Trojaner: Trojan-Ransom.Win32.Foreign blockiert Rechner

winlocked · 22.06.2014, 15:44

Hallo,
ich habe mir auf meinem Notebook (WIN7, Internet Explorer) den oben genannten Trojaner eingefangen. Es erscheint nach dem Booten das bekannte Bild der "BKA-Seite". Folgende Lösungsversuche habe ich bisher unternommen:
1. Kaspersky Rescue Disk 10
-> Virenscan und "windowsunlocker" über Terminalmodus versucht
-> kein Erfolg, 2. versuch läuft gerade
2. Booten im abgesicherter Modus zwischen dem ersten und 2. Versuch mit der Kapersky Disk
-> Normaler abgesicherter Modus führt zu sofortigem Restart
-> Abgesicherter Modus mit Eingabeaufforderung führt zum gleichen Ergebnis

Kaspersky Virenscan meldet den folgenden Fund:
Gefunden: "Trojan-Ransom.Win32.Foreign.kxpu" an mehreren Orten
und meldet dann:
Nicht desinfizierte Objekte: "Trojan-Ransom.Win32.Foreign.kxpu"
mit dem Grund:#"Zurückgestellt"

Es wäre klasse, wenn mir jemand helfen könnte.

Vielen Dank.

deeprybka · 22.06.2014, 15:47

Mein Name ist Jürgen und ich werde Dir bei Deinem Problem behilflich sein. Zusammen schaffen wir das...

Bitte arbeite alle Schritte der Reihe nach ab.
Lese die Anleitungen sorgfältig durch bevor Du beginnst. Wenn es Probleme gibt oder Du etwas nicht verstehst, dann stoppe mit Deiner Ausführung und beschreibe mir das Problem.
Führe bitte nur Scans durch, zu denen Du von mir aufgefordert wurdest.
Bitte kein Crossposting (posten in mehreren Foren).
Installiere oder deinstalliere während der Bereinigung keine Software, außer Du wurdest dazu aufgefordert.
Speichere alle unsere Tools auf dem Desktop ab.
Poste die Logfiles direkt in Deinen Thread in Code-Tags.
Bedenke, dass wir hier alle während unserer Freizeit tätig sind, wenn du innerhalb von 24 Stunden nichts von mir liest, dann schreibe mir bitte eine PM.

Hinweis:
Ich kann Dir niemals eine Garantie geben, dass wir alle schädlichen Dateien finden werden.
Eine Formatierung ist meist der schnellere und immer der sicherste Weg, aber auch nur bei wirklicher Malware empfehlenswert.
Adware & Co. können wir sehr gut entfernen.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis Du mein clean bekommst.

Los geht's:

Scan mit Farbar's Recovery Scan Tool (Recovery Mode - Windows Vista, 7, 8)

Hinweise für Windows 8-Nutzer: Anleitung 1 (FRST-Variante) und Anleitung 2 (zweiter Teil)

Downloade dir bitte die passende Version des Tools (im Zweifel beide) und speichere diese auf einen USB Stick: FRST 32-Bit | FRST 64-Bit

Schließe den USB Stick an das infizierte System an und boote das System in die System Reparatur Option.

Scanne jetzt nach der bebilderten Anleitung oder verwende die folgende Kurzanleitung:

Über den Boot Manager:

Starte den Rechner neu.

Während dem Hochfahren drücke mehrmals die F8 Taste

Wähle nun Computer reparieren.

Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".

Mit Windows CD/DVD (auch bei Windows 8 möglich):

Lege die Windows CD in dein Laufwerk.

Starte den Rechner neu und starte von der CD.

Wähle die Spracheinstellungen und klicke "Weiter".

Klicke auf Computerreparaturoptionen !

Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".

Wähle in den Reparaturoptionen: Eingabeaufforderung

Gib nun bitte notepad ein und drücke Enter.

Im öffnenden Textdokument: Datei > Speichern unter... und wähle Computer.
Hier wird dir der Laufwerksbuchstabe deines USB Sticks angezeigt, merke ihn dir.

Schließe Notepad wieder

Gib nun bitte folgenden Befehl ein.
e:\frst.exe bzw. e:\frst64.exe
Hinweis: e steht für den Laufwerksbuchstaben deines USB Sticks, den du dir gemerkt hast. Gegebenfalls anpassen.

Akzeptiere den Disclaimer mit Ja und klicke Untersuchen

Das Tool erstellt eine FRST.txt auf deinem USB Stick. Poste den Inhalt bitte hier nach Möglichkeit in Code-Tags (Anleitung).

Lesestoff
Posten in CODE-Tags: So gehts...
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert uns massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

winlocked · 22.06.2014, 16:16

Hallo Jürgen,
gerade ist der zweite Durchgang der Kaspersky Rescue Disk durch. Diesmal hat er den Trojaner gelöscht :-).
Soll ich dennoch Deinen Anweisungen folgen, um sicher zu gehen, dass alles weg ist?
Grüße
Jörg

deeprybka · 22.06.2014, 16:18

Ja, da machste am besten einen Scan mit FRST im Normalmodus.... die Anleitung oben ist nur gültig wenn der PC gesperrt ist...

Schritt 1

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

winlocked · 22.06.2014, 17:03

Hallo Jürgen,

anbei die beiden Log-Files:

FRST.txt

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:21-06-2014 01
Ran by Joerg (administrator) on NW8440 on 22-06-2014 17:21:23
Running from C:\Users\Joerg\Desktop
Platform: Windows 7 Ultimate (X86) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(devolo AG) C:\Program Files\devolo\dlan\devolonetsvc.exe
() C:\Program Files\Polar\Daemon\polard.exe
() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
() C:\Program Files\Real\UpdateService\RealPlayerUpdateSvc.exe
(VMware, Inc.) C:\Program Files\VMware\VMware View\Client\bin\wsnm.exe
(PFU LIMITED) C:\Windows\SSDriver\fi5110\SsWiaChecker.exe
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\Update\realsched.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe
(O3SIS AG) C:\Program Files\Deutsche Telekom\DataSync Outlook\DataSync Outlook.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
(PFU LIMITED) C:\Program Files\PFU\ScanSnap\CardMinder\CardLauncher.exe
(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\RPDS\Bin\rpsystray.exe
(PFU LIMITED) C:\Program Files\PFU\ScanSnap\Driver\PfuSsMon.exe
() C:\Program Files\WISO\Steuersoftware 2014\mshaktuell.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Nero AG) C:\Program Files\Nero\Update\NASvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM\...\Run: [ScanSnap WIA Service Checker] => C:\Windows\SSDriver\fi5110\SsWiaChecker.exe [86016 2009-09-30] (PFU LIMITED)
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2009-03-12] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [ArcSoft Connection Service] => C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [737872 2014-06-09] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKLM\...\Run: [TkBellExe] => c:\program files\real\realplayer\Update\realsched.exe [296520 2014-05-01] (RealNetworks, Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-05-07] (Oracle Corporation)
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] C:\$Recycle.Bin\S-1-5-18\$022b937d3d4b713b32d7fd93c506b28e\n. ATTENTION! ====> ZeroAccess?
HKU\S-1-5-21-1486621387-3127899674-3502170536-1000\...\Run: [DataSync Outlook] => C:\Program Files\Deutsche Telekom\DataSync Outlook\DataSync Outlook.exe [720896 2009-12-07] (O3SIS AG)
HKU\S-1-5-21-1486621387-3127899674-3502170536-1000\...\Run: [MobileDocuments] => C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
HKU\S-1-5-21-1486621387-3127899674-3502170536-1000\...\Run: [] => [X]
HKU\S-1-5-21-1486621387-3127899674-3502170536-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [18709248 2013-01-08] (Skype Technologies S.A.)
HKU\S-1-5-21-1486621387-3127899674-3502170536-1000\...\Run: [iCloudServices] => C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-10-31] (Apple Inc.)
HKU\S-1-5-21-1486621387-3127899674-3502170536-1000\...\MountPoints2: {52c7a7ee-d237-11e1-a3fd-001a6b179060} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL E:\DT5000_Launcher.exe
HKU\S-1-5-21-1486621387-3127899674-3502170536-1000\...409d6c4515e9\InprocServer32: [Default-shell32] C:\$Recycle.Bin\S-1-5-21-1486621387-3127899674-3502170536-1000\$022b937d3d4b713b32d7fd93c506b28e\n. ATTENTION! ====> ZeroAccess?
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CardMinder Viewer.lnk
ShortcutTarget: CardMinder Viewer.lnk -> C:\Program Files\PFU\ScanSnap\CardMinder\CardLauncher.exe (PFU LIMITED)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\In PDF-Datei mit ScanSnap Organizer konvertieren.lnk
ShortcutTarget: In PDF-Datei mit ScanSnap Organizer konvertieren.lnk -> C:\Program Files\PFU\ScanSnap\Organizer\PfuSsOrgOcrChk.exe (PFU LIMITED)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealPlayer Cloud Service UI.lnk
ShortcutTarget: RealPlayer Cloud Service UI.lnk -> C:\Program Files\Real\RealPlayer\RPDS\Bin\rpsystray.exe (RealNetworks, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ScanSnap Manager.lnk
ShortcutTarget: ScanSnap Manager.lnk -> C:\Program Files\PFU\ScanSnap\Driver\PfuSsMon.exe (PFU LIMITED)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Steuer-Sparbuch heute.lnk
ShortcutTarget: WISO Mein Steuer-Sparbuch heute.lnk -> C:\Program Files\WISO\Steuersoftware 2014\mshaktuell.exe ()
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 1 (GFS Unread Stub) -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} => C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 2 (GFS Stub) -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 2.5 (GFS Unread Folder) -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} => C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 3 (GFS Folder) -> {16F3DD56-1AF5-4347-846D-7C10C4192619} => C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 4 (GFS Unread Mark) -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x39AAED8C0D68CC01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1341150438697
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} hxxp://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect119b.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 02 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.60.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.60.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @Nero.com/KM - C:\PROGRA~1\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF Plugin: @real.com/nppl3260;version=17.0.9.17 - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=17.0.9 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=17.0.9 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=17.0.9 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=17.0.9.17 - c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer Cloud)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Program Files\npAmazonMP3DownloaderPlugin101727.dll (Amazon.com, Inc.)
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-05-01]
FF HKLM\...\Firefox\Extensions: [fe_9.0@nokia.com] - C:\Program Files\Nokia\Nokia Suite\Connectors\Bookmarks Connector\FirefoxExtension_9.0
FF HKLM\...\Firefox\Extensions: [{53D8DD28-1C83-41F3-B171-C2ED5B3E5DE8}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-05-01]
FF HKLM\...\Thunderbird\Extensions: [te_9.0@nokia.com] - C:\Program Files\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_9.0

Chrome: 
=======
CHR HomePage: hxxp://www.google.com
CHR RestoreOnStartup: "hxxp://www.google.com"
CHR DefaultSearchURL: {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\22.0.1229.94\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.10.8) - C:\Program Files\Java\jre7\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U1) - C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Version Plugin) - c:\program files\real\realplayer\Netscape6\nprpjplug.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\22.0.1229.94\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\22.0.1229.94\pdf.dll No File
CHR Plugin: (Nero Kwik Media Helper) - C:\PROGRA~1\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll No File
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
CHR Plugin: (RealJukebox NS Plugin) - c:\program files\real\realplayer\Netscape6\nprjplug.dll No File
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR Extension: (YouTube) - C:\Users\Joerg\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-25]
CHR Extension: (Google Search) - C:\Users\Joerg\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-25]
CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Users\Joerg\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk [2011-11-06]
CHR Extension: (Skype Click to Call) - C:\Users\Joerg\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2012-11-11]
CHR Extension: (Gmail) - C:\Users\Joerg\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-25]
CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2014-04-06]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2012-11-22]

========================== Services (Whitelisted) =================

R2 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [430160 2014-06-09] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [430160 2014-06-09] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [1039440 2014-06-09] (Avira Operations GmbH & Co. KG)
R2 DevoloNetworkService; C:\Program Files\devolo\dlan\devolonetsvc.exe [3304768 2010-12-23] (devolo AG)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 NAUpdate; C:\Program Files\Nero\Update\NASvc.exe [690472 2011-07-22] (Nero AG)
R2 Polar Daemon; C:\Program Files\Polar\Daemon\polard.exe [413184 2012-08-17] () [File not signed]
R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39568 2014-04-06] ()
R2 RealPlayer Cloud Service; c:\program files\real\realplayer\RPDS\Bin\rpdsvc.exe [1141848 2014-05-01] (RealNetworks, Inc.)
R2 RealPlayerUpdateSvc; C:\Program Files\Real\UpdateService\RealPlayerUpdateSvc.exe [23552 2014-04-07] () [File not signed]
S2 VMUSBArbService; C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe [671344 2012-04-10] (VMware, Inc.)
S2 vmware-view-usbd; C:\Program Files\VMware\VMware View\Client\bin\vmware-view-usbd.exe [2370560 2012-05-02] (VMware, Inc.) [File not signed]
S2 Winmgmt; C:\Windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
R2 wsnm; C:\Program Files\VMware\VMware View\Client\bin\wsnm.exe [472176 2012-05-02] (VMware, Inc.)

==================== Drivers (Whitelisted) ====================

R3 Afc; C:\Windows\System32\drivers\Afc.sys [18688 2006-11-10] (Arcsoft, Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [93528 2014-06-09] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2014-06-09] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-11-26] (Avira Operations GmbH & Co. KG)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376920 2014-05-31] (Symantec Corporation)
R2 hcmon; C:\Windows\system32\drivers\hcmon.sys [41456 2012-04-10] (VMware, Inc.)
S3 KMWDFILTERx86; C:\Windows\System32\DRIVERS\KMWDFILTER.sys [25088 2009-04-29] (Windows (R) Codename Longhorn DDK provider)
R2 NPF_devolo; C:\Windows\system32\drivers\npf_devolo.sys [35840 2010-06-10] (CACE Technologies) [File not signed]
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-02-26] (Avira GmbH)
S3 vmusb; C:\Windows\System32\Drivers\vmusb.sys [31280 2012-04-10] (VMware, Inc.)
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [48128 2009-07-14] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-22 17:21 - 2014-06-22 17:22 - 00021411 _____ () C:\Users\Joerg\Desktop\FRST.txt
2014-06-22 17:21 - 2014-06-22 17:21 - 00000000 ____D () C:\FRST
2014-06-22 17:20 - 2014-06-22 16:51 - 01070592 _____ (Farbar) C:\Users\Joerg\Desktop\FRST.exe
2014-06-22 12:51 - 2014-06-22 13:02 - 00006705 _____ () C:\ProgramData\RUNDLL32.EXE-2916-F.txt
2014-06-22 12:19 - 2014-06-22 12:20 - 00000568 _____ () C:\ProgramData\RUNDLL32.EXE-2932-F.txt
2014-06-20 17:01 - 2014-06-20 17:02 - 00000499 _____ () C:\ProgramData\RUNDLL32.EXE-2868-F.txt
2014-06-19 15:24 - 2014-06-19 15:26 - 00001250 _____ () C:\ProgramData\RUNDLL32.EXE-2940-F.txt
2014-06-16 21:13 - 2014-06-16 21:13 - 00000115 _____ () C:\ProgramData\RUNDLL32.EXE-2444-F.txt
2014-06-16 09:16 - 2014-06-16 09:16 - 00000059 _____ () C:\ProgramData\RUNDLL32.EXE-2884-F.txt
2014-06-16 09:13 - 2014-06-16 09:14 - 00000814 _____ () C:\ProgramData\RUNDLL32.EXE-3684-F.txt
2014-06-16 08:18 - 2014-06-22 19:09 - 00000000 ____D () C:\ProgramData\04487DD24E0D21E58B91C85E7CE1B107
2014-06-09 14:34 - 2014-06-09 14:34 - 00000000 ____D () C:\ProgramData\kinoma
2014-06-09 13:55 - 2014-06-09 13:55 - 00000000 ____D () C:\Users\Joerg\Documents\My Books
2014-06-09 13:55 - 2014-06-09 13:55 - 00000000 ____D () C:\Users\Joerg\AppData\Local\kinoma
2014-06-09 13:42 - 2014-06-09 13:42 - 00000000 ____D () C:\Users\Joerg\AppData\Local\Sony Corporation
2014-06-09 13:42 - 2014-06-09 13:42 - 00000000 ____D () C:\Program Files\Sony
2014-06-09 13:35 - 2014-06-09 13:35 - 00000000 ____D () C:\Users\Joerg\AppData\Roaming\Sony Corporation
2014-06-09 13:35 - 2014-06-09 13:35 - 00000000 ____D () C:\ProgramData\Sony Corporation
2014-05-31 10:18 - 2014-05-31 10:18 - 00000000 ____D () C:\ProgramData\Oracle
2014-05-31 10:18 - 2014-05-31 10:18 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-05-31 10:17 - 2014-05-31 10:17 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-05-31 10:17 - 2014-05-31 10:17 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-05-31 10:17 - 2014-05-31 10:17 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-05-31 10:17 - 2014-05-31 10:17 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-05-31 10:17 - 2014-05-31 10:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-05-31 09:54 - 2014-05-31 09:54 - 00001415 _____ () C:\Users\Public\Desktop\Norton Security Scan.LNK
2014-05-31 09:53 - 2014-05-31 09:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security Scan
2014-05-31 09:53 - 2014-05-31 09:53 - 00000000 ____D () C:\Windows\system32\Drivers\NSS
2014-05-31 09:53 - 2014-05-31 09:53 - 00000000 ____D () C:\Program Files\Norton Security Scan

==================== One Month Modified Files and Folders =======

2014-06-22 19:09 - 2014-06-16 08:18 - 00000000 ____D () C:\ProgramData\04487DD24E0D21E58B91C85E7CE1B107
2014-06-22 17:22 - 2014-06-22 17:21 - 00021411 _____ () C:\Users\Joerg\Desktop\FRST.txt
2014-06-22 17:21 - 2014-06-22 17:21 - 00000000 ____D () C:\FRST
2014-06-22 17:15 - 2012-01-20 13:31 - 00000000 ____D () C:\Users\Joerg\AppData\Roaming\Skype
2014-06-22 17:13 - 2011-11-06 14:22 - 00001092 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-22 17:13 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-22 17:13 - 2009-07-14 06:39 - 00099420 _____ () C:\Windows\setupact.log
2014-06-22 16:51 - 2014-06-22 17:20 - 01070592 _____ (Farbar) C:\Users\Joerg\Desktop\FRST.exe
2014-06-22 13:02 - 2014-06-22 12:51 - 00006705 _____ () C:\ProgramData\RUNDLL32.EXE-2916-F.txt
2014-06-22 12:59 - 2009-07-14 06:34 - 00013216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-22 12:59 - 2009-07-14 06:34 - 00013216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-22 12:52 - 2012-04-12 13:20 - 00000000 ____D () C:\Users\Joerg\Documents\Mein Steuer-Sparbuch Heute
2014-06-22 12:20 - 2014-06-22 12:19 - 00000568 _____ () C:\ProgramData\RUNDLL32.EXE-2932-F.txt
2014-06-20 17:02 - 2014-06-20 17:01 - 00000499 _____ () C:\ProgramData\RUNDLL32.EXE-2868-F.txt
2014-06-19 15:26 - 2014-06-19 15:24 - 00001250 _____ () C:\ProgramData\RUNDLL32.EXE-2940-F.txt
2014-06-16 21:13 - 2014-06-16 21:13 - 00000115 _____ () C:\ProgramData\RUNDLL32.EXE-2444-F.txt
2014-06-16 18:11 - 2013-04-09 08:19 - 00000000 ____D () C:\Users\Sabine
2014-06-16 18:11 - 2013-01-05 17:56 - 00000000 ____D () C:\Users\Admin
2014-06-16 18:10 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\registration
2014-06-16 09:16 - 2014-06-16 09:16 - 00000059 _____ () C:\ProgramData\RUNDLL32.EXE-2884-F.txt
2014-06-16 09:14 - 2014-06-16 09:13 - 00000814 _____ () C:\ProgramData\RUNDLL32.EXE-3684-F.txt
2014-06-16 09:05 - 2012-04-06 11:32 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-16 08:48 - 2011-11-06 14:22 - 00002129 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-06-16 08:48 - 2011-11-06 14:22 - 00001096 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-16 08:24 - 2011-08-31 21:23 - 00108824 _____ () C:\Users\Joerg\AppData\Local\GDIPFONTCACHEV1.DAT
2014-06-16 08:14 - 2011-08-31 20:40 - 00000000 ____D () C:\Users\Joerg
2014-06-09 14:34 - 2014-06-09 14:34 - 00000000 ____D () C:\ProgramData\kinoma
2014-06-09 13:55 - 2014-06-09 13:55 - 00000000 ____D () C:\Users\Joerg\Documents\My Books
2014-06-09 13:55 - 2014-06-09 13:55 - 00000000 ____D () C:\Users\Joerg\AppData\Local\kinoma
2014-06-09 13:42 - 2014-06-09 13:42 - 00000000 ____D () C:\Users\Joerg\AppData\Local\Sony Corporation
2014-06-09 13:42 - 2014-06-09 13:42 - 00000000 ____D () C:\Program Files\Sony
2014-06-09 13:35 - 2014-06-09 13:35 - 00000000 ____D () C:\Users\Joerg\AppData\Roaming\Sony Corporation
2014-06-09 13:35 - 2014-06-09 13:35 - 00000000 ____D () C:\ProgramData\Sony Corporation
2014-06-09 13:27 - 2011-08-31 20:43 - 00730146 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-09 10:30 - 2013-02-26 09:14 - 00136216 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-06-09 10:30 - 2013-02-26 09:14 - 00093528 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-06-09 10:23 - 2011-09-17 14:06 - 00115434 _____ () C:\Windows\PFRO.log
2014-05-31 17:27 - 2013-02-03 18:16 - 00000000 ____D () C:\Program Files\Common Files\Adobe AIR
2014-05-31 15:07 - 2011-08-31 20:32 - 01122440 _____ () C:\Windows\WindowsUpdate.log
2014-05-31 13:44 - 2013-07-08 06:58 - 00000440 ____H () C:\Windows\Tasks\Norton Security Scan for Joerg.job
2014-05-31 10:18 - 2014-05-31 10:18 - 00000000 ____D () C:\ProgramData\Oracle
2014-05-31 10:18 - 2014-05-31 10:18 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-05-31 10:17 - 2014-05-31 10:17 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-05-31 10:17 - 2014-05-31 10:17 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-05-31 10:17 - 2014-05-31 10:17 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-05-31 10:17 - 2014-05-31 10:17 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-05-31 10:17 - 2014-05-31 10:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-05-31 10:05 - 2012-06-08 18:34 - 00000000 ____D () C:\Program Files\Common Files\Symantec Shared
2014-05-31 09:54 - 2014-05-31 09:54 - 00001415 _____ () C:\Users\Public\Desktop\Norton Security Scan.LNK
2014-05-31 09:54 - 2014-05-31 09:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security Scan
2014-05-31 09:53 - 2014-05-31 09:53 - 00000000 ____D () C:\Windows\system32\Drivers\NSS
2014-05-31 09:53 - 2014-05-31 09:53 - 00000000 ____D () C:\Program Files\Norton Security Scan
2014-05-31 09:53 - 2012-05-27 10:29 - 00000000 ____D () C:\ProgramData\Norton
2014-05-24 13:21 - 2011-09-25 11:44 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk

ZeroAccess:
C:\$Recycle.Bin\S-1-5-21-1486621387-3127899674-3502170536-1000\$022b937d3d4b713b32d7fd93c506b28e

ZeroAccess:
C:\$Recycle.Bin\S-1-5-18\$022b937d3d4b713b32d7fd93c506b28e

Files to move or delete:
====================
C:\Users\Joerg\AppData\Roaming\skype.ini
C:\ProgramData\02qrlcw.ctrl
C:\ProgramData\02qrlcw.pff
C:\ProgramData\0901251.pad
C:\ProgramData\bnrjrtjbn.ctrl
C:\ProgramData\bnrjrtjbn.pff
C:\ProgramData\rundll32.exe
C:\ProgramData\z6z6lz6.pad
C:\Users\Joerg\AmazonMP3Downloader.exe
C:\Users\Joerg\Uninstall.exe


Some content of TEMP:
====================
C:\Users\Admin\AppData\Local\Temp\AskSLib.dll
C:\Users\Joerg\AppData\Local\Temp\avgnt.exe
C:\Users\Joerg\AppData\Local\Temp\InstallFlashPlayer.exe
C:\Users\Joerg\AppData\Local\Temp\mpegc.dll
C:\Users\Joerg\AppData\Local\Temp\ose00000.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-06-09 13:17

==================== End Of Log ============================

--- --- ---

--- --- ---

Addition.txt:

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x86) Version:21-06-2014 01
Ran by Joerg at 2014-06-22 17:22:58
Running from C:\Users\Joerg\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================


==================== Installed Programs ======================

7-Zip 9.20 (HKLM\...\7-Zip) (Version:  - )
ABBYY FineReader for ScanSnap (TM) 4.1 (HKLM\...\{FB400000-0002-0000-0000-074957833700}) (Version: 8.02.380.7259 - ABBYY)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 13.0.0.111 - Adobe Systems Incorporated)
Adobe AIR (Version: 13.0.0.111 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 13 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Reader X (10.1.10) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.10 - Adobe Systems Incorporated)
Amazon MP3-Downloader 1.0.17 (HKLM\...\Amazon MP3-Downloader) (Version: 1.0.17 - Amazon Services LLC)
AMD APP SDK Runtime (Version: 10.0.938.2 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{33FFD86B-569C-9E8D-6659-A1F84D07CAD0}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)
Apple Application Support (HKLM\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{18D47FA1-0440-48D3-A7E0-DA09537FF471}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArcSoft MediaImpression 2 (HKLM\...\{81FC0476-9507-4CD3-95A7-2BE60E256D1D}) (Version: 2.0.27.846 - ArcSoft)
AuthenTec TrueSuite (HKLM\...\{E6C44758-FF49-47D1-8182-65E3818ACE23}) (Version: 2.0.0.57 - AuthenTec, Inc.)
Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.4.672 - Avira)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
CardMinder (HKLM\...\{D4F2AFD3-0167-4464-B92F-78AB6DA8A0AA}) (Version: V4.1L10 - PFU)
CardMinder V4.1 (Version: 4.1.10.1 - PFU) Hidden
Catalyst Control Center - Branding (Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Core Implementation (Version: 2009.0312.2223.38381 - ATI) Hidden
Catalyst Control Center Graphics Full Existing (Version: 2009.0312.2223.38381 - ATI) Hidden
Catalyst Control Center Graphics Full New (Version: 2009.0312.2223.38381 - ATI) Hidden
Catalyst Control Center Graphics Light (Version: 2009.0312.2223.38381 - ATI) Hidden
Catalyst Control Center Graphics Previews Vista (Version: 2009.0312.2223.38381 - ATI) Hidden
Catalyst Control Center Localization All (Version: 2009.0312.2223.38381 - ATI) Hidden
CCC Help Chinese Standard (Version: 2009.0312.2222.38381 - ATI) Hidden
CCC Help Chinese Traditional (Version: 2009.0312.2222.38381 - ATI) Hidden
CCC Help Czech (Version: 2009.0312.2222.38381 - ATI) Hidden
CCC Help Danish (Version: 2009.0312.2222.38381 - ATI) Hidden
CCC Help Dutch (Version: 2009.0312.2222.38381 - ATI) Hidden
CCC Help English (Version: 2009.0312.2222.38381 - ATI) Hidden
CCC Help Finnish (Version: 2009.0312.2222.38381 - ATI) Hidden
CCC Help French (Version: 2009.0312.2222.38381 - ATI) Hidden
CCC Help German (Version: 2009.0312.2222.38381 - ATI) Hidden
CCC Help Greek (Version: 2009.0312.2222.38381 - ATI) Hidden
CCC Help Hungarian (Version: 2009.0312.2222.38381 - ATI) Hidden
CCC Help Italian (Version: 2009.0312.2222.38381 - ATI) Hidden
CCC Help Japanese (Version: 2009.0312.2222.38381 - ATI) Hidden
CCC Help Korean (Version: 2009.0312.2222.38381 - ATI) Hidden
CCC Help Norwegian (Version: 2009.0312.2222.38381 - ATI) Hidden
CCC Help Polish (Version: 2009.0312.2222.38381 - ATI) Hidden
CCC Help Portuguese (Version: 2009.0312.2222.38381 - ATI) Hidden
CCC Help Russian (Version: 2009.0312.2222.38381 - ATI) Hidden
CCC Help Spanish (Version: 2009.0312.2222.38381 - ATI) Hidden
CCC Help Swedish (Version: 2009.0312.2222.38381 - ATI) Hidden
CCC Help Thai (Version: 2009.0312.2222.38381 - ATI) Hidden
CCC Help Turkish (Version: 2009.0312.2222.38381 - ATI) Hidden
ccc-core-static (Version: 2009.0312.2223.38381 - Ihr Firmenname) Hidden
ccc-utility (Version: 2009.0312.2223.38381 - ATI) Hidden
DataSync Outlook (HKLM\...\InstallShield_{1C9171AC-5519-4DF4-B44D-B28F678DEB4C}) (Version: 7.00.2906 - O3SIS IT AG)
DataSync Outlook (Version: 7.00.2906 - O3SIS IT AG) Hidden
devolo dLAN Cockpit (HKLM\...\dlancockpit) (Version: 3.0.0.0 - devolo AG)
DHTML Editing Component (HKLM\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
dLAN Cockpit (HKLM\...\Cockpit.92121A72F826FA9D0BD3A830E7F04987B31AFB22.1) (Version: 3 (23.12.2010) - devolo AG)
dLAN Cockpit (Version: 3.23.12 - devolo AG) Hidden
Google Chrome (HKLM\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.)
Google Earth Plug-in (HKLM\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.24.7 - Google Inc.) Hidden
High-Definition Video Playback (Version: 7.3.10900.8.0 - Nero AG) Hidden
HP Product Detection (HKLM\...\{4F38594F-2C4A-4C42-B2C4-505E225F6F80}) (Version: 11.14.0004 - HP)
HP Product Detection (HKLM\...\{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}) (Version: 10.7.9.0 - Hewlett-Packard Company)
HP Quick Launch Buttons (HKLM\...\{34D2AB40-150D-475D-AE32-BD23FB5EE355}) (Version: 6.50.14.1 - Hewlett-Packard Company)
iCloud (HKLM\...\{79BD66B2-4DAE-4C3B-B08E-DC72E507C163}) (Version: 2.1.3.25 - Apple Inc.)
IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.30 - Irfan Skiljan)
iTunes (HKLM\...\{2F21564D-DE05-4C6D-B21E-08B9D313FAB3}) (Version: 11.1.5.5 - Apple Inc.)
Java 7 Update 60 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217060FF}) (Version: 7.0.600 - Oracle)
Java Auto Updater (Version: 2.1.60.19 - Oracle, Inc.) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (German) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (German) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUSR) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20125.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft_VC100_CRT_SP1_x86 (Version: 10.0.40219.1 - Nokia) Hidden
MSVC80_x86_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x86 (Version: 1.0.1.2 - Nokia) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero 10 Movie ThemePack Basic (Version: 10.6.10000.1.0 - Nero AG) Hidden
Nero Audio Pack 1 (Version: 2.0.13100.0.10 - Nero AG) Hidden
Nero Core Components 10 (Version: 2.0.20100.9.13 - Nero AG) Hidden
Nero Kwik Media (HKLM\...\{1F7D9F37-C39C-486C-BDF8-8F440FFB3352}) (Version: 1.6.16800.75.100 - Nero AG)
Nero Kwik Media (HKLM\...\{D9B5AE52-FEF9-4E5C-A63E-06A6638B2935}) (Version: 10.6.12300 - Nero AG)
Nero Update (Version: 11.0.10022.15.0 - Nero AG) Hidden
NeroKwikMedia Help (CHM) (Version: 10.6.10700 - Nero AG) Hidden
Nokia Connectivity Cable Driver (HKLM\...\{4AA68A73-DB9C-439D-9481-981C82BD008B}) (Version: 7.1.69.0 - Nokia)
Nokia Suite (HKLM\...\Nokia Suite) (Version: 3.3.89.0 - Nokia)
Nokia Suite (Version: 3.3.89.0 - Nokia) Hidden
Norton Security Scan (HKLM\...\NSS) (Version: 4.1.0.28 - Symantec Corporation)
PC Connectivity Solution (HKLM\...\{A2AA4204-C05A-4013-888A-AD153139297F}) (Version: 11.5.29.0 - Nokia)
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.2.2 - Frank Heindörfer, Philip Chinery)
Polar Daemon (HKLM\...\{2BA9320D-E061-4C71-ACCB-AC0E9D4FC82B}) (Version: 2.2.20000 - Polar Electro Oy)
Polar WebSync (HKLM\...\{41D4A454-9DF4-4299-8C30-1BBA753E83E1}) (Version: 2.6.00001 - Polar Electro Oy)
QuickTime (HKLM\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
RealDownloader (Version: 17.0.9 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer Cloud (HKLM\...\RealPlayer 17.0) (Version: 17.0.9 - RealNetworks)
RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden
Safari (HKLM\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
ScanSnap (Version: 5.1.11.1 - PFU Limited) Hidden
ScanSnap Manager (HKLM\...\{DBCDB997-EEEB-4BE9-BAFF-26B4094DBDE6}) (Version: V5.1L11 - PFU)
ScanSnap Organizer (HKLM\...\{E58F3B88-3B3E-4F85-9323-04789D979C15}) (Version: V4.1L11 - PFU)
ScanSnap Organizer (Version: 4.1.11.18 - PFU LIMITED) Hidden
Skins (Version: 2009.0312.2223.38381 - ATI) Hidden
Skype Click to Call (HKLM\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.4.11328 - Skype Technologies S.A.)
Skype™ 6.1 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.1.129 - Skype Technologies S.A.)
Turbo Lister 2 (HKLM\...\{8927E07C-97F7-4A54-88FB-D976F50DD46E}) (Version: 2.00.0000 - eBay Inc.)
Update für Microsoft Outlook Social Connector (KB2289116) (HKLM\...\{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{10B1662A-566C-43C2-8469-5A470E0C7D7B}) (Version:  - Microsoft)
Update für Microsoft Outlook Social Connector (KB2289116) (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{75F91382-920C-4AE1-B9E6-FFFCEDA797E8}) (Version:  - Microsoft)
UpdateService (Version: 1.0.0 - RealNetworks, Inc.) Hidden
VLC media player 1.1.11 (HKLM\...\VLC media player) (Version: 1.1.11 - VideoLAN)
VMware View Client (HKLM\...\{A3ED7FC4-865D-403B-905C-C55EF79A4936}) (Version: 5.1.0.704644 - VMware, Inc.)
Windows Driver Package - Nokia pccsmcfd  (08/22/2008 7.0.0.0) (HKLM\...\504244733D18C8F63FF584AEB290E3904E791693) (Version: 08/22/2008 7.0.0.0 - Nokia)
WinRAR 4.01 (32-Bit) (HKLM\...\WinRAR archiver) (Version: 4.01.0 - win.rar GmbH)
WISO Steuer-Sparbuch 2012 (HKLM\...\{0CC1DAFB-40C8-4903-953D-471E541477C7}) (Version: 19.00.7303 - Buhl Data Service GmbH)
WISO Steuer-Sparbuch 2013 (HKLM\...\{D6CC2FAF-F827-4091-96A1-D32CC9B69C79}) (Version: 20.00.8137 - Buhl Data Service GmbH)
WISO Steuer-Sparbuch 2014 (HKLM\...\{5021FE2F-5F56-4B8B-9235-B5159FC34508}) (Version: 21.00.8480 - Buhl Data Service GmbH)
XING Connector 1.2 (HKLM\...\XING Connector) (Version: 1.2 - XING AG)

==================== Restore Points  =========================

Could not list Restore Points. Check "winmgmt" service or repair WMI.


==================== Hosts content: ==========================

2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {16428541-D7D4-4612-AF08-5CEEA5A4F63A} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1486621387-3127899674-3502170536-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2014-04-07] (RealNetworks, Inc.)
Task: {339EB264-FED1-4DA5-BEB6-F7273F3E09D9} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-1486621387-3127899674-3502170536-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2014-04-07] (RealNetworks, Inc.)
Task: {658E54A2-02B7-4471-8633-DD1351BD1D93} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1486621387-3127899674-3502170536-1000 => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe [2014-04-07] (RealNetworks, Inc.)
Task: {689D3E5C-8316-4094-A84F-E54E0C323029} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1486621387-3127899674-3502170536-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2014-04-07] (RealNetworks, Inc.)
Task: {8DDA25AC-DB95-467A-ACB9-1E4F7DB448C7} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1486621387-3127899674-3502170536-1000 => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe [2014-04-07] (RealNetworks, Inc.)
Task: {A6050E2A-8712-4721-9ED2-BFCCF04C9B38} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-1486621387-3127899674-3502170536-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2014-04-07] (RealNetworks, Inc.)
Task: {A8286858-4A95-4B21-8680-C5B928D43589} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-1486621387-3127899674-3502170536-1000 => C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe [2014-04-06] (RealNetworks, Inc.)
Task: {C5307688-D689-4564-8C15-3E8F5AFE96E8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-11-06] (Google Inc.)
Task: {E28B9C57-76B3-48BE-AD2B-2060696C2910} - System32\Tasks\Norton Security Scan for Joerg => C:\Program Files\Norton Security Scan\Engine\4.1.0.28\Nss.exe [2014-01-27] (Symantec Corporation)
Task: {F4398352-ED10-4F5E-9685-A84B3BCE0C71} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-16] (Adobe Systems Incorporated)
Task: {F9DE8CF0-BBB7-4288-A013-1D634B991E2B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-11-06] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Norton Security Scan for Joerg.job => C:\PROGRA~1\NORTON~2\Engine\410~1.28\Nss.exe

==================== Loaded Modules (whitelisted) =============

2011-08-31 21:36 - 2001-10-28 17:42 - 00116224 _____ () C:\Windows\System32\pdfcmnnt.dll
2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 14:16 - 2014-01-20 14:16 - 01044808 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2012-08-17 14:43 - 2012-08-17 14:43 - 00413184 _____ () C:\Program Files\Polar\Daemon\polard.exe
2012-08-17 14:42 - 2012-08-17 14:42 - 03477504 _____ () C:\Program Files\Polar\Daemon\libpolar.dll
2014-04-06 23:00 - 2014-04-06 23:00 - 00039568 _____ () C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
2014-05-01 15:03 - 2014-05-01 15:03 - 00859224 _____ () c:\program files\real\realplayer\RPDS\Plugins\cldplin.dll
2014-04-07 03:06 - 2014-04-07 03:06 - 00023552 _____ () C:\Program Files\Real\UpdateService\RealPlayerUpdateSvc.exe
2010-01-30 02:41 - 2010-01-30 02:41 - 04254560 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2011-08-31 21:44 - 2011-05-28 22:04 - 00140288 _____ () C:\Program Files\WinRAR\rarext.dll
2010-01-30 02:41 - 2010-01-30 02:41 - 04254560 _____ () C:\Program Files\Common Files\Microsoft Shared\office14\Cultures\office.odf
2013-09-14 01:51 - 2013-09-14 01:51 - 00087952 _____ () C:\Program Files\Common Files\Apple\Internet Services\zlib1.dll
2013-09-14 01:50 - 2013-09-14 01:50 - 01242952 _____ () C:\Program Files\Common Files\Apple\Internet Services\libxml2.dll
2012-05-13 12:15 - 2008-11-12 15:32 - 00014848 _____ () C:\Program Files\PFU\ScanSnap\CardMinder\CardPath.dll
2012-05-13 12:16 - 2008-09-10 13:04 - 00069632 _____ () C:\Program Files\PFU\ScanSnap\CardMinder\0407\CardConfig0407.dll
2012-05-13 12:09 - 2009-11-23 09:34 - 00344064 _____ () C:\Program Files\PFU\ScanSnap\Driver\PfuSsConfig.dll
2012-05-13 12:09 - 2009-10-15 09:02 - 00233472 _____ () C:\Program Files\PFU\ScanSnap\Driver\PfuSsExtention.dll
2012-05-13 12:09 - 2003-03-26 18:46 - 00135168 _____ () C:\Program Files\PFU\ScanSnap\Driver\PfuSsImgIO.dll
2012-05-13 12:09 - 2007-06-26 20:27 - 00167936 _____ () C:\Program Files\PFU\ScanSnap\Driver\SSsltsa.dll
2013-12-31 19:34 - 2014-02-11 13:07 - 01429808 _____ () C:\Program Files\WISO\Steuersoftware 2014\mshaktuell.exe
2013-12-31 19:30 - 2014-02-12 16:13 - 09658160 _____ () C:\Program Files\WISO\Steuersoftware 2014\wgui14.dll
2013-12-31 19:31 - 2014-02-11 20:14 - 00035120 _____ () C:\Program Files\WISO\Steuersoftware 2014\rsdcom48.dll
2013-12-31 19:31 - 2014-02-11 13:00 - 00309040 _____ () C:\Program Files\WISO\Steuersoftware 2014\rscorewinapi48.dll
2013-12-31 19:31 - 2014-02-11 13:07 - 00321840 _____ () C:\Program Files\WISO\Steuersoftware 2014\rsguiwinapi48.dll
2013-12-31 19:30 - 2014-02-11 13:07 - 03781936 _____ () C:\Program Files\WISO\Steuersoftware 2014\wcore14.dll
2013-12-31 19:31 - 2014-02-11 13:07 - 00136496 _____ () C:\Program Files\WISO\Steuersoftware 2014\rsodbc48.dll
2013-12-31 19:30 - 2014-02-11 20:14 - 02672432 _____ () C:\Program Files\WISO\Steuersoftware 2014\wfvie14.dll
2013-12-31 19:30 - 2014-02-11 13:07 - 01968944 _____ () C:\Program Files\WISO\Steuersoftware 2014\wsteu14.dll
2013-12-31 19:30 - 2014-02-11 13:07 - 01911088 _____ () C:\Program Files\WISO\Steuersoftware 2014\wreli14.dll
2013-12-31 19:30 - 2014-02-11 13:07 - 04279088 _____ () C:\Program Files\WISO\Steuersoftware 2014\wauff14.dll
2013-12-31 19:31 - 2014-02-11 12:53 - 01043456 _____ () C:\Program Files\WISO\Steuersoftware 2014\clucene-core.dll
2013-12-31 19:31 - 2014-02-11 12:53 - 00094720 _____ () C:\Program Files\WISO\Steuersoftware 2014\clucene-shared.dll
2013-12-31 19:31 - 2014-02-11 12:53 - 00250368 _____ () C:\Program Files\WISO\Steuersoftware 2014\clucene-contribs-lib.dll
2013-12-31 19:30 - 2014-02-11 13:07 - 01507120 _____ () C:\Program Files\WISO\Steuersoftware 2014\wmain14.dll
2013-12-31 19:30 - 2014-02-12 13:23 - 05095216 _____ () C:\Program Files\WISO\Steuersoftware 2014\wbae114.dll
2013-12-31 19:30 - 2014-02-11 13:07 - 01687344 _____ () C:\Program Files\WISO\Steuersoftware 2014\wbae214.dll
2013-12-31 19:30 - 2014-02-12 13:23 - 01796400 _____ () C:\Program Files\WISO\Steuersoftware 2014\wbae314.dll
2013-12-31 19:30 - 2014-02-11 13:07 - 01627952 _____ () C:\Program Files\WISO\Steuersoftware 2014\wbae414.dll
2013-12-31 19:30 - 2014-02-11 13:07 - 01115440 _____ () C:\Program Files\WISO\Steuersoftware 2014\whau114.dll
2013-12-31 19:30 - 2014-02-11 13:07 - 01318704 _____ () C:\Program Files\WISO\Steuersoftware 2014\whau214.dll
2013-12-31 19:31 - 2014-02-11 13:07 - 01245488 _____ () C:\Program Files\WISO\Steuersoftware 2014\wwerb14.dll
2013-12-31 19:30 - 2014-02-11 13:07 - 07324976 _____ () C:\Program Files\WISO\Steuersoftware 2014\wkont14.dll
2013-12-31 19:30 - 2014-02-11 13:07 - 01276720 _____ () C:\Program Files\WISO\Steuersoftware 2014\wimp14.dll
2013-12-31 19:30 - 2014-02-11 13:07 - 01330480 _____ () C:\Program Files\WISO\Steuersoftware 2014\wfabu14.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (whitelisted) =============


==================== MSCONFIG/TASK MANAGER disabled items =========

MSCONFIG\startupfolder: C:^Users^Joerg^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^runctf.lnk => C:\Windows\pss\runctf.lnk.Startup
MSCONFIG\startupreg: ApnUpdater => "C:\Program Files\Ask.com\Updater\Updater.exe"
MSCONFIG\startupreg: ctfmon.exe => C:\PROGRA~2\rundll32.exe FG00
MSCONFIG\startupreg: NokiaSuite.exe => C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe -tray
MSCONFIG\startupreg: QlbCtrl.exe => C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

==================== Faulty Device Manager Devices =============

Could not list Devices. Check "winmgmt" service or repair WMI.


==================== Event log errors: =========================

Application errors:
==================
Error: (06/22/2014 05:17:33 PM) (Source: Microsoft Office 14) (EventID: 2001) (User: )
Description: Microsoft Outlook: Rejected Safe Mode action : Outlook konnte zuletzt nicht korrekt gestartet werden. Das Starten von Outlook im abgesicherten Modus hilft Ihnen, ein Startproblem zu korrigieren oder zu isolieren, sodass Sie das Programm erfolgreich starten können. Einige Funktionen können in diesem Modus deaktiviert sein.

Möchten Sie Outlook im abgesicherten Modus starten?.
Rejected Safe Mode action : Microsoft Outlook.

Error: (06/09/2014 06:59:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Reader.exe, version: 2.3.0.3130, time stamp: 0x532107b6
Faulting module name: Reader.exe, version: 2.3.0.3130, time stamp: 0x532107b6
Exception code: 0xc0000005
Fault offset: 0x0038dbd4
Faulting process id: 0x19d8
Faulting application start time: 0xReader.exe0
Faulting application path: Reader.exe1
Faulting module path: Reader.exe2
Report Id: Reader.exe3

Error: (06/09/2014 06:28:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Reader.exe, version: 2.3.0.3130, time stamp: 0x532107b6
Faulting module name: Reader.exe, version: 2.3.0.3130, time stamp: 0x532107b6
Exception code: 0xc0000005
Fault offset: 0x0038dbd4
Faulting process id: 0x1f58
Faulting application start time: 0xReader.exe0
Faulting application path: Reader.exe1
Faulting module path: Reader.exe2
Report Id: Reader.exe3

Error: (06/09/2014 06:19:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Reader.exe, version: 2.3.0.3130, time stamp: 0x532107b6
Faulting module name: Reader.exe, version: 2.3.0.3130, time stamp: 0x532107b6
Exception code: 0xc0000005
Fault offset: 0x0038dbd4
Faulting process id: 0x17b0
Faulting application start time: 0xReader.exe0
Faulting application path: Reader.exe1
Faulting module path: Reader.exe2
Report Id: Reader.exe3

Error: (06/09/2014 06:11:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Reader.exe, version: 2.3.0.3130, time stamp: 0x532107b6
Faulting module name: Reader.exe, version: 2.3.0.3130, time stamp: 0x532107b6
Exception code: 0xc0000005
Fault offset: 0x0038dbd4
Faulting process id: 0x183c
Faulting application start time: 0xReader.exe0
Faulting application path: Reader.exe1
Faulting module path: Reader.exe2
Report Id: Reader.exe3

Error: (06/09/2014 06:09:41 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Reader.exe, version: 2.3.0.3130, time stamp: 0x532107b6
Faulting module name: Reader.exe, version: 2.3.0.3130, time stamp: 0x532107b6
Exception code: 0xc0000005
Fault offset: 0x0038dbd4
Faulting process id: 0x1670
Faulting application start time: 0xReader.exe0
Faulting application path: Reader.exe1
Faulting module path: Reader.exe2
Report Id: Reader.exe3

Error: (06/09/2014 06:07:24 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Reader.exe, version: 2.3.0.3130, time stamp: 0x532107b6
Faulting module name: Reader.exe, version: 2.3.0.3130, time stamp: 0x532107b6
Exception code: 0xc0000005
Fault offset: 0x0038dbd4
Faulting process id: 0x1e08
Faulting application start time: 0xReader.exe0
Faulting application path: Reader.exe1
Faulting module path: Reader.exe2
Report Id: Reader.exe3

Error: (06/09/2014 05:58:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Reader.exe, version: 2.3.0.3130, time stamp: 0x532107b6
Faulting module name: Reader.exe, version: 2.3.0.3130, time stamp: 0x532107b6
Exception code: 0xc0000005
Fault offset: 0x0038dbd4
Faulting process id: 0x1f70
Faulting application start time: 0xReader.exe0
Faulting application path: Reader.exe1
Faulting module path: Reader.exe2
Report Id: Reader.exe3

Error: (06/09/2014 05:53:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Reader.exe, version: 2.3.0.3130, time stamp: 0x532107b6
Faulting module name: Reader.exe, version: 2.3.0.3130, time stamp: 0x532107b6
Exception code: 0xc0000005
Fault offset: 0x0038dbd4
Faulting process id: 0x103c
Faulting application start time: 0xReader.exe0
Faulting application path: Reader.exe1
Faulting module path: Reader.exe2
Report Id: Reader.exe3

Error: (06/09/2014 05:47:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Reader.exe, version: 2.3.0.3130, time stamp: 0x532107b6
Faulting module name: Reader.exe, version: 2.3.0.3130, time stamp: 0x532107b6
Exception code: 0xc0000005
Fault offset: 0x0038dbd4
Faulting process id: 0x1a58
Faulting application start time: 0xReader.exe0
Faulting application path: Reader.exe1
Faulting module path: Reader.exe2
Report Id: Reader.exe3


System errors:
=============
Error: (06/22/2014 05:28:09 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Management Instrumentation service terminated with the following error: 
%%2

Error: (06/22/2014 05:27:39 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Management Instrumentation service terminated with the following error: 
%%2

Error: (06/22/2014 05:27:09 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Management Instrumentation service terminated with the following error: 
%%2

Error: (06/22/2014 05:26:39 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Management Instrumentation service terminated with the following error: 
%%2

Error: (06/22/2014 05:26:09 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Management Instrumentation service terminated with the following error: 
%%2

Error: (06/22/2014 05:25:39 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Management Instrumentation service terminated with the following error: 
%%2

Error: (06/22/2014 05:25:09 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Management Instrumentation service terminated with the following error: 
%%2

Error: (06/22/2014 05:24:39 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Management Instrumentation service terminated with the following error: 
%%2

Error: (06/22/2014 05:24:09 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Management Instrumentation service terminated with the following error: 
%%2

Error: (06/22/2014 05:23:39 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Management Instrumentation service terminated with the following error: 
%%2


Microsoft Office Sessions:
=========================
Error: (06/22/2014 05:17:33 PM) (Source: Microsoft Office 14) (EventID: 2001) (User: )
Description: Microsoft OutlookOutlook konnte zuletzt nicht korrekt gestartet werden. Das Starten von Outlook im abgesicherten Modus hilft Ihnen, ein Startproblem zu korrigieren oder zu isolieren, sodass Sie das Programm erfolgreich starten können. Einige Funktionen können in diesem Modus deaktiviert sein.

Möchten Sie Outlook im abgesicherten Modus starten?

Error: (06/09/2014 06:59:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Reader.exe2.3.0.3130532107b6Reader.exe2.3.0.3130532107b6c00000050038dbd419d801cf83fff7434890C:\Program Files\Sony\ReaderDesktop\Reader.exeC:\Program Files\Sony\ReaderDesktop\Reader.exe65966afe-eff7-11e3-b0eb-001a6b179060

Error: (06/09/2014 06:28:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Reader.exe2.3.0.3130532107b6Reader.exe2.3.0.3130532107b6c00000050038dbd41f5801cf83fe9e495d20C:\Program Files\Sony\ReaderDesktop\Reader.exeC:\Program Files\Sony\ReaderDesktop\Reader.exe0b2381cb-eff3-11e3-b0eb-001a6b179060

Error: (06/09/2014 06:19:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Reader.exe2.3.0.3130532107b6Reader.exe2.3.0.3130532107b6c00000050038dbd417b001cf83fd8de98f45C:\Program Files\Sony\ReaderDesktop\Reader.exeC:\Program Files\Sony\ReaderDesktop\Reader.exed80e0075-eff1-11e3-b0eb-001a6b179060

Error: (06/09/2014 06:11:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Reader.exe2.3.0.3130532107b6Reader.exe2.3.0.3130532107b6c00000050038dbd4183c01cf83fd40fa1112C:\Program Files\Sony\ReaderDesktop\Reader.exeC:\Program Files\Sony\ReaderDesktop\Reader.exeb6bacec0-eff0-11e3-b0eb-001a6b179060

Error: (06/09/2014 06:09:41 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Reader.exe2.3.0.3130532107b6Reader.exe2.3.0.3130532107b6c00000050038dbd4167001cf83fd01e894d9C:\Program Files\Sony\ReaderDesktop\Reader.exeC:\Program Files\Sony\ReaderDesktop\Reader.exe7645c5b3-eff0-11e3-b0eb-001a6b179060

Error: (06/09/2014 06:07:24 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Reader.exe2.3.0.3130532107b6Reader.exe2.3.0.3130532107b6c00000050038dbd41e0801cf83fba021b9acC:\Program Files\Sony\ReaderDesktop\Reader.exeC:\Program Files\Sony\ReaderDesktop\Reader.exe24bd7444-eff0-11e3-b0eb-001a6b179060

Error: (06/09/2014 05:58:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Reader.exe2.3.0.3130532107b6Reader.exe2.3.0.3130532107b6c00000050038dbd41f7001cf83faeb9c24ffC:\Program Files\Sony\ReaderDesktop\Reader.exeC:\Program Files\Sony\ReaderDesktop\Reader.exeda3e1b3a-efee-11e3-b0eb-001a6b179060

Error: (06/09/2014 05:53:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Reader.exe2.3.0.3130532107b6Reader.exe2.3.0.3130532107b6c00000050038dbd4103c01cf83fa21a55bb2C:\Program Files\Sony\ReaderDesktop\Reader.exeC:\Program Files\Sony\ReaderDesktop\Reader.exe23a72afd-efee-11e3-b0eb-001a6b179060

Error: (06/09/2014 05:47:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Reader.exe2.3.0.3130532107b6Reader.exe2.3.0.3130532107b6c00000050038dbd41a5801cf83fa0c68f378C:\Program Files\Sony\ReaderDesktop\Reader.exeC:\Program Files\Sony\ReaderDesktop\Reader.exe50b61fb9-efed-11e3-b0eb-001a6b179060


==================== Memory info =========================== 

Percentage of memory in use: 43%
Total physical RAM: 2047.43 MB
Available physical RAM: 1159.03 MB
Total Pagefile: 4094.86 MB
Available Pagefile: 2987.22 MB
Total Virtual: 2047.88 MB
Available Virtual: 1897.77 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:74.52 GB) (Free:10.03 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (KRD10) (CDROM) (Total:0.38 GB) (Free:0 GB) CDFS
Drive e: (USB DISK) (Removable) (Total:3.72 GB) (Free:0.09 GB) FAT32
Drive l: (BackUp_Disk_xxxxx) (Fixed) (Total:149.05 GB) (Free:119.87 GB) NTFS
Drive m: (Multimedia Drive) (Fixed) (Total:931.51 GB) (Free:771.6 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 75 GB) (Disk ID: BC4FB76E)
Partition 1: (Active) - (Size=75 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 4 GB) (Disk ID: C3072E18)
Partition 1: (Not Active) - (Size=4 GB) - (Type=0B)

========================================================
Disk: 6 (MBR Code: Windows XP) (Size: 149 GB) (Disk ID: FF78FA1D)
Partition 1: (Active) - (Size=149 GB) - (Type=07 NTFS)

========================================================
Disk: 7 (Size: 932 GB) (Disk ID: 539F279D)
Partition 1: (Not Active) - (Size=932 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Vielen Dank für Deine Unterstützung.

deeprybka · 22.06.2014, 17:10

Code:

ATTFilter

ZeroAccess:
C:\$Recycle.Bin\S-1-5-21-1486621387-3127899674-3502170536-1000\$022b937d3d4b713b32d7fd93c506b28e

ZeroAccess:
C:\$Recycle.Bin\S-1-5-18\$022b937d3d4b713b32d7fd93c506b28e

Du hast ZeroAccess auf der Platte. Keine sensiblen Logins mehr von diesem PC bis zum >clean<. Wenn Du online-Banking, paypal etc. mit diesem PC gemacht hast, dann würde ich die Passwörter von einem anderen (sauberen) PC, Handy ändern.

Schritt 1
Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

WICHTIG: Speichere Combofix auf deinem Desktop.

Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!

Wenn Combofix fertig ist, wird es ein Logfile erstellen.

Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

winlocked · 22.06.2014, 18:53

Hallo Jürgen,

habe Antivir aktiviert, bekam aber dennoch eine Mitteilung, dass es im Hintergrund aktiv ist.

Im folgenden das Log-File

Code:

ATTFilter

ComboFix 14-06-21.02 - Joerg 22.06.2014  19:31:34.1.2 - x86
Microsoft Windows 7 Ultimate   6.1.7600.0.1252.49.1033.18.2047.1149 [GMT 2:00]
ausgeführt von:: c:\users\Joerg\Desktop\ComboFix.exe
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\driver
c:\programdata\0901251.pad
c:\programdata\z6z6lz6.pad
c:\users\Joerg\Uninstall.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2014-05-22 bis 2014-06-22  ))))))))))))))))))))))))))))))
.
.
2014-06-22 17:41 . 2014-06-22 17:41	--------	d-----w-	c:\users\Sabine\AppData\Local\temp
2014-06-22 15:21 . 2014-06-22 15:28	--------	d-----w-	C:\FRST
2014-06-16 06:18 . 2014-06-22 17:09	--------	d-----w-	c:\programdata\04487DD24E0D21E58B91C85E7CE1B107
2014-06-09 12:34 . 2014-06-09 12:34	--------	d-----w-	c:\programdata\kinoma
2014-06-09 11:55 . 2014-06-09 11:55	--------	d-----w-	c:\users\Joerg\AppData\Local\kinoma
2014-06-09 11:42 . 2014-06-09 11:42	--------	d-----w-	c:\users\Joerg\AppData\Local\Sony Corporation
2014-06-09 11:42 . 2014-06-09 11:42	--------	d-----w-	c:\program files\Sony
2014-06-09 11:35 . 2014-06-09 11:35	--------	d-----w-	c:\users\Joerg\AppData\Roaming\Sony Corporation
2014-06-09 11:35 . 2014-06-09 11:35	--------	d-----w-	c:\programdata\Sony Corporation
2014-05-31 08:18 . 2014-05-31 08:18	--------	d-----w-	c:\programdata\Oracle
2014-05-31 08:18 . 2014-05-31 08:18	--------	d-----w-	c:\program files\Common Files\Java
2014-05-31 08:17 . 2014-05-31 08:17	96680	----a-w-	c:\windows\system32\WindowsAccessBridge.dll
2014-05-31 07:53 . 2014-05-31 07:53	--------	d-----w-	c:\windows\system32\drivers\NSS
2014-05-31 07:53 . 2014-05-31 07:53	--------	d-----w-	c:\program files\Norton Security Scan
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-06-09 08:30 . 2013-02-26 07:14	136216	----a-w-	c:\windows\system32\drivers\avipbb.sys
2014-06-09 08:30 . 2013-02-26 07:14	93528	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2014-05-16 16:05 . 2012-04-06 09:32	692400	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2014-05-16 16:05 . 2011-08-31 19:46	70832	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2014-05-01 13:03 . 2012-12-23 09:05	505416	----a-w-	c:\windows\system32\msvcp71.dll
2014-05-01 13:03 . 2012-12-23 09:05	353864	----a-w-	c:\windows\system32\msvcr71.dll
2012-09-23 08:37 . 2011-12-31 14:15	77218	----a-w-	c:\program files\Uninstall.exe
2012-09-15 03:28 . 2012-09-15 03:28	1222656	----a-w-	c:\program files\npAmazonMP3DownloaderPlugin101727.dll
2012-09-15 03:18 . 2012-09-15 03:18	4811776	----a-w-	c:\program files\AmazonMP3Downloader.exe
2009-03-13 00:27 . 2009-03-13 00:27	412176	----a-w-	c:\program files\Setup.exe
2006-12-01 23:25 . 2006-12-01 23:25	1093120	----a-w-	c:\program files\mfc80u.dll
2006-12-01 21:54 . 2006-12-01 21:54	548864	----a-w-	c:\program files\msvcp80.dll
2006-12-01 21:54 . 2006-12-01 21:54	626688	----a-w-	c:\program files\msvcr80.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DataSync Outlook"="c:\program files\Deutsche Telekom\DataSync Outlook\DataSync Outlook.exe" [2009-12-07 720896]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2013-01-08 18709248]
"iCloudServices"="c:\program files\Common Files\Apple\Internet Services\iCloudServices.exe" [2013-10-31 59720]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-02-12 43848]
"ScanSnap WIA Service Checker"="c:\windows\SSDriver\fi5110\SsWiaChecker.exe" [2009-09-30 86016]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-03-12 61440]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2014-06-09 737872]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2013-05-01 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2014-02-21 152392]
"TkBellExe"="c:\program files\real\realplayer\Update\realsched.exe" [2014-05-01 296520]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2014-05-07 256896]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
CardMinder Viewer.lnk - c:\program files\PFU\ScanSnap\CardMinder\CardLauncher.exe [2012-5-13 77824]
In PDF-Datei mit ScanSnap Organizer konvertieren.lnk - c:\program files\PFU\ScanSnap\Organizer\PfuSsOrgOcrChk.exe [2012-5-13 15360]
RealPlayer Cloud Service UI.lnk - c:\program files\Real\RealPlayer\RPDS\Bin\rpsystray.exe [2014-5-1 822880]
ScanSnap Manager.lnk - c:\program files\PFU\ScanSnap\Driver\PfuSsMon.exe [2012-5-13 1146880]
WISO Mein Steuer-Sparbuch heute.lnk - c:\program files\WISO\Steuersoftware 2014\mshaktuell.exe [2013-12-31 1429808]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u wsauth
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Users^Joerg^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^runctf.lnk]
path=c:\users\Joerg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk
backup=c:\windows\pss\runctf.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2013-05-15 10:32	44544	----a-w-	c:\progra~2\rundll32.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl.exe]
2009-11-11 13:11	287800	----a-r-	c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
.
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-01-08 161536]
R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2010-01-12 227896]
R3 KMWDFILTERx86;HIDServiceDesc;c:\windows\system32\DRIVERS\KMWDFILTER.sys [2009-04-29 25088]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl.sys [2013-07-25 18944]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2013-11-26 37352]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2014-06-09 430160]
S2 AntiVirWebService;Avira Browser-Schutz;c:\program files\Avira\AntiVir Desktop\AVWEBGRD.EXE [2014-06-09 1039440]
S2 DevoloNetworkService;devolo Network Service;c:\program files\devolo\dlan\devolonetsvc.exe [2010-12-23 3304768]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2011-05-13 26168]
S2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [2011-07-22 690472]
S2 NPF_devolo;NetGroup Packet Filter Driver (devolo);c:\windows\system32\drivers\npf_devolo.sys [2010-06-10 35840]
S2 Polar Daemon;Polar Daemon;c:\program files\Polar\Daemon\polard.exe [2012-08-17 413184]
S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\RealNetworks\RealDownloader\rndlresolversvc.exe [2014-04-06 39568]
S2 RealPlayer Cloud Service;RealPlayer Cloud Service;c:\program files\real\realplayer\RPDS\Bin\rpdsvc.exe [2014-05-01 1141848]
S2 RealPlayerUpdateSvc;RealPlayer Update Service;c:\program files\Real\UpdateService\RealPlayerUpdateSvc.exe [2014-04-07 23552]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\Common Files\VMware\USB\vmware-usbarbitrator.exe [2012-04-10 671344]
S2 vmware-view-usbd;VMware View-USB;c:\program files\VMware\VMware View\Client\bin\vmware-view-usbd.exe [2012-05-02 2370560]
S2 wsnm;VMware View Client;c:\program files\VMware\VMware View\Client\bin\wsnm.exe [2012-05-02 472176]
S3 ATSwpWDF;AuthenTec TruePrint USB WBF WDF Driver;c:\windows\system32\Drivers\ATSwpWDF.sys [2009-12-03 625224]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-06-16 06:42	1091912	----a-w-	c:\program files\Google\Chrome\Application\35.0.1916.153\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2014-06-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-06 16:05]
.
2014-06-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-11-06 12:22]
.
2014-06-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-11-06 12:22]
.
2014-05-31 c:\windows\Tasks\Norton Security Scan for Joerg.job
- c:\progra~1\NORTON~2\Engine\410~1.28\Nss.exe [2014-05-31 06:04]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
uInternet Settings,ProxyOverride = *.local
IE: An OneNote s&enden - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKCU-Run-MobileDocuments - c:\program files\Common Files\Apple\Internet Services\ubd.exe
MSConfigStartUp-ApnUpdater - c:\program files\Ask.com\Updater\Updater.exe
MSConfigStartUp-NokiaSuite - c:\program files\Nokia\Nokia Suite\NokiaSuite.exe
AddRemove-Nokia Suite - c:\programdata\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\{92D1CEBC-7C72-4ECF-BFC6-C131EF3FE6A7}\Installer.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\taskhost.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\WUDFHost.exe
c:\windows\System32\rundll32.exe
c:\windows\system32\conhost.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\sppsvc.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2014-06-22  19:49:34 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2014-06-22 17:49
.
Vor Suchlauf: 11.291.103.232 bytes free
Nach Suchlauf: 11.648.737.280 bytes free
.
- - End Of File - - FD7934974A35033DB42FAD18DA667A72
A36C5E4F47E84449FF07ED3517B43A31

Grüße Jörg

deeprybka · 22.06.2014, 18:58

Schon OK...

Schritt 1

Malwarebytes Antimalware

Download-Link
Installiere das Programm in den vorgegebenen Pfad.
Starte Malwarebytes' Anti-Malware (MBAM).
Sollte die Benutzeroberfläche noch in Englisch sein, klicke auf Settings und wähle bei Language Deutsch aus.
Unter Erkennung und Schutz setze bitte einen Haken bei "Suche nach Rootkits".
Klicke im Anschluss auf "Suchlauf", wähle den Bedrohungssuchlauf aus, aktualisiere die Datenbanken und klicke auf "Suchlauf jetzt starten".
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. (geht so...)
Poste mir den Inhalt der Logdatei (geht so...). Klicke dazu auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Suchlauf-Protokoll aus und klicke auf Ansicht. Klicke auf "In Zwischenablage kopieren" poste mir den Inhalt in Code-Tags als Antwort in den Thread.

Schritt 2
Downloade Dir HitmanPro

auf Deinen Desktop:

HitmanPro - 32 Bit
HitmanPro - 64 Bit

Starte die HitmanPro.exe
Klicke auf Weiter und akzeptiere die Lizenzbedingungen. Klicke auf Weiter.
Wähle "Nein, ich möchte nur einen Einmalscan zur Überprüfung dieses Computers ausführen" aus und klicke auf Weiter.
Lass am Ende des Suchlaufs alle auftretende Funde in die Quarantäne verschieben und klicke auf Weiter.
Wähle unten links auf der Button-Leiste Logdatei speichern und speichere die Logdatei auf Deinem Desktop.
Schließe HitmanPro.
Poste bitte den Inhalt der HitmanPro_<Datum_Uhrzeit>.txt mit Deiner nächsten Antwort.

winlocked · 23.06.2014, 06:50

Guten Morgen Jürgen,

anbei das Malware Protokoll

Code:

ATTFilter

 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 23.06.2014
Suchlauf-Zeit: 06:39:04
Logdatei: 
Administrator: Ja

Version: 2.00.2.1012
Malware Datenbank: v2014.06.23.02
Rootkit Datenbank: v2014.06.20.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Self-protection: Deaktiviert

Betriebssystem: Windows 7
CPU: x86
Dateisystem: NTFS
Benutzer: Joerg

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 333873
Verstrichene Zeit: 26 Min, 18 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Heuristics: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 0
(No malicious items detected)

Registrierungswerte: 0
(No malicious items detected)

Registrierungsdaten: 0
(No malicious items detected)

Ordner: 0
(No malicious items detected)

Dateien: 1
Trojan.Agent.Gen, C:\ProgramData\rundll32.exe, In Quarantäne, [7d428ceed4a7e452acb640a004fe5ba5], 

Physische Sektoren: 0
(No malicious items detected)


(end)

und auch noch das LogFile von HitmanPro

Code:

ATTFilter


	Code: 

 ATTFilter

  
	HitmanPro 3.7.9.216
www.hitmanpro.com

   Computer name . . . . : NW8440
   Windows . . . . . . . : 6.1.0.7600.X86/2
   User name . . . . . . : NW8440\Joerg
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Trial (30 days left)

   Scan date . . . . . . : 2014-06-23 07:37:54
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 4m 42s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No

   Threats . . . . . . . : 1
   Traces  . . . . . . . : 90

   Objects scanned . . . : 1.269.100
   Files scanned . . . . : 37.365
   Remnants scanned  . . : 346.573 files / 885.162 keys

Malware remnants ____________________________________________________________

   C:\Users\Joerg\AppData\Roaming\skype.ini (Ransomware) -> Deleted

Potential Unwanted Programs _________________________________________________

   C:\Users\Joerg\AppData\Local\APN\ (AskBar) -> Deleted
   C:\Users\Joerg\AppData\Local\APN\GoogleCRXs\ (AskBar) -> Deleted
   C:\Users\Joerg\AppData\Local\APN\GoogleCRXs\aaaaabfjnbeinlpljodiajipidiompfl_7.15.18.0.crx (AskBar) -> Deleted
   HKLM\SOFTWARE\Microsoft\Tracing\AskPartnerCobrandingTool_RASAPI32\ (AskBar) -> Deleted
   HKLM\SOFTWARE\Microsoft\Tracing\AskPartnerCobrandingTool_RASMANCS\ (AskBar) -> Deleted
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E\ (AskBar) -> Deleted
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6\ (AskBar) -> Deleted
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852\ (AskBar) -> Deleted
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0\ (AskBar) -> Deleted
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA\ (AskBar) -> Deleted
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96\ (AskBar) -> Deleted
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59\ (AskBar) -> Deleted
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC\ (AskBar) -> Deleted
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA\ (AskBar) -> Deleted
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E\ (AskBar) -> Deleted
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF\ (AskBar) -> Deleted
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E\ (AskBar) -> Deleted
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF\ (AskBar) -> Deleted

Cookies _____________________________________________________________________

   C:\Users\Joerg\AppData\Local\Google\Chrome\User Data\Default\Cookies:apmebf.com
   C:\Users\Joerg\AppData\Local\Google\Chrome\User Data\Default\Cookies:atdmt.com
   C:\Users\Joerg\AppData\Local\Google\Chrome\User Data\Default\Cookies:doubleclick.net
   C:\Users\Joerg\AppData\Local\Google\Chrome\User Data\Default\Cookies:mediaplex.com
   C:\Users\Joerg\AppData\Roaming\Microsoft\Windows\Cookies\09326Z9W.txt
   C:\Users\Joerg\AppData\Roaming\Microsoft\Windows\Cookies\141IEZ23.txt
   C:\Users\Joerg\AppData\Roaming\Microsoft\Windows\Cookies\1IXF05AP.txt
   C:\Users\Joerg\AppData\Roaming\Microsoft\Windows\Cookies\23RJ2ALV.txt
   C:\Users\Joerg\AppData\Roaming\Microsoft\Windows\Cookies\2MEQGFMK.txt
   C:\Users\Joerg\AppData\Roaming\Microsoft\Windows\Cookies\3LVI9WBA.txt
   C:\Users\Joerg\AppData\Roaming\Microsoft\Windows\Cookies\3M3WRMZS.txt
   C:\Users\Joerg\AppData\Roaming\Microsoft\Windows\Cookies\3VLHX1SJ.txt
   C:\Users\Joerg\AppData\Roaming\Microsoft\Windows\Cookies\44ZWR382.txt
   C:\Users\Joerg\AppData\Roaming\Microsoft\Windows\Cookies\57CER2X6.txt
   C:\Users\Joerg\AppData\Roaming\Microsoft\Windows\Cookies\6JTK0AT5.txt
   C:\Users\Joerg\AppData\Roaming\Microsoft\Windows\Cookies\7N99NE78.txt
   C:\Users\Joerg\AppData\Roaming\Microsoft\Windows\Cookies\7P8E8Y9E.txt
   C:\Users\Joerg\AppData\Roaming\Microsoft\Windows\Cookies\7UPVS9MM.txt
   C:\Users\Joerg\AppData\Roaming\Microsoft\Windows\Cookies\83GCPES9.txt
   C:\Users\Joerg\AppData\Roaming\Microsoft\Windows\Cookies\8QCXE26R.txt
   C:\Users\Joerg\AppData\Roaming\Microsoft\Windows\Cookies\8Z9QF344.txt
   C:\Users\Joerg\AppData\Roaming\Microsoft\Windows\Cookies\9PYIHF8V.txt
   C:\Users\Joerg\AppData\Roaming\Microsoft\Windows\Cookies\AWKPMTP6.txt
   C:\Users\Joerg\AppData\Roaming\Microsoft\Windows\Cookies\AXJ4WNFZ.txt
   C:\Users\Joerg\AppData\Roaming\Microsoft\Windows\Cookies\BJ5PF637.txt
   C:\Users\Joerg\AppData\Roaming\Microsoft\Windows\Cookies\BSJBWYUN.txt
   C:\Users\Joerg\AppData\Roaming\Microsoft\Windows\Cookies\BUEA5E93.txt
   C:\Users\Joerg\AppData\Roaming\Microsoft\Windows\Cookies\C96ARIFU.txt
   C:\Users\Joerg\AppData\Roaming\Microsoft\Windows\Cookies\DP01JG2X.txt
   C:\Users\Joerg\AppData\Roaming\Microsoft\Windows\Cookies\DX96FJ32.txt
   C:\Users\Joerg\AppData\Roaming\Microsoft\Windows\Cookies\F81O4IPO.txt
   C:\Users\Joerg\AppData\Roaming\Microsoft\Windows\Cookies\FGAYJV10.txt
   C:\Users\Joerg\AppData\Roaming\Microsoft\Windows\Cookies\G0V90OSM.txt
   C:\Users\Joerg\AppData\Roaming\Microsoft\Windows\Cookies\GTZFX2BV.txt
   C:\Users\Joerg\AppData\Roaming\Microsoft\Windows\Cookies\HJZWR6GM.txt
   C:\Users\Joerg\AppData\Roaming\Microsoft\Windows\Cookies\I5WYCDJC.txt
   C:\Users\Joerg\AppData\Roaming\Microsoft\Windows\Cookies\IQA6S2YJ.txt
   C:\Users\Joerg\AppData\Roaming\Microsoft\Windows\Cookies\J0PUSX10.txt
   C:\Users\Joerg\AppData\Roaming\Microsoft\Windows\Cookies\J4COUSLX.txt
   C:\Users\Joerg\AppData\Roaming\Microsoft\Windows\Cookies\J56JKQVG.txt
   C:\Users\Joerg\AppData\Roaming\Microsoft\Windows\Cookies\JX8O1L8W.txt
   C:\Users\Joerg\AppData\Roaming\Microsoft\Windows\Cookies\JYWM14T1.txt
   C:\Users\Joerg\AppData\Roaming\Microsoft\Windows\Cookies\KI0WIH39.txt
   C:\Users\Joerg\AppData\Roaming\Microsoft\Windows\Cookies\KR19Y0J2.txt
   C:\Users\Joerg\AppData\Roaming\Microsoft\Windows\Cookies\M8YWJDVF.txt
   C:\Users\Joerg\AppData\Roaming\Microsoft\Windows\Cookies\MJ58ITJK.txt
   C:\Users\Joerg\AppData\Roaming\Microsoft\Windows\Cookies\MYAGSNBB.txt
   C:\Users\Joerg\AppData\Roaming\Microsoft\Windows\Cookies\MZP1GPK3.txt
   C:\Users\Joerg\AppData\Roaming\Microsoft\Windows\Cookies\NTEN3G1O.txt
   C:\Users\Joerg\AppData\Roaming\Microsoft\Windows\Cookies\OF8FO8R7.txt
   C:\Users\Joerg\AppData\Roaming\Microsoft\Windows\Cookies\PNMH16BE.txt
   C:\Users\Joerg\AppData\Roaming\Microsoft\Windows\Cookies\QB6JF2A1.txt
   C:\Users\Joerg\AppData\Roaming\Microsoft\Windows\Cookies\QDKU4MZE.txt
   C:\Users\Joerg\AppData\Roaming\Microsoft\Windows\Cookies\QIG6PYRW.txt
   C:\Users\Joerg\AppData\Roaming\Microsoft\Windows\Cookies\QPPQB2VA.txt
   C:\Users\Joerg\AppData\Roaming\Microsoft\Windows\Cookies\QQBXAT6B.txt
   C:\Users\Joerg\AppData\Roaming\Microsoft\Windows\Cookies\QRRKSZYM.txt
   C:\Users\Joerg\AppData\Roaming\Microsoft\Windows\Cookies\SLORWO2Z.txt
   C:\Users\Joerg\AppData\Roaming\Microsoft\Windows\Cookies\SRO2KZV3.txt
   C:\Users\Joerg\AppData\Roaming\Microsoft\Windows\Cookies\T3ODKN8I.txt
   C:\Users\Joerg\AppData\Roaming\Microsoft\Windows\Cookies\T3QYM35S.txt
   C:\Users\Joerg\AppData\Roaming\Microsoft\Windows\Cookies\TOR185J9.txt
   C:\Users\Joerg\AppData\Roaming\Microsoft\Windows\Cookies\UCPQOZUO.txt
   C:\Users\Joerg\AppData\Roaming\Microsoft\Windows\Cookies\VCYGSSUP.txt
   C:\Users\Joerg\AppData\Roaming\Microsoft\Windows\Cookies\VJLM3P4R.txt
   C:\Users\Joerg\AppData\Roaming\Microsoft\Windows\Cookies\WEZHL43N.txt
   C:\Users\Joerg\AppData\Roaming\Microsoft\Windows\Cookies\WHTKEARZ.txt
   C:\Users\Joerg\AppData\Roaming\Microsoft\Windows\Cookies\X6XZN0Z2.txt
   C:\Users\Joerg\AppData\Roaming\Microsoft\Windows\Cookies\Y33R4NNT.txt
   C:\Users\Joerg\AppData\Roaming\Microsoft\Windows\Cookies\Y8US9RKH.txt
   C:\Users\Joerg\AppData\Roaming\Microsoft\Windows\Cookies\Z6XWL8A9.txt

Beste Grüße und einen guten Wochenstart

Jörg

deeprybka · 23.06.2014, 10:48

OK, prima Mitarbeit von Dir!

Jetzt kommen noch Kontrollscans:

Schritt 1

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Schritt 2

Bitte starte FRST erneut, markiere auch die checkbox

und drücke auf Scan.
Bitte poste mir den Inhalt der beiden Logs die erstellt werden.

Schritt 3
Downloade dir bitte

Farbar Service Scanner

Starte das Tool mit Doppelklick auf die FSS.exe
Gehe sicher, dass folgende Optionen angehakt sind.
- Internet Services
- Windows Firewall
- System Restore
- Security Center/Action Center
- Windows Update
- Windows Defender
- Other Services
Klicke auf Scan.
Wenn das Tool fertig ist, wird es eine FSS.txt in dem Verzeichnis erstellen, wo das Tool gelaufen ist.

Poste bitte den Inhalt hier.

Gibt es jetzt noch Probleme mit dem PC? Wenn ja, welche?

winlocked · 23.06.2014, 16:43

Hallo Jürgen,

hier das ESET-Logfile:

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7587
# api_version=3.0.2
# EOSSerial=ecf6c9505f3f6043973513710cd071b8
# engine=18837
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-06-23 12:52:24
# local_time=2014-06-23 02:52:24 (+0100, W. Europe Daylight Time)
# country="Germany"
# lang=1031
# osver=6.1.7600 NT 
# compatibility_mode_1='Avira Desktop'
# compatibility_mode=1810 16777213 100 100 8171 148030718 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 41670644 155980535 0 0
# scanned=155476
# found=2
# cleaned=0
# scan_time=4605
sh=308C9AB1B887271B6083CE2C07008141A5F52A52 ft=1 fh=31688d33bef095f9 vn="Win32/Toolbar.Widgi evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files\PDFCreator\Toolbar\pdfforge Toolbar-4_4_0_setup.exe"
sh=8E05264386E7A5BB39DF521952AABC76624D493A ft=1 fh=3a6facd612fa631a vn="Win32/Toolbar.Widgi evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Joerg\Downloads\PDFCreator-1_2_2_setup.exe"

und hier die beiden FRST-Logs:

FRST.txt:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:22-06-2014
Ran by Joerg (administrator) on NW8440 on 23-06-2014 16:01:28
Running from C:\Users\Joerg\Desktop
Platform: Microsoft Windows 7 Ultimate  (X86) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(devolo AG) C:\Program Files\devolo\dlan\devolonetsvc.exe
() C:\Program Files\Polar\Daemon\polard.exe
() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
() C:\Program Files\Real\UpdateService\RealPlayerUpdateSvc.exe
(VMware, Inc.) C:\Program Files\VMware\VMware View\Client\bin\wsnm.exe
(VMware, Inc.) C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
(VMware, Inc.) C:\Program Files\VMware\VMware View\Client\bin\vmware-view-usbd.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe
(PFU LIMITED) C:\Windows\SSDriver\fi5110\SsWiaChecker.exe
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\Update\realsched.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(O3SIS AG) C:\Program Files\Deutsche Telekom\DataSync Outlook\DataSync Outlook.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
(PFU LIMITED) C:\Program Files\PFU\ScanSnap\CardMinder\CardLauncher.exe
(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\RPDS\Bin\rpsystray.exe
(PFU LIMITED) C:\Program Files\PFU\ScanSnap\Driver\PfuSsMon.exe
() C:\Program Files\WISO\Steuersoftware 2014\mshaktuell.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Nero AG) C:\Program Files\Nero\Update\NASvc.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(RealNetworks, Inc.) C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\ipmgui.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM\...\Run: [ScanSnap WIA Service Checker] => C:\Windows\SSDriver\fi5110\SsWiaChecker.exe [86016 2009-09-30] (PFU LIMITED)
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2009-03-12] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [ArcSoft Connection Service] => C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [737872 2014-06-09] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKLM\...\Run: [TkBellExe] => c:\program files\real\realplayer\Update\realsched.exe [296520 2014-05-01] (RealNetworks, Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-05-07] (Oracle Corporation)
HKU\S-1-5-21-1486621387-3127899674-3502170536-1000\...\Run: [DataSync Outlook] => C:\Program Files\Deutsche Telekom\DataSync Outlook\DataSync Outlook.exe [720896 2009-12-07] (O3SIS AG)
HKU\S-1-5-21-1486621387-3127899674-3502170536-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [18709248 2013-01-08] (Skype Technologies S.A.)
HKU\S-1-5-21-1486621387-3127899674-3502170536-1000\...\Run: [iCloudServices] => C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-10-31] (Apple Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CardMinder Viewer.lnk
ShortcutTarget: CardMinder Viewer.lnk -> C:\Program Files\PFU\ScanSnap\CardMinder\CardLauncher.exe (PFU LIMITED)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\In PDF-Datei mit ScanSnap Organizer konvertieren.lnk
ShortcutTarget: In PDF-Datei mit ScanSnap Organizer konvertieren.lnk -> C:\Program Files\PFU\ScanSnap\Organizer\PfuSsOrgOcrChk.exe (PFU LIMITED)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealPlayer Cloud Service UI.lnk
ShortcutTarget: RealPlayer Cloud Service UI.lnk -> C:\Program Files\Real\RealPlayer\RPDS\Bin\rpsystray.exe (RealNetworks, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ScanSnap Manager.lnk
ShortcutTarget: ScanSnap Manager.lnk -> C:\Program Files\PFU\ScanSnap\Driver\PfuSsMon.exe (PFU LIMITED)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Steuer-Sparbuch heute.lnk
ShortcutTarget: WISO Mein Steuer-Sparbuch heute.lnk -> C:\Program Files\WISO\Steuersoftware 2014\mshaktuell.exe ()
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 1 (GFS Unread Stub) -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} => C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 2 (GFS Stub) -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 2.5 (GFS Unread Folder) -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} => C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 3 (GFS Folder) -> {16F3DD56-1AF5-4347-846D-7C10C4192619} => C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 4 (GFS Unread Mark) -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x39AAED8C0D68CC01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1341150438697
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} hxxp://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect119b.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 01 %SystemRoot%\System32\mswsock.dll [232448] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.60.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.60.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @Nero.com/KM - C:\PROGRA~1\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF Plugin: @real.com/nppl3260;version=17.0.9.17 - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=17.0.9 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=17.0.9 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=17.0.9 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=17.0.9.17 - c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer Cloud)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Program Files\npAmazonMP3DownloaderPlugin101727.dll (Amazon.com, Inc.)
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-05-01]
FF HKLM\...\Firefox\Extensions: [fe_9.0@nokia.com] - C:\Program Files\Nokia\Nokia Suite\Connectors\Bookmarks Connector\FirefoxExtension_9.0
FF HKLM\...\Firefox\Extensions: [{53D8DD28-1C83-41F3-B171-C2ED5B3E5DE8}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-05-01]
FF HKLM\...\Thunderbird\Extensions: [te_9.0@nokia.com] - C:\Program Files\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_9.0

Chrome: 
=======
CHR HomePage: hxxp://www.google.com
CHR RestoreOnStartup: "hxxp://www.google.com"
CHR DefaultSearchURL: {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\22.0.1229.94\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.10.8) - C:\Program Files\Java\jre7\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U1) - C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Version Plugin) - c:\program files\real\realplayer\Netscape6\nprpjplug.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\22.0.1229.94\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\22.0.1229.94\pdf.dll No File
CHR Plugin: (Nero Kwik Media Helper) - C:\PROGRA~1\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll No File
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
CHR Plugin: (RealJukebox NS Plugin) - c:\program files\real\realplayer\Netscape6\nprjplug.dll No File
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR Extension: (YouTube) - C:\Users\Joerg\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-25]
CHR Extension: (Google Search) - C:\Users\Joerg\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-25]
CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Users\Joerg\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk [2011-11-06]
CHR Extension: (Skype Click to Call) - C:\Users\Joerg\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2012-11-11]
CHR Extension: (Gmail) - C:\Users\Joerg\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-25]
CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2014-04-06]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2012-11-22]

========================== Services (Whitelisted) =================

R2 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [430160 2014-06-09] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [430160 2014-06-09] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [1039440 2014-06-09] (Avira Operations GmbH & Co. KG)
R2 DevoloNetworkService; C:\Program Files\devolo\dlan\devolonetsvc.exe [3304768 2010-12-23] (devolo AG)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 NAUpdate; C:\Program Files\Nero\Update\NASvc.exe [690472 2011-07-22] (Nero AG)
R2 Polar Daemon; C:\Program Files\Polar\Daemon\polard.exe [413184 2012-08-17] () [File not signed]
R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39568 2014-04-06] ()
R2 RealPlayer Cloud Service; c:\program files\real\realplayer\RPDS\Bin\rpdsvc.exe [1141848 2014-05-01] (RealNetworks, Inc.)
R2 RealPlayerUpdateSvc; C:\Program Files\Real\UpdateService\RealPlayerUpdateSvc.exe [23552 2014-04-07] () [File not signed]
R2 VMUSBArbService; C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe [671344 2012-04-10] (VMware, Inc.)
R2 vmware-view-usbd; C:\Program Files\VMware\VMware View\Client\bin\vmware-view-usbd.exe [2370560 2012-05-02] (VMware, Inc.) [File not signed]
R2 wsnm; C:\Program Files\VMware\VMware View\Client\bin\wsnm.exe [472176 2012-05-02] (VMware, Inc.)

==================== Drivers (Whitelisted) ====================

R3 Afc; C:\Windows\System32\drivers\Afc.sys [18688 2006-11-10] (Arcsoft, Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [93528 2014-06-09] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2014-06-09] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-11-26] (Avira Operations GmbH & Co. KG)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [377648 2014-06-23] (Symantec Corporation)
R2 hcmon; C:\Windows\system32\drivers\hcmon.sys [41456 2012-04-10] (VMware, Inc.)
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [30976 2014-06-23] ()
S3 KMWDFILTERx86; C:\Windows\System32\DRIVERS\KMWDFILTER.sys [25088 2009-04-29] (Windows (R) Codename Longhorn DDK provider)
R2 NPF_devolo; C:\Windows\system32\drivers\npf_devolo.sys [35840 2010-06-10] (CACE Technologies) [File not signed]
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-02-26] (Avira GmbH)
S3 vmusb; C:\Windows\System32\Drivers\vmusb.sys [31280 2012-04-10] (VMware, Inc.)
S3 catchme; \??\C:\Users\Joerg\AppData\Local\Temp\catchme.sys [X]
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [48128 2009-07-14] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-23 16:01 - 2014-06-23 16:01 - 00000000 ____D () C:\Users\Joerg\Desktop\FRST-OlderVersion
2014-06-23 13:33 - 2014-06-23 13:33 - 02347384 _____ (ESET) C:\Users\Joerg\Desktop\esetsmartinstaller_deu.exe
2014-06-23 07:45 - 2014-06-23 07:45 - 00017236 _____ () C:\Users\Joerg\Desktop\HitmanPro_20140623_0745.log
2014-06-23 07:45 - 2014-06-23 07:45 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe
2014-06-23 07:37 - 2014-06-23 07:56 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-06-23 07:37 - 2014-06-23 07:37 - 00030976 _____ () C:\Windows\system32\Drivers\hitmanpro37.sys
2014-06-23 07:36 - 2014-06-23 07:37 - 10094400 _____ (SurfRight B.V.) C:\Users\Joerg\Desktop\HitmanPro.exe
2014-06-23 06:37 - 2014-06-23 07:33 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-23 06:36 - 2014-06-23 06:36 - 00001064 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-06-23 06:36 - 2014-06-23 06:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-06-23 06:36 - 2014-06-23 06:36 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-23 06:36 - 2014-06-23 06:36 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2014-06-23 06:36 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-06-23 06:36 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-06-23 06:36 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-06-23 06:35 - 2014-06-23 06:35 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Joerg\Desktop\mbam-setup-2.0.2.1012.exe
2014-06-22 19:49 - 2014-06-22 19:49 - 00012444 _____ () C:\ComboFix.txt
2014-06-22 19:28 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-06-22 19:28 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-06-22 19:28 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-06-22 19:28 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-06-22 19:28 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-06-22 19:28 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-06-22 19:28 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-06-22 19:28 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-06-22 19:24 - 2014-06-22 19:49 - 00000000 ____D () C:\Qoobox
2014-06-22 19:24 - 2014-06-22 19:48 - 00000000 ____D () C:\Windows\erdnt
2014-06-22 19:21 - 2014-06-22 19:21 - 05209566 ____R (Swearware) C:\Users\Joerg\Desktop\ComboFix.exe
2014-06-22 17:22 - 2014-06-22 17:28 - 00034684 _____ () C:\Users\Joerg\Desktop\Addition.txt
2014-06-22 17:21 - 2014-06-23 16:02 - 00021211 _____ () C:\Users\Joerg\Desktop\FRST.txt
2014-06-22 17:21 - 2014-06-23 16:01 - 00000000 ____D () C:\FRST
2014-06-22 17:20 - 2014-06-23 16:01 - 01073152 _____ (Farbar) C:\Users\Joerg\Desktop\FRST.exe
2014-06-22 12:51 - 2014-06-22 13:02 - 00006705 _____ () C:\ProgramData\RUNDLL32.EXE-2916-F.txt
2014-06-22 12:19 - 2014-06-22 12:20 - 00000568 _____ () C:\ProgramData\RUNDLL32.EXE-2932-F.txt
2014-06-20 17:01 - 2014-06-20 17:02 - 00000499 _____ () C:\ProgramData\RUNDLL32.EXE-2868-F.txt
2014-06-19 15:24 - 2014-06-19 15:26 - 00001250 _____ () C:\ProgramData\RUNDLL32.EXE-2940-F.txt
2014-06-16 21:13 - 2014-06-16 21:13 - 00000115 _____ () C:\ProgramData\RUNDLL32.EXE-2444-F.txt
2014-06-16 09:16 - 2014-06-16 09:16 - 00000059 _____ () C:\ProgramData\RUNDLL32.EXE-2884-F.txt
2014-06-16 09:13 - 2014-06-16 09:14 - 00000814 _____ () C:\ProgramData\RUNDLL32.EXE-3684-F.txt
2014-06-16 08:18 - 2014-06-22 19:09 - 00000000 ____D () C:\ProgramData\04487DD24E0D21E58B91C85E7CE1B107
2014-06-09 14:34 - 2014-06-09 14:34 - 00000000 ____D () C:\ProgramData\kinoma
2014-06-09 13:55 - 2014-06-09 13:55 - 00000000 ____D () C:\Users\Joerg\Documents\My Books
2014-06-09 13:55 - 2014-06-09 13:55 - 00000000 ____D () C:\Users\Joerg\AppData\Local\kinoma
2014-06-09 13:42 - 2014-06-09 13:42 - 00000000 ____D () C:\Users\Joerg\AppData\Local\Sony Corporation
2014-06-09 13:42 - 2014-06-09 13:42 - 00000000 ____D () C:\Program Files\Sony
2014-06-09 13:35 - 2014-06-09 13:35 - 00000000 ____D () C:\Users\Joerg\AppData\Roaming\Sony Corporation
2014-06-09 13:35 - 2014-06-09 13:35 - 00000000 ____D () C:\ProgramData\Sony Corporation
2014-05-31 10:18 - 2014-05-31 10:18 - 00000000 ____D () C:\ProgramData\Oracle
2014-05-31 10:18 - 2014-05-31 10:18 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-05-31 10:17 - 2014-05-31 10:17 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-05-31 10:17 - 2014-05-31 10:17 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-05-31 10:17 - 2014-05-31 10:17 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-05-31 10:17 - 2014-05-31 10:17 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-05-31 10:17 - 2014-05-31 10:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-05-31 09:54 - 2014-05-31 09:54 - 00001415 _____ () C:\Users\Public\Desktop\Norton Security Scan.LNK
2014-05-31 09:53 - 2014-05-31 09:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security Scan
2014-05-31 09:53 - 2014-05-31 09:53 - 00000000 ____D () C:\Windows\system32\Drivers\NSS
2014-05-31 09:53 - 2014-05-31 09:53 - 00000000 ____D () C:\Program Files\Norton Security Scan

==================== One Month Modified Files and Folders =======

2014-06-23 16:02 - 2014-06-22 17:21 - 00021211 _____ () C:\Users\Joerg\Desktop\FRST.txt
2014-06-23 16:01 - 2014-06-23 16:01 - 00000000 ____D () C:\Users\Joerg\Desktop\FRST-OlderVersion
2014-06-23 16:01 - 2014-06-22 17:21 - 00000000 ____D () C:\FRST
2014-06-23 16:01 - 2014-06-22 17:20 - 01073152 _____ (Farbar) C:\Users\Joerg\Desktop\FRST.exe
2014-06-23 16:01 - 2009-07-14 06:39 - 00099924 _____ () C:\Windows\setupact.log
2014-06-23 16:00 - 2012-01-20 13:31 - 00000000 ____D () C:\Users\Joerg\AppData\Roaming\Skype
2014-06-23 16:00 - 2011-08-31 20:43 - 00730146 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-23 15:56 - 2013-07-08 06:58 - 00000440 ____H () C:\Windows\Tasks\Norton Security Scan for Joerg.job
2014-06-23 15:11 - 2011-11-06 14:22 - 00001096 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-23 15:05 - 2012-04-06 11:32 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-23 13:33 - 2014-06-23 13:33 - 02347384 _____ (ESET) C:\Users\Joerg\Desktop\esetsmartinstaller_deu.exe
2014-06-23 08:08 - 2009-07-14 06:34 - 00013216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-23 08:08 - 2009-07-14 06:34 - 00013216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-23 07:58 - 2011-11-06 14:22 - 00001092 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-23 07:58 - 2011-09-17 14:06 - 00116284 _____ () C:\Windows\PFRO.log
2014-06-23 07:58 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-23 07:56 - 2014-06-23 07:37 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-06-23 07:56 - 2011-08-31 20:32 - 01256187 _____ () C:\Windows\WindowsUpdate.log
2014-06-23 07:45 - 2014-06-23 07:45 - 00017236 _____ () C:\Users\Joerg\Desktop\HitmanPro_20140623_0745.log
2014-06-23 07:45 - 2014-06-23 07:45 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe
2014-06-23 07:37 - 2014-06-23 07:37 - 00030976 _____ () C:\Windows\system32\Drivers\hitmanpro37.sys
2014-06-23 07:37 - 2014-06-23 07:36 - 10094400 _____ (SurfRight B.V.) C:\Users\Joerg\Desktop\HitmanPro.exe
2014-06-23 07:33 - 2014-06-23 06:37 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-23 06:36 - 2014-06-23 06:36 - 00001064 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-06-23 06:36 - 2014-06-23 06:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-06-23 06:36 - 2014-06-23 06:36 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-23 06:36 - 2014-06-23 06:36 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2014-06-23 06:35 - 2014-06-23 06:35 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Joerg\Desktop\mbam-setup-2.0.2.1012.exe
2014-06-22 19:49 - 2014-06-22 19:49 - 00012444 _____ () C:\ComboFix.txt
2014-06-22 19:49 - 2014-06-22 19:24 - 00000000 ____D () C:\Qoobox
2014-06-22 19:49 - 2009-07-14 04:37 - 00000000 __RHD () C:\Users\Default
2014-06-22 19:49 - 2009-07-14 04:37 - 00000000 ___RD () C:\Users\Public
2014-06-22 19:48 - 2014-06-22 19:24 - 00000000 ____D () C:\Windows\erdnt
2014-06-22 19:44 - 2009-07-14 04:04 - 00000215 _____ () C:\Windows\system.ini
2014-06-22 19:40 - 2011-08-31 20:40 - 00000000 ____D () C:\Users\Joerg
2014-06-22 19:21 - 2014-06-22 19:21 - 05209566 ____R (Swearware) C:\Users\Joerg\Desktop\ComboFix.exe
2014-06-22 19:09 - 2014-06-16 08:18 - 00000000 ____D () C:\ProgramData\04487DD24E0D21E58B91C85E7CE1B107
2014-06-22 17:28 - 2014-06-22 17:22 - 00034684 _____ () C:\Users\Joerg\Desktop\Addition.txt
2014-06-22 13:02 - 2014-06-22 12:51 - 00006705 _____ () C:\ProgramData\RUNDLL32.EXE-2916-F.txt
2014-06-22 12:52 - 2012-04-12 13:20 - 00000000 ____D () C:\Users\Joerg\Documents\Mein Steuer-Sparbuch Heute
2014-06-22 12:20 - 2014-06-22 12:19 - 00000568 _____ () C:\ProgramData\RUNDLL32.EXE-2932-F.txt
2014-06-20 17:02 - 2014-06-20 17:01 - 00000499 _____ () C:\ProgramData\RUNDLL32.EXE-2868-F.txt
2014-06-19 15:26 - 2014-06-19 15:24 - 00001250 _____ () C:\ProgramData\RUNDLL32.EXE-2940-F.txt
2014-06-16 21:13 - 2014-06-16 21:13 - 00000115 _____ () C:\ProgramData\RUNDLL32.EXE-2444-F.txt
2014-06-16 18:11 - 2013-04-09 08:19 - 00000000 ____D () C:\Users\Sabine
2014-06-16 18:11 - 2013-01-05 17:56 - 00000000 ____D () C:\Users\Admin
2014-06-16 18:10 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\registration
2014-06-16 09:16 - 2014-06-16 09:16 - 00000059 _____ () C:\ProgramData\RUNDLL32.EXE-2884-F.txt
2014-06-16 09:14 - 2014-06-16 09:13 - 00000814 _____ () C:\ProgramData\RUNDLL32.EXE-3684-F.txt
2014-06-16 08:48 - 2011-11-06 14:22 - 00002129 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-06-16 08:24 - 2011-08-31 21:23 - 00108824 _____ () C:\Users\Joerg\AppData\Local\GDIPFONTCACHEV1.DAT
2014-06-09 14:34 - 2014-06-09 14:34 - 00000000 ____D () C:\ProgramData\kinoma
2014-06-09 13:55 - 2014-06-09 13:55 - 00000000 ____D () C:\Users\Joerg\Documents\My Books
2014-06-09 13:55 - 2014-06-09 13:55 - 00000000 ____D () C:\Users\Joerg\AppData\Local\kinoma
2014-06-09 13:42 - 2014-06-09 13:42 - 00000000 ____D () C:\Users\Joerg\AppData\Local\Sony Corporation
2014-06-09 13:42 - 2014-06-09 13:42 - 00000000 ____D () C:\Program Files\Sony
2014-06-09 13:35 - 2014-06-09 13:35 - 00000000 ____D () C:\Users\Joerg\AppData\Roaming\Sony Corporation
2014-06-09 13:35 - 2014-06-09 13:35 - 00000000 ____D () C:\ProgramData\Sony Corporation
2014-06-09 10:30 - 2013-02-26 09:14 - 00136216 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-06-09 10:30 - 2013-02-26 09:14 - 00093528 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-05-31 17:27 - 2013-02-03 18:16 - 00000000 ____D () C:\Program Files\Common Files\Adobe AIR
2014-05-31 10:18 - 2014-05-31 10:18 - 00000000 ____D () C:\ProgramData\Oracle
2014-05-31 10:18 - 2014-05-31 10:18 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-05-31 10:17 - 2014-05-31 10:17 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-05-31 10:17 - 2014-05-31 10:17 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-05-31 10:17 - 2014-05-31 10:17 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-05-31 10:17 - 2014-05-31 10:17 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-05-31 10:17 - 2014-05-31 10:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-05-31 10:05 - 2012-06-08 18:34 - 00000000 ____D () C:\Program Files\Common Files\Symantec Shared
2014-05-31 09:54 - 2014-05-31 09:54 - 00001415 _____ () C:\Users\Public\Desktop\Norton Security Scan.LNK
2014-05-31 09:54 - 2014-05-31 09:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security Scan
2014-05-31 09:53 - 2014-05-31 09:53 - 00000000 ____D () C:\Windows\system32\Drivers\NSS
2014-05-31 09:53 - 2014-05-31 09:53 - 00000000 ____D () C:\Program Files\Norton Security Scan
2014-05-31 09:53 - 2012-05-27 10:29 - 00000000 ____D () C:\ProgramData\Norton
2014-05-24 13:21 - 2011-09-25 11:44 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk

Files to move or delete:
====================
C:\ProgramData\02qrlcw.ctrl
C:\ProgramData\02qrlcw.pff
C:\ProgramData\bnrjrtjbn.ctrl
C:\ProgramData\bnrjrtjbn.pff
C:\Users\Joerg\AmazonMP3Downloader.exe


Some content of TEMP:
====================
C:\Users\Joerg\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-06-22 17:44

==================== End Of Log ============================

--- --- ---

Addition.txt:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:22-06-2014
Ran by Joerg (administrator) on NW8440 on 23-06-2014 16:01:28
Running from C:\Users\Joerg\Desktop
Platform: Microsoft Windows 7 Ultimate  (X86) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(devolo AG) C:\Program Files\devolo\dlan\devolonetsvc.exe
() C:\Program Files\Polar\Daemon\polard.exe
() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
() C:\Program Files\Real\UpdateService\RealPlayerUpdateSvc.exe
(VMware, Inc.) C:\Program Files\VMware\VMware View\Client\bin\wsnm.exe
(VMware, Inc.) C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
(VMware, Inc.) C:\Program Files\VMware\VMware View\Client\bin\vmware-view-usbd.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe
(PFU LIMITED) C:\Windows\SSDriver\fi5110\SsWiaChecker.exe
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\Update\realsched.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(O3SIS AG) C:\Program Files\Deutsche Telekom\DataSync Outlook\DataSync Outlook.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
(PFU LIMITED) C:\Program Files\PFU\ScanSnap\CardMinder\CardLauncher.exe
(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\RPDS\Bin\rpsystray.exe
(PFU LIMITED) C:\Program Files\PFU\ScanSnap\Driver\PfuSsMon.exe
() C:\Program Files\WISO\Steuersoftware 2014\mshaktuell.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Nero AG) C:\Program Files\Nero\Update\NASvc.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(RealNetworks, Inc.) C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\ipmgui.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM\...\Run: [ScanSnap WIA Service Checker] => C:\Windows\SSDriver\fi5110\SsWiaChecker.exe [86016 2009-09-30] (PFU LIMITED)
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2009-03-12] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [ArcSoft Connection Service] => C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [737872 2014-06-09] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKLM\...\Run: [TkBellExe] => c:\program files\real\realplayer\Update\realsched.exe [296520 2014-05-01] (RealNetworks, Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-05-07] (Oracle Corporation)
HKU\S-1-5-21-1486621387-3127899674-3502170536-1000\...\Run: [DataSync Outlook] => C:\Program Files\Deutsche Telekom\DataSync Outlook\DataSync Outlook.exe [720896 2009-12-07] (O3SIS AG)
HKU\S-1-5-21-1486621387-3127899674-3502170536-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [18709248 2013-01-08] (Skype Technologies S.A.)
HKU\S-1-5-21-1486621387-3127899674-3502170536-1000\...\Run: [iCloudServices] => C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-10-31] (Apple Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CardMinder Viewer.lnk
ShortcutTarget: CardMinder Viewer.lnk -> C:\Program Files\PFU\ScanSnap\CardMinder\CardLauncher.exe (PFU LIMITED)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\In PDF-Datei mit ScanSnap Organizer konvertieren.lnk
ShortcutTarget: In PDF-Datei mit ScanSnap Organizer konvertieren.lnk -> C:\Program Files\PFU\ScanSnap\Organizer\PfuSsOrgOcrChk.exe (PFU LIMITED)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealPlayer Cloud Service UI.lnk
ShortcutTarget: RealPlayer Cloud Service UI.lnk -> C:\Program Files\Real\RealPlayer\RPDS\Bin\rpsystray.exe (RealNetworks, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ScanSnap Manager.lnk
ShortcutTarget: ScanSnap Manager.lnk -> C:\Program Files\PFU\ScanSnap\Driver\PfuSsMon.exe (PFU LIMITED)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Steuer-Sparbuch heute.lnk
ShortcutTarget: WISO Mein Steuer-Sparbuch heute.lnk -> C:\Program Files\WISO\Steuersoftware 2014\mshaktuell.exe ()
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 1 (GFS Unread Stub) -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} => C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 2 (GFS Stub) -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 2.5 (GFS Unread Folder) -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} => C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 3 (GFS Folder) -> {16F3DD56-1AF5-4347-846D-7C10C4192619} => C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 4 (GFS Unread Mark) -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x39AAED8C0D68CC01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1341150438697
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} hxxp://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect119b.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 01 %SystemRoot%\System32\mswsock.dll [232448] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.60.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.60.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @Nero.com/KM - C:\PROGRA~1\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF Plugin: @real.com/nppl3260;version=17.0.9.17 - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=17.0.9 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=17.0.9 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=17.0.9 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=17.0.9.17 - c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer Cloud)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Program Files\npAmazonMP3DownloaderPlugin101727.dll (Amazon.com, Inc.)
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-05-01]
FF HKLM\...\Firefox\Extensions: [fe_9.0@nokia.com] - C:\Program Files\Nokia\Nokia Suite\Connectors\Bookmarks Connector\FirefoxExtension_9.0
FF HKLM\...\Firefox\Extensions: [{53D8DD28-1C83-41F3-B171-C2ED5B3E5DE8}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-05-01]
FF HKLM\...\Thunderbird\Extensions: [te_9.0@nokia.com] - C:\Program Files\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_9.0

Chrome: 
=======
CHR HomePage: hxxp://www.google.com
CHR RestoreOnStartup: "hxxp://www.google.com"
CHR DefaultSearchURL: {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\22.0.1229.94\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.10.8) - C:\Program Files\Java\jre7\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U1) - C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Version Plugin) - c:\program files\real\realplayer\Netscape6\nprpjplug.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\22.0.1229.94\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\22.0.1229.94\pdf.dll No File
CHR Plugin: (Nero Kwik Media Helper) - C:\PROGRA~1\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll No File
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
CHR Plugin: (RealJukebox NS Plugin) - c:\program files\real\realplayer\Netscape6\nprjplug.dll No File
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR Extension: (YouTube) - C:\Users\Joerg\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-25]
CHR Extension: (Google Search) - C:\Users\Joerg\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-25]
CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Users\Joerg\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk [2011-11-06]
CHR Extension: (Skype Click to Call) - C:\Users\Joerg\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2012-11-11]
CHR Extension: (Gmail) - C:\Users\Joerg\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-25]
CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2014-04-06]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2012-11-22]

========================== Services (Whitelisted) =================

R2 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [430160 2014-06-09] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [430160 2014-06-09] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [1039440 2014-06-09] (Avira Operations GmbH & Co. KG)
R2 DevoloNetworkService; C:\Program Files\devolo\dlan\devolonetsvc.exe [3304768 2010-12-23] (devolo AG)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 NAUpdate; C:\Program Files\Nero\Update\NASvc.exe [690472 2011-07-22] (Nero AG)
R2 Polar Daemon; C:\Program Files\Polar\Daemon\polard.exe [413184 2012-08-17] () [File not signed]
R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39568 2014-04-06] ()
R2 RealPlayer Cloud Service; c:\program files\real\realplayer\RPDS\Bin\rpdsvc.exe [1141848 2014-05-01] (RealNetworks, Inc.)
R2 RealPlayerUpdateSvc; C:\Program Files\Real\UpdateService\RealPlayerUpdateSvc.exe [23552 2014-04-07] () [File not signed]
R2 VMUSBArbService; C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe [671344 2012-04-10] (VMware, Inc.)
R2 vmware-view-usbd; C:\Program Files\VMware\VMware View\Client\bin\vmware-view-usbd.exe [2370560 2012-05-02] (VMware, Inc.) [File not signed]
R2 wsnm; C:\Program Files\VMware\VMware View\Client\bin\wsnm.exe [472176 2012-05-02] (VMware, Inc.)

==================== Drivers (Whitelisted) ====================

R3 Afc; C:\Windows\System32\drivers\Afc.sys [18688 2006-11-10] (Arcsoft, Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [93528 2014-06-09] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2014-06-09] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-11-26] (Avira Operations GmbH & Co. KG)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [377648 2014-06-23] (Symantec Corporation)
R2 hcmon; C:\Windows\system32\drivers\hcmon.sys [41456 2012-04-10] (VMware, Inc.)
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [30976 2014-06-23] ()
S3 KMWDFILTERx86; C:\Windows\System32\DRIVERS\KMWDFILTER.sys [25088 2009-04-29] (Windows (R) Codename Longhorn DDK provider)
R2 NPF_devolo; C:\Windows\system32\drivers\npf_devolo.sys [35840 2010-06-10] (CACE Technologies) [File not signed]
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-02-26] (Avira GmbH)
S3 vmusb; C:\Windows\System32\Drivers\vmusb.sys [31280 2012-04-10] (VMware, Inc.)
S3 catchme; \??\C:\Users\Joerg\AppData\Local\Temp\catchme.sys [X]
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [48128 2009-07-14] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-23 16:01 - 2014-06-23 16:01 - 00000000 ____D () C:\Users\Joerg\Desktop\FRST-OlderVersion
2014-06-23 13:33 - 2014-06-23 13:33 - 02347384 _____ (ESET) C:\Users\Joerg\Desktop\esetsmartinstaller_deu.exe
2014-06-23 07:45 - 2014-06-23 07:45 - 00017236 _____ () C:\Users\Joerg\Desktop\HitmanPro_20140623_0745.log
2014-06-23 07:45 - 2014-06-23 07:45 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe
2014-06-23 07:37 - 2014-06-23 07:56 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-06-23 07:37 - 2014-06-23 07:37 - 00030976 _____ () C:\Windows\system32\Drivers\hitmanpro37.sys
2014-06-23 07:36 - 2014-06-23 07:37 - 10094400 _____ (SurfRight B.V.) C:\Users\Joerg\Desktop\HitmanPro.exe
2014-06-23 06:37 - 2014-06-23 07:33 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-23 06:36 - 2014-06-23 06:36 - 00001064 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-06-23 06:36 - 2014-06-23 06:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-06-23 06:36 - 2014-06-23 06:36 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-23 06:36 - 2014-06-23 06:36 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2014-06-23 06:36 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-06-23 06:36 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-06-23 06:36 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-06-23 06:35 - 2014-06-23 06:35 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Joerg\Desktop\mbam-setup-2.0.2.1012.exe
2014-06-22 19:49 - 2014-06-22 19:49 - 00012444 _____ () C:\ComboFix.txt
2014-06-22 19:28 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-06-22 19:28 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-06-22 19:28 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-06-22 19:28 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-06-22 19:28 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-06-22 19:28 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-06-22 19:28 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-06-22 19:28 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-06-22 19:24 - 2014-06-22 19:49 - 00000000 ____D () C:\Qoobox
2014-06-22 19:24 - 2014-06-22 19:48 - 00000000 ____D () C:\Windows\erdnt
2014-06-22 19:21 - 2014-06-22 19:21 - 05209566 ____R (Swearware) C:\Users\Joerg\Desktop\ComboFix.exe
2014-06-22 17:22 - 2014-06-22 17:28 - 00034684 _____ () C:\Users\Joerg\Desktop\Addition.txt
2014-06-22 17:21 - 2014-06-23 16:02 - 00021211 _____ () C:\Users\Joerg\Desktop\FRST.txt
2014-06-22 17:21 - 2014-06-23 16:01 - 00000000 ____D () C:\FRST
2014-06-22 17:20 - 2014-06-23 16:01 - 01073152 _____ (Farbar) C:\Users\Joerg\Desktop\FRST.exe
2014-06-22 12:51 - 2014-06-22 13:02 - 00006705 _____ () C:\ProgramData\RUNDLL32.EXE-2916-F.txt
2014-06-22 12:19 - 2014-06-22 12:20 - 00000568 _____ () C:\ProgramData\RUNDLL32.EXE-2932-F.txt
2014-06-20 17:01 - 2014-06-20 17:02 - 00000499 _____ () C:\ProgramData\RUNDLL32.EXE-2868-F.txt
2014-06-19 15:24 - 2014-06-19 15:26 - 00001250 _____ () C:\ProgramData\RUNDLL32.EXE-2940-F.txt
2014-06-16 21:13 - 2014-06-16 21:13 - 00000115 _____ () C:\ProgramData\RUNDLL32.EXE-2444-F.txt
2014-06-16 09:16 - 2014-06-16 09:16 - 00000059 _____ () C:\ProgramData\RUNDLL32.EXE-2884-F.txt
2014-06-16 09:13 - 2014-06-16 09:14 - 00000814 _____ () C:\ProgramData\RUNDLL32.EXE-3684-F.txt
2014-06-16 08:18 - 2014-06-22 19:09 - 00000000 ____D () C:\ProgramData\04487DD24E0D21E58B91C85E7CE1B107
2014-06-09 14:34 - 2014-06-09 14:34 - 00000000 ____D () C:\ProgramData\kinoma
2014-06-09 13:55 - 2014-06-09 13:55 - 00000000 ____D () C:\Users\Joerg\Documents\My Books
2014-06-09 13:55 - 2014-06-09 13:55 - 00000000 ____D () C:\Users\Joerg\AppData\Local\kinoma
2014-06-09 13:42 - 2014-06-09 13:42 - 00000000 ____D () C:\Users\Joerg\AppData\Local\Sony Corporation
2014-06-09 13:42 - 2014-06-09 13:42 - 00000000 ____D () C:\Program Files\Sony
2014-06-09 13:35 - 2014-06-09 13:35 - 00000000 ____D () C:\Users\Joerg\AppData\Roaming\Sony Corporation
2014-06-09 13:35 - 2014-06-09 13:35 - 00000000 ____D () C:\ProgramData\Sony Corporation
2014-05-31 10:18 - 2014-05-31 10:18 - 00000000 ____D () C:\ProgramData\Oracle
2014-05-31 10:18 - 2014-05-31 10:18 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-05-31 10:17 - 2014-05-31 10:17 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-05-31 10:17 - 2014-05-31 10:17 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-05-31 10:17 - 2014-05-31 10:17 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-05-31 10:17 - 2014-05-31 10:17 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-05-31 10:17 - 2014-05-31 10:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-05-31 09:54 - 2014-05-31 09:54 - 00001415 _____ () C:\Users\Public\Desktop\Norton Security Scan.LNK
2014-05-31 09:53 - 2014-05-31 09:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security Scan
2014-05-31 09:53 - 2014-05-31 09:53 - 00000000 ____D () C:\Windows\system32\Drivers\NSS
2014-05-31 09:53 - 2014-05-31 09:53 - 00000000 ____D () C:\Program Files\Norton Security Scan

==================== One Month Modified Files and Folders =======

2014-06-23 16:02 - 2014-06-22 17:21 - 00021211 _____ () C:\Users\Joerg\Desktop\FRST.txt
2014-06-23 16:01 - 2014-06-23 16:01 - 00000000 ____D () C:\Users\Joerg\Desktop\FRST-OlderVersion
2014-06-23 16:01 - 2014-06-22 17:21 - 00000000 ____D () C:\FRST
2014-06-23 16:01 - 2014-06-22 17:20 - 01073152 _____ (Farbar) C:\Users\Joerg\Desktop\FRST.exe
2014-06-23 16:01 - 2009-07-14 06:39 - 00099924 _____ () C:\Windows\setupact.log
2014-06-23 16:00 - 2012-01-20 13:31 - 00000000 ____D () C:\Users\Joerg\AppData\Roaming\Skype
2014-06-23 16:00 - 2011-08-31 20:43 - 00730146 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-23 15:56 - 2013-07-08 06:58 - 00000440 ____H () C:\Windows\Tasks\Norton Security Scan for Joerg.job
2014-06-23 15:11 - 2011-11-06 14:22 - 00001096 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-23 15:05 - 2012-04-06 11:32 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-23 13:33 - 2014-06-23 13:33 - 02347384 _____ (ESET) C:\Users\Joerg\Desktop\esetsmartinstaller_deu.exe
2014-06-23 08:08 - 2009-07-14 06:34 - 00013216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-23 08:08 - 2009-07-14 06:34 - 00013216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-23 07:58 - 2011-11-06 14:22 - 00001092 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-23 07:58 - 2011-09-17 14:06 - 00116284 _____ () C:\Windows\PFRO.log
2014-06-23 07:58 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-23 07:56 - 2014-06-23 07:37 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-06-23 07:56 - 2011-08-31 20:32 - 01256187 _____ () C:\Windows\WindowsUpdate.log
2014-06-23 07:45 - 2014-06-23 07:45 - 00017236 _____ () C:\Users\Joerg\Desktop\HitmanPro_20140623_0745.log
2014-06-23 07:45 - 2014-06-23 07:45 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe
2014-06-23 07:37 - 2014-06-23 07:37 - 00030976 _____ () C:\Windows\system32\Drivers\hitmanpro37.sys
2014-06-23 07:37 - 2014-06-23 07:36 - 10094400 _____ (SurfRight B.V.) C:\Users\Joerg\Desktop\HitmanPro.exe
2014-06-23 07:33 - 2014-06-23 06:37 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-23 06:36 - 2014-06-23 06:36 - 00001064 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-06-23 06:36 - 2014-06-23 06:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-06-23 06:36 - 2014-06-23 06:36 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-23 06:36 - 2014-06-23 06:36 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2014-06-23 06:35 - 2014-06-23 06:35 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Joerg\Desktop\mbam-setup-2.0.2.1012.exe
2014-06-22 19:49 - 2014-06-22 19:49 - 00012444 _____ () C:\ComboFix.txt
2014-06-22 19:49 - 2014-06-22 19:24 - 00000000 ____D () C:\Qoobox
2014-06-22 19:49 - 2009-07-14 04:37 - 00000000 __RHD () C:\Users\Default
2014-06-22 19:49 - 2009-07-14 04:37 - 00000000 ___RD () C:\Users\Public
2014-06-22 19:48 - 2014-06-22 19:24 - 00000000 ____D () C:\Windows\erdnt
2014-06-22 19:44 - 2009-07-14 04:04 - 00000215 _____ () C:\Windows\system.ini
2014-06-22 19:40 - 2011-08-31 20:40 - 00000000 ____D () C:\Users\Joerg
2014-06-22 19:21 - 2014-06-22 19:21 - 05209566 ____R (Swearware) C:\Users\Joerg\Desktop\ComboFix.exe
2014-06-22 19:09 - 2014-06-16 08:18 - 00000000 ____D () C:\ProgramData\04487DD24E0D21E58B91C85E7CE1B107
2014-06-22 17:28 - 2014-06-22 17:22 - 00034684 _____ () C:\Users\Joerg\Desktop\Addition.txt
2014-06-22 13:02 - 2014-06-22 12:51 - 00006705 _____ () C:\ProgramData\RUNDLL32.EXE-2916-F.txt
2014-06-22 12:52 - 2012-04-12 13:20 - 00000000 ____D () C:\Users\Joerg\Documents\Mein Steuer-Sparbuch Heute
2014-06-22 12:20 - 2014-06-22 12:19 - 00000568 _____ () C:\ProgramData\RUNDLL32.EXE-2932-F.txt
2014-06-20 17:02 - 2014-06-20 17:01 - 00000499 _____ () C:\ProgramData\RUNDLL32.EXE-2868-F.txt
2014-06-19 15:26 - 2014-06-19 15:24 - 00001250 _____ () C:\ProgramData\RUNDLL32.EXE-2940-F.txt
2014-06-16 21:13 - 2014-06-16 21:13 - 00000115 _____ () C:\ProgramData\RUNDLL32.EXE-2444-F.txt
2014-06-16 18:11 - 2013-04-09 08:19 - 00000000 ____D () C:\Users\Sabine
2014-06-16 18:11 - 2013-01-05 17:56 - 00000000 ____D () C:\Users\Admin
2014-06-16 18:10 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\registration
2014-06-16 09:16 - 2014-06-16 09:16 - 00000059 _____ () C:\ProgramData\RUNDLL32.EXE-2884-F.txt
2014-06-16 09:14 - 2014-06-16 09:13 - 00000814 _____ () C:\ProgramData\RUNDLL32.EXE-3684-F.txt
2014-06-16 08:48 - 2011-11-06 14:22 - 00002129 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-06-16 08:24 - 2011-08-31 21:23 - 00108824 _____ () C:\Users\Joerg\AppData\Local\GDIPFONTCACHEV1.DAT
2014-06-09 14:34 - 2014-06-09 14:34 - 00000000 ____D () C:\ProgramData\kinoma
2014-06-09 13:55 - 2014-06-09 13:55 - 00000000 ____D () C:\Users\Joerg\Documents\My Books
2014-06-09 13:55 - 2014-06-09 13:55 - 00000000 ____D () C:\Users\Joerg\AppData\Local\kinoma
2014-06-09 13:42 - 2014-06-09 13:42 - 00000000 ____D () C:\Users\Joerg\AppData\Local\Sony Corporation
2014-06-09 13:42 - 2014-06-09 13:42 - 00000000 ____D () C:\Program Files\Sony
2014-06-09 13:35 - 2014-06-09 13:35 - 00000000 ____D () C:\Users\Joerg\AppData\Roaming\Sony Corporation
2014-06-09 13:35 - 2014-06-09 13:35 - 00000000 ____D () C:\ProgramData\Sony Corporation
2014-06-09 10:30 - 2013-02-26 09:14 - 00136216 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-06-09 10:30 - 2013-02-26 09:14 - 00093528 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-05-31 17:27 - 2013-02-03 18:16 - 00000000 ____D () C:\Program Files\Common Files\Adobe AIR
2014-05-31 10:18 - 2014-05-31 10:18 - 00000000 ____D () C:\ProgramData\Oracle
2014-05-31 10:18 - 2014-05-31 10:18 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-05-31 10:17 - 2014-05-31 10:17 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-05-31 10:17 - 2014-05-31 10:17 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-05-31 10:17 - 2014-05-31 10:17 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-05-31 10:17 - 2014-05-31 10:17 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-05-31 10:17 - 2014-05-31 10:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-05-31 10:05 - 2012-06-08 18:34 - 00000000 ____D () C:\Program Files\Common Files\Symantec Shared
2014-05-31 09:54 - 2014-05-31 09:54 - 00001415 _____ () C:\Users\Public\Desktop\Norton Security Scan.LNK
2014-05-31 09:54 - 2014-05-31 09:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security Scan
2014-05-31 09:53 - 2014-05-31 09:53 - 00000000 ____D () C:\Windows\system32\Drivers\NSS
2014-05-31 09:53 - 2014-05-31 09:53 - 00000000 ____D () C:\Program Files\Norton Security Scan
2014-05-31 09:53 - 2012-05-27 10:29 - 00000000 ____D () C:\ProgramData\Norton
2014-05-24 13:21 - 2011-09-25 11:44 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk

Files to move or delete:
====================
C:\ProgramData\02qrlcw.ctrl
C:\ProgramData\02qrlcw.pff
C:\ProgramData\bnrjrtjbn.ctrl
C:\ProgramData\bnrjrtjbn.pff
C:\Users\Joerg\AmazonMP3Downloader.exe


Some content of TEMP:
====================
C:\Users\Joerg\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-06-22 17:44

==================== End Of Log ============================

--- --- ---

Und hier noch der Farbar Service Scanner:

Code:

ATTFilter

Farbar Service Scanner Version: 10-06-2014
Ran by Joerg (administrator) on 23-06-2014 at 17:40:02
Running from "C:\Users\Joerg\Desktop"
Microsoft Windows 7 Ultimate   (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy: 
==================


System Restore:
============

System Restore Disabled Policy: 
========================


Action Center:
============

Action Center Notification Icon =====> Unable to open HKLM\...\ShellServiceObjects\{F56F6FDD-AA9D-4618-A949-C1B91AF43B1A} key. The key does not exist.


Windows Update:
============

Windows Autoupdate Disabled Policy: 
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy: 
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\system32\nsisvc.dll => File is digitally signed
C:\Windows\system32\Drivers\nsiproxy.sys => File is digitally signed
C:\Windows\system32\dhcpcore.dll => File is digitally signed
C:\Windows\system32\Drivers\afd.sys => File is digitally signed
C:\Windows\system32\Drivers\tdx.sys => File is digitally signed
C:\Windows\system32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\system32\dnsrslvr.dll => File is digitally signed
C:\Windows\system32\mpssvc.dll => File is digitally signed
C:\Windows\system32\bfe.dll => File is digitally signed
C:\Windows\system32\Drivers\mpsdrv.sys => File is digitally signed
C:\Windows\system32\SDRSVC.dll => File is digitally signed
C:\Windows\system32\vssvc.exe => File is digitally signed
C:\Windows\system32\wscsvc.dll => File is digitally signed
C:\Windows\system32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\system32\wuaueng.dll => File is digitally signed
C:\Windows\system32\qmgr.dll => File is digitally signed
C:\Windows\system32\es.dll => File is digitally signed
C:\Windows\system32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\system32\ipnathlp.dll => File is digitally signed
C:\Windows\system32\iphlpsvc.dll => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed


**** End of log ****

Danke Dir für Deine Unterstützung.

Zweie Fragen seien noch erlaubt:

Ist der Rechner wieder clean?
Was kann ich tun, um zukünftig einen besseren Schutz zu haben?
Habe bisher die Userkennungen ohne Admin-Rechte eingerichtet und die kostenlose Version von Antivira laufen.

Grüße
Jörg

deeprybka · 23.06.2014, 16:53

Hi, eines nach dem anderen OK?

Ich sag Dir schon wenn wir fertig sind. Bitte noch das Addition.txt Log posten...

winlocked · 23.06.2014, 21:10

Sorry, hatte wohl zwei Mal das gleich rein kopiert :-(

Jetzt das Addition.txt log

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x86) Version:22-06-2014
Ran by Joerg at 2014-06-23 16:02:19
Running from C:\Users\Joerg\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

7-Zip 9.20 (HKLM\...\7-Zip) (Version:  - )
ABBYY FineReader for ScanSnap (TM) 4.1 (HKLM\...\{FB400000-0002-0000-0000-074957833700}) (Version: 8.02.380.7259 - ABBYY)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 13.0.0.111 - Adobe Systems Incorporated)
Adobe AIR (Version: 13.0.0.111 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 13 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Reader X (10.1.10) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.10 - Adobe Systems Incorporated)
Amazon MP3-Downloader 1.0.17 (HKLM\...\Amazon MP3-Downloader) (Version: 1.0.17 - Amazon Services LLC)
AMD APP SDK Runtime (Version: 10.0.938.2 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{33FFD86B-569C-9E8D-6659-A1F84D07CAD0}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)
Apple Application Support (HKLM\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{18D47FA1-0440-48D3-A7E0-DA09537FF471}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArcSoft MediaImpression 2 (HKLM\...\{81FC0476-9507-4CD3-95A7-2BE60E256D1D}) (Version: 2.0.27.846 - ArcSoft)
AuthenTec TrueSuite (HKLM\...\{E6C44758-FF49-47D1-8182-65E3818ACE23}) (Version: 2.0.0.57 - AuthenTec, Inc.)
Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.4.672 - Avira)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
CardMinder (HKLM\...\{D4F2AFD3-0167-4464-B92F-78AB6DA8A0AA}) (Version: V4.1L10 - PFU)
CardMinder V4.1 (Version: 4.1.10.1 - PFU) Hidden
Catalyst Control Center - Branding (Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Core Implementation (Version: 2009.0312.2223.38381 - ATI) Hidden
Catalyst Control Center Graphics Full Existing (Version: 2009.0312.2223.38381 - ATI) Hidden
Catalyst Control Center Graphics Full New (Version: 2009.0312.2223.38381 - ATI) Hidden
Catalyst Control Center Graphics Light (Version: 2009.0312.2223.38381 - ATI) Hidden
Catalyst Control Center Graphics Previews Vista (Version: 2009.0312.2223.38381 - ATI) Hidden
Catalyst Control Center Localization All (Version: 2009.0312.2223.38381 - ATI) Hidden
CCC Help Chinese Standard (Version: 2009.0312.2222.38381 - ATI) Hidden
CCC Help Chinese Traditional (Version: 2009.0312.2222.38381 - ATI) Hidden
CCC Help Czech (Version: 2009.0312.2222.38381 - ATI) Hidden
CCC Help Danish (Version: 2009.0312.2222.38381 - ATI) Hidden
CCC Help Dutch (Version: 2009.0312.2222.38381 - ATI) Hidden
CCC Help English (Version: 2009.0312.2222.38381 - ATI) Hidden
CCC Help Finnish (Version: 2009.0312.2222.38381 - ATI) Hidden
CCC Help French (Version: 2009.0312.2222.38381 - ATI) Hidden
CCC Help German (Version: 2009.0312.2222.38381 - ATI) Hidden
CCC Help Greek (Version: 2009.0312.2222.38381 - ATI) Hidden
CCC Help Hungarian (Version: 2009.0312.2222.38381 - ATI) Hidden
CCC Help Italian (Version: 2009.0312.2222.38381 - ATI) Hidden
CCC Help Japanese (Version: 2009.0312.2222.38381 - ATI) Hidden
CCC Help Korean (Version: 2009.0312.2222.38381 - ATI) Hidden
CCC Help Norwegian (Version: 2009.0312.2222.38381 - ATI) Hidden
CCC Help Polish (Version: 2009.0312.2222.38381 - ATI) Hidden
CCC Help Portuguese (Version: 2009.0312.2222.38381 - ATI) Hidden
CCC Help Russian (Version: 2009.0312.2222.38381 - ATI) Hidden
CCC Help Spanish (Version: 2009.0312.2222.38381 - ATI) Hidden
CCC Help Swedish (Version: 2009.0312.2222.38381 - ATI) Hidden
CCC Help Thai (Version: 2009.0312.2222.38381 - ATI) Hidden
CCC Help Turkish (Version: 2009.0312.2222.38381 - ATI) Hidden
ccc-core-static (Version: 2009.0312.2223.38381 - Ihr Firmenname) Hidden
ccc-utility (Version: 2009.0312.2223.38381 - ATI) Hidden
DataSync Outlook (HKLM\...\InstallShield_{1C9171AC-5519-4DF4-B44D-B28F678DEB4C}) (Version: 7.00.2906 - O3SIS IT AG)
DataSync Outlook (Version: 7.00.2906 - O3SIS IT AG) Hidden
devolo dLAN Cockpit (HKLM\...\dlancockpit) (Version: 3.0.0.0 - devolo AG)
DHTML Editing Component (HKLM\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
dLAN Cockpit (HKLM\...\Cockpit.92121A72F826FA9D0BD3A830E7F04987B31AFB22.1) (Version: 3 (23.12.2010) - devolo AG)
dLAN Cockpit (Version: 3.23.12 - devolo AG) Hidden
Google Chrome (HKLM\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.)
Google Earth Plug-in (HKLM\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
High-Definition Video Playback (Version: 7.3.10900.8.0 - Nero AG) Hidden
HP Product Detection (HKLM\...\{4F38594F-2C4A-4C42-B2C4-505E225F6F80}) (Version: 11.14.0004 - HP)
HP Product Detection (HKLM\...\{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}) (Version: 10.7.9.0 - Hewlett-Packard Company)
HP Quick Launch Buttons (HKLM\...\{34D2AB40-150D-475D-AE32-BD23FB5EE355}) (Version: 6.50.14.1 - Hewlett-Packard Company)
iCloud (HKLM\...\{79BD66B2-4DAE-4C3B-B08E-DC72E507C163}) (Version: 2.1.3.25 - Apple Inc.)
IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.30 - Irfan Skiljan)
iTunes (HKLM\...\{2F21564D-DE05-4C6D-B21E-08B9D313FAB3}) (Version: 11.1.5.5 - Apple Inc.)
Java 7 Update 60 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217060FF}) (Version: 7.0.600 - Oracle)
Java Auto Updater (Version: 2.1.60.19 - Oracle, Inc.) Hidden
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (German) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (German) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUSR) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20125.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft_VC100_CRT_SP1_x86 (Version: 10.0.40219.1 - Nokia) Hidden
MSVC80_x86_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x86 (Version: 1.0.1.2 - Nokia) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero 10 Movie ThemePack Basic (Version: 10.6.10000.1.0 - Nero AG) Hidden
Nero Audio Pack 1 (Version: 2.0.13100.0.10 - Nero AG) Hidden
Nero Core Components 10 (Version: 2.0.20100.9.13 - Nero AG) Hidden
Nero Kwik Media (HKLM\...\{1F7D9F37-C39C-486C-BDF8-8F440FFB3352}) (Version: 1.6.16800.75.100 - Nero AG)
Nero Kwik Media (HKLM\...\{D9B5AE52-FEF9-4E5C-A63E-06A6638B2935}) (Version: 10.6.12300 - Nero AG)
Nero Update (Version: 11.0.10022.15.0 - Nero AG) Hidden
NeroKwikMedia Help (CHM) (Version: 10.6.10700 - Nero AG) Hidden
Nokia Connectivity Cable Driver (HKLM\...\{4AA68A73-DB9C-439D-9481-981C82BD008B}) (Version: 7.1.69.0 - Nokia)
Nokia Suite (Version: 3.3.89.0 - Nokia) Hidden
Norton Security Scan (HKLM\...\NSS) (Version: 4.1.0.28 - Symantec Corporation)
PC Connectivity Solution (HKLM\...\{A2AA4204-C05A-4013-888A-AD153139297F}) (Version: 11.5.29.0 - Nokia)
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.2.2 - Frank Heindörfer, Philip Chinery)
Polar Daemon (HKLM\...\{2BA9320D-E061-4C71-ACCB-AC0E9D4FC82B}) (Version: 2.2.20000 - Polar Electro Oy)
Polar WebSync (HKLM\...\{41D4A454-9DF4-4299-8C30-1BBA753E83E1}) (Version: 2.6.00001 - Polar Electro Oy)
QuickTime (HKLM\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
RealDownloader (Version: 17.0.9 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer Cloud (HKLM\...\RealPlayer 17.0) (Version: 17.0.9 - RealNetworks)
RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden
Safari (HKLM\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
ScanSnap (Version: 5.1.11.1 - PFU Limited) Hidden
ScanSnap Manager (HKLM\...\{DBCDB997-EEEB-4BE9-BAFF-26B4094DBDE6}) (Version: V5.1L11 - PFU)
ScanSnap Organizer (HKLM\...\{E58F3B88-3B3E-4F85-9323-04789D979C15}) (Version: V4.1L11 - PFU)
ScanSnap Organizer (Version: 4.1.11.18 - PFU LIMITED) Hidden
Skins (Version: 2009.0312.2223.38381 - ATI) Hidden
Skype Click to Call (HKLM\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.4.11328 - Skype Technologies S.A.)
Skype™ 6.1 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.1.129 - Skype Technologies S.A.)
Turbo Lister 2 (HKLM\...\{8927E07C-97F7-4A54-88FB-D976F50DD46E}) (Version: 2.00.0000 - eBay Inc.)
Update für Microsoft Outlook Social Connector (KB2289116) (HKLM\...\{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{10B1662A-566C-43C2-8469-5A470E0C7D7B}) (Version:  - Microsoft)
Update für Microsoft Outlook Social Connector (KB2289116) (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{75F91382-920C-4AE1-B9E6-FFFCEDA797E8}) (Version:  - Microsoft)
UpdateService (Version: 1.0.0 - RealNetworks, Inc.) Hidden
VLC media player 1.1.11 (HKLM\...\VLC media player) (Version: 1.1.11 - VideoLAN)
VMware View Client (HKLM\...\{A3ED7FC4-865D-403B-905C-C55EF79A4936}) (Version: 5.1.0.704644 - VMware, Inc.)
Windows Driver Package - Nokia pccsmcfd  (08/22/2008 7.0.0.0) (HKLM\...\504244733D18C8F63FF584AEB290E3904E791693) (Version: 08/22/2008 7.0.0.0 - Nokia)
WinRAR 4.01 (32-Bit) (HKLM\...\WinRAR archiver) (Version: 4.01.0 - win.rar GmbH)
WISO Steuer-Sparbuch 2012 (HKLM\...\{0CC1DAFB-40C8-4903-953D-471E541477C7}) (Version: 19.00.7303 - Buhl Data Service GmbH)
WISO Steuer-Sparbuch 2013 (HKLM\...\{D6CC2FAF-F827-4091-96A1-D32CC9B69C79}) (Version: 20.00.8137 - Buhl Data Service GmbH)
WISO Steuer-Sparbuch 2014 (HKLM\...\{5021FE2F-5F56-4B8B-9235-B5159FC34508}) (Version: 21.00.8480 - Buhl Data Service GmbH)
XING Connector 1.2 (HKLM\...\XING Connector) (Version: 1.2 - XING AG)

==================== Restore Points  =========================

22-06-2014 17:28:50 ComboFix created restore point

==================== Hosts content: ==========================

2009-07-14 04:04 - 2014-06-22 19:41 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {339EB264-FED1-4DA5-BEB6-F7273F3E09D9} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-1486621387-3127899674-3502170536-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2014-04-07] (RealNetworks, Inc.)
Task: {4F197CC5-1AA8-4B2A-9ED8-6A99FE915AF7} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1486621387-3127899674-3502170536-1000 => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe [2014-04-07] (RealNetworks, Inc.)
Task: {A6050E2A-8712-4721-9ED2-BFCCF04C9B38} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-1486621387-3127899674-3502170536-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2014-04-07] (RealNetworks, Inc.)
Task: {A8286858-4A95-4B21-8680-C5B928D43589} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-1486621387-3127899674-3502170536-1000 => C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe [2014-04-06] (RealNetworks, Inc.)
Task: {B3F6E18F-36FC-422D-B7EB-4C0C31F2A962} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1486621387-3127899674-3502170536-1000 => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe [2014-04-07] (RealNetworks, Inc.)
Task: {C5307688-D689-4564-8C15-3E8F5AFE96E8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-11-06] (Google Inc.)
Task: {E28B9C57-76B3-48BE-AD2B-2060696C2910} - System32\Tasks\Norton Security Scan for Joerg => C:\Program Files\Norton Security Scan\Engine\4.1.0.28\Nss.exe [2014-01-27] (Symantec Corporation)
Task: {E6F543FC-1DB1-474B-8B95-5C5B73673BFE} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1486621387-3127899674-3502170536-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2014-04-07] (RealNetworks, Inc.)
Task: {EDF06597-C596-4CDC-B806-94E74D261BBC} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1486621387-3127899674-3502170536-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2014-04-07] (RealNetworks, Inc.)
Task: {F4398352-ED10-4F5E-9685-A84B3BCE0C71} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-16] (Adobe Systems Incorporated)
Task: {F9DE8CF0-BBB7-4288-A013-1D634B991E2B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-11-06] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Norton Security Scan for Joerg.job => C:\PROGRA~1\NORTON~2\Engine\410~1.28\Nss.exe

==================== Loaded Modules (whitelisted) =============

2011-08-31 21:36 - 2001-10-28 17:42 - 00116224 _____ () C:\Windows\System32\pdfcmnnt.dll
2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 14:16 - 2014-01-20 14:16 - 01044808 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2012-08-17 14:43 - 2012-08-17 14:43 - 00413184 _____ () C:\Program Files\Polar\Daemon\polard.exe
2012-08-17 14:42 - 2012-08-17 14:42 - 03477504 _____ () C:\Program Files\Polar\Daemon\libpolar.dll
2014-04-06 23:00 - 2014-04-06 23:00 - 00039568 _____ () C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
2014-05-01 15:03 - 2014-05-01 15:03 - 00859224 _____ () c:\program files\real\realplayer\RPDS\Plugins\cldplin.dll
2014-04-07 03:06 - 2014-04-07 03:06 - 00023552 _____ () C:\Program Files\Real\UpdateService\RealPlayerUpdateSvc.exe
2010-01-30 02:41 - 2010-01-30 02:41 - 04254560 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-01-30 02:41 - 2010-01-30 02:41 - 04254560 _____ () C:\Program Files\Common Files\Microsoft Shared\office14\Cultures\office.odf
2013-09-14 01:51 - 2013-09-14 01:51 - 00087952 _____ () C:\Program Files\Common Files\Apple\Internet Services\zlib1.dll
2013-09-14 01:50 - 2013-09-14 01:50 - 01242952 _____ () C:\Program Files\Common Files\Apple\Internet Services\libxml2.dll
2012-05-13 12:15 - 2008-11-12 15:32 - 00014848 _____ () C:\Program Files\PFU\ScanSnap\CardMinder\CardPath.dll
2012-05-13 12:16 - 2008-09-10 13:04 - 00069632 _____ () C:\Program Files\PFU\ScanSnap\CardMinder\0407\CardConfig0407.dll
2012-05-13 12:09 - 2009-11-23 09:34 - 00344064 _____ () C:\Program Files\PFU\ScanSnap\Driver\PfuSsConfig.dll
2012-05-13 12:09 - 2009-10-15 09:02 - 00233472 _____ () C:\Program Files\PFU\ScanSnap\Driver\PfuSsExtention.dll
2012-05-13 12:09 - 2003-03-26 18:46 - 00135168 _____ () C:\Program Files\PFU\ScanSnap\Driver\PfuSsImgIO.dll
2012-05-13 12:09 - 2007-06-26 20:27 - 00167936 _____ () C:\Program Files\PFU\ScanSnap\Driver\SSsltsa.dll
2013-12-31 19:34 - 2014-02-11 13:07 - 01429808 _____ () C:\Program Files\WISO\Steuersoftware 2014\mshaktuell.exe
2013-12-31 19:30 - 2014-02-12 16:13 - 09658160 _____ () C:\Program Files\WISO\Steuersoftware 2014\wgui14.dll
2013-12-31 19:31 - 2014-02-11 20:14 - 00035120 _____ () C:\Program Files\WISO\Steuersoftware 2014\rsdcom48.dll
2013-12-31 19:31 - 2014-02-11 13:00 - 00309040 _____ () C:\Program Files\WISO\Steuersoftware 2014\rscorewinapi48.dll
2013-12-31 19:31 - 2014-02-11 13:07 - 00321840 _____ () C:\Program Files\WISO\Steuersoftware 2014\rsguiwinapi48.dll
2013-12-31 19:30 - 2014-02-11 13:07 - 03781936 _____ () C:\Program Files\WISO\Steuersoftware 2014\wcore14.dll
2013-12-31 19:31 - 2014-02-11 13:07 - 00136496 _____ () C:\Program Files\WISO\Steuersoftware 2014\rsodbc48.dll
2013-12-31 19:30 - 2014-02-11 20:14 - 02672432 _____ () C:\Program Files\WISO\Steuersoftware 2014\wfvie14.dll
2013-12-31 19:30 - 2014-02-11 13:07 - 01968944 _____ () C:\Program Files\WISO\Steuersoftware 2014\wsteu14.dll
2013-12-31 19:30 - 2014-02-11 13:07 - 01911088 _____ () C:\Program Files\WISO\Steuersoftware 2014\wreli14.dll
2013-12-31 19:30 - 2014-02-11 13:07 - 04279088 _____ () C:\Program Files\WISO\Steuersoftware 2014\wauff14.dll
2013-12-31 19:31 - 2014-02-11 12:53 - 01043456 _____ () C:\Program Files\WISO\Steuersoftware 2014\clucene-core.dll
2013-12-31 19:31 - 2014-02-11 12:53 - 00094720 _____ () C:\Program Files\WISO\Steuersoftware 2014\clucene-shared.dll
2013-12-31 19:31 - 2014-02-11 12:53 - 00250368 _____ () C:\Program Files\WISO\Steuersoftware 2014\clucene-contribs-lib.dll
2013-12-31 19:30 - 2014-02-11 13:07 - 01507120 _____ () C:\Program Files\WISO\Steuersoftware 2014\wmain14.dll
2013-12-31 19:30 - 2014-02-12 13:23 - 05095216 _____ () C:\Program Files\WISO\Steuersoftware 2014\wbae114.dll
2013-12-31 19:30 - 2014-02-11 13:07 - 01687344 _____ () C:\Program Files\WISO\Steuersoftware 2014\wbae214.dll
2013-12-31 19:30 - 2014-02-12 13:23 - 01796400 _____ () C:\Program Files\WISO\Steuersoftware 2014\wbae314.dll
2013-12-31 19:30 - 2014-02-11 13:07 - 01627952 _____ () C:\Program Files\WISO\Steuersoftware 2014\wbae414.dll
2013-12-31 19:30 - 2014-02-11 13:07 - 01115440 _____ () C:\Program Files\WISO\Steuersoftware 2014\whau114.dll
2013-12-31 19:30 - 2014-02-11 13:07 - 01318704 _____ () C:\Program Files\WISO\Steuersoftware 2014\whau214.dll
2013-12-31 19:31 - 2014-02-11 13:07 - 01245488 _____ () C:\Program Files\WISO\Steuersoftware 2014\wwerb14.dll
2013-12-31 19:30 - 2014-02-11 13:07 - 07324976 _____ () C:\Program Files\WISO\Steuersoftware 2014\wkont14.dll
2013-12-31 19:30 - 2014-02-11 13:07 - 01276720 _____ () C:\Program Files\WISO\Steuersoftware 2014\wimp14.dll
2013-12-31 19:30 - 2014-02-11 13:07 - 01330480 _____ () C:\Program Files\WISO\Steuersoftware 2014\wfabu14.dll
2012-11-14 10:03 - 2012-11-14 10:03 - 00014848 _____ () C:\Windows\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll
2014-05-01 15:03 - 2014-05-01 15:03 - 00572504 _____ () c:\program files\real\realplayer\RPDS\Lib\r1api.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (whitelisted) =============


==================== MSCONFIG/TASK MANAGER disabled items =========

MSCONFIG\startupfolder: C:^Users^Joerg^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^runctf.lnk => C:\Windows\pss\runctf.lnk.Startup
MSCONFIG\startupreg: ctfmon.exe => C:\PROGRA~2\rundll32.exe FG00
MSCONFIG\startupreg: QlbCtrl.exe => C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

==================== Faulty Device Manager Devices =============

Name: PCI Simple Communications Controller
Description: PCI Simple Communications Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Mass Storage Controller
Description: Mass Storage Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (06/23/2014 09:03:55 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (06/23/2014 09:03:55 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (06/23/2014 09:00:12 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.30729.4148"1".
Dependent Assembly Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.30729.4148" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (06/22/2014 07:39:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: catchme.3XE, version: 0.0.0.0, time stamp: 0x49d34e5b
Faulting module name: ntdll.dll, version: 6.1.7600.16915, time stamp: 0x4ec49caf
Exception code: 0xc0000005
Fault offset: 0x00055e40
Faulting process id: 0xa30
Faulting application start time: 0xcatchme.3XE0
Faulting application path: catchme.3XE1
Faulting module path: catchme.3XE2
Report Id: catchme.3XE3

Error: (06/22/2014 05:48:56 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (06/22/2014 05:48:55 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (06/22/2014 05:44:43 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.30729.4148"1".
Dependent Assembly Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.30729.4148" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (06/22/2014 05:17:33 PM) (Source: Microsoft Office 14) (EventID: 2001) (User: )
Description: Microsoft Outlook: Rejected Safe Mode action : Outlook konnte zuletzt nicht korrekt gestartet werden. Das Starten von Outlook im abgesicherten Modus hilft Ihnen, ein Startproblem zu korrigieren oder zu isolieren, sodass Sie das Programm erfolgreich starten können. Einige Funktionen können in diesem Modus deaktiviert sein.

Möchten Sie Outlook im abgesicherten Modus starten?.
Rejected Safe Mode action : Microsoft Outlook.

Error: (06/09/2014 06:59:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Reader.exe, version: 2.3.0.3130, time stamp: 0x532107b6
Faulting module name: Reader.exe, version: 2.3.0.3130, time stamp: 0x532107b6
Exception code: 0xc0000005
Fault offset: 0x0038dbd4
Faulting process id: 0x19d8
Faulting application start time: 0xReader.exe0
Faulting application path: Reader.exe1
Faulting module path: Reader.exe2
Report Id: Reader.exe3

Error: (06/09/2014 06:28:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Reader.exe, version: 2.3.0.3130, time stamp: 0x532107b6
Faulting module name: Reader.exe, version: 2.3.0.3130, time stamp: 0x532107b6
Exception code: 0xc0000005
Fault offset: 0x0038dbd4
Faulting process id: 0x1f58
Faulting application start time: 0xReader.exe0
Faulting application path: Reader.exe1
Faulting module path: Reader.exe2
Report Id: Reader.exe3


System errors:
=============
Error: (06/23/2014 03:56:41 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk6\DR30.

Error: (06/23/2014 03:56:40 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk6\DR30.

Error: (06/23/2014 03:56:40 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk6\DR30.

Error: (06/23/2014 03:56:39 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk6\DR30.

Error: (06/23/2014 07:56:18 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for DeleteFlag with the following error: 
%%5

Error: (06/22/2014 07:43:00 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 19:41:25 on ‎22.‎06.‎2014 was unexpected.

Error: (06/22/2014 07:35:56 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

Error: (06/22/2014 07:31:45 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk7\DR7.

Error: (06/22/2014 07:31:43 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk7\DR7.

Error: (06/22/2014 07:31:22 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.


Microsoft Office Sessions:
=========================
Error: (06/23/2014 09:03:55 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files\Bin64\Setup.exe

Error: (06/23/2014 09:03:55 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files\Bin64\InstallManagerApp.exe

Error: (06/23/2014 09:00:12 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.30729.4148"C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator64.exe

Error: (06/22/2014 07:39:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: catchme.3XE0.0.0.049d34e5bntdll.dll6.1.7600.169154ec49cafc000000500055e40a3001cf8e40e817c2f6C:\ComboFix\catchme.3XEC:\Windows\SYSTEM32\ntdll.dll26f9c0ba-fa34-11e3-a86f-001a6b179060

Error: (06/22/2014 05:48:56 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files\Bin64\Setup.exe

Error: (06/22/2014 05:48:55 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files\Bin64\InstallManagerApp.exe

Error: (06/22/2014 05:44:43 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.30729.4148"C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator64.exe

Error: (06/22/2014 05:17:33 PM) (Source: Microsoft Office 14) (EventID: 2001) (User: )
Description: Microsoft OutlookOutlook konnte zuletzt nicht korrekt gestartet werden. Das Starten von Outlook im abgesicherten Modus hilft Ihnen, ein Startproblem zu korrigieren oder zu isolieren, sodass Sie das Programm erfolgreich starten können. Einige Funktionen können in diesem Modus deaktiviert sein.

Möchten Sie Outlook im abgesicherten Modus starten?

Error: (06/09/2014 06:59:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Reader.exe2.3.0.3130532107b6Reader.exe2.3.0.3130532107b6c00000050038dbd419d801cf83fff7434890C:\Program Files\Sony\ReaderDesktop\Reader.exeC:\Program Files\Sony\ReaderDesktop\Reader.exe65966afe-eff7-11e3-b0eb-001a6b179060

Error: (06/09/2014 06:28:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Reader.exe2.3.0.3130532107b6Reader.exe2.3.0.3130532107b6c00000050038dbd41f5801cf83fe9e495d20C:\Program Files\Sony\ReaderDesktop\Reader.exeC:\Program Files\Sony\ReaderDesktop\Reader.exe0b2381cb-eff3-11e3-b0eb-001a6b179060


==================== Memory info =========================== 

Percentage of memory in use: 47%
Total physical RAM: 2047.43 MB
Available physical RAM: 1078.61 MB
Total Pagefile: 4094.86 MB
Available Pagefile: 2688.29 MB
Total Virtual: 2047.88 MB
Available Virtual: 1915.35 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:74.52 GB) (Free:10.23 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (KRD10) (CDROM) (Total:0.38 GB) (Free:0 GB) CDFS
Drive e: (USB DISK) (Removable) (Total:3.72 GB) (Free:0.09 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 75 GB) (Disk ID: BC4FB76E)
Partition 1: (Active) - (Size=75 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 4 GB) (Disk ID: C3072E18)
Partition 1: (Not Active) - (Size=4 GB) - (Type=0B)

==================== End Of Log ============================

langsam bekomme ich Übung ;-)

Viele Grüße und einen schönen Restabend

Joerg

deeprybka · 23.06.2014, 22:25

Hi,
so schnell sind wir auch noch nicht fertig. Es fehlt ja auch noch ein ganzes Service-Pack...

Schritt 1

Drücke bitte die

+ R Taste und schreibe notepad in das Ausführen Fenster.
Klicke auf OK und kopiere nun den Text aus der Codebox in das leere Textdokument:

Code:

ATTFilter

2014-06-22 12:19 - 2014-06-22 12:20 - 00000568 _____ () C:\ProgramData\RUNDLL32.EXE-2932-F.txt
2014-06-20 17:01 - 2014-06-20 17:02 - 00000499 _____ () C:\ProgramData\RUNDLL32.EXE-2868-F.txt
2014-06-19 15:24 - 2014-06-19 15:26 - 00001250 _____ () C:\ProgramData\RUNDLL32.EXE-2940-F.txt
2014-06-16 21:13 - 2014-06-16 21:13 - 00000115 _____ () C:\ProgramData\RUNDLL32.EXE-2444-F.txt
2014-06-16 09:16 - 2014-06-16 09:16 - 00000059 _____ () C:\ProgramData\RUNDLL32.EXE-2884-F.txt
2014-06-16 09:13 - 2014-06-16 09:14 - 00000814 _____ () C:\ProgramData\RUNDLL32.EXE-3684-F.txt
2014-06-16 08:18 - 2014-06-22 19:09 - 00000000 ____D () C:\ProgramData\04487DD24E0D21E58B91C85E7CE1B107
C:\ProgramData\02qrlcw.ctrl
C:\ProgramData\02qrlcw.pff
C:\ProgramData\bnrjrtjbn.ctrl
C:\ProgramData\bnrjrtjbn.pff
REG: reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellServiceObjects\{F56F6FDD-AA9D-4618-A949-C1B91AF43B1A}"
REG: reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellServiceObjects\{F56F6FDD-AA9D-4618-A949-C1B91AF43B1A}" /v AutoStart
Winsock: Catalog5 01 %SystemRoot%\System32\mswsock.dll [232448] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Reboot:

Speichere dieses bitte als Fixlist.txt in das Verzeichnis ab, in dem sich auch die FRST-Anwendung befindet.

Starte FRST und drücke auf den Fix-Button.
Das Tool erstellt eine "Fixlog.txt" -Datei.
Poste mir bitte deren Inhalt.

Schritt 2

Starte die FSS.exe erneut.
Gehe sicher, dass folgende Optionen angehakt sind.
Internet Services
Windows Firewall
System Restore
Security Center/Action Center
Windows Update
Windows Defender
Other Services
Klicke auf Scan.

Wenn das Tool fertig ist, wird es eine FSS.txt in dem Verzeichnis erstellen, wo das Tool gelaufen ist.

Poste bitte den Inhalt hier.

Schritt 3

Bitte starte FRST erneut und drücke auf Scan.
Bitte poste mir das Log.

winlocked · 24.06.2014, 10:18

Hallo Jürgen,

bitte nicht wundern, bin zwei Tage dienstlich unterwegs und komme erst am Donnerstag wieder dazu die nächsten Schritte durchzuführen. Beim Runterfahren hat der Rechner gestern noch ein MS-update gefahren - sah nach Service-Pack aus. Vielleicht wäre der Punkt dann schon erledigt. ;-)

Beste Grüße, bis Donnerstag

Jörg

23.06.2014, 16:53	#12
deeprybka /// TB-Ausbilder /// Anleitungs-Guru	Trojaner: Trojan-Ransom.Win32.Foreign blockiert Rechner Hi, eines nach dem anderen OK? Ich sag Dir schon wenn wir fertig sind. Bitte noch das Addition.txt Log posten... __________________ Gruß deeprybka Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer

Trojaner: Trojan-Ransom.Win32.Foreign blockiert Rechner

Plagegeister aller Art und deren Bekämpfung: Trojaner: Trojan-Ransom.Win32.Foreign blockiert Rechner