Windows 7 - Internet leitet zu Viren-Page um

Music.Junky · 20.08.2014, 14:28

Hallo Zusammen,

seit gestern Abend bemerke ich, dass ich beim Surven auf einer bestimmten Seite im Internet immer wieder zu einer anderen umgeleitet werde.
Umleitung erfolgt hierhin:

Code:

ATTFilter

hxxp://www.player.com.lkcfs.com/FPlayer/DE/auload.html?installer=Flash_Player_13_for_Other_Browsers&browser_type=KHTML&dualoffer=false

Glücklicherweise erkennt mein Virenprogramm die Seite sofort. Als Bedrohung wird "Exploit: Fake Flash Player (type 1734)" angezeigt.
Beim weitere Surfen (gleiche Domain) wurde ich jedoch immer wieder zu dieser Seite umgeleitet.. Habe diese Seite schon öfter besucht und das ist bisher noch nie vorgekommen.. Da stimmt doch was nicht?
Habe nun die Anleitung zum Einstieg gemacht und im abgesicherten Modus nochmal AVG laufen lassen. Anbei die Logs

defogger_disable.txt:

Code:

ATTFilter

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 11:13 on 20/08/2014 (UliMx921)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-

FRST.txt:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-08-2014 01
Ran by UliMx921 (administrator) on ULIMX921-HP on 20-08-2014 11:15:36
Running from C:\Users\UliMx921\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ 
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ 
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(EasyBits Software AS) C:\Windows\SysWOW64\ezSharedSvcHost.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(AVG) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
() C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(AMD) C:\Windows\System32\atieclxx.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(AVG) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesApp64.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
() C:\Windows\vsnpstd3.exe
(Badoo) C:\ProgramData\Badoo\Badoo Desktop\1.6.58.1220\Badoo.Desktop.exe
(Spotify Ltd) C:\Users\UliMx921\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
() C:\Program Files (x86)\NETGEAR\WNA1100\WNA1100.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\ielowutil.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee Security Scan\3.0.285\SSScheduler.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM\...\Run: [snpstd3] => C:\Windows\vsnpstd3.exe [827392 2006-09-19] ()
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-06-01] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [658424 2011-05-06] (PDF Complete Inc)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5187088 2014-08-11] (AVG Technologies CZ, s.r.o.)
HKLM\...\RunOnce: [NCPluginUpdater] => c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\NCPluginUpdater.exe [21720 2014-08-05] (Hewlett-Packard)
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKU\.DEFAULT\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect"
HKU\S-1-5-21-351139012-3454371372-141882758-1000\...\Run: [Badoo Desktop] => C:\ProgramData\Badoo\Badoo Desktop\1.6.58.1220\Badoo.Desktop.exe [1067232 2012-12-24] (Badoo)
HKU\S-1-5-21-351139012-3454371372-141882758-1000\...\Run: [Spotify Web Helper] => C:\Users\UliMx921\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1104280 2013-03-29] (Spotify Ltd)
HKU\S-1-5-21-351139012-3454371372-141882758-1000\...\Run: [Google Update] => C:\Users\UliMx921\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-12-16] (Google Inc.)
HKU\S-1-5-21-351139012-3454371372-141882758-1000\...\MountPoints2: {4787c2e1-7502-11e2-ac6f-806e6f6e6963} - E:\Autorun.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files (x86)\McAfee Security Scan\3.0.285\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WNA1100 Setup-Assistent.lnk
ShortcutTarget: NETGEAR WNA1100 Setup-Assistent.lnk -> C:\Program Files (x86)\NETGEAR\WNA1100\WNA1100.exe ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://badoo.com/startpage/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPDSK/4
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPDSK/4
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://websearch.just-browse.info/
URLSearchHook: HKLM-x32 - DVDvideoSoft 2.0 Toolbar - {04a8dd1a-4754-48fe-a703-99846646ef04} - C:\Program Files (x86)\DVDvideoSoft_2.0\prxtbDVDv.dll (Conduit Ltd.)
URLSearchHook: HKCU - DVDvideoSoft 2.0 Toolbar - {04a8dd1a-4754-48fe-a703-99846646ef04} - C:\Program Files (x86)\DVDvideoSoft_2.0\prxtbDVDv.dll (Conduit Ltd.)
SearchScopes: HKLM - {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
SearchScopes: HKLM - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKLM - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-111076-19270-2/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKLM - {ED6242A3-5D15-4557-BD56-B1C486765F61} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 - {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
SearchScopes: HKLM-x32 - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKLM-x32 - {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = hxxp://websearch.just-browse.info/?l=1&q={searchTerms}
SearchScopes: HKLM-x32 - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-111076-19270-2/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKLM-x32 - {ED6242A3-5D15-4557-BD56-B1C486765F61} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKCU - DefaultScope {8A244612-A1F7-11E0-95C0-E71F4824019B} URL = hxxp://badoo.com/startpage/?source=bsb&q={searchTerms}
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = 
SearchScopes: HKCU - {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
SearchScopes: HKCU - {8A244612-A1F7-11E0-95C0-E71F4824019B} URL = hxxp://badoo.com/startpage/?source=bsb&q={searchTerms}
SearchScopes: HKCU - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKCU - {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = hxxp://websearch.just-browse.info/?l=1&q={searchTerms}
SearchScopes: HKCU - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-111076-19270-2/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKCU - {ED6242A3-5D15-4557-BD56-B1C486765F61} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: DVDvideoSoft 2.0 Toolbar -> {04a8dd1a-4754-48fe-a703-99846646ef04} -> C:\Program Files (x86)\DVDvideoSoft_2.0\prxtbDVDv.dll (Conduit Ltd.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM-x32 - DVDvideoSoft 2.0 Toolbar - {04a8dd1a-4754-48fe-a703-99846646ef04} - C:\Program Files (x86)\DVDvideoSoft_2.0\prxtbDVDv.dll (Conduit Ltd.)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\UliMx921\AppData\Roaming\Mozilla\Firefox\Profiles\wbnsoi44.default
FF Homepage: hxxp://www.ebay.de/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_179.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_179.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\UliMx921\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\UliMx921\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF user.js: detected! => C:\Users\UliMx921\AppData\Roaming\Mozilla\Firefox\Profiles\wbnsoi44.default\user.js
FF SearchPlugin: C:\Users\UliMx921\AppData\Roaming\Mozilla\Firefox\Profiles\wbnsoi44.default\searchplugins\badoo.xml
FF SearchPlugin: C:\Users\UliMx921\AppData\Roaming\Mozilla\Firefox\Profiles\wbnsoi44.default\searchplugins\zonealarm.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: DownloadHelper - C:\Users\UliMx921\AppData\Roaming\Mozilla\Firefox\Profiles\wbnsoi44.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-08-15]

Chrome: 
=======
CHR HomePage: hxxp://google.de/
CHR StartupUrls: "hxxp://google.de/"
CHR Plugin: (Shockwave Flash) - C:\Users\UliMx921\AppData\Local\Google\Chrome\Application\36.0.1985.143\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\UliMx921\AppData\Local\Google\Chrome\Application\36.0.1985.143\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\UliMx921\AppData\Local\Google\Chrome\Application\36.0.1985.143\pdf.dll ()
CHR Plugin: (Norton Confidential) - C:\Users\UliMx921\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\6.0.2_0\npcoplgn.dll No File
CHR Plugin: (Windows Live? Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Users\UliMx921\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll No File
CHR Extension: (Google Drive) - C:\Users\UliMx921\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2012-12-16]
CHR Extension: (YouTube) - C:\Users\UliMx921\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-12-16]
CHR Extension: (Google-Suche) - C:\Users\UliMx921\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-12-16]
CHR Extension: (Google Wallet) - C:\Users\UliMx921\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-08]
CHR Extension: (Google Mail) - C:\Users\UliMx921\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-12-16]
CHR Extension: (Extutil) - C:\Users\UliMx921\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B [2014-02-08]
CHR Extension: (Managera) - C:\Users\UliMx921\AppData\Local\Temp\38fdaae5-8e0e-493c-88ec-e05c3be06e42 [2014-02-08]
CHR HKCU\...\Chrome\Extension: [oolkekjjhnaeaahibbnfebmogackofpf] - C:\Users\UliMx921\AppData\Local\CRE\oolkekjjhnaeaahibbnfebmogackofpf.crx [2013-03-27]
CHR HKLM-x32\...\Chrome\Extension: [blaofbhgbmeikidhlkmjhbkbfohpgekf] - C:\Program Files (x86)\Movie2KDownloader.com\Movie2KDownloader10.crx [2013-03-27]
CHR HKLM-x32\...\Chrome\Extension: [oolkekjjhnaeaahibbnfebmogackofpf] - C:\Users\UliMx921\AppData\Local\CRE\oolkekjjhnaeaahibbnfebmogackofpf.crx [2013-03-27]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3244048 2014-08-11] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [289328 2014-08-11] (AVG Technologies CZ, s.r.o.)
R2 ezSharedSvc; C:\Windows\SysWOW64\ezSharedSvcHost.exe [514232 2010-04-23] (EasyBits Software AS) [File not signed]
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.0.285\McCHSvc.exe [234776 2012-09-05] (McAfee, Inc.)
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1128952 2011-05-06] (PDF Complete Inc)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [2185528 2014-04-15] (AVG)
R2 WSWNA1100; C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvc.exe [266240 2010-08-04] () [File not signed]
S2 CltMngSvc; C:\PROGRA~2\SearchProtect\Main\bin\CltMngSvc.exe [X]
S2 ZAPrivacyService; "C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [152344 2014-06-30] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [242968 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [190744 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [235800 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [328984 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123672 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [269080 2014-06-17] (AVG Technologies CZ, s.r.o.)
S3 Netaapl; C:\Windows\System32\DRIVERS\netaapl64.sys [22528 2012-03-26] (Apple Inc.) [File not signed]
S3 SNPSTD3; C:\Windows\System32\DRIVERS\snpstd3.sys [10550272 2007-03-27] (Sonix Co. Ltd.)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [14112 2014-03-26] (TuneUp Software)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [53760 2012-09-28] (Apple, Inc.) [File not signed]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-20 11:15 - 2014-08-20 11:16 - 00020386 _____ () C:\Users\UliMx921\Desktop\FRST.txt
2014-08-20 11:15 - 2014-08-20 11:15 - 00000000 ____D () C:\FRST
2014-08-20 11:14 - 2014-08-20 11:14 - 02101760 _____ (Farbar) C:\Users\UliMx921\Desktop\FRST64.exe
2014-08-20 11:13 - 2014-08-20 11:13 - 00000478 _____ () C:\Users\UliMx921\Desktop\defogger_disable.log
2014-08-20 11:13 - 2014-08-20 11:13 - 00000000 _____ () C:\Users\UliMx921\defogger_reenable
2014-08-20 11:09 - 2014-08-20 11:09 - 00017960 _____ () C:\Users\UliMx921\Documents\Mappe1 (Automatisch gespeichert).xlsx
2014-08-20 11:06 - 2014-08-20 11:06 - 00050477 _____ () C:\Users\UliMx921\Desktop\Defogger.exe
2014-08-20 10:30 - 2014-08-20 10:30 - 00055437 _____ () C:\Users\UliMx921\Downloads\Bahia Bathroom Darkwood -  mirror.zip
2014-08-20 10:30 - 2014-08-20 10:30 - 00022762 _____ () C:\Users\UliMx921\Downloads\Bahia Bathroom Darkwood -  sink.zip
2014-08-20 10:30 - 2014-08-20 10:30 - 00008500 _____ () C:\Users\UliMx921\Downloads\Bahia Bathroom Darkwood -  table low.zip
2014-08-20 10:30 - 2014-08-20 10:30 - 00008494 _____ () C:\Users\UliMx921\Downloads\Bahia Bathroom Darkwood -  table high.zip
2014-08-20 10:29 - 2014-08-20 10:30 - 00101683 _____ () C:\Users\UliMx921\Downloads\Bahia Bathroom Darkwood - bathtub.zip
2014-08-20 10:29 - 2014-08-20 10:29 - 00030832 _____ () C:\Users\UliMx921\Downloads\Bahia Bathroom Darkwood - rug.zip
2014-08-20 10:29 - 2014-08-20 10:29 - 00017674 _____ () C:\Users\UliMx921\Downloads\Bahia Bathroom Darkwood - box.zip
2014-08-20 10:16 - 2014-08-20 10:16 - 18594480 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-08-20 09:51 - 2014-08-20 11:16 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-20 09:51 - 2014-08-20 10:17 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-08-20 09:51 - 2014-08-20 09:51 - 00002168 _____ () C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2014-08-20 09:51 - 2014-08-20 09:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2014-08-20 09:51 - 2014-08-20 09:51 - 00000000 ____D () C:\ProgramData\McAfee Security Scan
2014-08-20 09:51 - 2014-08-20 09:51 - 00000000 ____D () C:\ProgramData\McAfee
2014-08-20 09:51 - 2014-08-20 09:51 - 00000000 ____D () C:\Program Files (x86)\McAfee Security Scan
2014-08-20 09:36 - 2014-08-20 09:36 - 00000000 ____D () C:\Users\UliMx921\Downloads\padre
2014-08-19 21:19 - 2014-08-19 21:22 - 00000000 ____D () C:\Users\UliMx921\Downloads\ShinoKCR
2014-08-19 21:16 - 2014-08-19 21:16 - 00000000 ____D () C:\Users\UliMx921\Downloads\marilu
2014-08-19 21:02 - 2014-08-20 10:25 - 00000000 ____D () C:\Users\UliMx921\Downloads\~Monica~
2014-08-19 20:49 - 2014-08-19 20:50 - 00000000 ____D () C:\Users\UliMx921\Downloads\mirake
2014-08-19 20:32 - 2014-08-20 10:24 - 00000000 ____D () C:\Users\UliMx921\Downloads\steffor
2014-08-19 18:38 - 2014-08-19 19:45 - 00000000 ____D () C:\Users\UliMx921\Downloads\thesimsresource.com
2014-08-19 14:22 - 2014-08-19 14:22 - 00000000 ____D () C:\Users\UliMx921\Downloads\thevintagesim.blogspot.de
2014-08-19 14:04 - 2014-08-19 14:23 - 00000000 ____D () C:\Users\UliMx921\Downloads\beosboxboy.blogspot.de
2014-08-19 13:44 - 2014-08-19 13:45 - 00000000 ____D () C:\Users\UliMx921\Downloads\kunoichikatie.dreamwidth.org..21689.html
2014-08-19 13:40 - 2014-08-19 13:40 - 00000000 ____D () C:\Users\UliMx921\Downloads\kativip.ucoz.ru
2014-08-19 13:28 - 2014-08-19 13:29 - 00000000 ____D () C:\Users\UliMx921\Downloads\verounique.livejournal.com..18267.html
2014-08-18 11:21 - 2014-08-18 11:21 - 00000000 ____D () C:\Users\UliMx921\Downloads\www.simplystyling.de
2014-08-16 14:32 - 2014-08-16 14:33 - 00000000 ____D () C:\Users\UliMx921\Downloads\All4sims.de
2014-08-16 14:30 - 2014-08-16 14:30 - 01909992 _____ () C:\Users\UliMx921\Downloads\Buggybooz_KIA.rar
2014-08-15 03:03 - 2014-07-01 00:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-15 03:03 - 2014-07-01 00:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-08-15 03:03 - 2014-06-06 08:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-15 03:03 - 2014-06-06 08:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-15 03:03 - 2014-03-09 23:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-15 03:03 - 2014-03-09 23:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-15 03:03 - 2014-03-09 23:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-08-15 03:03 - 2014-03-09 23:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-08-14 19:35 - 2014-07-24 21:28 - 17861120 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-14 19:35 - 2014-07-24 21:12 - 02339328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-14 19:35 - 2014-07-24 21:10 - 10920960 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-14 19:35 - 2014-07-24 21:07 - 01384960 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-14 19:35 - 2014-07-24 21:06 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-14 19:35 - 2014-07-24 21:05 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-14 19:35 - 2014-07-24 21:05 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-08-14 19:35 - 2014-07-24 21:05 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-14 19:35 - 2014-07-24 21:04 - 02155520 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-14 19:35 - 2014-07-24 21:04 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-08-14 19:35 - 2014-07-24 21:04 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-14 19:35 - 2014-07-24 21:04 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-14 19:35 - 2014-07-24 21:04 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-14 19:35 - 2014-07-24 21:04 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-14 19:35 - 2014-07-24 21:03 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-14 19:35 - 2014-07-24 21:03 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-14 19:35 - 2014-07-24 21:03 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-14 19:35 - 2014-07-24 21:03 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-08-14 19:35 - 2014-07-24 21:03 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-08-14 19:35 - 2014-07-24 21:03 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-08-14 19:35 - 2014-07-24 21:02 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-14 19:35 - 2014-07-24 20:07 - 12356608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-14 19:35 - 2014-07-24 19:58 - 01810432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-14 19:35 - 2014-07-24 19:57 - 09739264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-14 19:35 - 2014-07-24 19:52 - 01137664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-14 19:35 - 2014-07-24 19:51 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-14 19:35 - 2014-07-24 19:51 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-14 19:35 - 2014-07-24 19:50 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-08-14 19:35 - 2014-07-24 19:50 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-14 19:35 - 2014-07-24 19:49 - 01802240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-14 19:35 - 2014-07-24 19:49 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-08-14 19:35 - 2014-07-24 19:49 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-14 19:35 - 2014-07-24 19:49 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-14 19:35 - 2014-07-24 19:49 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-14 19:35 - 2014-07-24 19:48 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-14 19:35 - 2014-07-24 19:48 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-14 19:35 - 2014-07-24 19:48 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-14 19:35 - 2014-07-24 19:48 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-14 19:35 - 2014-07-24 19:48 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-08-14 19:35 - 2014-07-24 19:48 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-08-14 19:35 - 2014-07-24 19:48 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-08-14 19:35 - 2014-07-24 19:47 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-14 19:35 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-08-14 19:35 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-08-14 19:35 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-08-14 19:35 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-08-14 19:35 - 2014-07-09 04:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-08-14 19:35 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2014-08-14 19:35 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2014-08-14 19:35 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2014-08-14 19:35 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2014-08-14 19:35 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2014-08-14 19:35 - 2014-07-09 00:38 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-08-14 19:35 - 2014-07-09 00:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
2014-08-14 19:34 - 2014-08-07 04:06 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-14 19:34 - 2014-08-07 04:01 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-14 19:34 - 2014-07-16 05:25 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-14 19:34 - 2014-07-16 05:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-14 19:34 - 2014-07-16 04:46 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-14 19:34 - 2014-07-16 04:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-08-14 19:34 - 2014-07-16 04:12 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-14 19:34 - 2014-07-14 04:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-14 19:34 - 2014-07-14 03:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-08-14 19:34 - 2014-06-25 04:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-08-14 19:34 - 2014-06-25 03:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-08-14 19:34 - 2014-06-16 04:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-14 19:34 - 2014-06-03 12:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-14 19:34 - 2014-06-03 12:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-14 19:34 - 2014-06-03 12:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-14 19:34 - 2014-06-03 12:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-14 19:34 - 2014-06-03 11:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-14 19:34 - 2014-06-03 11:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-14 19:34 - 2014-06-03 11:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-07-25 17:58 - 2014-07-25 17:58 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-20 11:16 - 2014-08-20 11:15 - 00020386 _____ () C:\Users\UliMx921\Desktop\FRST.txt
2014-08-20 11:16 - 2014-08-20 09:51 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-20 11:15 - 2014-08-20 11:15 - 00000000 ____D () C:\FRST
2014-08-20 11:14 - 2014-08-20 11:14 - 02101760 _____ (Farbar) C:\Users\UliMx921\Desktop\FRST64.exe
2014-08-20 11:13 - 2014-08-20 11:13 - 00000478 _____ () C:\Users\UliMx921\Desktop\defogger_disable.log
2014-08-20 11:13 - 2014-08-20 11:13 - 00000000 _____ () C:\Users\UliMx921\defogger_reenable
2014-08-20 11:13 - 2012-12-16 00:55 - 00000000 ____D () C:\Users\UliMx921
2014-08-20 11:12 - 2012-12-16 00:54 - 01273742 _____ () C:\Windows\WindowsUpdate.log
2014-08-20 11:10 - 2014-03-07 21:33 - 00000000 ____D () C:\Users\UliMx921\AppData\Roaming\SoftGrid Client
2014-08-20 11:09 - 2014-08-20 11:09 - 00017960 _____ () C:\Users\UliMx921\Documents\Mappe1 (Automatisch gespeichert).xlsx
2014-08-20 11:06 - 2014-08-20 11:06 - 00050477 _____ () C:\Users\UliMx921\Desktop\Defogger.exe
2014-08-20 10:41 - 2009-07-14 06:45 - 00024400 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-20 10:41 - 2009-07-14 06:45 - 00024400 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-20 10:30 - 2014-08-20 10:30 - 00055437 _____ () C:\Users\UliMx921\Downloads\Bahia Bathroom Darkwood -  mirror.zip
2014-08-20 10:30 - 2014-08-20 10:30 - 00022762 _____ () C:\Users\UliMx921\Downloads\Bahia Bathroom Darkwood -  sink.zip
2014-08-20 10:30 - 2014-08-20 10:30 - 00008500 _____ () C:\Users\UliMx921\Downloads\Bahia Bathroom Darkwood -  table low.zip
2014-08-20 10:30 - 2014-08-20 10:30 - 00008494 _____ () C:\Users\UliMx921\Downloads\Bahia Bathroom Darkwood -  table high.zip
2014-08-20 10:30 - 2014-08-20 10:29 - 00101683 _____ () C:\Users\UliMx921\Downloads\Bahia Bathroom Darkwood - bathtub.zip
2014-08-20 10:29 - 2014-08-20 10:29 - 00030832 _____ () C:\Users\UliMx921\Downloads\Bahia Bathroom Darkwood - rug.zip
2014-08-20 10:29 - 2014-08-20 10:29 - 00017674 _____ () C:\Users\UliMx921\Downloads\Bahia Bathroom Darkwood - box.zip
2014-08-20 10:25 - 2014-08-19 21:02 - 00000000 ____D () C:\Users\UliMx921\Downloads\~Monica~
2014-08-20 10:24 - 2014-08-19 20:32 - 00000000 ____D () C:\Users\UliMx921\Downloads\steffor
2014-08-20 10:24 - 2012-12-16 01:52 - 00001132 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-351139012-3454371372-141882758-1000UA.job
2014-08-20 10:23 - 2013-03-07 21:19 - 00000000 ____D () C:\ProgramData\MFAData
2014-08-20 10:17 - 2014-08-20 09:51 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-08-20 10:17 - 2014-05-06 13:06 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-08-20 10:17 - 2012-02-16 11:05 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-08-20 10:16 - 2014-08-20 10:16 - 18594480 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-08-20 09:51 - 2014-08-20 09:51 - 00002168 _____ () C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2014-08-20 09:51 - 2014-08-20 09:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2014-08-20 09:51 - 2014-08-20 09:51 - 00000000 ____D () C:\ProgramData\McAfee Security Scan
2014-08-20 09:51 - 2014-08-20 09:51 - 00000000 ____D () C:\ProgramData\McAfee
2014-08-20 09:51 - 2014-08-20 09:51 - 00000000 ____D () C:\Program Files (x86)\McAfee Security Scan
2014-08-20 09:36 - 2014-08-20 09:36 - 00000000 ____D () C:\Users\UliMx921\Downloads\padre
2014-08-20 09:30 - 2012-12-16 01:52 - 00001080 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-351139012-3454371372-141882758-1000Core.job
2014-08-20 09:29 - 2012-02-16 11:09 - 00000000 ____D () C:\ProgramData\PDFC
2014-08-19 21:22 - 2014-08-19 21:19 - 00000000 ____D () C:\Users\UliMx921\Downloads\ShinoKCR
2014-08-19 21:16 - 2014-08-19 21:16 - 00000000 ____D () C:\Users\UliMx921\Downloads\marilu
2014-08-19 20:50 - 2014-08-19 20:49 - 00000000 ____D () C:\Users\UliMx921\Downloads\mirake
2014-08-19 19:45 - 2014-08-19 18:38 - 00000000 ____D () C:\Users\UliMx921\Downloads\thesimsresource.com
2014-08-19 14:23 - 2014-08-19 14:04 - 00000000 ____D () C:\Users\UliMx921\Downloads\beosboxboy.blogspot.de
2014-08-19 14:22 - 2014-08-19 14:22 - 00000000 ____D () C:\Users\UliMx921\Downloads\thevintagesim.blogspot.de
2014-08-19 13:45 - 2014-08-19 13:44 - 00000000 ____D () C:\Users\UliMx921\Downloads\kunoichikatie.dreamwidth.org..21689.html
2014-08-19 13:40 - 2014-08-19 13:40 - 00000000 ____D () C:\Users\UliMx921\Downloads\kativip.ucoz.ru
2014-08-19 13:29 - 2014-08-19 13:28 - 00000000 ____D () C:\Users\UliMx921\Downloads\verounique.livejournal.com..18267.html
2014-08-19 13:19 - 2012-12-16 01:01 - 00003954 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{B4831B8C-91D3-432E-AFEF-559F989D3C7C}
2014-08-18 23:04 - 2013-01-21 21:20 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-08-18 23:04 - 2012-12-17 21:59 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-08-18 11:21 - 2014-08-18 11:21 - 00000000 ____D () C:\Users\UliMx921\Downloads\www.simplystyling.de
2014-08-16 20:43 - 2014-02-08 13:21 - 00003204 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForUliMx921
2014-08-16 20:43 - 2014-02-08 13:21 - 00000344 _____ () C:\Windows\Tasks\HPCeeScheduleForUliMx921.job
2014-08-16 14:33 - 2014-08-16 14:32 - 00000000 ____D () C:\Users\UliMx921\Downloads\All4sims.de
2014-08-16 14:30 - 2014-08-16 14:30 - 01909992 _____ () C:\Users\UliMx921\Downloads\Buggybooz_KIA.rar
2014-08-15 17:09 - 2012-12-16 01:52 - 00002335 _____ () C:\Users\UliMx921\Desktop\Google Chrome.lnk
2014-08-15 03:35 - 2014-05-06 13:01 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-08-15 03:35 - 2013-04-11 03:19 - 00296584 _____ () C:\Windows\PFRO.log
2014-08-15 03:35 - 2013-04-11 03:19 - 00275856 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-15 03:35 - 2013-04-08 22:09 - 00020070 _____ () C:\Windows\setupact.log
2014-08-15 03:35 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-15 03:02 - 2014-05-07 03:01 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-08-14 19:35 - 2014-03-31 19:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-08-14 19:35 - 2014-03-16 15:58 - 00000983 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-08-12 23:32 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-08-07 04:06 - 2014-08-14 19:34 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-07 04:01 - 2014-08-14 19:34 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-04 22:49 - 2013-01-10 13:19 - 00000000 ____D () C:\Users\UliMx921\AppData\Local\CrashDumps
2014-08-04 22:16 - 2012-12-17 14:37 - 00000000 ____D () C:\Users\UliMx921\AppData\Roaming\vlc
2014-07-30 18:04 - 2014-05-06 13:33 - 00000000 ____D () C:\Users\UliMx921\dwhelper
2014-07-30 18:02 - 2014-05-06 13:33 - 00000000 ____D () C:\Users\UliMx921\Downloads\Germany's Next Topmodel
2014-07-30 17:29 - 2013-12-27 19:58 - 00000000 ____D () C:\Users\UliMx921\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-07-27 14:37 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-07-27 12:25 - 2013-03-14 04:01 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-07-27 12:25 - 2013-03-14 04:01 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-07-27 12:23 - 2012-12-17 20:06 - 00000000 ____D () C:\Users\UliMx921\AppData\Roaming\uTorrent
2014-07-26 03:02 - 2013-03-14 04:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-07-25 17:58 - 2014-07-25 17:58 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-24 21:28 - 2014-08-14 19:35 - 17861120 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-24 21:12 - 2014-08-14 19:35 - 02339328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-24 21:10 - 2014-08-14 19:35 - 10920960 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-24 21:07 - 2014-08-14 19:35 - 01384960 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-24 21:06 - 2014-08-14 19:35 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-24 21:05 - 2014-08-14 19:35 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-24 21:05 - 2014-08-14 19:35 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-07-24 21:05 - 2014-08-14 19:35 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-24 21:04 - 2014-08-14 19:35 - 02155520 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-24 21:04 - 2014-08-14 19:35 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-07-24 21:04 - 2014-08-14 19:35 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-24 21:04 - 2014-08-14 19:35 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-24 21:04 - 2014-08-14 19:35 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-24 21:04 - 2014-08-14 19:35 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-24 21:03 - 2014-08-14 19:35 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-24 21:03 - 2014-08-14 19:35 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-24 21:03 - 2014-08-14 19:35 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-24 21:03 - 2014-08-14 19:35 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-07-24 21:03 - 2014-08-14 19:35 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-07-24 21:03 - 2014-08-14 19:35 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-07-24 21:02 - 2014-08-14 19:35 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-24 20:07 - 2014-08-14 19:35 - 12356608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-24 19:58 - 2014-08-14 19:35 - 01810432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-24 19:57 - 2014-08-14 19:35 - 09739264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-24 19:52 - 2014-08-14 19:35 - 01137664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-24 19:51 - 2014-08-14 19:35 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-24 19:51 - 2014-08-14 19:35 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-24 19:50 - 2014-08-14 19:35 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-07-24 19:50 - 2014-08-14 19:35 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-24 19:49 - 2014-08-14 19:35 - 01802240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-24 19:49 - 2014-08-14 19:35 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-07-24 19:49 - 2014-08-14 19:35 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-24 19:49 - 2014-08-14 19:35 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-07-24 19:49 - 2014-08-14 19:35 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-07-24 19:48 - 2014-08-14 19:35 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-24 19:48 - 2014-08-14 19:35 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-24 19:48 - 2014-08-14 19:35 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-24 19:48 - 2014-08-14 19:35 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-24 19:48 - 2014-08-14 19:35 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-07-24 19:48 - 2014-08-14 19:35 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-07-24 19:48 - 2014-08-14 19:35 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-07-24 19:47 - 2014-08-14 19:35 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

Some content of TEMP:
====================
C:\Users\UliMx921\AppData\Local\Temp\AutoRun.exe
C:\Users\UliMx921\AppData\Local\Temp\AutoRunGUI.dll
C:\Users\UliMx921\AppData\Local\Temp\drm_dialogs.dll
C:\Users\UliMx921\AppData\Local\Temp\drm_dyndata_7380011.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-08-08 19:18

==================== End Of Log =============================

Addition.txt:

Zitat:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-08-2014 01
Ran by UliMx921 at 2014-08-20 11:16:44
Running from C:\Users\UliMx921\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKLM-x32\...\uTorrent) (Version: 3.2.3.28705 - BitTorrent Inc.)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.6.0.19120 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 2.6.0.19120 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.179 - Adobe Systems Incorporated)
Agatha Christie - Peril at End House (x32 Version: 2.2.0.95 - WildTangent) Hidden
AMD APP SDK Runtime (Version: 2.4.595.10 - Advanced Micro Devices Inc.) Hidden
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ATI Catalyst Install Manager (HKLM\...\{96F38867-9D41-683C-DF60-034A731C37FE}) (Version: 3.0.825.0 - ATI Technologies, Inc.)
AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4745 - AVG Technologies)
AVG 2014 (Version: 14.0.4007 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4745 - AVG Technologies) Hidden
AVG PC TuneUp 2014 (de-DE) (x32 Version: 14.0.1001.423 - AVG) Hidden
AVG PC TuneUp 2014 (HKLM-x32\...\AVG PC TuneUp) (Version: 14.0.1001.423 - AVG)
AVG PC TuneUp 2014 (x32 Version: 14.0.1001.423 - AVG) Hidden
Badoo Desktop (HKLM-x32\...\{D0AF8BD9-79A6-45D6-8B71-25281B1300A7}) (Version: 1.6.58.1220 - Badoo)
Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Blasterball 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Bounce Symphony (x32 Version: 2.2.0.97 - WildTangent) Hidden
Cake Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center (x32 Version: 2011.0531.2216.38124 - ATI) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2011.0531.2216.38124 - ATI) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2011.0531.2216.38124 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2011.0531.2216.38124 - ATI) Hidden
Catalyst Control Center Profiles Desktop (x32 Version: 2011.0531.2216.38124 - ATI) Hidden
CCC Help Chinese Standard (x32 Version: 2011.0531.2215.38124 - ATI) Hidden
CCC Help Chinese Traditional (x32 Version: 2011.0531.2215.38124 - ATI) Hidden
CCC Help Czech (x32 Version: 2011.0531.2215.38124 - ATI) Hidden
CCC Help Danish (x32 Version: 2011.0531.2215.38124 - ATI) Hidden
CCC Help Dutch (x32 Version: 2011.0531.2215.38124 - ATI) Hidden
CCC Help English (x32 Version: 2011.0531.2215.38124 - ATI) Hidden
CCC Help Finnish (x32 Version: 2011.0531.2215.38124 - ATI) Hidden
CCC Help French (x32 Version: 2011.0531.2215.38124 - ATI) Hidden
CCC Help German (x32 Version: 2011.0531.2215.38124 - ATI) Hidden
CCC Help Greek (x32 Version: 2011.0531.2215.38124 - ATI) Hidden
CCC Help Hungarian (x32 Version: 2011.0531.2215.38124 - ATI) Hidden
CCC Help Italian (x32 Version: 2011.0531.2215.38124 - ATI) Hidden
CCC Help Japanese (x32 Version: 2011.0531.2215.38124 - ATI) Hidden
CCC Help Korean (x32 Version: 2011.0531.2215.38124 - ATI) Hidden
CCC Help Norwegian (x32 Version: 2011.0531.2215.38124 - ATI) Hidden
CCC Help Polish (x32 Version: 2011.0531.2215.38124 - ATI) Hidden
CCC Help Portuguese (x32 Version: 2011.0531.2215.38124 - ATI) Hidden
CCC Help Russian (x32 Version: 2011.0531.2215.38124 - ATI) Hidden
CCC Help Spanish (x32 Version: 2011.0531.2215.38124 - ATI) Hidden
CCC Help Swedish (x32 Version: 2011.0531.2215.38124 - ATI) Hidden
CCC Help Thai (x32 Version: 2011.0531.2215.38124 - ATI) Hidden
CCC Help Turkish (x32 Version: 2011.0531.2215.38124 - ATI) Hidden
ccc-utility64 (Version: 2011.0531.2216.38124 - ATI) Hidden
Chronicles of Albian (x32 Version: 2.2.0.95 - WildTangent) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cradle of Rome 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Die Sims 2 (HKLM-x32\...\{6E7DD182-9FC6-4651-0095-2E666CC6AF35}) (Version: - )
Die Sims 2: Nightlife (HKLM-x32\...\{F7529650-B9DB-481B-0089-A2AC3C2821C1}) (Version: - )
Die Sims 2: Open For Business (HKLM-x32\...\{7B3577F5-1D82-4C9B-008B-69D026FD8BCA}) (Version: - )
Die Sims 2: Wilde Campus-Jahre (HKLM-x32\...\{01521746-02A6-4A72-00BD-A285DF6B80C6}) (Version: - )
Die Sims™ 2 Apartment-Leben (HKLM-x32\...\{B6F5B704-06D3-4687-90F3-6195304AD755}) (Version: - Electronic Arts)
Die Sims™ 2 Freizeit-Spaß (HKLM-x32\...\{87F6C83D-F949-4d14-B5CB-DC8C75F8932D}) (Version: - Electronic Arts)
Die Sims™ 2 Gute Reise (HKLM-x32\...\{F248ADFA-64E0-4b03-8A83-059078BED6A0}) (Version: - Electronic Arts)
Die Sims™ 2 H&M®-Fashion-Accessoires (HKLM-x32\...\{84DDE556-43EF-43ed-B2DF-37AF9E5DDD75}) (Version: - )
Die Sims™ 2 Haustiere (HKLM-x32\...\{4817189D-1785-4627-A33C-39FD90919300}) (Version: - )
Die Sims™ 2 Küchen- und Bad-Einrichtungs-Accessoires (HKLM-x32\...\{6522C636-B04C-4333-9BEB-9E0C0B6350D6}) (Version: - Electronic Arts)
Die Sims™ 2 Teen Style-Accessoires (HKLM-x32\...\{5C648FDB-0138-4619-B66E-230EF53E8E2C}) (Version: - Electronic Arts)
Die Sims™ 2 Vier Jahreszeiten (HKLM-x32\...\{DFEF49D9-FC95-4301-99B9-2FB91C6ABA06}) (Version: - )
Die Sims™ 2 Villen- und Garten-Accessoires (HKLM-x32\...\{1A2A15C2-6780-49c1-B296-503230E9DE00}) (Version: - Electronic Arts)
DVDvideoSoft 2.0 Toolbar (HKLM-x32\...\DVDvideoSoft_2.0 Toolbar) (Version: 6.11.2.6 - DVDvideoSoft 2.0)
Farm Frenzy (x32 Version: 2.2.0.95 - WildTangent) Hidden
FATE (x32 Version: 2.2.0.97 - WildTangent) Hidden
Free YouTube to MP3 Converter version 3.12.42.716 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.42.716 - DVDVideoSoft Ltd.)
Google Chrome (HKCU\...\Google Chrome) (Version: 36.0.1985.143 - Google Inc.)
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.95 - WildTangent) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Auto (Version: 1.0.12935.3667 - Hewlett-Packard Company) Hidden
HP Client Services (Version: 1.1.12938.3539 - Hewlett-Packard) Hidden
HP Customer Experience Enhancements (x32 Version: 6.0.1.7 - Hewlett-Packard) Hidden
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.5 - WildTangent)
HP LinkUp (HKLM-x32\...\{DB3147AB-4024-4773-8EC0-A1FE5B44933D}) (Version: 2.01.028 - Hewlett-Packard)
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP Setup (HKLM-x32\...\{D35B72B6-F0E4-462B-BDEB-E08032B3B681}) (Version: 8.7.4747.3786 - Hewlett-Packard Company)
HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.1.13880.3792 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{7F2A11F4-EAE8-4325-83EC-E3E99F85169E}) (Version: 10.1.1000 - Hewlett-Packard)
HP Update (HKLM-x32\...\{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}) (Version: 5.003.001.001 - Hewlett-Packard)
HP Vision Hardware Diagnostics (HKLM\...\{D79A02E9-6713-4335-9668-AAC7474C0C0E}) (Version: 2.9.0.0 - Hewlett-Packard)
HydraVision (x32 Version: 4.2.200.0 - ATI Technologies Inc.) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Jewel Quest Solitaire (x32 Version: 2.2.0.95 - WildTangent) Hidden
Jewel Quest: The Sleepless Star - Collector's Edition (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Mah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) Hidden
McAfee Security Scan Plus (HKLM-x32\...\McAfee Security Scan) (Version: 3.0.285.6 - McAfee, Inc.)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Mathematics (HKLM-x32\...\{4D090F70-6F08-4B60-9357-A1DFD4458F09}) (Version: 4.0 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Starter 2010 - Deutsch (HKLM-x32\...\{90140011-0066-0407-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 31.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 de)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MX Simulator Demo (HKLM-x32\...\MX Simulator Demo) (Version: - )
Mystery of Mortlake Mansion (x32 Version: 2.2.0.97 - WildTangent) Hidden
Namco All-Stars: PAC-MAN (x32 Version: 2.2.0.95 - WildTangent) Hidden
NETGEAR WNA1100 N150 Wireless USB Adapter (HKLM-x32\...\{A2AE9709-283B-4B48-AA34-729C070A62FB}) (Version: 1.0.0.133 - NETGEAR)
PDF Complete Special Edition (HKLM-x32\...\PDF Complete) (Version: 4.0.54 - PDF Complete, Inc)
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6463 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.0.4320 - CyberLink Corp.) Hidden
Search Protect (HKLM-x32\...\SearchProtect) (Version: 2.13.1.47 - Client Connect LTD) <==== ATTENTION
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Slingo Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Spotify (HKCU\...\Spotify) (Version: 0.8.8.450.gd9413516 - Spotify AB)
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
Vacation Quest - The Hawaiian Islands (x32 Version: 2.2.0.97 - WildTangent) Hidden
Virtual Villagers - The Secret City (x32 Version: 2.2.0.95 - WildTangent) Hidden
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player 2.0.5 (HKLM-x32\...\VLC media player) (Version: 2.0.5 - VideoLAN)
WildTangent Games App (HP Games) (x32 Version: 4.0.5.2 - WildTangent) Hidden
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
WinRAR 4.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-351139012-3454371372-141882758-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\UliMx921\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-351139012-3454371372-141882758-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\UliMx921\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-351139012-3454371372-141882758-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\UliMx921\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-351139012-3454371372-141882758-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\UliMx921\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File

==================== Restore Points =========================

27-07-2014 17:18:00 Windows-Sicherung
06-08-2014 14:41:57 Geplanter Prüfpunkt
07-08-2014 17:44:30 Installed AVG 2014
15-08-2014 01:00:55 Windows Update
17-08-2014 17:30:29 Windows-Sicherung

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {25A1094E-2E00-4515-A580-C07490A27479} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {31734D57-4A05-4BA1-A121-6E02B630CEF5} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {3785B26A-2D91-4F17-B586-0B9560C621A9} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {398269C5-DED7-4266-AB7C-C82A670AF9E0} - System32\Tasks\{991E6CFF-0F6A-4166-862D-12248E105515} => C:\Program Files (x86)\EA GAMES\Die Sims 2 Villen- und Garten-Accessoires\TSBin\Sims2EP9.exe [2008-10-24] (Maxis, a division of Electronic Arts Inc.)
Task: {3D2E4CE9-9680-4A77-92F3-A0B2511EBCB7} - System32\Tasks\ServicePlan => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2011-06-15] ()
Task: {4F99A69D-BAEF-4237-AA36-697F207E9357} - System32\Tasks\HP-Online-Aktualisierungsprogramm => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [2011-05-10] (Hewlett-Packard)
Task: {6C21F4D2-0911-4FA0-A370-CBBC60ED700C} - System32\Tasks\{9712B368-C5B1-4935-9930-BFA1FA08C330} => C:\Program Files (x86)\EA GAMES\Die Sims 2 Villen- und Garten-Accessoires\TSBin\Sims2EP9.exe [2008-10-24] (Maxis, a division of Electronic Arts Inc.)
Task: {6C4BA2F2-AC19-4741-839A-F1FC180A87F7} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {7843F139-EA3C-42F5-8220-3AD4AE3BE51B} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files (x86)\AVG\AVG PC TuneUp\OneClick.exe [2014-04-15] (AVG)
Task: {8949BC00-61D0-4154-BD6B-27C4A09249A8} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-08-20] (Adobe Systems Incorporated)
Task: {A167490F-559C-401E-90F7-A81A78ACB63B} - System32\Tasks\Google Updater and Installer => C:\Users\UliMx921\AppData\Local\Google\Update\GoogleUpdate.exe [2012-12-16] (Google Inc.)
Task: {ADE1357D-70D9-4D07-BA37-85B6618F471C} - System32\Tasks\{B6C140A9-83EB-47F6-AAD5-2CDB8E907F36} => C:\Program Files (x86)\EA GAMES\Die Sims 2 Villen- und Garten-Accessoires\TSBin\Sims2EP9.exe [2008-10-24] (Maxis, a division of Electronic Arts Inc.)
Task: {CEBFA74A-A980-446D-B890-FE5A59B73F99} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-351139012-3454371372-141882758-1000UA => C:\Users\UliMx921\AppData\Local\Google\Update\GoogleUpdate.exe [2012-12-16] (Google Inc.)
Task: {D36A4F58-C85D-4AA1-99EA-D8E7F96C2844} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2013-07-02] (Oracle Corporation)
Task: {DC204A9F-1432-43A5-B6C6-E5A1E72BB3F9} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {E98D7D5B-95EB-494E-9894-FD22E62C18F2} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-03-21] (Hewlett-Packard)
Task: {E99EF112-8A62-4A59-88C9-347E44184CFD} - System32\Tasks\HPCeeScheduleForUliMx921 => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14] (Hewlett-Packard)
Task: {F38D6E9E-3E37-40E8-A87A-645C6EF3B705} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-351139012-3454371372-141882758-1000Core => C:\Users\UliMx921\AppData\Local\Google\Update\GoogleUpdate.exe [2012-12-16] (Google Inc.)
Task: {F912E56F-80CF-4A04-BF78-5AEBA61E8CF6} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-03-21] (Hewlett-Packard)
Task: {FDD93509-952B-4859-92F4-0AFCB3C8E072} - System32\Tasks\RMCreator => C:\Program Files (x86)\Hewlett-Packard\Recovery\Reminder.exe [2011-07-21] (CyberLink)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-351139012-3454371372-141882758-1000Core.job => C:\Users\UliMx921\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-351139012-3454371372-141882758-1000UA.job => C:\Users\UliMx921\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForUliMx921.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Loaded Modules (whitelisted) =============

2014-04-15 16:23 - 2014-04-15 16:23 - 00675640 _____ () C:\Program Files (x86)\AVG\AVG PC TuneUp\avgrepliba.dll
2012-12-16 01:43 - 2010-08-04 15:44 - 00266240 _____ () C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvc.exe
2006-09-19 10:07 - 2006-09-19 10:07 - 00827392 _____ () C:\Windows\vsnpstd3.exe
2012-12-16 01:43 - 2011-01-04 16:34 - 04545024 _____ () C:\Program Files (x86)\NETGEAR\WNA1100\WNA1100.exe
2011-06-01 08:14 - 2011-06-01 08:14 - 00243712 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2011-04-12 02:20 - 2011-04-12 02:20 - 00098304 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2011-04-12 02:20 - 2011-04-12 02:20 - 00028672 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\BrandingResources.dll
2012-12-16 01:43 - 2010-03-10 15:50 - 00360448 _____ () C:\Program Files (x86)\NETGEAR\WNA1100\WifiLib.dll
2012-12-16 01:43 - 2009-08-28 17:50 - 00282624 _____ () C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvcLib.dll
2014-07-25 17:58 - 2014-07-25 17:58 - 03800688 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-05-06 13:06 - 2014-05-06 13:06 - 16351920 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_206.dll
2014-08-20 09:51 - 2014-08-20 09:51 - 17048240 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_179.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (08/17/2014 10:17:12 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Nur zur Information.
(Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed:

Error: (08/15/2014 03:01:18 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".

Details:
AddLegacyDriverFiles: Unable to back up image of binary Vsdatant.

System Error:
Das System kann die angegebene Datei nicht finden.
.

Error: (08/12/2014 04:04:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc3c1
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521eaf24
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000004e4e4
ID des fehlerhaften Prozesses: 0x580
Startzeit der fehlerhaften Anwendung: 0xsvchost.exe0
Pfad der fehlerhaften Anwendung: svchost.exe1
Pfad des fehlerhaften Moduls: svchost.exe2
Berichtskennung: svchost.exe3

Error: (08/07/2014 07:44:40 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".

Details:
AddLegacyDriverFiles: Unable to back up image of binary Vsdatant.

System Error:
Das System kann die angegebene Datei nicht finden.
.

Error: (08/06/2014 04:42:05 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".

Details:
AddLegacyDriverFiles: Unable to back up image of binary Vsdatant.

System Error:
Das System kann die angegebene Datei nicht finden.
.

Error: (08/04/2014 10:16:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: vlc.exe, Version: 2.0.5.0, Zeitstempel: 0x50c91d8b
Name des fehlerhaften Moduls: vlc.exe, Version: 2.0.5.0, Zeitstempel: 0x50c91d8b
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00001665
ID des fehlerhaften Prozesses: 0x1cdc
Startzeit der fehlerhaften Anwendung: 0xvlc.exe0
Pfad der fehlerhaften Anwendung: vlc.exe1
Pfad des fehlerhaften Moduls: vlc.exe2
Berichtskennung: vlc.exe3

Error: (08/02/2014 04:18:09 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Sims2Launcher.exe, Version: 1.0.0.1, Zeitstempel: 0x48f12e72
Name des fehlerhaften Moduls: Sims2Launcher.exe, Version: 1.0.0.1, Zeitstempel: 0x48f12e72
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00002167
ID des fehlerhaften Prozesses: 0x1584
Startzeit der fehlerhaften Anwendung: 0xSims2Launcher.exe0
Pfad der fehlerhaften Anwendung: Sims2Launcher.exe1
Pfad des fehlerhaften Moduls: Sims2Launcher.exe2
Berichtskennung: Sims2Launcher.exe3

Error: (07/30/2014 05:28:59 PM) (Source: Microsoft-Windows-RestartManager) (EventID: 10006) (User: UliMx921-HP)
Description: Die Anwendung oder der Dienst "ZoneAlarm Privacy Service" konnte nicht heruntergefahren werden.

Error: (07/30/2014 05:28:59 PM) (Source: Microsoft-Windows-RestartManager) (EventID: 10006) (User: UliMx921-HP)
Description: Die Anwendung oder der Dienst "ZoneAlarm Privacy Service" konnte nicht heruntergefahren werden.

Error: (07/30/2014 05:28:55 PM) (Source: Microsoft-Windows-RestartManager) (EventID: 10006) (User: UliMx921-HP)
Description: Die Anwendung oder der Dienst "Check Point Install Utility" konnte nicht heruntergefahren werden.

System errors:
=============
Error: (08/15/2014 03:38:10 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Search Protect Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error: (08/15/2014 03:35:54 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "ZoneAlarm Privacy Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error: (08/15/2014 03:32:26 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (08/12/2014 04:06:56 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Telefonie" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler:
%%1056

Error: (08/12/2014 04:06:56 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "DNS-Client" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler:
%%1056

Error: (08/12/2014 04:05:56 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Arbeitsstationsdienst" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler:
%%1056

Error: (08/12/2014 04:05:56 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Kryptografiedienste" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler:
%%1056

Error: (08/12/2014 04:04:56 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Remotedesktopdienste" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (08/12/2014 04:04:56 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Telefonie" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (08/12/2014 04:04:56 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "NLA (Network Location Awareness)" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 100 Millisekunden durchgeführt: Neustart des Diensts.

Microsoft Office Sessions:
=========================
Error: (08/17/2014 10:17:12 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: (Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed:

Error: (08/15/2014 03:01:18 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddLegacyDriverFiles: Unable to back up image of binary Vsdatant.

System Error:
Das System kann die angegebene Datei nicht finden.

Error: (08/12/2014 04:04:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe6.1.7600.163854a5bc3c1ntdll.dll6.1.7601.18247521eaf24c0000005000000000004e4e458001cfa9852ab708c0C:\Windows\system32\svchost.exeC:\Windows\S YSTEM32\ntdll.dll9f19fab1-2229-11e4-84ff-082e5f1503a7

Error: (08/07/2014 07:44:40 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddLegacyDriverFiles: Unable to back up image of binary Vsdatant.

System Error:
Das System kann die angegebene Datei nicht finden.

Error: (08/06/2014 04:42:05 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddLegacyDriverFiles: Unable to back up image of binary Vsdatant.

System Error:
Das System kann die angegebene Datei nicht finden.

Error: (08/04/2014 10:16:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: vlc.exe2.0.5.050c91d8bvlc.exe2.0.5.050c91d8bc0000005000016651cdc01cfae70cf3d162cC:\Program Files (x86)\VideoLAN\VLC\vlc.exeC:\Program Files (x86)\VideoLAN\VLC\vlc.exe31dfb29a-1c14-11e4-84ff-082e5f1503a7

Error: (08/02/2014 04:18:09 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Sims2Launcher.exe1.0.0.148f12e72Sims2Launcher.exe1.0.0.148f12e72c000000500002167158401cfae5c94b24182C:\Program Files (x86)\EA GAMES\Die Sims 2 Villen- und Garten-Accessoires\TSBin\Sims2Launcher.exeC:\Program Files (x86)\EA GAMES\Die Sims 2 Villen- und Garten-Accessoires\TSBin\Sims2Launcher.exed3ba266e-1a4f-11e4-84ff-082e5f1503a7

Error: (07/30/2014 05:28:59 PM) (Source: Microsoft-Windows-RestartManager) (EventID: 10006) (User: UliMx921-HP)
Description: 1C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exeZoneAlarm Privacy Service03026216127800

Error: (07/30/2014 05:28:59 PM) (Source: Microsoft-Windows-RestartManager) (EventID: 10006) (User: UliMx921-HP)
Description: 0C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exeZoneAlarm Privacy Service0302621612780443003A005C00500072006F006700720061006D002000460069006C00650073002000280078003800360029005C0043006800650063006B0050006F0069006E007 4005C005A006F006E00650041006C00610072006D005C0043006F006D006D0075006E006900740079002E00430073006800610072007000530071006C006900740065002E0064006C006C0 0000043003A005C00500072006F006700720061006D002000460069006C00650073002000280078003800360029005C0043006800650063006B0050006F0069006E0074005C005A006F006 E00650041006C00610072006D005C0043006F006D006D0075006E006900740079002E00430073006800610072007000530071006C006900740065002E00530051004C00690074006500430 06C00690065006E0074002E0064006C006C00000043003A005C00500072006F006700720061006D002000460069006C00650073002000280078003800360029005C0043006800650063006 B0050006F0069006E0074005C005A006F006E00650041006C00610072006D005C0049006F006E00690063002E005A00690070002E0064006C006C00000043003A005C00500072006F00670 0720061006D002000460069006C00650073002000280078003800360029005C0043006800650063006B0050006F0069006E0074005C005A006F006E00650041006C00610072006D005C005 A004100500072006900760061006300790053006500720076006900630065002E006500780065000000

Error: (07/30/2014 05:28:55 PM) (Source: Microsoft-Windows-RestartManager) (EventID: 10006) (User: UliMx921-HP)
Description: 1C:\Program Files (x86)\CheckPoint\Install\Install.exeCheck Point Install Utility0111780800

==================== Memory info ===========================

Processor: Intel(R) Pentium(R) CPU G620 @ 2.60GHz
Percentage of memory in use: 76%
Total physical RAM: 4076.84 MB
Available physical RAM: 956.23 MB
Total Pagefile: 8151.87 MB
Available Pagefile: 3742.01 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:918.74 GB) (Free:832.2 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (HP_RECOVERY) (Fixed) (Total:12.67 GB) (Free:1.56 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (Sims2EP9) (CDROM) (Total:0.66 GB) (Free:0 GB) UDF
Drive f: (Elements) (Fixed) (Total:1863.01 GB) (Free:1175.89 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 125B0853)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=918.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=12.7 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 1863 GB) (Disk ID: 0022BBEE)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Gmer.txt:

Zitat:

GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-08-20 12:07:43
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST310005 rev.HP64 931,51GB
Running: Gmer-19357.exe; Driver: C:\Users\UliMx921\AppData\Local\Temp\kxlorkoc.sys

---- Kernel code sections - GMER 2.1 ----

INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528 fffff80002ded000 63 bytes [4D, 6D, 53, 74, 01, 00, 00, ...]
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 592 fffff80002ded040 12 bytes [01, 60, 18, 07, 80, FA, FF, ...]

---- EOF - GMER 2.1 ----

AVG Filelog:

Code:

ATTFilter

AVG 2014 AntiVirus-Befehlszeilenscanner
Copyright (c) 1992 - 2013 AVG Technologies
Programmversion 2014.0.4745, Engine 2014.0.4007
Virendatenbank: Version 4007/8068 2014-08-20
@Scan_BootSectorName|%name%=HIDDEN| Bootkit.61030040.F987090C gefunden ist OK.
@Scan_BootSectorName|%name%=C:\| Bootkit.61030040.F987090C gefunden ist OK.
@Scan_BootSectorName|%name%=D:\| Bootkit.61030040.F987090C gefunden ist OK.
@Scan_BootSectorName|%name%=F:\| Bootkit.61030040.15908BB7 gefunden ist OK.
C:\Documents and Settings\ Gesperrte Datei. Nicht gescannt. ist OK.
C:\hiberfil.sys Gesperrte Datei. Nicht gescannt. ist OK.
C:\pagefile.sys Gesperrte Datei. Nicht gescannt. ist OK.
C:\Program Files (x86)\HP Games\Agatha Christie - Peril at End House\Agatha Christie - Peril at End House-WT.exe  ist OK.
C:\Program Files (x86)\HP Games\Bejeweled 3\bejeweled3-WT.exe  ist OK.
C:\Program Files (x86)\HP Games\Blasterball 3\BlasterBall3-WT.exe  ist OK.
C:\Program Files (x86)\HP Games\Cake Mania\Cake Mania-WT.exe  ist OK.
C:\Program Files (x86)\HP Games\Chronicles of Albian\Chronicles of Albian-WT.exe  ist OK.
C:\Program Files (x86)\HP Games\Farm Frenzy\Farm Frenzy-WT.exe  ist OK.
C:\Program Files (x86)\HP Games\FATE\Fate-WT.exe  ist OK.
C:\Program Files (x86)\HP Games\Jewel Quest Solitaire\Jewel Quest Solitaire-WT.exe  ist OK.
C:\Program Files (x86)\HP Games\Plants vs Zombies - Game of the Year\plantsvszombies-WT.exe  ist OK.
C:\Program Files (x86)\HP Games\Slingo Deluxe\Slingo Deluxe-WT.exe  ist OK.
C:\Program Files (x86)\HP Games\Virtual Villagers - The Secret City\Virtual Villagers - The Secret City-WT.exe  ist OK.
C:\Program Files (x86)\HP Games\Zuma Deluxe\Zuma Deluxe-WT.exe  ist OK.
C:\ProgramData\Desktop\ Gesperrte Datei. Nicht gescannt. ist OK.
C:\ProgramData\Documents\ Gesperrte Datei. Nicht gescannt. ist OK.
C:\ProgramData\Favorites\ Gesperrte Datei. Nicht gescannt. ist OK.
C:\ProgramData\Templates\ Gesperrte Datei. Nicht gescannt. ist OK.
C:\ProgramData\TuneUp Software\TuneUp Utilities 2013\TTUSvclrt.tt Gesperrte Datei. Nicht gescannt. ist OK.
C:\System Volume Information\ Gesperrte Datei. Nicht gescannt. ist OK.
C:\Users\Default\AppData\Local\History\ Gesperrte Datei. Nicht gescannt. ist OK.
C:\Users\Default\Documents\My Music\ Gesperrte Datei. Nicht gescannt. ist OK.
C:\Users\Default\Documents\My Pictures\ Gesperrte Datei. Nicht gescannt. ist OK.
C:\Users\Default\Documents\My Videos\ Gesperrte Datei. Nicht gescannt. ist OK.
C:\Users\Default\NetHood\ Gesperrte Datei. Nicht gescannt. ist OK.
C:\Users\Default\PrintHood\ Gesperrte Datei. Nicht gescannt. ist OK.
C:\Users\Default\Templates\ Gesperrte Datei. Nicht gescannt. ist OK.
C:\Users\Public\Documents\My Music\ Gesperrte Datei. Nicht gescannt. ist OK.
C:\Users\Public\Documents\My Pictures\ Gesperrte Datei. Nicht gescannt. ist OK.
C:\Users\Public\Documents\My Videos\ Gesperrte Datei. Nicht gescannt. ist OK.
C:\Users\UliMx921\Anwendungsdaten\ Gesperrte Datei. Nicht gescannt. ist OK.
C:\Users\UliMx921\AppData\Local\Avg2014\temp\avg-0bc7e315-1e78-486e-ae43-4169287ced29.tmp Gesperrte Datei. Nicht gescannt. ist OK.
C:\Users\UliMx921\AppData\Local\Avg2014\temp\avg-5bf37909-def4-4a62-8b51-4736d8aa1a21.tmp Gesperrte Datei. Nicht gescannt. ist OK.
C:\Users\UliMx921\AppData\Local\Microsoft\Windows\UsrClass.dat Gesperrte Datei. Nicht gescannt. ist OK.
C:\Users\UliMx921\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1 Gesperrte Datei. Nicht gescannt. ist OK.
C:\Users\UliMx921\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG2 Gesperrte Datei. Nicht gescannt. ist OK.
C:\Users\UliMx921\AppData\Roaming\Microsoft\Windows\Start Menu\Programme\ Gesperrte Datei. Nicht gescannt. ist OK.
C:\Users\UliMx921\Documents\Eigene Bilder\ Gesperrte Datei. Nicht gescannt. ist OK.
C:\Users\UliMx921\Documents\Eigene Musik\ Gesperrte Datei. Nicht gescannt. ist OK.
C:\Users\UliMx921\Documents\Eigene Videos\ Gesperrte Datei. Nicht gescannt. ist OK.
C:\Users\UliMx921\Druckumgebung\ Gesperrte Datei. Nicht gescannt. ist OK.
C:\Users\UliMx921\Netzwerkumgebung\ Gesperrte Datei. Nicht gescannt. ist OK.
C:\Users\UliMx921\ntuser.dat Gesperrte Datei. Nicht gescannt. ist OK.
C:\Users\UliMx921\ntuser.dat.LOG1 Gesperrte Datei. Nicht gescannt. ist OK.
C:\Users\UliMx921\ntuser.dat.LOG2 Gesperrte Datei. Nicht gescannt. ist OK.
C:\Users\UliMx921\Vorlagen\ Gesperrte Datei. Nicht gescannt. ist OK.
C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat Gesperrte Datei. Nicht gescannt. ist OK.
C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat Gesperrte Datei. Nicht gescannt. ist OK.
C:\Windows\ServiceProfiles\LocalService\ntuser.dat Gesperrte Datei. Nicht gescannt. ist OK.
C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT.LOG1 Gesperrte Datei. Nicht gescannt. ist OK.
C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT.LOG2 Gesperrte Datei. Nicht gescannt. ist OK.
C:\Windows\ServiceProfiles\NetworkService\ntuser.dat Gesperrte Datei. Nicht gescannt. ist OK.
C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT.LOG1 Gesperrte Datei. Nicht gescannt. ist OK.
C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT.LOG2 Gesperrte Datei. Nicht gescannt. ist OK.
C:\Windows\System32\catroot2\edb.log Gesperrte Datei. Nicht gescannt. ist OK.
C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb Gesperrte Datei. Nicht gescannt. ist OK.
C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb Gesperrte Datei. Nicht gescannt. ist OK.
C:\Windows\System32\config\default Gesperrte Datei. Nicht gescannt. ist OK.
C:\Windows\System32\config\DEFAULT.LOG1 Gesperrte Datei. Nicht gescannt. ist OK.
C:\Windows\System32\config\DEFAULT.LOG2 Gesperrte Datei. Nicht gescannt. ist OK.
C:\Windows\System32\config\RegBack\DEFAULT Gesperrte Datei. Nicht gescannt. ist OK.
C:\Windows\System32\config\RegBack\SAM Gesperrte Datei. Nicht gescannt. ist OK.
C:\Windows\System32\config\RegBack\SECURITY Gesperrte Datei. Nicht gescannt. ist OK.
C:\Windows\System32\config\RegBack\SOFTWARE Gesperrte Datei. Nicht gescannt. ist OK.
C:\Windows\System32\config\RegBack\SYSTEM Gesperrte Datei. Nicht gescannt. ist OK.
C:\Windows\System32\config\sam Gesperrte Datei. Nicht gescannt. ist OK.
C:\Windows\System32\config\SAM.LOG1 Gesperrte Datei. Nicht gescannt. ist OK.
C:\Windows\System32\config\SAM.LOG2 Gesperrte Datei. Nicht gescannt. ist OK.
C:\Windows\System32\config\security Gesperrte Datei. Nicht gescannt. ist OK.
C:\Windows\System32\config\SECURITY.LOG1 Gesperrte Datei. Nicht gescannt. ist OK.
C:\Windows\System32\config\SECURITY.LOG2 Gesperrte Datei. Nicht gescannt. ist OK.
C:\Windows\System32\config\software Gesperrte Datei. Nicht gescannt. ist OK.
C:\Windows\System32\config\SOFTWARE.LOG1 Gesperrte Datei. Nicht gescannt. ist OK.
C:\Windows\System32\config\SOFTWARE.LOG2 Gesperrte Datei. Nicht gescannt. ist OK.
C:\Windows\System32\config\system Gesperrte Datei. Nicht gescannt. ist OK.
C:\Windows\System32\config\SYSTEM.LOG1 Gesperrte Datei. Nicht gescannt. ist OK.
C:\Windows\System32\config\SYSTEM.LOG2 Gesperrte Datei. Nicht gescannt. ist OK.
C:\Windows\System32\LogFiles\WMI\RtBackup\ Gesperrte Datei. Nicht gescannt. ist OK.
C:\Windows\System32\Microsoft\Protect\Recovery\Recovery.dat Gesperrte Datei. Nicht gescannt. ist OK.
C:\Windows\System32\Microsoft\Protect\Recovery\Recovery.dat.LOG1 Gesperrte Datei. Nicht gescannt. ist OK.
C:\Windows\System32\Microsoft\Protect\Recovery\Recovery.dat.LOG2 Gesperrte Datei. Nicht gescannt. ist OK.
C:\Windows\System32\Microsoft\Protect\Recovery\Recovery.dat{fb05fdd4-31e0-11e3-a5b1-082e5f1503a7}.TM.blf Gesperrte Datei. Nicht gescannt. ist OK.
C:\Windows\System32\Microsoft\Protect\Recovery\Recovery.dat{fb05fdd4-31e0-11e3-a5b1-082e5f1503a7}.TMContainer00000000000000000001.regtrans-ms Gesperrte Datei. Nicht gescannt. ist OK.
C:\Windows\System32\Microsoft\Protect\Recovery\Recovery.dat{fb05fdd4-31e0-11e3-a5b1-082e5f1503a7}.TMContainer00000000000000000002.regtrans-ms Gesperrte Datei. Nicht gescannt. ist OK.
D:\System Volume Information\ Gesperrte Datei. Nicht gescannt. ist OK.
F:\System Volume Information\ Gesperrte Datei. Nicht gescannt. ist OK.

------------------------------------------------------------
Test gestartet: 20.8.2014 12:16:05
Testdauer: 51 Minute(n) 45 Sekunde(n)
------------------------------------------------------------
Gescannte Objekte: 328135
Gefundene Infektionen:   75
Schweregrad 'Hoch' gefunden:    0
Schweregrad 'Mittel' gefunden:    0
Schweregrad 'Information' gefunden:   79
Schweregrad 'Hoch' behoben:    0
Schweregrad 'Mittel' behoben:    0
Schweregrad 'Information' behoben:    0
------------------------------------------------------------

Ich bin ratlos, aber vielleicht kann hier ja jemand helfen. Würde mich freuen!

Wenn noch Fragen aufkommen oder noch etwas benötigt wird - einfach Bescheid geben.
Danke im Voraus.

Grüße,
Music.Junky

schrauber · 20.08.2014, 15:16

hi,

Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

WICHTIG: Speichere Combofix auf deinem Desktop.

Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!

Wenn Combofix fertig ist, wird es ein Logfile erstellen.

Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Music.Junky · 20.08.2014, 17:15

Huhu schrauber,

danke für die schnelle Antwort!
Hier das Logfile von Combofix

Code:

ATTFilter

ComboFix 14-08-19.01 - UliMx921 20.08.2014  18:05:37.1.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.4077.2535 [GMT 2:00]
ausgeführt von:: c:\users\UliMx921\Desktop\ComboFix.exe
AV: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\SearchProtect
c:\program files (x86)\SearchProtect\EULA.txt
c:\program files (x86)\SearchProtect\Main\rep\SystemRepository.dat
c:\program files (x86)\SearchProtect\UI\dialogs\bubble\bubble.css
c:\program files (x86)\SearchProtect\UI\dialogs\bubble\bubble.html
c:\program files (x86)\SearchProtect\UI\dialogs\bubble\bubble.js
c:\program files (x86)\SearchProtect\UI\dialogs\bubble\defaults.js
c:\program files (x86)\SearchProtect\UI\dialogs\Images\Apply-default.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\Apply-onclick.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\Apply-Rollover.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\bg-uninstall.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\bg-with-logo.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\bg.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\bgNotif.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\bgSettings.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\bgSettingsDS.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\bgUninstall.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\btnBlue.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\btnClose.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\btnSilver.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\button-bg.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\checkbox.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\checkbox_checked.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\checkbox_def.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\close-win-def.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\close-win-over-click.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\gray-bg.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\hez-def.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\hez-selected.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\hez.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\icon-win.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\info-icon.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\menu-rollover.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\menu-selected.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\radio-button-def.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\radio-button-selected.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\radio-button.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\radio-button2.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\Settings-icon.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\text-field.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\v.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\x.png
c:\program files (x86)\SearchProtect\UI\dialogs\libs\defaults.js
c:\program files (x86)\SearchProtect\UI\dialogs\libs\dialogUtils.js
c:\program files (x86)\SearchProtect\UI\dialogs\libs\jquery.1.7.1.min.js
c:\program files (x86)\SearchProtect\UI\dialogs\libs\json2.min.js
c:\program files (x86)\SearchProtect\UI\dialogs\libs\main.js
c:\program files (x86)\SearchProtect\UI\dialogs\libs\SPDialogAPI.js
c:\program files (x86)\SearchProtect\UI\dialogs\protection\defaults.js
c:\program files (x86)\SearchProtect\UI\dialogs\protection\protection.css
c:\program files (x86)\SearchProtect\UI\dialogs\protection\protection.html
c:\program files (x86)\SearchProtect\UI\dialogs\protection\protection.js
c:\program files (x86)\SearchProtect\UI\dialogs\protectionDS\defaults.js
c:\program files (x86)\SearchProtect\UI\dialogs\protectionDS\protectionDS.css
c:\program files (x86)\SearchProtect\UI\dialogs\protectionDS\protectionDS.html
c:\program files (x86)\SearchProtect\UI\dialogs\protectionDS\protectionDS.js
c:\program files (x86)\SearchProtect\UI\dialogs\settings.html
c:\program files (x86)\SearchProtect\UI\dialogs\settings\defaults.js
c:\program files (x86)\SearchProtect\UI\dialogs\settings\settings.css
c:\program files (x86)\SearchProtect\UI\dialogs\settings\settings.html
c:\program files (x86)\SearchProtect\UI\dialogs\settings\settings.js
c:\program files (x86)\SearchProtect\UI\dialogs\style.css
c:\program files (x86)\SearchProtect\UI\dialogs\uninstall\defaults.js
c:\program files (x86)\SearchProtect\UI\dialogs\uninstall\uninstall.css
c:\program files (x86)\SearchProtect\UI\dialogs\uninstall\uninstall.html
c:\program files (x86)\SearchProtect\UI\dialogs\uninstall\uninstall.js
c:\programdata\Vaudix
c:\programdata\Vaudix\50ef2c5c50b54.tlb
c:\programdata\Vaudix\data\Vaudix.dat
c:\programdata\Vaudix\settings.ini
F:\autorun.inf
.
.
(((((((((((((((((((((((   Dateien erstellt von 2014-07-20 bis 2014-08-20  ))))))))))))))))))))))))))))))
.
.
2014-08-20 16:10 . 2014-08-20 16:10	--------	d-----w-	c:\users\Default\AppData\Local\temp
2014-08-20 09:15 . 2014-08-20 09:19	--------	d-----w-	C:\FRST
2014-08-20 08:16 . 2014-08-20 08:16	18594480	----a-w-	c:\windows\SysWow64\FlashPlayerInstaller.exe
2014-08-20 07:51 . 2014-08-20 07:51	--------	d-----w-	c:\programdata\McAfee Security Scan
2014-08-20 07:51 . 2014-08-20 07:51	--------	d-----w-	c:\programdata\McAfee
2014-08-20 07:51 . 2014-08-20 07:51	--------	d-----w-	c:\program files (x86)\McAfee Security Scan
2014-08-15 01:03 . 2014-03-09 21:48	171160	----a-w-	c:\windows\system32\infocardapi.dll
2014-08-15 01:03 . 2014-03-09 21:47	99480	----a-w-	c:\windows\SysWow64\infocardapi.dll
2014-08-15 01:03 . 2014-06-30 22:24	8856	----a-w-	c:\windows\system32\icardres.dll
2014-08-15 01:03 . 2014-06-30 22:14	8856	----a-w-	c:\windows\SysWow64\icardres.dll
2014-08-15 01:03 . 2014-03-09 21:48	1389208	----a-w-	c:\windows\system32\icardagt.exe
2014-08-15 01:03 . 2014-03-09 21:47	619672	----a-w-	c:\windows\SysWow64\icardagt.exe
2014-08-15 01:03 . 2014-06-06 06:16	35480	----a-w-	c:\windows\SysWow64\TsWpfWrp.exe
2014-08-15 01:03 . 2014-06-06 06:12	35480	----a-w-	c:\windows\system32\TsWpfWrp.exe
2014-08-14 17:34 . 2014-07-16 03:23	2048	----a-w-	c:\windows\system32\tzres.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-08-20 08:17 . 2014-05-06 11:06	699056	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2014-08-20 08:17 . 2012-02-16 09:05	71344	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-08-15 15:06 . 2010-06-24 19:33	23256	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2014-06-30 10:43 . 2014-06-30 10:43	152344	----a-w-	c:\windows\system32\drivers\avgdiska.sys
2014-06-18 02:18 . 2014-07-09 13:47	692736	----a-w-	c:\windows\system32\osk.exe
2014-06-18 01:51 . 2014-07-09 13:47	646144	----a-w-	c:\windows\SysWow64\osk.exe
2014-06-17 14:21 . 2014-06-17 14:21	235800	----a-w-	c:\windows\system32\drivers\avgldx64.sys
2014-06-17 14:07 . 2014-06-17 14:07	328984	----a-w-	c:\windows\system32\drivers\avgloga.sys
2014-06-17 14:06 . 2014-06-17 14:06	269080	----a-w-	c:\windows\system32\drivers\avgtdia.sys
2014-06-17 14:06 . 2014-06-17 14:06	190744	----a-w-	c:\windows\system32\drivers\avgidsha.sys
2014-06-17 14:06 . 2014-06-17 14:06	242968	----a-w-	c:\windows\system32\drivers\avgidsdrivera.sys
2014-06-17 14:06 . 2014-06-17 14:06	123672	----a-w-	c:\windows\system32\drivers\avgmfx64.sys
2014-06-17 14:06 . 2014-06-17 14:06	31512	----a-w-	c:\windows\system32\drivers\avgrkx64.sys
2014-06-06 10:10 . 2014-07-09 13:47	624128	----a-w-	c:\windows\system32\qedit.dll
2014-06-06 09:44 . 2014-07-09 13:47	509440	----a-w-	c:\windows\SysWow64\qedit.dll
2014-06-05 14:45 . 2014-07-09 13:46	1460736	----a-w-	c:\windows\system32\lsasrv.dll
2014-06-05 14:26 . 2014-07-09 13:46	22016	----a-w-	c:\windows\SysWow64\secur32.dll
2014-06-05 14:25 . 2014-07-09 13:46	96768	----a-w-	c:\windows\SysWow64\sspicli.dll
2014-05-30 08:08 . 2014-07-09 13:47	210944	----a-w-	c:\windows\system32\wdigest.dll
2014-05-30 08:08 . 2014-07-09 13:47	86528	----a-w-	c:\windows\system32\TSpkg.dll
2014-05-30 08:08 . 2014-07-09 13:47	340992	----a-w-	c:\windows\system32\schannel.dll
2014-05-30 08:08 . 2014-07-09 13:47	314880	----a-w-	c:\windows\system32\msv1_0.dll
2014-05-30 08:08 . 2014-07-09 13:47	307200	----a-w-	c:\windows\system32\ncrypt.dll
2014-05-30 08:08 . 2014-07-09 13:47	728064	----a-w-	c:\windows\system32\kerberos.dll
2014-05-30 08:08 . 2014-07-09 13:47	22016	----a-w-	c:\windows\system32\credssp.dll
2014-05-30 07:52 . 2014-07-09 13:47	172032	----a-w-	c:\windows\SysWow64\wdigest.dll
2014-05-30 07:52 . 2014-07-09 13:47	65536	----a-w-	c:\windows\SysWow64\TSpkg.dll
2014-05-30 07:52 . 2014-07-09 13:47	247808	----a-w-	c:\windows\SysWow64\schannel.dll
2014-05-30 07:52 . 2014-07-09 13:47	220160	----a-w-	c:\windows\SysWow64\ncrypt.dll
2014-05-30 07:52 . 2014-07-09 13:47	259584	----a-w-	c:\windows\SysWow64\msv1_0.dll
2014-05-30 07:52 . 2014-07-09 13:47	550912	----a-w-	c:\windows\SysWow64\kerberos.dll
2014-05-30 07:52 . 2014-07-09 13:47	17408	----a-w-	c:\windows\SysWow64\credssp.dll
2014-05-30 06:45 . 2014-07-09 13:47	497152	----a-w-	c:\windows\system32\drivers\afd.sys
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{04a8dd1a-4754-48fe-a703-99846646ef04}"= "c:\program files (x86)\DVDvideoSoft_2.0\prxtbDVDv.dll" [2013-03-05 231168]
.
[HKEY_CLASSES_ROOT\clsid\{04a8dd1a-4754-48fe-a703-99846646ef04}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{04a8dd1a-4754-48fe-a703-99846646ef04}]
2013-03-05 12:37	231168	----a-w-	c:\program files (x86)\DVDvideoSoft_2.0\prxtbDVDv.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{04a8dd1a-4754-48fe-a703-99846646ef04}"= "c:\program files (x86)\DVDvideoSoft_2.0\prxtbDVDv.dll" [2013-03-05 231168]
.
[HKEY_CLASSES_ROOT\clsid\{04a8dd1a-4754-48fe-a703-99846646ef04}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Badoo Desktop"="c:\programdata\Badoo\Badoo Desktop\1.6.58.1220\Badoo.Desktop.exe" [2012-12-24 1067232]
"Spotify Web Helper"="c:\users\UliMx921\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2013-03-29 1104280]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-06-01 336384]
"PDF Complete"="c:\program files (x86)\PDF Complete\pdfsty.exe" [2011-05-06 658424]
"AVG_UI"="c:\program files (x86)\AVG\AVG2014\avgui.exe" [2014-08-11 5187088]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SpUninstallDeleteDir"="rmdir" [X]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\3.0.285\SSScheduler.exe [2012-9-5 271808]
NETGEAR WNA1100 Setup-Assistent.lnk - c:\program files (x86)\NETGEAR\WNA1100\WNA1100.exe [2012-12-16 4545024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="c:\windows\system32\userinit.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"HP Software Update"=c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2014\avgidsagent.exe;c:\program files (x86)\AVG\AVG2014\avgidsagent.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 CltMngSvc;Search Protect Service;c:\progra~2\SearchProtect\Main\bin\CltMngSvc.exe;c:\progra~2\SearchProtect\Main\bin\CltMngSvc.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 ZAPrivacyService;ZoneAlarm Privacy Service;c:\program files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe;c:\program files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe [x]
R3 athur;Atheros AR9271 Wireless Network Adapter Service;c:\windows\system32\DRIVERS\athurx.sys;c:\windows\SYSNATIVE\DRIVERS\athurx.sys [x]
R3 jswpsapi;JumpStart Wi-Fi Protected Setup;c:\program files (x86)\NETGEAR\WNA1100\jswpsapi.exe;c:\program files (x86)\NETGEAR\WNA1100\jswpsapi.exe [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\3.0.285\McCHSvc.exe;c:\program files (x86)\McAfee Security Scan\3.0.285\McCHSvc.exe [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R4 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS\avgloga.sys [x]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]
S0 SCMNdisP;General NDIS Protocol Driver;c:\windows\system32\DRIVERS\scmndisp.sys;c:\windows\SYSNATIVE\DRIVERS\scmndisp.sys [x]
S1 Avgdiska;AVG Disk Driver;c:\windows\system32\DRIVERS\avgdiska.sys;c:\windows\SYSNATIVE\DRIVERS\avgdiska.sys [x]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x]
S1 JSWPSLWF;JumpStart Wireless Filter Driver;c:\windows\system32\DRIVERS\jswpslwfx.sys;c:\windows\SYSNATIVE\DRIVERS\jswpslwfx.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2014\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2014\avgwdsvc.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 ezSharedSvc;Easybits Services for Windows;c:\windows\System32\ezSharedSvcHost.exe;c:\windows\SYSNATIVE\ezSharedSvcHost.exe [x]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [x]
S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe;c:\program files (x86)\PDF Complete\pdfsvc.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 TuneUp.UtilitiesSvc;AVG PC TuneUp Service;c:\program files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe;c:\program files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 WSWNA1100;WSWNA1100;c:\program files (x86)\NETGEAR\WNA1100\WifiSvc.exe;c:\program files (x86)\NETGEAR\WNA1100\WifiSvc.exe [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys;c:\program files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2014-08-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-06 08:17]
.
2014-08-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-351139012-3454371372-141882758-1000Core.job
- c:\users\UliMx921\AppData\Local\Google\Update\GoogleUpdate.exe [2012-12-15 23:52]
.
2014-08-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-351139012-3454371372-141882758-1000UA.job
- c:\users\UliMx921\AppData\Local\Google\Update\GoogleUpdate.exe [2012-12-15 23:52]
.
2014-08-16 c:\windows\Tasks\HPCeeScheduleForUliMx921.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"snpstd3"="c:\windows\vsnpstd3.exe" [2006-09-19 827392]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"NCPluginUpdater"="c:\program files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" [2014-08-05 21720]
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://badoo.com/startpage/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://websearch.just-browse.info/
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\UliMx921\AppData\Roaming\Mozilla\Firefox\Profiles\wbnsoi44.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.ebay.de/
FF - user.js: network.http.max-connections-per-server - 6
FF - user.js: network.http.max-persistent-connections-per-server - 3
FF - user.js: extensions.zonealarm.hpOld0 - hxxp://badoo.com/startpage/
FF - user.js: extensions.zonealarm.tlbrSrchUrl - hxxp://search.zonealarm.com/search?src=tb&tbid=HFA5&Lan={dfltLng}&gu=678f8a6d82b6441dad3f43f926bf5560&tu=11Jiy00F01D13P0&sku=&tstsId=&ver=&&q=
FF - user.js: extensions.zonealarm.id - f4eb3add000000000000082e5f1503a7
FF - user.js: extensions.zonealarm.appId - {C56C48A0-DA4E-46F6-9859-1553DC865F84}
FF - user.js: extensions.zonealarm.instlDay - 16270
FF - user.js: extensions.zonealarm.vrsn - 1.8.29.17
FF - user.js: extensions.zonealarm.vrsni - 1.8.29.17
FF - user.js: extensions.zonealarm.vrsnTs - 1.8.29.1715:45
FF - user.js: extensions.zonealarm.prtnrId - checkpoint
FF - user.js: extensions.zonealarm.prdct - zonealarm
FF - user.js: extensions.zonealarm.aflt - 5066
FF - user.js: extensions.zonealarm.smplGrp - NewUSR
FF - user.js: extensions.zonealarm.tlbrId - HFA5
FF - user.js: extensions.zonealarm.instlRef - ZLN124009389446812-5066
FF - user.js: extensions.zonealarm.dfltLng - DE
FF - user.js: extensions.zonealarm.excTlbr - false
FF - user.js: extensions.zonealarm.ffxUnstlRst - false
FF - user.js: extensions.zonealarm.admin - false
FF - user.js: extensions.zonealarm.autoRvrt - false
FF - user.js: extensions.zonealarm.rvrt - false
FF - user.js: extensions.zonealarm.hmpg - true
FF - user.js: extensions.zonealarm.hmpgUrl - hxxp://search.zonealarm.com/?src=hp&tbid=HFA5&Lan=DE&gu=678f8a6d82b6441dad3f43f926bf5560&tu=11Jiy00F01D13P0&sku=&tstsId=&ver=&
FF - user.js: extensions.zonealarm.dfltSrch - true
FF - user.js: extensions.zonealarm.srchPrvdr - Search By ZoneAlarm
FF - user.js: extensions.zonealarm.kw_url - hxxp://search.zonealarm.com/search?src=sp&tbid=HFA5&Lan=DE&gu=678f8a6d82b6441dad3f43f926bf5560&tu=11Jiy00F01D13P0&sku=&tstsId=&ver=&&q=
FF - user.js: extensions.zonealarm.dnsErr - true
FF - user.js: extensions.zonealarm.newTab - true
FF - user.js: extensions.zonealarm.newTabUrl - hxxp://search.zonealarm.com/?src=nt&tbid=HFA5&Lan=DE&gu=678f8a6d82b6441dad3f43f926bf5560&tu=11Jiy00F01D13P0&sku=&tstsId=&ver=&
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
AddRemove-SearchProtect - c:\progra~2\SearchProtect\Main\bin\uninstall.exe
AddRemove-{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE} - c:\program files (x86)\InstallShield Installation Information\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.14"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2014-08-20  18:12:21
ComboFix-quarantined-files.txt  2014-08-20 16:12
.
Vor Suchlauf: 10 Verzeichnis(se), 894.686.142.464 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 894.540.824.576 Bytes frei
.
- - End Of File - - B2D5293AF836A97D1871EDD6AB1C2126

schrauber · 21.08.2014, 17:02

Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

und ein frisches FRST log bitte.

Music.Junky · 22.08.2014, 16:06

Hallo schrauber,

hab alles wie gewünscht ausgeführt. Da kamen wirklich einige Dateien zusammen, die gelöscht wurden..

mbam.txt:

Code:

ATTFilter

 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 21.08.2014
Suchlauf-Zeit: 19:15:30
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.2.1012
Malware Datenbank: v2014.08.21.06
Rootkit Datenbank: v2014.08.16.01
Lizenz: Testversion
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Self-protection: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: UliMx921

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 309525
Verstrichene Zeit: 7 Min, 32 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristics: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 8
PUP.Optional.SearchProtect.A, HKU\S-1-5-21-351139012-3454371372-141882758-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}, In Quarantäne, [25157c4d017acc6a159fbbb4c33f25db], 
PUP.Optional.FastSearchings, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}, In Quarantäne, [73c71faa7ffcc4727a92dd6f2adad32d], 
PUP.Optional.SearchProtect.A, HKLM\SOFTWARE\WOW6432NODE\SEARCHPROTECT, In Quarantäne, [eb4f29a0e596bb7b7b1a807041c15da3], 
PUP.Optional.SweetIM.A, HKLM\SOFTWARE\WOW6432NODE\SWEETIM, In Quarantäne, [b288488199e2a78f8a9889a225dfae52], 
PUP.Optional.ConduitSearchProtect, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\CltMngSvc, In Quarantäne, [0139e6e37b007fb7f34d44e31fe51ee2], 
PUP.Optional.1ClickDownload.A, HKU\S-1-5-21-351139012-3454371372-141882758-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\1ClickDownload, In Quarantäne, [0436d1f87dfeb77fff8d70bbba4a6f91], 
PUP.Optional.WebSearchInfo, HKU\S-1-5-21-351139012-3454371372-141882758-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}, In Quarantäne, [4bef2a9f7a0179bd3634b38555afb34d], 
PUP.Optional.SweetIM.A, HKU\S-1-5-21-351139012-3454371372-141882758-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SWEETIM, In Quarantäne, [5dddd5f4c1ba41f566bb7cafa064b64a], 

Registrierungswerte: 3
PUP.Optional.SearchProtect.A, HKLM\SOFTWARE\WOW6432NODE\SEARCHPROTECT|InstallDir, C:\PROGRA~2\SearchProtect, In Quarantäne, [eb4f29a0e596bb7b7b1a807041c15da3]
PUP.Optional.SweetIM.A, HKLM\SOFTWARE\WOW6432NODE\SWEETIM|simapp_id, 11111111, In Quarantäne, [b288488199e2a78f8a9889a225dfae52]
PUP.Optional.SweetIM.A, HKU\S-1-5-21-351139012-3454371372-141882758-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SWEETIM|simapp_id, 11111111, In Quarantäne, [5dddd5f4c1ba41f566bb7cafa064b64a]

Registrierungsdaten: 0
(No malicious items detected)

Ordner: 13
PUP.Optional.OpenCandy, C:\Users\UliMx921\AppData\Roaming\OpenCandy, In Quarantäne, [e159eadf077454e24e00ceee986ad32d], 
PUP.Optional.OpenCandy, C:\Users\UliMx921\AppData\Roaming\OpenCandy\5C837033B4E14D378F95E6F0785EF55D, In Quarantäne, [e159eadf077454e24e00ceee986ad32d], 
PUP.Optional.OpenCandy, C:\Users\UliMx921\AppData\Roaming\OpenCandy\B5EF948F675F4B90B097E914F6035DEA, In Quarantäne, [e159eadf077454e24e00ceee986ad32d], 
PUP.Optional.OpenCandy, C:\Users\UliMx921\AppData\Roaming\OpenCandy\CD6CD61CE82A4FCEA9BA2A3E82BC4EDD, In Quarantäne, [e159eadf077454e24e00ceee986ad32d], 
PUP.Optional.Vaudix.A, C:\Users\UliMx921\AppData\LocalLow\Vaudix, In Quarantäne, [50ea4f7af289ae88ad6730a0db27d22e], 
PUP.Optional.SearchProtect.A, C:\Users\UliMx921\AppData\Local\SearchProtect, In Quarantäne, [e3573c8d5f1c89adfe19e7eb4db5827e], 
PUP.Optional.SearchProtect.A, C:\Users\UliMx921\AppData\Local\SearchProtect\Logs, In Quarantäne, [e3573c8d5f1c89adfe19e7eb4db5827e], 
PUP.Optional.SearchProtect.A, C:\Users\UliMx921\AppData\Local\SearchProtect\SearchProtect, In Quarantäne, [e3573c8d5f1c89adfe19e7eb4db5827e], 
PUP.Optional.SearchProtect.A, C:\Users\UliMx921\AppData\Local\SearchProtect\SearchProtect\Logs, In Quarantäne, [e3573c8d5f1c89adfe19e7eb4db5827e], 
PUP.Optional.SearchProtect.A, C:\Users\UliMx921\AppData\Local\SearchProtect\SearchProtect\rep, In Quarantäne, [e3573c8d5f1c89adfe19e7eb4db5827e], 
PUP.Optional.SearchProtect.A, C:\Users\UliMx921\AppData\Local\SearchProtect\SearchProtect\STG, In Quarantäne, [e3573c8d5f1c89adfe19e7eb4db5827e], 
PUP.Optional.SearchProtect.A, C:\Users\UliMx921\AppData\Local\SearchProtect\UI, In Quarantäne, [e3573c8d5f1c89adfe19e7eb4db5827e], 
PUP.Optional.SearchProtect.A, C:\Users\UliMx921\AppData\Local\SearchProtect\UI\rep, In Quarantäne, [e3573c8d5f1c89adfe19e7eb4db5827e], 

Dateien: 8
PUP.Optional.OpenCandy, C:\Users\UliMx921\AppData\Roaming\OpenCandy\5C837033B4E14D378F95E6F0785EF55D\zafwSetupWeb_131_211_000.exe, In Quarantäne, [e159eadf077454e24e00ceee986ad32d], 
PUP.Optional.OpenCandy, C:\Users\UliMx921\AppData\Roaming\OpenCandy\B5EF948F675F4B90B097E914F6035DEA\TuneUpUtilities2013-2200217_de-DE.exe, In Quarantäne, [e159eadf077454e24e00ceee986ad32d], 
PUP.Optional.OpenCandy, C:\Users\UliMx921\AppData\Roaming\OpenCandy\CD6CD61CE82A4FCEA9BA2A3E82BC4EDD\speedupmypcROE.exe, In Quarantäne, [e159eadf077454e24e00ceee986ad32d], 
PUP.Optional.Vaudix.A, C:\Users\UliMx921\AppData\LocalLow\Vaudix\Vaudix.dat, In Quarantäne, [50ea4f7af289ae88ad6730a0db27d22e], 
PUP.Optional.SearchProtect.A, C:\Users\UliMx921\AppData\Local\SearchProtect\SearchProtect\rep\Cvc.dat, In Quarantäne, [e3573c8d5f1c89adfe19e7eb4db5827e], 
PUP.Optional.SearchProtect.A, C:\Users\UliMx921\AppData\Local\SearchProtect\SearchProtect\rep\UserRepository.dat, In Quarantäne, [e3573c8d5f1c89adfe19e7eb4db5827e], 
PUP.Optional.SearchProtect.A, C:\Users\UliMx921\AppData\Local\SearchProtect\SearchProtect\rep\UserSettings.dat, In Quarantäne, [e3573c8d5f1c89adfe19e7eb4db5827e], 
PUP.Optional.SearchProtect.A, C:\Users\UliMx921\AppData\Local\SearchProtect\UI\rep\UIRepository.dat, In Quarantäne, [e3573c8d5f1c89adfe19e7eb4db5827e], 

Physische Sektoren: 0
(No malicious items detected)


(end)

ADW-Cleaner:

Code:

ATTFilter

# AdwCleaner v3.308 - Bericht erstellt am 21/08/2014 um 19:40:22
# Aktualisiert 20/08/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : UliMx921 - ULIMX921-HP
# Gestartet von : C:\Users\UliMx921\Desktop\adwcleaner_3.308.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\SearchProtect
Ordner Gelöscht : C:\ProgramData\Tarma Installer
Ordner Gelöscht : C:\Program Files (x86)\Conduit
Ordner Gelöscht : C:\Program Files (x86)\Vaudix
Ordner Gelöscht : C:\Program Files (x86)\DVDvideoSoft_2.0
Ordner Gelöscht : C:\Windows\SysWOW64\SearchProtect
Ordner Gelöscht : C:\Users\UliMx921\AppData\Local\Conduit
Ordner Gelöscht : C:\Users\UliMx921\AppData\Local\PutLockerDownloader
Ordner Gelöscht : C:\Users\UliMx921\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\UliMx921\AppData\LocalLow\DVDvideoSoft_2.0
Datei Gelöscht : C:\END
Datei Gelöscht : C:\Users\Public\Desktop\eBay.lnk
Datei Gelöscht : C:\Users\UliMx921\AppData\Roaming\Mozilla\Firefox\Profiles\wbnsoi44.default\searchplugins\zonealarm.xml
Datei Gelöscht : C:\Users\UliMx921\AppData\Roaming\Mozilla\Firefox\Profiles\wbnsoi44.default\user.js

***** [ Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\blaofbhgbmeikidhlkmjhbkbfohpgekf
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Movie2KDownloader
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ScriptHost.Tool
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ScriptHost.Tool.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\speedupmypc
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\LatestDLMgr_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\LatestDLMgr_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT3279453
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{06DEB529-DE09-43EC-B6E2-451AAB0FF000}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{19D2F415-D58B-46BC-9390-C03DCBC21EB2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6E45F3E8-2683-4824-A6BE-08108022FB36}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{744E0E81-BC79-4719-A58B-C98F7E78EE5D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{987D9269-F8A1-408F-BF62-4397D2F5363E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{9F0F16DD-4E76-4049-A9B1-7A91E48F0323}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E0722BEB-FDA1-4AA1-A2A8-15A74A5B3F70}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F4288797-CB12-49CE-9DF8-7CDFA1143BEA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{04A8DD1A-4754-48FE-A703-99846646EF04}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{17667902-A1A2-4DC4-8C42-CB1B60BF2202}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{744E0E81-BC79-4719-A58B-C98F7E78EE5D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{06DEB529-DE09-43EC-B6E2-451AAB0FF000}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{212C2C4F-C845-4FBC-9561-C833A13D8DCE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{3C5D1D57-16C8-473C-A552-37B8D88596FE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4A115D8A-6A7B-4C72-92B1-2E2D01F36979}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{99DF8440-814E-497F-BDDD-FB93E9E9DF96}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{E00DE9B9-B128-4C39-B732-B5D85013FA48}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{04A8DD1A-4754-48FE-A703-99846646EF04}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{04A8DD1A-4754-48FE-A703-99846646EF04}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{17667902-A1A2-4DC4-8C42-CB1B60BF2202}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{83CAD530-387D-40FD-82EA-B9E863D92A9B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BD4F85E5-E226-47F5-AF76-6A1DEA5AAB8E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C01F9B66-75B5-4F0D-A49A-932D2FEC6858}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{8A244612-A1F7-11E0-95C0-E71F4824019B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{04A8DD1A-4754-48FE-A703-99846646EF04}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{04A8DD1A-4754-48FE-A703-99846646EF04}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{04A8DD1A-4754-48FE-A703-99846646EF04}]
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{744E0E81-BC79-4719-A58B-C98F7E78EE5D}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Toolbar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\DVDvideoSoft_2.0
Schlüssel Gelöscht : HKLM\SOFTWARE\AVG SafeGuard toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Conduit
Schlüssel Gelöscht : HKLM\SOFTWARE\SP Global
Schlüssel Gelöscht : HKLM\SOFTWARE\SProtector
Schlüssel Gelöscht : HKLM\SOFTWARE\Uniblue
Schlüssel Gelöscht : HKLM\SOFTWARE\DVDvideoSoft_2.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DVDvideoSoft_2.0 Toolbar
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4

***** [ Browser ] *****

-\\ Internet Explorer v0.0.0.0

Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]

-\\ Mozilla Firefox v31.0 (x86 de)

[ Datei : C:\Users\UliMx921\AppData\Roaming\Mozilla\Firefox\Profiles\wbnsoi44.default\prefs.js ]


-\\ Google Chrome v

[ Datei : C:\Users\UliMx921\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Gelöscht [Extension] : blaofbhgbmeikidhlkmjhbkbfohpgekf
Gelöscht [Extension] : booedmolknjekdopkepjjeckmjkdpfgl
Gelöscht [Extension] : flpcjncodpafbgdpnkljologafpionhb
Gelöscht [Extension] : niapdbllcanepiiimjjndipklodoedlc

*************************

AdwCleaner[R0].txt - [10098 octets] - [21/08/2014 19:39:16]
AdwCleaner[S0].txt - [9426 octets] - [21/08/2014 19:40:22]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [9486 octets] ##########

JRT.txt:

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by UliMx921 on 21.08.2014 at 19:45:58,17
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{ED6242A3-5D15-4557-BD56-B1C486765F61}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{ED6242A3-5D15-4557-BD56-B1C486765F61}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\cloud software ltd"
Successfully deleted: [Folder] "C:\Program Files (x86)\justbrowse"
Successfully deleted: [Empty Folder] C:\Users\UliMx921\appdata\local\{FD70A85E-50E0-4D51-A710-F439535471A2}



~~~ FireFox

Emptied folder: C:\Users\UliMx921\AppData\Roaming\mozilla\firefox\profiles\wbnsoi44.default\minidumps [6 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 21.08.2014 at 19:53:27,66
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Und das neue FRST.txt:

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-08-2014 01
Ran by UliMx921 (administrator) on ULIMX921-HP on 21-08-2014 19:54:05
Running from C:\Users\UliMx921\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(EasyBits Software AS) C:\Windows\SysWOW64\ezSharedSvcHost.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(AVG) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
() C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(AVG) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesApp64.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
() C:\Windows\vsnpstd3.exe
(Badoo) C:\ProgramData\Badoo\Badoo Desktop\1.6.58.1220\Badoo.Desktop.exe
(Spotify Ltd) C:\Users\UliMx921\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee Security Scan\3.0.285\SSScheduler.exe
() C:\Program Files (x86)\NETGEAR\WNA1100\WNA1100.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM\...\Run: [snpstd3] => C:\Windows\vsnpstd3.exe [827392 2006-09-19] ()
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-06-01] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [658424 2011-05-06] (PDF Complete Inc)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5187088 2014-08-11] (AVG Technologies CZ, s.r.o.)
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-08-05] (Hewlett-Packard)
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKU\.DEFAULT\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect"
HKU\S-1-5-21-351139012-3454371372-141882758-1000\...\Run: [Badoo Desktop] => C:\ProgramData\Badoo\Badoo Desktop\1.6.58.1220\Badoo.Desktop.exe [1067232 2012-12-24] (Badoo)
HKU\S-1-5-21-351139012-3454371372-141882758-1000\...\Run: [Spotify Web Helper] => C:\Users\UliMx921\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1104280 2013-03-29] (Spotify Ltd)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files (x86)\McAfee Security Scan\3.0.285\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WNA1100 Setup-Assistent.lnk
ShortcutTarget: NETGEAR WNA1100 Setup-Assistent.lnk -> C:\Program Files (x86)\NETGEAR\WNA1100\WNA1100.exe ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://badoo.com/startpage/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPDSK/4
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-111076-19270-2/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKLM - {ED6242A3-5D15-4557-BD56-B1C486765F61} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-111076-19270-2/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-111076-19270-2/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\UliMx921\AppData\Roaming\Mozilla\Firefox\Profiles\wbnsoi44.default
FF Homepage: hxxp://www.ebay.de/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_179.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_179.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\UliMx921\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\UliMx921\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Users\UliMx921\AppData\Roaming\Mozilla\Firefox\Profiles\wbnsoi44.default\searchplugins\badoo.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: DownloadHelper - C:\Users\UliMx921\AppData\Roaming\Mozilla\Firefox\Profiles\wbnsoi44.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-08-15]

Chrome: 
=======
CHR HomePage: hxxp://google.de/
CHR StartupUrls: "hxxp://google.de/"
CHR Plugin: (Shockwave Flash) - C:\Users\UliMx921\AppData\Local\Google\Chrome\Application\36.0.1985.143\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\UliMx921\AppData\Local\Google\Chrome\Application\36.0.1985.143\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\UliMx921\AppData\Local\Google\Chrome\Application\36.0.1985.143\pdf.dll ()
CHR Plugin: (Norton Confidential) - C:\Users\UliMx921\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\6.0.2_0\npcoplgn.dll No File
CHR Plugin: (Windows Live? Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Users\UliMx921\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll No File
CHR Extension: (Google Drive) - C:\Users\UliMx921\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2012-12-16]
CHR Extension: (YouTube) - C:\Users\UliMx921\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-12-16]
CHR Extension: (Google-Suche) - C:\Users\UliMx921\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-12-16]
CHR Extension: (Google Wallet) - C:\Users\UliMx921\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-08]
CHR Extension: (Google Mail) - C:\Users\UliMx921\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-12-16]
CHR HKCU\...\Chrome\Extension: [oolkekjjhnaeaahibbnfebmogackofpf] - C:\Users\UliMx921\AppData\Local\CRE\oolkekjjhnaeaahibbnfebmogackofpf.crx [2013-03-27]
CHR HKLM-x32\...\Chrome\Extension: [oolkekjjhnaeaahibbnfebmogackofpf] - C:\Users\UliMx921\AppData\Local\CRE\oolkekjjhnaeaahibbnfebmogackofpf.crx [2013-03-27]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3244048 2014-08-11] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [289328 2014-08-11] (AVG Technologies CZ, s.r.o.)
R2 ezSharedSvc; C:\Windows\SysWOW64\ezSharedSvcHost.exe [514232 2010-04-23] (EasyBits Software AS) [File not signed]
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.0.285\McCHSvc.exe [234776 2012-09-05] (McAfee, Inc.)
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1128952 2011-05-06] (PDF Complete Inc)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [2185528 2014-04-15] (AVG)
R2 WSWNA1100; C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvc.exe [266240 2010-08-04] () [File not signed]
S2 ZAPrivacyService; "C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [152344 2014-06-30] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [242968 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [190744 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [235800 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [328984 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123672 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [269080 2014-06-17] (AVG Technologies CZ, s.r.o.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-08-21] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
S3 Netaapl; C:\Windows\System32\DRIVERS\netaapl64.sys [22528 2012-03-26] (Apple Inc.) [File not signed]
S3 SNPSTD3; C:\Windows\System32\DRIVERS\snpstd3.sys [10550272 2007-03-27] (Sonix Co. Ltd.)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [14112 2014-03-26] (TuneUp Software)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [53760 2012-09-28] (Apple, Inc.) [File not signed]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-21 19:53 - 2014-08-21 19:53 - 00001436 _____ () C:\Users\UliMx921\Desktop\JRT.txt
2014-08-21 19:45 - 2014-08-21 19:45 - 00009594 _____ () C:\Users\UliMx921\Desktop\AdwCleaner[S0].txt
2014-08-21 19:45 - 2014-08-21 19:45 - 00000000 ____D () C:\Windows\ERUNT
2014-08-21 19:39 - 2014-08-21 19:40 - 00000000 ____D () C:\AdwCleaner
2014-08-21 19:39 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-08-21 19:35 - 2014-08-21 19:35 - 01016261 _____ (Thisisu) C:\Users\UliMx921\Desktop\JRT.exe
2014-08-21 19:32 - 2014-08-21 19:32 - 01364531 _____ () C:\Users\UliMx921\Desktop\adwcleaner_3.308.exe
2014-08-21 19:32 - 2014-08-21 19:32 - 00006153 _____ () C:\Users\UliMx921\Desktop\mbam.txt
2014-08-21 19:30 - 2014-08-21 19:30 - 00029224 _____ () C:\Users\UliMx921\Desktop\combofix.txt
2014-08-21 19:14 - 2014-08-21 19:44 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-21 19:13 - 2014-08-21 19:13 - 00001104 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-08-21 19:13 - 2014-08-21 19:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-08-21 19:13 - 2014-08-21 19:13 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-21 19:13 - 2014-08-21 19:13 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-08-21 19:13 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-08-21 19:13 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-08-21 19:13 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-08-21 19:10 - 2014-08-21 19:10 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\UliMx921\Downloads\mbam-setup-2.0.2.1012.exe
2014-08-21 10:08 - 2014-05-14 18:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-08-21 10:08 - 2014-05-14 18:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-08-21 10:08 - 2014-05-14 18:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-08-21 10:08 - 2014-05-14 18:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-08-21 10:08 - 2014-05-14 18:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-08-21 10:08 - 2014-05-14 18:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-08-21 10:08 - 2014-05-14 18:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-08-21 10:08 - 2014-05-14 18:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-08-21 10:08 - 2014-05-14 18:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-08-21 10:08 - 2014-05-14 18:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-08-21 10:08 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-08-21 10:08 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-08-21 10:08 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-08-21 10:08 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-08-20 22:44 - 2014-08-20 22:47 - 00000000 ____D () C:\Users\UliMx921\Downloads\1 - Stall
2014-08-20 18:12 - 2014-08-20 18:12 - 00029215 _____ () C:\ComboFix.txt
2014-08-20 18:04 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-08-20 18:04 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-08-20 18:04 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-08-20 18:04 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-08-20 18:04 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-08-20 18:04 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-08-20 18:04 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-08-20 18:04 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-08-20 18:03 - 2014-08-20 18:12 - 00000000 ____D () C:\Qoobox
2014-08-20 18:03 - 2014-08-20 18:11 - 00000000 ____D () C:\Windows\erdnt
2014-08-20 17:57 - 2014-08-20 17:57 - 05572251 ____R (Swearware) C:\Users\UliMx921\Desktop\ComboFix.exe
2014-08-20 13:27 - 2014-08-20 13:27 - 00000902 _____ () C:\Windows\SysWOW64\InstallUtil.InstallLog
2014-08-20 12:16 - 2014-08-20 13:07 - 00008747 _____ () C:\Users\UliMx921\Desktop\avgrep.txt
2014-08-20 12:13 - 2014-08-20 12:13 - 00000000 ____D () C:\Windows\Minidump
2014-08-20 12:07 - 2014-08-20 12:07 - 00000631 _____ () C:\Users\UliMx921\Desktop\Gmer.txt
2014-08-20 11:17 - 2014-08-20 11:17 - 00380416 _____ () C:\Users\UliMx921\Desktop\Gmer-19357.exe
2014-08-20 11:16 - 2014-08-20 11:19 - 00037264 _____ () C:\Users\UliMx921\Desktop\Addition.txt
2014-08-20 11:15 - 2014-08-21 19:54 - 00016447 _____ () C:\Users\UliMx921\Desktop\FRST.txt
2014-08-20 11:15 - 2014-08-21 19:54 - 00000000 ____D () C:\FRST
2014-08-20 11:14 - 2014-08-20 11:14 - 02101760 _____ (Farbar) C:\Users\UliMx921\Desktop\FRST64.exe
2014-08-20 11:13 - 2014-08-20 11:13 - 00000478 _____ () C:\Users\UliMx921\Desktop\defogger_disable.log
2014-08-20 11:13 - 2014-08-20 11:13 - 00000000 _____ () C:\Users\UliMx921\defogger_reenable
2014-08-20 11:09 - 2014-08-20 11:09 - 00017960 _____ () C:\Users\UliMx921\Documents\Mappe1 (Automatisch gespeichert).xlsx
2014-08-20 11:06 - 2014-08-20 11:06 - 00050477 _____ () C:\Users\UliMx921\Desktop\Defogger.exe
2014-08-20 10:16 - 2014-08-20 10:16 - 18594480 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-08-20 09:51 - 2014-08-21 19:16 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-20 09:51 - 2014-08-20 10:17 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-08-20 09:51 - 2014-08-20 09:51 - 00002168 _____ () C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2014-08-20 09:51 - 2014-08-20 09:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2014-08-20 09:51 - 2014-08-20 09:51 - 00000000 ____D () C:\ProgramData\McAfee Security Scan
2014-08-20 09:51 - 2014-08-20 09:51 - 00000000 ____D () C:\ProgramData\McAfee
2014-08-20 09:51 - 2014-08-20 09:51 - 00000000 ____D () C:\Program Files (x86)\McAfee Security Scan
2014-08-20 09:36 - 2014-08-20 09:36 - 00000000 ____D () C:\Users\UliMx921\Downloads\padre
2014-08-19 21:19 - 2014-08-19 21:22 - 00000000 ____D () C:\Users\UliMx921\Downloads\ShinoKCR
2014-08-19 21:16 - 2014-08-19 21:16 - 00000000 ____D () C:\Users\UliMx921\Downloads\marilu
2014-08-19 21:02 - 2014-08-20 10:25 - 00000000 ____D () C:\Users\UliMx921\Downloads\~Monica~
2014-08-19 20:49 - 2014-08-19 20:50 - 00000000 ____D () C:\Users\UliMx921\Downloads\mirake
2014-08-19 20:32 - 2014-08-20 10:24 - 00000000 ____D () C:\Users\UliMx921\Downloads\steffor
2014-08-19 18:38 - 2014-08-19 19:45 - 00000000 ____D () C:\Users\UliMx921\Downloads\thesimsresource.com
2014-08-19 14:22 - 2014-08-19 14:22 - 00000000 ____D () C:\Users\UliMx921\Downloads\thevintagesim.blogspot.de
2014-08-19 14:04 - 2014-08-19 14:23 - 00000000 ____D () C:\Users\UliMx921\Downloads\beosboxboy.blogspot.de
2014-08-19 13:44 - 2014-08-19 13:45 - 00000000 ____D () C:\Users\UliMx921\Downloads\kunoichikatie.dreamwidth.org..21689.html
2014-08-18 11:21 - 2014-08-18 11:21 - 00000000 ____D () C:\Users\UliMx921\Downloads\www.simplystyling.de
2014-08-16 14:32 - 2014-08-16 14:33 - 00000000 ____D () C:\Users\UliMx921\Downloads\All4sims.de
2014-08-16 14:30 - 2014-08-16 14:30 - 01909992 _____ () C:\Users\UliMx921\Downloads\Buggybooz_KIA.rar
2014-08-15 03:03 - 2014-07-01 00:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-15 03:03 - 2014-07-01 00:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-08-15 03:03 - 2014-06-06 08:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-15 03:03 - 2014-06-06 08:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-15 03:03 - 2014-03-09 23:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-15 03:03 - 2014-03-09 23:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-15 03:03 - 2014-03-09 23:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-08-15 03:03 - 2014-03-09 23:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-08-14 19:35 - 2014-07-24 21:28 - 17861120 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-14 19:35 - 2014-07-24 21:12 - 02339328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-14 19:35 - 2014-07-24 21:10 - 10920960 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-14 19:35 - 2014-07-24 21:07 - 01384960 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-14 19:35 - 2014-07-24 21:06 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-14 19:35 - 2014-07-24 21:05 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-14 19:35 - 2014-07-24 21:05 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-08-14 19:35 - 2014-07-24 21:05 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-14 19:35 - 2014-07-24 21:04 - 02155520 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-14 19:35 - 2014-07-24 21:04 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-08-14 19:35 - 2014-07-24 21:04 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-14 19:35 - 2014-07-24 21:04 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-14 19:35 - 2014-07-24 21:04 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-14 19:35 - 2014-07-24 21:04 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-14 19:35 - 2014-07-24 21:03 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-14 19:35 - 2014-07-24 21:03 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-14 19:35 - 2014-07-24 21:03 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-14 19:35 - 2014-07-24 21:03 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-08-14 19:35 - 2014-07-24 21:03 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-08-14 19:35 - 2014-07-24 21:03 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-08-14 19:35 - 2014-07-24 21:02 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-14 19:35 - 2014-07-24 20:07 - 12356608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-14 19:35 - 2014-07-24 19:58 - 01810432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-14 19:35 - 2014-07-24 19:57 - 09739264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-14 19:35 - 2014-07-24 19:52 - 01137664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-14 19:35 - 2014-07-24 19:51 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-14 19:35 - 2014-07-24 19:51 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-14 19:35 - 2014-07-24 19:50 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-08-14 19:35 - 2014-07-24 19:50 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-14 19:35 - 2014-07-24 19:49 - 01802240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-14 19:35 - 2014-07-24 19:49 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-08-14 19:35 - 2014-07-24 19:49 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-14 19:35 - 2014-07-24 19:49 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-14 19:35 - 2014-07-24 19:49 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-14 19:35 - 2014-07-24 19:48 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-14 19:35 - 2014-07-24 19:48 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-14 19:35 - 2014-07-24 19:48 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-14 19:35 - 2014-07-24 19:48 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-14 19:35 - 2014-07-24 19:48 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-08-14 19:35 - 2014-07-24 19:48 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-08-14 19:35 - 2014-07-24 19:48 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-08-14 19:35 - 2014-07-24 19:47 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-14 19:35 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-08-14 19:35 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-08-14 19:35 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-08-14 19:35 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-08-14 19:35 - 2014-07-09 04:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-08-14 19:35 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2014-08-14 19:35 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2014-08-14 19:35 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2014-08-14 19:35 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2014-08-14 19:35 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2014-08-14 19:35 - 2014-07-09 00:38 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-08-14 19:35 - 2014-07-09 00:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
2014-08-14 19:34 - 2014-08-07 04:06 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-14 19:34 - 2014-08-07 04:01 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-14 19:34 - 2014-07-16 05:25 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-14 19:34 - 2014-07-16 05:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-14 19:34 - 2014-07-16 04:46 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-14 19:34 - 2014-07-16 04:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-08-14 19:34 - 2014-07-16 04:12 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-14 19:34 - 2014-07-14 04:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-14 19:34 - 2014-07-14 03:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-08-14 19:34 - 2014-06-25 04:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-08-14 19:34 - 2014-06-25 03:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-08-14 19:34 - 2014-06-16 04:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-14 19:34 - 2014-06-03 12:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-14 19:34 - 2014-06-03 12:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-14 19:34 - 2014-06-03 12:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-14 19:34 - 2014-06-03 12:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-14 19:34 - 2014-06-03 11:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-14 19:34 - 2014-06-03 11:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-14 19:34 - 2014-06-03 11:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-07-25 17:58 - 2014-07-25 17:58 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-21 19:54 - 2014-08-20 11:15 - 00016447 _____ () C:\Users\UliMx921\Desktop\FRST.txt
2014-08-21 19:54 - 2014-08-20 11:15 - 00000000 ____D () C:\FRST
2014-08-21 19:53 - 2014-08-21 19:53 - 00001436 _____ () C:\Users\UliMx921\Desktop\JRT.txt
2014-08-21 19:50 - 2009-07-14 06:45 - 00024400 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-21 19:50 - 2009-07-14 06:45 - 00024400 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-21 19:45 - 2014-08-21 19:45 - 00009594 _____ () C:\Users\UliMx921\Desktop\AdwCleaner[S0].txt
2014-08-21 19:45 - 2014-08-21 19:45 - 00000000 ____D () C:\Windows\ERUNT
2014-08-21 19:44 - 2014-08-21 19:14 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-21 19:44 - 2012-02-16 11:09 - 00000000 ____D () C:\ProgramData\PDFC
2014-08-21 19:43 - 2013-04-11 03:19 - 00303584 _____ () C:\Windows\PFRO.log
2014-08-21 19:43 - 2013-04-08 22:09 - 00020294 _____ () C:\Windows\setupact.log
2014-08-21 19:43 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-21 19:42 - 2012-12-16 00:54 - 01334396 _____ () C:\Windows\WindowsUpdate.log
2014-08-21 19:40 - 2014-08-21 19:39 - 00000000 ____D () C:\AdwCleaner
2014-08-21 19:35 - 2014-08-21 19:35 - 01016261 _____ (Thisisu) C:\Users\UliMx921\Desktop\JRT.exe
2014-08-21 19:32 - 2014-08-21 19:32 - 01364531 _____ () C:\Users\UliMx921\Desktop\adwcleaner_3.308.exe
2014-08-21 19:32 - 2014-08-21 19:32 - 00006153 _____ () C:\Users\UliMx921\Desktop\mbam.txt
2014-08-21 19:30 - 2014-08-21 19:30 - 00029224 _____ () C:\Users\UliMx921\Desktop\combofix.txt
2014-08-21 19:26 - 2013-04-11 03:19 - 00275856 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-21 19:24 - 2012-12-16 01:52 - 00001132 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-351139012-3454371372-141882758-1000UA.job
2014-08-21 19:16 - 2014-08-20 09:51 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-21 19:13 - 2014-08-21 19:13 - 00001104 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-08-21 19:13 - 2014-08-21 19:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-08-21 19:13 - 2014-08-21 19:13 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-21 19:13 - 2014-08-21 19:13 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-08-21 19:12 - 2013-03-07 21:19 - 00000000 ____D () C:\ProgramData\MFAData
2014-08-21 19:10 - 2014-08-21 19:10 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\UliMx921\Downloads\mbam-setup-2.0.2.1012.exe
2014-08-21 19:09 - 2012-12-16 01:01 - 00003954 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{B4831B8C-91D3-432E-AFEF-559F989D3C7C}
2014-08-21 10:02 - 2012-12-16 01:52 - 00001080 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-351139012-3454371372-141882758-1000Core.job
2014-08-20 22:47 - 2014-08-20 22:44 - 00000000 ____D () C:\Users\UliMx921\Downloads\1 - Stall
2014-08-20 22:37 - 2014-02-08 13:21 - 00003204 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForUliMx921
2014-08-20 22:37 - 2014-02-08 13:21 - 00000344 _____ () C:\Windows\Tasks\HPCeeScheduleForUliMx921.job
2014-08-20 18:17 - 2014-03-07 21:33 - 00000000 ____D () C:\Users\UliMx921\AppData\Roaming\SoftGrid Client
2014-08-20 18:12 - 2014-08-20 18:12 - 00029215 _____ () C:\ComboFix.txt
2014-08-20 18:12 - 2014-08-20 18:03 - 00000000 ____D () C:\Qoobox
2014-08-20 18:12 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2014-08-20 18:11 - 2014-08-20 18:03 - 00000000 ____D () C:\Windows\erdnt
2014-08-20 18:10 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-08-20 18:02 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-08-20 17:57 - 2014-08-20 17:57 - 05572251 ____R (Swearware) C:\Users\UliMx921\Desktop\ComboFix.exe
2014-08-20 15:54 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-08-20 13:27 - 2014-08-20 13:27 - 00000902 _____ () C:\Windows\SysWOW64\InstallUtil.InstallLog
2014-08-20 13:07 - 2014-08-20 12:16 - 00008747 _____ () C:\Users\UliMx921\Desktop\avgrep.txt
2014-08-20 12:13 - 2014-08-20 12:13 - 00000000 ____D () C:\Windows\Minidump
2014-08-20 12:13 - 2012-12-16 09:48 - 00287327 ____N () C:\Windows\Minidump\082014-26254-01.dmp
2014-08-20 12:07 - 2014-08-20 12:07 - 00000631 _____ () C:\Users\UliMx921\Desktop\Gmer.txt
2014-08-20 11:19 - 2014-08-20 11:16 - 00037264 _____ () C:\Users\UliMx921\Desktop\Addition.txt
2014-08-20 11:17 - 2014-08-20 11:17 - 00380416 _____ () C:\Users\UliMx921\Desktop\Gmer-19357.exe
2014-08-20 11:14 - 2014-08-20 11:14 - 02101760 _____ (Farbar) C:\Users\UliMx921\Desktop\FRST64.exe
2014-08-20 11:13 - 2014-08-20 11:13 - 00000478 _____ () C:\Users\UliMx921\Desktop\defogger_disable.log
2014-08-20 11:13 - 2014-08-20 11:13 - 00000000 _____ () C:\Users\UliMx921\defogger_reenable
2014-08-20 11:13 - 2012-12-16 00:55 - 00000000 ____D () C:\Users\UliMx921
2014-08-20 11:09 - 2014-08-20 11:09 - 00017960 _____ () C:\Users\UliMx921\Documents\Mappe1 (Automatisch gespeichert).xlsx
2014-08-20 11:06 - 2014-08-20 11:06 - 00050477 _____ () C:\Users\UliMx921\Desktop\Defogger.exe
2014-08-20 10:25 - 2014-08-19 21:02 - 00000000 ____D () C:\Users\UliMx921\Downloads\~Monica~
2014-08-20 10:24 - 2014-08-19 20:32 - 00000000 ____D () C:\Users\UliMx921\Downloads\steffor
2014-08-20 10:17 - 2014-08-20 09:51 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-08-20 10:17 - 2014-05-06 13:06 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-08-20 10:17 - 2012-02-16 11:05 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-08-20 10:16 - 2014-08-20 10:16 - 18594480 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-08-20 09:51 - 2014-08-20 09:51 - 00002168 _____ () C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2014-08-20 09:51 - 2014-08-20 09:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2014-08-20 09:51 - 2014-08-20 09:51 - 00000000 ____D () C:\ProgramData\McAfee Security Scan
2014-08-20 09:51 - 2014-08-20 09:51 - 00000000 ____D () C:\ProgramData\McAfee
2014-08-20 09:51 - 2014-08-20 09:51 - 00000000 ____D () C:\Program Files (x86)\McAfee Security Scan
2014-08-20 09:36 - 2014-08-20 09:36 - 00000000 ____D () C:\Users\UliMx921\Downloads\padre
2014-08-19 21:22 - 2014-08-19 21:19 - 00000000 ____D () C:\Users\UliMx921\Downloads\ShinoKCR
2014-08-19 21:16 - 2014-08-19 21:16 - 00000000 ____D () C:\Users\UliMx921\Downloads\marilu
2014-08-19 20:50 - 2014-08-19 20:49 - 00000000 ____D () C:\Users\UliMx921\Downloads\mirake
2014-08-19 19:45 - 2014-08-19 18:38 - 00000000 ____D () C:\Users\UliMx921\Downloads\thesimsresource.com
2014-08-19 14:23 - 2014-08-19 14:04 - 00000000 ____D () C:\Users\UliMx921\Downloads\beosboxboy.blogspot.de
2014-08-19 14:22 - 2014-08-19 14:22 - 00000000 ____D () C:\Users\UliMx921\Downloads\thevintagesim.blogspot.de
2014-08-19 13:45 - 2014-08-19 13:44 - 00000000 ____D () C:\Users\UliMx921\Downloads\kunoichikatie.dreamwidth.org..21689.html
2014-08-18 23:04 - 2013-01-21 21:20 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-08-18 23:04 - 2012-12-17 21:59 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-08-18 11:21 - 2014-08-18 11:21 - 00000000 ____D () C:\Users\UliMx921\Downloads\www.simplystyling.de
2014-08-16 14:33 - 2014-08-16 14:32 - 00000000 ____D () C:\Users\UliMx921\Downloads\All4sims.de
2014-08-16 14:30 - 2014-08-16 14:30 - 01909992 _____ () C:\Users\UliMx921\Downloads\Buggybooz_KIA.rar
2014-08-15 17:09 - 2012-12-16 01:52 - 00002335 _____ () C:\Users\UliMx921\Desktop\Google Chrome.lnk
2014-08-15 03:35 - 2014-05-06 13:01 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-08-15 03:02 - 2014-05-07 03:01 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-08-14 19:35 - 2014-03-31 19:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-08-14 19:35 - 2014-03-16 15:58 - 00000983 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-08-07 04:06 - 2014-08-14 19:34 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-07 04:01 - 2014-08-14 19:34 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-04 22:49 - 2013-01-10 13:19 - 00000000 ____D () C:\Users\UliMx921\AppData\Local\CrashDumps
2014-08-04 22:16 - 2012-12-17 14:37 - 00000000 ____D () C:\Users\UliMx921\AppData\Roaming\vlc
2014-07-30 18:04 - 2014-05-06 13:33 - 00000000 ____D () C:\Users\UliMx921\dwhelper
2014-07-30 18:02 - 2014-05-06 13:33 - 00000000 ____D () C:\Users\UliMx921\Downloads\Germany's Next Topmodel
2014-07-30 17:29 - 2013-12-27 19:58 - 00000000 ____D () C:\Users\UliMx921\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-07-27 12:25 - 2013-03-14 04:01 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-07-27 12:25 - 2013-03-14 04:01 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-07-27 12:23 - 2012-12-17 20:06 - 00000000 ____D () C:\Users\UliMx921\AppData\Roaming\uTorrent
2014-07-26 03:02 - 2013-03-14 04:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-07-25 17:58 - 2014-07-25 17:58 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-24 21:28 - 2014-08-14 19:35 - 17861120 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-24 21:12 - 2014-08-14 19:35 - 02339328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-24 21:10 - 2014-08-14 19:35 - 10920960 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-24 21:07 - 2014-08-14 19:35 - 01384960 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-24 21:06 - 2014-08-14 19:35 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-24 21:05 - 2014-08-14 19:35 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-24 21:05 - 2014-08-14 19:35 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-07-24 21:05 - 2014-08-14 19:35 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-24 21:04 - 2014-08-14 19:35 - 02155520 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-24 21:04 - 2014-08-14 19:35 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-07-24 21:04 - 2014-08-14 19:35 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-24 21:04 - 2014-08-14 19:35 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-24 21:04 - 2014-08-14 19:35 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-24 21:04 - 2014-08-14 19:35 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-24 21:03 - 2014-08-14 19:35 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-24 21:03 - 2014-08-14 19:35 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-24 21:03 - 2014-08-14 19:35 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-24 21:03 - 2014-08-14 19:35 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-07-24 21:03 - 2014-08-14 19:35 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-07-24 21:03 - 2014-08-14 19:35 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-07-24 21:02 - 2014-08-14 19:35 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-24 20:07 - 2014-08-14 19:35 - 12356608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-24 19:58 - 2014-08-14 19:35 - 01810432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-24 19:57 - 2014-08-14 19:35 - 09739264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-24 19:52 - 2014-08-14 19:35 - 01137664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-24 19:51 - 2014-08-14 19:35 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-24 19:51 - 2014-08-14 19:35 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-24 19:50 - 2014-08-14 19:35 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-07-24 19:50 - 2014-08-14 19:35 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-24 19:49 - 2014-08-14 19:35 - 01802240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-24 19:49 - 2014-08-14 19:35 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-07-24 19:49 - 2014-08-14 19:35 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-24 19:49 - 2014-08-14 19:35 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-07-24 19:49 - 2014-08-14 19:35 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-07-24 19:48 - 2014-08-14 19:35 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-24 19:48 - 2014-08-14 19:35 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-24 19:48 - 2014-08-14 19:35 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-24 19:48 - 2014-08-14 19:35 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-24 19:48 - 2014-08-14 19:35 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-07-24 19:48 - 2014-08-14 19:35 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-07-24 19:48 - 2014-08-14 19:35 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-07-24 19:47 - 2014-08-14 19:35 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

Some content of TEMP:
====================
C:\Users\UliMx921\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-08-20 15:47

==================== End Of Log ============================

--- --- ---

--- --- ---

Liebe Grüße,
Music.Junky

Hallo Schrauber,

ich bin ab morgen für 2 Wochen nicht erreichbar.
Ich melde mich wieder.
Nur, damit Du Bescheid weißt und Dich nicht wunderst,
wenn während dieser Zeit keine Antworten von mir kommen.

Liebe Grüße,
Musik.Junky

schrauber · 23.08.2014, 06:19

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?

Music.Junky · 05.09.2014, 13:15

Hallo Schrauber,

ich melde mich zurück

Bisher kam ich noch nicht zum testen, ob soweit wieder alles einwandfrei funktioniert.
Aber das werde ich in den kommenden Tagen nachholen.

ESET.txt:

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=26772842db8d1249a62a2d04b12b3651
# engine=20013
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-09-05 10:29:28
# local_time=2014-09-05 12:29:28 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='AVG AntiVirus Free Edition 2014'
# compatibility_mode=1051 16777213 100 100 4485 97046952 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 18058972 161542818 0 0
# scanned=47484
# found=11
# cleaned=0
# scan_time=3775
sh=97BCCD25561F44E9B13F05F6EEF083C9CE9BA529 ft=1 fh=641f1fb3d2e699c4 vn="Win32/Toolbar.Conduit.Y evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Conduit\Community Alerts\Alert.dll.vir"
sh=34FF8E2D281CBFECE71100A04C0FF4436818382E ft=1 fh=7b66b1ed06cb1b80 vn="Variante von Win64/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\DVDvideoSoft_2.0\hk64tbDVDv.dll.vir"
sh=AE7B8F3BB6E040CE20B02DE558471FAA4C58386E ft=1 fh=6a41a8d0046fd7b4 vn="Variante von Win32/Toolbar.Conduit.X evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\DVDvideoSoft_2.0\hktbDVDv.dll.vir"
sh=87BE5F13318AC3BA3F403A73E332E1784304C21D ft=1 fh=3e5cd6b65c184efc vn="Variante von Win32/Toolbar.Conduit.P evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\DVDvideoSoft_2.0\ldrtbDVDv.dll.vir"
sh=2647A8D25068D715D97EE42DCB86CF9AA55946BC ft=1 fh=5fd80ae6b91e806a vn="Variante von Win32/Toolbar.Conduit.X evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\DVDvideoSoft_2.0\prxtbDVDv.dll.vir"
sh=1E6279D9317A709616211812CCA5AB8B26EB4AB2 ft=1 fh=dd2582521ac42eea vn="Variante von Win32/Toolbar.Conduit.X evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\DVDvideoSoft_2.0\tbDVDv.dll.vir"
sh=3AEF532A0211CE7869F0EB51E940D9E0C7CAE321 ft=1 fh=c7560653d3ee2314 vn="Variante von Win32/Adware.Yontoo.B Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setupx.dll.vir"
sh=34FF8E2D281CBFECE71100A04C0FF4436818382E ft=1 fh=7b66b1ed06cb1b80 vn="Variante von Win64/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\UliMx921\AppData\LocalLow\DVDvideoSoft_2.0\hk64tbDVDv.dll.vir"
sh=AE7B8F3BB6E040CE20B02DE558471FAA4C58386E ft=1 fh=6a41a8d0046fd7b4 vn="Variante von Win32/Toolbar.Conduit.X evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\UliMx921\AppData\LocalLow\DVDvideoSoft_2.0\hktbDVDv.dll.vir"
sh=87BE5F13318AC3BA3F403A73E332E1784304C21D ft=1 fh=3e5cd6b65c184efc vn="Variante von Win32/Toolbar.Conduit.P evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\UliMx921\AppData\LocalLow\DVDvideoSoft_2.0\ldrtbDVDv.dll.vir"
sh=1E6279D9317A709616211812CCA5AB8B26EB4AB2 ft=1 fh=dd2582521ac42eea vn="Variante von Win32/Toolbar.Conduit.X evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\UliMx921\AppData\LocalLow\DVDvideoSoft_2.0\tbDVDv.dll.vir"

Checkup.txt:

Code:

ATTFilter

 Results of screen317's Security Check version 0.99.87  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
AVG AntiVirus Free Edition 2014   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 AVG PC TuneUp 2014  
 AVG PC TuneUp 2014 (de-DE) 
 Java 7 Update 51  
 Java version out of Date! 
 Adobe Flash Player 14.0.0.179  
 Mozilla Firefox (31.0) 
 Google Chrome 36.0.1985.143  
 Google Chrome 37.0.2062.103  
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbam.exe  
 AVG avgwdsvc.exe 
 Malwarebytes Anti-Malware mbamscheduler.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````

FRST.txt:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 03-09-2014 02
Ran by UliMx921 (administrator) on ULIMX921-HP on 05-09-2014 12:52:20
Running from C:\Users\UliMx921\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(EasyBits Software AS) C:\Windows\SysWOW64\ezSharedSvcHost.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(AVG) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
() C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(AVG) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesApp64.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
() C:\Windows\vsnpstd3.exe
(Badoo) C:\ProgramData\Badoo\Badoo Desktop\1.6.58.1220\Badoo.Desktop.exe
(Spotify Ltd) C:\Users\UliMx921\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
() C:\Program Files (x86)\NETGEAR\WNA1100\WNA1100.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
() C:\ProgramData\Avg_Update_0814av\AVG-Secure-Search-Update_0814av.exe
(Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\ielowutil.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM\...\Run: [snpstd3] => C:\Windows\vsnpstd3.exe [827392 2006-09-19] ()
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-06-01] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [658424 2011-05-06] (PDF Complete Inc)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5187088 2014-08-11] (AVG Technologies CZ, s.r.o.)
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-08-05] (Hewlett-Packard)
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKU\.DEFAULT\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect"
HKU\S-1-5-21-351139012-3454371372-141882758-1000\...\Run: [Badoo Desktop] => C:\ProgramData\Badoo\Badoo Desktop\1.6.58.1220\Badoo.Desktop.exe [1067232 2012-12-24] (Badoo)
HKU\S-1-5-21-351139012-3454371372-141882758-1000\...\Run: [Spotify Web Helper] => C:\Users\UliMx921\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1104280 2013-03-29] (Spotify Ltd)
HKU\S-1-5-21-351139012-3454371372-141882758-1000\...\Run: [AVG-Secure-Search-Update_0814av] => C:\Users\UliMx921\AppData\Roaming\Avg_Update_0814av\AVG-Secure-Search-Update_0814av.exe [2775576 2014-08-12] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WNA1100 Setup-Assistent.lnk
ShortcutTarget: NETGEAR WNA1100 Setup-Assistent.lnk -> C:\Program Files (x86)\NETGEAR\WNA1100\WNA1100.exe ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://badoo.com/startpage/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPDSK/4
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-111076-19270-2/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKLM - {ED6242A3-5D15-4557-BD56-B1C486765F61} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-111076-19270-2/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-111076-19270-2/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\UliMx921\AppData\Roaming\Mozilla\Firefox\Profiles\wbnsoi44.default
FF Homepage: hxxp://www.ebay.de/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_179.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_179.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\UliMx921\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\UliMx921\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Users\UliMx921\AppData\Roaming\Mozilla\Firefox\Profiles\wbnsoi44.default\searchplugins\badoo.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: DownloadHelper - C:\Users\UliMx921\AppData\Roaming\Mozilla\Firefox\Profiles\wbnsoi44.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-08-15]
FF HKCU\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]

Chrome: 
=======
CHR HomePage: Default -> hxxp://google.de/
CHR StartupUrls: Default -> "hxxp://google.de/"
CHR Profile: C:\Users\UliMx921\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\UliMx921\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2012-12-16]
CHR Extension: (YouTube) - C:\Users\UliMx921\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-12-16]
CHR Extension: (Google-Suche) - C:\Users\UliMx921\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-12-16]
CHR Extension: (Google Wallet) - C:\Users\UliMx921\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-08]
CHR Extension: (Google Mail) - C:\Users\UliMx921\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-12-16]
CHR HKCU\...\Chrome\Extension: [oolkekjjhnaeaahibbnfebmogackofpf] - C:\Users\UliMx921\AppData\Local\CRE\oolkekjjhnaeaahibbnfebmogackofpf.crx [2013-03-27]
CHR HKLM-x32\...\Chrome\Extension: [oolkekjjhnaeaahibbnfebmogackofpf] - C:\Users\UliMx921\AppData\Local\CRE\oolkekjjhnaeaahibbnfebmogackofpf.crx [2013-03-27]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3244048 2014-08-11] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [289328 2014-08-11] (AVG Technologies CZ, s.r.o.)
R2 ezSharedSvc; C:\Windows\SysWOW64\ezSharedSvcHost.exe [514232 2010-04-23] (EasyBits Software AS) [File not signed]
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1128952 2011-05-06] (PDF Complete Inc)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [2185528 2014-04-15] (AVG)
R2 WSWNA1100; C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvc.exe [266240 2010-08-04] () [File not signed]
S2 ZAPrivacyService; "C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [152344 2014-06-30] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [242968 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [190744 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [235800 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [328984 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123672 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [269080 2014-06-17] (AVG Technologies CZ, s.r.o.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-09-05] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
S3 Netaapl; C:\Windows\System32\DRIVERS\netaapl64.sys [22528 2012-03-26] (Apple Inc.) [File not signed]
S3 SNPSTD3; C:\Windows\System32\DRIVERS\snpstd3.sys [10550272 2007-03-27] (Sonix Co. Ltd.)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [14112 2014-03-26] (TuneUp Software)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [53760 2012-09-28] (Apple, Inc.) [File not signed]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-05 12:52 - 2014-09-05 12:52 - 00000000 ____D () C:\Users\UliMx921\Desktop\FRST-OlderVersion
2014-09-05 12:49 - 2014-09-05 12:49 - 00000943 _____ () C:\Users\UliMx921\Desktop\checkup.txt
2014-09-05 12:34 - 2014-09-05 12:34 - 00854417 _____ () C:\Users\UliMx921\Desktop\SecurityCheck.exe
2014-09-05 11:22 - 2014-09-05 11:22 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-09-05 11:16 - 2014-09-05 11:17 - 02347384 _____ (ESET) C:\Users\UliMx921\Desktop\esetsmartinstaller_deu.exe
2014-09-05 11:15 - 2014-09-05 11:15 - 00002926 _____ () C:\Windows\System32\Tasks\AVG-Secure-Search-Update_0814av_RML
2014-09-05 11:15 - 2014-09-05 11:15 - 00002890 _____ () C:\Windows\System32\Tasks\AVG_SYS_TASK_0814av_DELETE
2014-09-05 11:15 - 2014-09-05 11:15 - 00002814 _____ () C:\Windows\System32\Tasks\AVG_SYS_TASK_0814av
2014-09-05 11:15 - 2014-09-05 11:15 - 00000540 _____ () C:\Windows\Tasks\AVG-Secure-Search-Update_0814av_RML.job
2014-09-05 11:15 - 2014-09-05 11:15 - 00000520 _____ () C:\Windows\Tasks\AVG_SYS_TASK_0814av.job
2014-09-05 11:15 - 2014-09-05 11:15 - 00000388 _____ () C:\Windows\Tasks\AVG_SYS_TASK_0814av_DELETE.job
2014-09-05 11:15 - 2014-09-05 11:15 - 00000000 ____D () C:\Users\UliMx921\AppData\Roaming\Avg_Update_0814av
2014-09-05 11:14 - 2014-09-05 11:14 - 00000000 ____D () C:\ProgramData\Avg_Update_0814av
2014-09-05 11:13 - 2014-09-05 11:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2014-09-05 11:12 - 2014-09-05 11:12 - 00000000 ____D () C:\Program Files\McAfee Security Scan
2014-08-22 19:00 - 2014-08-23 00:05 - 00008873 _____ () C:\Users\UliMx921\Documents\Brennliste_Eargasmic.wpl
2014-08-21 19:53 - 2014-08-21 19:53 - 00001436 _____ () C:\Users\UliMx921\Desktop\JRT.txt
2014-08-21 19:45 - 2014-08-21 19:45 - 00009594 _____ () C:\Users\UliMx921\Desktop\AdwCleaner[S0].txt
2014-08-21 19:45 - 2014-08-21 19:45 - 00000000 ____D () C:\Windows\ERUNT
2014-08-21 19:39 - 2014-08-21 19:40 - 00000000 ____D () C:\AdwCleaner
2014-08-21 19:39 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-08-21 19:35 - 2014-08-21 19:35 - 01016261 _____ (Thisisu) C:\Users\UliMx921\Desktop\JRT.exe
2014-08-21 19:32 - 2014-08-21 19:32 - 01364531 _____ () C:\Users\UliMx921\Desktop\adwcleaner_3.308.exe
2014-08-21 19:32 - 2014-08-21 19:32 - 00006153 _____ () C:\Users\UliMx921\Desktop\mbam.txt
2014-08-21 19:30 - 2014-08-21 19:30 - 00029224 _____ () C:\Users\UliMx921\Desktop\combofix.txt
2014-08-21 19:14 - 2014-09-05 11:51 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-21 19:13 - 2014-08-21 19:13 - 00001104 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-08-21 19:13 - 2014-08-21 19:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-08-21 19:13 - 2014-08-21 19:13 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-21 19:13 - 2014-08-21 19:13 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-08-21 19:13 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-08-21 19:13 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-08-21 19:13 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-08-21 19:10 - 2014-08-21 19:10 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\UliMx921\Downloads\mbam-setup-2.0.2.1012.exe
2014-08-21 10:08 - 2014-05-14 18:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-08-21 10:08 - 2014-05-14 18:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-08-21 10:08 - 2014-05-14 18:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-08-21 10:08 - 2014-05-14 18:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-08-21 10:08 - 2014-05-14 18:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-08-21 10:08 - 2014-05-14 18:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-08-21 10:08 - 2014-05-14 18:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-08-21 10:08 - 2014-05-14 18:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-08-21 10:08 - 2014-05-14 18:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-08-21 10:08 - 2014-05-14 18:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-08-21 10:08 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-08-21 10:08 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-08-21 10:08 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-08-21 10:08 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-08-20 22:44 - 2014-08-20 22:47 - 00000000 ____D () C:\Users\UliMx921\Downloads\1 - Stall
2014-08-20 18:12 - 2014-08-20 18:12 - 00029215 _____ () C:\ComboFix.txt
2014-08-20 18:04 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-08-20 18:04 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-08-20 18:04 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-08-20 18:04 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-08-20 18:04 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-08-20 18:04 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-08-20 18:04 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-08-20 18:04 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-08-20 18:03 - 2014-08-20 18:12 - 00000000 ____D () C:\Qoobox
2014-08-20 18:03 - 2014-08-20 18:11 - 00000000 ____D () C:\Windows\erdnt
2014-08-20 17:57 - 2014-08-20 17:57 - 05572251 ____R (Swearware) C:\Users\UliMx921\Desktop\ComboFix.exe
2014-08-20 13:27 - 2014-08-20 13:27 - 00000902 _____ () C:\Windows\SysWOW64\InstallUtil.InstallLog
2014-08-20 12:16 - 2014-08-20 13:07 - 00008747 _____ () C:\Users\UliMx921\Desktop\avgrep.txt
2014-08-20 12:13 - 2014-08-20 12:13 - 00000000 ____D () C:\Windows\Minidump
2014-08-20 12:07 - 2014-08-20 12:07 - 00000631 _____ () C:\Users\UliMx921\Desktop\Gmer.txt
2014-08-20 11:17 - 2014-08-20 11:17 - 00380416 _____ () C:\Users\UliMx921\Desktop\Gmer-19357.exe
2014-08-20 11:16 - 2014-08-20 11:19 - 00037264 _____ () C:\Users\UliMx921\Desktop\Addition.txt
2014-08-20 11:15 - 2014-09-05 12:52 - 00016874 _____ () C:\Users\UliMx921\Desktop\FRST.txt
2014-08-20 11:15 - 2014-09-05 12:52 - 00000000 ____D () C:\FRST
2014-08-20 11:14 - 2014-09-05 12:52 - 02104832 _____ (Farbar) C:\Users\UliMx921\Desktop\FRST64.exe
2014-08-20 11:13 - 2014-08-20 11:13 - 00000478 _____ () C:\Users\UliMx921\Desktop\defogger_disable.log
2014-08-20 11:13 - 2014-08-20 11:13 - 00000000 _____ () C:\Users\UliMx921\defogger_reenable
2014-08-20 11:09 - 2014-08-20 11:09 - 00017960 _____ () C:\Users\UliMx921\Documents\Mappe1 (Automatisch gespeichert).xlsx
2014-08-20 11:06 - 2014-08-20 11:06 - 00050477 _____ () C:\Users\UliMx921\Desktop\Defogger.exe
2014-08-20 10:16 - 2014-08-20 10:16 - 18594480 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-08-20 09:51 - 2014-09-05 12:29 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-20 09:51 - 2014-09-05 11:13 - 00001933 _____ () C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2014-08-20 09:51 - 2014-09-05 11:12 - 00000000 ____D () C:\ProgramData\McAfee Security Scan
2014-08-20 09:51 - 2014-08-20 10:17 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-08-20 09:51 - 2014-08-20 09:51 - 00000000 ____D () C:\ProgramData\McAfee
2014-08-20 09:36 - 2014-08-20 09:36 - 00000000 ____D () C:\Users\UliMx921\Downloads\padre
2014-08-19 21:19 - 2014-08-19 21:22 - 00000000 ____D () C:\Users\UliMx921\Downloads\ShinoKCR
2014-08-19 21:16 - 2014-08-19 21:16 - 00000000 ____D () C:\Users\UliMx921\Downloads\marilu
2014-08-19 21:02 - 2014-08-20 10:25 - 00000000 ____D () C:\Users\UliMx921\Downloads\~Monica~
2014-08-19 20:49 - 2014-08-19 20:50 - 00000000 ____D () C:\Users\UliMx921\Downloads\mirake
2014-08-19 20:32 - 2014-08-20 10:24 - 00000000 ____D () C:\Users\UliMx921\Downloads\steffor
2014-08-19 18:38 - 2014-08-19 19:45 - 00000000 ____D () C:\Users\UliMx921\Downloads\thesimsresource.com
2014-08-19 14:22 - 2014-08-19 14:22 - 00000000 ____D () C:\Users\UliMx921\Downloads\thevintagesim.blogspot.de
2014-08-19 14:04 - 2014-08-19 14:23 - 00000000 ____D () C:\Users\UliMx921\Downloads\beosboxboy.blogspot.de
2014-08-19 13:44 - 2014-08-19 13:45 - 00000000 ____D () C:\Users\UliMx921\Downloads\kunoichikatie.dreamwidth.org..21689.html
2014-08-18 11:21 - 2014-08-18 11:21 - 00000000 ____D () C:\Users\UliMx921\Downloads\www.simplystyling.de
2014-08-16 14:32 - 2014-08-16 14:33 - 00000000 ____D () C:\Users\UliMx921\Downloads\All4sims.de
2014-08-16 14:30 - 2014-08-16 14:30 - 01909992 _____ () C:\Users\UliMx921\Downloads\Buggybooz_KIA.rar
2014-08-15 03:03 - 2014-07-01 00:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-15 03:03 - 2014-07-01 00:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-08-15 03:03 - 2014-06-06 08:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-15 03:03 - 2014-06-06 08:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-15 03:03 - 2014-03-09 23:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-15 03:03 - 2014-03-09 23:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-15 03:03 - 2014-03-09 23:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-08-15 03:03 - 2014-03-09 23:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-08-14 19:35 - 2014-07-24 21:28 - 17861120 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-14 19:35 - 2014-07-24 21:12 - 02339328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-14 19:35 - 2014-07-24 21:10 - 10920960 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-14 19:35 - 2014-07-24 21:07 - 01384960 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-14 19:35 - 2014-07-24 21:06 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-14 19:35 - 2014-07-24 21:05 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-14 19:35 - 2014-07-24 21:05 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-08-14 19:35 - 2014-07-24 21:05 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-14 19:35 - 2014-07-24 21:04 - 02155520 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-14 19:35 - 2014-07-24 21:04 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-08-14 19:35 - 2014-07-24 21:04 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-14 19:35 - 2014-07-24 21:04 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-14 19:35 - 2014-07-24 21:04 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-14 19:35 - 2014-07-24 21:04 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-14 19:35 - 2014-07-24 21:03 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-14 19:35 - 2014-07-24 21:03 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-14 19:35 - 2014-07-24 21:03 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-14 19:35 - 2014-07-24 21:03 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-08-14 19:35 - 2014-07-24 21:03 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-08-14 19:35 - 2014-07-24 21:03 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-08-14 19:35 - 2014-07-24 21:02 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-14 19:35 - 2014-07-24 20:07 - 12356608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-14 19:35 - 2014-07-24 19:58 - 01810432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-14 19:35 - 2014-07-24 19:57 - 09739264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-14 19:35 - 2014-07-24 19:52 - 01137664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-14 19:35 - 2014-07-24 19:51 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-14 19:35 - 2014-07-24 19:51 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-14 19:35 - 2014-07-24 19:50 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-08-14 19:35 - 2014-07-24 19:50 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-14 19:35 - 2014-07-24 19:49 - 01802240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-14 19:35 - 2014-07-24 19:49 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-08-14 19:35 - 2014-07-24 19:49 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-14 19:35 - 2014-07-24 19:49 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-14 19:35 - 2014-07-24 19:49 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-14 19:35 - 2014-07-24 19:48 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-14 19:35 - 2014-07-24 19:48 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-14 19:35 - 2014-07-24 19:48 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-14 19:35 - 2014-07-24 19:48 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-14 19:35 - 2014-07-24 19:48 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-08-14 19:35 - 2014-07-24 19:48 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-08-14 19:35 - 2014-07-24 19:48 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-08-14 19:35 - 2014-07-24 19:47 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-14 19:35 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-08-14 19:35 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-08-14 19:35 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-08-14 19:35 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-08-14 19:35 - 2014-07-09 04:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-08-14 19:35 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2014-08-14 19:35 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2014-08-14 19:35 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2014-08-14 19:35 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2014-08-14 19:35 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2014-08-14 19:35 - 2014-07-09 00:38 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-08-14 19:35 - 2014-07-09 00:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
2014-08-14 19:34 - 2014-08-07 04:06 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-14 19:34 - 2014-08-07 04:01 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-14 19:34 - 2014-07-16 05:25 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-14 19:34 - 2014-07-16 05:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-14 19:34 - 2014-07-16 04:46 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-14 19:34 - 2014-07-16 04:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-08-14 19:34 - 2014-07-16 04:12 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-14 19:34 - 2014-07-14 04:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-14 19:34 - 2014-07-14 03:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-08-14 19:34 - 2014-06-25 04:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-08-14 19:34 - 2014-06-25 03:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-08-14 19:34 - 2014-06-16 04:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-14 19:34 - 2014-06-03 12:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-14 19:34 - 2014-06-03 12:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-14 19:34 - 2014-06-03 12:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-14 19:34 - 2014-06-03 12:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-14 19:34 - 2014-06-03 11:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-14 19:34 - 2014-06-03 11:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-14 19:34 - 2014-06-03 11:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-05 12:53 - 2014-08-20 11:15 - 00016874 _____ () C:\Users\UliMx921\Desktop\FRST.txt
2014-09-05 12:52 - 2014-09-05 12:52 - 00000000 ____D () C:\Users\UliMx921\Desktop\FRST-OlderVersion
2014-09-05 12:52 - 2014-08-20 11:15 - 00000000 ____D () C:\FRST
2014-09-05 12:52 - 2014-08-20 11:14 - 02104832 _____ (Farbar) C:\Users\UliMx921\Desktop\FRST64.exe
2014-09-05 12:49 - 2014-09-05 12:49 - 00000943 _____ () C:\Users\UliMx921\Desktop\checkup.txt
2014-09-05 12:34 - 2014-09-05 12:34 - 00854417 _____ () C:\Users\UliMx921\Desktop\SecurityCheck.exe
2014-09-05 12:30 - 2012-12-16 00:54 - 01432779 _____ () C:\Windows\WindowsUpdate.log
2014-09-05 12:29 - 2014-08-20 09:51 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-05 12:29 - 2012-12-16 01:52 - 00001132 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-351139012-3454371372-141882758-1000UA.job
2014-09-05 12:11 - 2012-02-16 11:09 - 00000000 ____D () C:\ProgramData\PDFC
2014-09-05 12:03 - 2012-12-16 01:52 - 00002335 _____ () C:\Users\UliMx921\Desktop\Google Chrome.lnk
2014-09-05 11:51 - 2014-08-21 19:14 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-05 11:22 - 2014-09-05 11:22 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-09-05 11:21 - 2012-12-16 01:01 - 00003954 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{B4831B8C-91D3-432E-AFEF-559F989D3C7C}
2014-09-05 11:20 - 2009-07-14 06:45 - 00024400 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-05 11:20 - 2009-07-14 06:45 - 00024400 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-05 11:17 - 2014-09-05 11:16 - 02347384 _____ (ESET) C:\Users\UliMx921\Desktop\esetsmartinstaller_deu.exe
2014-09-05 11:16 - 2013-03-07 21:19 - 00000000 ____D () C:\ProgramData\MFAData
2014-09-05 11:15 - 2014-09-05 11:15 - 00002926 _____ () C:\Windows\System32\Tasks\AVG-Secure-Search-Update_0814av_RML
2014-09-05 11:15 - 2014-09-05 11:15 - 00002890 _____ () C:\Windows\System32\Tasks\AVG_SYS_TASK_0814av_DELETE
2014-09-05 11:15 - 2014-09-05 11:15 - 00002814 _____ () C:\Windows\System32\Tasks\AVG_SYS_TASK_0814av
2014-09-05 11:15 - 2014-09-05 11:15 - 00000540 _____ () C:\Windows\Tasks\AVG-Secure-Search-Update_0814av_RML.job
2014-09-05 11:15 - 2014-09-05 11:15 - 00000520 _____ () C:\Windows\Tasks\AVG_SYS_TASK_0814av.job
2014-09-05 11:15 - 2014-09-05 11:15 - 00000388 _____ () C:\Windows\Tasks\AVG_SYS_TASK_0814av_DELETE.job
2014-09-05 11:15 - 2014-09-05 11:15 - 00000000 ____D () C:\Users\UliMx921\AppData\Roaming\Avg_Update_0814av
2014-09-05 11:14 - 2014-09-05 11:14 - 00000000 ____D () C:\ProgramData\Avg_Update_0814av
2014-09-05 11:13 - 2014-09-05 11:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2014-09-05 11:13 - 2014-08-20 09:51 - 00001933 _____ () C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2014-09-05 11:12 - 2014-09-05 11:12 - 00000000 ____D () C:\Program Files\McAfee Security Scan
2014-09-05 11:12 - 2014-08-20 09:51 - 00000000 ____D () C:\ProgramData\McAfee Security Scan
2014-09-05 11:11 - 2013-04-11 03:19 - 00275856 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-09-05 11:11 - 2013-04-08 22:09 - 00020574 _____ () C:\Windows\setupact.log
2014-09-05 11:11 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-23 00:47 - 2014-03-07 21:33 - 00000000 ____D () C:\Users\UliMx921\AppData\Roaming\SoftGrid Client
2014-08-23 00:05 - 2014-08-22 19:00 - 00008873 _____ () C:\Users\UliMx921\Documents\Brennliste_Eargasmic.wpl
2014-08-22 21:27 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-08-22 17:16 - 2012-12-16 01:52 - 00001080 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-351139012-3454371372-141882758-1000Core.job
2014-08-21 19:53 - 2014-08-21 19:53 - 00001436 _____ () C:\Users\UliMx921\Desktop\JRT.txt
2014-08-21 19:45 - 2014-08-21 19:45 - 00009594 _____ () C:\Users\UliMx921\Desktop\AdwCleaner[S0].txt
2014-08-21 19:45 - 2014-08-21 19:45 - 00000000 ____D () C:\Windows\ERUNT
2014-08-21 19:43 - 2013-04-11 03:19 - 00303584 _____ () C:\Windows\PFRO.log
2014-08-21 19:40 - 2014-08-21 19:39 - 00000000 ____D () C:\AdwCleaner
2014-08-21 19:35 - 2014-08-21 19:35 - 01016261 _____ (Thisisu) C:\Users\UliMx921\Desktop\JRT.exe
2014-08-21 19:32 - 2014-08-21 19:32 - 01364531 _____ () C:\Users\UliMx921\Desktop\adwcleaner_3.308.exe
2014-08-21 19:32 - 2014-08-21 19:32 - 00006153 _____ () C:\Users\UliMx921\Desktop\mbam.txt
2014-08-21 19:30 - 2014-08-21 19:30 - 00029224 _____ () C:\Users\UliMx921\Desktop\combofix.txt
2014-08-21 19:13 - 2014-08-21 19:13 - 00001104 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-08-21 19:13 - 2014-08-21 19:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-08-21 19:13 - 2014-08-21 19:13 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-21 19:13 - 2014-08-21 19:13 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-08-21 19:10 - 2014-08-21 19:10 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\UliMx921\Downloads\mbam-setup-2.0.2.1012.exe
2014-08-20 22:47 - 2014-08-20 22:44 - 00000000 ____D () C:\Users\UliMx921\Downloads\1 - Stall
2014-08-20 22:37 - 2014-02-08 13:21 - 00003204 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForUliMx921
2014-08-20 22:37 - 2014-02-08 13:21 - 00000344 _____ () C:\Windows\Tasks\HPCeeScheduleForUliMx921.job
2014-08-20 18:12 - 2014-08-20 18:12 - 00029215 _____ () C:\ComboFix.txt
2014-08-20 18:12 - 2014-08-20 18:03 - 00000000 ____D () C:\Qoobox
2014-08-20 18:12 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2014-08-20 18:11 - 2014-08-20 18:03 - 00000000 ____D () C:\Windows\erdnt
2014-08-20 18:10 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-08-20 18:02 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-08-20 17:57 - 2014-08-20 17:57 - 05572251 ____R (Swearware) C:\Users\UliMx921\Desktop\ComboFix.exe
2014-08-20 13:27 - 2014-08-20 13:27 - 00000902 _____ () C:\Windows\SysWOW64\InstallUtil.InstallLog
2014-08-20 13:07 - 2014-08-20 12:16 - 00008747 _____ () C:\Users\UliMx921\Desktop\avgrep.txt
2014-08-20 12:13 - 2014-08-20 12:13 - 00000000 ____D () C:\Windows\Minidump
2014-08-20 12:13 - 2012-12-16 09:48 - 00287327 ____N () C:\Windows\Minidump\082014-26254-01.dmp
2014-08-20 12:07 - 2014-08-20 12:07 - 00000631 _____ () C:\Users\UliMx921\Desktop\Gmer.txt
2014-08-20 11:19 - 2014-08-20 11:16 - 00037264 _____ () C:\Users\UliMx921\Desktop\Addition.txt
2014-08-20 11:17 - 2014-08-20 11:17 - 00380416 _____ () C:\Users\UliMx921\Desktop\Gmer-19357.exe
2014-08-20 11:13 - 2014-08-20 11:13 - 00000478 _____ () C:\Users\UliMx921\Desktop\defogger_disable.log
2014-08-20 11:13 - 2014-08-20 11:13 - 00000000 _____ () C:\Users\UliMx921\defogger_reenable
2014-08-20 11:13 - 2012-12-16 00:55 - 00000000 ____D () C:\Users\UliMx921
2014-08-20 11:09 - 2014-08-20 11:09 - 00017960 _____ () C:\Users\UliMx921\Documents\Mappe1 (Automatisch gespeichert).xlsx
2014-08-20 11:06 - 2014-08-20 11:06 - 00050477 _____ () C:\Users\UliMx921\Desktop\Defogger.exe
2014-08-20 10:25 - 2014-08-19 21:02 - 00000000 ____D () C:\Users\UliMx921\Downloads\~Monica~
2014-08-20 10:24 - 2014-08-19 20:32 - 00000000 ____D () C:\Users\UliMx921\Downloads\steffor
2014-08-20 10:17 - 2014-08-20 09:51 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-08-20 10:17 - 2014-05-06 13:06 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-08-20 10:17 - 2012-02-16 11:05 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-08-20 10:16 - 2014-08-20 10:16 - 18594480 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-08-20 09:51 - 2014-08-20 09:51 - 00000000 ____D () C:\ProgramData\McAfee
2014-08-20 09:36 - 2014-08-20 09:36 - 00000000 ____D () C:\Users\UliMx921\Downloads\padre
2014-08-19 21:22 - 2014-08-19 21:19 - 00000000 ____D () C:\Users\UliMx921\Downloads\ShinoKCR
2014-08-19 21:16 - 2014-08-19 21:16 - 00000000 ____D () C:\Users\UliMx921\Downloads\marilu
2014-08-19 20:50 - 2014-08-19 20:49 - 00000000 ____D () C:\Users\UliMx921\Downloads\mirake
2014-08-19 19:45 - 2014-08-19 18:38 - 00000000 ____D () C:\Users\UliMx921\Downloads\thesimsresource.com
2014-08-19 14:23 - 2014-08-19 14:04 - 00000000 ____D () C:\Users\UliMx921\Downloads\beosboxboy.blogspot.de
2014-08-19 14:22 - 2014-08-19 14:22 - 00000000 ____D () C:\Users\UliMx921\Downloads\thevintagesim.blogspot.de
2014-08-19 13:45 - 2014-08-19 13:44 - 00000000 ____D () C:\Users\UliMx921\Downloads\kunoichikatie.dreamwidth.org..21689.html
2014-08-18 23:04 - 2013-01-21 21:20 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-08-18 23:04 - 2012-12-17 21:59 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-08-18 11:21 - 2014-08-18 11:21 - 00000000 ____D () C:\Users\UliMx921\Downloads\www.simplystyling.de
2014-08-16 14:33 - 2014-08-16 14:32 - 00000000 ____D () C:\Users\UliMx921\Downloads\All4sims.de
2014-08-16 14:30 - 2014-08-16 14:30 - 01909992 _____ () C:\Users\UliMx921\Downloads\Buggybooz_KIA.rar
2014-08-15 03:35 - 2014-05-06 13:01 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-08-15 03:02 - 2014-05-07 03:01 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-08-14 19:35 - 2014-03-31 19:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-08-14 19:35 - 2014-03-16 15:58 - 00000983 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-08-07 04:06 - 2014-08-14 19:34 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-07 04:01 - 2014-08-14 19:34 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll

Some content of TEMP:
====================
C:\Users\UliMx921\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-08-20 15:47

==================== End Of Log ============================

--- --- ---

Liebe Grüße,
Music.Junky

schrauber · 06.09.2014, 11:19

Java updaten.

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKU\.DEFAULT\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect"

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Fertig

Die Reihenfolge ist hier entscheidend.

Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
- Windowstaste + R > Combofix /Uninstall (eingeben) > OK
- Alternative: Combofix.exe in uninstall.exe umbenennen und starten
- Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
Downloade Dir bitte auf jeden Fall DelFix auf deinen Desktop:
- Schließe alle offenen Programme.
- Starte die delfix.exe mit einem Doppelklick.
- Setze vor jede Funktion ein Häkchen.
- Klicke auf Start.
- Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
- Starte deinen Rechner abschließend neu.
Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.

Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun

Hier noch ein paar Tipps zur Absicherung deines Systems.

Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.

Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
Windows Updates
- Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
- Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
Gehe sicher das die automatischen Updates aktiviert sind.
Software Updates
Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.

Anti- Viren Software

Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.

Zusätzlicher Schutz

MalwareBytes Anti Malware
Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
Ein Tutorial zur Verwendung findest Du hier.
WinPatrol
Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.

Sicheres Browsen

SpywareBlaster
Eine kurze Einführung findest du Hier
MVPs hosts file
Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
WOT (Web of trust)
Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.

Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.

Opera
Mozilla Firefox.
- Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
- NoScript
  Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
- AdblockPlus
  Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
  Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )

Don'ts

Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe

Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.

Music.Junky · 08.09.2014, 18:09

Hallo Schrauber,

hat etwas gedauert - aber hier nun die Fixlog.txt:

Code:

ATTFilter

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 07-09-2014 01
Ran by UliMx921 at 2014-09-08 19:01:56 Run:1
Running from C:\Users\UliMx921\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKU\.DEFAULT\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect"
*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\EnableShellExecuteHooks => value deleted successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce\\HKU\.DEFAULT\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect" => Value not found.

==== End of Fixlog ====

Das war's?

Du glaubst mir gar nicht, wie dankbar ich Dir bin!
Habe heute gestern und heute die Seite getestet - et voilà. Kein Weiterleiten
zu irgendwelchen bedrohlichen Websites. Endlich kann ich wieder beruhigt surfen.

Deine Tipps werde ich mir zu Herzen nehmen, vielen Dank!
Zwei Fragen habe ich noch.
1. Gmer wurde nicht automatisch deinstalliert. Soll ich das manuell deinstallieren oder kann/soll ich das weiterhin verwenden?
2. Was hälst Du von AVG? Ist das empfehlenswert oder gibt es bessere kostenlose Virenprogramme? Was kannst Du empfehlen?

Nochmals vielen lieben Dank für deine Hilfe!
Eine Spende ist so gut wie unterwegs - eine kleine aber feine Gegenleistung für deine ganze Arbeit!

Liebe Grüße,
Music.Junky

schrauber · 09.09.2014, 16:33

Zitat:

1. Gmer wurde nicht automatisch deinstalliert. Soll ich das manuell deinstallieren oder kann/soll ich das weiterhin verwenden?
2. Was hälst Du von AVG? Ist das empfehlenswert oder gibt es bessere kostenlose Virenprogramme? Was kannst Du empfehlen?

Lösche GMER.
Wenn es unbedingt kostenlos sein muss MSE oder Avast. Ich empfehle immer Emsisoft.

Windows 7 - Internet leitet zu Viren-Page um

Log-Analyse und Auswertung: Windows 7 - Internet leitet zu Viren-Page um