberLink\Shared files\RichVideo.exe
2009-06-03 13:59 - 2009-06-03 13:59 - 00619816 ____N () C:\Program Files\CyberLink\Power2Go\CLMediaLibrary.dll
2009-06-03 13:59 - 2009-06-03 13:59 - 00013096 ____N () C:\Program Files\CyberLink\Power2Go\CLMLSvcPS.dll
2014-05-07 13:43 - 2014-05-07 13:43 - 00041984 _____ () c:\users\ina\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpxcfbtp.dll
2014-04-25 20:52 - 2013-10-19 01:55 - 25100288 _____ () C:\Users\ina\AppData\Roaming\Dropbox\bin\libcef.dll
2009-12-05 04:54 - 2006-08-12 05:48 - 00049152 _____ () C:\Program Files\Samsung\Easy Display Manager\HookDllPS2.dll
2011-01-17 16:19 - 2011-07-02 15:44 - 00985088 _____ () C:\Program Files\OpenOffice.org 3\program\libxml2.dll
2009-12-05 04:45 - 2009-07-24 06:46 - 00650920 _____ () C:\Program Files\Samsung\Samsung Update Plus\SUPNotifier.exe
2009-12-05 04:45 - 2009-05-13 10:51 - 00155648 _____ () C:\Program Files\Samsung\Samsung Update Plus\HMXML.dll
2014-05-07 14:00 - 2014-02-25 11:41 - 00394808 _____ () C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"

==================== EXE Association (whitelisted) =============


==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (05/06/2014 04:57:10 PM) (Source: SideBySide) (User: ) (EventID: 33)
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (05/06/2014 04:56:06 PM) (Source: SideBySide) (User: ) (EventID: 33)
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (05/06/2014 04:19:50 PM) (Source: Application Error) (User: ) (EventID: 1000)
Description: Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc100
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000
ID des fehlerhaften Prozesses: 0x944
Startzeit der fehlerhaften Anwendung: 0xsvchost.exe0
Pfad der fehlerhaften Anwendung: svchost.exe1
Pfad des fehlerhaften Moduls: svchost.exe2
Berichtskennung: svchost.exe3

Error: (05/06/2014 04:11:27 PM) (Source: Application Error) (User: ) (EventID: 1000)
Description: Name der fehlerhaften Anwendung: McSvHost.exe, Version: 2.0.230.0, Zeitstempel: 0x4d41ff35
Name des fehlerhaften Moduls: naiann.dll_unloaded, Version: 0.0.0.0, Zeitstempel: 0x4d545190
Ausnahmecode: 0xc0000005
Fehleroffset: 0x665b0296
ID des fehlerhaften Prozesses: 0x368
Startzeit der fehlerhaften Anwendung: 0xMcSvHost.exe0
Pfad der fehlerhaften Anwendung: McSvHost.exe1
Pfad des fehlerhaften Moduls: McSvHost.exe2
Berichtskennung: McSvHost.exe3

Error: (04/07/2014 08:59:14 PM) (Source: Application Error) (User: ) (EventID: 1000)
Description: Name der fehlerhaften Anwendung: cdsupdclient.exe, Version: 2.0.3.60, Zeitstempel: 0x51c01cfb
Name des fehlerhaften Moduls: ole32.dll, Version: 6.1.7600.16624, Zeitstempel: 0x4c297c56
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000470c2
ID des fehlerhaften Prozesses: 0x1338
Startzeit der fehlerhaften Anwendung: 0xcdsupdclient.exe0
Pfad der fehlerhaften Anwendung: cdsupdclient.exe1
Pfad des fehlerhaften Moduls: cdsupdclient.exe2
Berichtskennung: cdsupdclient.exe3

Error: (04/07/2014 08:57:55 PM) (Source: Application Hang) (User: ) (EventID: 1002)
Description: Programm iexplore.exe, Version 8.0.7600.16700 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 10c4

Startzeit: 01cf5292e543f7b4

Endzeit: 16

Anwendungspfad: C:\Program Files\Internet Explorer\iexplore.exe

Berichts-ID: 8456f01d-be86-11e3-9129-0024542864ce

Error: (03/28/2014 09:50:59 PM) (Source: SideBySide) (User: ) (EventID: 33)
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (03/28/2014 09:49:24 PM) (Source: SideBySide) (User: ) (EventID: 33)
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (03/23/2014 10:31:40 PM) (Source: Application Error) (User: ) (EventID: 1000)
Description: Name der fehlerhaften Anwendung: iexplore.exe, Version: 8.0.7600.16700, Zeitstempel: 0x4cd23213
Name des fehlerhaften Moduls: ole32.dll, Version: 6.1.7600.16624, Zeitstempel: 0x4c297c56
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00025577
ID des fehlerhaften Prozesses: 0x608
Startzeit der fehlerhaften Anwendung: 0xiexplore.exe0
Pfad der fehlerhaften Anwendung: iexplore.exe1
Pfad des fehlerhaften Moduls: iexplore.exe2
Berichtskennung: iexplore.exe3

Error: (02/11/2014 10:43:11 PM) (Source: Application Hang) (User: ) (EventID: 1002)
Description: Programm iexplore.exe, Version 8.0.7600.16700 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1088

Startzeit: 01cf2767beb4cff5

Endzeit: 27

Anwendungspfad: C:\Program Files\Internet Explorer\iexplore.exe

Berichts-ID: 1c9ec36d-935d-11e3-a169-0024542864ce


System errors:
=============
Error: (05/07/2014 03:37:18 PM) (Source: Service Control Manager) (User: ) (EventID: 7023)
Description: Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde mit folgendem Fehler beendet: 
%%-2147024891

Error: (05/07/2014 03:37:18 PM) (Source: Service Control Manager) (User: ) (EventID: 7001)
Description: Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuche-Ressourcenveröffentlichung" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%-2147024891

Error: (05/07/2014 02:20:47 PM) (Source: Service Control Manager) (User: ) (EventID: 7024)
Description: Der Dienst "Windows-Firewall" wurde mit folgendem dienstspezifischem Fehler beendet: %%5.

Error: (05/07/2014 02:19:02 PM) (Source: Service Control Manager) (User: ) (EventID: 7024)
Description: Der Dienst "Windows-Firewall" wurde mit folgendem dienstspezifischem Fehler beendet: %%5.

Error: (05/07/2014 02:18:21 PM) (Source: Service Control Manager) (User: ) (EventID: 7024)
Description: Der Dienst "Windows-Firewall" wurde mit folgendem dienstspezifischem Fehler beendet: %%5.

Error: (05/07/2014 02:18:04 PM) (Source: Service Control Manager) (User: ) (EventID: 7023)
Description: Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde mit folgendem Fehler beendet: 
%%-2147024891

Error: (05/07/2014 02:18:04 PM) (Source: Service Control Manager) (User: ) (EventID: 7001)
Description: Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuche-Ressourcenveröffentlichung" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%-2147024891

Error: (05/07/2014 02:17:41 PM) (Source: Service Control Manager) (User: ) (EventID: 7024)
Description: Der Dienst "Windows-Firewall" wurde mit folgendem dienstspezifischem Fehler beendet: %%5.

Error: (05/07/2014 02:02:04 PM) (Source: Service Control Manager) (User: ) (EventID: 7024)
Description: Der Dienst "Windows-Firewall" wurde mit folgendem dienstspezifischem Fehler beendet: %%5.

Error: (05/07/2014 01:47:22 PM) (Source: Service Control Manager) (User: ) (EventID: 7023)
Description: Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde mit folgendem Fehler beendet: 
%%-2147024891


Microsoft Office Sessions:
=========================
Error: (05/06/2014 04:57:10 PM) (Source: SideBySide) (User: ) (EventID: 33)
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\Program Files\Samsung\BatteryLifeExtender\Drv\SABI2x64\KStartMem.exe.Manifest

Error: (05/06/2014 04:56:06 PM) (Source: SideBySide) (User: ) (EventID: 33)
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\Program Files\Samsung\Samsung Support Center\Drv\drv2x64\KStartMem.exe.Manifest

Error: (05/06/2014 04:19:50 PM) (Source: Application Error) (User: ) (EventID: 1000)
Description: svchost.exe6.1.7600.163854a5bc100unknown0.0.0.000000000c00000050000000094401cf69363b9646d7C:\windows\System32\svchost.exeunknown7b7681a9-d529-11e3-ac34-0024542864ce

Error: (05/06/2014 04:11:27 PM) (Source: Application Error) (User: ) (EventID: 1000)
Description: McSvHost.exe2.0.230.04d41ff35naiann.dll_unloaded0.0.0.04d545190c0000005665b029636801cf693414aae806C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exenaiann.dll4fa5b352-d528-11e3-a156-0024542864ce

Error: (04/07/2014 08:59:14 PM) (Source: Application Error) (User: ) (EventID: 1000)
Description: cdsupdclient.exe2.0.3.6051c01cfbole32.dll6.1.7600.166244c297c56c0000005000470c2133801cf52937737d756C:\Program Files\1und1Softwareaktualisierung\cdsupdclient.exeC:\windows\system32\ole32.dllb5c42390-be86-11e3-9129-0024542864ce

Error: (04/07/2014 08:57:55 PM) (Source: Application Hang) (User: ) (EventID: 1002)
Description: iexplore.exe8.0.7600.1670010c401cf5292e543f7b416C:\Program Files\Internet Explorer\iexplore.exe8456f01d-be86-11e3-9129-0024542864ce

Error: (03/28/2014 09:50:59 PM) (Source: SideBySide) (User: ) (EventID: 33)
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\Program Files\Samsung\BatteryLifeExtender\Drv\SABI2x64\KStartMem.exe.Manifest

Error: (03/28/2014 09:49:24 PM) (Source: SideBySide) (User: ) (EventID: 33)
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\Program Files\Samsung\Samsung Support Center\Drv\drv2x64\KStartMem.exe.Manifest

Error: (03/23/2014 10:31:40 PM) (Source: Application Error) (User: ) (EventID: 1000)
Description: iexplore.exe8.0.7600.167004cd23213ole32.dll6.1.7600.166244c297c56c00000050002557760801cf46d5bd6b8180C:\Program Files\Internet Explorer\iexplore.exeC:\windows\system32\ole32.dll236eb456-b2ca-11e3-a084-0024542864ce

Error: (02/11/2014 10:43:11 PM) (Source: Application Hang) (User: ) (EventID: 1002)
Description: iexplore.exe8.0.7600.16700108801cf2767beb4cff527C:\Program Files\Internet Explorer\iexplore.exe1c9ec36d-935d-11e3-a169-0024542864ce


==================== Memory info =========================== 

Percentage of memory in use: 53%
Total physical RAM: 2008.61 MB
Available physical RAM: 935.13 MB
Total Pagefile: 4017.21 MB
Available Pagefile: 2722.8 MB
Total Virtual: 2047.88 MB
Available Virtual: 1903.77 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:111.07 GB) (Free:52.76 GB) NTFS
Drive d: () (Fixed) (Total:106.72 GB) (Free:106.48 GB) NTFS
Drive e: (Disc) (CDROM) (Total:0.15 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 233 GB) (Disk ID: 0E0EF5DF)
Partition 1: (Not Active) - (Size=15 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=111 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=107 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         

hi,

Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

• WICHTIG: Speichere Combofix auf deinem Desktop.
• Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
• Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
• Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
• Wenn Combofix fertig ist, wird es ein Logfile erstellen.
• Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

starte den Rechner einfach neu. Dies sollte das Problem beheben.

Danke!

Und hier die combofix.txt

Code: Alles auswählenAufklappen

ATTFilter

ComboFix 14-05-07.03 - ina 07.05.2014  20:08:42.1.2 - x86
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.49.1031.18.2009.819 [GMT 2:00]
ausgeführt von:: c:\users\ina\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Desktop *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\ina\AppData\Roaming\.#
.
.
(((((((((((((((((((((((   Dateien erstellt von 2014-04-07 bis 2014-05-07  ))))))))))))))))))))))))))))))
.
.
2014-05-07 17:18 . 2014-05-07 17:18	--------	d-----w-	c:\program files\GMX MailCheck
2014-05-07 13:54 . 2014-05-07 13:56	--------	d-----w-	C:\FRST
2014-05-07 12:19 . 2014-05-07 12:19	69240	----a-w-	c:\windows\system32\drivers\avnetflt.sys
2014-05-07 12:03 . 2014-05-07 12:03	--------	d-----w-	c:\users\ina\AppData\Roaming\Avira
2014-05-07 12:00 . 2014-02-25 09:41	90400	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2014-05-07 12:00 . 2014-02-25 09:41	37352	----a-w-	c:\windows\system32\drivers\avkmgr.sys
2014-05-07 12:00 . 2014-02-25 09:41	135648	----a-w-	c:\windows\system32\drivers\avipbb.sys
2014-05-07 12:00 . 2014-05-07 12:00	--------	d-----w-	c:\programdata\Avira
2014-05-07 12:00 . 2014-05-07 12:00	--------	d-----w-	c:\program files\Avira
2014-05-07 11:52 . 2014-05-07 11:52	--------	d-----w-	c:\programdata\UUdb
2014-05-07 11:51 . 2014-05-07 11:51	--------	d-----w-	c:\program files\CCleaner
2014-05-07 11:49 . 2014-04-14 18:13	94632	----a-w-	c:\windows\system32\WindowsAccessBridge.dll
2014-05-06 14:18 . 2014-05-07 18:05	107736	----a-w-	c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-05-06 14:17 . 2014-05-06 14:17	--------	d-----w-	c:\program files\ Malwarebytes Anti-Malware 
2014-05-06 14:17 . 2014-05-06 14:17	--------	d-----w-	c:\programdata\Malwarebytes
2014-05-06 14:17 . 2014-04-03 07:51	51416	----a-w-	c:\windows\system32\drivers\mwac.sys
2014-05-06 14:17 . 2014-04-03 07:51	73432	----a-w-	c:\windows\system32\drivers\mbamchameleon.sys
2014-05-06 14:17 . 2014-04-03 07:50	23256	----a-w-	c:\windows\system32\drivers\mbam.sys
2014-05-06 14:17 . 2014-05-06 14:17	--------	d-----w-	c:\users\ina\AppData\Local\Programs
2014-04-25 18:56 . 2014-05-07 18:02	--------	d-----r-	c:\users\ina\Dropbox
2014-04-25 18:49 . 2014-05-07 18:02	--------	d-----w-	c:\users\ina\AppData\Roaming\Dropbox
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54	131248	----a-w-	c:\users\ina\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54	131248	----a-w-	c:\users\ina\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54	131248	----a-w-	c:\users\ina\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-01-17 39408]
"GMX_GMX Upload-Manager"="c:\program files\GMX\GMX Upload-Manager\DAVSRV.EXE" [2010-11-19 940128]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-11-21 8092192]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-10-10 1578280]
"UpdateLBPShortCut"="c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2009-06-03 103720]
"UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"UpdatePDRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-01-04 222504]
"RemoteControl8"="c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2009-04-15 91432]
"PDVD8LanguageShortcut"="c:\program files\CyberLink\PowerDVD8\Language\Language.exe" [2009-04-15 50472]
"UpdatePPShortCut"="c:\program files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408]
"UpdatePSTShortCut"="c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2009-07-21 210216]
"APLangApp"="c:\program files\AnyPC Client\APLangApp.exe" [2009-10-20 13312]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-11-14 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-11-14 174104]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-11-14 151064]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"Acrobat Assistant 8.0"="c:\program files\Acrobat 8.0\Acrobat\Acrotray.exe" [2006-10-22 620152]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-12-12 152544]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2014-02-25 689744]
"MailCheck IE Broker"="c:\program files\GMX MailCheck\IE\GMX_MailCheck_Broker.exe" [2014-04-24 1772096]
.
c:\users\ina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\ina\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-4-25 33604728]
OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Acrobat - Schnellstart.lnk - c:\windows\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_Acrobat.exe [2011-4-6 295606]
Adobe Reader Synchronizer.lnk - c:\program files\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [2006-10-23 734872]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 MBAMService;MBAMService;c:\program files\ Malwarebytes Anti-Malware \mbamservice.exe [2014-04-03 857912]
R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [2014-05-07 107736]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2014-02-25 37352]
S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [2009-05-28 10752]
S1 uigxrdr;uigxrdr;c:\windows\system32\DRIVERS\uigxrdr.sys [2010-11-19 144896]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2014-02-25 440400]
S2 MBAMScheduler;MBAMScheduler;c:\program files\ Malwarebytes Anti-Malware \mbamscheduler.exe [2014-04-03 1809720]
S2 OberonGameConsoleService;Oberon Media Game Console service;c:\program files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe [2009-08-13 44312]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-07-10 122880]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2014-04-03 23256]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-09-28 315392]
.
.
Inhalt des "geplante Tasks" Ordners
.
2014-05-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-17 20:04]
.
2014-05-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-17 20:04]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
uInternet Settings,ProxyOverride = *.local
IE: An vorhandene PDF-Datei anfügen - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: An vorhandenes PDF anfügen - c:\program files\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - c:\program files\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - c:\program files\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Auswahl in Adobe PDF konvertieren - c:\program files\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Auswahl in vorhandene PDF-Datei konvertieren - c:\program files\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: In Adobe PDF konvertieren - c:\program files\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Linkziel an vorhandene PDF-Datei anhängen - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Linkziel in Adobe PDF konvertieren - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Verknüpfungsziel in Adobe PDF konvertieren - c:\program files\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - c:\program files\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
TCP: DhcpNameServer = 192.168.0.1
Handler: gmx - {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - c:\program files\GMX MailCheck\IE\GMX_MailCheck.dll
DPF: {E4CF4E86-D0DC-4864-8F0E-4F6EA2526334} - hxxp://img.ui-portal.de/webde/smartdrive/activex/gmxnet_osupload_2002.cab
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(2244)
c:\program files\GMX\GMX Upload-Manager\ExplorerHook.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\windows\system32\taskhost.exe
c:\program files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
c:\program files\Samsung\Samsung Support Center\SSCKbdHk.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\system32\conhost.exe
c:\windows\System32\rundll32.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\program files\iPod\bin\iPodService.exe
c:\users\ina\AppData\Roaming\Dropbox\bin\Dropbox.exe
c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2014-05-07  20:24:44 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2014-05-07 18:24
.
Vor Suchlauf: 7 Verzeichnis(se), 56.568.508.416 Bytes frei
Nach Suchlauf: 11 Verzeichnis(se), 56.335.060.992 Bytes frei
.
- - End Of File - - 9EDA1E031D4A8A436FE4E8BC56516720
2E5DEBB2116B3417023E0D6562D7ED07
         

Downloade Dir bitte Malwarebytes Anti-Malware

• Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
• Starte Malwarebytes' Anti-Malware (MBAM).
• Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
• Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
• Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
• Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
• Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
• Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Downloade Dir bitte AdwCleaner auf deinen Desktop.

• Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
• Starte die AdwCleaner.exe mit einem Doppelklick.
• Stimme den Nutzungsbedingungen zu.
• Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
  • "Tracing" Schlüssel löschen
  • Winsock Einstellungen zurücksetzen
  • Proxy Einstellungen zurücksetzen
  • Internet Explorer Richtlinien zurücksetzen
  • Chrome Richtlinien zurücksetzen
  • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
• Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
• Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
• Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
• Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

• Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
• Drücke eine beliebige Taste, um das Tool zu starten.
• Je nach System kann der Scan eine Weile dauern.
• Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
• Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

und ein frisches FRST log bitte.

und bitteschön....

mbam

Code: Alles auswählenAufklappen

ATTFilter

 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 08.05.2014
Suchlauf-Zeit: 19:09:18
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.1.1004
Malware Datenbank: v2014.05.08.07
Rootkit Datenbank: v2014.03.27.01
Lizenz: Testversion
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Chameleon: Deaktiviert

Betriebssystem: Windows 7
CPU: x86
Dateisystem: NTFS
Benutzer: ina

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 246225
Verstrichene Zeit: 11 Min, 14 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Shuriken: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 0
(No malicious items detected)

Registrierungswerte: 0
(No malicious items detected)

Registrierungsdaten: 0
(No malicious items detected)

Ordner: 0
(No malicious items detected)

Dateien: 0
(No malicious items detected)

Physische Sektoren: 0
(No malicious items detected)


(end)
         

adwcleaner

Code: Alles auswählenAufklappen

ATTFilter

# AdwCleaner v3.207 - Bericht erstellt am 08/05/2014 um 19:20:31
# Aktualisiert 05/05/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium  (32 bits)
# Benutzername : ina - INA-PC
# Gestartet von : C:\Users\ina\Desktop\adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\Partner
Datei Gelöscht : C:\Users\ina\Desktop\eBay.lnk

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\WLXQuickTimeShellExt.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{C424171E-592A-415A-9EB1-DFD6D95D3530}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C424171E-592A-415A-9EB1-DFD6D95D3530}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C424171E-592A-415A-9EB1-DFD6D95D3530}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{C424171E-592A-415A-9EB1-DFD6D95D3530}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{C424171E-592A-415A-9EB1-DFD6D95D3530}]
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4

***** [ Browser ] *****

-\\ Internet Explorer v8.0.7600.16700


*************************

AdwCleaner[R0].txt - [2138 octets] - [08/05/2014 19:17:19]
AdwCleaner[S0].txt - [2059 octets] - [08/05/2014 19:20:31]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2119 octets] ##########
         

junkware

Code: Alles auswählenAufklappen

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.3 (03.23.2014:1)
OS: Windows 7 Home Premium x86
Ran by ina on 08.05.2014 at 19:34:30,68
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 08.05.2014 at 19:37:34,08
Computer was rebooted
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         

frst


FRST Logfile:

FRST Logfile:

Code: Alles auswählenAufklappen

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:07-05-2014
Ran by ina (administrator) on INA-PC on 08-05-2014 19:42:34
Running from C:\Users\ina\Desktop
Microsoft Windows 7 Home Premium  (X86) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe
() C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe
() C:\Program Files\CyberLink\Shared files\RichVideo.exe
(SEC) C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
(SAMSUNG Electronics) C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(CyberLink) C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
(CyberLink Corp.) C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Adobe Systems Inc.) C:\Program Files\Acrobat 8.0\Acrobat\acrotray.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(1und1 Mail und Media GmbH) C:\Program Files\GMX MailCheck\IE\GMX_MailCheck_Broker.exe
(1&1 Mail & Media GmbH) C:\Program Files\GMX\GMX Upload-Manager\DAVSRV.EXE
(Dropbox, Inc.) C:\Users\ina\AppData\Roaming\Dropbox\bin\Dropbox.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.bin
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Macrovision Europe Ltd.) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
() C:\Program Files\Samsung\Samsung Update Plus\SUPNotifier.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbam.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [8092192 2009-11-21] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1578280 2009-10-10] (Synaptics Incorporated)
HKLM\...\Run: [UpdateLBPShortCut] => C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM\...\Run: [CLMLServer] => C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe [103720 2009-06-03] (CyberLink)
HKLM\...\Run: [UpdateP2GoShortCut] => C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM\...\Run: [UpdatePDRShortCut] => C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe [222504 2008-01-04] (CyberLink Corp.)
HKLM\...\Run: [RemoteControl8] => C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe [91432 2009-04-15] (CyberLink Corp.)
HKLM\...\Run: [PDVD8LanguageShortcut] => C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe [50472 2009-04-15] (CyberLink Corp.)
HKLM\...\Run: [UpdatePPShortCut] => C:\Program Files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe [218408 2008-12-03] (CyberLink Corp.)
HKLM\...\Run: [UpdatePSTShortCut] => C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe [210216 2009-07-21] (CyberLink Corp.)
HKLM\...\Run: [APLangApp] => C:\Program Files\AnyPC Client\APLangApp.exe [13312 2009-10-20] (DoctorSoft)
HKLM\...\Run: [UCam_Menu] => C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM\...\Run: [Adobe_ID0EYTHM] => C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3Tray.exe [1884160 2007-03-20] (Adobe Systems Incorporated)
HKLM\...\Run: [Acrobat Assistant 8.0] => C:\Program Files\Acrobat 8.0\Acrobat\Acrotray.exe [620152 2006-10-22] (Adobe Systems Inc.)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-11-28] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152544 2012-12-12] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-25] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [MailCheck IE Broker] => C:\Program Files\GMX MailCheck\IE\GMX_MailCheck_Broker.exe [1772096 2014-04-24] (1und1 Mail und Media GmbH)
HKU\S-1-5-21-1871111397-3539990770-1974983793-1000\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-01-17] (Google Inc.)
HKU\S-1-5-21-1871111397-3539990770-1974983793-1000\...\Run: [GMX_GMX Upload-Manager] => C:\Program Files\GMX\GMX Upload-Manager\DAVSRV.EXE [940128 2010-11-19] (1&1 Mail & Media GmbH)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat - Schnellstart.lnk
ShortcutTarget: Adobe Acrobat - Schnellstart.lnk -> C:\Windows\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_Acrobat.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
ShortcutTarget: Adobe Reader Synchronizer.lnk -> C:\Program Files\Acrobat 8.0\Acrobat\AdobeCollabSync.exe ()
Startup: C:\Users\ina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\ina\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\ina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN
SearchScopes: HKCU - DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN_de
SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN_de
SearchScopes: HKCU - {7C9F9AFC-1B2A-4269-8E91-6613FF649847} URL = hxxp://search.gmx.com/web?q={searchTerms}&origin=tb_splugin_ie
SearchScopes: HKCU - {7DD472E5-D1C1-41BB-959C-FEDAD33D7FDD} URL = hxxp://go.web.de/tb/ie_searchplugin/?su={searchTerms}
SearchScopes: HKCU - {906B5895-30B2-4904-914C-650974005CB7} URL = hxxp://go.1und1.de/tb/ie_searchplugin/?su={searchTerms}
SearchScopes: HKCU - {BCB191CC-9A3A-416B-ACE2-2500BAC00922} URL = hxxp://go.gmx.net/tb/ie_searchplugin/?su={searchTerms}
BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
BHO: GMX MailCheck BHO - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Program Files\GMX MailCheck\IE\GMX_MailCheck.dll (1und1 Mail und Media GmbH)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E4CF4E86-D0DC-4864-8F0E-4F6EA2526334} hxxp://img.ui-portal.de/webde/smartdrive/activex/gmxnet_osupload_2002.cab
Handler: gmx - {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Program Files\GMX MailCheck\IE\GMX_MailCheck.dll (1und1 Mail und Media GmbH)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\3.0.40624.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.3 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)

========================== Services (Whitelisted) =================

S3 Adobe Version Cue CS3; C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe [153792 2007-03-20] (Adobe Systems Incorporated)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [440400 2014-02-25] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-25] (Avira Operations GmbH & Co. KG)
R2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation)
R2 OberonGameConsoleService; C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe [44312 2009-08-13] ()
R2 RichVideo; C:\Program Files\CyberLink\Shared files\RichVideo.exe [247152 2009-07-07] ()
S2 McMPFSvc; "C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [X]

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\windows\System32\DRIVERS\avgntflt.sys [90400 2014-02-25] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\windows\System32\DRIVERS\avipbb.sys [135648 2014-02-25] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\windows\System32\DRIVERS\avkmgr.sys [37352 2014-02-25] (Avira Operations GmbH & Co. KG)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [23256 2014-04-03] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [107736 2014-05-08] (Malwarebytes Corporation)
R1 ssmdrv; C:\windows\System32\DRIVERS\ssmdrv.sys [28520 2014-02-25] (Avira GmbH)
R1 uigxrdr; C:\windows\System32\DRIVERS\uigxrdr.sys [144896 2010-11-19] (1&1 Mail & Media GmbH)
R3 yukonw7; C:\windows\System32\DRIVERS\yk62x86.sys [315392 2009-09-28] ()
U5 AppMgmt; C:\windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\Users\ina\AppData\Local\Temp\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-08 19:37 - 2014-05-08 19:37 - 00000646 _____ () C:\Users\ina\Desktop\JRT.txt
2014-05-08 19:30 - 2014-05-08 19:30 - 00000000 ____D () C:\windows\ERUNT
2014-05-08 19:26 - 2014-05-08 19:26 - 00002199 _____ () C:\Users\ina\Desktop\AdwCleaner[S0].txt
2014-05-08 19:17 - 2014-05-08 19:20 - 00000000 ____D () C:\AdwCleaner
2014-05-08 19:15 - 2014-05-08 19:15 - 00001130 _____ () C:\Users\ina\Desktop\mbam.txt
2014-05-08 18:54 - 2014-05-08 18:54 - 01316991 _____ () C:\Users\ina\Desktop\adwcleaner.exe
2014-05-08 18:54 - 2014-05-08 18:54 - 01016261 _____ (Thisisu) C:\Users\ina\Desktop\JRT.exe
2014-05-07 20:24 - 2014-05-07 20:24 - 00012766 _____ () C:\ComboFix.txt
2014-05-07 19:56 - 2014-05-07 19:56 - 03218352 _____ (McAfee, Inc.) C:\Users\ina\Desktop\MCPR.exe
2014-05-07 19:24 - 2014-05-07 20:24 - 00000000 ____D () C:\Qoobox
2014-05-07 19:24 - 2014-05-07 20:22 - 00000000 ____D () C:\windows\erdnt
2014-05-07 19:24 - 2011-06-26 08:45 - 00256000 _____ () C:\windows\PEV.exe
2014-05-07 19:24 - 2010-11-07 19:20 - 00208896 _____ () C:\windows\MBR.exe
2014-05-07 19:24 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe
2014-05-07 19:24 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe
2014-05-07 19:24 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe
2014-05-07 19:24 - 2000-08-31 02:00 - 00098816 _____ () C:\windows\sed.exe
2014-05-07 19:24 - 2000-08-31 02:00 - 00080412 _____ () C:\windows\grep.exe
2014-05-07 19:24 - 2000-08-31 02:00 - 00068096 _____ () C:\windows\zip.exe
2014-05-07 19:21 - 2014-05-07 19:21 - 05200039 ____R (Swearware) C:\Users\ina\Desktop\ComboFix.exe
2014-05-07 19:18 - 2014-05-07 19:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GMX MailCheck
2014-05-07 19:18 - 2014-05-07 19:18 - 00000000 ____D () C:\Program Files\GMX MailCheck
2014-05-07 19:16 - 2014-05-08 19:32 - 00000336 _____ () C:\windows\setupact.log
2014-05-07 19:16 - 2014-05-08 19:21 - 00096076 _____ () C:\windows\PFRO.log
2014-05-07 19:16 - 2014-05-07 19:16 - 00000000 _____ () C:\windows\setuperr.log
2014-05-07 15:55 - 2014-05-07 15:56 - 00030023 _____ () C:\Users\ina\Desktop\Addition.txt
2014-05-07 15:54 - 2014-05-08 19:42 - 00014766 _____ () C:\Users\ina\Desktop\FRST.txt
2014-05-07 15:54 - 2014-05-08 19:42 - 00000000 ____D () C:\FRST
2014-05-07 15:41 - 2014-05-07 15:41 - 01053184 _____ (Farbar) C:\Users\ina\Desktop\FRST.exe
2014-05-07 15:29 - 2014-05-07 15:29 - 00013824 ___SH () C:\Users\ina\Desktop\Thumbs.db
2014-05-07 15:29 - 2014-05-07 15:29 - 00008749 _____ () C:\Users\ina\Desktop\mwbam.txt
2014-05-07 14:19 - 2014-05-07 14:19 - 00069240 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avnetflt.sys
2014-05-07 14:03 - 2014-05-07 14:03 - 00000000 ____D () C:\Users\ina\AppData\Roaming\Avira
2014-05-07 14:00 - 2014-05-07 14:00 - 00002016 _____ () C:\Users\Public\Desktop\Avira Control Center.lnk
2014-05-07 14:00 - 2014-05-07 14:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-05-07 14:00 - 2014-05-07 14:00 - 00000000 ____D () C:\ProgramData\Avira
2014-05-07 14:00 - 2014-05-07 14:00 - 00000000 ____D () C:\Program Files\Avira
2014-05-07 14:00 - 2014-02-25 11:41 - 00135648 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avipbb.sys
2014-05-07 14:00 - 2014-02-25 11:41 - 00090400 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avgntflt.sys
2014-05-07 14:00 - 2014-02-25 11:41 - 00037352 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avkmgr.sys
2014-05-07 14:00 - 2014-02-25 11:41 - 00028520 _____ (Avira GmbH) C:\windows\system32\Drivers\ssmdrv.sys
2014-05-07 13:52 - 2014-05-07 13:52 - 00000000 ____D () C:\ProgramData\UUdb
2014-05-07 13:51 - 2014-05-07 13:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-05-07 13:51 - 2014-05-07 13:51 - 00000000 ____D () C:\Program Files\CCleaner
2014-05-07 13:49 - 2014-05-07 13:49 - 00004241 _____ () C:\windows\system32\jupdate-1.7.0_55-b14.log
2014-05-07 13:49 - 2014-05-07 13:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-05-07 13:49 - 2014-04-14 20:13 - 00094632 _____ (Oracle Corporation) C:\windows\system32\WindowsAccessBridge.dll
2014-05-07 13:49 - 2014-04-14 20:05 - 00264616 _____ (Oracle Corporation) C:\windows\system32\javaws.exe
2014-05-07 13:49 - 2014-04-14 20:05 - 00175528 _____ (Oracle Corporation) C:\windows\system32\javaw.exe
2014-05-07 13:49 - 2014-04-14 20:04 - 00175016 _____ (Oracle Corporation) C:\windows\system32\java.exe
2014-05-06 16:18 - 2014-05-08 19:42 - 00107736 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-06 16:17 - 2014-05-06 16:17 - 00001064 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-05-06 16:17 - 2014-05-06 16:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-05-06 16:17 - 2014-05-06 16:17 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-06 16:17 - 2014-05-06 16:17 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2014-05-06 16:17 - 2014-04-03 09:51 - 00073432 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-05-06 16:17 - 2014-04-03 09:51 - 00051416 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-05-06 16:17 - 2014-04-03 09:50 - 00023256 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-05-06 16:16 - 2014-05-06 16:00 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\ina\Desktop\mbam-setup-2.0.1.1004.exe
2014-05-06 16:15 - 2014-05-06 16:03 - 138607664 _____ () C:\Users\ina\Desktop\avira_free_antivirus614_de.exe
2014-04-25 21:13 - 2014-04-25 21:13 - 00129814 _____ () C:\Users\ina\Downloads\kontoauszüge.zip
2014-04-25 20:56 - 2014-05-08 19:34 - 00000000 ___RD () C:\Users\ina\Dropbox
2014-04-25 20:56 - 2014-04-25 20:56 - 00001035 _____ () C:\Users\ina\Desktop\Dropbox.lnk
2014-04-25 20:52 - 2014-04-25 20:56 - 00000000 ____D () C:\Users\ina\AppData\Roaming\DropboxMaster
2014-04-25 20:52 - 2014-04-25 20:52 - 00000000 ____D () C:\Users\ina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-04-25 20:49 - 2014-05-08 19:34 - 00000000 ____D () C:\Users\ina\AppData\Roaming\Dropbox
2014-04-14 21:10 - 2014-04-14 21:10 - 00001309 _____ () C:\Users\ina\Downloads\altmuehltal_Mo.mpjs
2014-04-09 10:47 - 2014-04-09 10:47 - 00618496 _____ () C:\Users\ina\Documents\Kundeninfomailing Esprit spring Flyer 2014.ppt
2014-04-09 10:43 - 2014-04-09 10:43 - 00039456 _____ () C:\Users\ina\Downloads\adressen infomailing rabattaktion flyer.xlsx
2014-04-09 09:45 - 2014-04-09 09:45 - 00626622 _____ () C:\Users\ina\Downloads\Kundeninfomailing Esprit spring Flyer 2014.pptx

==================== One Month Modified Files and Folders =======

2014-05-08 19:42 - 2014-05-07 15:54 - 00014766 _____ () C:\Users\ina\Desktop\FRST.txt
2014-05-08 19:42 - 2014-05-07 15:54 - 00000000 ____D () C:\FRST
2014-05-08 19:42 - 2014-05-06 16:18 - 00107736 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-08 19:42 - 2009-12-05 04:40 - 01375759 _____ () C:\windows\WindowsUpdate.log
2014-05-08 19:40 - 2009-07-14 06:34 - 00014512 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-08 19:40 - 2009-07-14 06:34 - 00014512 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-08 19:37 - 2014-05-08 19:37 - 00000646 _____ () C:\Users\ina\Desktop\JRT.txt
2014-05-08 19:34 - 2014-04-25 20:56 - 00000000 ___RD () C:\Users\ina\Dropbox
2014-05-08 19:34 - 2014-04-25 20:49 - 00000000 ____D () C:\Users\ina\AppData\Roaming\Dropbox
2014-05-08 19:32 - 2014-05-07 19:16 - 00000336 _____ () C:\windows\setupact.log
2014-05-08 19:32 - 2011-01-17 22:04 - 00001088 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-08 19:32 - 2010-04-30 20:34 - 00000000 ____D () C:\Users\ina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite
2014-05-08 19:32 - 2009-07-14 06:53 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-05-08 19:30 - 2014-05-08 19:30 - 00000000 ____D () C:\windows\ERUNT
2014-05-08 19:26 - 2014-05-08 19:26 - 00002199 _____ () C:\Users\ina\Desktop\AdwCleaner[S0].txt
2014-05-08 19:21 - 2014-05-07 19:16 - 00096076 _____ () C:\windows\PFRO.log
2014-05-08 19:20 - 2014-05-08 19:17 - 00000000 ____D () C:\AdwCleaner
2014-05-08 19:15 - 2014-05-08 19:15 - 00001130 _____ () C:\Users\ina\Desktop\mbam.txt
2014-05-08 18:57 - 2011-01-17 22:04 - 00001092 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-08 18:54 - 2014-05-08 18:54 - 01316991 _____ () C:\Users\ina\Desktop\adwcleaner.exe
2014-05-08 18:54 - 2014-05-08 18:54 - 01016261 _____ (Thisisu) C:\Users\ina\Desktop\JRT.exe
2014-05-07 20:24 - 2014-05-07 20:24 - 00012766 _____ () C:\ComboFix.txt
2014-05-07 20:24 - 2014-05-07 19:24 - 00000000 ____D () C:\Qoobox
2014-05-07 20:24 - 2009-07-14 04:37 - 00000000 __RHD () C:\Users\Default
2014-05-07 20:24 - 2009-07-14 04:37 - 00000000 ___RD () C:\Users\Public
2014-05-07 20:22 - 2014-05-07 19:24 - 00000000 ____D () C:\windows\erdnt
2014-05-07 20:18 - 2009-07-14 04:04 - 00000215 _____ () C:\windows\system.ini
2014-05-07 19:57 - 2009-07-14 04:37 - 00000000 ____D () C:\windows\system32\config\Journal
2014-05-07 19:56 - 2014-05-07 19:56 - 03218352 _____ (McAfee, Inc.) C:\Users\ina\Desktop\MCPR.exe
2014-05-07 19:45 - 2010-12-13 22:21 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-05-07 19:24 - 2009-07-14 06:53 - 00032632 _____ () C:\windows\Tasks\SCHEDLGU.TXT
2014-05-07 19:21 - 2014-05-07 19:21 - 05200039 ____R (Swearware) C:\Users\ina\Desktop\ComboFix.exe
2014-05-07 19:20 - 2009-07-26 22:06 - 01472002 _____ () C:\windows\system32\PerfStringBackup.INI
2014-05-07 19:18 - 2014-05-07 19:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GMX MailCheck
2014-05-07 19:18 - 2014-05-07 19:18 - 00000000 ____D () C:\Program Files\GMX MailCheck
2014-05-07 19:16 - 2014-05-07 19:16 - 00000000 _____ () C:\windows\setuperr.log
2014-05-07 15:56 - 2014-05-07 15:55 - 00030023 _____ () C:\Users\ina\Desktop\Addition.txt
2014-05-07 15:41 - 2014-05-07 15:41 - 01053184 _____ (Farbar) C:\Users\ina\Desktop\FRST.exe
2014-05-07 15:29 - 2014-05-07 15:29 - 00013824 ___SH () C:\Users\ina\Desktop\Thumbs.db
2014-05-07 15:29 - 2014-05-07 15:29 - 00008749 _____ () C:\Users\ina\Desktop\mwbam.txt
2014-05-07 14:19 - 2014-05-07 14:19 - 00069240 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avnetflt.sys
2014-05-07 14:03 - 2014-05-07 14:03 - 00000000 ____D () C:\Users\ina\AppData\Roaming\Avira
2014-05-07 14:00 - 2014-05-07 14:00 - 00002016 _____ () C:\Users\Public\Desktop\Avira Control Center.lnk
2014-05-07 14:00 - 2014-05-07 14:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-05-07 14:00 - 2014-05-07 14:00 - 00000000 ____D () C:\ProgramData\Avira
2014-05-07 14:00 - 2014-05-07 14:00 - 00000000 ____D () C:\Program Files\Avira
2014-05-07 13:54 - 2010-09-27 21:13 - 00000000 ____D () C:\Users\ina\Tracing
2014-05-07 13:54 - 2009-07-26 22:57 - 00000000 ____D () C:\windows\Panther
2014-05-07 13:52 - 2014-05-07 13:52 - 00000000 ____D () C:\ProgramData\UUdb
2014-05-07 13:52 - 2013-09-02 20:57 - 00001978 _____ () C:\Users\ina\Desktop\Amazon.lnk
2014-05-07 13:52 - 2013-09-02 20:57 - 00001972 _____ () C:\Users\ina\Desktop\GMX.lnk
2014-05-07 13:52 - 2013-09-02 20:57 - 00000000 ____D () C:\ProgramData\DesktopIcons
2014-05-07 13:52 - 2013-09-02 20:57 - 00000000 ____D () C:\Program Files\1und1Softwareaktualisierung
2014-05-07 13:51 - 2014-05-07 13:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-05-07 13:51 - 2014-05-07 13:51 - 00000000 ____D () C:\Program Files\CCleaner
2014-05-07 13:49 - 2014-05-07 13:49 - 00004241 _____ () C:\windows\system32\jupdate-1.7.0_55-b14.log
2014-05-07 13:49 - 2014-05-07 13:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-05-07 13:49 - 2013-09-16 22:25 - 00000000 ____D () C:\ProgramData\Oracle
2014-05-07 13:49 - 2011-07-02 15:42 - 00000000 ____D () C:\Program Files\Java
2014-05-06 16:17 - 2014-05-06 16:17 - 00001064 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-05-06 16:17 - 2014-05-06 16:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-05-06 16:17 - 2014-05-06 16:17 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-06 16:17 - 2014-05-06 16:17 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2014-05-06 16:03 - 2014-05-06 16:15 - 138607664 _____ () C:\Users\ina\Desktop\avira_free_antivirus614_de.exe
2014-05-06 16:00 - 2014-05-06 16:16 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\ina\Desktop\mbam-setup-2.0.1.1004.exe
2014-04-25 21:15 - 2011-10-06 20:30 - 00678912 ___SH () C:\Users\ina\Downloads\Thumbs.db
2014-04-25 21:13 - 2014-04-25 21:13 - 00129814 _____ () C:\Users\ina\Downloads\kontoauszüge.zip
2014-04-25 20:56 - 2014-04-25 20:56 - 00001035 _____ () C:\Users\ina\Desktop\Dropbox.lnk
2014-04-25 20:56 - 2014-04-25 20:52 - 00000000 ____D () C:\Users\ina\AppData\Roaming\DropboxMaster
2014-04-25 20:56 - 2010-04-30 20:34 - 00000000 ____D () C:\Users\ina
2014-04-25 20:52 - 2014-04-25 20:52 - 00000000 ____D () C:\Users\ina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-04-14 21:10 - 2014-04-14 21:10 - 00001309 _____ () C:\Users\ina\Downloads\altmuehltal_Mo.mpjs
2014-04-14 20:13 - 2014-05-07 13:49 - 00094632 _____ (Oracle Corporation) C:\windows\system32\WindowsAccessBridge.dll
2014-04-14 20:05 - 2014-05-07 13:49 - 00264616 _____ (Oracle Corporation) C:\windows\system32\javaws.exe
2014-04-14 20:05 - 2014-05-07 13:49 - 00175528 _____ (Oracle Corporation) C:\windows\system32\javaw.exe
2014-04-14 20:04 - 2014-05-07 13:49 - 00175016 _____ (Oracle Corporation) C:\windows\system32\java.exe
2014-04-09 10:47 - 2014-04-09 10:47 - 00618496 _____ () C:\Users\ina\Documents\Kundeninfomailing Esprit spring Flyer 2014.ppt
2014-04-09 10:43 - 2014-04-09 10:43 - 00039456 _____ () C:\Users\ina\Downloads\adressen infomailing rabattaktion flyer.xlsx
2014-04-09 09:45 - 2014-04-09 09:45 - 00626622 _____ () C:\Users\ina\Downloads\Kundeninfomailing Esprit spring Flyer 2014.pptx

Some content of TEMP:
====================
C:\Users\ina\AppData\Local\Temp\avgnt.exe
C:\Users\ina\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmppo3f6p.dll
C:\Users\ina\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\windows\explorer.exe => MD5 is legit
C:\windows\system32\winlogon.exe => MD5 is legit
C:\windows\system32\wininit.exe => MD5 is legit
C:\windows\system32\svchost.exe => MD5 is legit
C:\windows\system32\services.exe => MD5 is legit
C:\windows\system32\User32.dll => MD5 is legit
C:\windows\system32\userinit.exe => MD5 is legit
C:\windows\system32\rpcss.dll => MD5 is legit
C:\windows\system32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-05-06 16:55

==================== End Of Log ============================
         

--- --- ---

--- --- ---


und die addition.txt

Code: Alles auswählenAufklappen

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x86) Version:07-05-2014
Ran by ina at 2014-05-08 19:43:06
Running from C:\Users\ina\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

Adobe Acrobat 8 Professional - English, Français, Deutsch (Version: 8.0.0 - Adobe Systems) Hidden
Adobe Anchor Service CS3 (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Asset Services CS3 (Version: 3 - Adobe Systems Incorporated) Hidden
Adobe Bridge CS3 (Version: 2 - Adobe Systems Incorporated) Hidden
Adobe Bridge Start Meeting (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe BridgeTalk Plugin CS3 (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Camera Raw 4.0 (Version: 4.0 - Adobe Systems Incorporated) Hidden
Adobe CMaps (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Color - Photoshop Specific (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Color Common Settings (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Color EU Recommended Settings (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Color JA Extra Settings (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Color NA Extra Settings (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Creative Suite 3 Design Premium (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Creative Suite 3 Design Premium hinzufügen oder entfernen (HKLM\...\Adobe_061850775b1c6d22bf2a145678e05e0) (Version: 1.0 - Adobe Systems Incorporated)
Adobe Default Language CS3 (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Device Central CS3 (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Dreamweaver CS3 (Version: 9 - Adobe Systems Incorporated) Hidden
Adobe ExtendScript Toolkit 2 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Extension Manager CS3 (Version: 1.8 - Adobe Systems Incorporated) Hidden
Adobe Flash CS3 (Version: 9.0 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 10 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 10.1.102.64 - Adobe Systems Incorporated)
Adobe Flash Player 9 Plugin (HKLM\...\{88D422DB-E9C7-4E16-9D80-2999F4FD6AD9}) (Version: 9.0.45.0 - Adobe Systems, Inc.)
Adobe Flash Video Encoder (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Fonts All (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Help Viewer CS3 (Version: 1 - Adobe Systems Incorporated) Hidden
Adobe Illustrator CS3 (Version: 13.0 - Adobe Systems Incorporated) Hidden
Adobe InDesign CS3 (Version: 5.0 - Adobe Systems Incorporated) Hidden
Adobe InDesign CS3 Icon Handler (Version: 5.0 - Adobe Systems Incorporated) Hidden
Adobe Linguistics CS3 (Version: 3.0.0 - Adobe Systems Incorporated) Hidden
Adobe MotionPicture Color Files (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe PDF Library Files (Version: 8.0 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS3 (Version: 10 - Adobe Systems Incorporated) Hidden
Adobe Setup (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe SING CS3 (Version: 0.1 - Adobe Systems Incorporated) Hidden
Adobe Stock Photos CS3 (Version: 1.5 - Adobe Systems Incorporated) Hidden
Adobe Type Support (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Update Manager CS3 (Version: 5.1.0 - Adobe Systems Incorporated) Hidden
Adobe Version Cue CS3 Client (Version: 3 - Adobe Systems Incorporated) Hidden
Adobe Version Cue CS3 Server (Version: 3.0 - Adobe Systems Incorporated) Hidden
Adobe WAS CS3 (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe WinSoft Linguistics Plugin (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe XMP Panels CS3 (Version: 1.0 - Adobe Systems Incorporated) Hidden
AHV content for Acrobat and Flash (Version: 1 - Adobe Systems Incorporated) Hidden
Alice Greenfingers (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}) (Version:  - Oberon Media)
AnyPC Client (HKLM\...\{1AFA1FEF-8CF9-4A51-AC46-64FAA7F3D9E2}) (Version: 1.0.0.23 - Doctorsoft)
Apple Application Support (HKLM\...\{CCE825DB-347A-4004-A186-5F4A6FDD8547}) (Version: 2.3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{459699C3-9430-4381-964B-4248D87B49F9}) (Version: 6.0.1.3 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Client Installation Program (HKLM\...\{D1434266-0486-4469-B338-A60082CC04E1}) (Version: 1.0.1.0805 - Atheros)
Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.3.350 - Avira)
BatteryLifeExtender (HKLM\...\{853F8A41-A3C9-43FA-87FA-1AE74FC6F3F7}) (Version: 1.0.1 - Samsung)
Bertelsmann Fotowelt (HKLM\...\Bertelsmann Fotowelt) (Version: 5.0.4 - CEWE COLOR AG u Co. OHG)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.13 - Piriform)
Compatibility Pack für 2007 Office System (HKLM\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
CyberLink DVD Suite (HKLM\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 6.0.2806 - CyberLink Corp.)
CyberLink DVD Suite (Version: 6.0.2806 - CyberLink Corp.) Hidden
CyberLink LabelPrint (HKLM\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1916 - CyberLink Corp.)
CyberLink LabelPrint (Version: 2.5.1916 - CyberLink Corp.) Hidden
CyberLink Power2Go (HKLM\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.3108a - CyberLink Corp.)
CyberLink Power2Go (Version: 6.0.3108a - CyberLink Corp.) Hidden
CyberLink PowerDirector (HKLM\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.3213 - CyberLink Corp.)
CyberLink PowerDirector (Version: 7.0.3213 - CyberLink Corp.) Hidden
CyberLink PowerDVD 8 (HKLM\...\InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}) (Version: 8.0.2815b - CyberLink Corp.)
CyberLink PowerDVD 8 (Version: 8.0.2815b - CyberLink Corp.) Hidden
CyberLink PowerProducer (HKLM\...\InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}) (Version: 5.0.1.1812 - CyberLink Corp.)
CyberLink PowerProducer (Version: 5.0.1.1812 - CyberLink Corp.) Hidden
CyberLink YouCam (HKLM\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 2.0.3304 - CyberLink Corp.)
CyberLink YouCam (Version: 2.0.3304 - CyberLink Corp.) Hidden
Dairy Dash (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115053100}) (Version:  - Oberon Media)
Dropbox (HKCU\...\Dropbox) (Version: 2.6.31 - Dropbox, Inc.)
Easy Display Manager (HKLM\...\{17283B95-21A8-4996-97DA-547A48DB266F}) (Version: 3.0 - Samsung Electronics Co., Ltd.)
Easy Network Manager (HKLM\...\{A5675A9E-F073-414A-9A04-F9BCD50459D7}) (Version: 4.2.6 - Samsung)
Easy SpeedUp Manager (HKLM\...\{EF367AA4-070B-493C-9575-85BE59D789C9}) (Version: 3.0.0.5 - Samsung Electronics Co.,Ltd.)
EasyBatteryManager (HKLM\...\{178EE5F4-0F86-4BF0-A0D1-9790AFF409D1}) (Version: 4.0.0.3 - Samsung)
Farm Frenzy 2 (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}) (Version:  - Oberon Media)
Game Pack (HKLM\...\{63eafc52-b963-4297-a7eb-d412944e7065}_is1) (Version: 5.3.0.10 - Oberon Media, Inc.)
GMX Desktop Icons (HKLM\...\1&1 Mail & Media GmbH 1und1DesktopIconsInstaller) (Version: 3.0.5.0 - 1&1 Mail & Media GmbH)
GMX MailCheck für Internet Explorer (HKLM\...\1&1 Mail & Media GmbH Toolbar IE8) (Version: 2.5.1.0 - 1&1 Mail & Media GmbH)
GMX Softwareaktualisierung (HKLM\...\1&1 Mail & Media GmbH 1und1Softwareaktualisierung) (Version: 3.0.0.55 - 1&1 Mail & Media GmbH)
GMX Upload-Manager (HKLM\...\GMX Upload-Manager) (Version: 2.0.636 - 1&1 Mail & Media GmbH)
Go-Go Gourmet (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-114072167}) (Version:  - Oberon Media)
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.24.7 - Google Inc.) Hidden
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1892 - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
iTunes (HKLM\...\{B0261E53-B6F1-474A-864B-E7C3CBF468E0}) (Version: 11.0.1.12 - Apple Inc.)
Java 7 Update 55 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217040FF}) (Version: 7.0.550 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Junk Mail filter update (Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware Version 2.0.1.1004 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)
Marvell Miniport Driver (HKLM\...\Marvell Miniport Driver) (Version: 11.22.3.3 - Marvell)
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Choice Guard (Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft Office Live Add-in 1.3 (HKLM\...\{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}) (Version: 2.0.2313.0 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 3.0.40624.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM\...\{39D0E034-1042-4905-BECB-5502909FCB7C}) (Version: 9.7.0621 - Microsoft Corporation)
MSVCRT (Version: 14.0.1468.721 - Microsoft) Hidden
OpenOffice.org 3.3 (HKLM\...\{4286716B-1287-48E7-9078-3DC8248DBA96}) (Version: 3.3.9567 - OpenOffice.org)
PDF Settings (Version: 1.0 - Adobe Systems Incorporated) Hidden
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5986 - Realtek Semiconductor Corp.)
Samsung Recovery Solution 4 (HKLM\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 4.0.0.4 - Samsung)
Samsung Support Center (HKLM\...\{CCC2B140-B47A-45FA-AAE3-BD60DA41AE00}) (Version: 1.0.21 - Samsung)
Samsung Update Plus (HKLM\...\{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}) (Version: 2.0 - Samsung Electronics Co., Ltd.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 14.0.10.0 - Synaptics Incorporated)
T-Online 6.0 (HKLM\...\{B1275E23-717A-4D52-997A-1AD1E24BC7F3}) (Version:  - )
T-Online WLAN-Access Finder (HKLM\...\{295C31E5-3F91-498E-9623-DA24D2FA2B6A}) (Version:  - )
User Guide (HKLM\...\{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}) (Version: 1.0 - )
Windows Live Call (Version: 14.0.8064.0206 - Microsoft Corporation) Hidden
Windows Live Communications Platform (Version: 14.0.8064.206 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Essentials (Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 14.0.8093.805 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (Version: 14.0.8081.709 - Microsoft Corporation) Hidden
Windows Live Mail (Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live Messenger (Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live Movie Maker (Version: 14.0.8091.0730 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM\...\{76618402-179D-4699-A66B-D351C59436BC}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live Writer (Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live-Uploadtool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)

==================== Restore Points  =========================

27-09-2013 10:22:48 Geplanter Prüfpunkt
07-04-2014 19:27:46 Installed Java 7 Update 51
07-05-2014 11:48:32 Installed Java 7 Update 55

==================== Hosts content: ==========================

2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {110619EF-A0A9-4992-9497-EF4A242695BE} - System32\Tasks\advSRS4 => C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe [2009-10-07] (SEC)
Task: {210FA61D-92F6-4FEE-B312-06AF7D4D93D5} - System32\Tasks\APSchedulerC => C:\Program Files\AnyPC Client\APLanMgrC.exe [2009-10-20] (DoctorSoft)
Task: {2D577A20-059C-43FE-B6C0-1FB82EC956F8} - System32\Tasks\BatteryLifeExtender => C:\Program Files\Samsung\BatteryLifeExtender\BatteryLifeExtender.exe [2009-11-19] (Samsung Electronics. Co. Ltd.)
Task: {36AE1841-8B96-49C1-B110-E620D8D7DB28} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-04-17] (Piriform Ltd)
Task: {3B9AB2A9-EB92-41E8-819C-2440A7A09029} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-01-17] (Google Inc.)
Task: {48A6287D-9267-44E7-99FD-21FCA0982FF8} - System32\Tasks\SUPBackground => C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe [2009-07-24] ()
Task: {672F06DF-7CC5-48DD-9A71-A8F6E27B3CA4} - System32\Tasks\Registration 1und1 Task => C:\Program Files\1und1Softwareaktualisierung\cdsupdclient.exe [2013-06-18] (1&1 Mail & Media GmbH)
Task: {88A49655-48B3-4C5D-8CD2-9B43A4A79D2F} - System32\Tasks\EasyDisplayMgr => C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe [2009-11-04] (Samsung Electronics Co., Ltd.)
Task: {8D4D5684-8FAB-4077-95EB-C9C0BBB68E80} - System32\Tasks\EasySpeedUpManager => C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe [2009-10-13] (Samsung Electronics Co., Ltd.)
Task: {9A171F4D-432A-42AF-A3CC-EBCB4A1C5430} - System32\Tasks\SamsungSupportCenter => C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe [2009-10-26] (SAMSUNG Electronics)
Task: {C02A9DB1-4C19-44BF-BBF5-C2832C7AE439} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {CC0D875C-93E1-46F8-B7B7-80E0B3BCFA41} - System32\Tasks\EasyBatteryManager => C:\Program Files\Samsung\EasyBatteryManager\EasyBatteryMgr4.exe [2009-10-16] (SAMSUNG Electronics co., LTD.)
Task: {D3618680-E03A-4147-BB35-A0A3126DD8DE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-01-17] (Google Inc.)
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-05-07 14:00 - 2014-02-25 11:41 - 00394808 _____ () C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
2012-11-28 15:13 - 2012-11-28 15:13 - 00087952 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2012-11-28 15:13 - 2012-11-28 15:13 - 01242512 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2010-04-30 20:36 - 2009-08-13 21:58 - 00044312 _____ () C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe
2009-12-05 04:50 - 2009-07-07 20:23 - 00247152 ____N () C:\Program Files\CyberLink\Shared files\RichVideo.exe
2009-12-05 04:54 - 2006-08-12 05:48 - 00049152 _____ () C:\Program Files\Samsung\Easy Display Manager\HookDllPS2.dll
2009-06-03 13:59 - 2009-06-03 13:59 - 00619816 ____N () C:\Program Files\CyberLink\Power2Go\CLMediaLibrary.dll
2009-06-03 13:59 - 2009-06-03 13:59 - 00013096 ____N () C:\Program Files\CyberLink\Power2Go\CLMLSvcPS.dll
2014-05-08 19:33 - 2014-05-08 19:33 - 00041984 _____ () c:\users\ina\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmppo3f6p.dll
2014-04-25 20:52 - 2013-10-19 01:55 - 25100288 _____ () C:\Users\ina\AppData\Roaming\Dropbox\bin\libcef.dll
2011-01-17 16:19 - 2011-07-02 15:44 - 00985088 _____ () C:\Program Files\OpenOffice.org 3\program\libxml2.dll
2009-12-05 04:45 - 2009-07-24 06:46 - 00650920 _____ () C:\Program Files\Samsung\Samsung Update Plus\SUPNotifier.exe
2009-12-05 04:45 - 2009-05-13 10:51 - 00155648 _____ () C:\Program Files\Samsung\Samsung Update Plus\HMXML.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"

==================== EXE Association (whitelisted) =============


==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============

Microsoft Office Sessions:
=========================

==================== Memory info =========================== 

Percentage of memory in use: 47%
Total physical RAM: 2008.61 MB
Available physical RAM: 1058.45 MB
Total Pagefile: 4017.21 MB
Available Pagefile: 2779.61 MB
Total Virtual: 2047.88 MB
Available Virtual: 1924.09 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:111.07 GB) (Free:52.05 GB) NTFS
Drive d: () (Fixed) (Total:106.72 GB) (Free:106.48 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 233 GB) (Disk ID: 0E0EF5DF)
Partition 1: (Not Active) - (Size=15 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=111 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=107 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         

ESET Online Scanner

• Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
• Lade und starte Eset Online Scanner
• Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
• Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
• Klicke auf Starten.
• Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
• Klicke am Ende des Suchlaufs auf Fertig stellen.
• Schließe das Fenster von ESET.
• Explorer öffnen.
• C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
• Logfile hier posten.
• Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
• Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Downloade Dir bitte SecurityCheck und:

• Speichere es auf dem Desktop.
• Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
• Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?

soweit ich es sehe, existieren momentan keine Probleme.
werde jetzt noch Java, Flash player, windows etc. updaten und dann hoffe ich, daß es meine Schwester schafft das System sauber zu halten.

Und hier noch die logs

Code: Alles auswählenAufklappen

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=98748d6825c8c2468ec8854cc7f188e3
# engine=18198
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-05-09 04:58:29
# local_time=2014-05-09 06:58:29 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7600 NT 
# compatibility_mode=1799 16775165 100 95 3449 6337045 0 0
# compatibility_mode=5893 16776574 66 85 126044888 151285900 0 0
# scanned=182103
# found=0
# cleaned=0
# scan_time=3040
         

Code: Alles auswählenAufklappen

ATTFilter

 Results of screen317's Security Check version 0.99.82  
 Windows 7  x86 (UAC is enabled)  
 Out of date service pack!! 
``````````````Antivirus/Firewall Check:`````````````` 
Avira Desktop   
 Antivirus up to date!  (On Access scanning disabled!) 
`````````Anti-malware/Other Utilities Check:````````` 
 CCleaner     
 Java 7 Update 55  
 Adobe Flash Player 9 Flash Player out of Date! 
 Adobe Flash Player 10 Flash Player out of Date! 
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbam.exe  
 Avira Antivir avgnt.exe 
 Avira Antivir avguard.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````
         

FRST Logfile:

FRST Logfile:

Code: Alles auswählenAufklappen

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:10-05-2014
Ran by ina (administrator) on INA-PC on 10-05-2014 10:36:15
Running from C:\Users\ina\Desktop
Platform: Microsoft Windows 7 Home Premium  (X86) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe
() C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe
() C:\Program Files\CyberLink\Shared files\RichVideo.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(SEC) C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe
(SAMSUNG Electronics) C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(CyberLink) C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
(CyberLink Corp.) C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
(DoctorSoft) C:\Program Files\AnyPC Client\APLangApp.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Adobe Systems Inc.) C:\Program Files\Acrobat 8.0\Acrobat\acrotray.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(1und1 Mail und Media GmbH) C:\Program Files\GMX MailCheck\IE\GMX_MailCheck_Broker.exe
(Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(1&1 Mail & Media GmbH) C:\Program Files\GMX\GMX Upload-Manager\DAVSRV.EXE
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Dropbox, Inc.) C:\Users\ina\AppData\Roaming\Dropbox\bin\Dropbox.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.exe
(Macrovision Europe Ltd.) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.bin
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
() C:\Program Files\Samsung\Samsung Update Plus\SUPNotifier.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbam.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [8092192 2009-11-21] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1578280 2009-10-10] (Synaptics Incorporated)
HKLM\...\Run: [UpdateLBPShortCut] => C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM\...\Run: [CLMLServer] => C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe [103720 2009-06-03] (CyberLink)
HKLM\...\Run: [UpdateP2GoShortCut] => C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM\...\Run: [UpdatePDRShortCut] => C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe [222504 2008-01-04] (CyberLink Corp.)
HKLM\...\Run: [RemoteControl8] => C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe [91432 2009-04-15] (CyberLink Corp.)
HKLM\...\Run: [PDVD8LanguageShortcut] => C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe [50472 2009-04-15] (CyberLink Corp.)
HKLM\...\Run: [UpdatePPShortCut] => C:\Program Files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe [218408 2008-12-03] (CyberLink Corp.)
HKLM\...\Run: [UpdatePSTShortCut] => C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe [210216 2009-07-21] (CyberLink Corp.)
HKLM\...\Run: [APLangApp] => C:\Program Files\AnyPC Client\APLangApp.exe [13312 2009-10-20] (DoctorSoft)
HKLM\...\Run: [UCam_Menu] => C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM\...\Run: [Adobe_ID0EYTHM] => C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3Tray.exe [1884160 2007-03-20] (Adobe Systems Incorporated)
HKLM\...\Run: [Acrobat Assistant 8.0] => C:\Program Files\Acrobat 8.0\Acrobat\Acrotray.exe [620152 2006-10-22] (Adobe Systems Inc.)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-11-28] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152544 2012-12-12] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-25] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [MailCheck IE Broker] => C:\Program Files\GMX MailCheck\IE\GMX_MailCheck_Broker.exe [1772096 2014-04-24] (1und1 Mail und Media GmbH)
HKU\S-1-5-21-1871111397-3539990770-1974983793-1000\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-01-17] (Google Inc.)
HKU\S-1-5-21-1871111397-3539990770-1974983793-1000\...\Run: [GMX_GMX Upload-Manager] => C:\Program Files\GMX\GMX Upload-Manager\DAVSRV.EXE [940128 2010-11-19] (1&1 Mail & Media GmbH)
HKU\S-1-5-21-1871111397-3539990770-1974983793-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-01-17] (Google Inc.)
HKU\S-1-5-21-1871111397-3539990770-1974983793-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [GMX_GMX Upload-Manager] => C:\Program Files\GMX\GMX Upload-Manager\DAVSRV.EXE [940128 2010-11-19] (1&1 Mail & Media GmbH)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat - Schnellstart.lnk
ShortcutTarget: Adobe Acrobat - Schnellstart.lnk -> C:\Windows\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_Acrobat.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
ShortcutTarget: Adobe Reader Synchronizer.lnk -> C:\Program Files\Acrobat 8.0\Acrobat\AdobeCollabSync.exe ()
Startup: C:\Users\ina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\ina\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\ina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN
SearchScopes: HKCU - DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ADFA_de
SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ADFA_de
SearchScopes: HKCU - {7C9F9AFC-1B2A-4269-8E91-6613FF649847} URL = hxxp://search.gmx.com/web?q={searchTerms}&origin=tb_splugin_ie
SearchScopes: HKCU - {7DD472E5-D1C1-41BB-959C-FEDAD33D7FDD} URL = hxxp://go.web.de/tb/ie_searchplugin/?su={searchTerms}
SearchScopes: HKCU - {906B5895-30B2-4904-914C-650974005CB7} URL = hxxp://go.1und1.de/tb/ie_searchplugin/?su={searchTerms}
SearchScopes: HKCU - {BCB191CC-9A3A-416B-ACE2-2500BAC00922} URL = hxxp://go.gmx.net/tb/ie_searchplugin/?su={searchTerms}
BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
BHO: GMX MailCheck BHO - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Program Files\GMX MailCheck\IE\GMX_MailCheck.dll (1und1 Mail und Media GmbH)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E4CF4E86-D0DC-4864-8F0E-4F6EA2526334} hxxp://img.ui-portal.de/webde/smartdrive/activex/gmxnet_osupload_2002.cab
Handler: gmx - {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Program Files\GMX MailCheck\IE\GMX_MailCheck.dll (1und1 Mail und Media GmbH)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\3.0.40624.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.3 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)

========================== Services (Whitelisted) =================

S3 Adobe Version Cue CS3; C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe [153792 2007-03-20] (Adobe Systems Incorporated)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [440400 2014-02-25] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-25] (Avira Operations GmbH & Co. KG)
R2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation)
R2 OberonGameConsoleService; C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe [44312 2009-08-13] ()
R2 RichVideo; C:\Program Files\CyberLink\Shared files\RichVideo.exe [247152 2009-07-07] ()
S2 McMPFSvc; "C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [X]

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\windows\System32\DRIVERS\avgntflt.sys [90400 2014-02-25] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\windows\System32\DRIVERS\avipbb.sys [135648 2014-02-25] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\windows\System32\DRIVERS\avkmgr.sys [37352 2014-02-25] (Avira Operations GmbH & Co. KG)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [23256 2014-04-03] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [107736 2014-05-10] (Malwarebytes Corporation)
R1 ssmdrv; C:\windows\System32\DRIVERS\ssmdrv.sys [28520 2014-02-25] (Avira GmbH)
R1 uigxrdr; C:\windows\System32\DRIVERS\uigxrdr.sys [144896 2010-11-19] (1&1 Mail & Media GmbH)
R3 yukonw7; C:\windows\System32\DRIVERS\yk62x86.sys [315392 2009-09-28] ()
U5 AppMgmt; C:\windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\Users\ina\AppData\Local\Temp\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-10 10:33 - 2014-05-10 10:33 - 00001037 _____ () C:\Users\ina\Desktop\checkup.txt
2014-05-10 10:33 - 2014-05-10 10:33 - 00000000 ____D () C:\Users\ina\Desktop\FRST-OlderVersion
2014-05-09 18:02 - 2014-05-09 18:02 - 00855379 _____ () C:\Users\ina\Desktop\SecurityCheck.exe
2014-05-09 18:00 - 2014-05-09 18:00 - 02347384 _____ (ESET) C:\Users\ina\Desktop\esetsmartinstaller_deu.exe
2014-05-08 19:37 - 2014-05-08 19:37 - 00000646 _____ () C:\Users\ina\Desktop\JRT.txt
2014-05-08 19:30 - 2014-05-08 19:30 - 00000000 ____D () C:\windows\ERUNT
2014-05-08 19:26 - 2014-05-08 19:26 - 00002199 _____ () C:\Users\ina\Desktop\AdwCleaner[S0].txt
2014-05-08 19:17 - 2014-05-08 19:20 - 00000000 ____D () C:\AdwCleaner
2014-05-08 19:15 - 2014-05-08 19:15 - 00001130 _____ () C:\Users\ina\Desktop\mbam.txt
2014-05-08 18:54 - 2014-05-08 18:54 - 01316991 _____ () C:\Users\ina\Desktop\adwcleaner.exe
2014-05-08 18:54 - 2014-05-08 18:54 - 01016261 _____ (Thisisu) C:\Users\ina\Desktop\JRT.exe
2014-05-07 20:24 - 2014-05-07 20:24 - 00012766 _____ () C:\ComboFix.txt
2014-05-07 19:56 - 2014-05-07 19:56 - 03218352 _____ (McAfee, Inc.) C:\Users\ina\Desktop\MCPR.exe
2014-05-07 19:24 - 2014-05-07 20:24 - 00000000 ____D () C:\Qoobox
2014-05-07 19:24 - 2014-05-07 20:22 - 00000000 ____D () C:\windows\erdnt
2014-05-07 19:24 - 2011-06-26 08:45 - 00256000 _____ () C:\windows\PEV.exe
2014-05-07 19:24 - 2010-11-07 19:20 - 00208896 _____ () C:\windows\MBR.exe
2014-05-07 19:24 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe
2014-05-07 19:24 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe
2014-05-07 19:24 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe
2014-05-07 19:24 - 2000-08-31 02:00 - 00098816 _____ () C:\windows\sed.exe
2014-05-07 19:24 - 2000-08-31 02:00 - 00080412 _____ () C:\windows\grep.exe
2014-05-07 19:24 - 2000-08-31 02:00 - 00068096 _____ () C:\windows\zip.exe
2014-05-07 19:21 - 2014-05-07 19:21 - 05200039 ____R (Swearware) C:\Users\ina\Desktop\ComboFix.exe
2014-05-07 19:18 - 2014-05-07 19:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GMX MailCheck
2014-05-07 19:18 - 2014-05-07 19:18 - 00000000 ____D () C:\Program Files\GMX MailCheck
2014-05-07 19:16 - 2014-05-09 17:55 - 00001243 _____ () C:\windows\setupact.log
2014-05-07 19:16 - 2014-05-08 19:21 - 00096076 _____ () C:\windows\PFRO.log
2014-05-07 19:16 - 2014-05-07 19:16 - 00000000 _____ () C:\windows\setuperr.log
2014-05-07 15:55 - 2014-05-08 19:43 - 00018952 _____ () C:\Users\ina\Desktop\Addition.txt
2014-05-07 15:54 - 2014-05-10 10:36 - 00015519 _____ () C:\Users\ina\Desktop\FRST.txt
2014-05-07 15:54 - 2014-05-10 10:36 - 00000000 ____D () C:\FRST
2014-05-07 15:41 - 2014-05-10 10:33 - 01054720 _____ (Farbar) C:\Users\ina\Desktop\FRST.exe
2014-05-07 15:29 - 2014-05-07 15:29 - 00013824 ___SH () C:\Users\ina\Desktop\Thumbs.db
2014-05-07 15:29 - 2014-05-07 15:29 - 00008749 _____ () C:\Users\ina\Desktop\mwbam.txt
2014-05-07 14:19 - 2014-05-07 14:19 - 00069240 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avnetflt.sys
2014-05-07 14:03 - 2014-05-07 14:03 - 00000000 ____D () C:\Users\ina\AppData\Roaming\Avira
2014-05-07 14:00 - 2014-05-07 14:00 - 00002016 _____ () C:\Users\Public\Desktop\Avira Control Center.lnk
2014-05-07 14:00 - 2014-05-07 14:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-05-07 14:00 - 2014-05-07 14:00 - 00000000 ____D () C:\ProgramData\Avira
2014-05-07 14:00 - 2014-05-07 14:00 - 00000000 ____D () C:\Program Files\Avira
2014-05-07 14:00 - 2014-02-25 11:41 - 00135648 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avipbb.sys
2014-05-07 14:00 - 2014-02-25 11:41 - 00090400 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avgntflt.sys
2014-05-07 14:00 - 2014-02-25 11:41 - 00037352 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avkmgr.sys
2014-05-07 14:00 - 2014-02-25 11:41 - 00028520 _____ (Avira GmbH) C:\windows\system32\Drivers\ssmdrv.sys
2014-05-07 13:52 - 2014-05-07 13:52 - 00000000 ____D () C:\ProgramData\UUdb
2014-05-07 13:51 - 2014-05-07 13:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-05-07 13:51 - 2014-05-07 13:51 - 00000000 ____D () C:\Program Files\CCleaner
2014-05-07 13:49 - 2014-05-07 13:49 - 00004241 _____ () C:\windows\system32\jupdate-1.7.0_55-b14.log
2014-05-07 13:49 - 2014-05-07 13:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-05-07 13:49 - 2014-04-14 20:13 - 00094632 _____ (Oracle Corporation) C:\windows\system32\WindowsAccessBridge.dll
2014-05-07 13:49 - 2014-04-14 20:05 - 00264616 _____ (Oracle Corporation) C:\windows\system32\javaws.exe
2014-05-07 13:49 - 2014-04-14 20:05 - 00175528 _____ (Oracle Corporation) C:\windows\system32\javaw.exe
2014-05-07 13:49 - 2014-04-14 20:04 - 00175016 _____ (Oracle Corporation) C:\windows\system32\java.exe
2014-05-06 16:18 - 2014-05-10 10:20 - 00107736 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-06 16:17 - 2014-05-06 16:17 - 00001064 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-05-06 16:17 - 2014-05-06 16:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-05-06 16:17 - 2014-05-06 16:17 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-06 16:17 - 2014-05-06 16:17 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2014-05-06 16:17 - 2014-04-03 09:51 - 00073432 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-05-06 16:17 - 2014-04-03 09:51 - 00051416 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-05-06 16:17 - 2014-04-03 09:50 - 00023256 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-05-06 16:16 - 2014-05-06 16:00 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\ina\Desktop\mbam-setup-2.0.1.1004.exe
2014-05-06 16:15 - 2014-05-06 16:03 - 138607664 _____ () C:\Users\ina\Desktop\avira_free_antivirus614_de.exe
2014-04-25 21:13 - 2014-04-25 21:13 - 00129814 _____ () C:\Users\ina\Downloads\kontoauszüge.zip
2014-04-25 20:56 - 2014-05-09 17:57 - 00000000 ___RD () C:\Users\ina\Dropbox
2014-04-25 20:56 - 2014-04-25 20:56 - 00001035 _____ () C:\Users\ina\Desktop\Dropbox.lnk
2014-04-25 20:52 - 2014-04-25 20:56 - 00000000 ____D () C:\Users\ina\AppData\Roaming\DropboxMaster
2014-04-25 20:52 - 2014-04-25 20:52 - 00000000 ____D () C:\Users\ina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-04-25 20:49 - 2014-05-09 17:57 - 00000000 ____D () C:\Users\ina\AppData\Roaming\Dropbox
2014-04-14 21:10 - 2014-04-14 21:10 - 00001309 _____ () C:\Users\ina\Downloads\altmuehltal_Mo.mpjs

==================== One Month Modified Files and Folders =======

2014-05-10 10:36 - 2014-05-07 15:54 - 00015519 _____ () C:\Users\ina\Desktop\FRST.txt
2014-05-10 10:36 - 2014-05-07 15:54 - 00000000 ____D () C:\FRST
2014-05-10 10:33 - 2014-05-10 10:33 - 00001037 _____ () C:\Users\ina\Desktop\checkup.txt
2014-05-10 10:33 - 2014-05-10 10:33 - 00000000 ____D () C:\Users\ina\Desktop\FRST-OlderVersion
2014-05-10 10:33 - 2014-05-07 15:41 - 01054720 _____ (Farbar) C:\Users\ina\Desktop\FRST.exe
2014-05-10 10:30 - 2011-01-17 22:04 - 00001088 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-10 10:20 - 2014-05-06 16:18 - 00107736 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-10 10:20 - 2011-01-17 22:04 - 00001092 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-10 10:20 - 2009-12-05 04:40 - 01565953 _____ () C:\windows\WindowsUpdate.log
2014-05-09 18:03 - 2009-07-14 06:34 - 00014512 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-09 18:03 - 2009-07-14 06:34 - 00014512 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-09 18:02 - 2014-05-09 18:02 - 00855379 _____ () C:\Users\ina\Desktop\SecurityCheck.exe
2014-05-09 18:00 - 2014-05-09 18:00 - 02347384 _____ (ESET) C:\Users\ina\Desktop\esetsmartinstaller_deu.exe
2014-05-09 17:57 - 2014-04-25 20:56 - 00000000 ___RD () C:\Users\ina\Dropbox
2014-05-09 17:57 - 2014-04-25 20:49 - 00000000 ____D () C:\Users\ina\AppData\Roaming\Dropbox
2014-05-09 17:56 - 2010-04-30 20:34 - 00000000 ____D () C:\Users\ina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite
2014-05-09 17:55 - 2014-05-07 19:16 - 00001243 _____ () C:\windows\setupact.log
2014-05-09 17:55 - 2009-07-14 06:53 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-05-08 22:04 - 2009-07-26 22:06 - 01472002 _____ () C:\windows\system32\PerfStringBackup.INI
2014-05-08 19:43 - 2014-05-07 15:55 - 00018952 _____ () C:\Users\ina\Desktop\Addition.txt
2014-05-08 19:37 - 2014-05-08 19:37 - 00000646 _____ () C:\Users\ina\Desktop\JRT.txt
2014-05-08 19:30 - 2014-05-08 19:30 - 00000000 ____D () C:\windows\ERUNT
2014-05-08 19:26 - 2014-05-08 19:26 - 00002199 _____ () C:\Users\ina\Desktop\AdwCleaner[S0].txt
2014-05-08 19:21 - 2014-05-07 19:16 - 00096076 _____ () C:\windows\PFRO.log
2014-05-08 19:20 - 2014-05-08 19:17 - 00000000 ____D () C:\AdwCleaner
2014-05-08 19:15 - 2014-05-08 19:15 - 00001130 _____ () C:\Users\ina\Desktop\mbam.txt
2014-05-08 18:54 - 2014-05-08 18:54 - 01316991 _____ () C:\Users\ina\Desktop\adwcleaner.exe
2014-05-08 18:54 - 2014-05-08 18:54 - 01016261 _____ (Thisisu) C:\Users\ina\Desktop\JRT.exe
2014-05-07 20:24 - 2014-05-07 20:24 - 00012766 _____ () C:\ComboFix.txt
2014-05-07 20:24 - 2014-05-07 19:24 - 00000000 ____D () C:\Qoobox
2014-05-07 20:24 - 2009-07-14 04:37 - 00000000 __RHD () C:\Users\Default
2014-05-07 20:24 - 2009-07-14 04:37 - 00000000 ___RD () C:\Users\Public
2014-05-07 20:22 - 2014-05-07 19:24 - 00000000 ____D () C:\windows\erdnt
2014-05-07 20:18 - 2009-07-14 04:04 - 00000215 _____ () C:\windows\system.ini
2014-05-07 19:57 - 2009-07-14 04:37 - 00000000 ____D () C:\windows\system32\config\Journal
2014-05-07 19:56 - 2014-05-07 19:56 - 03218352 _____ (McAfee, Inc.) C:\Users\ina\Desktop\MCPR.exe
2014-05-07 19:45 - 2010-12-13 22:21 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-05-07 19:24 - 2009-07-14 06:53 - 00032632 _____ () C:\windows\Tasks\SCHEDLGU.TXT
2014-05-07 19:21 - 2014-05-07 19:21 - 05200039 ____R (Swearware) C:\Users\ina\Desktop\ComboFix.exe
2014-05-07 19:18 - 2014-05-07 19:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GMX MailCheck
2014-05-07 19:18 - 2014-05-07 19:18 - 00000000 ____D () C:\Program Files\GMX MailCheck
2014-05-07 19:16 - 2014-05-07 19:16 - 00000000 _____ () C:\windows\setuperr.log
2014-05-07 15:29 - 2014-05-07 15:29 - 00013824 ___SH () C:\Users\ina\Desktop\Thumbs.db
2014-05-07 15:29 - 2014-05-07 15:29 - 00008749 _____ () C:\Users\ina\Desktop\mwbam.txt
2014-05-07 14:19 - 2014-05-07 14:19 - 00069240 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avnetflt.sys
2014-05-07 14:03 - 2014-05-07 14:03 - 00000000 ____D () C:\Users\ina\AppData\Roaming\Avira
2014-05-07 14:00 - 2014-05-07 14:00 - 00002016 _____ () C:\Users\Public\Desktop\Avira Control Center.lnk
2014-05-07 14:00 - 2014-05-07 14:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-05-07 14:00 - 2014-05-07 14:00 - 00000000 ____D () C:\ProgramData\Avira
2014-05-07 14:00 - 2014-05-07 14:00 - 00000000 ____D () C:\Program Files\Avira
2014-05-07 13:54 - 2010-09-27 21:13 - 00000000 ____D () C:\Users\ina\Tracing
2014-05-07 13:54 - 2009-07-26 22:57 - 00000000 ____D () C:\windows\Panther
2014-05-07 13:52 - 2014-05-07 13:52 - 00000000 ____D () C:\ProgramData\UUdb
2014-05-07 13:52 - 2013-09-02 20:57 - 00001978 _____ () C:\Users\ina\Desktop\Amazon.lnk
2014-05-07 13:52 - 2013-09-02 20:57 - 00001972 _____ () C:\Users\ina\Desktop\GMX.lnk
2014-05-07 13:52 - 2013-09-02 20:57 - 00000000 ____D () C:\ProgramData\DesktopIcons
2014-05-07 13:52 - 2013-09-02 20:57 - 00000000 ____D () C:\Program Files\1und1Softwareaktualisierung
2014-05-07 13:51 - 2014-05-07 13:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-05-07 13:51 - 2014-05-07 13:51 - 00000000 ____D () C:\Program Files\CCleaner
2014-05-07 13:49 - 2014-05-07 13:49 - 00004241 _____ () C:\windows\system32\jupdate-1.7.0_55-b14.log
2014-05-07 13:49 - 2014-05-07 13:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-05-07 13:49 - 2013-09-16 22:25 - 00000000 ____D () C:\ProgramData\Oracle
2014-05-07 13:49 - 2011-07-02 15:42 - 00000000 ____D () C:\Program Files\Java
2014-05-06 16:17 - 2014-05-06 16:17 - 00001064 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-05-06 16:17 - 2014-05-06 16:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-05-06 16:17 - 2014-05-06 16:17 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-06 16:17 - 2014-05-06 16:17 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2014-05-06 16:03 - 2014-05-06 16:15 - 138607664 _____ () C:\Users\ina\Desktop\avira_free_antivirus614_de.exe
2014-05-06 16:00 - 2014-05-06 16:16 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\ina\Desktop\mbam-setup-2.0.1.1004.exe
2014-04-25 21:15 - 2011-10-06 20:30 - 00678912 ___SH () C:\Users\ina\Downloads\Thumbs.db
2014-04-25 21:13 - 2014-04-25 21:13 - 00129814 _____ () C:\Users\ina\Downloads\kontoauszüge.zip
2014-04-25 20:56 - 2014-04-25 20:56 - 00001035 _____ () C:\Users\ina\Desktop\Dropbox.lnk
2014-04-25 20:56 - 2014-04-25 20:52 - 00000000 ____D () C:\Users\ina\AppData\Roaming\DropboxMaster
2014-04-25 20:56 - 2010-04-30 20:34 - 00000000 ____D () C:\Users\ina
2014-04-25 20:52 - 2014-04-25 20:52 - 00000000 ____D () C:\Users\ina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-04-14 21:10 - 2014-04-14 21:10 - 00001309 _____ () C:\Users\ina\Downloads\altmuehltal_Mo.mpjs
2014-04-14 20:13 - 2014-05-07 13:49 - 00094632 _____ (Oracle Corporation) C:\windows\system32\WindowsAccessBridge.dll
2014-04-14 20:05 - 2014-05-07 13:49 - 00264616 _____ (Oracle Corporation) C:\windows\system32\javaws.exe
2014-04-14 20:05 - 2014-05-07 13:49 - 00175528 _____ (Oracle Corporation) C:\windows\system32\javaw.exe
2014-04-14 20:04 - 2014-05-07 13:49 - 00175016 _____ (Oracle Corporation) C:\windows\system32\java.exe

Some content of TEMP:
====================
C:\Users\ina\AppData\Local\Temp\avgnt.exe
C:\Users\ina\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpuyaop2.dll
C:\Users\ina\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\windows\explorer.exe => MD5 is legit
C:\windows\system32\winlogon.exe => MD5 is legit
C:\windows\system32\wininit.exe => MD5 is legit
C:\windows\system32\svchost.exe => MD5 is legit
C:\windows\system32\services.exe => MD5 is legit
C:\windows\system32\User32.dll => MD5 is legit
C:\windows\system32\userinit.exe => MD5 is legit
C:\windows\system32\rpcss.dll => MD5 is legit
C:\windows\system32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-05-09 19:07

==================== End Of Log ============================
         

--- --- ---

--- --- ---

Code: Alles auswählenAufklappen

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x86) Version:10-05-2014
Ran by ina at 2014-05-10 10:36:47
Running from C:\Users\ina\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

Adobe Acrobat 8 Professional - English, Français, Deutsch (Version: 8.0.0 - Adobe Systems) Hidden
Adobe Anchor Service CS3 (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Asset Services CS3 (Version: 3 - Adobe Systems Incorporated) Hidden
Adobe Bridge CS3 (Version: 2 - Adobe Systems Incorporated) Hidden
Adobe Bridge Start Meeting (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe BridgeTalk Plugin CS3 (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Camera Raw 4.0 (Version: 4.0 - Adobe Systems Incorporated) Hidden
Adobe CMaps (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Color - Photoshop Specific (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Color Common Settings (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Color EU Recommended Settings (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Color JA Extra Settings (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Color NA Extra Settings (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Creative Suite 3 Design Premium (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Creative Suite 3 Design Premium hinzufügen oder entfernen (HKLM\...\Adobe_061850775b1c6d22bf2a145678e05e0) (Version: 1.0 - Adobe Systems Incorporated)
Adobe Default Language CS3 (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Device Central CS3 (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Dreamweaver CS3 (Version: 9 - Adobe Systems Incorporated) Hidden
Adobe ExtendScript Toolkit 2 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Extension Manager CS3 (Version: 1.8 - Adobe Systems Incorporated) Hidden
Adobe Flash CS3 (Version: 9.0 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 10 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 10.1.102.64 - Adobe Systems Incorporated)
Adobe Flash Player 9 Plugin (HKLM\...\{88D422DB-E9C7-4E16-9D80-2999F4FD6AD9}) (Version: 9.0.45.0 - Adobe Systems, Inc.)
Adobe Flash Video Encoder (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Fonts All (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Help Viewer CS3 (Version: 1 - Adobe Systems Incorporated) Hidden
Adobe Illustrator CS3 (Version: 13.0 - Adobe Systems Incorporated) Hidden
Adobe InDesign CS3 (Version: 5.0 - Adobe Systems Incorporated) Hidden
Adobe InDesign CS3 Icon Handler (Version: 5.0 - Adobe Systems Incorporated) Hidden
Adobe Linguistics CS3 (Version: 3.0.0 - Adobe Systems Incorporated) Hidden
Adobe MotionPicture Color Files (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe PDF Library Files (Version: 8.0 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS3 (Version: 10 - Adobe Systems Incorporated) Hidden
Adobe Setup (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe SING CS3 (Version: 0.1 - Adobe Systems Incorporated) Hidden
Adobe Stock Photos CS3 (Version: 1.5 - Adobe Systems Incorporated) Hidden
Adobe Type Support (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Update Manager CS3 (Version: 5.1.0 - Adobe Systems Incorporated) Hidden
Adobe Version Cue CS3 Client (Version: 3 - Adobe Systems Incorporated) Hidden
Adobe Version Cue CS3 Server (Version: 3.0 - Adobe Systems Incorporated) Hidden
Adobe WAS CS3 (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe WinSoft Linguistics Plugin (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe XMP Panels CS3 (Version: 1.0 - Adobe Systems Incorporated) Hidden
AHV content for Acrobat and Flash (Version: 1 - Adobe Systems Incorporated) Hidden
Alice Greenfingers (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}) (Version:  - Oberon Media)
AnyPC Client (HKLM\...\{1AFA1FEF-8CF9-4A51-AC46-64FAA7F3D9E2}) (Version: 1.0.0.23 - Doctorsoft)
Apple Application Support (HKLM\...\{CCE825DB-347A-4004-A186-5F4A6FDD8547}) (Version: 2.3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{459699C3-9430-4381-964B-4248D87B49F9}) (Version: 6.0.1.3 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Client Installation Program (HKLM\...\{D1434266-0486-4469-B338-A60082CC04E1}) (Version: 1.0.1.0805 - Atheros)
Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.3.350 - Avira)
BatteryLifeExtender (HKLM\...\{853F8A41-A3C9-43FA-87FA-1AE74FC6F3F7}) (Version: 1.0.1 - Samsung)
Bertelsmann Fotowelt (HKLM\...\Bertelsmann Fotowelt) (Version: 5.0.4 - CEWE COLOR AG u Co. OHG)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.13 - Piriform)
Compatibility Pack für 2007 Office System (HKLM\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
CyberLink DVD Suite (HKLM\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 6.0.2806 - CyberLink Corp.)
CyberLink DVD Suite (Version: 6.0.2806 - CyberLink Corp.) Hidden
CyberLink LabelPrint (HKLM\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1916 - CyberLink Corp.)
CyberLink LabelPrint (Version: 2.5.1916 - CyberLink Corp.) Hidden
CyberLink Power2Go (HKLM\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.3108a - CyberLink Corp.)
CyberLink Power2Go (Version: 6.0.3108a - CyberLink Corp.) Hidden
CyberLink PowerDirector (HKLM\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.3213 - CyberLink Corp.)
CyberLink PowerDirector (Version: 7.0.3213 - CyberLink Corp.) Hidden
CyberLink PowerDVD 8 (HKLM\...\InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}) (Version: 8.0.2815b - CyberLink Corp.)
CyberLink PowerDVD 8 (Version: 8.0.2815b - CyberLink Corp.) Hidden
CyberLink PowerProducer (HKLM\...\InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}) (Version: 5.0.1.1812 - CyberLink Corp.)
CyberLink PowerProducer (Version: 5.0.1.1812 - CyberLink Corp.) Hidden
CyberLink YouCam (HKLM\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 2.0.3304 - CyberLink Corp.)
CyberLink YouCam (Version: 2.0.3304 - CyberLink Corp.) Hidden
Dairy Dash (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115053100}) (Version:  - Oberon Media)
Dropbox (HKCU\...\Dropbox) (Version: 2.6.31 - Dropbox, Inc.)
Easy Display Manager (HKLM\...\{17283B95-21A8-4996-97DA-547A48DB266F}) (Version: 3.0 - Samsung Electronics Co., Ltd.)
Easy Network Manager (HKLM\...\{A5675A9E-F073-414A-9A04-F9BCD50459D7}) (Version: 4.2.6 - Samsung)
Easy SpeedUp Manager (HKLM\...\{EF367AA4-070B-493C-9575-85BE59D789C9}) (Version: 3.0.0.5 - Samsung Electronics Co.,Ltd.)
EasyBatteryManager (HKLM\...\{178EE5F4-0F86-4BF0-A0D1-9790AFF409D1}) (Version: 4.0.0.3 - Samsung)
Farm Frenzy 2 (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}) (Version:  - Oberon Media)
Game Pack (HKLM\...\{63eafc52-b963-4297-a7eb-d412944e7065}_is1) (Version: 5.3.0.10 - Oberon Media, Inc.)
GMX Desktop Icons (HKLM\...\1&1 Mail & Media GmbH 1und1DesktopIconsInstaller) (Version: 3.0.5.0 - 1&1 Mail & Media GmbH)
GMX MailCheck für Internet Explorer (HKLM\...\1&1 Mail & Media GmbH Toolbar IE8) (Version: 2.5.1.0 - 1&1 Mail & Media GmbH)
GMX Softwareaktualisierung (HKLM\...\1&1 Mail & Media GmbH 1und1Softwareaktualisierung) (Version: 3.0.0.55 - 1&1 Mail & Media GmbH)
GMX Upload-Manager (HKLM\...\GMX Upload-Manager) (Version: 2.0.636 - 1&1 Mail & Media GmbH)
Go-Go Gourmet (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-114072167}) (Version:  - Oberon Media)
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.24.7 - Google Inc.) Hidden
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1892 - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
iTunes (HKLM\...\{B0261E53-B6F1-474A-864B-E7C3CBF468E0}) (Version: 11.0.1.12 - Apple Inc.)
Java 7 Update 55 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217040FF}) (Version: 7.0.550 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Junk Mail filter update (Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware Version 2.0.1.1004 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)
Marvell Miniport Driver (HKLM\...\Marvell Miniport Driver) (Version: 11.22.3.3 - Marvell)
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Choice Guard (Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft Office Live Add-in 1.3 (HKLM\...\{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}) (Version: 2.0.2313.0 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 3.0.40624.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM\...\{39D0E034-1042-4905-BECB-5502909FCB7C}) (Version: 9.7.0621 - Microsoft Corporation)
MSVCRT (Version: 14.0.1468.721 - Microsoft) Hidden
OpenOffice.org 3.3 (HKLM\...\{4286716B-1287-48E7-9078-3DC8248DBA96}) (Version: 3.3.9567 - OpenOffice.org)
PDF Settings (Version: 1.0 - Adobe Systems Incorporated) Hidden
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5986 - Realtek Semiconductor Corp.)
Samsung Recovery Solution 4 (HKLM\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 4.0.0.4 - Samsung)
Samsung Support Center (HKLM\...\{CCC2B140-B47A-45FA-AAE3-BD60DA41AE00}) (Version: 1.0.21 - Samsung)
Samsung Update Plus (HKLM\...\{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}) (Version: 2.0 - Samsung Electronics Co., Ltd.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 14.0.10.0 - Synaptics Incorporated)
T-Online 6.0 (HKLM\...\{B1275E23-717A-4D52-997A-1AD1E24BC7F3}) (Version:  - )
T-Online WLAN-Access Finder (HKLM\...\{295C31E5-3F91-498E-9623-DA24D2FA2B6A}) (Version:  - )
User Guide (HKLM\...\{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}) (Version: 1.0 - )
Windows Live Call (Version: 14.0.8064.0206 - Microsoft Corporation) Hidden
Windows Live Communications Platform (Version: 14.0.8064.206 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Essentials (Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 14.0.8093.805 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (Version: 14.0.8081.709 - Microsoft Corporation) Hidden
Windows Live Mail (Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live Messenger (Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live Movie Maker (Version: 14.0.8091.0730 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM\...\{76618402-179D-4699-A66B-D351C59436BC}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live Writer (Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live-Uploadtool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)

==================== Restore Points  =========================

27-09-2013 10:22:48 Geplanter Prüfpunkt
07-04-2014 19:27:46 Installed Java 7 Update 51
07-05-2014 11:48:32 Installed Java 7 Update 55

==================== Hosts content: ==========================

2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {110619EF-A0A9-4992-9497-EF4A242695BE} - System32\Tasks\advSRS4 => C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe [2009-10-07] (SEC)
Task: {210FA61D-92F6-4FEE-B312-06AF7D4D93D5} - System32\Tasks\APSchedulerC => C:\Program Files\AnyPC Client\APLanMgrC.exe [2009-10-20] (DoctorSoft)
Task: {2D577A20-059C-43FE-B6C0-1FB82EC956F8} - System32\Tasks\BatteryLifeExtender => C:\Program Files\Samsung\BatteryLifeExtender\BatteryLifeExtender.exe [2009-11-19] (Samsung Electronics. Co. Ltd.)
Task: {36AE1841-8B96-49C1-B110-E620D8D7DB28} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-04-17] (Piriform Ltd)
Task: {3B9AB2A9-EB92-41E8-819C-2440A7A09029} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-01-17] (Google Inc.)
Task: {48A6287D-9267-44E7-99FD-21FCA0982FF8} - System32\Tasks\SUPBackground => C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe [2009-07-24] ()
Task: {672F06DF-7CC5-48DD-9A71-A8F6E27B3CA4} - System32\Tasks\Registration 1und1 Task => C:\Program Files\1und1Softwareaktualisierung\cdsupdclient.exe [2013-06-18] (1&1 Mail & Media GmbH)
Task: {88A49655-48B3-4C5D-8CD2-9B43A4A79D2F} - System32\Tasks\EasyDisplayMgr => C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe [2009-11-04] (Samsung Electronics Co., Ltd.)
Task: {8D4D5684-8FAB-4077-95EB-C9C0BBB68E80} - System32\Tasks\EasySpeedUpManager => C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe [2009-10-13] (Samsung Electronics Co., Ltd.)
Task: {9A171F4D-432A-42AF-A3CC-EBCB4A1C5430} - System32\Tasks\SamsungSupportCenter => C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe [2009-10-26] (SAMSUNG Electronics)
Task: {C02A9DB1-4C19-44BF-BBF5-C2832C7AE439} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {CC0D875C-93E1-46F8-B7B7-80E0B3BCFA41} - System32\Tasks\EasyBatteryManager => C:\Program Files\Samsung\EasyBatteryManager\EasyBatteryMgr4.exe [2009-10-16] (SAMSUNG Electronics co., LTD.)
Task: {D3618680-E03A-4147-BB35-A0A3126DD8DE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-01-17] (Google Inc.)
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-05-07 14:00 - 2014-02-25 11:41 - 00394808 _____ () C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
2012-11-28 15:13 - 2012-11-28 15:13 - 00087952 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2012-11-28 15:13 - 2012-11-28 15:13 - 01242512 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2010-04-30 20:36 - 2009-08-13 21:58 - 00044312 _____ () C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe
2009-12-05 04:50 - 2009-07-07 20:23 - 00247152 ____N () C:\Program Files\CyberLink\Shared files\RichVideo.exe
2009-12-05 04:54 - 2006-08-12 05:48 - 00049152 _____ () C:\Program Files\Samsung\Easy Display Manager\HookDllPS2.dll
2009-06-03 13:59 - 2009-06-03 13:59 - 00619816 ____N () C:\Program Files\CyberLink\Power2Go\CLMediaLibrary.dll
2009-06-03 13:59 - 2009-06-03 13:59 - 00013096 ____N () C:\Program Files\CyberLink\Power2Go\CLMLSvcPS.dll
2014-05-09 17:56 - 2014-05-09 17:56 - 00041984 _____ () c:\users\ina\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpuyaop2.dll
2014-04-25 20:52 - 2013-10-19 01:55 - 25100288 _____ () C:\Users\ina\AppData\Roaming\Dropbox\bin\libcef.dll
2011-01-17 16:19 - 2011-07-02 15:44 - 00985088 _____ () C:\Program Files\OpenOffice.org 3\program\libxml2.dll
2009-12-05 04:45 - 2009-07-24 06:46 - 00650920 _____ () C:\Program Files\Samsung\Samsung Update Plus\SUPNotifier.exe
2009-12-05 04:45 - 2009-05-13 10:51 - 00155648 _____ () C:\Program Files\Samsung\Samsung Update Plus\HMXML.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"

==================== EXE Association (whitelisted) =============


==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (05/08/2014 08:17:40 PM) (Source: SideBySide) (User: ) (EventID: 33)
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (05/08/2014 08:17:06 PM) (Source: SideBySide) (User: ) (EventID: 33)
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".


System errors:
=============
Error: (05/09/2014 05:55:51 PM) (Source: Service Control Manager) (User: ) (EventID: 7003)
Description: Der Dienst "McAfee Personal Firewall Service" ist von folgendem Dienst abhängig: MfeFire. Dieser Dienst ist eventuell nicht installiert.

Error: (05/08/2014 10:01:26 PM) (Source: Service Control Manager) (User: ) (EventID: 7003)
Description: Der Dienst "McAfee Personal Firewall Service" ist von folgendem Dienst abhängig: MfeFire. Dieser Dienst ist eventuell nicht installiert.


Microsoft Office Sessions:
=========================
Error: (05/08/2014 08:17:40 PM) (Source: SideBySide) (User: ) (EventID: 33)
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\Program Files\Samsung\BatteryLifeExtender\Drv\SABI2x64\KStartMem.exe.Manifest

Error: (05/08/2014 08:17:06 PM) (Source: SideBySide) (User: ) (EventID: 33)
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\Program Files\Samsung\Samsung Support Center\Drv\drv2x64\KStartMem.exe.Manifest


==================== Memory info =========================== 

Percentage of memory in use: 43%
Total physical RAM: 2008.61 MB
Available physical RAM: 1133.06 MB
Total Pagefile: 4017.21 MB
Available Pagefile: 2688.84 MB
Total Virtual: 2047.88 MB
Available Virtual: 1920.13 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:111.07 GB) (Free:50.51 GB) NTFS
Drive d: () (Fixed) (Total:106.72 GB) (Free:106.48 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 233 GB) (Disk ID: 0E0EF5DF)
Partition 1: (Not Active) - (Size=15 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=111 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=107 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         

Fertig

Die Reihenfolge ist hier entscheidend.

1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
   • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
   • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
   • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
3. Downloade Dir bitte auf jeden Fall DelFix auf deinen Desktop:
   • Schließe alle offenen Programme.
   • Starte die delfix.exe mit einem Doppelklick.
   • Setze vor jede Funktion ein Häkchen.
   • Klicke auf Start.
   • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
   • Starte deinen Rechner abschließend neu.
4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.

Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun

Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.

• Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
• Windows Updates
  • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
  • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
• Gehe sicher das die automatischen Updates aktiviert sind.
• Software Updates
  Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
  Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.

Anti- Viren Software

• Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.

Zusätzlicher Schutz

• MalwareBytes Anti Malware
  Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
  Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
  Ein Tutorial zur Verwendung findest Du hier.
• WinPatrol
  Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.

Sicheres Browsen

• SpywareBlaster
  Eine kurze Einführung findest du Hier
• MVPs hosts file
  Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
• WOT (Web of trust)
  Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.

Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.

• Opera
• Mozilla Firefox.
  • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
  • NoScript
    Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    
  • AdblockPlus
    Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
    Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts

• Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
• verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
• Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
• Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe

Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.

VIELEN DANK schrauber!!!

Hat alles super geklappt!

Und noch !Danke! für die vielen Tipps für die Sicherheit!

Schönen Sonntag noch!
Gruß,
Tanja

Gern Geschehen