Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Gesperrter PC Trojaner interpol/Bundespolizei (https://www.trojaner-board.de/139561-gesperrter-pc-trojaner-interpol-bundespolizei.html)

Melimaca 09.08.2013 08:18
Gesperrter PC Trojaner interpol/Bundespolizei
 
Hilfe mein Computer ist gesperrt!! Ich brauche schnellstmöglichst Hilfe bei der Bekämpfung des Trojaners. Den Scan mit FRST 64-Bit habe ich schon durchgeführt. Folgende txt-Datei ist entstanden ;-)

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-08-2013 02
Ran by Administrator (administrator) on 09-08-2013 08:52:30
Running from I:\
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode:

==================== Processes (Whitelisted) =================

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(REINER SCT) C:\Windows\SysWOW64\cjpcsc.exe
(DATEV eG) C:\DATEV\PROGRAMM\INSTALL\DvInesASDSvc.Exe
(DATEV eG) C:\DATEV\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe
(DATEV eG) C:\DATEV\PROGRAMM\B0001442\PSNTSERV.EXE
(DATEV eG) C:\DATEV\PROGRAMM\B0000000\DFUEMNGR\DcManag.exe
(DATEV eG) C:\DATEV\PROGRAMM\B0000150\ScServer\DVckService.exe
(SafeNet Inc.) C:\Windows\system32\hasplms.exe
(Nero AG) C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe
(KOBIL Systems GmbH) C:\DATEV\PROGRAMM\B0000404\msdisrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10_50.DATEV_DBENGINE\MSSQL\Binn\sqlservr.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(DATEV eG) C:\DATEV\PROGRAMM\B0000398\SiPaHostService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
() C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
() C:\Program Files (x86)\Amazon Browser Bar\ToolbarUpdaterService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10_50.DATEV_DBENGINE\MSSQL\Binn\fdlauncher.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10_50.DATEV_DBENGINE\MSSQL\Binn\fdhost.exe
(DATEV eG) C:\DATEV\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13307496 2011-10-17] (Realtek Semiconductor)
HKLM\...\Run: [AtherosBtStack] - C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [613536 2010-10-27] (Atheros Communications)
HKLM\...\Run: [AthBtTray] - C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [379040 2010-10-27] (Atheros Commnucations)
HKCU\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-03-28] (Google Inc.)
HKCU\...\Run: [DFÜ-Sammler] - C:\DATEV\PROGRAMM\RZKOMM\ccsrv2.exe [144992 2012-07-26] ()
MountPoints2: {19551e2a-2fb9-11e2-9e5c-404e57434401} - I:\HTC_Sync_Manager_PC.exe
MountPoints2: {6987e55b-66ba-11e2-9c22-404e57434401} - I:\HTC_Sync_Manager_PC.exe
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-05-20] (Intel Corporation)
HKLM-x32\...\Run: [DATEV Update-Monitor] - C:\Datev\PROGRAMM\Install\DvInesASDMon.exe [288352 2012-12-20] (DATEV eG)
HKLM-x32\...\Run: [SfWinStartInfo] - C:\SFirm\Programm\sfWinStartupInfo.exe [144544 2012-07-06] (Star Finanz - Software Entwicklung und Vertriebs GmbH)
HKLM-x32\...\Run: [ApnUpdater] - C:\Program Files (x86)\Ask.com\Updater\Updater.exe [1573584 2012-10-19] (Ask)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [345144 2013-07-02] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [] -  [x]
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SiPaHost] - C:\DATEV\PROGRAMM\B0000398\SiPaHost.exe [551464 2013-01-18] (DATEV eG)
HKLM-x32\...\Run: [Advanced System Protector_startup] - C:\Program Files (x86)\Advanced System Protector\AdvancedSystemProtector.exe [6563184 2013-05-24] (Systweak)
Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
ShortcutTarget: MyPC Backup.lnk -> C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe (MyPCBackup.com)
Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\rpibmsxofrvjqpocwjd.lnk
ShortcutTarget: rpibmsxofrvjqpocwjd.lnk -> C:\Users\ADMINI~1\AppData\Local\Temp\djwcopqjvrfoxsmbipr.bfg ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Basisschnittstelle Office Initialisierung.lnk
ShortcutTarget: Basisschnittstelle Office Initialisierung.lnk -> C:\Datev\PROGRAMM\BSoffice\service\OfficeDiag.exe (DATEV eG)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CleanupPrintJobs.lnk
ShortcutTarget: CleanupPrintJobs.lnk -> C:\Datev\PROGRAMM\B0001401\CleanupPrintJobs.exe (DATEV eG)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\DATEV-Hinweis Mitteilungsdienst.lnk
ShortcutTarget: DATEV-Hinweis Mitteilungsdienst.lnk -> C:\Datev\PROGRAMM\A0000007\DHNC.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\DFÜ-Manager.LNK
ShortcutTarget: DFÜ-Manager.LNK -> C:\Datev\PROGRAMM\B0000000\DFUEMNGR\DfueMan.exe (DATEV eG)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Lizenz-Manager Server.lnk
ShortcutTarget: Lizenz-Manager Server.lnk -> C:\Datev\PROGRAMM\Sws\LiMaServer.exe (DATEV eG)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RZ-Druckertreiber V.2.3.lnk
ShortcutTarget: RZ-Druckertreiber V.2.3.lnk -> C:\DATEV\SYSTEM\rzpjwtch.exe (DATEV eG)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SkyUserDevmode-Update.lnk
ShortcutTarget: SkyUserDevmode-Update.lnk -> C:\Datev\PROGRAMM\B0001401\UpdateDevmode.exe (DATEV eG)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.avira.com/?l=dis&o=APN10261&gct=hp&dc=EU&locale=de_DE
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
URLSearchHook: (No Name) - {00000000-6E41-4FD3-8538-502F5495E5FC} -  No File
URLSearchHook: (No Name) - {40c3cc16-7269-4b32-9531-17f2950fb06f} -  No File
SearchScopes: HKCU - DefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www.claro-search.com/?q={searchTerms}&affID=109727&tt=090812_clr_3212_5&babsrc=SP_ss&mntrId=3ebb19bc0000000000005404a67ee95b
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www.claro-search.com/?q={searchTerms}&affID=109727&tt=090812_clr_3212_5&babsrc=SP_ss&mntrId=3ebb19bc0000000000005404a67ee95b
SearchScopes: HKCU - {7820584C-FFB8-4AEB-952B-5DFA51500DF3} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2319825
SearchScopes: HKCU - {AFA8EB7C-076D-425F-A818-F1EAFA53793E} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10261&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=^AGS&apn_dtid=^YYYYYY^YY^DE&apn_uid=2645525f-cd2b-4794-9612-00e91623e583&apn_sauid=04B97770-EDC7-4D6D-A29E-9CFD99FC942C
BHO: DtvIePwdSafeBHO Class - {6EF6B546-25FB-455B-801F-FDB3B3D39F9E} - C:\DATEV\PROGRAMM\B0000397\DtvIePwdSafe64.dll (DATEV eG)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: SCardBHOEvent Class - {AF8CD625-E04A-4A8F-A90A-0C74846C2E30} - C:\DATEV\SYSTEM\DVCCSASCardBHO64002.Dll (DATEV eG)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Winload Toolbar - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files (x86)\Winload\prxtbWinl.dll (Conduit Ltd.)
BHO-x32: DtvIePwdSafeBHO Class - {6EF6B546-25FB-455B-801F-FDB3B3D39F9E} - C:\DATEV\PROGRAMM\B0000397\DtvIePwdSafe.dll (DATEV eG)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO-x32: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: SCardBHOEvent Class - {AF8CD625-E04A-4A8F-A90A-0C74846C2E30} - C:\DATEV\SYSTEM\DVCCSAScardBHO002.dll (DATEV eG)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
BHO-x32: Avira SearchFree Toolbar plus Web Protection - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: AlxHelper Class - {F443A627-5009-4323-9C1D-7FD598D0D712} - C:\Program Files (x86)\Amazon Browser Bar\AmazonBrowserBar.3.0.dll (Amazon.com)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - loadtbs - {DFEFCDEE-CF1A-4FC8-88AD-129872198372} - C:\Users\Administrator\AppData\Roaming\loadtbs\toolbar.dll (InfiniAd GmbH)
Toolbar: HKLM-x32 - Winload Toolbar - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files (x86)\Winload\prxtbWinl.dll (Conduit Ltd.)
Toolbar: HKLM-x32 - Avira SearchFree Toolbar plus Web Protection - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM-x32 - Amazon Browser Bar - {EA582743-9076-4178-9AA6-7393FDF4D5CE} - C:\Program Files (x86)\Amazon Browser Bar\AmazonBrowserBar.3.0.dll (Amazon.com)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKCU - No Name - {DFEFCDEE-CF1A-4FC8-88AD-129872198372} -  No File
Toolbar: HKCU - No Name - {40C3CC16-7269-4B32-9531-17F2950FB06F} -  No File
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\e1knkc9l.default
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.google.de/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @java.com/DTPlugin,version=10.15.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.15.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\e1knkc9l.default\searchplugins\askcom.xml
FF Extension: No Name - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\e1knkc9l.default\Extensions\abb@amazon.com
FF Extension: No Name - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\e1knkc9l.default\Extensions\toolbar@ask.com
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

Chrome:
=======
CHR HomePage: hxxp://search.avira.com/?l=dis&o=APN10261&gct=hp&dc=EU&locale=de_DE
CHR RestoreOnStartup: "hxxp://www.claro-search.com/?affID=109727&tt=090812_clr_3212_5&babsrc=HP_ss&mntrId=3ebb19bc0000000000005404a67ee95b"
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\gcswf32.dll No File
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.300.12) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java(TM) Platform SE 6 U30) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Extension: (Avira Toolbar) - C:\Users\ADMINI~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabfjnbeinlpljodiajipidiompfl\7.15.10.0_0
CHR Extension: (YouTube) - C:\Users\ADMINI~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1
CHR Extension: (Google Search) - C:\Users\ADMINI~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1
CHR Extension: (Gmail) - C:\Users\ADMINI~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1
CHR HKLM-x32\...\Chrome\Extension: [aaaaabfjnbeinlpljodiajipidiompfl] - C:\Users\Administrator\AppData\Local\APN\GoogleCRXs\aaaaabfjnbeinlpljodiajipidiompfl_7.15.10.0.crx
CHR StartMenuInternet: Google Chrome - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-07-02] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-07-02] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [589368 2013-07-02] (Avira Operations GmbH & Co. KG)
S2 BackupStack; C:\Program Files (x86)\MyPC Backup\BackupStack.exe [32808 2013-07-01] (Just Develop It)
R2 cjpcsc; C:\Windows\SysWOW64\cjpcsc.exe [511920 2011-07-22] (REINER SCT)
R2 DATEV Update-Service; C:\DATEV\PROGRAMM\INSTALL\DvInesASDSvc.Exe [158304 2012-12-20] (DATEV eG)
R2 DatevPrintService; C:\DATEV\PROGRAMM\B0001442\PSNTSERV.EXE [87040 2013-04-08] (DATEV eG)
R2 Dcmanag; C:\DATEV\PROGRAMM\B0000000\DFUEMNGR\DcManag.exe [177760 2012-06-05] (DATEV eG)
R2 DVckService; C:\DATEV\PROGRAMM\B0000150\ScServer\DVckService.exe [2653224 2013-01-28] (DATEV eG)
R2 hasplms; C:\Windows\system32\hasplms.exe [4913608 2011-12-01] (SafeNet Inc.)
R2 HTCMonitorService; C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2013-01-29] (Nero AG)
R2 KOBIL_MSDI; C:\DATEV\PROGRAMM\B0000404\msdisrv.exe [192512 2011-03-03] (KOBIL Systems GmbH)
R2 MSSQL$DATEV_DBENGINE; C:\Program Files\Microsoft SQL Server\MSSQL10_50.DATEV_DBENGINE\MSSQL\Binn\sqlservr.exe [62111072 2011-06-17] (Microsoft Corporation)
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] ()
R2 Sicherheitspaket-Dienst; C:\DATEV\PROGRAMM\B0000398\SiPaHostService.exe [196136 2013-01-18] (DATEV eG)
S4 SQLAgent$DATEV_DBENGINE; C:\Program Files\Microsoft SQL Server\MSSQL10_50.DATEV_DBENGINE\MSSQL\Binn\SQLAGENT.EXE [431456 2011-06-17] (Microsoft Corporation)
R2 Updater Service for AMZN; C:\Program Files (x86)\Amazon Browser Bar\ToolbarUpdaterService.exe [222368 2013-03-21] ()
S3 Datev.Database.Conserve; C:\DATEV\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe Datev.Database.Conserve SvcRunLevel=1000 [x]
R2 Datev.Framework.RemoteServiceModel.EnablerService; C:\DATEV\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe Datev.Framework.RemoteServiceModel.EnablerService -SvcRunLevel=9999 -Single [x]
R3 Datev.Framework.RemoteServices; C:\DATEV\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe Datev.Framework.RemoteServices -SvcRunLevel=1000 -Single [x]
R3 MSSQLFDLauncher$DATEV_DBENGINE; "C:\Program Files\Microsoft SQL Server\MSSQL10_50.DATEV_DBENGINE\MSSQL\Binn\fdlauncher.exe" -s MSSQL10_50.DATEV_DBENGINE [x]

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [100712 2013-03-21] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130016 2013-03-21] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-03-21] (Avira Operations GmbH & Co. KG)
R3 AVMCOWAN; C:\Windows\System32\DRIVERS\AVMCOWAN.sys [79872 2009-06-10] (AVM GmbH)
R3 b1cbase; C:\Windows\System32\DRIVERS\b1cbase.sys [213120 2009-06-10] (AVM GmbH)
S3 cjusb; C:\Windows\System32\DRIVERS\cjusb.sys [34672 2011-03-29] (REINER SCT)
R2 hardlock; C:\Windows\system32\drivers\hardlock.sys [321536 2011-09-28] (SafeNet Inc.)
S3 KOBCCEX; C:\Windows\System32\drivers\KOBCCEX.sys [25344 2012-01-25] (KOBIL Systems GmbH)
S3 KOBCCID; C:\Windows\System32\drivers\KOBCCID.sys [116864 2012-12-19] (KOBIL Systems GmbH)
R3 PciPPorts; C:\Windows\System32\DRIVERS\PciPPorts.sys [96768 2009-07-23] ()
R2 SC_SERV3D; C:\Windows\system32\drivers\d3_kafm.sys [84728 2012-07-03] (Datev eG)
R2 SC_SERV3D; C:\Windows\system32\drivers\d3_kafm.sys [84728 2012-07-03] (Datev eG)
U0 dmboot;

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-08-09 08:49 - 2013-08-09 08:49 - 00000000 ____D C:\FRST
2013-08-09 07:59 - 2013-08-09 07:59 - 00001207 _____ C:\Users\Public\Desktop\Advanced System Protector.lnk
2013-08-09 07:59 - 2013-08-09 07:59 - 00000000 ____D C:\ProgramData\Systweak
2013-08-09 07:59 - 2013-08-09 07:59 - 00000000 ____D C:\Program Files (x86)\Amazon
2013-08-09 07:59 - 2013-08-09 07:59 - 00000000 ____D C:\Program Files (x86)\Advanced System Protector
2013-08-09 07:59 - 2012-07-25 12:03 - 00016896 _____ C:\Windows\system32\sasnative64.exe
2013-08-09 07:58 - 2013-08-09 08:12 - 00000000 ____D C:\Program Files (x86)\Amazon Browser Bar
2013-08-09 07:58 - 2013-08-09 07:59 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Systweak
2013-08-09 07:58 - 2013-08-09 07:59 - 00000000 ____D C:\Program Files (x86)\MyPC Backup
2013-08-09 07:58 - 2013-08-09 07:58 - 00129536 _____ C:\Users\Public\AlexaNSISPlugin.2464.dll
2013-08-09 07:58 - 2013-08-09 07:58 - 00001093 _____ C:\Users\Administrator\Desktop\MyPC Backup.lnk
2013-08-09 07:58 - 2013-08-09 07:58 - 00001056 _____ C:\Users\Public\Desktop\RegClean Pro.lnk
2013-08-09 07:58 - 2013-08-09 07:58 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
2013-08-09 07:58 - 2013-08-09 07:58 - 00000000 ____D C:\Program Files (x86)\RegClean Pro
2013-08-09 07:58 - 2013-05-27 16:01 - 00020312 _____ (Systweak Inc., (www.systweak.com)) C:\Windows\system32\roboot64.exe
2013-08-09 07:57 - 2013-08-09 07:57 - 04679352 _____ (Systweak Inc                                                ) C:\Users\Administrator\Downloads\rcpsetup_chip_de_chip_de.exe
2013-08-09 07:42 - 2013-08-09 07:42 - 00000000 ____D C:\Users\ADMINI~1\AppData\Local\AskToolbar
2013-08-08 13:33 - 2013-08-08 13:33 - 00000165 _____ C:\ProgramData\rpibmsxofrvjqpocwjd.reg
2013-08-08 13:33 - 2013-08-08 13:33 - 00000070 _____ C:\ProgramData\rpibmsxofrvjqpocwjd.bat
2013-08-05 08:17 - 2013-08-05 08:17 - 00002218 _____ C:\Users\Public\Desktop\Google Earth.lnk
2013-08-01 10:53 - 2013-08-01 10:53 - 00004614 _____ C:\Users\Administrator\Downloads\MonatBHG_20130801.ideva
2013-08-01 10:53 - 2013-08-01 10:53 - 00004536 _____ C:\Users\Administrator\Downloads\MonatBHG_20130801.idev
2013-08-01 10:46 - 2013-08-01 10:46 - 00002694 _____ C:\Users\Administrator\Downloads\Auftragsbestand_20130801.ideva
2013-08-01 10:45 - 2013-08-01 10:45 - 00002610 _____ C:\Users\Administrator\Downloads\Auftragsbestand_20130801.idev
2013-07-22 09:34 - 2013-07-22 09:35 - 00000000 ____D C:\Windows\system32\MRT
2013-07-19 13:58 - 2013-07-19 13:58 - 00000000 ____D C:\129b6ed6328ebd5c456786
2013-07-16 15:03 - 2013-07-16 15:03 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\HTC Sync
2013-07-16 15:03 - 2013-07-16 15:03 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\HTC
2013-07-16 15:03 - 2013-07-16 15:03 - 00000000 ____D C:\ProgramData\HTC
2013-07-16 14:51 - 2013-08-09 08:49 - 00000000 ____D C:\Users\ADMINI~1\AppData\Local\HTC MediaHub
2013-07-16 14:51 - 2013-07-16 15:03 - 00000000 ____D C:\Users\Administrator\Documents\HTC
2013-07-16 14:51 - 2013-07-16 14:51 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Apple Computer
2013-07-16 14:51 - 2013-07-16 14:51 - 00000000 ____D C:\Users\ADMINI~1\AppData\Local\Apple Computer
2013-07-16 14:50 - 2013-07-16 14:50 - 00002037 _____ C:\Users\Public\Desktop\HTC Sync Manager.lnk
2013-07-16 14:50 - 2013-07-16 14:50 - 00000000 ____D C:\ProgramData\Motorola
2013-07-16 14:50 - 2013-07-16 14:50 - 00000000 ____D C:\Program Files (x86)\Spirent Communications
2013-07-16 14:50 - 2013-07-16 14:50 - 00000000 ____D C:\Program Files (x86)\HTC
2013-07-16 14:49 - 2013-07-16 14:49 - 00000000 ____D C:\Users\ADMINI~1\AppData\Local\Downloaded Installations
2013-07-16 14:39 - 2013-07-16 14:41 - 117242240 _____ (HTC) C:\Users\Administrator\Downloads\setup_2.0.61.0_htc.exe
2013-07-11 15:35 - 2013-06-12 01:43 - 14329856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-11 15:35 - 2013-06-12 01:43 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-11 15:35 - 2013-06-12 01:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-11 15:35 - 2013-06-12 01:43 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-11 15:35 - 2013-06-12 01:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-11 15:35 - 2013-06-12 01:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-11 15:35 - 2013-06-12 01:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-11 15:35 - 2013-06-12 01:42 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-11 15:35 - 2013-06-12 01:42 - 02046976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-11 15:35 - 2013-06-12 01:42 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-11 15:35 - 2013-06-12 01:42 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-07-11 15:35 - 2013-06-12 01:42 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-07-11 15:35 - 2013-06-12 01:42 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-07-11 15:35 - 2013-06-12 01:26 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-11 15:35 - 2013-06-12 01:26 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-11 15:35 - 2013-06-12 01:26 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-07-11 15:35 - 2013-06-12 01:25 - 19238912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-11 15:35 - 2013-06-12 01:25 - 15404032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-11 15:35 - 2013-06-12 01:25 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-11 15:35 - 2013-06-12 01:25 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-11 15:35 - 2013-06-12 01:25 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-11 15:35 - 2013-06-12 01:25 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-11 15:35 - 2013-06-12 01:25 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-11 15:35 - 2013-06-12 01:25 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-07-11 15:35 - 2013-06-12 01:25 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-07-11 15:35 - 2013-06-12 01:25 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-11 15:35 - 2013-06-12 01:25 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-07-11 15:35 - 2013-06-12 00:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-11 15:35 - 2013-06-12 00:50 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-07-11 15:35 - 2013-06-07 05:22 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-11 15:35 - 2013-06-07 04:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-11 07:40 - 2013-06-05 05:34 - 03153920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-07-11 07:40 - 2013-06-04 08:00 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-07-11 07:40 - 2013-06-04 06:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-07-11 07:40 - 2013-05-06 08:03 - 01887744 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-11 07:40 - 2013-05-06 06:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-11 07:39 - 2013-04-10 01:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-07-11 07:39 - 2013-04-03 00:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll

==================== One Month Modified Files and Folders =======

2013-08-09 08:49 - 2013-08-09 08:49 - 00000000 ____D C:\FRST
2013-08-09 08:49 - 2013-07-16 14:51 - 00000000 ____D C:\Users\ADMINI~1\AppData\Local\HTC MediaHub
2013-08-09 08:48 - 2012-03-28 10:21 - 00001120 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-08-09 08:48 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-09 08:48 - 2009-07-14 06:51 - 00084798 _____ C:\Windows\setupact.log
2013-08-09 08:43 - 2012-01-25 12:22 - 00000035 _____ C:\Users\Public\Documents\AtherosServiceConfig.ini
2013-08-09 08:12 - 2013-08-09 07:58 - 00000000 ____D C:\Program Files (x86)\Amazon Browser Bar
2013-08-09 07:59 - 2013-08-09 07:59 - 00001207 _____ C:\Users\Public\Desktop\Advanced System Protector.lnk
2013-08-09 07:59 - 2013-08-09 07:59 - 00000000 ____D C:\ProgramData\Systweak
2013-08-09 07:59 - 2013-08-09 07:59 - 00000000 ____D C:\Program Files (x86)\Amazon
2013-08-09 07:59 - 2013-08-09 07:59 - 00000000 ____D C:\Program Files (x86)\Advanced System Protector
2013-08-09 07:59 - 2013-08-09 07:58 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Systweak
2013-08-09 07:59 - 2013-08-09 07:58 - 00000000 ____D C:\Program Files (x86)\MyPC Backup
2013-08-09 07:58 - 2013-08-09 07:58 - 00129536 _____ C:\Users\Public\AlexaNSISPlugin.2464.dll
2013-08-09 07:58 - 2013-08-09 07:58 - 00001093 _____ C:\Users\Administrator\Desktop\MyPC Backup.lnk
2013-08-09 07:58 - 2013-08-09 07:58 - 00001056 _____ C:\Users\Public\Desktop\RegClean Pro.lnk
2013-08-09 07:58 - 2013-08-09 07:58 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
2013-08-09 07:58 - 2013-08-09 07:58 - 00000000 ____D C:\Program Files (x86)\RegClean Pro
2013-08-09 07:58 - 2012-01-25 12:40 - 00000000 ___RD C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-08-09 07:57 - 2013-08-09 07:57 - 04679352 _____ (Systweak Inc                                                ) C:\Users\Administrator\Downloads\rcpsetup_chip_de_chip_de.exe
2013-08-09 07:46 - 2012-01-25 12:17 - 01977162 _____ C:\Windows\WindowsUpdate.log
2013-08-09 07:46 - 2009-07-14 06:45 - 00025408 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-09 07:46 - 2009-07-14 06:45 - 00025408 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-09 07:42 - 2013-08-09 07:42 - 00000000 ____D C:\Users\ADMINI~1\AppData\Local\AskToolbar
2013-08-08 15:30 - 2012-01-25 18:17 - 00000702 _____ C:\Windows\ODBC.INI
2013-08-08 15:16 - 2012-03-28 10:21 - 00001124 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-08-08 15:13 - 2012-08-08 09:59 - 00000000 ____D C:\Users\Administrator\Desktop\Faxarchiv
2013-08-08 14:55 - 2012-10-09 13:10 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-08-08 13:34 - 2012-01-26 10:38 - 00000000 ____D C:\Users\ADMINI~1\AppData\Local\CrashDumps
2013-08-08 13:33 - 2013-08-08 13:33 - 00000165 _____ C:\ProgramData\rpibmsxofrvjqpocwjd.reg
2013-08-08 13:33 - 2013-08-08 13:33 - 00000070 _____ C:\ProgramData\rpibmsxofrvjqpocwjd.bat
2013-08-07 15:25 - 2012-03-05 09:06 - 00000000 ____D C:\Users\Administrator\Documents\Lohn
2013-08-07 12:38 - 2012-03-23 14:59 - 00000000 ____D C:\Users\Administrator\Documents\Bürgschaften
2013-08-06 09:41 - 2012-01-26 12:50 - 00000000 ____D C:\Users\Administrator\Documents\Statistik
2013-08-06 09:18 - 2011-04-12 09:43 - 01057180 _____ C:\Windows\system32\perfh007.dat
2013-08-06 09:18 - 2011-04-12 09:43 - 00264906 _____ C:\Windows\system32\perfc007.dat
2013-08-06 09:18 - 2009-07-14 07:13 - 00006870 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-05 08:17 - 2013-08-05 08:17 - 00002218 _____ C:\Users\Public\Desktop\Google Earth.lnk
2013-08-05 08:17 - 2012-03-28 10:20 - 00000000 ____D C:\Program Files (x86)\Google
2013-08-02 13:39 - 2012-01-25 18:06 - 00000021 _____ C:\Windows\DvInesKurusOleServer003.INI
2013-08-02 11:43 - 2012-01-26 10:24 - 00004869 _____ C:\Users\ADMINI~1\AppData\Local\EmptySettings.xml
2013-08-02 08:17 - 2012-06-11 14:57 - 00002189 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-08-01 10:53 - 2013-08-01 10:53 - 00004614 _____ C:\Users\Administrator\Downloads\MonatBHG_20130801.ideva
2013-08-01 10:53 - 2013-08-01 10:53 - 00004536 _____ C:\Users\Administrator\Downloads\MonatBHG_20130801.idev
2013-08-01 10:46 - 2013-08-01 10:46 - 00002694 _____ C:\Users\Administrator\Downloads\Auftragsbestand_20130801.ideva
2013-08-01 10:45 - 2013-08-01 10:45 - 00002610 _____ C:\Users\Administrator\Downloads\Auftragsbestand_20130801.idev
2013-07-29 09:21 - 2012-03-09 08:54 - 00000000 ____D C:\Users\Administrator\Documents\Schriftverkehr allgemein
2013-07-26 11:56 - 2012-08-07 14:11 - 00000000 ____D C:\Users\Administrator\Documents\angebote
2013-07-22 09:35 - 2013-07-22 09:34 - 00000000 ____D C:\Windows\system32\MRT
2013-07-19 14:01 - 2011-11-10 14:00 - 01785584 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-07-19 13:58 - 2013-07-19 13:58 - 00000000 ____D C:\129b6ed6328ebd5c456786
2013-07-17 07:53 - 2009-07-14 06:45 - 00345016 _____ C:\Windows\system32\FNTCACHE.DAT
2013-07-16 15:03 - 2013-07-16 15:03 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\HTC Sync
2013-07-16 15:03 - 2013-07-16 15:03 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\HTC
2013-07-16 15:03 - 2013-07-16 15:03 - 00000000 ____D C:\ProgramData\HTC
2013-07-16 15:03 - 2013-07-16 14:51 - 00000000 ____D C:\Users\Administrator\Documents\HTC
2013-07-16 15:03 - 2012-01-25 12:40 - 00087320 _____ C:\Users\ADMINI~1\AppData\Local\GDIPFONTCACHEV1.DAT
2013-07-16 14:51 - 2013-07-16 14:51 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Apple Computer
2013-07-16 14:51 - 2013-07-16 14:51 - 00000000 ____D C:\Users\ADMINI~1\AppData\Local\Apple Computer
2013-07-16 14:50 - 2013-07-16 14:50 - 00002037 _____ C:\Users\Public\Desktop\HTC Sync Manager.lnk
2013-07-16 14:50 - 2013-07-16 14:50 - 00000000 ____D C:\ProgramData\Motorola
2013-07-16 14:50 - 2013-07-16 14:50 - 00000000 ____D C:\Program Files (x86)\Spirent Communications
2013-07-16 14:50 - 2013-07-16 14:50 - 00000000 ____D C:\Program Files (x86)\HTC
2013-07-16 14:50 - 2012-01-25 18:10 - 00033912 _____ C:\Windows\DPINST.LOG
2013-07-16 14:49 - 2013-07-16 14:49 - 00000000 ____D C:\Users\ADMINI~1\AppData\Local\Downloaded Installations
2013-07-16 14:41 - 2013-07-16 14:39 - 117242240 _____ (HTC) C:\Users\Administrator\Downloads\setup_2.0.61.0_htc.exe
2013-07-15 08:11 - 2012-03-28 10:21 - 00004120 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-07-15 08:11 - 2012-03-28 10:21 - 00003868 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-07-12 07:36 - 2011-04-12 09:55 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-12 07:36 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-12 07:36 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-07-12 07:35 - 2012-03-28 12:09 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-12 07:35 - 2012-03-28 12:09 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-07-11 15:40 - 2012-01-25 13:35 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-07-11 12:00 - 2012-05-30 10:02 - 00000000 ____D C:\Users\Administrator\Documents\Dirk Grüning

Files to move or delete:
====================
C:\ProgramData\rpibmsxofrvjqpocwjd.bat
C:\ProgramData\rpibmsxofrvjqpocwjd.reg

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-07-23 13:05

==================== End Of Log ============================
--- --- ---

schrauber 09.08.2013 08:19
hi,

dann poste die datei mal :)

Melimaca 09.08.2013 09:13

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-08-2013 02
Ran by Administrator (administrator) on 09-08-2013 08:52:30
Running from I:\
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode:

==================== Processes (Whitelisted) =================

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(REINER SCT) C:\Windows\SysWOW64\cjpcsc.exe
(DATEV eG) C:\DATEV\PROGRAMM\INSTALL\DvInesASDSvc.Exe
(DATEV eG) C:\DATEV\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe
(DATEV eG) C:\DATEV\PROGRAMM\B0001442\PSNTSERV.EXE
(DATEV eG) C:\DATEV\PROGRAMM\B0000000\DFUEMNGR\DcManag.exe
(DATEV eG) C:\DATEV\PROGRAMM\B0000150\ScServer\DVckService.exe
(SafeNet Inc.) C:\Windows\system32\hasplms.exe
(Nero AG) C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe
(KOBIL Systems GmbH) C:\DATEV\PROGRAMM\B0000404\msdisrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10_50.DATEV_DBENGINE\MSSQL\Binn\sqlservr.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(DATEV eG) C:\DATEV\PROGRAMM\B0000398\SiPaHostService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
() C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
() C:\Program Files (x86)\Amazon Browser Bar\ToolbarUpdaterService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10_50.DATEV_DBENGINE\MSSQL\Binn\fdlauncher.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10_50.DATEV_DBENGINE\MSSQL\Binn\fdhost.exe
(DATEV eG) C:\DATEV\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13307496 2011-10-17] (Realtek Semiconductor)
HKLM\...\Run: [AtherosBtStack] - C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [613536 2010-10-27] (Atheros Communications)
HKLM\...\Run: [AthBtTray] - C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [379040 2010-10-27] (Atheros Commnucations)
HKCU\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-03-28] (Google Inc.)
HKCU\...\Run: [DFÜ-Sammler] - C:\DATEV\PROGRAMM\RZKOMM\ccsrv2.exe [144992 2012-07-26] ()
MountPoints2: {19551e2a-2fb9-11e2-9e5c-404e57434401} - I:\HTC_Sync_Manager_PC.exe
MountPoints2: {6987e55b-66ba-11e2-9c22-404e57434401} - I:\HTC_Sync_Manager_PC.exe
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-05-20] (Intel Corporation)
HKLM-x32\...\Run: [DATEV Update-Monitor] - C:\Datev\PROGRAMM\Install\DvInesASDMon.exe [288352 2012-12-20] (DATEV eG)
HKLM-x32\...\Run: [SfWinStartInfo] - C:\SFirm\Programm\sfWinStartupInfo.exe [144544 2012-07-06] (Star Finanz - Software Entwicklung und Vertriebs GmbH)
HKLM-x32\...\Run: [ApnUpdater] - C:\Program Files (x86)\Ask.com\Updater\Updater.exe [1573584 2012-10-19] (Ask)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [345144 2013-07-02] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [] -  [x]
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SiPaHost] - C:\DATEV\PROGRAMM\B0000398\SiPaHost.exe [551464 2013-01-18] (DATEV eG)
HKLM-x32\...\Run: [Advanced System Protector_startup] - C:\Program Files (x86)\Advanced System Protector\AdvancedSystemProtector.exe [6563184 2013-05-24] (Systweak)
Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
ShortcutTarget: MyPC Backup.lnk -> C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe (MyPCBackup.com)
Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\rpibmsxofrvjqpocwjd.lnk
ShortcutTarget: rpibmsxofrvjqpocwjd.lnk -> C:\Users\ADMINI~1\AppData\Local\Temp\djwcopqjvrfoxsmbipr.bfg ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Basisschnittstelle Office Initialisierung.lnk
ShortcutTarget: Basisschnittstelle Office Initialisierung.lnk -> C:\Datev\PROGRAMM\BSoffice\service\OfficeDiag.exe (DATEV eG)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CleanupPrintJobs.lnk
ShortcutTarget: CleanupPrintJobs.lnk -> C:\Datev\PROGRAMM\B0001401\CleanupPrintJobs.exe (DATEV eG)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\DATEV-Hinweis Mitteilungsdienst.lnk
ShortcutTarget: DATEV-Hinweis Mitteilungsdienst.lnk -> C:\Datev\PROGRAMM\A0000007\DHNC.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\DFÜ-Manager.LNK
ShortcutTarget: DFÜ-Manager.LNK -> C:\Datev\PROGRAMM\B0000000\DFUEMNGR\DfueMan.exe (DATEV eG)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Lizenz-Manager Server.lnk
ShortcutTarget: Lizenz-Manager Server.lnk -> C:\Datev\PROGRAMM\Sws\LiMaServer.exe (DATEV eG)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RZ-Druckertreiber V.2.3.lnk
ShortcutTarget: RZ-Druckertreiber V.2.3.lnk -> C:\DATEV\SYSTEM\rzpjwtch.exe (DATEV eG)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SkyUserDevmode-Update.lnk
ShortcutTarget: SkyUserDevmode-Update.lnk -> C:\Datev\PROGRAMM\B0001401\UpdateDevmode.exe (DATEV eG)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.avira.com/?l=dis&o=APN10261&gct=hp&dc=EU&locale=de_DE
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
URLSearchHook: (No Name) - {00000000-6E41-4FD3-8538-502F5495E5FC} -  No File
URLSearchHook: (No Name) - {40c3cc16-7269-4b32-9531-17f2950fb06f} -  No File
SearchScopes: HKCU - DefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www.claro-search.com/?q={searchTerms}&affID=109727&tt=090812_clr_3212_5&babsrc=SP_ss&mntrId=3ebb19bc0000000000005404a67ee95b
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www.claro-search.com/?q={searchTerms}&affID=109727&tt=090812_clr_3212_5&babsrc=SP_ss&mntrId=3ebb19bc0000000000005404a67ee95b
SearchScopes: HKCU - {7820584C-FFB8-4AEB-952B-5DFA51500DF3} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2319825
SearchScopes: HKCU - {AFA8EB7C-076D-425F-A818-F1EAFA53793E} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10261&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=^AGS&apn_dtid=^YYYYYY^YY^DE&apn_uid=2645525f-cd2b-4794-9612-00e91623e583&apn_sauid=04B97770-EDC7-4D6D-A29E-9CFD99FC942C
BHO: DtvIePwdSafeBHO Class - {6EF6B546-25FB-455B-801F-FDB3B3D39F9E} - C:\DATEV\PROGRAMM\B0000397\DtvIePwdSafe64.dll (DATEV eG)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: SCardBHOEvent Class - {AF8CD625-E04A-4A8F-A90A-0C74846C2E30} - C:\DATEV\SYSTEM\DVCCSASCardBHO64002.Dll (DATEV eG)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Winload Toolbar - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files (x86)\Winload\prxtbWinl.dll (Conduit Ltd.)
BHO-x32: DtvIePwdSafeBHO Class - {6EF6B546-25FB-455B-801F-FDB3B3D39F9E} - C:\DATEV\PROGRAMM\B0000397\DtvIePwdSafe.dll (DATEV eG)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO-x32: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: SCardBHOEvent Class - {AF8CD625-E04A-4A8F-A90A-0C74846C2E30} - C:\DATEV\SYSTEM\DVCCSAScardBHO002.dll (DATEV eG)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
BHO-x32: Avira SearchFree Toolbar plus Web Protection - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: AlxHelper Class - {F443A627-5009-4323-9C1D-7FD598D0D712} - C:\Program Files (x86)\Amazon Browser Bar\AmazonBrowserBar.3.0.dll (Amazon.com)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - loadtbs - {DFEFCDEE-CF1A-4FC8-88AD-129872198372} - C:\Users\Administrator\AppData\Roaming\loadtbs\toolbar.dll (InfiniAd GmbH)
Toolbar: HKLM-x32 - Winload Toolbar - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files (x86)\Winload\prxtbWinl.dll (Conduit Ltd.)
Toolbar: HKLM-x32 - Avira SearchFree Toolbar plus Web Protection - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM-x32 - Amazon Browser Bar - {EA582743-9076-4178-9AA6-7393FDF4D5CE} - C:\Program Files (x86)\Amazon Browser Bar\AmazonBrowserBar.3.0.dll (Amazon.com)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKCU - No Name - {DFEFCDEE-CF1A-4FC8-88AD-129872198372} -  No File
Toolbar: HKCU - No Name - {40C3CC16-7269-4B32-9531-17F2950FB06F} -  No File
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\e1knkc9l.default
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.google.de/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @java.com/DTPlugin,version=10.15.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.15.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\e1knkc9l.default\searchplugins\askcom.xml
FF Extension: No Name - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\e1knkc9l.default\Extensions\abb@amazon.com
FF Extension: No Name - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\e1knkc9l.default\Extensions\toolbar@ask.com
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

Chrome:
=======
CHR HomePage: hxxp://search.avira.com/?l=dis&o=APN10261&gct=hp&dc=EU&locale=de_DE
CHR RestoreOnStartup: "hxxp://www.claro-search.com/?affID=109727&tt=090812_clr_3212_5&babsrc=HP_ss&mntrId=3ebb19bc0000000000005404a67ee95b"
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\gcswf32.dll No File
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.300.12) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java(TM) Platform SE 6 U30) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Extension: (Avira Toolbar) - C:\Users\ADMINI~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabfjnbeinlpljodiajipidiompfl\7.15.10.0_0
CHR Extension: (YouTube) - C:\Users\ADMINI~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1
CHR Extension: (Google Search) - C:\Users\ADMINI~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1
CHR Extension: (Gmail) - C:\Users\ADMINI~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1
CHR HKLM-x32\...\Chrome\Extension: [aaaaabfjnbeinlpljodiajipidiompfl] - C:\Users\Administrator\AppData\Local\APN\GoogleCRXs\aaaaabfjnbeinlpljodiajipidiompfl_7.15.10.0.crx
CHR StartMenuInternet: Google Chrome - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-07-02] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-07-02] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [589368 2013-07-02] (Avira Operations GmbH & Co. KG)
S2 BackupStack; C:\Program Files (x86)\MyPC Backup\BackupStack.exe [32808 2013-07-01] (Just Develop It)
R2 cjpcsc; C:\Windows\SysWOW64\cjpcsc.exe [511920 2011-07-22] (REINER SCT)
R2 DATEV Update-Service; C:\DATEV\PROGRAMM\INSTALL\DvInesASDSvc.Exe [158304 2012-12-20] (DATEV eG)
R2 DatevPrintService; C:\DATEV\PROGRAMM\B0001442\PSNTSERV.EXE [87040 2013-04-08] (DATEV eG)
R2 Dcmanag; C:\DATEV\PROGRAMM\B0000000\DFUEMNGR\DcManag.exe [177760 2012-06-05] (DATEV eG)
R2 DVckService; C:\DATEV\PROGRAMM\B0000150\ScServer\DVckService.exe [2653224 2013-01-28] (DATEV eG)
R2 hasplms; C:\Windows\system32\hasplms.exe [4913608 2011-12-01] (SafeNet Inc.)
R2 HTCMonitorService; C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2013-01-29] (Nero AG)
R2 KOBIL_MSDI; C:\DATEV\PROGRAMM\B0000404\msdisrv.exe [192512 2011-03-03] (KOBIL Systems GmbH)
R2 MSSQL$DATEV_DBENGINE; C:\Program Files\Microsoft SQL Server\MSSQL10_50.DATEV_DBENGINE\MSSQL\Binn\sqlservr.exe [62111072 2011-06-17] (Microsoft Corporation)
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] ()
R2 Sicherheitspaket-Dienst; C:\DATEV\PROGRAMM\B0000398\SiPaHostService.exe [196136 2013-01-18] (DATEV eG)
S4 SQLAgent$DATEV_DBENGINE; C:\Program Files\Microsoft SQL Server\MSSQL10_50.DATEV_DBENGINE\MSSQL\Binn\SQLAGENT.EXE [431456 2011-06-17] (Microsoft Corporation)
R2 Updater Service for AMZN; C:\Program Files (x86)\Amazon Browser Bar\ToolbarUpdaterService.exe [222368 2013-03-21] ()
S3 Datev.Database.Conserve; C:\DATEV\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe Datev.Database.Conserve SvcRunLevel=1000 [x]
R2 Datev.Framework.RemoteServiceModel.EnablerService; C:\DATEV\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe Datev.Framework.RemoteServiceModel.EnablerService -SvcRunLevel=9999 -Single [x]
R3 Datev.Framework.RemoteServices; C:\DATEV\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe Datev.Framework.RemoteServices -SvcRunLevel=1000 -Single [x]
R3 MSSQLFDLauncher$DATEV_DBENGINE; "C:\Program Files\Microsoft SQL Server\MSSQL10_50.DATEV_DBENGINE\MSSQL\Binn\fdlauncher.exe" -s MSSQL10_50.DATEV_DBENGINE [x]

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [100712 2013-03-21] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130016 2013-03-21] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-03-21] (Avira Operations GmbH & Co. KG)
R3 AVMCOWAN; C:\Windows\System32\DRIVERS\AVMCOWAN.sys [79872 2009-06-10] (AVM GmbH)
R3 b1cbase; C:\Windows\System32\DRIVERS\b1cbase.sys [213120 2009-06-10] (AVM GmbH)
S3 cjusb; C:\Windows\System32\DRIVERS\cjusb.sys [34672 2011-03-29] (REINER SCT)
R2 hardlock; C:\Windows\system32\drivers\hardlock.sys [321536 2011-09-28] (SafeNet Inc.)
S3 KOBCCEX; C:\Windows\System32\drivers\KOBCCEX.sys [25344 2012-01-25] (KOBIL Systems GmbH)
S3 KOBCCID; C:\Windows\System32\drivers\KOBCCID.sys [116864 2012-12-19] (KOBIL Systems GmbH)
R3 PciPPorts; C:\Windows\System32\DRIVERS\PciPPorts.sys [96768 2009-07-23] ()
R2 SC_SERV3D; C:\Windows\system32\drivers\d3_kafm.sys [84728 2012-07-03] (Datev eG)
R2 SC_SERV3D; C:\Windows\system32\drivers\d3_kafm.sys [84728 2012-07-03] (Datev eG)
U0 dmboot;

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-08-09 08:49 - 2013-08-09 08:49 - 00000000 ____D C:\FRST
2013-08-09 07:59 - 2013-08-09 07:59 - 00001207 _____ C:\Users\Public\Desktop\Advanced System Protector.lnk
2013-08-09 07:59 - 2013-08-09 07:59 - 00000000 ____D C:\ProgramData\Systweak
2013-08-09 07:59 - 2013-08-09 07:59 - 00000000 ____D C:\Program Files (x86)\Amazon
2013-08-09 07:59 - 2013-08-09 07:59 - 00000000 ____D C:\Program Files (x86)\Advanced System Protector
2013-08-09 07:59 - 2012-07-25 12:03 - 00016896 _____ C:\Windows\system32\sasnative64.exe
2013-08-09 07:58 - 2013-08-09 08:12 - 00000000 ____D C:\Program Files (x86)\Amazon Browser Bar
2013-08-09 07:58 - 2013-08-09 07:59 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Systweak
2013-08-09 07:58 - 2013-08-09 07:59 - 00000000 ____D C:\Program Files (x86)\MyPC Backup
2013-08-09 07:58 - 2013-08-09 07:58 - 00129536 _____ C:\Users\Public\AlexaNSISPlugin.2464.dll
2013-08-09 07:58 - 2013-08-09 07:58 - 00001093 _____ C:\Users\Administrator\Desktop\MyPC Backup.lnk
2013-08-09 07:58 - 2013-08-09 07:58 - 00001056 _____ C:\Users\Public\Desktop\RegClean Pro.lnk
2013-08-09 07:58 - 2013-08-09 07:58 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
2013-08-09 07:58 - 2013-08-09 07:58 - 00000000 ____D C:\Program Files (x86)\RegClean Pro
2013-08-09 07:58 - 2013-05-27 16:01 - 00020312 _____ (Systweak Inc., (www.systweak.com)) C:\Windows\system32\roboot64.exe
2013-08-09 07:57 - 2013-08-09 07:57 - 04679352 _____ (Systweak Inc                                                ) C:\Users\Administrator\Downloads\rcpsetup_chip_de_chip_de.exe
2013-08-09 07:42 - 2013-08-09 07:42 - 00000000 ____D C:\Users\ADMINI~1\AppData\Local\AskToolbar
2013-08-08 13:33 - 2013-08-08 13:33 - 00000165 _____ C:\ProgramData\rpibmsxofrvjqpocwjd.reg
2013-08-08 13:33 - 2013-08-08 13:33 - 00000070 _____ C:\ProgramData\rpibmsxofrvjqpocwjd.bat
2013-08-05 08:17 - 2013-08-05 08:17 - 00002218 _____ C:\Users\Public\Desktop\Google Earth.lnk
2013-08-01 10:53 - 2013-08-01 10:53 - 00004614 _____ C:\Users\Administrator\Downloads\MonatBHG_20130801.ideva
2013-08-01 10:53 - 2013-08-01 10:53 - 00004536 _____ C:\Users\Administrator\Downloads\MonatBHG_20130801.idev
2013-08-01 10:46 - 2013-08-01 10:46 - 00002694 _____ C:\Users\Administrator\Downloads\Auftragsbestand_20130801.ideva
2013-08-01 10:45 - 2013-08-01 10:45 - 00002610 _____ C:\Users\Administrator\Downloads\Auftragsbestand_20130801.idev
2013-07-22 09:34 - 2013-07-22 09:35 - 00000000 ____D C:\Windows\system32\MRT
2013-07-19 13:58 - 2013-07-19 13:58 - 00000000 ____D C:\129b6ed6328ebd5c456786
2013-07-16 15:03 - 2013-07-16 15:03 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\HTC Sync
2013-07-16 15:03 - 2013-07-16 15:03 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\HTC
2013-07-16 15:03 - 2013-07-16 15:03 - 00000000 ____D C:\ProgramData\HTC
2013-07-16 14:51 - 2013-08-09 08:49 - 00000000 ____D C:\Users\ADMINI~1\AppData\Local\HTC MediaHub
2013-07-16 14:51 - 2013-07-16 15:03 - 00000000 ____D C:\Users\Administrator\Documents\HTC
2013-07-16 14:51 - 2013-07-16 14:51 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Apple Computer
2013-07-16 14:51 - 2013-07-16 14:51 - 00000000 ____D C:\Users\ADMINI~1\AppData\Local\Apple Computer
2013-07-16 14:50 - 2013-07-16 14:50 - 00002037 _____ C:\Users\Public\Desktop\HTC Sync Manager.lnk
2013-07-16 14:50 - 2013-07-16 14:50 - 00000000 ____D C:\ProgramData\Motorola
2013-07-16 14:50 - 2013-07-16 14:50 - 00000000 ____D C:\Program Files (x86)\Spirent Communications
2013-07-16 14:50 - 2013-07-16 14:50 - 00000000 ____D C:\Program Files (x86)\HTC
2013-07-16 14:49 - 2013-07-16 14:49 - 00000000 ____D C:\Users\ADMINI~1\AppData\Local\Downloaded Installations
2013-07-16 14:39 - 2013-07-16 14:41 - 117242240 _____ (HTC) C:\Users\Administrator\Downloads\setup_2.0.61.0_htc.exe
2013-07-11 15:35 - 2013-06-12 01:43 - 14329856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-11 15:35 - 2013-06-12 01:43 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-11 15:35 - 2013-06-12 01:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-11 15:35 - 2013-06-12 01:43 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-11 15:35 - 2013-06-12 01:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-11 15:35 - 2013-06-12 01:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-11 15:35 - 2013-06-12 01:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-11 15:35 - 2013-06-12 01:42 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-11 15:35 - 2013-06-12 01:42 - 02046976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-11 15:35 - 2013-06-12 01:42 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-11 15:35 - 2013-06-12 01:42 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-07-11 15:35 - 2013-06-12 01:42 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-07-11 15:35 - 2013-06-12 01:42 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-07-11 15:35 - 2013-06-12 01:26 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-11 15:35 - 2013-06-12 01:26 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-11 15:35 - 2013-06-12 01:26 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-07-11 15:35 - 2013-06-12 01:25 - 19238912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-11 15:35 - 2013-06-12 01:25 - 15404032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-11 15:35 - 2013-06-12 01:25 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-11 15:35 - 2013-06-12 01:25 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-11 15:35 - 2013-06-12 01:25 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-11 15:35 - 2013-06-12 01:25 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-11 15:35 - 2013-06-12 01:25 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-11 15:35 - 2013-06-12 01:25 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-07-11 15:35 - 2013-06-12 01:25 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-07-11 15:35 - 2013-06-12 01:25 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-11 15:35 - 2013-06-12 01:25 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-07-11 15:35 - 2013-06-12 00:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-11 15:35 - 2013-06-12 00:50 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-07-11 15:35 - 2013-06-07 05:22 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-11 15:35 - 2013-06-07 04:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-11 07:40 - 2013-06-05 05:34 - 03153920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-07-11 07:40 - 2013-06-04 08:00 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-07-11 07:40 - 2013-06-04 06:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-07-11 07:40 - 2013-05-06 08:03 - 01887744 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-11 07:40 - 2013-05-06 06:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-11 07:39 - 2013-04-10 01:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-07-11 07:39 - 2013-04-03 00:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll

==================== One Month Modified Files and Folders =======

2013-08-09 08:49 - 2013-08-09 08:49 - 00000000 ____D C:\FRST
2013-08-09 08:49 - 2013-07-16 14:51 - 00000000 ____D C:\Users\ADMINI~1\AppData\Local\HTC MediaHub
2013-08-09 08:48 - 2012-03-28 10:21 - 00001120 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-08-09 08:48 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-09 08:48 - 2009-07-14 06:51 - 00084798 _____ C:\Windows\setupact.log
2013-08-09 08:43 - 2012-01-25 12:22 - 00000035 _____ C:\Users\Public\Documents\AtherosServiceConfig.ini
2013-08-09 08:12 - 2013-08-09 07:58 - 00000000 ____D C:\Program Files (x86)\Amazon Browser Bar
2013-08-09 07:59 - 2013-08-09 07:59 - 00001207 _____ C:\Users\Public\Desktop\Advanced System Protector.lnk
2013-08-09 07:59 - 2013-08-09 07:59 - 00000000 ____D C:\ProgramData\Systweak
2013-08-09 07:59 - 2013-08-09 07:59 - 00000000 ____D C:\Program Files (x86)\Amazon
2013-08-09 07:59 - 2013-08-09 07:59 - 00000000 ____D C:\Program Files (x86)\Advanced System Protector
2013-08-09 07:59 - 2013-08-09 07:58 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Systweak
2013-08-09 07:59 - 2013-08-09 07:58 - 00000000 ____D C:\Program Files (x86)\MyPC Backup
2013-08-09 07:58 - 2013-08-09 07:58 - 00129536 _____ C:\Users\Public\AlexaNSISPlugin.2464.dll
2013-08-09 07:58 - 2013-08-09 07:58 - 00001093 _____ C:\Users\Administrator\Desktop\MyPC Backup.lnk
2013-08-09 07:58 - 2013-08-09 07:58 - 00001056 _____ C:\Users\Public\Desktop\RegClean Pro.lnk
2013-08-09 07:58 - 2013-08-09 07:58 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
2013-08-09 07:58 - 2013-08-09 07:58 - 00000000 ____D C:\Program Files (x86)\RegClean Pro
2013-08-09 07:58 - 2012-01-25 12:40 - 00000000 ___RD C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-08-09 07:57 - 2013-08-09 07:57 - 04679352 _____ (Systweak Inc                                                ) C:\Users\Administrator\Downloads\rcpsetup_chip_de_chip_de.exe
2013-08-09 07:46 - 2012-01-25 12:17 - 01977162 _____ C:\Windows\WindowsUpdate.log
2013-08-09 07:46 - 2009-07-14 06:45 - 00025408 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-09 07:46 - 2009-07-14 06:45 - 00025408 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-09 07:42 - 2013-08-09 07:42 - 00000000 ____D C:\Users\ADMINI~1\AppData\Local\AskToolbar
2013-08-08 15:30 - 2012-01-25 18:17 - 00000702 _____ C:\Windows\ODBC.INI
2013-08-08 15:16 - 2012-03-28 10:21 - 00001124 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-08-08 15:13 - 2012-08-08 09:59 - 00000000 ____D C:\Users\Administrator\Desktop\Faxarchiv
2013-08-08 14:55 - 2012-10-09 13:10 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-08-08 13:34 - 2012-01-26 10:38 - 00000000 ____D C:\Users\ADMINI~1\AppData\Local\CrashDumps
2013-08-08 13:33 - 2013-08-08 13:33 - 00000165 _____ C:\ProgramData\rpibmsxofrvjqpocwjd.reg
2013-08-08 13:33 - 2013-08-08 13:33 - 00000070 _____ C:\ProgramData\rpibmsxofrvjqpocwjd.bat
2013-08-07 15:25 - 2012-03-05 09:06 - 00000000 ____D C:\Users\Administrator\Documents\Lohn
2013-08-07 12:38 - 2012-03-23 14:59 - 00000000 ____D C:\Users\Administrator\Documents\Bürgschaften
2013-08-06 09:41 - 2012-01-26 12:50 - 00000000 ____D C:\Users\Administrator\Documents\Statistik
2013-08-06 09:18 - 2011-04-12 09:43 - 01057180 _____ C:\Windows\system32\perfh007.dat
2013-08-06 09:18 - 2011-04-12 09:43 - 00264906 _____ C:\Windows\system32\perfc007.dat
2013-08-06 09:18 - 2009-07-14 07:13 - 00006870 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-05 08:17 - 2013-08-05 08:17 - 00002218 _____ C:\Users\Public\Desktop\Google Earth.lnk
2013-08-05 08:17 - 2012-03-28 10:20 - 00000000 ____D C:\Program Files (x86)\Google
2013-08-02 13:39 - 2012-01-25 18:06 - 00000021 _____ C:\Windows\DvInesKurusOleServer003.INI
2013-08-02 11:43 - 2012-01-26 10:24 - 00004869 _____ C:\Users\ADMINI~1\AppData\Local\EmptySettings.xml
2013-08-02 08:17 - 2012-06-11 14:57 - 00002189 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-08-01 10:53 - 2013-08-01 10:53 - 00004614 _____ C:\Users\Administrator\Downloads\MonatBHG_20130801.ideva
2013-08-01 10:53 - 2013-08-01 10:53 - 00004536 _____ C:\Users\Administrator\Downloads\MonatBHG_20130801.idev
2013-08-01 10:46 - 2013-08-01 10:46 - 00002694 _____ C:\Users\Administrator\Downloads\Auftragsbestand_20130801.ideva
2013-08-01 10:45 - 2013-08-01 10:45 - 00002610 _____ C:\Users\Administrator\Downloads\Auftragsbestand_20130801.idev
2013-07-29 09:21 - 2012-03-09 08:54 - 00000000 ____D C:\Users\Administrator\Documents\Schriftverkehr allgemein
2013-07-26 11:56 - 2012-08-07 14:11 - 00000000 ____D C:\Users\Administrator\Documents\angebote
2013-07-22 09:35 - 2013-07-22 09:34 - 00000000 ____D C:\Windows\system32\MRT
2013-07-19 14:01 - 2011-11-10 14:00 - 01785584 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-07-19 13:58 - 2013-07-19 13:58 - 00000000 ____D C:\129b6ed6328ebd5c456786
2013-07-17 07:53 - 2009-07-14 06:45 - 00345016 _____ C:\Windows\system32\FNTCACHE.DAT
2013-07-16 15:03 - 2013-07-16 15:03 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\HTC Sync
2013-07-16 15:03 - 2013-07-16 15:03 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\HTC
2013-07-16 15:03 - 2013-07-16 15:03 - 00000000 ____D C:\ProgramData\HTC
2013-07-16 15:03 - 2013-07-16 14:51 - 00000000 ____D C:\Users\Administrator\Documents\HTC
2013-07-16 15:03 - 2012-01-25 12:40 - 00087320 _____ C:\Users\ADMINI~1\AppData\Local\GDIPFONTCACHEV1.DAT
2013-07-16 14:51 - 2013-07-16 14:51 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Apple Computer
2013-07-16 14:51 - 2013-07-16 14:51 - 00000000 ____D C:\Users\ADMINI~1\AppData\Local\Apple Computer
2013-07-16 14:50 - 2013-07-16 14:50 - 00002037 _____ C:\Users\Public\Desktop\HTC Sync Manager.lnk
2013-07-16 14:50 - 2013-07-16 14:50 - 00000000 ____D C:\ProgramData\Motorola
2013-07-16 14:50 - 2013-07-16 14:50 - 00000000 ____D C:\Program Files (x86)\Spirent Communications
2013-07-16 14:50 - 2013-07-16 14:50 - 00000000 ____D C:\Program Files (x86)\HTC
2013-07-16 14:50 - 2012-01-25 18:10 - 00033912 _____ C:\Windows\DPINST.LOG
2013-07-16 14:49 - 2013-07-16 14:49 - 00000000 ____D C:\Users\ADMINI~1\AppData\Local\Downloaded Installations
2013-07-16 14:41 - 2013-07-16 14:39 - 117242240 _____ (HTC) C:\Users\Administrator\Downloads\setup_2.0.61.0_htc.exe
2013-07-15 08:11 - 2012-03-28 10:21 - 00004120 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-07-15 08:11 - 2012-03-28 10:21 - 00003868 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-07-12 07:36 - 2011-04-12 09:55 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-12 07:36 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-12 07:36 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-07-12 07:35 - 2012-03-28 12:09 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-12 07:35 - 2012-03-28 12:09 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-07-11 15:40 - 2012-01-25 13:35 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-07-11 12:00 - 2012-05-30 10:02 - 00000000 ____D C:\Users\Administrator\Documents\Dirk Grüning

Files to move or delete:
====================
C:\ProgramData\rpibmsxofrvjqpocwjd.bat
C:\ProgramData\rpibmsxofrvjqpocwjd.reg

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-07-23 13:05

==================== End Of Log ============================
--- --- ---

schrauber 09.08.2013 10:50
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
HKLM-x32\...\Run: [Advanced System Protector_startup] - C:\Program Files (x86)\Advanced System Protector\AdvancedSystemProtector.exe [6563184 2013-05-24] (Systweak)
Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
ShortcutTarget: MyPC Backup.lnk -> C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe (MyPCBackup.com)
Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\rpibmsxofrvjqpocwjd.lnk
ShortcutTarget: rpibmsxofrvjqpocwjd.lnk -> C:\Users\ADMINI~1\AppData\Local\Temp\djwcopqjvrfoxsmbipr.bfg ()
2013-08-09 07:59 - 2013-08-09 07:59 - 00001207 _____ C:\Users\Public\Desktop\Advanced System Protector.lnk
2013-08-09 07:59 - 2013-08-09 07:59 - 00000000 ____D C:\ProgramData\Systweak
2013-08-09 07:59 - 2013-08-09 07:59 - 00000000 ____D C:\Program Files (x86)\Amazon
2013-08-09 07:59 - 2013-08-09 07:59 - 00000000 ____D C:\Program Files (x86)\Advanced System Protector
2013-08-09 07:58 - 2013-08-09 07:59 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Systweak
2013-08-09 07:58 - 2013-08-09 07:59 - 00000000 ____D C:\Program Files (x86)\MyPC Backup
2013-08-09 07:58 - 2013-08-09 07:58 - 00001093 _____ C:\Users\Administrator\Desktop\MyPC Backup.lnk
2013-08-09 07:58 - 2013-08-09 07:58 - 00001056 _____ C:\Users\Public\Desktop\RegClean Pro.lnk
2013-08-09 07:58 - 2013-08-09 07:58 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
2013-08-09 07:58 - 2013-08-09 07:58 - 00000000 ____D C:\Program Files (x86)\RegClean Pro
2013-08-09 07:58 - 2013-05-27 16:01 - 00020312 _____ (Systweak Inc., (www.systweak.com)) C:\Windows\system32\roboot64.exe
2013-08-09 07:57 - 2013-08-09 07:57 - 04679352 _____ (Systweak Inc                                                ) C:\Users\Administrator\Downloads\rcpsetup_chip_de_chip_de.exe
2013-08-09 07:42 - 2013-08-09 07:42 - 00000000 ____D C:\Users\ADMINI~1\AppData\Local\AskToolbar
2013-08-08 13:33 - 2013-08-08 13:33 - 00000165 _____ C:\ProgramData\rpibmsxofrvjqpocwjd.reg
2013-08-08 13:33 - 2013-08-08 13:33 - 00000070 _____ C:\ProgramData\rpibmsxofrvjqpocwjd.bat
2013-08-09 08:12 - 2013-08-09 07:58 - 00000000 ____D C:\Program Files (x86)\Amazon Browser Bar
2013-08-09 07:59 - 2013-08-09 07:59 - 00001207 _____ C:\Users\Public\Desktop\Advanced System Protector.lnk
2013-08-09 07:59 - 2013-08-09 07:59 - 00000000 ____D C:\ProgramData\Systweak
2013-08-09 07:59 - 2013-08-09 07:59 - 00000000 ____D C:\Program Files (x86)\Amazon
2013-08-09 07:59 - 2013-08-09 07:59 - 00000000 ____D C:\Program Files (x86)\Advanced System Protector
2013-08-09 07:59 - 2013-08-09 07:58 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Systweak
2013-08-09 07:59 - 2013-08-09 07:58 - 00000000 ____D C:\Program Files (x86)\MyPC Backup
2013-08-09 07:58 - 2013-08-09 07:58 - 00129536 _____ C:\Users\Public\AlexaNSISPlugin.2464.dll
2013-08-09 07:58 - 2013-08-09 07:58 - 00001093 _____ C:\Users\Administrator\Desktop\MyPC Backup.lnk
2013-08-09 07:58 - 2013-08-09 07:58 - 00001056 _____ C:\Users\Public\Desktop\RegClean Pro.lnk
2013-08-09 07:58 - 2013-08-09 07:58 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
2013-08-09 07:58 - 2013-08-09 07:58 - 00000000 ____D C:\Program Files (x86)\RegClean Pro
C:\Users\ADMINI~1\AppData\Local\Temp\djwcopqjvrfoxsmbipr.bfg

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.



Rechner normal starten :)

Melimaca 09.08.2013 18:20
Vielen Dank erstmal. :) kann erst wieder am 26.08. weitermachen. bin ab heute abend nicht mehr erreichbar, da ich in den Urlaub fahre.

LG

schrauber 10.08.2013 09:37
Ab jetzt dann im normalen Modus:

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)



Alle Zeitangaben in WEZ +1. Es ist jetzt 03:15 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19