Trojaner-Board
Seite 2 von 3 1 2 3
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   entfernen W32 blaster worm (https://www.trojaner-board.de/139921-entfernen-w32-blaster-worm.html)

kleiner Wolf 17.08.2013 12:05
Hallo Leo,

habe wie beschrieben den Rechner im angesicherten Modus mit Netzwerktreibern gestartet. Allerdings wird nur ein File erzeugt.


FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 16-08-2013
Ran by PM (administrator) on 17-08-2013 12:48:01
Running from C:\Users\PM\Desktop
Microsoft® Windows Vista™ Home Premium  Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 7
Boot Mode: Safe Mode (with Networking)

==================== Processes (Whitelisted) ===================


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [hpsysdrv] - c:\hp\support\hpsysdrv.exe [65536 2006-09-28] (Hewlett-Packard Company)
HKLM\...\Run: [KBD] - C:\HP\KBD\KbdStub.EXE [65536 2006-12-08] ()
HKLM\...\Run: [OsdMaestro] - C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe [118784 2007-02-15] (OsdMaestro)
HKLM\...\Run: [RtHDVCpl] - C:\Windows\RtHDVCpl.exe [4874240 2008-01-15] (Realtek Semiconductor)
HKLM\...\Run: [NeroCheck] - C:\Windows\system32\NeroCheck.exe [155648 2001-07-09] (Ahead Software Gmbh)
HKLM\...\Run: [Symantec PIF AlertEng] - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [583048 2008-01-29] (Symantec Corporation)
HKLM\...\Run: [BrMfcWnd] - C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe [1089536 2008-02-19] (Brother Industries, Ltd.)
HKLM\...\Run: [ControlCenter3] - C:\Program Files\Brother\ControlCenter3\brctrcen.exe [86016 2007-12-21] (Brother Industries, Ltd.)
HKLM\...\Run: [PaperPort PTD] - C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe [29984 2007-10-11] (Nuance Communications, Inc.)
HKLM\...\Run: [IndexSearch] - C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe [46368 2007-10-11] (Nuance Communications, Inc.)
HKLM\...\Run: [NvSvc] - C:\Windows\system32\nvsvc.dll [92704 2008-01-10] (NVIDIA Corporation)
HKLM\...\Run: [NvCplDaemon] - C:\Windows\system32\NvCpl.dll [8530464 2008-01-10] (NVIDIA Corporation)
HKLM\...\Run: [NvMediaCenter] - C:\Windows\system32\NvMcTray.dll [88608 2008-01-10] (NVIDIA Corporation)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [919008 2012-07-27] (Adobe Systems Incorporated)
HKLM\...\Run: [PDFPrint] - C:\Program Files\PDF24\pdf24.exe [162856 2013-06-10] (Geek Software GmbH)
HKLM\...\Run: [FromDocToPDF Search Scope Monitor] - C:\PROGRA~1\FROMDO~2\bar\1.bin\65srchmn.exe [44784 2013-07-09] (MindSpark)
HKLM\...\Run: [FromDocToPDF_65 Browser Plugin Loader] - C:\PROGRA~1\FROMDO~2\bar\1.bin\65brmon.exe [30096 2013-07-09] (VER_COMPANY_NAME)
HKLM\...\Run: [TkBellExe] - C:\Program Files\Common Files\Real\Update_OB\realsched.exe [185896 2007-06-18] (RealNetworks, Inc.)
HKLM\...\RunOnce: [Launcher] - %WINDIR%\SMINST\launcher.exe [44168 2007-03-07] (soft thinks)
HKCU\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [125952 2008-01-18] (Microsoft Corporation)
HKCU\...\Run: [HPADVISOR] - C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe [1644088 2009-08-05] (Hewlett-Packard)
HKCU\...\Run: [Google Update*] -  [x] <===== ATTENTION (ZeroAccess rootkit hidden path)
HKCU\...\Run: [Internet Security] - C:\Users\PM\AppData\Roaming\msprotection.exe [845312 2013-08-17] (Peter Pawlowski)
HKU\Default\...\Run: [WindowsWelcomeCenter] - C:\Windows\System32\oobefldr.dll [ 2008-01-18] (Microsoft Corporation)
HKU\Default\...\Run: [HPADVISOR] - C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe [ 2009-08-05] (Hewlett-Packard)
HKU\Default User\...\Run: [WindowsWelcomeCenter] - C:\Windows\System32\oobefldr.dll [ 2008-01-18] (Microsoft Corporation)
HKU\Default User\...\Run: [HPADVISOR] - C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe [ 2009-08-05] (Hewlett-Packard)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\PM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=73&bd=Pavilion&pf=desktop
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
SearchScopes: HKLM - {13ACC3AB-22DA-47E2-854A-F3A72E8F4FF7} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06
SearchScopes: HKLM - {9a216821-0ec5-49a3-85ac-fb72ae79a1e8} URL = hxxp://search.tb.ask.com/search/GGmain.jhtml?p2=^Y6^xdm043^YYA^de&si=swissconverter&ptb=D1881E25-0032-4500-A85B-49180ECAE22D&ind=2013070915&n=77fd0643&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKCU - DefaultScope {9a216821-0ec5-49a3-85ac-fb72ae79a1e8} URL = hxxp://search.tb.ask.com/search/GGmain.jhtml?p2=^Y6^xdm043^YYA^de&si=swissconverter&ptb=D1881E25-0032-4500-A85B-49180ECAE22D&ind=2013070915&n=77fd0643&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKCU - {13ACC3AB-22DA-47E2-854A-F3A72E8F4FF7} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06
SearchScopes: HKCU - {9a216821-0ec5-49a3-85ac-fb72ae79a1e8} URL = hxxp://search.tb.ask.com/search/GGmain.jhtml?p2=^Y6^xdm043^YYA^de&si=swissconverter&ptb=D1881E25-0032-4500-A85B-49180ECAE22D&ind=2013070915&n=77fd0643&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKCU - {AE67D855-EA9B-4626-9C96-0939A094504C} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=302398&p={searchTerms}
BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - No Name - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} -  No File
Toolbar: HKCU -No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKCU -No Name - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} -  No File
Toolbar: HKCU -&Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\system32\ieframe.dll (Microsoft Corporation)
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
Handler: haufereader - No CLSID Value -
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: msdaipp - No CLSID Value -
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Winsock: Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [147456] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 83.169.185.33 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\PM\AppData\Roaming\Mozilla\Firefox\Profiles\e2au7sym.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF Plugin: @FromDocToPDF_65.com/Plugin - C:\Program Files\FromDocToPDF_65\bar\1.bin\NP65Stub.dll (MindSpark)
FF Plugin: @java.com/DTPlugin,version=10.7.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.7.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=6.0.11.2571 - C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprjplug;version=1.0.2.2629 - C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=6.0.12.1739 - C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @veetle.com/vbp;version=0.9.16 - C:\Program Files\Veetle\VLCBroadcast\npvbp.dll No File
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\PM\AppData\Roaming\Mozilla\Firefox\Profiles\e2au7sym.default\searchplugins\ask-web-search.xml
FF SearchPlugin: C:\Users\PM\AppData\Roaming\Mozilla\Firefox\Profiles\e2au7sym.default\searchplugins\icqplugin-11.xml
FF SearchPlugin: C:\Users\PM\AppData\Roaming\Mozilla\Firefox\Profiles\e2au7sym.default\searchplugins\icqplugin-12.xml
FF SearchPlugin: C:\Users\PM\AppData\Roaming\Mozilla\Firefox\Profiles\e2au7sym.default\searchplugins\icqplugin-13.xml
FF SearchPlugin: C:\Users\PM\AppData\Roaming\Mozilla\Firefox\Profiles\e2au7sym.default\searchplugins\icqplugin-14.xml
FF SearchPlugin: C:\Users\PM\AppData\Roaming\Mozilla\Firefox\Profiles\e2au7sym.default\searchplugins\icqplugin-15.xml
FF SearchPlugin: C:\Users\PM\AppData\Roaming\Mozilla\Firefox\Profiles\e2au7sym.default\searchplugins\icqplugin-16.xml
FF SearchPlugin: C:\Users\PM\AppData\Roaming\Mozilla\Firefox\Profiles\e2au7sym.default\searchplugins\icqplugin-17.xml
FF SearchPlugin: C:\Users\PM\AppData\Roaming\Mozilla\Firefox\Profiles\e2au7sym.default\searchplugins\icqplugin-18.xml
FF SearchPlugin: C:\Users\PM\AppData\Roaming\Mozilla\Firefox\Profiles\e2au7sym.default\searchplugins\icqplugin-19.xml
FF SearchPlugin: C:\Users\PM\AppData\Roaming\Mozilla\Firefox\Profiles\e2au7sym.default\searchplugins\icqplugin-20.xml
FF SearchPlugin: C:\Users\PM\AppData\Roaming\Mozilla\Firefox\Profiles\e2au7sym.default\searchplugins\searchplugins-backup
FF Extension: No Name - C:\Users\PM\AppData\Roaming\Mozilla\Extensions\home2@tomtom.com
FF Extension: No Name - C:\Users\PM\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
FF Extension: Yahoo! Toolbar - C:\Users\PM\AppData\Roaming\Mozilla\Firefox\Profiles\e2au7sym.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF Extension: pdfforge - C:\Users\PM\AppData\Roaming\Mozilla\Firefox\Profiles\e2au7sym.default\Extensions\pdfforge@mybrowserbar.com
FF Extension: No Name - C:\Users\PM\AppData\Roaming\Mozilla\Firefox\Profiles\e2au7sym.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi
FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF Extension: Default - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM\...\Firefox\Extensions: [65ffxtbr@FromDocToPDF_65.com] C:\Program Files\FromDocToPDF_65\bar\1.bin
FF Extension: FromDocToPDF - C:\Program Files\FromDocToPDF_65\bar\1.bin

Chrome:
=======
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\28.0.1500.95\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\28.0.1500.95\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\28.0.1500.95\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.5) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.5) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.5) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.5) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.5) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.5) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.5) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (MindSpark Toolbar Platform Plugin Stub) - C:\Program Files\FromDocToPDF_65\bar\1.bin\NP65Stub.dll (MindSpark)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
CHR Plugin: (Java(TM) Platform SE 7 U7) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (McAfee Security Scanner +) - C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
CHR Plugin: (MetaStream 3 Plugin) - C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
CHR Plugin: (Java Deployment Toolkit 7.0.70.11) - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Extension: (Docs) - C:\Users\PM\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0
CHR Extension: (Google Drive) - C:\Users\PM\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0
CHR Extension: (YouTube) - C:\Users\PM\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0
CHR Extension: (Google Search) - C:\Users\PM\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0
CHR Extension: (Gmail) - C:\Users\PM\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0

========================== Services (Whitelisted) =================

S2 FromDocToPDF_65Service; C:\PROGRA~1\FROMDO~2\bar\1.bin\65barsvc.exe [42504 2013-07-09] (COMPANYVERS_NAME)
S2 LiveUpdate Notice Service; C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll [537992 2008-04-10] (Symantec Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.)
S2 SymAppCore; c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe [47712 2007-01-04] (Symantec Corporation)
S2 TuneUp.UtilitiesSvc; C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe [1514304 2011-12-14] (TuneUp Software)
S2 LiveUpdate Notice Ex; "c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon [x]

==================== Drivers (Whitelisted) ====================

S3 FTDIBUS; C:\Windows\System32\drivers\ftdibus.sys [61704 2011-03-18] (FTDI Ltd.)
S1 IDSvix86; C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20080407.003\IDSvix86.sys [261680 2008-02-13] (Symantec Corporation)
S0 sptd; C:\Windows\System32\Drivers\sptd.sys [691696 2010-10-31] (Duplex Secure Ltd.)
S3 SRTSP; C:\Windows\System32\Drivers\SRTSP.SYS [279088 2007-12-01] (Symantec Corporation)
S3 SRTSPL; C:\Windows\System32\Drivers\SRTSPL.SYS [317616 2007-12-01] (Symantec Corporation)
S1 SRTSPX; C:\Windows\System32\Drivers\SRTSPX.SYS [43696 2007-12-01] (Symantec Corporation)
S3 SYMDNS; C:\Windows\System32\Drivers\SYMDNS.SYS [12848 2007-10-30] (Symantec Corporation)
S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [123952 2008-02-13] (Symantec Corporation)
S3 SYMFW; C:\Windows\System32\Drivers\SYMFW.SYS [145968 2007-10-30] (Symantec Corporation)
S3 SYMIDS; C:\Windows\System32\Drivers\SYMIDS.SYS [39856 2007-10-30] (Symantec Corporation)
S3 SYMNDISV; C:\Windows\System32\Drivers\SYMNDISV.SYS [37936 2007-10-30] (Symantec Corporation)
S3 SYMREDRV; C:\Windows\System32\Drivers\SYMREDRV.SYS [27696 2007-10-30] (Symantec Corporation)
S1 SYMTDI; C:\Windows\System32\Drivers\SYMTDI.SYS [191536 2007-10-30] (Symantec Corporation)
S3 TuneUpUtilitiesDrv; C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys [10064 2011-12-12] (TuneUp Software)
S3 wanatw; C:\Windows\System32\DRIVERS\wanatw4.sys [33588 2006-11-01] (America Online, Inc.)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [x]
S3 catchme; \??\C:\Users\PM\AppData\Local\Temp\catchme.sys [x]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NAVENG; \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20080413.003\NAVENG.SYS [x]
S3 NAVEX15; \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20080413.003\NAVEX15.SYS [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
S3 USBAAPL; System32\Drivers\usbaapl.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-08-17 12:46 - 2013-08-17 12:36 - 01068993 _____ (Farbar) C:\Users\PM\Desktop\FRST.exe
2013-08-17 10:43 - 2013-08-17 10:43 - 00845312 _____ (Peter Pawlowski) C:\Users\PM\AppData\Roaming\msprotection.exe
2013-08-17 10:43 - 2013-08-17 10:43 - 00240640 _____ C:\Users\PM\firefox.exe
2013-08-17 10:43 - 2013-08-17 10:43 - 00000713 _____ C:\Users\PM\Desktop\Internet Security 2013.lnk
2013-08-17 10:43 - 2013-08-17 10:43 - 00000000 _____ C:\Users\PM\windowsupdate.exe
2013-08-17 10:43 - 2013-08-17 10:43 - 00000000 _____ C:\Users\PM\msconfig.exe
2013-08-17 10:43 - 2013-08-17 10:43 - 00000000 _____ C:\Users\PM\jucheck.exe
2013-08-17 10:26 - 2013-08-17 10:26 - 00009725 _____ C:\ComboFix.txt
2013-08-17 10:11 - 2013-08-17 10:27 - 00000000 ____D C:\ComboFix
2013-08-17 10:11 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2013-08-17 10:11 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2013-08-17 10:11 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-08-17 10:11 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-08-17 10:11 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-08-17 10:11 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2013-08-17 10:11 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2013-08-17 10:11 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2013-08-17 10:10 - 2013-08-17 10:27 - 00000000 ____D C:\Qoobox
2013-08-17 10:04 - 2013-08-17 10:09 - 05105390 ____R (Swearware) C:\Users\PM\Desktop\ComboFix.exe
2013-08-17 08:59 - 2013-08-17 10:25 - 00000000 ____D C:\Windows\erdnt
2013-08-17 08:42 - 2013-08-17 08:44 - 00075013 _____ C:\AdwCleaner[S1].txt
2013-08-17 08:42 - 2013-08-17 08:44 - 00000157 _____ C:\Windows\DeleteOnReboot.bat
2013-08-17 00:21 - 2013-08-17 00:21 - 00000000 ____D C:\_OTL
2013-08-16 23:55 - 2013-08-16 23:55 - 00000000 ____D C:\FRST
2013-08-16 20:07 - 2013-08-16 20:07 - 00000000 ____D C:\Users\PM\Desktop\Wintrack
2013-08-16 19:26 - 2013-08-16 19:26 - 00000527 _____ C:\Users\PM\Desktop\Denis - Verknüpfung.lnk
2013-08-16 19:23 - 2013-08-16 19:24 - 00000000 ____D C:\Users\PM\Desktop\Bewerbung
2013-08-16 19:23 - 2013-08-16 19:23 - 00000000 ____D C:\Users\PM\Desktop\Anschreiben, Status
2013-08-16 06:34 - 2013-08-16 06:34 - 00080248 _____ C:\OTL1.txt
2013-08-16 06:34 - 2013-08-16 06:34 - 00034466 _____ C:\Extras1.txt
2013-08-16 06:30 - 2013-08-16 18:32 - 00043352 _____ C:\Extras.Txt
2013-08-16 06:29 - 2013-08-16 18:56 - 00069774 _____ C:\OTL.Txt
2013-08-15 10:46 - 2013-08-15 10:46 - 83665920 _____ C:\Users\PM\Downloads\NIS60dDE.exe
2013-08-15 10:46 - 2013-08-15 10:46 - 83665920 _____ C:\Users\PM\Downloads\Nicht bestätigt 613529.crdownload
2013-08-15 10:46 - 2013-08-15 10:46 - 83665920 _____ C:\Users\PM\Downloads\Nicht bestätigt 281099.crdownload
2013-08-14 23:33 - 2013-08-14 23:33 - 00000000 ____D C:\Program Files\Common Files\Bitdefender
2013-08-12 19:39 - 2013-08-17 13:47 - 00000304 _____ C:\Windows\Tasks\pmrsud.job
2013-08-12 19:39 - 2013-08-12 19:39 - 00460800 __RSH C:\Windows\system32\KBDYCLP.dll
2013-08-06 13:55 - 2013-08-06 13:55 - 00004096 ____H C:\Users\PM\AppData\Local\keyfile3.drm

==================== One Month Modified Files and Folders =======

2013-08-17 13:57 - 2007-07-16 03:22 - 01857154 _____ C:\Windows\WindowsUpdate.log
2013-08-17 13:57 - 2006-11-02 15:01 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-08-17 13:57 - 2006-11-02 15:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-17 13:57 - 2006-11-02 14:47 - 00003568 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-17 13:57 - 2006-11-02 14:47 - 00003568 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-17 13:52 - 2006-11-02 12:33 - 01517318 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-17 13:47 - 2013-08-12 19:39 - 00000304 _____ C:\Windows\Tasks\pmrsud.job
2013-08-17 13:47 - 2010-01-31 08:56 - 00001094 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-08-17 13:47 - 2007-06-18 13:39 - 00000000 ____D C:\Windows\SMINST
2013-08-17 12:36 - 2013-08-17 12:46 - 01068993 _____ (Farbar) C:\Users\PM\Desktop\FRST.exe
2013-08-17 11:43 - 2013-08-17 13:48 - 00139264 _____ C:\Users\PM\Desktop\SystemLook.exe
2013-08-17 10:43 - 2013-08-17 10:43 - 00845312 _____ (Peter Pawlowski) C:\Users\PM\AppData\Roaming\msprotection.exe
2013-08-17 10:43 - 2013-08-17 10:43 - 00240640 _____ C:\Users\PM\firefox.exe
2013-08-17 10:43 - 2013-08-17 10:43 - 00000713 _____ C:\Users\PM\Desktop\Internet Security 2013.lnk
2013-08-17 10:43 - 2013-08-17 10:43 - 00000000 _____ C:\Users\PM\windowsupdate.exe
2013-08-17 10:43 - 2013-08-17 10:43 - 00000000 _____ C:\Users\PM\msconfig.exe
2013-08-17 10:43 - 2013-08-17 10:43 - 00000000 _____ C:\Users\PM\jucheck.exe
2013-08-17 10:43 - 2007-09-01 15:57 - 00000000 ____D C:\Users\PM
2013-08-17 10:32 - 2007-06-18 13:41 - 00411156 _____ C:\Windows\PFRO.log
2013-08-17 10:27 - 2013-08-17 10:11 - 00000000 ____D C:\ComboFix
2013-08-17 10:27 - 2013-08-17 10:10 - 00000000 ____D C:\Qoobox
2013-08-17 10:27 - 2006-11-02 13:18 - 00000000 __RHD C:\Users\Default
2013-08-17 10:27 - 2006-11-02 13:18 - 00000000 ___RD C:\Users\Public
2013-08-17 10:26 - 2013-08-17 10:26 - 00009725 _____ C:\ComboFix.txt
2013-08-17 10:25 - 2013-08-17 08:59 - 00000000 ____D C:\Windows\erdnt
2013-08-17 10:24 - 2006-11-02 12:23 - 00000215 _____ C:\Windows\system.ini
2013-08-17 10:09 - 2013-08-17 10:04 - 05105390 ____R (Swearware) C:\Users\PM\Desktop\ComboFix.exe
2013-08-17 10:08 - 2009-11-26 16:41 - 00000000 ____D C:\Users\PM\Tracing
2013-08-17 08:44 - 2013-08-17 08:42 - 00075013 _____ C:\AdwCleaner[S1].txt
2013-08-17 08:44 - 2013-08-17 08:42 - 00000157 _____ C:\Windows\DeleteOnReboot.bat
2013-08-17 08:20 - 2010-01-31 08:56 - 00001098 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-08-17 08:19 - 2008-08-25 22:46 - 00000412 ____H C:\Windows\Tasks\User_Feed_Synchronization-{45D4D7FF-D19B-4345-8B4E-5C1638791C24}.job
2013-08-17 00:21 - 2013-08-17 00:21 - 00000000 ____D C:\_OTL
2013-08-16 23:55 - 2013-08-16 23:55 - 00000000 ____D C:\FRST
2013-08-16 23:07 - 2009-08-30 14:52 - 00000000 ____D C:\Ablage Wolfgang
2013-08-16 22:26 - 2009-12-03 22:53 - 00000000 ____D C:\Users\PM\AppData\Roaming\WinTrack
2013-08-16 20:07 - 2013-08-16 20:07 - 00000000 ____D C:\Users\PM\Desktop\Wintrack
2013-08-16 19:26 - 2013-08-16 19:26 - 00000527 _____ C:\Users\PM\Desktop\Denis - Verknüpfung.lnk
2013-08-16 19:26 - 2010-08-22 17:55 - 00000000 ____D C:\Denis
2013-08-16 19:24 - 2013-08-16 19:23 - 00000000 ____D C:\Users\PM\Desktop\Bewerbung
2013-08-16 19:23 - 2013-08-16 19:23 - 00000000 ____D C:\Users\PM\Desktop\Anschreiben, Status
2013-08-16 18:56 - 2013-08-16 06:29 - 00069774 _____ C:\OTL.Txt
2013-08-16 18:32 - 2013-08-16 06:30 - 00043352 _____ C:\Extras.Txt
2013-08-16 13:33 - 2007-06-18 13:21 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-08-16 13:33 - 2006-11-02 12:24 - 75778376 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2013-08-16 13:32 - 2006-11-02 12:23 - 00000277 _____ C:\Windows\win.ini
2013-08-16 06:34 - 2013-08-16 06:34 - 00080248 _____ C:\OTL1.txt
2013-08-16 06:34 - 2013-08-16 06:34 - 00034466 _____ C:\Extras1.txt
2013-08-15 17:50 - 2008-03-09 14:34 - 00026624 _____ C:\Users\PM\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-08-15 10:46 - 2013-08-15 10:46 - 83665920 _____ C:\Users\PM\Downloads\NIS60dDE.exe
2013-08-15 10:46 - 2013-08-15 10:46 - 83665920 _____ C:\Users\PM\Downloads\Nicht bestätigt 613529.crdownload
2013-08-15 10:46 - 2013-08-15 10:46 - 83665920 _____ C:\Users\PM\Downloads\Nicht bestätigt 281099.crdownload
2013-08-15 10:43 - 2011-06-08 16:38 - 00001356 _____ C:\Users\PM\AppData\Local\d3d9caps.dat
2013-08-14 23:33 - 2013-08-14 23:33 - 00000000 ____D C:\Program Files\Common Files\Bitdefender
2013-08-13 21:37 - 2007-06-18 13:20 - 00000000 ____D C:\Program Files\Microsoft Office
2013-08-13 11:54 - 2012-11-06 00:00 - 00000000 ____D C:\Users\PM\AppData\Local\Paint.NET
2013-08-13 09:35 - 2007-09-01 16:02 - 00000000 ____D C:\Users\PM\AppData\Local\Google
2013-08-12 19:39 - 2013-08-12 19:39 - 00460800 __RSH C:\Windows\system32\KBDYCLP.dll
2013-08-06 13:55 - 2013-08-06 13:55 - 00004096 ____H C:\Users\PM\AppData\Local\keyfile3.drm
2013-07-31 08:13 - 2007-09-01 16:01 - 00108136 _____ C:\Users\PM\AppData\Local\GDIPFONTCACHEV1.DAT
2013-07-31 08:11 - 2006-11-02 14:47 - 00400344 _____ C:\Windows\system32\FNTCACHE.DAT
2013-07-22 13:02 - 2012-02-21 20:01 - 00000310 _____ C:\Windows\Tasks\HPCeeScheduleForPM.job

Files to move or delete:
====================
ZeroAccess:
C:\Users\PM\AppData\Local\Google\Desktop\Install\{de9b0f9d-a697-0505-79ad-d01a3c1dbf87}
C:\Users\PM\firefox.exe
C:\Users\PM\jucheck.exe
C:\Users\PM\msconfig.exe
C:\Users\PM\windowsupdate.exe

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-08-17 15:39

==================== End Of Log ============================
--- --- ---


Gruß Roland

aharonov 17.08.2013 14:15
Hallo Roland,

du hast dich wieder neu infiziert. Verzichte bitte aufs Surfen mit diesem Rechner, bis wir hier ganz fertig sind und den Computer gegen einen neuerlichen Befall abgesichert haben.

Immer noch im abgesicherten Modus weiter:


Schritt 1

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.




Schritt 2

Starte noch einmal FRST.
  • Ändere keine der Voreinstellungen und drücke auf Scan.
  • Wenn der Scan abgeschlossen ist, werden ein neues Logfile FRST.txt erstellt und auf dem Desktop gespeichert.
  • Poste den Inhalt dieses Logfiles bitte hier in deinen Thread.



Bitte poste in deiner nächsten Antwort:
  • Log von Combofix
  • Log von FRST

kleiner Wolf 17.08.2013 16:07
Hallo Leo,

hier die beiden Files.

Combofix

Code:
Combofix Logfile:

       
Code:

       
ComboFix 13-08-16.03 - PM 17.08.2013  16:41:32.2.2 - x86 NETWORK
Microsoft® Windows Vista™ Home Premium   6.0.6001.1.1252.49.1031.18.2046.1576 [GMT 2:00]
ausgeführt von:: c:\users\PM\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\ntuser.dat
c:\users\PM\AppData\Local\Google\Desktop\Install
c:\users\PM\AppData\Local\Google\Desktop\Install\{de9b0f9d-a697-0505-79ad-d01a3c1dbf87}\C3C1~1\01C8~1\CFFE~1\{de9b0f9d-a697-0505-79ad-d01a3c1dbf87}\@
c:\users\PM\AppData\Local\Google\Desktop\Install\{de9b0f9d-a697-0505-79ad-d01a3c1dbf87}\C3C1~1\01C8~1\CFFE~1\{de9b0f9d-a697-0505-79ad-d01a3c1dbf87}\GoogleUpdate.exe
c:\users\PM\AppData\Roaming\msprotection.exe
c:\users\PM\firefox.exe
c:\users\PM\jucheck.exe
c:\users\PM\msconfig.exe
c:\users\PM\WindowsUpdate.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-07-17 bis 2013-08-17  ))))))))))))))))))))))))))))))
.
.
2013-08-17 14:52 . 2013-08-17 14:52        --------        d-----w-        c:\users\PM\AppData\Local\temp
2013-08-17 14:52 . 2013-08-17 14:52        --------        d-----w-        c:\users\Default\AppData\Local\temp
2013-08-17 06:42 . 2013-08-17 06:44        157        ----a-w-        c:\windows\DeleteOnReboot.bat
2013-08-16 22:21 . 2013-08-16 22:21        --------        d-----w-        C:\_OTL
2013-08-16 21:55 . 2013-08-16 21:55        --------        d-----w-        C:\FRST
2013-08-14 21:33 . 2013-08-14 21:33        --------        d-----w-        c:\program files\Common Files\Bitdefender
2013-08-13 06:38 . 2013-07-02 06:54        7143960        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{805F95FA-AD76-409B-AC6B-C755746A9B17}\mpengine.dll
2013-08-12 17:39 . 2013-08-12 17:39        460800        --sha-r-        c:\windows\system32\KBDYCLP.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-18 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-18 125952]
"HPADVISOR"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2009-08-05 1644088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2006-09-28 65536]
"KBD"="c:\hp\KBD\KbdStub.EXE" [2006-12-08 65536]
"OsdMaestro"="c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 118784]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-15 4874240]
"NeroCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2008-02-19 1089536]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2007-12-21 86016]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2007-10-11 29984]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2007-10-11 46368]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2008-01-10 92704]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-01-10 8530464]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-01-10 88608]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"PDFPrint"="c:\program files\PDF24\pdf24.exe" [2013-06-10 162856]
"FromDocToPDF Search Scope Monitor"="c:\progra~1\FROMDO~2\bar\1.bin\65srchmn.exe" [2013-07-09 44784]
"FromDocToPDF_65 Browser Plugin Loader"="c:\progra~1\FROMDO~2\bar\1.bin\65brmon.exe" [2013-07-09 30096]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2007-06-18 185896]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2007-03-07 44168]
.
c:\users\PM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.0.318\SSScheduler.exe [2013-2-5 272248]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LexwareInfoService]
2010-09-15 08:11        339312        ----a-w-        c:\program files\Common Files\Lexware\Update Manager\LxUpdateManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2010-04-16 21:12        3872080        ----a-w-        c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2011-01-21 13:54        1242448        ----a-w-        c:\program files\Steam\Steam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "c:\programdata\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini"
"LexwareInfoService"=c:\program files\Common Files\Lexware\Update Manager\LxUpdateManager.exe /autostart
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-08-01 12:20        1173456        ----a-w-        c:\program files\Google\Chrome\Application\28.0.1500.95\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-08-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 06:56]
.
2013-08-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 06:56]
.
2013-07-22 c:\windows\Tasks\HPCeeScheduleForPM.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2007-06-18 09:56]
.
2013-08-17 c:\windows\Tasks\pmrsud.job
- c:\windows\system32\KBDYCLP.dll [2013-08-12 17:39]
.
2013-08-17 c:\windows\Tasks\User_Feed_Synchronization-{45D4D7FF-D19B-4345-8B4E-5C1638791C24}.job
- c:\windows\system32\msfeedssync.exe [2010-05-24 21:33]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=73&bd=Pavilion&pf=desktop
uInternet Settings,ProxyOverride = *.local
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: {{0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - {E601996F-E400-41CA-804B-CD6373A7EEE2} -
TCP: DhcpNameServer = 83.169.185.33 192.168.0.1
FF - ProfilePath - c:\users\PM\AppData\Roaming\Mozilla\Firefox\Profiles\e2au7sym.default\
FF - ExtSQL: 2013-07-09 21:17; 65ffxtbr@FromDocToPDF_65.com; c:\users\PM\AppData\Roaming\Mozilla\Firefox\Profiles\e2au7sym.default\extensions\65ffxtbr@FromDocToPDF_65.com
FF - ExtSQL: !HIDDEN! 2009-08-08 08:31; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - ExtSQL: !HIDDEN! 2013-07-09 21:17; 65ffxtbr@FromDocToPDF_65.com; c:\program files\FromDocToPDF_65\bar\1.bin
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKCU-Run-Internet Security - c:\users\PM\AppData\Roaming\msprotection.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2013-08-17 16:52
Windows 6.0.6001 Service Pack 1 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2013-08-17  16:54:31
ComboFix-quarantined-files.txt  2013-08-17 14:54
ComboFix2.txt  2013-08-17 08:26
.
Vor Suchlauf: 24 Verzeichnis(se), 329.893.208.064 Bytes frei
Nach Suchlauf: 25 Verzeichnis(se), 329.829.019.648 Bytes frei
.
- - End Of File - - CC30BC5EA6DF4981F8F02C87AFE74EFD

--- --- ---
8913823FF508CCF109DB74B636C301DA
FRST


FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 16-08-2013
Ran by PM (administrator) on 17-08-2013 16:56:23
Running from C:\Users\PM\Desktop
Microsoft® Windows Vista™ Home Premium  Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 7
Boot Mode: Safe Mode (with Networking)

==================== Processes (Whitelisted) ===================


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [hpsysdrv] - c:\hp\support\hpsysdrv.exe [65536 2006-09-28] (Hewlett-Packard Company)
HKLM\...\Run: [KBD] - C:\HP\KBD\KbdStub.EXE [65536 2006-12-08] ()
HKLM\...\Run: [OsdMaestro] - C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe [118784 2007-02-15] (OsdMaestro)
HKLM\...\Run: [RtHDVCpl] - C:\Windows\RtHDVCpl.exe [4874240 2008-01-15] (Realtek Semiconductor)
HKLM\...\Run: [NeroCheck] - C:\Windows\system32\NeroCheck.exe [155648 2001-07-09] (Ahead Software Gmbh)
HKLM\...\Run: [Symantec PIF AlertEng] - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [583048 2008-01-29] (Symantec Corporation)
HKLM\...\Run: [BrMfcWnd] - C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe [1089536 2008-02-19] (Brother Industries, Ltd.)
HKLM\...\Run: [ControlCenter3] - C:\Program Files\Brother\ControlCenter3\brctrcen.exe [86016 2007-12-21] (Brother Industries, Ltd.)
HKLM\...\Run: [PaperPort PTD] - C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe [29984 2007-10-11] (Nuance Communications, Inc.)
HKLM\...\Run: [IndexSearch] - C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe [46368 2007-10-11] (Nuance Communications, Inc.)
HKLM\...\Run: [NvSvc] - C:\Windows\system32\nvsvc.dll [92704 2008-01-10] (NVIDIA Corporation)
HKLM\...\Run: [NvCplDaemon] - C:\Windows\system32\NvCpl.dll [8530464 2008-01-10] (NVIDIA Corporation)
HKLM\...\Run: [NvMediaCenter] - C:\Windows\system32\NvMcTray.dll [88608 2008-01-10] (NVIDIA Corporation)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [919008 2012-07-27] (Adobe Systems Incorporated)
HKLM\...\Run: [PDFPrint] - C:\Program Files\PDF24\pdf24.exe [162856 2013-06-10] (Geek Software GmbH)
HKLM\...\Run: [FromDocToPDF Search Scope Monitor] - C:\PROGRA~1\FROMDO~2\bar\1.bin\65srchmn.exe [44784 2013-07-09] (MindSpark)
HKLM\...\Run: [FromDocToPDF_65 Browser Plugin Loader] - C:\PROGRA~1\FROMDO~2\bar\1.bin\65brmon.exe [30096 2013-07-09] (VER_COMPANY_NAME)
HKLM\...\Run: [TkBellExe] - C:\Program Files\Common Files\Real\Update_OB\realsched.exe [185896 2007-06-18] (RealNetworks, Inc.)
HKLM\...\RunOnce: [Launcher] - %WINDIR%\SMINST\launcher.exe [44168 2007-03-07] (soft thinks)
HKCU\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [125952 2008-01-18] (Microsoft Corporation)
HKCU\...\Run: [HPADVISOR] - C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe [1644088 2009-08-05] (Hewlett-Packard)
HKU\Default\...\Run: [WindowsWelcomeCenter] - C:\Windows\System32\oobefldr.dll [ 2008-01-18] (Microsoft Corporation)
HKU\Default\...\Run: [HPADVISOR] - C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe [ 2009-08-05] (Hewlett-Packard)
HKU\Default User\...\Run: [WindowsWelcomeCenter] - C:\Windows\System32\oobefldr.dll [ 2008-01-18] (Microsoft Corporation)
HKU\Default User\...\Run: [HPADVISOR] - C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe [ 2009-08-05] (Hewlett-Packard)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\PM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=73&bd=Pavilion&pf=desktop
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
SearchScopes: HKLM - {13ACC3AB-22DA-47E2-854A-F3A72E8F4FF7} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06
SearchScopes: HKLM - {9a216821-0ec5-49a3-85ac-fb72ae79a1e8} URL = hxxp://search.tb.ask.com/search/GGmain.jhtml?p2=^Y6^xdm043^YYA^de&si=swissconverter&ptb=D1881E25-0032-4500-A85B-49180ECAE22D&ind=2013070915&n=77fd0643&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKCU - DefaultScope {9a216821-0ec5-49a3-85ac-fb72ae79a1e8} URL = hxxp://search.tb.ask.com/search/GGmain.jhtml?p2=^Y6^xdm043^YYA^de&si=swissconverter&ptb=D1881E25-0032-4500-A85B-49180ECAE22D&ind=2013070915&n=77fd0643&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKCU - {13ACC3AB-22DA-47E2-854A-F3A72E8F4FF7} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06
SearchScopes: HKCU - {9a216821-0ec5-49a3-85ac-fb72ae79a1e8} URL = hxxp://search.tb.ask.com/search/GGmain.jhtml?p2=^Y6^xdm043^YYA^de&si=swissconverter&ptb=D1881E25-0032-4500-A85B-49180ECAE22D&ind=2013070915&n=77fd0643&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKCU - {AE67D855-EA9B-4626-9C96-0939A094504C} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=302398&p={searchTerms}
BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - No Name - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} -  No File
Toolbar: HKCU -No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKCU -No Name - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} -  No File
Toolbar: HKCU -&Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\system32\ieframe.dll (Microsoft Corporation)
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
Handler: haufereader - No CLSID Value -
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: msdaipp - No CLSID Value -
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Winsock: Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [147456] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 83.169.185.33 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\PM\AppData\Roaming\Mozilla\Firefox\Profiles\e2au7sym.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF Plugin: @FromDocToPDF_65.com/Plugin - C:\Program Files\FromDocToPDF_65\bar\1.bin\NP65Stub.dll (MindSpark)
FF Plugin: @java.com/DTPlugin,version=10.7.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.7.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=6.0.11.2571 - C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprjplug;version=1.0.2.2629 - C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=6.0.12.1739 - C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @veetle.com/vbp;version=0.9.16 - C:\Program Files\Veetle\VLCBroadcast\npvbp.dll No File
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\PM\AppData\Roaming\Mozilla\Firefox\Profiles\e2au7sym.default\searchplugins\ask-web-search.xml
FF SearchPlugin: C:\Users\PM\AppData\Roaming\Mozilla\Firefox\Profiles\e2au7sym.default\searchplugins\icqplugin-11.xml
FF SearchPlugin: C:\Users\PM\AppData\Roaming\Mozilla\Firefox\Profiles\e2au7sym.default\searchplugins\icqplugin-12.xml
FF SearchPlugin: C:\Users\PM\AppData\Roaming\Mozilla\Firefox\Profiles\e2au7sym.default\searchplugins\icqplugin-13.xml
FF SearchPlugin: C:\Users\PM\AppData\Roaming\Mozilla\Firefox\Profiles\e2au7sym.default\searchplugins\icqplugin-14.xml
FF SearchPlugin: C:\Users\PM\AppData\Roaming\Mozilla\Firefox\Profiles\e2au7sym.default\searchplugins\icqplugin-15.xml
FF SearchPlugin: C:\Users\PM\AppData\Roaming\Mozilla\Firefox\Profiles\e2au7sym.default\searchplugins\icqplugin-16.xml
FF SearchPlugin: C:\Users\PM\AppData\Roaming\Mozilla\Firefox\Profiles\e2au7sym.default\searchplugins\icqplugin-17.xml
FF SearchPlugin: C:\Users\PM\AppData\Roaming\Mozilla\Firefox\Profiles\e2au7sym.default\searchplugins\icqplugin-18.xml
FF SearchPlugin: C:\Users\PM\AppData\Roaming\Mozilla\Firefox\Profiles\e2au7sym.default\searchplugins\icqplugin-19.xml
FF SearchPlugin: C:\Users\PM\AppData\Roaming\Mozilla\Firefox\Profiles\e2au7sym.default\searchplugins\icqplugin-20.xml
FF SearchPlugin: C:\Users\PM\AppData\Roaming\Mozilla\Firefox\Profiles\e2au7sym.default\searchplugins\searchplugins-backup
FF Extension: No Name - C:\Users\PM\AppData\Roaming\Mozilla\Extensions\home2@tomtom.com
FF Extension: No Name - C:\Users\PM\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
FF Extension: Yahoo! Toolbar - C:\Users\PM\AppData\Roaming\Mozilla\Firefox\Profiles\e2au7sym.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF Extension: pdfforge - C:\Users\PM\AppData\Roaming\Mozilla\Firefox\Profiles\e2au7sym.default\Extensions\pdfforge@mybrowserbar.com
FF Extension: No Name - C:\Users\PM\AppData\Roaming\Mozilla\Firefox\Profiles\e2au7sym.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi
FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF Extension: Default - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM\...\Firefox\Extensions: [65ffxtbr@FromDocToPDF_65.com] C:\Program Files\FromDocToPDF_65\bar\1.bin
FF Extension: FromDocToPDF - C:\Program Files\FromDocToPDF_65\bar\1.bin

Chrome:
=======
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\28.0.1500.95\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\28.0.1500.95\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\28.0.1500.95\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.5) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.5) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.5) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.5) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.5) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.5) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.5) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (MindSpark Toolbar Platform Plugin Stub) - C:\Program Files\FromDocToPDF_65\bar\1.bin\NP65Stub.dll (MindSpark)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
CHR Plugin: (Java(TM) Platform SE 7 U7) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (McAfee Security Scanner +) - C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
CHR Plugin: (MetaStream 3 Plugin) - C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
CHR Plugin: (Java Deployment Toolkit 7.0.70.11) - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Extension: (Docs) - C:\Users\PM\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0
CHR Extension: (Google Drive) - C:\Users\PM\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0
CHR Extension: (YouTube) - C:\Users\PM\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0
CHR Extension: (Google Search) - C:\Users\PM\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0
CHR Extension: (Gmail) - C:\Users\PM\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0

========================== Services (Whitelisted) =================

S2 FromDocToPDF_65Service; C:\PROGRA~1\FROMDO~2\bar\1.bin\65barsvc.exe [42504 2013-07-09] (COMPANYVERS_NAME)
S2 LiveUpdate Notice Service; C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll [537992 2008-04-10] (Symantec Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.)
S2 SymAppCore; c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe [47712 2007-01-04] (Symantec Corporation)
S2 TuneUp.UtilitiesSvc; C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe [1514304 2011-12-14] (TuneUp Software)
S2 LiveUpdate Notice Ex; "c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon [x]

==================== Drivers (Whitelisted) ====================

S3 FTDIBUS; C:\Windows\System32\drivers\ftdibus.sys [61704 2011-03-18] (FTDI Ltd.)
S1 IDSvix86; C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20080407.003\IDSvix86.sys [261680 2008-02-13] (Symantec Corporation)
S0 sptd; C:\Windows\System32\Drivers\sptd.sys [691696 2010-10-31] (Duplex Secure Ltd.)
S3 SRTSP; C:\Windows\System32\Drivers\SRTSP.SYS [279088 2007-12-01] (Symantec Corporation)
S3 SRTSPL; C:\Windows\System32\Drivers\SRTSPL.SYS [317616 2007-12-01] (Symantec Corporation)
S1 SRTSPX; C:\Windows\System32\Drivers\SRTSPX.SYS [43696 2007-12-01] (Symantec Corporation)
S3 SYMDNS; C:\Windows\System32\Drivers\SYMDNS.SYS [12848 2007-10-30] (Symantec Corporation)
S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [123952 2008-02-13] (Symantec Corporation)
S3 SYMFW; C:\Windows\System32\Drivers\SYMFW.SYS [145968 2007-10-30] (Symantec Corporation)
S3 SYMIDS; C:\Windows\System32\Drivers\SYMIDS.SYS [39856 2007-10-30] (Symantec Corporation)
S3 SYMNDISV; C:\Windows\System32\Drivers\SYMNDISV.SYS [37936 2007-10-30] (Symantec Corporation)
S3 SYMREDRV; C:\Windows\System32\Drivers\SYMREDRV.SYS [27696 2007-10-30] (Symantec Corporation)
S1 SYMTDI; C:\Windows\System32\Drivers\SYMTDI.SYS [191536 2007-10-30] (Symantec Corporation)
S3 TuneUpUtilitiesDrv; C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys [10064 2011-12-12] (TuneUp Software)
S3 wanatw; C:\Windows\System32\DRIVERS\wanatw4.sys [33588 2006-11-01] (America Online, Inc.)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [x]
R3 catchme; \??\C:\Users\PM\AppData\Local\Temp\catchme.sys [x]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NAVENG; \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20080413.003\NAVENG.SYS [x]
S3 NAVEX15; \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20080413.003\NAVEX15.SYS [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
S3 USBAAPL; System32\Drivers\usbaapl.sys [x]
U3 mbr; \??\C:\ComboFix\mbr.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-08-17 16:54 - 2013-08-17 16:54 - 00009694 _____ C:\ComboFix.txt
2013-08-17 13:48 - 2013-08-17 11:43 - 00139264 _____ C:\Users\PM\Desktop\SystemLook.exe
2013-08-17 12:46 - 2013-08-17 12:36 - 01068993 _____ (Farbar) C:\Users\PM\Desktop\FRST.exe
2013-08-17 10:43 - 2013-08-17 10:43 - 00000713 _____ C:\Users\PM\Desktop\Internet Security 2013.lnk
2013-08-17 10:11 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2013-08-17 10:11 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2013-08-17 10:11 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-08-17 10:11 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-08-17 10:11 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-08-17 10:11 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2013-08-17 10:11 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2013-08-17 10:11 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2013-08-17 10:10 - 2013-08-17 16:54 - 00000000 ____D C:\Qoobox
2013-08-17 10:04 - 2013-08-17 10:09 - 05105390 ____R (Swearware) C:\Users\PM\Desktop\ComboFix.exe
2013-08-17 08:59 - 2013-08-17 10:25 - 00000000 ____D C:\Windows\erdnt
2013-08-17 08:42 - 2013-08-17 08:44 - 00075013 _____ C:\AdwCleaner[S1].txt
2013-08-17 08:42 - 2013-08-17 08:44 - 00000157 _____ C:\Windows\DeleteOnReboot.bat
2013-08-17 00:21 - 2013-08-17 00:21 - 00000000 ____D C:\_OTL
2013-08-16 23:55 - 2013-08-16 23:55 - 00000000 ____D C:\FRST
2013-08-16 20:07 - 2013-08-16 20:07 - 00000000 ____D C:\Users\PM\Desktop\Wintrack
2013-08-16 19:26 - 2013-08-16 19:26 - 00000527 _____ C:\Users\PM\Desktop\Denis - Verknüpfung.lnk
2013-08-16 19:23 - 2013-08-16 19:24 - 00000000 ____D C:\Users\PM\Desktop\Bewerbung
2013-08-16 19:23 - 2013-08-16 19:23 - 00000000 ____D C:\Users\PM\Desktop\Anschreiben, Status
2013-08-16 06:34 - 2013-08-16 06:34 - 00080248 _____ C:\OTL1.txt
2013-08-16 06:34 - 2013-08-16 06:34 - 00034466 _____ C:\Extras1.txt
2013-08-16 06:30 - 2013-08-16 18:32 - 00043352 _____ C:\Extras.Txt
2013-08-16 06:29 - 2013-08-17 19:57 - 00061446 _____ C:\OTL.Txt
2013-08-15 10:46 - 2013-08-15 10:46 - 83665920 _____ C:\Users\PM\Downloads\NIS60dDE.exe
2013-08-15 10:46 - 2013-08-15 10:46 - 83665920 _____ C:\Users\PM\Downloads\Nicht bestätigt 613529.crdownload
2013-08-15 10:46 - 2013-08-15 10:46 - 83665920 _____ C:\Users\PM\Downloads\Nicht bestätigt 281099.crdownload
2013-08-14 23:33 - 2013-08-14 23:33 - 00000000 ____D C:\Program Files\Common Files\Bitdefender
2013-08-12 19:39 - 2013-08-17 17:29 - 00000304 _____ C:\Windows\Tasks\pmrsud.job
2013-08-12 19:39 - 2013-08-12 19:39 - 00460800 __RSH C:\Windows\system32\KBDYCLP.dll
2013-08-06 13:55 - 2013-08-06 13:55 - 00004096 ____H C:\Users\PM\AppData\Local\keyfile3.drm

==================== One Month Modified Files and Folders =======

2013-08-17 20:00 - 2006-11-02 13:18 - 00000000 ___RD C:\Users\Public
2013-08-17 19:57 - 2013-08-16 06:29 - 00061446 _____ C:\OTL.Txt
2013-08-17 17:30 - 2006-11-02 15:01 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-08-17 17:30 - 2006-11-02 15:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-17 17:29 - 2013-08-12 19:39 - 00000304 _____ C:\Windows\Tasks\pmrsud.job
2013-08-17 17:29 - 2010-01-31 08:56 - 00001094 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-08-17 17:29 - 2007-06-18 13:39 - 00000000 ____D C:\Windows\SMINST
2013-08-17 17:29 - 2006-11-02 14:47 - 00003568 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-17 17:29 - 2006-11-02 14:47 - 00003568 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-17 16:54 - 2013-08-17 16:54 - 00009694 _____ C:\ComboFix.txt
2013-08-17 16:54 - 2013-08-17 10:10 - 00000000 ____D C:\Qoobox
2013-08-17 16:52 - 2006-11-02 12:23 - 00000215 _____ C:\Windows\system.ini
2013-08-17 16:51 - 2007-09-01 15:57 - 00000000 ____D C:\Users\PM
2013-08-17 13:57 - 2007-07-16 03:22 - 01857154 _____ C:\Windows\WindowsUpdate.log
2013-08-17 13:52 - 2006-11-02 12:33 - 01517318 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-17 12:36 - 2013-08-17 12:46 - 01068993 _____ (Farbar) C:\Users\PM\Desktop\FRST.exe
2013-08-17 11:43 - 2013-08-17 13:48 - 00139264 _____ C:\Users\PM\Desktop\SystemLook.exe
2013-08-17 10:43 - 2013-08-17 10:43 - 00000713 _____ C:\Users\PM\Desktop\Internet Security 2013.lnk
2013-08-17 10:32 - 2007-06-18 13:41 - 00411156 _____ C:\Windows\PFRO.log
2013-08-17 10:27 - 2006-11-02 13:18 - 00000000 __RHD C:\Users\Default
2013-08-17 10:25 - 2013-08-17 08:59 - 00000000 ____D C:\Windows\erdnt
2013-08-17 10:09 - 2013-08-17 10:04 - 05105390 ____R (Swearware) C:\Users\PM\Desktop\ComboFix.exe
2013-08-17 10:08 - 2009-11-26 16:41 - 00000000 ____D C:\Users\PM\Tracing
2013-08-17 08:44 - 2013-08-17 08:42 - 00075013 _____ C:\AdwCleaner[S1].txt
2013-08-17 08:44 - 2013-08-17 08:42 - 00000157 _____ C:\Windows\DeleteOnReboot.bat
2013-08-17 08:20 - 2010-01-31 08:56 - 00001098 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-08-17 08:19 - 2008-08-25 22:46 - 00000412 ____H C:\Windows\Tasks\User_Feed_Synchronization-{45D4D7FF-D19B-4345-8B4E-5C1638791C24}.job
2013-08-17 00:21 - 2013-08-17 00:21 - 00000000 ____D C:\_OTL
2013-08-16 23:55 - 2013-08-16 23:55 - 00000000 ____D C:\FRST
2013-08-16 23:07 - 2009-08-30 14:52 - 00000000 ____D C:\Ablage Wolfgang
2013-08-16 22:26 - 2009-12-03 22:53 - 00000000 ____D C:\Users\PM\AppData\Roaming\WinTrack
2013-08-16 20:07 - 2013-08-16 20:07 - 00000000 ____D C:\Users\PM\Desktop\Wintrack
2013-08-16 19:26 - 2013-08-16 19:26 - 00000527 _____ C:\Users\PM\Desktop\Denis - Verknüpfung.lnk
2013-08-16 19:26 - 2010-08-22 17:55 - 00000000 ____D C:\Denis
2013-08-16 19:24 - 2013-08-16 19:23 - 00000000 ____D C:\Users\PM\Desktop\Bewerbung
2013-08-16 19:23 - 2013-08-16 19:23 - 00000000 ____D C:\Users\PM\Desktop\Anschreiben, Status
2013-08-16 18:32 - 2013-08-16 06:30 - 00043352 _____ C:\Extras.Txt
2013-08-16 13:33 - 2007-06-18 13:21 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-08-16 13:33 - 2006-11-02 12:24 - 75778376 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2013-08-16 13:32 - 2006-11-02 12:23 - 00000277 _____ C:\Windows\win.ini
2013-08-16 06:34 - 2013-08-16 06:34 - 00080248 _____ C:\OTL1.txt
2013-08-16 06:34 - 2013-08-16 06:34 - 00034466 _____ C:\Extras1.txt
2013-08-15 17:50 - 2008-03-09 14:34 - 00026624 _____ C:\Users\PM\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-08-15 10:46 - 2013-08-15 10:46 - 83665920 _____ C:\Users\PM\Downloads\NIS60dDE.exe
2013-08-15 10:46 - 2013-08-15 10:46 - 83665920 _____ C:\Users\PM\Downloads\Nicht bestätigt 613529.crdownload
2013-08-15 10:46 - 2013-08-15 10:46 - 83665920 _____ C:\Users\PM\Downloads\Nicht bestätigt 281099.crdownload
2013-08-15 10:43 - 2011-06-08 16:38 - 00001356 _____ C:\Users\PM\AppData\Local\d3d9caps.dat
2013-08-14 23:33 - 2013-08-14 23:33 - 00000000 ____D C:\Program Files\Common Files\Bitdefender
2013-08-13 21:37 - 2007-06-18 13:20 - 00000000 ____D C:\Program Files\Microsoft Office
2013-08-13 11:54 - 2012-11-06 00:00 - 00000000 ____D C:\Users\PM\AppData\Local\Paint.NET
2013-08-13 09:35 - 2007-09-01 16:02 - 00000000 ____D C:\Users\PM\AppData\Local\Google
2013-08-12 19:39 - 2013-08-12 19:39 - 00460800 __RSH C:\Windows\system32\KBDYCLP.dll
2013-08-06 13:55 - 2013-08-06 13:55 - 00004096 ____H C:\Users\PM\AppData\Local\keyfile3.drm
2013-07-31 08:13 - 2007-09-01 16:01 - 00108136 _____ C:\Users\PM\AppData\Local\GDIPFONTCACHEV1.DAT
2013-07-31 08:11 - 2006-11-02 14:47 - 00400344 _____ C:\Windows\system32\FNTCACHE.DAT
2013-07-22 13:02 - 2012-02-21 20:01 - 00000310 _____ C:\Windows\Tasks\HPCeeScheduleForPM.job

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-08-17 16:54

==================== End Of Log ============================
--- --- ---



Gruß Roland

aharonov 17.08.2013 16:24
So, dann jetzt so weiter:
(Immer noch aufs Surfen verzichten, um eine erneute Re-Infektion zu vermeiden.)


Schritt 1

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
2013-08-12 19:39 - 2013-08-12 19:39 - 00460800 __RSH C:\Windows\system32\KBDYCLP.dll
2013-08-12 19:39 - 2013-08-17 17:29 - 00000304 _____ C:\Windows\Tasks\pmrsud.job
2013-08-17 10:43 - 2013-08-17 10:43 - 00000713 _____ C:\Users\PM\Desktop\Internet Security 2013.lnk
SearchScopes: HKLM - {9a216821-0ec5-49a3-85ac-fb72ae79a1e8} URL = hxxp://search.tb.ask.com/search/GGmain.jhtml?p2=^Y6^xdm043^YYA^de&si=swissconverter&ptb=D1881E25-0032-4500-A85B-49180ECAE22D&ind=2013070915&n=77fd0643&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKCU - DefaultScope {9a216821-0ec5-49a3-85ac-fb72ae79a1e8} URL = hxxp://search.tb.ask.com/search/GGmain.jhtml?p2=^Y6^xdm043^YYA^de&si=swissconverter&ptb=D1881E25-0032-4500-A85B-49180ECAE22D&ind=2013070915&n=77fd0643&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKCU - {9a216821-0ec5-49a3-85ac-fb72ae79a1e8} URL = hxxp://search.tb.ask.com/search/GGmain.jhtml?p2=^Y6^xdm043^YYA^de&si=swissconverter&ptb=D1881E25-0032-4500-A85B-49180ECAE22D&ind=2013070915&n=77fd0643&psa=&st=sb&searchfor={searchTerms}

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.




Schritt 2

Lade SystemLook (von jpshortstuff) herunter und speichere das Tool auf dem Desktop.
  • Doppelklicke auf die SystemLook.exe, um das Tool zu starten.
    Vista und Win7 User: Rechtsklick und "als Administrator starten".
  • Kopiere den Inhalt der folgenden Codebox in das Textfeld des Tools:

    Code:
    :filefind
    *FromDocToPDF*

    :folderfind
    *FromDocToPDF*

    :regfind
    FromDocToPDF
  • Klicke nun auf den Button Look, um den Scan zu starten.
  • Wenn der Suchlauf beendet ist, wird sich dein Editor mit den Ergebnissen öffnen. Poste diese in deinen Thread.
  • Das Log-File wird auch auf dem Desktop als SystemLook.txt gespeichert.



Schritt 3

Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.




Bitte poste in deiner nächsten Antwort:
  • Fixlog von FRST
  • Log von SystemLook
  • Log von MBAM

kleiner Wolf 17.08.2013 17:52
Hallo Leo,

hier die Ergebnisse.

Schritt 1

Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 16-08-2013
Ran by PM at 2013-08-17 17:49:25 Run:1
Running from C:\Users\PM\Desktop
Boot Mode: Safe Mode (with Networking)

==============================================

Content of fixlist:
*****************
2013-08-12 19:39 - 2013-08-12 19:39 - 00460800 __RSH C:\Windows\system32\KBDYCLP.dll 2013-08-12 19:39 - 2013-08-17 17:29 - 00000304 _____ C:\Windows\Tasks\pmrsud.job 2013-08-17 10:43 - 2013-08-17 10:43 - 00000713 _____ C:\Users\PM\Desktop\Internet Security 2013.lnk SearchScopes: HKLM - {9a216821-0ec5-49a3-85ac-fb72ae79a1e8} URL = hxxp://search.tb.ask.com/search/GGmain.jhtml?p2=^Y6^xdm043^YYA^de&si=swissconverter&ptb=D1881E25-0032-4500-A85B-49180ECAE22D&ind=2013070915&n=77fd0643&psa=&st=sb&searchfor={searchTerms} SearchScopes: HKCU - DefaultScope {9a216821-0ec5-49a3-85ac-fb72ae79a1e8} URL = hxxp://search.tb.ask.com/search/GGmain.jhtml?p2=^Y6^xdm043^YYA^de&si=swissconverter&ptb=D1881E25-0032-4500-A85B-49180ECAE22D&ind=2013070915&n=77fd0643&psa=&st=sb&searchfor={searchTerms} SearchScopes: HKCU - {9a216821-0ec5-49a3-85ac-fb72ae79a1e8} URL = hxxp://search.tb.ask.com/search/GGmain.jhtml?p2=^Y6^xdm043^YYA^de&si=swissconverter&ptb=D1881E25-0032-4500-A85B-49180ECAE22D&ind=2013070915&n=77fd0643&psa=&st=sb&searchfor={searchTerms}


*****************

HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
"C:\Users\PM\Desktop\Internet Security 2013.lnk SearchScopes: HKLM - {9a216821-0ec5-49a3-85ac-fb72ae79a1e8} URL = hxxp://search.tb.ask.com/search/GGmain.jhtml?p2=^Y6^xdm043^YYA^de&si=swissconverter&ptb=D1881E25-0032-4500-A85B-49180ECAE22D&ind=2013070915&n=77fd0643&psa=&st=sb&searchfor={searchTerms} SearchScopes: HKCU - DefaultScope {9a216821-0ec5-49a3-85ac-fb72ae79a1e8} URL = hxxp://search.tb.ask.com/search/GGmain.jhtml?p2=^Y6^xdm043^YYA^de&si=swissconverter&ptb=D1881E25-0032-4500-A85B-49180ECAE22D&ind=2013070915&n=77fd0643&psa=&st=sb&searchfor={searchTerms} SearchScopes: HKCU - {9a216821-0ec5-49a3-85ac-fb72ae79a1e8} URL = hxxp://search.tb.ask.com/search/GGmain.jhtml?p2=^Y6^xdm043^YYA^de&si=swissconverter&ptb=D1881E25-0032-4500-A85B-49180ECAE22D&ind=2013070915&n=77fd0643&psa=&st=sb&searchfor={searchTerms} " => File/Directory not found.

==== End of Fixlog ====
Schritt 2

Code:
SystemLook 30.07.11 by jpshortstuff
Log created at 18:24 on 17/08/2013 by PM
Administrator - Elevation successful

========== filefind ==========

Searching for "*FromDocToPDF*"
C:\Users\PM\AppData\Roaming\Microsoft\Windows\Cookies\Low\pm@fromdoctopdf[2].txt        --a---- 477 bytes        [19:17 09/07/2013]        [19:18 09/07/2013] E77392F1B487BF1E615A86589A63B0E6

========== folderfind ==========

Searching for "*FromDocToPDF*"
C:\Program Files\FromDocToPDF_65        d------        [19:17 09/07/2013]
C:\Users\PM\AppData\LocalLow\FromDocToPDF_65        d------        [06:45 17/08/2013]

========== regfind ==========

Searching for "FromDocToPDF"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\FromDocToPDF_65]
[HKEY_CURRENT_USER\Software\AppDataLow\Software\FromDocToPDF_65\bar]
"SettingsDir"="C:\Users\PM\AppData\LocalLow\FromDocToPDF_65\bar\Settings\"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\FromDocToPDF_65\bar]
"CacheDir"="C:\Users\PM\AppData\LocalLow\FromDocToPDF_65\bar\Cache\"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\FromDocToPDF_65\bar]
"HistoryDir"="C:\Users\PM\AppData\LocalLow\FromDocToPDF_65\bar\History\"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\FromDocToPDF_65\bar]
"SkinsDirLowIL"="C:\Users\PM\AppData\LocalLow\FromDocToPDF_65\bar\"
[HKEY_CURRENT_USER\Software\FromDocToPDF_65]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\FromDocToPDF_65bar Uninstall Firefox]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\FromDocToPDF_65bar Uninstall Internet Explorer]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{017d68f2-19b3-41ae-9d8a-8b09dbd25479}\InprocServer32]
@="C:\Program Files\FromDocToPDF_65\bar\1.bin\65mlbtn.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{017d68f2-19b3-41ae-9d8a-8b09dbd25479}\ProgID]
@="FromDocToPDF_65.MultipleButton.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{017d68f2-19b3-41ae-9d8a-8b09dbd25479}\VersionIndependentProgID]
@="FromDocToPDF_65.MultipleButton"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2bd4465d-669a-42e6-b449-636b0b10ebb8}]
@="FromDocToPDF Third Party Installer"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2bd4465d-669a-42e6-b449-636b0b10ebb8}\InprocServer32]
@="C:\Program Files\FromDocToPDF_65\bar\1.bin\65tpinst.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2bd4465d-669a-42e6-b449-636b0b10ebb8}\ProgID]
@="FromDocToPDF_65.ThirdPartyInstaller.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2bd4465d-669a-42e6-b449-636b0b10ebb8}\VersionIndependentProgID]
@="FromDocToPDF_65.ThirdPartyInstaller"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3700b685-d795-4e17-9b78-73bcee5d4086}\InprocServer32]
@="C:\Program Files\FromDocToPDF_65\bar\1.bin\65script.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3700b685-d795-4e17-9b78-73bcee5d4086}\ProgID]
@="FromDocToPDF_65.ScriptButton.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3700b685-d795-4e17-9b78-73bcee5d4086}\VersionIndependentProgID]
@="FromDocToPDF_65.ScriptButton"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3e6260ac-bc6f-44b4-942b-1568c367543a}\InprocServer32]
@="C:\Program Files\FromDocToPDF_65\bar\1.bin\65skin.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4ffa72ec-9fd9-4b2b-92a5-68b60885fd8a}\InprocServer32]
@="C:\Program Files\FromDocToPDF_65\bar\1.bin\65httpct.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{504b4aa9-9952-4490-b0e1-80a5321c35f7}\InprocServer32]
@="C:\Program Files\FromDocToPDF_65\bar\1.bin\65radio.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{504b4aa9-9952-4490-b0e1-80a5321c35f7}\ProgID]
@="FromDocToPDF_65.RadioSettings.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{504b4aa9-9952-4490-b0e1-80a5321c35f7}\VersionIndependentProgID]
@="FromDocToPDF_65.RadioSettings"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72d05120-df65-4c27-921e-899b5267fef2}\InprocServer32]
@="C:\Program Files\FromDocToPDF_65\bar\1.bin\65dlghk.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8ad40e5e-9fd9-4f5e-b4d1-ddf2c921dce3}\InprocServer32]
@="C:\Program Files\FromDocToPDF_65\bar\1.bin\65msg.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8ad40e5e-9fd9-4f5e-b4d1-ddf2c921dce3}\ProgID]
@="FromDocToPDF_65.XMLSessionPlugin.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8ad40e5e-9fd9-4f5e-b4d1-ddf2c921dce3}\VersionIndependentProgID]
@="FromDocToPDF_65.XMLSessionPlugin"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a0cf6cb9-2276-4f30-b841-05a67067ace0}\InprocServer32]
@="C:\Program Files\FromDocToPDF_65\bar\1.bin\65uabtn.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a0cf6cb9-2276-4f30-b841-05a67067ace0}\ProgID]
@="FromDocToPDF_65.UrlAlertButton.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a0cf6cb9-2276-4f30-b841-05a67067ace0}\VersionIndependentProgID]
@="FromDocToPDF_65.UrlAlertButton"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ae84501a-2cb6-41d6-b3a7-9679bdbdfa0b}\InprocServer32]
@="C:\Program Files\FromDocToPDF_65\bar\1.bin\65bprtct.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ae84501a-2cb6-41d6-b3a7-9679bdbdfa0b}\ProgID]
@="FromDocToPDF_65.ToolbarProtector.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ae84501a-2cb6-41d6-b3a7-9679bdbdfa0b}\VersionIndependentProgID]
@="FromDocToPDF_65.ToolbarProtector"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afa196f4-80e5-47ad-b7bc-c671487d36fb}\InprocServer32]
@="C:\Program Files\FromDocToPDF_65\bar\1.bin\65datact.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b7fd68f7-d28b-431e-9ee8-e45d915b7f17}\InprocServer32]
@="C:\Program Files\FromDocToPDF_65\bar\1.bin\65radio.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b7fd68f7-d28b-431e-9ee8-e45d915b7f17}\ProgID]
@="FromDocToPDF_65.Radio.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b7fd68f7-d28b-431e-9ee8-e45d915b7f17}\VersionIndependentProgID]
@="FromDocToPDF_65.Radio"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bc7e25d7-4681-46a3-af5a-9a1b865783ed}\InprocServer32]
@="C:\Program Files\FromDocToPDF_65\bar\1.bin\65bar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bc7e25d7-4681-46a3-af5a-9a1b865783ed}\ProgID]
@="FromDocToPDF_65.SettingsPlugin.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bc7e25d7-4681-46a3-af5a-9a1b865783ed}\VersionIndependentProgID]
@="FromDocToPDF_65.SettingsPlugin"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cbbea4b9-b183-47ac-8b1f-fd526ac99a8d}\InprocServer32]
@="C:\Program Files\FromDocToPDF_65\bar\1.bin\65skin.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cbbea4b9-b183-47ac-8b1f-fd526ac99a8d}\ProgID]
@="FromDocToPDF_65.PseudoTransparentPlugin.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cbbea4b9-b183-47ac-8b1f-fd526ac99a8d}\VersionIndependentProgID]
@="FromDocToPDF_65.PseudoTransparentPlugin"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cd1d181e-c654-4ca5-9d09-b3648537fd7d}\InprocServer32]
@="C:\Program Files\FromDocToPDF_65\bar\1.bin\65feedmg.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cd1d181e-c654-4ca5-9d09-b3648537fd7d}\ProgID]
@="FromDocToPDF_65.FeedManager.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cd1d181e-c654-4ca5-9d09-b3648537fd7d}\VersionIndependentProgID]
@="FromDocToPDF_65.FeedManager"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e0c3a839-0e5e-4ebc-9f8f-e56f8fc732ce}\InprocServer32]
@="C:\Program Files\FromDocToPDF_65\bar\1.bin\65skin.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e1c4699e-5e74-4f30-a4a2-378e45d44f07}]
@="FromDocToPDF_65 HTML"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e1c4699e-5e74-4f30-a4a2-378e45d44f07}\InprocServer32]
@="C:\Program Files\FromDocToPDF_65\bar\1.bin\T8HTML.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e1c4699e-5e74-4f30-a4a2-378e45d44f07}\ProgID]
@="FromDocToPDF_65.HTMLPanel.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e1c4699e-5e74-4f30-a4a2-378e45d44f07}\VersionIndependentProgID]
@="FromDocToPDF_65.HTMLPanel"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f96ee2ef-fe15-4878-aecd-bc367f12c70f}\InprocServer32]
@="C:\Program Files\FromDocToPDF_65\bar\1.bin\65dyn.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f96ee2ef-fe15-4878-aecd-bc367f12c70f}\ProgID]
@="FromDocToPDF_65.DynamicBarButton.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f96ee2ef-fe15-4878-aecd-bc367f12c70f}\VersionIndependentProgID]
@="FromDocToPDF_65.DynamicBarButton"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FC2B119B-2352-4E7A-9197-B9E1BBADE61B}]
@="FromDocToPDF_65 HTML Menu"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FC2B119B-2352-4E7A-9197-B9E1BBADE61B}\InprocServer32]
@="C:\Program Files\FromDocToPDF_65\bar\1.bin\65htmlmu.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FC2B119B-2352-4E7A-9197-B9E1BBADE61B}\ProgID]
@="FromDocToPDF_65.HTMLMenu.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FC2B119B-2352-4E7A-9197-B9E1BBADE61B}\VersionIndependentProgID]
@="FromDocToPDF_65.HTMLMenu"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FromDocToPDF_65.DynamicBarButton]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FromDocToPDF_65.DynamicBarButton\CurVer]
@="FromDocToPDF_65.DynamicBarButton.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FromDocToPDF_65.DynamicBarButton.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FromDocToPDF_65.FeedManager]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FromDocToPDF_65.FeedManager\CurVer]
@="FromDocToPDF_65.FeedManager.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FromDocToPDF_65.FeedManager.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FromDocToPDF_65.HTMLMenu]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FromDocToPDF_65.HTMLMenu]
@="FromDocToPDF_65 HTML Menu"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FromDocToPDF_65.HTMLMenu\CurVer]
@="FromDocToPDF_65.HTMLMenu.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FromDocToPDF_65.HTMLMenu.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FromDocToPDF_65.HTMLMenu.1]
@="FromDocToPDF_65 HTML Menu"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FromDocToPDF_65.HTMLPanel]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FromDocToPDF_65.HTMLPanel]
@="FromDocToPDF_65 HTML Panel"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FromDocToPDF_65.HTMLPanel\CurVer]
@="FromDocToPDF_65.HTMLPanel.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FromDocToPDF_65.HTMLPanel.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FromDocToPDF_65.HTMLPanel.1]
@="FromDocToPDF_65 HTML Panel"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FromDocToPDF_65.MultipleButton]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FromDocToPDF_65.MultipleButton\CurVer]
@="FromDocToPDF_65.MultipleButton.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FromDocToPDF_65.MultipleButton.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FromDocToPDF_65.PseudoTransparentPlugin]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FromDocToPDF_65.PseudoTransparentPlugin\CurVer]
@="FromDocToPDF_65.PseudoTransparentPlugin.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FromDocToPDF_65.PseudoTransparentPlugin.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FromDocToPDF_65.Radio]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FromDocToPDF_65.Radio\CurVer]
@="FromDocToPDF_65.Radio.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FromDocToPDF_65.Radio.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FromDocToPDF_65.RadioSettings]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FromDocToPDF_65.RadioSettings\CurVer]
@="FromDocToPDF_65.RadioSettings.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FromDocToPDF_65.RadioSettings.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FromDocToPDF_65.ScriptButton]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FromDocToPDF_65.ScriptButton\CurVer]
@="FromDocToPDF_65.ScriptButton.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FromDocToPDF_65.ScriptButton.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FromDocToPDF_65.SettingsPlugin]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FromDocToPDF_65.SettingsPlugin\CurVer]
@="FromDocToPDF_65.SettingsPlugin.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FromDocToPDF_65.SettingsPlugin.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FromDocToPDF_65.SkinLauncher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FromDocToPDF_65.SkinLauncher\CurVer]
@="FromDocToPDF_65.SkinLauncher.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FromDocToPDF_65.SkinLauncher.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FromDocToPDF_65.SkinLauncherSettings]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FromDocToPDF_65.SkinLauncherSettings\CurVer]
@="FromDocToPDF_65.SkinLauncherSettings.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FromDocToPDF_65.SkinLauncherSettings.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FromDocToPDF_65.ThirdPartyInstaller]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FromDocToPDF_65.ThirdPartyInstaller]
@="FromDocToPDF Third Party Installer"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FromDocToPDF_65.ThirdPartyInstaller\CurVer]
@="FromDocToPDF_65.ThirdPartyInstaller.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FromDocToPDF_65.ThirdPartyInstaller.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FromDocToPDF_65.ThirdPartyInstaller.1]
@="FromDocToPDF Third Party Installer"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FromDocToPDF_65.ToolbarProtector]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FromDocToPDF_65.ToolbarProtector\CurVer]
@="FromDocToPDF_65.ToolbarProtector.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FromDocToPDF_65.ToolbarProtector.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FromDocToPDF_65.UrlAlertButton]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FromDocToPDF_65.UrlAlertButton\CurVer]
@="FromDocToPDF_65.UrlAlertButton.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FromDocToPDF_65.UrlAlertButton.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FromDocToPDF_65.XMLSessionPlugin]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FromDocToPDF_65.XMLSessionPlugin\CurVer]
@="FromDocToPDF_65.XMLSessionPlugin.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FromDocToPDF_65.XMLSessionPlugin.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{1747AE4D-0A83-4336-84D4-48500BF1554F}\1.0\0\win32]
@="C:\Program Files\FromDocToPDF_65\bar\1.bin\t8res.dll\405"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{1747AE4D-0A83-4336-84D4-48500BF1554F}\1.0\HELPDIR]
@="C:\Program Files\FromDocToPDF_65\bar\1.bin"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{2C9D27D8-C81E-4968-8026-E725E01650C1}\1.0\0\win32]
@="C:\Program Files\FromDocToPDF_65\bar\1.bin\t8res.dll\625"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{2C9D27D8-C81E-4968-8026-E725E01650C1}\1.0\HELPDIR]
@="C:\Program Files\FromDocToPDF_65\bar\1.bin"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{3BB1BA04-1B88-4690-9AD3-0D38412F5FF1}\1.0\0\win32]
@="C:\Program Files\FromDocToPDF_65\bar\1.bin\t8res.dll\1003"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{3BB1BA04-1B88-4690-9AD3-0D38412F5FF1}\1.0\HELPDIR]
@="C:\Program Files\FromDocToPDF_65\bar\1.bin"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{3EFEC319-72E8-42AA-AC38-8CF8A0661CDD}\1.0\0\win32]
@="C:\Program Files\FromDocToPDF_65\bar\1.bin\t8res.dll\1506"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{3EFEC319-72E8-42AA-AC38-8CF8A0661CDD}\1.0\HELPDIR]
@="C:\Program Files\FromDocToPDF_65\bar\1.bin"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{4D8AEB1D-4ED4-44AC-A039-4775B2575DB0}\1.0\0\win32]
@="C:\Program Files\FromDocToPDF_65\bar\1.bin\t8res.dll\1807"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{4D8AEB1D-4ED4-44AC-A039-4775B2575DB0}\1.0\HELPDIR]
@="C:\Program Files\FromDocToPDF_65\bar\1.bin"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{542EAC56-BF4B-46A7-943E-0A4C2CBA34EA}\1.0\0\win32]
@="C:\Program Files\FromDocToPDF_65\bar\1.bin\t8res.dll\1306"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{542EAC56-BF4B-46A7-943E-0A4C2CBA34EA}\1.0\HELPDIR]
@="C:\Program Files\FromDocToPDF_65\bar\1.bin"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{6191571E-F7EE-47C3-B229-2DFAC70DB5D2}\1.0\0\win32]
@="C:\Program Files\FromDocToPDF_65\bar\1.bin\t8res.dll\1104"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{6191571E-F7EE-47C3-B229-2DFAC70DB5D2}\1.0\HELPDIR]
@="C:\Program Files\FromDocToPDF_65\bar\1.bin"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{74C02D12-FAEE-4834-80D2-5B7D2480AD61}\1.0\0\win32]
@="C:\Program Files\FromDocToPDF_65\bar\1.bin\t8res.dll\626"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{74C02D12-FAEE-4834-80D2-5B7D2480AD61}\1.0\HELPDIR]
@="C:\Program Files\FromDocToPDF_65\bar\1.bin"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{840AE8AE-D547-433E-985C-6BF6C74F5084}\1.0\0\win32]
@="C:\Program Files\FromDocToPDF_65\bar\1.bin\t8res.dll\905"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{840AE8AE-D547-433E-985C-6BF6C74F5084}\1.0\HELPDIR]
@="C:\Program Files\FromDocToPDF_65\bar\1.bin"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{A85ACA7E-5CD2-461B-877A-994CCCCF491C}\1.0\0\win32]
@="C:\Program Files\FromDocToPDF_65\bar\1.bin\t8res.dll\100"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{A85ACA7E-5CD2-461B-877A-994CCCCF491C}\1.0\HELPDIR]
@="C:\Program Files\FromDocToPDF_65\bar\1.bin"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{BF6FDBB8-7CD5-402D-AB4F-E4F13D3490C8}\1.0\0\win32]
@="C:\Program Files\FromDocToPDF_65\bar\1.bin\t8res.dll\1406"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{BF6FDBB8-7CD5-402D-AB4F-E4F13D3490C8}\1.0\HELPDIR]
@="C:\Program Files\FromDocToPDF_65\bar\1.bin"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{E3CDDB72-3ADC-4920-B42B-68A8C29FA942}\1.0\0\win32]
@="C:\Program Files\FromDocToPDF_65\bar\1.bin\t8res.dll\1604"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{E3CDDB72-3ADC-4920-B42B-68A8C29FA942}\1.0\HELPDIR]
@="C:\Program Files\FromDocToPDF_65\bar\1.bin"
[HKEY_LOCAL_MACHINE\SOFTWARE\FromDocToPDF_65]
[HKEY_LOCAL_MACHINE\SOFTWARE\FromDocToPDF_65\bar]
"un"="FromDocToPDF"
[HKEY_LOCAL_MACHINE\SOFTWARE\FromDocToPDF_65\bar]
"Dir"="C:\Program Files\FromDocToPDF_65\bar\"
[HKEY_LOCAL_MACHINE\SOFTWARE\FromDocToPDF_65\bar]
"UninstallString"=""C:\Program Files\FromDocToPDF_65\bar\1.bin\65highin.exe" 65bar.dll,O uninstalltype="IE""
[HKEY_LOCAL_MACHINE\SOFTWARE\FromDocToPDF_65\bar]
"PluginPath"="C:\Program Files\FromDocToPDF_65\bar\1.bin\"
[HKEY_LOCAL_MACHINE\SOFTWARE\FromDocToPDF_65\bar]
"SettingsDir"="C:\Program Files\FromDocToPDF_65\bar\Settings\"
[HKEY_LOCAL_MACHINE\SOFTWARE\FromDocToPDF_65\bar]
"HistoryDir"="C:\Program Files\FromDocToPDF_65\bar\History\"
[HKEY_LOCAL_MACHINE\SOFTWARE\FromDocToPDF_65\SkinTools]
"PlayerPath"=""C:\Program Files\FromDocToPDF_65\bar\1.bin\65SkPlay.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{36b445bf-1b84-466a-a623-a360a8cff8c3}]
"AppPath"="C:\Program Files\FromDocToPDF_65\bar\1.bin"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6cbf5c01-c876-481b-867e-111cb1d2a7d6}]
"AppPath"="C:\Program Files\FromDocToPDF_65\bar\1.bin"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{701f5c41-bb30-46da-a56b-68784b0b762b}]
"AppPath"="C:\Program Files\FromDocToPDF_65\bar\1.bin"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{a3b975a0-f679-444e-9d94-6d292fa53140}]
"AppPath"="C:\Program Files\FromDocToPDF_65\bar\1.bin"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d97143c2-4282-496b-bdc4-7ec852f1497c}]
"AppPath"="C:\Program Files\FromDocToPDF_65\bar\1.bin"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{e0c3a839-0e5e-4ebc-9f8f-e56f8fc732ce}]
"AppPath"="C:\Program Files\FromDocToPDF_65\bar\1.bin"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FromDocToPDF Search Scope Monitor"=""C:\PROGRA~1\FROMDO~2\bar\1.bin\65srchmn.exe" /m=2 /w /h"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FromDocToPDF_65 Browser Plugin Loader"="C:\PROGRA~1\FROMDO~2\bar\1.bin\65brmon.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FromDocToPDF_65bar Uninstall Firefox]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FromDocToPDF_65bar Uninstall Firefox]
"DisplayName"="FromDocToPDF Firefox Toolbar"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FromDocToPDF_65bar Uninstall Firefox]
"UninstallString"="rundll32 "C:\Program Files\FromDocToPDF_65\bar\1.bin\65Bar.dll",O mindsparktoolbarkey="FromDocToPDF_65" uninstalltype="FF""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FromDocToPDF_65bar Uninstall Internet Explorer]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FromDocToPDF_65bar Uninstall Internet Explorer]
"DisplayName"="FromDocToPDF Internet Explorer Toolbar"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FromDocToPDF_65bar Uninstall Internet Explorer]
"UninstallString"="rundll32 "C:\Program Files\FromDocToPDF_65\bar\1.bin\65Bar.dll",O mindsparktoolbarkey="FromDocToPDF_65" uninstalltype="IE""
[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions]
"65ffxtbr@FromDocToPDF_65.com"="C:\Program Files\FromDocToPDF_65\bar\1.bin"
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@FromDocToPDF_65.com/Plugin]
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@FromDocToPDF_65.com/Plugin]
"Description"="FromDocToPDF Plugin"
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@FromDocToPDF_65.com/Plugin]
"Path"="C:\Program Files\FromDocToPDF_65\bar\1.bin\NP65Stub.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@FromDocToPDF_65.com/Plugin]
"vendor"="FromDocToPDF_65"
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@FromDocToPDF_65.com/Plugin\MimeTypes\application/x-fromdoctopdf_65plugin]
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@FromDocToPDF_65.com/Plugin\MimeTypes\application/x-fromdoctopdf_65plugin]
"Description"="FromDocToPDF Plugin"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\FromDocToPDF_65Service]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\FromDocToPDF_65Service]
"DisplayName"="FromDocToPDFService"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\FromDocToPDF_65Service]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\FromDocToPDF_65Service]
"DisplayName"="FromDocToPDFService"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\FromDocToPDF_65Service]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\FromDocToPDF_65Service]
"DisplayName"="FromDocToPDFService"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\FromDocToPDF_65Service]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\FromDocToPDF_65Service]
"DisplayName"="FromDocToPDFService"
[HKEY_USERS\S-1-5-21-1644527311-4281704627-1724655704-1000\Software\AppDataLow\Software\FromDocToPDF_65]
[HKEY_USERS\S-1-5-21-1644527311-4281704627-1724655704-1000\Software\AppDataLow\Software\FromDocToPDF_65\bar]
"SettingsDir"="C:\Users\PM\AppData\LocalLow\FromDocToPDF_65\bar\Settings\"
[HKEY_USERS\S-1-5-21-1644527311-4281704627-1724655704-1000\Software\AppDataLow\Software\FromDocToPDF_65\bar]
"CacheDir"="C:\Users\PM\AppData\LocalLow\FromDocToPDF_65\bar\Cache\"
[HKEY_USERS\S-1-5-21-1644527311-4281704627-1724655704-1000\Software\AppDataLow\Software\FromDocToPDF_65\bar]
"HistoryDir"="C:\Users\PM\AppData\LocalLow\FromDocToPDF_65\bar\History\"
[HKEY_USERS\S-1-5-21-1644527311-4281704627-1724655704-1000\Software\AppDataLow\Software\FromDocToPDF_65\bar]
"SkinsDirLowIL"="C:\Users\PM\AppData\LocalLow\FromDocToPDF_65\bar\"
[HKEY_USERS\S-1-5-21-1644527311-4281704627-1724655704-1000\Software\FromDocToPDF_65]
[HKEY_USERS\S-1-5-21-1644527311-4281704627-1724655704-1000\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\FromDocToPDF_65bar Uninstall Firefox]
[HKEY_USERS\S-1-5-21-1644527311-4281704627-1724655704-1000\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\FromDocToPDF_65bar Uninstall Internet Explorer]

-= EOF =-
Schritt 3

Code:
Malwarebytes Anti-Malware (Test) 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.04.04.07

Windows Vista Service Pack 1 x86 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 7.0.6001.18000
PM :: PM-PC [Administrator]

Schutz: Deaktiviert

17.08.2013 18:37:12
mbam-log-2013-08-17 (18-37-12).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 213105
Laufzeit: 5 Minute(n), 26 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
Gruß Roland

aharonov 17.08.2013 18:24
Hallo Roland,

der FRST-Fix hat nicht ganz geklappt. Ich hab hier einen neuen für dich. Achte dieses Mal bitte darauf, dass in deinem Fixskript, dass du von hier kopierst, die Zeilenumbrüche vorhanden sind, so dass jede Angabe auf einer eigenen Zeile steht.


Schritt 1
  • Gehe zu Start --> Systemsteuerung und öffne Programme und Funktionen.
  • Suche und deinstalliere dort der Reihe nach folgende Einträge:
    • FromDocToPDF Firefox Toolbar
    • FromDocToPDF Internet Explorer Toolbar
  • Schliesse das Fenster wieder und führe einen Neustart durch, wenn das gefordert wurde.



Schritt 2

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
2013-08-12 19:39 - 2013-08-12 19:39 - 00460800 __RSH C:\Windows\system32\KBDYCLP.dll
2013-08-12 19:39 - 2013-08-17 17:29 - 00000304 _____ C:\Windows\Tasks\pmrsud.job
2013-08-17 10:43 - 2013-08-17 10:43 - 00000713 _____ C:\Users\PM\Desktop\Internet Security 2013.lnk
SearchScopes: HKLM - {9a216821-0ec5-49a3-85ac-fb72ae79a1e8} URL = hxxp://search.tb.ask.com/search/GGmain.jhtml?p2=^Y6^xdm043^YYA^de&si=swissconverter&ptb=D1881E25-0032-4500-A85B-49180ECAE22D&ind=2013070915&n=77fd0643&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKCU - DefaultScope {9a216821-0ec5-49a3-85ac-fb72ae79a1e8} URL = hxxp://search.tb.ask.com/search/GGmain.jhtml?p2=^Y6^xdm043^YYA^de&si=swissconverter&ptb=D1881E25-0032-4500-A85B-49180ECAE22D&ind=2013070915&n=77fd0643&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKCU - {9a216821-0ec5-49a3-85ac-fb72ae79a1e8} URL = hxxp://search.tb.ask.com/search/GGmain.jhtml?p2=^Y6^xdm043^YYA^de&si=swissconverter&ptb=D1881E25-0032-4500-A85B-49180ECAE22D&ind=2013070915&n=77fd0643&psa=&st=sb&searchfor={searchTerms}
CHR Plugin: (MindSpark Toolbar Platform Plugin Stub) - C:\Program Files\FromDocToPDF_65\bar\1.bin\NP65Stub.dll (MindSpark)
C:\Program Files\FromDocToPDF_65
C:\Users\PM\AppData\LocalLow\FromDocToPDF_65
REG: reg delete "HKCU\Software\AppDataLow\Software\FromDocToPDF_65" /f
REG: reg delete "HKCU\Software\FromDocToPDF_65" /f
REG: reg delete "HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\FromDocToPDF_65bar Uninstall Firefox" /f
REG: reg delete "HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\FromDocToPDF_65bar Uninstall Internet Explorer" /f
REG: reg delete "HKLM\SOFTWARE\Classes\CLSID\{017d68f2-19b3-41ae-9d8a-8b09dbd25479}" /f
REG: reg delete "HKLM\SOFTWARE\Classes\CLSID\{2bd4465d-669a-42e6-b449-636b0b10ebb8}" /f
REG: reg delete "HKLM\SOFTWARE\Classes\CLSID\{3700b685-d795-4e17-9b78-73bcee5d4086}" /f
REG: reg delete "HKLM\SOFTWARE\Classes\CLSID\{3e6260ac-bc6f-44b4-942b-1568c367543a}" /f
REG: reg delete "HKLM\SOFTWARE\Classes\CLSID\{504b4aa9-9952-4490-b0e1-80a5321c35f7}" /f
REG: reg delete "HKLM\SOFTWARE\Classes\CLSID\{72d05120-df65-4c27-921e-899b5267fef2}" /f
REG: reg delete "HKLM\SOFTWARE\Classes\CLSID\{8ad40e5e-9fd9-4f5e-b4d1-ddf2c921dce3}" /f
REG: reg delete "HKLM\SOFTWARE\Classes\CLSID\{a0cf6cb9-2276-4f30-b841-05a67067ace0}" /f
REG: reg delete "HKLM\SOFTWARE\Classes\CLSID\{ae84501a-2cb6-41d6-b3a7-9679bdbdfa0b}" /f
REG: reg delete "HKLM\SOFTWARE\Classes\CLSID\{afa196f4-80e5-47ad-b7bc-c671487d36fb}" /f
REG: reg delete "HKLM\SOFTWARE\Classes\CLSID\{b7fd68f7-d28b-431e-9ee8-e45d915b7f17}" /f
REG: reg delete "HKLM\SOFTWARE\Classes\CLSID\{bc7e25d7-4681-46a3-af5a-9a1b865783ed}" /f
REG: reg delete "HKLM\SOFTWARE\Classes\CLSID\{cbbea4b9-b183-47ac-8b1f-fd526ac99a8d}" /f
REG: reg delete "HKLM\SOFTWARE\Classes\CLSID\{cd1d181e-c654-4ca5-9d09-b3648537fd7d}" /f
REG: reg delete "HKLM\SOFTWARE\Classes\CLSID\{e0c3a839-0e5e-4ebc-9f8f-e56f8fc732ce}" /f
REG: reg delete "HKLM\SOFTWARE\Classes\CLSID\{e1c4699e-5e74-4f30-a4a2-378e45d44f07}" /f
REG: reg delete "HKLM\SOFTWARE\Classes\CLSID\{f96ee2ef-fe15-4878-aecd-bc367f12c70f}" /f
REG: reg delete "HKLM\SOFTWARE\Classes\CLSID\{FC2B119B-2352-4E7A-9197-B9E1BBADE61B}" /f
REG: reg delete "HKLM\SOFTWARE\Classes\FromDocToPDF_65.DynamicBarButton" /f
REG: reg delete "HKLM\SOFTWARE\Classes\FromDocToPDF_65.DynamicBarButton.1" /f
REG: reg delete "HKLM\SOFTWARE\Classes\FromDocToPDF_65.FeedManager" /f
REG: reg delete "HKLM\SOFTWARE\Classes\FromDocToPDF_65.FeedManager.1" /f
REG: reg delete "HKLM\SOFTWARE\Classes\FromDocToPDF_65.HTMLMenu" /f
REG: reg delete "HKLM\SOFTWARE\Classes\FromDocToPDF_65.HTMLMenu.1" /f
REG: reg delete "HKLM\SOFTWARE\Classes\FromDocToPDF_65.HTMLPanel" /f
REG: reg delete "HKLM\SOFTWARE\Classes\FromDocToPDF_65.HTMLPanel.1" /f
REG: reg delete "HKLM\SOFTWARE\Classes\FromDocToPDF_65.MultipleButton" /f
REG: reg delete "HKLM\SOFTWARE\Classes\FromDocToPDF_65.MultipleButton.1" /f
REG: reg delete "HKLM\SOFTWARE\Classes\FromDocToPDF_65.PseudoTransparentPlugin" /f
REG: reg delete "HKLM\SOFTWARE\Classes\FromDocToPDF_65.PseudoTransparentPlugin.1" /f
REG: reg delete "HKLM\SOFTWARE\Classes\FromDocToPDF_65.Radio" /f
REG: reg delete "HKLM\SOFTWARE\Classes\FromDocToPDF_65.Radio.1" /f
REG: reg delete "HKLM\SOFTWARE\Classes\FromDocToPDF_65.RadioSettings" /f
REG: reg delete "HKLM\SOFTWARE\Classes\FromDocToPDF_65.RadioSettings.1" /f
REG: reg delete "HKLM\SOFTWARE\Classes\FromDocToPDF_65.ScriptButton" /f
REG: reg delete "HKLM\SOFTWARE\Classes\FromDocToPDF_65.ScriptButton.1" /f
REG: reg delete "HKLM\SOFTWARE\Classes\FromDocToPDF_65.SettingsPlugin" /f
REG: reg delete "HKLM\SOFTWARE\Classes\FromDocToPDF_65.SettingsPlugin.1" /f
REG: reg delete "HKLM\SOFTWARE\Classes\FromDocToPDF_65.SkinLauncher" /f
REG: reg delete "HKLM\SOFTWARE\Classes\FromDocToPDF_65.SkinLauncher.1" /f
REG: reg delete "HKLM\SOFTWARE\Classes\FromDocToPDF_65.SkinLauncherSettings" /f
REG: reg delete "HKLM\SOFTWARE\Classes\FromDocToPDF_65.SkinLauncherSettings.1" /f
REG: reg delete "HKLM\SOFTWARE\Classes\FromDocToPDF_65.ThirdPartyInstaller" /f
REG: reg delete "HKLM\SOFTWARE\Classes\FromDocToPDF_65.ThirdPartyInstaller.1" /f
REG: reg delete "HKLM\SOFTWARE\Classes\FromDocToPDF_65.ToolbarProtector" /f
REG: reg delete "HKLM\SOFTWARE\Classes\FromDocToPDF_65.ToolbarProtector.1" /f
REG: reg delete "HKLM\SOFTWARE\Classes\FromDocToPDF_65.UrlAlertButton" /f
REG: reg delete "HKLM\SOFTWARE\Classes\FromDocToPDF_65.UrlAlertButton.1" /f
REG: reg delete "HKLM\SOFTWARE\Classes\FromDocToPDF_65.XMLSessionPlugin" /f
REG: reg delete "HKLM\SOFTWARE\Classes\FromDocToPDF_65.XMLSessionPlugin.1" /f
REG: reg delete "HKLM\SOFTWARE\Classes\TypeLib\{1747AE4D-0A83-4336-84D4-48500BF1554F}" /f
REG: reg delete "HKLM\SOFTWARE\Classes\TypeLib\{2C9D27D8-C81E-4968-8026-E725E01650C1}" /f
REG: reg delete "HKLM\SOFTWARE\Classes\TypeLib\{3BB1BA04-1B88-4690-9AD3-0D38412F5FF1}" /f
REG: reg delete "HKLM\SOFTWARE\Classes\TypeLib\{3EFEC319-72E8-42AA-AC38-8CF8A0661CDD}" /f
REG: reg delete "HKLM\SOFTWARE\Classes\TypeLib\{4D8AEB1D-4ED4-44AC-A039-4775B2575DB0}" /f
REG: reg delete "HKLM\SOFTWARE\Classes\TypeLib\{542EAC56-BF4B-46A7-943E-0A4C2CBA34EA}" /f
REG: reg delete "HKLM\SOFTWARE\Classes\TypeLib\{6191571E-F7EE-47C3-B229-2DFAC70DB5D2}" /f
REG: reg delete "HKLM\SOFTWARE\Classes\TypeLib\{74C02D12-FAEE-4834-80D2-5B7D2480AD61}" /f
REG: reg delete "HKLM\SOFTWARE\Classes\TypeLib\{840AE8AE-D547-433E-985C-6BF6C74F5084}" /f
REG: reg delete "HKLM\SOFTWARE\Classes\TypeLib\{A85ACA7E-5CD2-461B-877A-994CCCCF491C}" /f
REG: reg delete "HKLM\SOFTWARE\Classes\TypeLib\{BF6FDBB8-7CD5-402D-AB4F-E4F13D3490C8}" /f
REG: reg delete "HKLM\SOFTWARE\Classes\TypeLib\{E3CDDB72-3ADC-4920-B42B-68A8C29FA942}" /f
REG: reg delete "HKLM\SOFTWARE\FromDocToPDF_65" /f
REG: reg delete "HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{36b445bf-1b84-466a-a623-a360a8cff8c3}" /f
REG: reg delete "HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6cbf5c01-c876-481b-867e-111cb1d2a7d6}" /f
REG: reg delete "HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{701f5c41-bb30-46da-a56b-68784b0b762b}" /f
REG: reg delete "HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{a3b975a0-f679-444e-9d94-6d292fa53140}" /f
REG: reg delete "HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d97143c2-4282-496b-bdc4-7ec852f1497c}" /f
REG: reg delete "HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{e0c3a839-0e5e-4ebc-9f8f-e56f8fc732ce}" /f
REG: reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "FromDocToPDF Search Scope Monitor" /f
REG: reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "FromDocToPDF_65 Browser Plugin Loader" /f
REG: reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FromDocToPDF_65bar Uninstall Firefox" /f
REG: reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FromDocToPDF_65bar Uninstall Internet Explorer" /f
REG: reg delete "HKLM\SOFTWARE\Mozilla\Firefox\Extensions" /v "65ffxtbr@FromDocToPDF_65.com" /f
REG: reg delete "HKLM\SOFTWARE\MozillaPlugins\@FromDocToPDF_65.com/Plugin" /f
REG: reg delete "HKLM\SYSTEM\CurrentControlSet\Services\FromDocToPDF_65Service" /f

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.




Schritt 3


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset




Schritt 4

Starte noch einmal FRST.
  • Setze bei Optional Scan den Haken bei Addition.txt und drücke Scan.
  • Wenn der Scan abgeschlossen ist, werden zwei neue Logfiles FRST.txt und Addition.txt erstellt und auf dem Desktop gespeichert.
  • Poste den Inhalt dieser beiden Logfiles bitte hier in deinen Thread.



Bitte poste in deiner nächsten Antwort:
  • Fixlog von FRST
  • Log von ESET
  • Logs von FRST

kleiner Wolf 17.08.2013 18:43
Hallo Leo,

beim Schritt 1 erscheint folgende Fehlermeldung im abgesichteren Modus.
"Fehler beim Laden von C:/ProgramFiles/FromDocToPDF_65/bar/1.65Bar.dll"
"Das angebene Modul wurde nicht gefunden
Für das zweite Programm göeicher Fehler.

Gruß Roland

aharonov 17.08.2013 18:48
Ah, ich hab vergessen zu schreiben: Du musst jetzt nicht mehr im abgesicherten Modus arbeiten, der normale Modus sollte auch wieder funktionieren. Benutze diesen Rechner einfach noch nicht zum Surfen im Internet, bis wir hier ganz fertig sind.

Wenn der Schritt 1 nicht klappt, dann überspring ihn und mach mit Schritt 2 weiter.
(Wichtig ist beim Schritt 2 wie gesagt, dass die Zeilenumbrüche beim Rüberkopieren nicht verloren gehen.)

kleiner Wolf 17.08.2013 19:23
Hallo Leo,

kann den Est online scanner nicht wie beschrieben starten.
Folgende Fehlermeldung erscheint "Can not get update. Is proxy configured?"

Gruß Roland

aharonov 17.08.2013 19:25
Ok, dann überspringen und weiter mit Schritt 4. :)

kleiner Wolf 17.08.2013 19:45
Hallo Leo,

hier die Ergebnisse.

Fixlog von FRST

Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 16-08-2013
Ran by PM at 2013-08-17 20:08:40 Run:1
Running from C:\Users\PM\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
2013-08-12 19:39 - 2013-08-12 19:39 - 00460800 __RSH C:\Windows\system32\KBDYCLP.dll
2013-08-12 19:39 - 2013-08-17 17:29 - 00000304 _____ C:\Windows\Tasks\pmrsud.job
2013-08-17 10:43 - 2013-08-17 10:43 - 00000713 _____ C:\Users\PM\Desktop\Internet Security 2013.lnk
SearchScopes: HKLM - {9a216821-0ec5-49a3-85ac-fb72ae79a1e8} URL = hxxp://search.tb.ask.com/search/GGmain.jhtml?p2=^Y6^xdm043^YYA^de&si=swissconverter&ptb=D1881E25-0032-4500-A85B-49180ECAE22D&ind=2013070915&n=77fd0643&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKCU - DefaultScope {9a216821-0ec5-49a3-85ac-fb72ae79a1e8} URL = hxxp://search.tb.ask.com/search/GGmain.jhtml?p2=^Y6^xdm043^YYA^de&si=swissconverter&ptb=D1881E25-0032-4500-A85B-49180ECAE22D&ind=2013070915&n=77fd0643&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKCU - {9a216821-0ec5-49a3-85ac-fb72ae79a1e8} URL = hxxp://search.tb.ask.com/search/GGmain.jhtml?p2=^Y6^xdm043^YYA^de&si=swissconverter&ptb=D1881E25-0032-4500-A85B-49180ECAE22D&ind=2013070915&n=77fd0643&psa=&st=sb&searchfor={searchTerms}
CHR Plugin: (MindSpark Toolbar Platform Plugin Stub) - C:\Program Files\FromDocToPDF_65\bar\1.bin\NP65Stub.dll (MindSpark)
C:\Program Files\FromDocToPDF_65
C:\Users\PM\AppData\LocalLow\FromDocToPDF_65
REG: reg delete "HKCU\Software\AppDataLow\Software\FromDocToPDF_65" /f
REG: reg delete "HKCU\Software\FromDocToPDF_65" /f
REG: reg delete "HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\FromDocToPDF_65bar Uninstall Firefox" /f
REG: reg delete "HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\FromDocToPDF_65bar Uninstall Internet Explorer" /f
REG: reg delete "HKLM\SOFTWARE\Classes\CLSID\{017d68f2-19b3-41ae-9d8a-8b09dbd25479}" /f
REG: reg delete "HKLM\SOFTWARE\Classes\CLSID\{2bd4465d-669a-42e6-b449-636b0b10ebb8}" /f
REG: reg delete "HKLM\SOFTWARE\Classes\CLSID\{3700b685-d795-4e17-9b78-73bcee5d4086}" /f
REG: reg delete "HKLM\SOFTWARE\Classes\CLSID\{3e6260ac-bc6f-44b4-942b-1568c367543a}" /f
REG: reg delete "HKLM\SOFTWARE\Classes\CLSID\{504b4aa9-9952-4490-b0e1-80a5321c35f7}" /f
REG: reg delete "HKLM\SOFTWARE\Classes\CLSID\{72d05120-df65-4c27-921e-899b5267fef2}" /f
REG: reg delete "HKLM\SOFTWARE\Classes\CLSID\{8ad40e5e-9fd9-4f5e-b4d1-ddf2c921dce3}" /f
REG: reg delete "HKLM\SOFTWARE\Classes\CLSID\{a0cf6cb9-2276-4f30-b841-05a67067ace0}" /f
REG: reg delete "HKLM\SOFTWARE\Classes\CLSID\{ae84501a-2cb6-41d6-b3a7-9679bdbdfa0b}" /f
REG: reg delete "HKLM\SOFTWARE\Classes\CLSID\{afa196f4-80e5-47ad-b7bc-c671487d36fb}" /f
REG: reg delete "HKLM\SOFTWARE\Classes\CLSID\{b7fd68f7-d28b-431e-9ee8-e45d915b7f17}" /f
REG: reg delete "HKLM\SOFTWARE\Classes\CLSID\{bc7e25d7-4681-46a3-af5a-9a1b865783ed}" /f
REG: reg delete "HKLM\SOFTWARE\Classes\CLSID\{cbbea4b9-b183-47ac-8b1f-fd526ac99a8d}" /f
REG: reg delete "HKLM\SOFTWARE\Classes\CLSID\{cd1d181e-c654-4ca5-9d09-b3648537fd7d}" /f
REG: reg delete "HKLM\SOFTWARE\Classes\CLSID\{e0c3a839-0e5e-4ebc-9f8f-e56f8fc732ce}" /f
REG: reg delete "HKLM\SOFTWARE\Classes\CLSID\{e1c4699e-5e74-4f30-a4a2-378e45d44f07}" /f
REG: reg delete "HKLM\SOFTWARE\Classes\CLSID\{f96ee2ef-fe15-4878-aecd-bc367f12c70f}" /f
REG: reg delete "HKLM\SOFTWARE\Classes\CLSID\{FC2B119B-2352-4E7A-9197-B9E1BBADE61B}" /f
REG: reg delete "HKLM\SOFTWARE\Classes\FromDocToPDF_65.DynamicBarButton" /f
REG: reg delete "HKLM\SOFTWARE\Classes\FromDocToPDF_65.DynamicBarButton.1" /f
REG: reg delete "HKLM\SOFTWARE\Classes\FromDocToPDF_65.FeedManager" /f
REG: reg delete "HKLM\SOFTWARE\Classes\FromDocToPDF_65.FeedManager.1" /f
REG: reg delete "HKLM\SOFTWARE\Classes\FromDocToPDF_65.HTMLMenu" /f
REG: reg delete "HKLM\SOFTWARE\Classes\FromDocToPDF_65.HTMLMenu.1" /f
REG: reg delete "HKLM\SOFTWARE\Classes\FromDocToPDF_65.HTMLPanel" /f
REG: reg delete "HKLM\SOFTWARE\Classes\FromDocToPDF_65.HTMLPanel.1" /f
REG: reg delete "HKLM\SOFTWARE\Classes\FromDocToPDF_65.MultipleButton" /f
REG: reg delete "HKLM\SOFTWARE\Classes\FromDocToPDF_65.MultipleButton.1" /f
REG: reg delete "HKLM\SOFTWARE\Classes\FromDocToPDF_65.PseudoTransparentPlugin" /f
REG: reg delete "HKLM\SOFTWARE\Classes\FromDocToPDF_65.PseudoTransparentPlugin.1" /f
REG: reg delete "HKLM\SOFTWARE\Classes\FromDocToPDF_65.Radio" /f
REG: reg delete "HKLM\SOFTWARE\Classes\FromDocToPDF_65.Radio.1" /f
REG: reg delete "HKLM\SOFTWARE\Classes\FromDocToPDF_65.RadioSettings" /f
REG: reg delete "HKLM\SOFTWARE\Classes\FromDocToPDF_65.RadioSettings.1" /f
REG: reg delete "HKLM\SOFTWARE\Classes\FromDocToPDF_65.ScriptButton" /f
REG: reg delete "HKLM\SOFTWARE\Classes\FromDocToPDF_65.ScriptButton.1" /f
REG: reg delete "HKLM\SOFTWARE\Classes\FromDocToPDF_65.SettingsPlugin" /f
REG: reg delete "HKLM\SOFTWARE\Classes\FromDocToPDF_65.SettingsPlugin.1" /f
REG: reg delete "HKLM\SOFTWARE\Classes\FromDocToPDF_65.SkinLauncher" /f
REG: reg delete "HKLM\SOFTWARE\Classes\FromDocToPDF_65.SkinLauncher.1" /f
REG: reg delete "HKLM\SOFTWARE\Classes\FromDocToPDF_65.SkinLauncherSettings" /f
REG: reg delete "HKLM\SOFTWARE\Classes\FromDocToPDF_65.SkinLauncherSettings.1" /f
REG: reg delete "HKLM\SOFTWARE\Classes\FromDocToPDF_65.ThirdPartyInstaller" /f
REG: reg delete "HKLM\SOFTWARE\Classes\FromDocToPDF_65.ThirdPartyInstaller.1" /f
REG: reg delete "HKLM\SOFTWARE\Classes\FromDocToPDF_65.ToolbarProtector" /f
REG: reg delete "HKLM\SOFTWARE\Classes\FromDocToPDF_65.ToolbarProtector.1" /f
REG: reg delete "HKLM\SOFTWARE\Classes\FromDocToPDF_65.UrlAlertButton" /f
REG: reg delete "HKLM\SOFTWARE\Classes\FromDocToPDF_65.UrlAlertButton.1" /f
REG: reg delete "HKLM\SOFTWARE\Classes\FromDocToPDF_65.XMLSessionPlugin" /f
REG: reg delete "HKLM\SOFTWARE\Classes\FromDocToPDF_65.XMLSessionPlugin.1" /f
REG: reg delete "HKLM\SOFTWARE\Classes\TypeLib\{1747AE4D-0A83-4336-84D4-48500BF1554F}" /f
REG: reg delete "HKLM\SOFTWARE\Classes\TypeLib\{2C9D27D8-C81E-4968-8026-E725E01650C1}" /f
REG: reg delete "HKLM\SOFTWARE\Classes\TypeLib\{3BB1BA04-1B88-4690-9AD3-0D38412F5FF1}" /f
REG: reg delete "HKLM\SOFTWARE\Classes\TypeLib\{3EFEC319-72E8-42AA-AC38-8CF8A0661CDD}" /f
REG: reg delete "HKLM\SOFTWARE\Classes\TypeLib\{4D8AEB1D-4ED4-44AC-A039-4775B2575DB0}" /f
REG: reg delete "HKLM\SOFTWARE\Classes\TypeLib\{542EAC56-BF4B-46A7-943E-0A4C2CBA34EA}" /f
REG: reg delete "HKLM\SOFTWARE\Classes\TypeLib\{6191571E-F7EE-47C3-B229-2DFAC70DB5D2}" /f
REG: reg delete "HKLM\SOFTWARE\Classes\TypeLib\{74C02D12-FAEE-4834-80D2-5B7D2480AD61}" /f
REG: reg delete "HKLM\SOFTWARE\Classes\TypeLib\{840AE8AE-D547-433E-985C-6BF6C74F5084}" /f
REG: reg delete "HKLM\SOFTWARE\Classes\TypeLib\{A85ACA7E-5CD2-461B-877A-994CCCCF491C}" /f
REG: reg delete "HKLM\SOFTWARE\Classes\TypeLib\{BF6FDBB8-7CD5-402D-AB4F-E4F13D3490C8}" /f
REG: reg delete "HKLM\SOFTWARE\Classes\TypeLib\{E3CDDB72-3ADC-4920-B42B-68A8C29FA942}" /f
REG: reg delete "HKLM\SOFTWARE\FromDocToPDF_65" /f
REG: reg delete "HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{36b445bf-1b84-466a-a623-a360a8cff8c3}" /f
REG: reg delete "HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6cbf5c01-c876-481b-867e-111cb1d2a7d6}" /f
REG: reg delete "HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{701f5c41-bb30-46da-a56b-68784b0b762b}" /f
REG: reg delete "HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{a3b975a0-f679-444e-9d94-6d292fa53140}" /f
REG: reg delete "HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d97143c2-4282-496b-bdc4-7ec852f1497c}" /f
REG: reg delete "HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{e0c3a839-0e5e-4ebc-9f8f-e56f8fc732ce}" /f
REG: reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "FromDocToPDF Search Scope Monitor" /f
REG: reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "FromDocToPDF_65 Browser Plugin Loader" /f
REG: reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FromDocToPDF_65bar Uninstall Firefox" /f
REG: reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FromDocToPDF_65bar Uninstall Internet Explorer" /f
REG: reg delete "HKLM\SOFTWARE\Mozilla\Firefox\Extensions" /v "65ffxtbr@FromDocToPDF_65.com" /f
REG: reg delete "HKLM\SOFTWARE\MozillaPlugins\@FromDocToPDF_65.com/Plugin" /f
REG: reg delete "HKLM\SYSTEM\CurrentControlSet\Services\FromDocToPDF_65Service" /f
       
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Starte nun FRST erneut und klicke den Fix Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

*****************

"C:\Windows\system32\KBDYCLP.dll" => File/Directory not found.
"C:\Windows\Tasks\pmrsud.job" => File/Directory not found.
"C:\Users\PM\Desktop\Internet Security 2013.lnk" => File/Directory not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9a216821-0ec5-49a3-85ac-fb72ae79a1e8} => Key not found.
HKCR\Wow6432Node\CLSID\{9a216821-0ec5-49a3-85ac-fb72ae79a1e8} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9a216821-0ec5-49a3-85ac-fb72ae79a1e8} => Key not found.
HKCR\Wow6432Node\CLSID\{9a216821-0ec5-49a3-85ac-fb72ae79a1e8} => Key not found.
C:\Program Files\FromDocToPDF_65\bar\1.bin\NP65Stub.dll => Moved successfully.

"C:\Program Files\FromDocToPDF_65" directory move:

C:\Program Files\FromDocToPDF_65\bar\Settings\s_pid.dat => Moved successfully.
C:\Program Files\FromDocToPDF_65\bar\Message\COMMON.T8S => Moved successfully.
C:\Program Files\FromDocToPDF_65\bar\IE9Mesg\COMMON.T8S => Moved successfully.
C:\Program Files\FromDocToPDF_65\bar\gen1\COMMON.T8S => Moved successfully.
C:\Program Files\FromDocToPDF_65\bar\1.bin\65barsvc.exe => Moved successfully.
C:\Program Files\FromDocToPDF_65\bar\1.bin\65bprtct.dll => Moved successfully.
C:\Program Files\FromDocToPDF_65\bar\1.bin\65brmon.exe => Moved successfully.
C:\Program Files\FromDocToPDF_65\bar\1.bin\65brstub.dll => Moved successfully.
C:\Program Files\FromDocToPDF_65\bar\1.bin\65datact.dll => Moved successfully.
C:\Program Files\FromDocToPDF_65\bar\1.bin\65dlghk.dll => Moved successfully.
C:\Program Files\FromDocToPDF_65\bar\1.bin\65dyn.dll => Moved successfully.
C:\Program Files\FromDocToPDF_65\bar\1.bin\65feedmg.dll => Moved successfully.
C:\Program Files\FromDocToPDF_65\bar\1.bin\65highin.exe => Moved successfully.
C:\Program Files\FromDocToPDF_65\bar\1.bin\65hkstub.dll => Moved successfully.
C:\Program Files\FromDocToPDF_65\bar\1.bin\65htmlmu.dll => Moved successfully.
C:\Program Files\FromDocToPDF_65\bar\1.bin\65httpct.dll => Moved successfully.
C:\Program Files\FromDocToPDF_65\bar\1.bin\65idle.dll => Moved successfully.
C:\Program Files\FromDocToPDF_65\bar\1.bin\65ieovr.dll => Moved successfully.
C:\Program Files\FromDocToPDF_65\bar\1.bin\65impipe.exe => Moved successfully.
C:\Program Files\FromDocToPDF_65\bar\1.bin\65medint.exe => Moved successfully.
C:\Program Files\FromDocToPDF_65\bar\1.bin\65mlbtn.dll => Moved successfully.
C:\Program Files\FromDocToPDF_65\bar\1.bin\65msg.dll => Moved successfully.
C:\Program Files\FromDocToPDF_65\bar\1.bin\65Plugin.dll => Moved successfully.
C:\Program Files\FromDocToPDF_65\bar\1.bin\65radio.dll => Moved successfully.
C:\Program Files\FromDocToPDF_65\bar\1.bin\65regfft.dll => Moved successfully.
C:\Program Files\FromDocToPDF_65\bar\1.bin\65reghk.dll => Moved successfully.
C:\Program Files\FromDocToPDF_65\bar\1.bin\65regiet.dll => Moved successfully.
C:\Program Files\FromDocToPDF_65\bar\1.bin\65script.dll => Moved successfully.
C:\Program Files\FromDocToPDF_65\bar\1.bin\65skin.dll => Moved successfully.
C:\Program Files\FromDocToPDF_65\bar\1.bin\65sknlcr.dll => Moved successfully.
C:\Program Files\FromDocToPDF_65\bar\1.bin\65skplay.exe => Moved successfully.
C:\Program Files\FromDocToPDF_65\bar\1.bin\65SrcAs.dll => Moved successfully.
C:\Program Files\FromDocToPDF_65\bar\1.bin\65SrchMn.exe => Moved successfully.
C:\Program Files\FromDocToPDF_65\bar\1.bin\65tpinst.dll => Moved successfully.
C:\Program Files\FromDocToPDF_65\bar\1.bin\65uabtn.dll => Moved successfully.
C:\Program Files\FromDocToPDF_65\bar\1.bin\AppIntegrator64.exe => Moved successfully.
C:\Program Files\FromDocToPDF_65\bar\1.bin\AppIntegratorStub64.dll => Moved successfully.
C:\Program Files\FromDocToPDF_65\bar\1.bin\BOOTSTRAP.JS => Moved successfully.
C:\Program Files\FromDocToPDF_65\bar\1.bin\CHROME.MANIFEST => Moved successfully.
C:\Program Files\FromDocToPDF_65\bar\1.bin\CREXT.DLL => Moved successfully.
C:\Program Files\FromDocToPDF_65\bar\1.bin\CrExtP65.exe => Moved successfully.
C:\Program Files\FromDocToPDF_65\bar\1.bin\DPNMNGR.DLL => Moved successfully.
C:\Program Files\FromDocToPDF_65\bar\1.bin\EXEMANAGER.DLL => Moved successfully.
C:\Program Files\FromDocToPDF_65\bar\1.bin\Hpg64.dll => Moved successfully.
C:\Program Files\FromDocToPDF_65\bar\1.bin\INSTALL.RDF => Moved successfully.
C:\Program Files\FromDocToPDF_65\bar\1.bin\installKeys.js => Moved successfully.
C:\Program Files\FromDocToPDF_65\bar\1.bin\LOGO.BMP => Moved successfully.
C:\Program Files\FromDocToPDF_65\bar\1.bin\T8EXTEX.DLL => Moved successfully.
C:\Program Files\FromDocToPDF_65\bar\1.bin\T8EXTPEX.DLL => Moved successfully.
C:\Program Files\FromDocToPDF_65\bar\1.bin\T8HTML.DLL => Moved successfully.
C:\Program Files\FromDocToPDF_65\bar\1.bin\T8RES.DLL => Moved successfully.
C:\Program Files\FromDocToPDF_65\bar\1.bin\T8TICKER.DLL => Moved successfully.
C:\Program Files\FromDocToPDF_65\bar\1.bin\VERIFY.DLL => Moved successfully.
C:\Program Files\FromDocToPDF_65\bar\1.bin\chrome\65ffxtbr.jar => Moved successfully.
Could not move "C:\Program Files\FromDocToPDF_65" directory. => Scheduled to move on reboot.

C:\Users\PM\AppData\LocalLow\FromDocToPDF_65 => Moved successfully.

========= reg delete "HKCU\Software\AppDataLow\Software\FromDocToPDF_65" /f =========

Der Vorgang wurde erfolgreich beendet.



========= End of Reg: =========


========= reg delete "HKCU\Software\FromDocToPDF_65" /f =========

Der Vorgang wurde erfolgreich beendet.



========= End of Reg: =========


========= reg delete "HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\FromDocToPDF_65bar Uninstall Firefox" /f =========

FEHLER: Der angegebene Registrierungsschlssel bzw. Wert wurde nicht gefunden.


========= End of Reg: =========


========= reg delete "HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\FromDocToPDF_65bar Uninstall Internet Explorer" /f =========

FEHLER: Der angegebene Registrierungsschlssel bzw. Wert wurde nicht gefunden.


========= End of Reg: =========


========= reg delete "HKLM\SOFTWARE\Classes\CLSID\{017d68f2-19b3-41ae-9d8a-8b09dbd25479}" /f =========

Der Vorgang wurde erfolgreich beendet.



========= End of Reg: =========


========= reg delete "HKLM\SOFTWARE\Classes\CLSID\{2bd4465d-669a-42e6-b449-636b0b10ebb8}" /f =========

Der Vorgang wurde erfolgreich beendet.



========= End of Reg: =========


========= reg delete "HKLM\SOFTWARE\Classes\CLSID\{3700b685-d795-4e17-9b78-73bcee5d4086}" /f =========

Der Vorgang wurde erfolgreich beendet.



========= End of Reg: =========


========= reg delete "HKLM\SOFTWARE\Classes\CLSID\{3e6260ac-bc6f-44b4-942b-1568c367543a}" /f =========

Der Vorgang wurde erfolgreich beendet.



========= End of Reg: =========


========= reg delete "HKLM\SOFTWARE\Classes\CLSID\{504b4aa9-9952-4490-b0e1-80a5321c35f7}" /f =========

Der Vorgang wurde erfolgreich beendet.



========= End of Reg: =========


========= reg delete "HKLM\SOFTWARE\Classes\CLSID\{72d05120-df65-4c27-921e-899b5267fef2}" /f =========

Der Vorgang wurde erfolgreich beendet.



========= End of Reg: =========


========= reg delete "HKLM\SOFTWARE\Classes\CLSID\{8ad40e5e-9fd9-4f5e-b4d1-ddf2c921dce3}" /f =========

Der Vorgang wurde erfolgreich beendet.



========= End of Reg: =========


========= reg delete "HKLM\SOFTWARE\Classes\CLSID\{a0cf6cb9-2276-4f30-b841-05a67067ace0}" /f =========

Der Vorgang wurde erfolgreich beendet.



========= End of Reg: =========


========= reg delete "HKLM\SOFTWARE\Classes\CLSID\{ae84501a-2cb6-41d6-b3a7-9679bdbdfa0b}" /f =========

Der Vorgang wurde erfolgreich beendet.



========= End of Reg: =========


========= reg delete "HKLM\SOFTWARE\Classes\CLSID\{afa196f4-80e5-47ad-b7bc-c671487d36fb}" /f =========

Der Vorgang wurde erfolgreich beendet.



========= End of Reg: =========


========= reg delete "HKLM\SOFTWARE\Classes\CLSID\{b7fd68f7-d28b-431e-9ee8-e45d915b7f17}" /f =========

Der Vorgang wurde erfolgreich beendet.



========= End of Reg: =========


========= reg delete "HKLM\SOFTWARE\Classes\CLSID\{bc7e25d7-4681-46a3-af5a-9a1b865783ed}" /f =========

Der Vorgang wurde erfolgreich beendet.



========= End of Reg: =========


========= reg delete "HKLM\SOFTWARE\Classes\CLSID\{cbbea4b9-b183-47ac-8b1f-fd526ac99a8d}" /f =========

Der Vorgang wurde erfolgreich beendet.



========= End of Reg: =========


========= reg delete "HKLM\SOFTWARE\Classes\CLSID\{cd1d181e-c654-4ca5-9d09-b3648537fd7d}" /f =========

Der Vorgang wurde erfolgreich beendet.



========= End of Reg: =========


========= reg delete "HKLM\SOFTWARE\Classes\CLSID\{e0c3a839-0e5e-4ebc-9f8f-e56f8fc732ce}" /f =========

Der Vorgang wurde erfolgreich beendet.



========= End of Reg: =========


========= reg delete "HKLM\SOFTWARE\Classes\CLSID\{e1c4699e-5e74-4f30-a4a2-378e45d44f07}" /f =========

Der Vorgang wurde erfolgreich beendet.



========= End of Reg: =========


========= reg delete "HKLM\SOFTWARE\Classes\CLSID\{f96ee2ef-fe15-4878-aecd-bc367f12c70f}" /f =========

Der Vorgang wurde erfolgreich beendet.



========= End of Reg: =========


========= reg delete "HKLM\SOFTWARE\Classes\CLSID\{FC2B119B-2352-4E7A-9197-B9E1BBADE61B}" /f =========

Der Vorgang wurde erfolgreich beendet.



========= End of Reg: =========


========= reg delete "HKLM\SOFTWARE\Classes\FromDocToPDF_65.DynamicBarButton" /f =========

Der Vorgang wurde erfolgreich beendet.



========= End of Reg: =========


========= reg delete "HKLM\SOFTWARE\Classes\FromDocToPDF_65.DynamicBarButton.1" /f =========

Der Vorgang wurde erfolgreich beendet.



========= End of Reg: =========


========= reg delete "HKLM\SOFTWARE\Classes\FromDocToPDF_65.FeedManager" /f =========

Der Vorgang wurde erfolgreich beendet.



========= End of Reg: =========


========= reg delete "HKLM\SOFTWARE\Classes\FromDocToPDF_65.FeedManager.1" /f =========

Der Vorgang wurde erfolgreich beendet.



========= End of Reg: =========


========= reg delete "HKLM\SOFTWARE\Classes\FromDocToPDF_65.HTMLMenu" /f =========

Der Vorgang wurde erfolgreich beendet.



========= End of Reg: =========


========= reg delete "HKLM\SOFTWARE\Classes\FromDocToPDF_65.HTMLMenu.1" /f =========

Der Vorgang wurde erfolgreich beendet.



========= End of Reg: =========


========= reg delete "HKLM\SOFTWARE\Classes\FromDocToPDF_65.HTMLPanel" /f =========

Der Vorgang wurde erfolgreich beendet.



========= End of Reg: =========


========= reg delete "HKLM\SOFTWARE\Classes\FromDocToPDF_65.HTMLPanel.1" /f =========

Der Vorgang wurde erfolgreich beendet.



========= End of Reg: =========


========= reg delete "HKLM\SOFTWARE\Classes\FromDocToPDF_65.MultipleButton" /f =========

Der Vorgang wurde erfolgreich beendet.



========= End of Reg: =========


========= reg delete "HKLM\SOFTWARE\Classes\FromDocToPDF_65.MultipleButton.1" /f =========

Der Vorgang wurde erfolgreich beendet.



========= End of Reg: =========


========= reg delete "HKLM\SOFTWARE\Classes\FromDocToPDF_65.PseudoTransparentPlugin" /f =========

Der Vorgang wurde erfolgreich beendet.



========= End of Reg: =========


========= reg delete "HKLM\SOFTWARE\Classes\FromDocToPDF_65.PseudoTransparentPlugin.1" /f =========

Der Vorgang wurde erfolgreich beendet.



========= End of Reg: =========


========= reg delete "HKLM\SOFTWARE\Classes\FromDocToPDF_65.Radio" /f =========

Der Vorgang wurde erfolgreich beendet.



========= End of Reg: =========


========= reg delete "HKLM\SOFTWARE\Classes\FromDocToPDF_65.Radio.1" /f =========

Der Vorgang wurde erfolgreich beendet.



========= End of Reg: =========


========= reg delete "HKLM\SOFTWARE\Classes\FromDocToPDF_65.RadioSettings" /f =========

Der Vorgang wurde erfolgreich beendet.



========= End of Reg: =========


========= reg delete "HKLM\SOFTWARE\Classes\FromDocToPDF_65.RadioSettings.1" /f =========

Der Vorgang wurde erfolgreich beendet.



========= End of Reg: =========


========= reg delete "HKLM\SOFTWARE\Classes\FromDocToPDF_65.ScriptButton" /f =========

Der Vorgang wurde erfolgreich beendet.



========= End of Reg: =========


========= reg delete "HKLM\SOFTWARE\Classes\FromDocToPDF_65.ScriptButton.1" /f =========

Der Vorgang wurde erfolgreich beendet.



========= End of Reg: =========


========= reg delete "HKLM\SOFTWARE\Classes\FromDocToPDF_65.SettingsPlugin" /f =========

Der Vorgang wurde erfolgreich beendet.



========= End of Reg: =========


========= reg delete "HKLM\SOFTWARE\Classes\FromDocToPDF_65.SettingsPlugin.1" /f =========

Der Vorgang wurde erfolgreich beendet.



========= End of Reg: =========


========= reg delete "HKLM\SOFTWARE\Classes\FromDocToPDF_65.SkinLauncher" /f =========

Der Vorgang wurde erfolgreich beendet.



========= End of Reg: =========


========= reg delete "HKLM\SOFTWARE\Classes\FromDocToPDF_65.SkinLauncher.1" /f =========

Der Vorgang wurde erfolgreich beendet.



========= End of Reg: =========


========= reg delete "HKLM\SOFTWARE\Classes\FromDocToPDF_65.SkinLauncherSettings" /f =========

Der Vorgang wurde erfolgreich beendet.



========= End of Reg: =========


========= reg delete "HKLM\SOFTWARE\Classes\FromDocToPDF_65.SkinLauncherSettings.1" /f =========

Der Vorgang wurde erfolgreich beendet.



========= End of Reg: =========


========= reg delete "HKLM\SOFTWARE\Classes\FromDocToPDF_65.ThirdPartyInstaller" /f =========

Der Vorgang wurde erfolgreich beendet.



========= End of Reg: =========


========= reg delete "HKLM\SOFTWARE\Classes\FromDocToPDF_65.ThirdPartyInstaller.1" /f =========

Der Vorgang wurde erfolgreich beendet.



========= End of Reg: =========


========= reg delete "HKLM\SOFTWARE\Classes\FromDocToPDF_65.ToolbarProtector" /f =========

Der Vorgang wurde erfolgreich beendet.



========= End of Reg: =========


========= reg delete "HKLM\SOFTWARE\Classes\FromDocToPDF_65.ToolbarProtector.1" /f =========

Der Vorgang wurde erfolgreich beendet.



========= End of Reg: =========


========= reg delete "HKLM\SOFTWARE\Classes\FromDocToPDF_65.UrlAlertButton" /f =========

Der Vorgang wurde erfolgreich beendet.



========= End of Reg: =========


========= reg delete "HKLM\SOFTWARE\Classes\FromDocToPDF_65.UrlAlertButton.1" /f =========

Der Vorgang wurde erfolgreich beendet.



========= End of Reg: =========


========= reg delete "HKLM\SOFTWARE\Classes\FromDocToPDF_65.XMLSessionPlugin" /f =========

Der Vorgang wurde erfolgreich beendet.



========= End of Reg: =========


========= reg delete "HKLM\SOFTWARE\Classes\FromDocToPDF_65.XMLSessionPlugin.1" /f =========

Der Vorgang wurde erfolgreich beendet.



========= End of Reg: =========


========= reg delete "HKLM\SOFTWARE\Classes\TypeLib\{1747AE4D-0A83-4336-84D4-48500BF1554F}" /f =========

Der Vorgang wurde erfolgreich beendet.



========= End of Reg: =========


========= reg delete "HKLM\SOFTWARE\Classes\TypeLib\{2C9D27D8-C81E-4968-8026-E725E01650C1}" /f =========

Der Vorgang wurde erfolgreich beendet.



========= End of Reg: =========


========= reg delete "HKLM\SOFTWARE\Classes\TypeLib\{3BB1BA04-1B88-4690-9AD3-0D38412F5FF1}" /f =========

Der Vorgang wurde erfolgreich beendet.



========= End of Reg: =========


========= reg delete "HKLM\SOFTWARE\Classes\TypeLib\{3EFEC319-72E8-42AA-AC38-8CF8A0661CDD}" /f =========

Der Vorgang wurde erfolgreich beendet.



========= End of Reg: =========


========= reg delete "HKLM\SOFTWARE\Classes\TypeLib\{4D8AEB1D-4ED4-44AC-A039-4775B2575DB0}" /f =========

Der Vorgang wurde erfolgreich beendet.



========= End of Reg: =========


========= reg delete "HKLM\SOFTWARE\Classes\TypeLib\{542EAC56-BF4B-46A7-943E-0A4C2CBA34EA}" /f =========

Der Vorgang wurde erfolgreich beendet.



========= End of Reg: =========


========= reg delete "HKLM\SOFTWARE\Classes\TypeLib\{6191571E-F7EE-47C3-B229-2DFAC70DB5D2}" /f =========

Der Vorgang wurde erfolgreich beendet.



========= End of Reg: =========


========= reg delete "HKLM\SOFTWARE\Classes\TypeLib\{74C02D12-FAEE-4834-80D2-5B7D2480AD61}" /f =========

Der Vorgang wurde erfolgreich beendet.



========= End of Reg: =========


========= reg delete "HKLM\SOFTWARE\Classes\TypeLib\{840AE8AE-D547-433E-985C-6BF6C74F5084}" /f =========

Der Vorgang wurde erfolgreich beendet.



========= End of Reg: =========


========= reg delete "HKLM\SOFTWARE\Classes\TypeLib\{A85ACA7E-5CD2-461B-877A-994CCCCF491C}" /f =========

Der Vorgang wurde erfolgreich beendet.



========= End of Reg: =========


========= reg delete "HKLM\SOFTWARE\Classes\TypeLib\{BF6FDBB8-7CD5-402D-AB4F-E4F13D3490C8}" /f =========

Der Vorgang wurde erfolgreich beendet.



========= End of Reg: =========


========= reg delete "HKLM\SOFTWARE\Classes\TypeLib\{E3CDDB72-3ADC-4920-B42B-68A8C29FA942}" /f =========

Der Vorgang wurde erfolgreich beendet.



========= End of Reg: =========


========= reg delete "HKLM\SOFTWARE\FromDocToPDF_65" /f =========

Der Vorgang wurde erfolgreich beendet.



========= End of Reg: =========


========= reg delete "HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{36b445bf-1b84-466a-a623-a360a8cff8c3}" /f =========

Der Vorgang wurde erfolgreich beendet.



========= End of Reg: =========


========= reg delete "HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6cbf5c01-c876-481b-867e-111cb1d2a7d6}" /f =========

Der Vorgang wurde erfolgreich beendet.



========= End of Reg: =========


========= reg delete "HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{701f5c41-bb30-46da-a56b-68784b0b762b}" /f =========

Der Vorgang wurde erfolgreich beendet.



========= End of Reg: =========


========= reg delete "HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{a3b975a0-f679-444e-9d94-6d292fa53140}" /f =========

Der Vorgang wurde erfolgreich beendet.



========= End of Reg: =========


========= reg delete "HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d97143c2-4282-496b-bdc4-7ec852f1497c}" /f =========

Der Vorgang wurde erfolgreich beendet.



========= End of Reg: =========


========= reg delete "HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{e0c3a839-0e5e-4ebc-9f8f-e56f8fc732ce}" /f =========

Der Vorgang wurde erfolgreich beendet.



========= End of Reg: =========


========= reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "FromDocToPDF Search Scope Monitor" /f =========

Der Vorgang wurde erfolgreich beendet.



========= End of Reg: =========


========= reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "FromDocToPDF_65 Browser Plugin Loader" /f =========

Der Vorgang wurde erfolgreich beendet.



========= End of Reg: =========


========= reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FromDocToPDF_65bar Uninstall Firefox" /f =========

Der Vorgang wurde erfolgreich beendet.



========= End of Reg: =========


========= reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FromDocToPDF_65bar Uninstall Internet Explorer" /f =========

Der Vorgang wurde erfolgreich beendet.



========= End of Reg: =========


========= reg delete "HKLM\SOFTWARE\Mozilla\Firefox\Extensions" /v "65ffxtbr@FromDocToPDF_65.com" /f =========

Der Vorgang wurde erfolgreich beendet.



========= End of Reg: =========


========= reg delete "HKLM\SOFTWARE\MozillaPlugins\@FromDocToPDF_65.com/Plugin" /f =========

Der Vorgang wurde erfolgreich beendet.



========= End of Reg: =========


========= reg delete "HKLM\SYSTEM\CurrentControlSet\Services\FromDocToPDF_65Service" /f =========

Der Vorgang wurde erfolgreich beendet.



========= End of Reg: =========


=========== Result of Scheduled Files to move ===========

C:\Program Files\FromDocToPDF_65 => Moved successfully.

==== End of Fixlog ====
FRST

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 16-08-2013
Ran by PM (administrator) on 17-08-2013 20:31:10
Running from C:\Users\PM\Desktop
Microsoft® Windows Vista™ Home Premium  Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 7
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard Company) c:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Symantec Corporation) C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(Nero AG) C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe
(Hewlett-Packard Company) C:\hp\support\hpsysdrv.exe
(OsdMaestro) C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Symantec Corporation) C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
(Brother Industries, Ltd.) C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
(Nuance Communications, Inc.) C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Geek Software GmbH) C:\Program Files\PDF24\pdf24.exe
(RealNetworks, Inc.) C:\Program Files\Common Files\Real\Update_OB\realsched.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Brother Industries, Ltd.) C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Brother Industries, Ltd.) C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
(Hewlett-Packard Company) C:\hp\kbd\kbd.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [hpsysdrv] - c:\hp\support\hpsysdrv.exe [65536 2006-09-28] (Hewlett-Packard Company)
HKLM\...\Run: [KBD] - C:\HP\KBD\KbdStub.EXE [65536 2006-12-08] ()
HKLM\...\Run: [OsdMaestro] - C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe [118784 2007-02-15] (OsdMaestro)
HKLM\...\Run: [RtHDVCpl] - C:\Windows\RtHDVCpl.exe [4874240 2008-01-15] (Realtek Semiconductor)
HKLM\...\Run: [NeroCheck] - C:\Windows\system32\NeroCheck.exe [155648 2001-07-09] (Ahead Software Gmbh)
HKLM\...\Run: [Symantec PIF AlertEng] - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [583048 2008-01-29] (Symantec Corporation)
HKLM\...\Run: [BrMfcWnd] - C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe [1089536 2008-02-19] (Brother Industries, Ltd.)
HKLM\...\Run: [ControlCenter3] - C:\Program Files\Brother\ControlCenter3\brctrcen.exe [86016 2007-12-21] (Brother Industries, Ltd.)
HKLM\...\Run: [PaperPort PTD] - C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe [29984 2007-10-11] (Nuance Communications, Inc.)
HKLM\...\Run: [IndexSearch] - C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe [46368 2007-10-11] (Nuance Communications, Inc.)
HKLM\...\Run: [NvSvc] - C:\Windows\system32\nvsvc.dll [92704 2008-01-10] (NVIDIA Corporation)
HKLM\...\Run: [NvCplDaemon] - C:\Windows\system32\NvCpl.dll [8530464 2008-01-10] (NVIDIA Corporation)
HKLM\...\Run: [NvMediaCenter] - C:\Windows\system32\NvMcTray.dll [88608 2008-01-10] (NVIDIA Corporation)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [919008 2012-07-27] (Adobe Systems Incorporated)
HKLM\...\Run: [PDFPrint] - C:\Program Files\PDF24\pdf24.exe [162856 2013-06-10] (Geek Software GmbH)
HKLM\...\Run: [TkBellExe] - C:\Program Files\Common Files\Real\Update_OB\realsched.exe [185896 2007-06-18] (RealNetworks, Inc.)
HKLM\...\RunOnce: [Launcher] - %WINDIR%\SMINST\launcher.exe [44168 2007-03-07] (soft thinks)
HKCU\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [125952 2008-01-18] (Microsoft Corporation)
HKCU\...\Run: [HPADVISOR] - C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe [1644088 2009-08-05] (Hewlett-Packard)
HKU\Default\...\Run: [WindowsWelcomeCenter] - C:\Windows\System32\oobefldr.dll [ 2008-01-18] (Microsoft Corporation)
HKU\Default\...\Run: [HPADVISOR] - C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe [ 2009-08-05] (Hewlett-Packard)
HKU\Default User\...\Run: [WindowsWelcomeCenter] - C:\Windows\System32\oobefldr.dll [ 2008-01-18] (Microsoft Corporation)
HKU\Default User\...\Run: [HPADVISOR] - C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe [ 2009-08-05] (Hewlett-Packard)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\PM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=73&bd=Pavilion&pf=desktop
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
SearchScopes: HKLM - {13ACC3AB-22DA-47E2-854A-F3A72E8F4FF7} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06
SearchScopes: HKCU - DefaultScope {9a216821-0ec5-49a3-85ac-fb72ae79a1e8} URL =
SearchScopes: HKCU - {13ACC3AB-22DA-47E2-854A-F3A72E8F4FF7} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06
SearchScopes: HKCU - {AE67D855-EA9B-4626-9C96-0939A094504C} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=302398&p={searchTerms}
BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - No Name - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} -  No File
Toolbar: HKCU -No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKCU -No Name - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} -  No File
Toolbar: HKCU -&Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\system32\ieframe.dll (Microsoft Corporation)
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
Handler: haufereader - No CLSID Value -
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: msdaipp - No CLSID Value -
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Winsock: Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [147456] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 83.169.185.33 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\PM\AppData\Roaming\Mozilla\Firefox\Profiles\e2au7sym.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF Plugin: @java.com/DTPlugin,version=10.7.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.7.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=6.0.11.2571 - C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprjplug;version=1.0.2.2629 - C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=6.0.12.1739 - C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @veetle.com/vbp;version=0.9.16 - C:\Program Files\Veetle\VLCBroadcast\npvbp.dll No File
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\PM\AppData\Roaming\Mozilla\Firefox\Profiles\e2au7sym.default\searchplugins\ask-web-search.xml
FF SearchPlugin: C:\Users\PM\AppData\Roaming\Mozilla\Firefox\Profiles\e2au7sym.default\searchplugins\icqplugin-11.xml
FF SearchPlugin: C:\Users\PM\AppData\Roaming\Mozilla\Firefox\Profiles\e2au7sym.default\searchplugins\icqplugin-12.xml
FF SearchPlugin: C:\Users\PM\AppData\Roaming\Mozilla\Firefox\Profiles\e2au7sym.default\searchplugins\icqplugin-13.xml
FF SearchPlugin: C:\Users\PM\AppData\Roaming\Mozilla\Firefox\Profiles\e2au7sym.default\searchplugins\icqplugin-14.xml
FF SearchPlugin: C:\Users\PM\AppData\Roaming\Mozilla\Firefox\Profiles\e2au7sym.default\searchplugins\icqplugin-15.xml
FF SearchPlugin: C:\Users\PM\AppData\Roaming\Mozilla\Firefox\Profiles\e2au7sym.default\searchplugins\icqplugin-16.xml
FF SearchPlugin: C:\Users\PM\AppData\Roaming\Mozilla\Firefox\Profiles\e2au7sym.default\searchplugins\icqplugin-17.xml
FF SearchPlugin: C:\Users\PM\AppData\Roaming\Mozilla\Firefox\Profiles\e2au7sym.default\searchplugins\icqplugin-18.xml
FF SearchPlugin: C:\Users\PM\AppData\Roaming\Mozilla\Firefox\Profiles\e2au7sym.default\searchplugins\icqplugin-19.xml
FF SearchPlugin: C:\Users\PM\AppData\Roaming\Mozilla\Firefox\Profiles\e2au7sym.default\searchplugins\icqplugin-20.xml
FF SearchPlugin: C:\Users\PM\AppData\Roaming\Mozilla\Firefox\Profiles\e2au7sym.default\searchplugins\searchplugins-backup
FF Extension: No Name - C:\Users\PM\AppData\Roaming\Mozilla\Extensions\home2@tomtom.com
FF Extension: No Name - C:\Users\PM\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
FF Extension: Yahoo! Toolbar - C:\Users\PM\AppData\Roaming\Mozilla\Firefox\Profiles\e2au7sym.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF Extension: pdfforge - C:\Users\PM\AppData\Roaming\Mozilla\Firefox\Profiles\e2au7sym.default\Extensions\pdfforge@mybrowserbar.com
FF Extension: No Name - C:\Users\PM\AppData\Roaming\Mozilla\Firefox\Profiles\e2au7sym.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi
FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF Extension: Default - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

Chrome:
=======
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\28.0.1500.95\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\28.0.1500.95\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\28.0.1500.95\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.5) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.5) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.5) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.5) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.5) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.5) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.5) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (MindSpark Toolbar Platform Plugin Stub) - C:\Program Files\FromDocToPDF_65\bar\1.bin\NP65Stub.dll No File
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
CHR Plugin: (Java(TM) Platform SE 7 U7) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (McAfee Security Scanner +) - C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
CHR Plugin: (MetaStream 3 Plugin) - C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
CHR Plugin: (Java Deployment Toolkit 7.0.70.11) - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Extension: (Docs) - C:\Users\PM\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0
CHR Extension: (Google Drive) - C:\Users\PM\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0
CHR Extension: (YouTube) - C:\Users\PM\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0
CHR Extension: (Google Search) - C:\Users\PM\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0
CHR Extension: (Gmail) - C:\Users\PM\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0

========================== Services (Whitelisted) =================

R2 LiveUpdate Notice Service; C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll [537992 2008-04-10] (Symantec Corporation)
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.)
S2 SymAppCore; c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe [47712 2007-01-04] (Symantec Corporation)
R2 TuneUp.UtilitiesSvc; C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe [1514304 2011-12-14] (TuneUp Software)
S2 LiveUpdate Notice Ex; "c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon [x]

==================== Drivers (Whitelisted) ====================

S3 FTDIBUS; C:\Windows\System32\drivers\ftdibus.sys [61704 2011-03-18] (FTDI Ltd.)
R1 IDSvix86; C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20080407.003\IDSvix86.sys [261680 2008-02-13] (Symantec Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [691696 2010-10-31] ()
S3 SRTSP; C:\Windows\System32\Drivers\SRTSP.SYS [279088 2007-12-01] (Symantec Corporation)
S3 SRTSPL; C:\Windows\System32\Drivers\SRTSPL.SYS [317616 2007-12-01] (Symantec Corporation)
R1 SRTSPX; C:\Windows\System32\Drivers\SRTSPX.SYS [43696 2007-12-01] (Symantec Corporation)
R3 SYMDNS; C:\Windows\System32\Drivers\SYMDNS.SYS [12848 2007-10-30] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [123952 2008-02-13] (Symantec Corporation)
R3 SYMFW; C:\Windows\System32\Drivers\SYMFW.SYS [145968 2007-10-30] (Symantec Corporation)
R3 SYMIDS; C:\Windows\System32\Drivers\SYMIDS.SYS [39856 2007-10-30] (Symantec Corporation)
R3 SYMNDISV; C:\Windows\System32\Drivers\SYMNDISV.SYS [37936 2007-10-30] (Symantec Corporation)
R3 SYMREDRV; C:\Windows\System32\Drivers\SYMREDRV.SYS [27696 2007-10-30] (Symantec Corporation)
R1 SYMTDI; C:\Windows\System32\Drivers\SYMTDI.SYS [191536 2007-10-30] (Symantec Corporation)
R3 TuneUpUtilitiesDrv; C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys [10064 2011-12-12] (TuneUp Software)
S3 wanatw; C:\Windows\System32\DRIVERS\wanatw4.sys [33588 2006-11-01] (America Online, Inc.)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [x]
S3 catchme; \??\C:\Users\PM\AppData\Local\Temp\catchme.sys [x]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NAVENG; \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20080413.003\NAVENG.SYS [x]
S3 NAVEX15; \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20080413.003\NAVEX15.SYS [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
S3 USBAAPL; System32\Drivers\usbaapl.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-08-17 18:35 - 2013-08-17 18:35 - 00000000 ____D C:\Users\PM\AppData\Roaming\Malwarebytes
2013-08-17 18:34 - 2013-08-17 18:36 - 00000908 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-08-17 18:34 - 2013-08-17 18:36 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-08-17 18:34 - 2013-08-17 18:34 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-08-17 18:34 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-08-17 18:13 - 2013-08-17 18:10 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\PM\Desktop\mbam-setup-1.75.0.1300.exe
2013-08-17 16:54 - 2013-08-17 16:54 - 00009694 _____ C:\ComboFix.txt
2013-08-17 13:48 - 2013-08-17 18:08 - 00139264 _____ C:\Users\PM\Desktop\SystemLook.exe
2013-08-17 12:46 - 2013-08-17 12:36 - 01068993 _____ (Farbar) C:\Users\PM\Desktop\FRST.exe
2013-08-17 10:11 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2013-08-17 10:11 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2013-08-17 10:11 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-08-17 10:11 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-08-17 10:11 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-08-17 10:11 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2013-08-17 10:11 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2013-08-17 10:11 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2013-08-17 10:10 - 2013-08-17 16:54 - 00000000 ____D C:\Qoobox
2013-08-17 10:04 - 2013-08-17 10:09 - 05105390 ____R (Swearware) C:\Users\PM\Desktop\ComboFix.exe
2013-08-17 08:59 - 2013-08-17 10:25 - 00000000 ____D C:\Windows\erdnt
2013-08-17 08:42 - 2013-08-17 08:44 - 00075013 _____ C:\AdwCleaner[S1].txt
2013-08-17 08:42 - 2013-08-17 08:44 - 00000157 _____ C:\Windows\DeleteOnReboot.bat
2013-08-17 00:21 - 2013-08-17 00:21 - 00000000 ____D C:\_OTL
2013-08-16 23:55 - 2013-08-17 20:10 - 00000000 ____D C:\FRST
2013-08-16 20:07 - 2013-08-16 20:07 - 00000000 ____D C:\Users\PM\Desktop\Wintrack
2013-08-16 19:26 - 2013-08-16 19:26 - 00000527 _____ C:\Users\PM\Desktop\Denis - Verknüpfung.lnk
2013-08-16 19:23 - 2013-08-16 19:24 - 00000000 ____D C:\Users\PM\Desktop\Bewerbung
2013-08-16 19:23 - 2013-08-16 19:23 - 00000000 ____D C:\Users\PM\Desktop\Anschreiben, Status
2013-08-16 06:34 - 2013-08-16 06:34 - 00080248 _____ C:\OTL1.txt
2013-08-16 06:34 - 2013-08-16 06:34 - 00034466 _____ C:\Extras1.txt
2013-08-16 06:30 - 2013-08-16 18:32 - 00043352 _____ C:\Extras.Txt
2013-08-16 06:29 - 2013-08-17 19:57 - 00061446 _____ C:\OTL.Txt
2013-08-15 10:46 - 2013-08-15 10:46 - 83665920 _____ C:\Users\PM\Downloads\NIS60dDE.exe
2013-08-15 10:46 - 2013-08-15 10:46 - 83665920 _____ C:\Users\PM\Downloads\Nicht bestätigt 613529.crdownload
2013-08-15 10:46 - 2013-08-15 10:46 - 83665920 _____ C:\Users\PM\Downloads\Nicht bestätigt 281099.crdownload
2013-08-14 23:33 - 2013-08-14 23:33 - 00000000 ____D C:\Program Files\Common Files\Bitdefender
2013-08-06 13:55 - 2013-08-06 13:55 - 00004096 ____H C:\Users\PM\AppData\Local\keyfile3.drm

==================== One Month Modified Files and Folders =======

2013-08-17 20:20 - 2010-01-31 08:56 - 00001098 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-08-17 20:20 - 2007-07-16 03:22 - 01968664 _____ C:\Windows\WindowsUpdate.log
2013-08-17 20:17 - 2010-01-31 08:56 - 00001094 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-08-17 20:17 - 2007-06-18 13:39 - 00000000 ____D C:\Windows\SMINST
2013-08-17 20:17 - 2006-11-02 15:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-17 20:17 - 2006-11-02 14:47 - 00003568 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-17 20:17 - 2006-11-02 14:47 - 00003568 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-17 20:16 - 2006-11-02 15:01 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-08-17 20:16 - 2006-11-02 12:33 - 01517318 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-17 20:15 - 2013-08-17 20:15 - 00000000 ____D C:\Program Files\ESET
2013-08-17 20:10 - 2013-08-16 23:55 - 00000000 ____D C:\FRST
2013-08-17 20:09 - 2007-06-18 13:41 - 00412220 _____ C:\Windows\PFRO.log
2013-08-17 20:00 - 2006-11-02 13:18 - 00000000 ___RD C:\Users\Public
2013-08-17 19:57 - 2013-08-16 06:29 - 00061446 _____ C:\OTL.Txt
2013-08-17 18:36 - 2013-08-17 18:34 - 00000908 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-08-17 18:36 - 2013-08-17 18:34 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-08-17 18:35 - 2013-08-17 18:35 - 00000000 ____D C:\Users\PM\AppData\Roaming\Malwarebytes
2013-08-17 18:34 - 2013-08-17 18:34 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-08-17 18:10 - 2013-08-17 18:13 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\PM\Desktop\mbam-setup-1.75.0.1300.exe
2013-08-17 18:08 - 2013-08-17 13:48 - 00139264 _____ C:\Users\PM\Desktop\SystemLook.exe
2013-08-17 18:02 - 2006-11-02 14:47 - 00400344 _____ C:\Windows\system32\FNTCACHE.DAT
2013-08-17 16:54 - 2013-08-17 16:54 - 00009694 _____ C:\ComboFix.txt
2013-08-17 16:54 - 2013-08-17 10:10 - 00000000 ____D C:\Qoobox
2013-08-17 16:52 - 2006-11-02 12:23 - 00000215 _____ C:\Windows\system.ini
2013-08-17 16:51 - 2007-09-01 15:57 - 00000000 ____D C:\Users\PM
2013-08-17 12:36 - 2013-08-17 12:46 - 01068993 _____ (Farbar) C:\Users\PM\Desktop\FRST.exe
2013-08-17 10:27 - 2006-11-02 13:18 - 00000000 __RHD C:\Users\Default
2013-08-17 10:25 - 2013-08-17 08:59 - 00000000 ____D C:\Windows\erdnt
2013-08-17 10:09 - 2013-08-17 10:04 - 05105390 ____R (Swearware) C:\Users\PM\Desktop\ComboFix.exe
2013-08-17 10:08 - 2009-11-26 16:41 - 00000000 ____D C:\Users\PM\Tracing
2013-08-17 08:44 - 2013-08-17 08:42 - 00075013 _____ C:\AdwCleaner[S1].txt
2013-08-17 08:44 - 2013-08-17 08:42 - 00000157 _____ C:\Windows\DeleteOnReboot.bat
2013-08-17 08:19 - 2008-08-25 22:46 - 00000412 ____H C:\Windows\Tasks\User_Feed_Synchronization-{45D4D7FF-D19B-4345-8B4E-5C1638791C24}.job
2013-08-17 00:21 - 2013-08-17 00:21 - 00000000 ____D C:\_OTL
2013-08-16 23:07 - 2009-08-30 14:52 - 00000000 ____D C:\Ablage Wolfgang
2013-08-16 22:26 - 2009-12-03 22:53 - 00000000 ____D C:\Users\PM\AppData\Roaming\WinTrack
2013-08-16 20:07 - 2013-08-16 20:07 - 00000000 ____D C:\Users\PM\Desktop\Wintrack
2013-08-16 19:26 - 2013-08-16 19:26 - 00000527 _____ C:\Users\PM\Desktop\Denis - Verknüpfung.lnk
2013-08-16 19:26 - 2010-08-22 17:55 - 00000000 ____D C:\Denis
2013-08-16 19:24 - 2013-08-16 19:23 - 00000000 ____D C:\Users\PM\Desktop\Bewerbung
2013-08-16 19:23 - 2013-08-16 19:23 - 00000000 ____D C:\Users\PM\Desktop\Anschreiben, Status
2013-08-16 18:32 - 2013-08-16 06:30 - 00043352 _____ C:\Extras.Txt
2013-08-16 13:33 - 2007-06-18 13:21 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-08-16 13:33 - 2006-11-02 12:24 - 75778376 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2013-08-16 13:32 - 2006-11-02 12:23 - 00000277 _____ C:\Windows\win.ini
2013-08-16 06:34 - 2013-08-16 06:34 - 00080248 _____ C:\OTL1.txt
2013-08-16 06:34 - 2013-08-16 06:34 - 00034466 _____ C:\Extras1.txt
2013-08-15 17:50 - 2008-03-09 14:34 - 00026624 _____ C:\Users\PM\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-08-15 10:46 - 2013-08-15 10:46 - 83665920 _____ C:\Users\PM\Downloads\NIS60dDE.exe
2013-08-15 10:46 - 2013-08-15 10:46 - 83665920 _____ C:\Users\PM\Downloads\Nicht bestätigt 613529.crdownload
2013-08-15 10:46 - 2013-08-15 10:46 - 83665920 _____ C:\Users\PM\Downloads\Nicht bestätigt 281099.crdownload
2013-08-15 10:43 - 2011-06-08 16:38 - 00001356 _____ C:\Users\PM\AppData\Local\d3d9caps.dat
2013-08-14 23:33 - 2013-08-14 23:33 - 00000000 ____D C:\Program Files\Common Files\Bitdefender
2013-08-13 21:37 - 2007-06-18 13:20 - 00000000 ____D C:\Program Files\Microsoft Office
2013-08-13 11:54 - 2012-11-06 00:00 - 00000000 ____D C:\Users\PM\AppData\Local\Paint.NET
2013-08-13 09:35 - 2007-09-01 16:02 - 00000000 ____D C:\Users\PM\AppData\Local\Google
2013-08-06 13:55 - 2013-08-06 13:55 - 00004096 ____H C:\Users\PM\AppData\Local\keyfile3.drm
2013-07-31 08:13 - 2007-09-01 16:01 - 00108136 _____ C:\Users\PM\AppData\Local\GDIPFONTCACHEV1.DAT
2013-07-22 13:02 - 2012-02-21 20:01 - 00000310 _____ C:\Windows\Tasks\HPCeeScheduleForPM.job

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-08-17 20:23

==================== End Of Log ============================
--- --- ---


--------------------------------------------------------------------------

Code:

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 16-08-2013
Ran by PM at 2013-08-17 20:32:02
Running from C:\Users\PM\Desktop
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

 Update for Microsoft Office 2007 (KB2508958)
ABBYY FineReader 6.0 Sprint (Version: 6.0.0.1550.41613)
Activation Assistant for the 2007 Microsoft Office suites
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0)
Adobe AIR (Version: 1.5.0.7220)
Adobe Flash Player 10 Plugin (Version: 10.1.82.76)
Adobe Flash Player 11 ActiveX (Version: 11.0.1.152)
Adobe Reader X (10.1.4) - Deutsch (Version: 10.1.4)
Advertising Center (Version: 0.0.0.1)
Ahead Nero Burning ROM
AppCore (Version: 1)
Apple Software Update (Version: 2.1.1.116)
AVG 2012 (Version: 12.0.3162)
Biet-O-Matic v2.14.8 (Version: 2.14.8)
Bonjour (Version: 1.0.106)
Brother MFL-Pro Suite MFC-290C (Version: 1.1.8.0)
Counter-Strike
FinePixViewer Resource
FinePixViewer Ver.5.0
FoxTab Video Converter
Google Chrome (Version: 28.0.1500.95)
Google Update Helper (Version: 1.3.21.153)
Hardware Diagnose Tools (Version: 5.00.4424.15)
Haufe iDesk-Browser (Version: 8.07.16.5590)
Haufe iDesk-Service (Version: 8.08.20.5622)
HP Advisor (Version: 3.1.9152.3107)
HP Customer Experience Enhancements (Version: 5.1.0.2264)
HP Customer Feedback (Version: 1.0.0)
HP Easy Setup - Frontend (Version: 5.1.0.2269)
HP On-Screen Cap/Num/Scroll Lock Indicator
HP Photosmart Essential 2.0 (Version: 2.0)
HP Photosmart Essential2.5 (Version: 1.00.0000)
HP Picasso Media Center Add-In (Version: 1.0.0)
HP Update (Version: 5.002.002.002)
Java 7 Update 7 (Version: 7.0.70)
Java Auto Updater (Version: 2.1.9.0)
Java(TM) 6 Update 2 (Version: 1.6.0.20)
JDownloader (Version: 0.89)
Konz 2012 (Version: 1.00.0000)
Konz 2013 (Version: 1.00.0000)
LeechFTP
Lexmark Symbolleiste
Lexware Info Service (Version: 2.70.00.0081)
LightScribe  1.4.142.1 (Version: 1.4.142.1)
LiveUpdate Notice (Symantec Corporation) (Version: 1.4.5)
LokProgrammer v2 (Version: 2.7.9)
Malwarebytes Anti-Malware Version 1.75.0.1300 (Version: 1.75.0.1300)
McAfee Security Scan Plus (Version: 3.0.318.3)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office FrontPage 2003 (Version: 11.0.8173.0)
Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000)
Microsoft Office Live Add-in 1.5 (Version: 2.0.4024.1)
Microsoft Office OneNote MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Professional Edition 2003 (Version: 11.0.8173.0)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Italian) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Works (Version: 08.05.0822)
Mozilla Firefox 22.0 (x86 de) (Version: 22.0)
Mozilla Maintenance Service (Version: 22.0)
MSVCRT (Version: 14.0.1468.721)
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)
MSXML 4.0 SP2 (KB941833) (Version: 4.20.9849.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
muvee autoProducer 6.0 (Version: 6.00.050)
Nero 9 Essentials
Nero ControlCenter (Version: 9.0.0.1)
Nero Installer (Version: 4.4.9.0)
Nero Online Upgrade (Version: 1.3.0.0)
Nero StartSmart (Version: 9.4.12.100)
Nero StartSmart OEM (Version: 9.4.10.100)
neroxml (Version: 1.0.0)
Norton Internet Security (Version: 10.2.0.30)
NVIDIA Drivers
Optimierte Multimedia-Tastatur-Lösung
Paint.NET v3.5.10 (Version: 3.60.0)
PaperPort Image Printer (Version: 1.00.0000)
PDF24 Creator 5.6.0
pdfforge Toolbar v7.1 (Version: 7.1)
PKH-fix 3.2
PL-2303 USB-to-Serial (Version: 1.1.0)
PSSWCORE (Version: 2.00.5000)
Python 2.4.3 (Version: 2.4.3150)
Railroad & Co. Version 5.8
RapidShare Manager (Version: 0.1)
RAW FILE CONVERTER LE
RealPlayer
Realtek High Definition Audio Driver (Version: 6.0.1.5548)
Roxio Activation Module (Version: 1.0)
Roxio Creator Audio (Version: 3.4.0)
Roxio Creator Basic v9 (Version: 3.4.0)
Roxio Creator Copy (Version: 3.4.0)
Roxio Creator Data (Version: 3.4.0)
Roxio Creator EasyArchive (Version: 3.4.0)
Roxio Creator Tools (Version: 3.4.0)
Roxio Express Labeler 3 (Version: 3.2.1)
Roxio MyDVD Basic v9 (Version: 9.0.559)
RTC Client API v1.2 (Version: 1.2.0000)
ScanSoft PaperPort 11 (Version: 11.1.0000)
Spelling Dictionaries Support For Adobe Reader 8 (Version: 8.0.0)
Steam (Version: 1.0.0.0)
Steuer 2007 (Version: 14.00)
Steuer 2010 (Version: 17.00.00.0062)
Steuer 2011 (Version: 19.00.7304)
Steuer 2012 (Version: 20.00.8137)
Steuer Hilfesammlung (Version: 14.0.0.0)
Steuer Hilfesammlung (Version: 15.0.0.0)
Symantec Real Time Storage Protection Component (Version: 10.2.2.6)
SymNet (Version: 7.2.1.110)
TomTom HOME Visual Studio Merge Modules (Version: 1.0.2)
TuneUp Utilities 2012 (Version: 12.0.2160.11)
TuneUp Utilities Language Pack (de-DE) (Version: 12.0.2160.11)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update für Microsoft Office Excel 2007 Help (KB963678)
Update für Microsoft Office Powerpoint 2007 Help (KB963669)
Update für Microsoft Office Word 2007 Help (KB963665)
Windows Live Anmelde-Assistent (Version: 5.000.818.6)
Windows Live Call (Version: 14.0.8117.0416)
Windows Live Communications Platform (Version: 14.0.8117.416)
Windows Live Essentials (Version: 14.0.8117.0416)
Windows Live Essentials (Version: 14.0.8117.416)
Windows Live Messenger (Version: 14.0.8117.0416)
Windows Live-Uploadtool (Version: 14.0.8014.1029)
Windows-Treiberpaket - FTDI CDM Driver Package (10/22/2009 2.06.00) (Version: 10/22/2009 2.06.00)
WinRAR archiver
WinTrack 3D-Modelle (Teil 1-11)
WinTrack Demo Version 10.0 3D (Version: 10.0 3D)
WinTrack V9.0 3D
 

==================== Restore Points  =========================

11-07-2013 07:57:17 Geplanter Prüfpunkt
12-07-2013 06:49:31 Windows Update
12-07-2013 07:01:11 Windows Update
13-07-2013 09:45:16 Geplanter Prüfpunkt
14-07-2013 16:26:39 Geplanter Prüfpunkt
15-07-2013 07:06:55 Geplanter Prüfpunkt
15-07-2013 10:26:48 Installiert Steuer 2012
16-07-2013 06:26:15 Windows Update
17-07-2013 21:06:54 Windows Update
18-07-2013 17:13:15 Geplanter Prüfpunkt
19-07-2013 10:53:03 Geplanter Prüfpunkt
19-07-2013 21:38:08 Windows Update
20-07-2013 17:29:59 Geplanter Prüfpunkt
21-07-2013 21:36:45 Geplanter Prüfpunkt
23-07-2013 06:40:31 Windows Update
23-07-2013 19:39:18 Geplanter Prüfpunkt
24-07-2013 08:22:46 Geplanter Prüfpunkt
25-07-2013 19:02:16 Geplanter Prüfpunkt
26-07-2013 05:48:15 Windows Update
27-07-2013 13:29:09 Geplanter Prüfpunkt
28-07-2013 10:50:38 Geplanter Prüfpunkt
30-07-2013 06:02:39 Windows Update
30-07-2013 18:35:57 Geplanter Prüfpunkt
02-08-2013 07:08:27 Windows Update
04-08-2013 19:06:33 Geplanter Prüfpunkt
05-08-2013 18:56:45 Geplanter Prüfpunkt
06-08-2013 07:32:56 Windows Update
09-08-2013 07:21:01 Windows Update
10-08-2013 10:30:50 Geplanter Prüfpunkt
11-08-2013 17:55:53 Geplanter Prüfpunkt
12-08-2013 15:22:11 Geplanter Prüfpunkt

==================== Hosts content: ==========================

2006-11-02 12:23 - 2013-08-17 16:52 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1      localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {0C57124A-989C-4DC9-A85A-65E1F56F3C18} - System32\Tasks\HPCeeScheduleForPM => C:\Program Files\hewlett-packard\sdp\ceement\HPCEE.exe [2007-03-07] (Hewlett-Packard)
Task: {1519696E-009F-4429-B757-515F06B2BFD9} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => c:\program files\windows defender\MpCmdRun.exe [2008-01-18] (Microsoft Corporation)
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {27092A8B-44A9-4341-A174-A718C61A8610} - System32\Tasks\Microsoft\Windows\RestartManager\{07D857BA-122E-4753-840D-86CE76F8B495} => C:\Windows\system32\rmclient.exe [2006-11-02] (Microsoft Corporation)
Task: {2B0EF2C6-9FCF-4271-BAB0-8815DED0A084} - System32\Tasks\HP-Online-Aktualisierungsprogramm => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2008-12-08] (Hewlett-Packard)
Task: {2D1F265C-45DF-49E9-8D44-1D7F579325BF} - \RegCure No Task File
Task: {2D36B681-011A-4CC0-B69B-ED36239558F3} - System32\Tasks\ScanSoft Background Update => C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2006-10-25] (Nuance Communications, Inc.)
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {423F6588-C47F-45BB-9384-CD945A2FF3F1} - System32\Tasks\Microsoft\Windows\Defrag\ManualDefrag => C:\Windows\system32\defrag.exe [2008-01-18] (Microsoft Corp.)
Task: {4492F359-46DE-4614-98F9-C047A161D1DD} - System32\Tasks\Sun Microsystems-Online-Aktualisierungsprogramm => C:\Program Files\Java\jre6\bin\jusched.exe No File
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-18] (Microsoft Corporation)
Task: {7AF7316D-F704-4D0A-A2F1-BEDDED2233AF} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-01-31] (Google Inc.)
Task: {8FDF5864-5687-4168-A063-E691EF6D899A} - \RegCure Program Check No Task File
Task: {A4D279C6-4536-4634-A75A-AE6C1D0B73DF} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Signature Update => c:\program files\windows defender\MpCmdRun.exe [2008-01-18] (Microsoft Corporation)
Task: {A61555D3-7840-45C1-A5A9-0D49851DE37A} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\OptinNotification => C:\Windows\System32\wsqmcons.exe [2008-01-18] (Microsoft Corporation)
Task: {AC24617D-D855-4B90-8F81-DE93EE579ECD} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {ACB04661-E9F4-4E22-B960-F8D250F3E721} - System32\Tasks\Advanced System Protector => C:\Program Files\RegClean Pro\SystweakASP.exe No File
Task: {AE373B69-DD63-4339-8C1A-17BF79D592F8} - System32\Tasks\{D49F5661-E562-4E51-A948-1282240E8CE5} => C:\Program Files\Skype\Phone\Skype.exe No File
Task: {B2BA7CA1-617D-40CF-AA29-3EA2E51DAD3E} - System32\Tasks\User_Feed_Synchronization-{45D4D7FF-D19B-4345-8B4E-5C1638791C24} => C:\Windows\system32\msfeedssync.exe [2008-01-18] (Microsoft Corporation)
Task: {B37B3F24-B563-419A-8A13-E17C7CD85F55} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files\Ask.com\UpdateTask.exe No File
Task: {C06617F8-3222-43FC-86C5-6C52D0BF0B19} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2012 => C:\Program Files\TuneUp Utilities 2012\OneClick.exe [2011-12-14] (TuneUp Software)
Task: {C76BFDFF-B62E-4971-9766-CBFF98283676} - System32\Tasks\Lexware-Online-Aktualisierungsprogramm => C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe [2010-09-15] (Haufe-Lexware GmbH & Co. KG)
Task: {CD1C5AE0-35B1-4184-B4CD-A2B2DCE9E8A2} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe No File
Task: {E4A511C6-E22C-4473-934E-0CCCE5CB31B2} - System32\Tasks\pmrsud => C:\Windows\system32\rundll32.exe [2006-11-02] (Microsoft Corporation)
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-05] ()
Task: {E5831471-BD3F-4FAF-A99B-52D364254837} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-01-31] (Google Inc.)
Task: {F094E537-DCBD-460C-B3E4-A1F98552D349} - System32\Tasks\At1 => C:\Users\PM\AppData\Roaming\DSite\UPDATE~1\UPDATE~1.EXE No File
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForPM.job => C:\Program Files\hewlett-packard\sdp\ceement\HPCEE.exe
Task: C:\Windows\Tasks\User_Feed_Synchronization-{45D4D7FF-D19B-4345-8B4E-5C1638791C24}.job => C:\Windows\system32\msfeedssync.exe

==================== Faulty Device Manager Devices =============

Name: Microsoft-ISATAP-Adapter
Description: Microsoft-ISATAP-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver


==================== Event log errors: =========================

Application errors:
==================
Error: (08/17/2013 07:35:48 PM) (Source: EventSystem) (User: )
Description: d:\vistasp1_gdr\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (08/17/2013 06:22:51 PM) (Source: EventSystem) (User: )
Description: d:\vistasp1_gdr\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (08/17/2013 06:02:35 PM) (Source: EventSystem) (User: )
Description: d:\vistasp1_gdr\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (08/17/2013 04:54:40 PM) (Source: EventSystem) (User: )
Description: d:\vistasp1_gdr\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (08/17/2013 04:54:03 PM) (Source: EventSystem) (User: )
Description: d:\vistasp1_gdr\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (08/17/2013 04:51:50 PM) (Source: EventSystem) (User: )
Description: d:\vistasp1_gdr\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (08/17/2013 05:36:46 PM) (Source: EventSystem) (User: )
Description: d:\vistasp1_gdr\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (08/17/2013 05:32:14 PM) (Source: EventSystem) (User: )
Description: d:\vistasp1_gdr\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (08/17/2013 03:21:23 PM) (Source: EventSystem) (User: )
Description: d:\vistasp1_gdr\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (08/17/2013 10:28:51 AM) (Source: Application Hang) (User: )
Description: Programm explorer.exe, Version 6.0.6001.18164 arbeitet nicht mehr mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem zu suchen.
Prozess-ID: e98
Anfangszeit: 01ce9b238d52d427
Zeitpunkt der Beendigung: 31


System errors:
=============

Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2013-08-17 20:31:46.690
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-08-17 20:31:46.224
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-08-17 20:31:45.755
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-08-17 20:31:45.287
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-08-17 20:31:44.813
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-08-17 20:31:44.344
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-08-17 20:31:43.868
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-08-17 20:31:43.391
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-08-17 18:40:41.736
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-08-17 18:40:41.299
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info ===========================

Percentage of memory in use: 41%
Total physical RAM: 2045.82 MB
Available physical RAM: 1190.89 MB
Total Pagefile: 4334.16 MB
Available Pagefile: 3310.13 MB
Total Virtual: 2047.88 MB
Available Virtual: 1915.12 MB

==================== Drives ================================

Drive c: (HP) (Fixed) (Total:457.79 GB) (Free:305.14 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Recovery) (Fixed) (Total:7.97 GB) (Free:1 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive g: (Transcend) (Removable) (Total:15.1 GB) (Free:14.21 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 466 GB) (Disk ID: 1549F232)
Partition 1: (Active) - (Size=458 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=8 GB) - (Type=07 NTFS)

========================================================
Disk: 6 (MBR Code: Windows XP) (Size: 15 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=15 GB) - (Type=0C)

==================== End Of Log ============================
Gruß Roland

aharonov 17.08.2013 19:59
Hallo Roland,

das sieht jetzt besser aus. Wie läuft der Rechner? Bemerkst du noch Probleme?
Dann müssen wir jetzt den Rechner noch absichern, damit sowas nicht wieder passiert...


Hinweis: Kein Antivirenprogramm

Ich sehe in deinen Logfiles kein laufendes Antivirenprogramm mit Hintergrundwächter.

Das ist gefährlich. Auch wenn so ein Wächter niemals alle Bedrohungen abwehren kann, ist er doch ein wichtiger Bestandteil, um den Rechner sauber zu halten.
Downloade und installiere bitte ein Antivirenprogramm mit Hintergrundwächter. Hier sind zwei mögliche Vorschläge:



Schritt 1

Mache einen Vollscan (über die ganze Festplatte) mit deinem neu installierten Antivirenprogramm. Poste das Logfile, falls es Funde gibt.



Schritt 2

Dein Java ist nicht mehr aktuell. Ältere Versionen enthalten Sicherheitslücken, die von Malware zur Infizierung per Drive-by Download missbraucht werden können.

Die aktuelle Version ist Java 7 Update 25.
  • Gehe zu
    Start --> Systemsteuerung --> Programme und Funktionen (bei Vista / Win 7)
    Start --> Systemsteuerung --> Software (bei Win XP)
    und deinstalliere alle älteren Java-Versionen.
In wenigen Fällen wird Java wirklich benötigt. Auch werden immer wieder neue, noch nicht geschlossene Sicherheitslücken ausgenutzt.
Überleg dir also, ob du eine Java-Installation wirklich brauchst.
Falls du Java weiterhin verwenden möchtest, dann:
  • Lade dir die neueste Java-Version herunter.
  • Schliesse alle laufenden Programme, speziell den Browser.
  • Starte die heruntergeladene jxpiinstall.exe und folge den Anweisungen.
  • Entferne während der Installation den Haken bei "Installieren Sie die Ask-Toolbar ...".



Schritt 3

Die Version deines Adobe PDF Readers ist veraltet, wir müssen ihn updaten:
  • Deinstalliere bitte deine aktuelle Version von Adobe Reader über
    Start --> Systemsteuerung --> Software (bei Windows XP)
    Start --> Systemsteuerung --> Programme und Funktionen (bei Vista / Windows 7)
  • Besuche diese Seite von Adobe.
  • Entferne gegebenenfalls den Haken bei McAfee Security Scan bzw. Google Chrome.
  • Drücke auf Jetzt herunterladen und installiere die neuste Version.



Schritt 4

Dein Firefox ist nicht mehr aktuell.
Starte deinen Firefox als Administrator, klicke Hilfe --> Über Firefox und führe das angebotene Update durch.
Wiederhole diesen Schritt, bis Firefox als aktuell angezeigt wird.



Schritt 5

Dein Flashplayer ist veraltet. Installiere folgendermassen die aktuelle Version:
  • Besuche diese Seite von Adobe.
  • Entferne gegebenenfalls den Haken bei McAfee Security Scan bzw. Google Chrome.
  • Drücke auf Jetzt herunterladen und installiere die neuste Version.

Überprüfe dann mit diesem Plugin-Check (mit dem Firefox hier), ob nun alle deine verwendeten Versionen aktuell sind und update sie anderenfalls.



Bitte poste in deiner nächsten Antwort:
  • Log des Scans mit dem neuen AVP

kleiner Wolf 17.08.2013 20:05
Hallo Leo,

danke für die Hinweise, werde diese umsetzen, wird allerdings heute nichts mehr da ich gleich zum Dienst muss. Kann ich den IE verwenden oder sollte es lieber lassen?

Gruß Roland

aharonov 17.08.2013 20:14
Oh, beim IE hab ich vergessen, der muss ja auch noch unbedingt erneuert werden!

Downloade und installiere den Internet Explorer 9.
Der Internet Explorer sollte auch dann aktuell gehalten werden, wenn er nicht zum Surfen verwendet wird.


Ich würde nicht im Internet surfen, bis du alle diese Punkte abgearbeitet hast, denn im jetzigen Zustand ist dein Rechner höchst verwundbar!

kleiner Wolf 17.08.2013 20:22
Hallo Leo,

danke für die schnelle Rückantwort, wünsche Dir noch einen schönen Abend.
Melde mich dann Morgen wieder.

Gruß Roland


Alle Zeitangaben in WEZ +1. Es ist jetzt 14:24 Uhr.
Seite 2 von 3 1 2 3
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131