Trojaner-Board - Problem mit JAVA/Lamar.isl.8

Trojaner-Board (https://www.trojaner-board.de/)

- Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)

- - Problem mit JAVA/Lamar.isl.8 (https://www.trojaner-board.de/145212-problem-java-lamar-isl-8-a.html)

Problem mit JAVA/Lamar.isl.8

Hallo an alle!
hatte am letzten Donnerstag eine Systemprüfung mit Avira auf meinem PC laufen lassen. Leider habe ich mir etwas eingefangen, ich kann es nicht einschätzen ob ich das Übel jetzt entfernen soll, um dass ich kein Schaden auftaucht.
Laut der Software Avira habe ich diesen dann in die Quarantäne geschoben!!
Am Sonntag machte ich noch einen kompletten Systemdurchlauf der dann keine Warnung und keinen Fund gefunden hat.
Meine Fragen:
1. Sollte ich mit einer anderen Software einen Systemdurchlauf starten? Wenn ja, mit welcher?
2. Welchen Schaden verursacht dieser JAVA/Lamar.isl.8 auf meinem PC?
3. Ist es ausreichend den gefundenen Virus in der Quarantäne liegen zu lassen, oder soll ich diesen löschen? Ist er dann auch komplett aus dem System raus?

In letzter Zeit bemerke ich, dass mein PC langsamer ist und wenn ich ins
Internet (Explorer öffne) dann bekomme ich die Fehlermeldung der "Proxyserver geht nicht" obwohl ich mit meinem anderen Gerät in dem gleichen Moment kein Problem habe ?!?:confused:

Im Anschluss habe ich euch einen Teil von der 1. Reportdatei hier reinkopiert, so kann man nachlesen welcher Befall das am Donnerstag war.

Bedanke mich schon im Voraus für Antworten :-)

Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
Die Registry wurde durchsucht ( '4723' Dateien ).

Der Suchlauf über die ausgewählten Dateien wird begonnen:

Beginne mit der Suche in 'C:\' <OS>
[0] Archivtyp: RSRC
--> C:\Users\Angela\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
[1] Archivtyp: Runtime Packed
--> C:\Users\Angela\AppData\Local\Temp\oi_{4F27BB94-C5CE-4309-89C4-EF5E38F3AC27}.exe
[2] Archivtyp: RSRC
--> C:\ProgramData\Avira\AntiVir Desktop\TEMP\AVSCAN-20131121-122450-D07DD651\0000001B-8B5036B4
[3] Archivtyp: RSRC
--> C:\Users\Angela\AppData\Local\Temp\ToolbarInstaller.exe
[4] Archivtyp: RSRC
--> C:\Users\Angela\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14\79af308e-319075c9
[5] Archivtyp: ZIP
--> ApHBwIL.class
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Lamar.isl.2
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
--> aWAWILR.class
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Lamar.isl.10
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
--> CTBr.class
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Lamar.isl.4
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
--> GOEXJHyrAI.class
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Lamar.isl.7
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
--> GRP.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/JAVA.Rafold.A.Gen
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
--> HSXEqWvTHE.class
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Lamar.isl.11
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
--> MeYc.class
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Lamar.isl.12
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
--> piPiIwA.class
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Lamar.isl.3
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
--> QadzzS.class
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Lamar.isl.5
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
--> RJn.class
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Lamar.isl.6
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
--> vAoMq.class
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Lamar.isl.1
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
--> wOcky.class
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Lamar.isl.9
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
--> wyriDqRE.class
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Lamar.isl.8
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
C:\Users\Angela\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14\79af308e-319075c9
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Lamar.isl.8
Beginne mit der Suche in 'D:\' <DATA>
--> C:\Users\Angela\AppData\LocalLow\VideoDownloadConverter_4zEI\Installr\Cache\04E80170.exe
[5] Archivtyp: Portable Executable Resource
--> C:\Users\Angela\AppData\Roaming\OpenCandy\76652E750DE94723B299A8010F3FF091\avg.exe
[6] Archivtyp: RSRC
--> C:\ProgramData\Avira\AntiVir Desktop\TEMP\AVSCAN-20131121-122450-D07DD651\0000001B-AB142732
[7] Archivtyp: RSRC
--> C:\Users\Angela\Downloads\chromeinstall-7u9.exe
[8] Archivtyp: Runtime Packed
--> C:\Windows\Temp\ToolbarInstaller.exe
[9] Archivtyp: RSRC
--> C:\Windows\Temp\{A290B0DB-AE37-458D-9018-4FF044ED6C05}.exe
[10] Archivtyp: RSRC
--> C:\ProgramData\Avira\AntiVir Desktop\TEMP\AVSCAN-20131121-122450-D07DD651\0000001C-50FCFC56
[11] Archivtyp: RSRC
--> D:\ANGELA-PC\Backup Set 2013-09-30 163016\Backup Files 2013-09-30 163016\Backup files 1.zip
[12] Archivtyp: ZIP
--> C/Users/Angela/AppData/Roaming/OpenCandy/76652E750DE94723B299A8010F3FF091/avg.exe
[13] Archivtyp: RSRC
--> D:\ANGELA-PC\Backup Set 2013-09-30 163016\Backup Files 2013-09-30 163016\Backup files 4.zip
[14] Archivtyp: ZIP
--> C/Users/Angela/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/14/79af308e-319075c9
[15] Archivtyp: ZIP
--> ApHBwIL.class
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Lamar.isl.2
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
--> aWAWILR.class
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Lamar.isl.10
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
--> CTBr.class
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Lamar.isl.4
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
--> GOEXJHyrAI.class
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Lamar.isl.7
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
--> GRP.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/JAVA.Rafold.A.Gen
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
--> HSXEqWvTHE.class
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Lamar.isl.11
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
--> MeYc.class
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Lamar.isl.12
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
--> piPiIwA.class
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Lamar.isl.3
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
--> QadzzS.class
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Lamar.isl.5
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
--> RJn.class
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Lamar.isl.6
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
--> vAoMq.class
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Lamar.isl.1
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
--> wOcky.class
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Lamar.isl.9
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
--> wyriDqRE.class
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Lamar.isl.8
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
D:\ANGELA-PC\Backup Set 2013-09-30 163016\Backup Files 2013-09-30 163016\Backup files 4.zip
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Lamar.isl.8
--> C/Users/Angela/AppData/LocalLow/VideoDownloadConverter_4zEI/Installr/Cache/04E80170.exe
[15] Archivtyp: Portable Executable Resource
--> D:\ANGELA-PC\Backup Set 2013-11-10 190002\Backup Files 2013-11-10 190002\Backup files 2.zip
[16] Archivtyp: ZIP
--> C/Users/Angela/AppData/Roaming/OpenCandy/76652E750DE94723B299A8010F3FF091/avg.exe
[17] Archivtyp: RSRC
--> D:\ANGELA-PC\Backup Set 2013-11-10 190002\Backup Files 2013-11-10 190002\Backup files 4.zip
[18] Archivtyp: ZIP
--> C/Users/Angela/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/14/79af308e-319075c9
[19] Archivtyp: ZIP
--> ApHBwIL.class
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Lamar.isl.2
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
--> aWAWILR.class
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Lamar.isl.10
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
--> CTBr.class
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Lamar.isl.4
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
--> GOEXJHyrAI.class
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Lamar.isl.7
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
--> GRP.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/JAVA.Rafold.A.Gen
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
--> HSXEqWvTHE.class
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Lamar.isl.11
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
--> MeYc.class
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Lamar.isl.12
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
--> piPiIwA.class
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Lamar.isl.3
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
--> QadzzS.class
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Lamar.isl.5
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
--> RJn.class
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Lamar.isl.6
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
--> vAoMq.class
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Lamar.isl.1
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
--> wOcky.class
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Lamar.isl.9
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
--> wyriDqRE.class
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Lamar.isl.8
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
D:\ANGELA-PC\Backup Set 2013-11-10 190002\Backup Files 2013-11-10 190002\Backup files 4.zip
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Lamar.isl.8

Beginne mit der Desinfektion:
D:\ANGELA-PC\Backup Set 2013-11-10 190002\Backup Files 2013-11-10 190002\Backup files 4.zip
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Lamar.isl.8
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '54deb208.qua' verschoben!
D:\ANGELA-PC\Backup Set 2013-09-30 163016\Backup Files 2013-09-30 163016\Backup files 4.zip
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Lamar.isl.8
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4c499d99.qua' verschoben!
C:\Users\Angela\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14\79af308e-319075c9
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Lamar.isl.8
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '1e14c779.qua' verschoben!

Ende des Suchlaufs: Freitag, 22. November 2013 09:58
Benötigte Zeit: 3:49:05 Stunde(n)

Der Suchlauf wurde vollständig durchgeführt.

37667 Verzeichnisse wurden überprüft
803562 Dateien wurden geprüft
42 Viren bzw. unerwünschte Programme wurden gefunden
0 Dateien wurden als verdächtig eingestuft
0 Dateien wurden gelöscht
0 Viren bzw. unerwünschte Programme wurden repariert
3 Dateien wurden in die Quarantäne verschoben
0 Dateien wurden umbenannt
0 Dateien konnten nicht durchsucht werden
803520 Dateien ohne Befall
11247 Archive wurden durchsucht
39 Warnungen
3 Hinweise
979083 Objekte wurden beim Rootkitscan durchsucht
0 Versteckte Objekte wurden gefunden

hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

FRST Logfile:

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-11-2013

Ran by Angela (administrator) on ANGELA-PC on 27-11-2013 10:34:43

Running from C:\Users\Angela\Desktop

Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard

Internet Explorer Version 10

Boot Mode: Normal
 

==================== Processes (Whitelisted) =================
 

(AMD) C:\Windows\System32\atiesrxx.exe

(AMD) C:\Windows\System32\atieclxx.exe

(ASUSTeK Computer Inc.) C:\Windows\System32\FBAgent.exe

(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe

(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

() C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe

(ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe

(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

() C:\ProgramData\DatacardService\DCService.exe

(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE

(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_WT50RP.EXE

(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE

() C:\Program Files (x86)\sysTPL\sysTPLMonitor.exe

() C:\Program Files (x86)\sysTPL\sysTPLService.exe

(COMPANYVERS_NAME) C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zbarsvc.exe

(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.1.2\ToolbarUpdater.exe

(COMPANYVERS_NAME) C:\Program Files (x86)\WeatherBlink\bar\1.bin\gcbarsvc.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE

() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.1.2\loggingserver.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe

(ASUS) C:\Program Files\P4G\BatteryLife.exe

(ASUS) C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe

(ASUS) C:\Windows\AsScrPro.exe

(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe

() C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\AppIntegrator64.exe

() C:\Program Files (x86)\WeatherBlink\bar\1.bin\AppIntegrator64.exe

(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE

(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATIHVE.EXE

(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATIHAE.EXE

(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe

(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe

(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe

(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe

(Virage Logic Corporation / Sonic Focus) C:\Program Files (x86)\ASUS\ASUS Sonic Focus\SonicFocusTray.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe

(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe

(ASUS) C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe

(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe

() C:\Program Files (x86)\AVG Secure Search\vprot.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

(1und1 Mail und Media GmbH) C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe

(MindSpark) C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zSrchMn.exe

(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe

(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe

(VER_COMPANY_NAME) C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zbrmon.exe

() C:\Program Files (x86)\sysTPL\sysTPL.exe

(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe

(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe

(VER_COMPANY_NAME) C:\Program Files (x86)\WeatherBlink\bar\1.bin\gcbrmon.exe

(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

(Google Inc.) C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe

(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_11_9_900_152_ActiveX.exe

(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\agent.exe

(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
 

==================== Registry (Whitelisted) ==================
 

HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2278504 2011-10-14] (Realtek Semiconductor)

HKLM\...\Run: [ETDCtrl] - C:\Program Files\Elantech\ETDCtrl.exe [2587944 2010-12-31] (ELAN Microelectronics Corp.)

HKLM\...\Run: [VideoDownloadConverter Home Page Guard 64 bit] - C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\AppIntegrator64.exe [548936 2013-11-04] ()

HKLM\...\Run: [WeatherBlink Home Page Guard 64 bit] - C:\Program Files (x86)\WeatherBlink\bar\1.bin\AppIntegrator64.exe [548936 2013-11-12] ()

HKCU\...\Run: [ISUSPM] - C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-06] (Acresso Corporation)

HKCU\...\Run: [OfficeSyncProcess] - C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [720064 2013-04-22] (Microsoft Corporation)

HKCU\...\Run: [EPLTarget\P0000000000000001] - C:\Windows\System32\spool\drivers\x64\3\E_YATIHVE.EXE [241280 2012-07-12] (SEIKO EPSON CORPORATION)

HKCU\...\Run: [EPLTarget\P0000000000000000] - C:\Windows\System32\spool\drivers\x64\3\E_IATIHAE.EXE [283232 2012-02-29] (SEIKO EPSON CORPORATION)

MountPoints2: G - G:\AutoRun.exe

MountPoints2: {5f26f7c7-6ba3-11e1-9e01-9ab70d24add8} - F:\AutoRun.exe

MountPoints2: {9dc5ea4a-6b81-11e1-9551-9ab70d24add8} - G:\AutoRun.exe

MountPoints2: {ceaea818-81c3-11e1-b573-9ab70d24add8} - F:\AutoRun.exe

MountPoints2: {ceaea826-81c3-11e1-b573-9ab70d24add8} - G:\AutoRun.exe

MountPoints2: {eddf1f1f-6ba5-11e1-aedb-806e6f6e6963} - G:\AutoRun.exe

HKLM-x32\...\Run: [Nuance PDF Reader-reminder] - C:\ProgramData\Nuance\PDF Reader\Ereg\Ereg.ini [370 2013-11-27] ()

HKLM-x32\...\Run: [ASUSPRP] - C:\Program Files (x86)\ASUS\APRP\aprp.exe [3331312 2011-10-19] (ASUSTek Computer Inc.)

HKLM-x32\...\Run: [ASUSWebStorage] - C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe [737104 2011-07-29] (ecareme)

HKLM-x32\...\Run: [SonicMasterTray] - C:\Program Files (x86)\ASUS\ASUS Sonic Focus\SonicFocusTray.exe [984400 2010-07-10] (Virage Logic Corporation / Sonic Focus)

HKLM-x32\...\Run: [ATKOSD2] - C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [5732992 2010-08-17] (ASUS)

HKLM-x32\...\Run: [ATKMEDIA] - C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-10-07] (ASUS)

HKLM-x32\...\Run: [HControlUser] - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)

HKLM-x32\...\Run: [Wireless Console 3] - C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [2255360 2011-06-10] (ASUS)

HKLM-x32\...\Run: [EEventManager] - C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [979328 2010-10-12] (SEIKO EPSON CORPORATION)

HKLM-x32\...\Run: [BCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)

HKLM-x32\...\Run: [vProt] - C:\Program Files (x86)\AVG Secure Search\vprot.exe [2420248 2013-11-11] ()

HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [683576 2013-11-26] (Avira Operations GmbH & Co. KG)

HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)

HKLM-x32\...\Run: [MailCheck IE Broker] - C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe [1766464 2013-10-16] (1und1 Mail und Media GmbH)

HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-09-05] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [VideoDownloadConverter Search Scope Monitor] - C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zSrchMn.exe [44784 2013-11-04] (MindSpark)

HKLM-x32\...\Run: [VideoDownloadConverter_4z Browser Plugin Loader] - C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zbrmon.exe [30096 2013-11-04] (VER_COMPANY_NAME)

HKLM-x32\...\Run: [sysTPL] - C:\Program Files (x86)\sysTPL\sysTPL.exe [504600 2013-07-21] ()

HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)

HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)

HKLM-x32\...\Run: [WeatherBlink Search Scope Monitor] - C:\Program Files (x86)\WeatherBlink\bar\1.bin\gcSrchMn.exe [44784 2013-11-12] (MindSpark)

HKLM-x32\...\Run: [WeatherBlink Browser Plugin Loader] - C:\Program Files (x86)\WeatherBlink\bar\1.bin\gcbrmon.exe [30096 2013-11-12] (VER_COMPANY_NAME)

Startup: C:\Users\Angela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk

ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
 

==================== Internet (Whitelisted) ====================
 

ProxyEnable: Internet Explorer proxy is enabled.

ProxyServer: http=127.0.0.1:8877;https=127.0.0.1:8877

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.tb.ask.com/index.jhtml?n=77FD7B63&p2=^HJ^man000^YYA^&ptb=0E68884F-B533-4D4D-B3AF-02BAF2CD5486

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = GMX Suche - die Suchmaschine

URLSearchHook: HKCU - (No Name) - {93a3111f-4f74-4ed8-895e-d9708497629e} - C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zSrcAs.dll (MindSpark)

URLSearchHook: HKCU - (No Name) - {8ba2cfef-a1bc-4964-aadc-33be1ae5a33c} - C:\Program Files (x86)\WeatherBlink\bar\1.bin\gcSrcAs.dll (MindSpark)

SearchScopes: HKLM-x32 - {cf6e4b1c-dbde-457e-9cef-ab8ecac8a5e8} URL = hxxp://search.tb.ask.com/search/GGmain.jhtml?p2=^HJ^man000^YYA^&ptb=0E68884F-B533-4D4D-B3AF-02BAF2CD5486&ind=2013110404&n=77fda084&psa=&st=sb&searchfor={searchTerms}

SearchScopes: HKCU - DefaultScope {3F22469A-F386-46FD-B175-217DBC962757} URL = hxxp://go.web.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8

SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKCU - {12E8A9D6-B35A-4D18-9938-73AEA9DA23F7} URL = hxxp://search.gmx.com/web?q={searchTerms}&origin=tb_splugin_ie

SearchScopes: HKCU - {3F22469A-F386-46FD-B175-217DBC962757} URL = hxxp://go.web.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8

SearchScopes: HKCU - {4FF994C5-EDB5-4819-AF3B-6850119C4E48} URL = hxxp://go.1und1.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8

SearchScopes: HKCU - {7E7DB4B8-518C-45C0-8E48-6C8CAE4F7355} URL = hxxp://go.mail.com/tb/en-us/ie_searchplugin/?q={searchTerms}&enc=UTF-8

SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://isearch.avg.com/search?cid={56345F4D-FA38-431B-9152-57F536A930E7}&mid=2c5ad5dee6e847d087044bfe4bc0442b-3da0c92b9ef9b228e64ad89042b0247c90186398&lang=de&ds=od011&pr=sa&d=2012-06-07 21:51:28&v=15.3.0.11&pid=avg&sg=0&sap=dsp&q={searchTerms}

SearchScopes: HKCU - {BA982C84-73B3-43BD-AE81-C23F3ABC246A} URL = hxxp://go.1und1.de/tb/ie_searchplugin/?su={searchTerms}

SearchScopes: HKCU - {cf6e4b1c-dbde-457e-9cef-ab8ecac8a5e8} URL = hxxp://search.tb.ask.com/search/GGmain.jhtml?p2=^HJ^man000^YYA^&ptb=0E68884F-B533-4D4D-B3AF-02BAF2CD5486&ind=2013110404&n=77fda084&psa=&st=sb&searchfor={searchTerms}

SearchScopes: HKCU - {DCB409E2-1B8A-461F-A068-4EAAC6013CD6} URL = hxxp://go.gmx.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8

BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)

BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO: WEB.DE MailCheck BHO - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH)

BHO-x32: Toolbar BHO - {312f84fb-8970-4fd3-bddb-7012eac4afc9} - C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zbar.dll (MindSpark)

BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO-x32: Evernote extension - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)

BHO-x32: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\17.1.2.1\AVG Secure Search_toolbar.dll (AVG Secure Search)

BHO-x32: Search Assistant BHO - {9b9dcae3-be34-424c-8d73-75e305a9e091} - C:\Program Files (x86)\WeatherBlink\bar\1.bin\gcSrcAs.dll (MindSpark)

BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO-x32: WEB.DE MailCheck BHO - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH)

BHO-x32: Search Assistant BHO - {c547c6c2-561b-4169-a2a5-20ba771ca93b} - C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zSrcAs.dll (MindSpark)

BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)

BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

BHO-x32: Toolbar BHO - {dc9051c2-8f55-479a-97a4-747980d9047f} - C:\Program Files (x86)\WeatherBlink\bar\1.bin\gcbar.dll (MindSpark)

Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)

Toolbar: HKLM - WEB.DE MailCheck - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH)

Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)

Toolbar: HKLM-x32 - AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\17.1.2.1\AVG Secure Search_toolbar.dll (AVG Secure Search)

Toolbar: HKLM-x32 - WEB.DE MailCheck - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH)

Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

Toolbar: HKLM-x32 - VideoDownloadConverter - {48586425-6bb7-4f51-8dc6-38c88e3ebb58} - C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zbar.dll (MindSpark)

Toolbar: HKLM-x32 - WeatherBlink - {f20de5e0-2a6e-4c54-985f-1cf59551ce39} - C:\Program Files (x86)\WeatherBlink\bar\1.bin\gcbar.dll (MindSpark)

Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File

Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

Toolbar: HKCU - WEB.DE MailCheck - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH)

Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File

Toolbar: HKCU - No Name - {48586425-6BB7-4F51-8DC6-38C88E3EBB58} -  No File

Toolbar: HKCU - No Name - {F20DE5E0-2A6E-4C54-985F-1CF59551CE39} -  No File

DPF: HKLM-x32 {85C86CCC-2158-4123-9C7D-785190CED875} https://lernboerse.arbeitsagentur.de/exklusiv/ilias/data/balihob/lm_data/httppath/dpLaunchPlugin.cab

Handler: webde - {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH)

Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\17.1.2\ViProtocol.dll (AVG Secure Search)

Handler-x32: webde - {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH)

Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

Tcpip\..\Interfaces\{936CB760-98DF-451C-8301-D8C258E9B683}: [NameServer]193.189.244.225 193.189.244.206

Tcpip\..\Interfaces\{E79ED8EB-7F22-4B47-9017-056B0723096D}: [NameServer]193.189.244.225 193.189.244.206
 

Chrome: 

=======

CHR HomePage: hxxp://isearch.avg.com/?cid={56345F4D-FA38-431B-9152-57F536A930E7}&mid=2c5ad5dee6e847d087044bfe4bc0442b-3da0c92b9ef9b228e64ad89042b0247c90186398&lang=de&ds=od011&pr=sa&d=2012-06-07 21:51:28&v=15.2.0.5&pid=avg&sg=0&sap=hp

CHR RestoreOnStartup: "hxxp://isearch.avg.com/?cid={56345F4D-FA38-431B-9152-57F536A930E7}&mid=2c5ad5dee6e847d087044bfe4bc0442b-3da0c92b9ef9b228e64ad89042b0247c90186398&lang=de&ds=od011&pr=sa&d=2012-06-07 21:51:28&v=15.2.0.5&pid=avg&sg=0&sap=hp"

CHR DefaultSearchURL: (Ask) - hxxp://websearch.ask.com/redirect?client=cr&src=kw&tb=AVR-4&o=APN10261&locale=de_DE&apn_uid=71f89272-fd8a-4460-8c2a-06caa388155a&apn_ptnrs=%5EAGS&apn_sauid=33346336-D7E5-4CC2-AEEB-ADE5BFD5F0A6&apn_dtid=%5EYYYYYY%5EYY%5EDE&q={searchTerms}

CHR DefaultSuggestURL: (Ask) - hxxp://ss.websearch.ask.com/query?qsrc=2922&li=ff&sstype=prefix&q={searchTerms}

CHR Plugin: (Remoting Viewer) - internal-remoting-viewer

CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\ppGoogleNaClPluginChrome.dll ()

CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\pdf.dll ()

CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\gcswf32.dll No File

CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File

CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

CHR Plugin: (NPCIG.dll) - C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\NPCIG.dll No File

CHR Plugin: (AVG SiteSafety plugin) - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\\npsitesafety.dll (AVG Technologies)

CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll No File

CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File

CHR Plugin: (Zeon Plus) - C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation)

CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

CHR Extension: (AVG Secure Search) - C:\Users\Angela\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\17.1.2.1_0

CHR Extension: (Chrome In-App Payments service) - C:\Users\Angela\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0

CHR HKLM-x32\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\ProgramData\AVG Secure Search\ChromeExt\17.1.2.1\avg.crx

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 

==================== Services (Whitelisted) =================
 

R2 AAV UpdateService; C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [128296 2008-10-24] ()

R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2011-07-14] (Advanced Micro Devices, Inc.)

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376 2013-11-26] (Avira Operations GmbH & Co. KG)

R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376 2013-11-26] (Avira Operations GmbH & Co. KG)

R2 DCService.exe; C:\ProgramData\DatacardService\DCService.exe [229376 2010-05-08] ()

R2 sysTPLMonitor.exe; C:\Program Files (x86)\sysTPL\sysTPLMonitor.exe [30488 2013-07-21] ()

R2 sysTPLService.exe; C:\Program Files (x86)\sysTPL\sysTPLService.exe [32536 2013-07-21] ()

R2 VideoDownloadConverter_4zService; C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zbarsvc.exe [44752 2013-11-04] (COMPANYVERS_NAME)

R2 vToolbarUpdater17.1.2; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.1.2\ToolbarUpdater.exe [1734680 2013-11-11] (AVG Secure Search)

R2 WeatherBlinkService; C:\Program Files (x86)\WeatherBlink\bar\1.bin\gcbarsvc.exe [44752 2013-11-12] (COMPANYVERS_NAME)
 

==================== Drivers (Whitelisted) ====================
 

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [106904 2013-11-26] (Avira Operations GmbH & Co. KG)

R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [46368 2013-11-11] (AVG Technologies)

R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132600 2013-11-26] (Avira Operations GmbH & Co. KG)

R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-26] (Avira Operations GmbH & Co. KG)

S3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [250368 2010-04-07] (Huawei Technologies Co., Ltd.)

R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
 

==================== NetSvcs (Whitelisted) ===================
 
 

==================== One Month Created Files and Folders ========
 

2013-11-27 10:34 - 2013-11-27 10:35 - 00024114 _____ C:\Users\Angela\Desktop\FRST.txt

2013-11-27 10:34 - 2013-11-27 10:34 - 00000000 ____D C:\FRST

2013-11-27 10:31 - 2013-11-27 10:31 - 01958818 _____ (Farbar) C:\Users\Angela\Desktop\FRST64.exe

2013-11-25 15:21 - 2013-11-25 15:21 - 00028268 _____ C:\Users\Angela\Documents\AVSCAN-20131124-143905-27969B91.LOG

2013-11-24 14:33 - 2013-11-24 14:33 - 00570432 _____ C:\Windows\Minidump\112413-93600-01.dmp

2013-11-24 12:04 - 2013-11-24 12:04 - 105937674 _____ C:\Windows\SysWOW64\⧡ᵌD

2013-11-24 11:58 - 2013-11-24 11:58 - 00569264 _____ C:\Windows\Minidump\112413-28672-01.dmp

2013-11-23 01:53 - 2013-11-23 01:53 - 00375736 _____ C:\Windows\Minidump\112313-27549-01.dmp

2013-11-21 15:30 - 2013-11-21 17:05 - 00000000 ____D C:\Users\Angela\Documents\Schlichting

2013-11-21 15:02 - 2011-03-15 03:03 - 00083968 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\E_YD4BHVE.DLL

2013-11-21 15:02 - 2007-04-10 01:06 - 00010752 _____ (SEIKO EPSON CORP.) C:\Windows\system32\E_GCINST.DLL

2013-11-20 18:00 - 2013-11-20 18:00 - 00517552 _____ C:\Windows\Minidump\112013-27939-01.dmp

2013-11-20 11:43 - 2013-11-20 11:44 - 01264416 _____ C:\Windows\Minidump\112013-27518-01.dmp

2013-11-16 12:08 - 2013-11-16 12:09 - 00569056 _____ C:\Windows\Minidump\111613-25942-01.dmp

2013-11-13 19:27 - 2013-11-13 19:27 - 00000000 ____D C:\ProgramData\McAfee

2013-11-13 15:46 - 2013-10-12 09:45 - 02241536 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2013-11-13 15:46 - 2013-10-12 09:45 - 01364992 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2013-11-13 15:46 - 2013-10-12 09:45 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2013-11-13 15:46 - 2013-10-12 09:43 - 19269632 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2013-11-13 15:46 - 2013-10-12 09:43 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2013-11-13 15:46 - 2013-10-12 09:43 - 03959808 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2013-11-13 15:46 - 2013-10-12 09:43 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2013-11-13 15:46 - 2013-10-12 09:43 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll

2013-11-13 15:46 - 2013-10-12 09:43 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2013-11-13 15:46 - 2013-10-12 09:43 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2013-11-13 15:46 - 2013-10-12 09:43 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll

2013-11-13 15:46 - 2013-10-12 09:43 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2013-11-13 15:46 - 2013-10-12 09:43 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2013-11-13 15:46 - 2013-10-12 09:43 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2013-11-13 15:46 - 2013-10-12 08:03 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2013-11-13 15:46 - 2013-10-12 08:03 - 01138176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2013-11-13 15:46 - 2013-10-12 08:02 - 14355968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2013-11-13 15:46 - 2013-10-12 08:02 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2013-11-13 15:46 - 2013-10-12 08:02 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2013-11-13 15:46 - 2013-10-12 08:02 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2013-11-13 15:46 - 2013-10-12 08:02 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2013-11-13 15:46 - 2013-10-12 08:02 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2013-11-13 15:46 - 2013-10-12 08:02 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2013-11-13 15:46 - 2013-10-12 08:02 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll

2013-11-13 15:46 - 2013-10-12 08:02 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2013-11-13 15:46 - 2013-10-12 08:02 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2013-11-13 15:46 - 2013-10-12 08:02 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2013-11-13 15:46 - 2013-10-12 07:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2013-11-13 15:46 - 2013-10-12 07:08 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2013-11-13 15:46 - 2013-10-12 06:44 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe

2013-11-13 15:46 - 2013-10-12 06:15 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe

2013-11-13 11:54 - 2013-10-05 21:25 - 01474048 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll

2013-11-13 11:54 - 2013-10-05 20:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll

2013-11-13 11:54 - 2013-10-04 03:28 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll

2013-11-13 11:54 - 2013-10-04 03:25 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll

2013-11-13 11:54 - 2013-10-04 03:24 - 01930752 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll

2013-11-13 11:54 - 2013-10-04 02:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll

2013-11-13 11:54 - 2013-10-04 02:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll

2013-11-13 11:54 - 2013-10-04 02:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll

2013-11-13 11:54 - 2013-09-28 02:09 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys

2013-11-13 11:54 - 2013-09-25 03:26 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys

2013-11-13 11:54 - 2013-09-25 03:26 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys

2013-11-13 11:54 - 2013-09-25 03:23 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll

2013-11-13 11:54 - 2013-09-25 03:23 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll

2013-11-13 11:54 - 2013-09-25 03:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll

2013-11-13 11:54 - 2013-09-25 03:22 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll

2013-11-13 11:54 - 2013-09-25 03:21 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll

2013-11-13 11:54 - 2013-09-25 03:21 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll

2013-11-13 11:54 - 2013-09-25 02:58 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll

2013-11-13 11:54 - 2013-09-25 02:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll

2013-11-13 11:54 - 2013-09-25 02:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll

2013-11-13 11:54 - 2013-09-25 02:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll

2013-11-13 11:54 - 2013-09-25 02:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe

2013-11-13 11:54 - 2013-07-04 13:18 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys

2013-11-13 11:51 - 2013-10-12 03:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll

2013-11-13 11:51 - 2013-10-12 03:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL

2013-11-13 11:51 - 2013-10-12 03:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL

2013-11-13 11:51 - 2013-10-12 03:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll

2013-11-13 11:51 - 2013-10-12 03:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL

2013-11-13 11:51 - 2013-10-03 03:23 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll

2013-11-13 11:51 - 2013-10-03 03:00 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll

2013-11-12 13:45 - 2013-11-12 13:45 - 01270800 _____ C:\Windows\Minidump\111213-28922-01.dmp

2013-11-12 12:17 - 2013-11-12 12:17 - 00000000 ____D C:\Program Files (x86)\WeatherBlink

2013-11-12 10:32 - 2013-11-12 10:32 - 103837334 _____ C:\Windows\SysWOW64\ꔻᵌS

2013-11-10 18:36 - 2013-11-10 18:36 - 00569008 _____ C:\Windows\Minidump\111013-26629-01.dmp

2013-11-09 18:59 - 2013-11-09 19:05 - 00000000 ____D C:\Users\Angela\AppData\Roaming\Apple Computer

2013-11-09 18:59 - 2013-11-09 18:59 - 00000000 ____D C:\Users\Angela\AppData\Local\Apple Computer

2013-11-09 18:58 - 2012-08-21 13:01 - 00033240 _____ (GEAR Software Inc.) C:\Windows\system32\Drivers\GEARAspiWDM.sys

2013-11-09 18:57 - 2013-11-09 18:57 - 00000000 ____D C:\ProgramData\Apple Computer

2013-11-09 18:57 - 2013-11-09 18:57 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69

2013-11-09 18:57 - 2013-11-09 18:57 - 00000000 ____D C:\Program Files\iTunes

2013-11-09 18:57 - 2013-11-09 18:57 - 00000000 ____D C:\Program Files\iPod

2013-11-09 18:57 - 2013-11-09 18:57 - 00000000 ____D C:\Program Files (x86)\iTunes

2013-11-09 18:55 - 2013-11-09 18:55 - 00000000 ____D C:\Windows\System32\Tasks\Apple

2013-11-09 18:55 - 2013-11-09 18:55 - 00000000 ____D C:\Users\Angela\AppData\Local\Apple

2013-11-09 18:55 - 2013-11-09 18:55 - 00000000 ____D C:\Program Files (x86)\Apple Software Update

2013-11-09 18:54 - 2013-11-09 18:55 - 00000000 ____D C:\ProgramData\Apple

2013-11-09 18:54 - 2013-11-09 18:54 - 00000000 ____D C:\Program Files\Common Files\Apple

2013-11-09 18:54 - 2013-11-09 18:54 - 00000000 ____D C:\Program Files\Bonjour

2013-11-09 18:54 - 2013-11-09 18:54 - 00000000 ____D C:\Program Files (x86)\Bonjour

2013-11-06 15:21 - 2013-11-07 15:40 - 00000000 ____D C:\Program Files (x86)\sysTPL

2013-11-06 15:21 - 2013-11-06 15:21 - 00000000 __SHD C:\Windows\SysWOW64\AI_RecycleBin

2013-11-06 15:20 - 2013-11-06 15:25 - 00000000 ____D C:\Users\Angela\AppData\Roaming\Tlapia

2013-11-04 15:09 - 2013-11-04 15:09 - 01203952 _____ C:\Windows\Minidump\110413-33618-01.dmp

2013-11-04 10:49 - 2013-11-04 10:49 - 00000000 ____D C:\Users\Angela\AppData\Local\VideoDownloadConverter_4z

2013-11-04 10:49 - 2013-11-04 10:49 - 00000000 ____D C:\Users\Angela\AppData\Local\IAC

2013-11-04 10:47 - 2013-11-04 10:47 - 00000000 ____D C:\Program Files (x86)\VideoDownloadConverter

2013-11-04 10:46 - 2013-11-04 10:46 - 00000000 ____D C:\Program Files (x86)\VideoDownloadConverter_4z

2013-11-04 10:26 - 2013-11-06 15:21 - 01325667 _____ C:\Users\Angela\Downloads\8711902027010 Lenco Podo.zip

2013-11-04 09:29 - 2013-11-04 09:29 - 104845822 _____ C:\Windows\SysWOW64\귟ᵌL

2013-10-31 14:33 - 2013-10-31 14:40 - 00000000 ____D C:\Users\Angela\AppData\Roaming\CyberLink

2013-10-31 14:31 - 2013-10-31 14:32 - 00000000 ____D C:\ProgramData\Google

2013-10-31 14:31 - 2013-10-31 14:31 - 00000000 ____D C:\Program Files\Google

2013-10-31 14:00 - 2013-10-31 14:00 - 00000000 ____D C:\Users\Angela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Media Player Utilities 4.28

2013-10-31 14:00 - 2013-10-31 14:00 - 00000000 ____D C:\Program Files (x86)\Media Player Utilities 4.28

2013-10-30 16:15 - 2013-10-30 16:15 - 00000000 ____D C:\Users\Angela\AppData\Local\{BD18DA81-5B02-4FC2-A674-FFA34B47E483}
 

==================== One Month Modified Files and Folders =======
 

2013-11-27 10:35 - 2013-11-27 10:34 - 00024114 _____ C:\Users\Angela\Desktop\FRST.txt

2013-11-27 10:34 - 2013-11-27 10:34 - 00000000 ____D C:\FRST

2013-11-27 10:31 - 2013-11-27 10:31 - 01958818 _____ (Farbar) C:\Users\Angela\Desktop\FRST64.exe

2013-11-27 10:30 - 2011-02-19 05:24 - 00708282 _____ C:\Windows\system32\perfh007.dat

2013-11-27 10:30 - 2011-02-19 05:24 - 00151886 _____ C:\Windows\system32\perfc007.dat

2013-11-27 10:30 - 2009-07-14 06:13 - 01643244 _____ C:\Windows\system32\PerfStringBackup.INI

2013-11-27 10:30 - 2009-07-14 05:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2013-11-27 10:30 - 2009-07-14 05:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2013-11-27 10:29 - 2013-10-09 09:01 - 00028160 _____ C:\Users\Angela\Desktop\Überweisungen an Melanie + Armin jun. Klippe.xls

2013-11-27 10:17 - 2012-01-08 22:29 - 01761304 _____ C:\Windows\WindowsUpdate.log

2013-11-27 10:12 - 2013-06-10 17:36 - 00000350 _____ C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job

2013-11-27 10:12 - 2013-06-03 18:18 - 00000350 _____ C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job

2013-11-27 10:12 - 2012-08-28 19:59 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2013-11-27 10:12 - 2012-08-28 19:59 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2013-11-27 10:12 - 2012-07-15 10:39 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job

2013-11-27 10:12 - 2012-02-26 00:09 - 00000000 ___HD C:\ASUS.DAT

2013-11-27 09:15 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT

2013-11-27 09:15 - 2009-07-14 05:51 - 00094714 _____ C:\Windows\setupact.log

2013-11-26 18:13 - 2013-05-08 20:39 - 00083160 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys

2013-11-26 18:13 - 2013-04-01 20:53 - 00132600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys

2013-11-26 18:13 - 2013-04-01 20:53 - 00106904 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys

2013-11-26 18:13 - 2013-04-01 20:53 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys

2013-11-26 18:00 - 2009-07-14 06:32 - 00000000 ____D C:\Windows\system32\FxsTmp

2013-11-25 15:31 - 2012-03-06 20:34 - 00000000 ____D C:\Users\Angela\Documents\Steuerfälle

2013-11-25 15:21 - 2013-11-25 15:21 - 00028268 _____ C:\Users\Angela\Documents\AVSCAN-20131124-143905-27969B91.LOG

2013-11-24 14:33 - 2013-11-24 14:33 - 00570432 _____ C:\Windows\Minidump\112413-93600-01.dmp

2013-11-24 14:33 - 2012-05-25 00:00 - 00000000 ____D C:\Windows\Minidump

2013-11-24 14:32 - 2012-05-24 23:59 - 483554360 _____ C:\Windows\MEMORY.DMP

2013-11-24 12:04 - 2013-11-24 12:04 - 105937674 _____ C:\Windows\SysWOW64\⧡ᵌD

2013-11-24 11:58 - 2013-11-24 11:58 - 00569264 _____ C:\Windows\Minidump\112413-28672-01.dmp

2013-11-23 01:53 - 2013-11-23 01:53 - 00375736 _____ C:\Windows\Minidump\112313-27549-01.dmp

2013-11-22 19:32 - 2011-10-19 04:20 - 00464354 _____ C:\Windows\PFRO.log

2013-11-21 17:05 - 2013-11-21 15:30 - 00000000 ____D C:\Users\Angela\Documents\Schlichting

2013-11-21 15:41 - 2012-02-26 00:09 - 00000000 ____D C:\Users\Angela

2013-11-21 15:30 - 2013-01-24 17:03 - 00000000 ____D C:\Users\Angela\Documents\schriftverkehr Finanzamt Eichstätt für Steuer 2011

2013-11-21 15:29 - 2012-02-26 00:09 - 00000000 ____D C:\Users\Angela\AppData\Local\VirtualStore

2013-11-21 15:28 - 2012-03-04 00:09 - 00000000 ____D C:\Users\Angela\AppData\Roaming\Epson

2013-11-20 18:00 - 2013-11-20 18:00 - 00517552 _____ C:\Windows\Minidump\112013-27939-01.dmp

2013-11-20 11:44 - 2013-11-20 11:43 - 01264416 _____ C:\Windows\Minidump\112013-27518-01.dmp

2013-11-20 10:44 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF

2013-11-16 12:09 - 2013-11-16 12:08 - 00569056 _____ C:\Windows\Minidump\111613-25942-01.dmp

2013-11-15 09:56 - 2012-01-08 22:53 - 00028382 _____ C:\Windows\DPINST.LOG

2013-11-15 09:55 - 2012-07-15 10:58 - 00000000 ____D C:\Users\Angela\AppData\Local\Downloaded Installations

2013-11-13 19:42 - 2012-07-15 10:57 - 00000000 ____D C:\Users\Angela\AppData\Local\Adobe

2013-11-13 19:27 - 2013-11-13 19:27 - 00000000 ____D C:\ProgramData\McAfee

2013-11-13 19:26 - 2012-07-15 10:39 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2013-11-13 19:26 - 2012-07-15 10:39 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2013-11-13 19:26 - 2012-07-15 10:39 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater

2013-11-13 15:48 - 2012-03-06 16:48 - 00000000 ____D C:\ProgramData\Microsoft Help

2013-11-13 15:43 - 2013-08-19 22:44 - 00000000 ____D C:\Windows\system32\MRT

2013-11-13 15:37 - 2012-03-06 18:33 - 82896128 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2013-11-12 13:46 - 2012-01-08 22:58 - 00002790 _____ C:\Windows\system32\AutoRunFilter.ini

2013-11-12 13:46 - 2012-01-08 22:58 - 00001781 _____ C:\Windows\system32\ServiceFilter.ini

2013-11-12 13:45 - 2013-11-12 13:45 - 01270800 _____ C:\Windows\Minidump\111213-28922-01.dmp

2013-11-12 12:17 - 2013-11-12 12:17 - 00000000 ____D C:\Program Files (x86)\WeatherBlink

2013-11-12 10:32 - 2013-11-12 10:32 - 103837334 _____ C:\Windows\SysWOW64\ꔻᵌS

2013-11-11 17:30 - 2012-11-09 20:59 - 00046368 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx64.sys

2013-11-11 17:30 - 2012-06-07 20:51 - 00000000 ____D C:\Program Files (x86)\AVG Secure Search

2013-11-11 05:50 - 2012-07-14 16:41 - 00267936 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

2013-11-10 18:36 - 2013-11-10 18:36 - 00569008 _____ C:\Windows\Minidump\111013-26629-01.dmp

2013-11-09 19:05 - 2013-11-09 18:59 - 00000000 ____D C:\Users\Angela\AppData\Roaming\Apple Computer

2013-11-09 18:59 - 2013-11-09 18:59 - 00000000 ____D C:\Users\Angela\AppData\Local\Apple Computer

2013-11-09 18:57 - 2013-11-09 18:57 - 00000000 ____D C:\ProgramData\Apple Computer

2013-11-09 18:57 - 2013-11-09 18:57 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69

2013-11-09 18:57 - 2013-11-09 18:57 - 00000000 ____D C:\Program Files\iTunes

2013-11-09 18:57 - 2013-11-09 18:57 - 00000000 ____D C:\Program Files\iPod

2013-11-09 18:57 - 2013-11-09 18:57 - 00000000 ____D C:\Program Files (x86)\iTunes

2013-11-09 18:55 - 2013-11-09 18:55 - 00000000 ____D C:\Windows\System32\Tasks\Apple

2013-11-09 18:55 - 2013-11-09 18:55 - 00000000 ____D C:\Users\Angela\AppData\Local\Apple

2013-11-09 18:55 - 2013-11-09 18:55 - 00000000 ____D C:\Program Files (x86)\Apple Software Update

2013-11-09 18:55 - 2013-11-09 18:54 - 00000000 ____D C:\ProgramData\Apple

2013-11-09 18:54 - 2013-11-09 18:54 - 00000000 ____D C:\Program Files\Common Files\Apple

2013-11-09 18:54 - 2013-11-09 18:54 - 00000000 ____D C:\Program Files\Bonjour

2013-11-09 18:54 - 2013-11-09 18:54 - 00000000 ____D C:\Program Files (x86)\Bonjour

2013-11-08 09:44 - 2012-07-15 10:57 - 00000000 ____D C:\ProgramData\Adobe

2013-11-07 15:40 - 2013-11-06 15:21 - 00000000 ____D C:\Program Files (x86)\sysTPL

2013-11-06 15:25 - 2013-11-06 15:20 - 00000000 ____D C:\Users\Angela\AppData\Roaming\Tlapia

2013-11-06 15:21 - 2013-11-06 15:21 - 00000000 __SHD C:\Windows\SysWOW64\AI_RecycleBin

2013-11-06 15:21 - 2013-11-04 10:26 - 01325667 _____ C:\Users\Angela\Downloads\8711902027010 Lenco Podo.zip

2013-11-05 10:33 - 2012-03-06 16:49 - 00000000 ____D C:\Program Files\Microsoft Office

2013-11-05 09:55 - 2012-12-14 15:46 - 00000000 ____D C:\Users\Angela\Documents\Outlook-Dateien

2013-11-04 15:48 - 2012-03-04 23:50 - 00000000 ___RD C:\Users\Angela\Documents\KA Ordner 2010

2013-11-04 15:48 - 2012-03-04 23:28 - 00000000 ____D C:\Users\Angela\Documents\Bewerbung

2013-11-04 15:47 - 2012-03-04 22:50 - 00000000 ____D C:\Users\Angela\Documents\roter stick

2013-11-04 15:43 - 2013-06-13 11:53 - 00000000 ____D C:\Users\Angela\Documents\Modernisierung

2013-11-04 15:43 - 2013-05-26 12:05 - 00000000 ____D C:\Users\Angela\Documents\Englisch CD Übungen DEKRA

2013-11-04 15:43 - 2013-04-22 19:03 - 00000000 ____D C:\Users\Angela\Documents\Arbeitsamt 2013

2013-11-04 15:43 - 2013-03-18 21:19 - 00000000 ____D C:\Users\Angela\Documents\Melanie erhaltenen Zahlungen

2013-11-04 15:43 - 2013-03-06 10:47 - 00000000 ____D C:\Users\Angela\Documents\Nebenkostenabrechnung

2013-11-04 15:43 - 2013-03-05 11:28 - 00000000 ____D C:\Users\Angela\Documents\Zweitwohnungssteuer

2013-11-04 15:09 - 2013-11-04 15:09 - 01203952 _____ C:\Windows\Minidump\110413-33618-01.dmp

2013-11-04 10:49 - 2013-11-04 10:49 - 00000000 ____D C:\Users\Angela\AppData\Local\VideoDownloadConverter_4z

2013-11-04 10:49 - 2013-11-04 10:49 - 00000000 ____D C:\Users\Angela\AppData\Local\IAC

2013-11-04 10:47 - 2013-11-04 10:47 - 00000000 ____D C:\Program Files (x86)\VideoDownloadConverter

2013-11-04 10:46 - 2013-11-04 10:46 - 00000000 ____D C:\Program Files (x86)\VideoDownloadConverter_4z

2013-11-04 10:23 - 2012-02-26 00:15 - 00000000 ____D C:\Users\Angela\AppData\Roaming\Adobe

2013-11-04 09:38 - 2012-08-28 19:59 - 00000000 ____D C:\Users\Angela\AppData\Local\Google

2013-11-04 09:29 - 2013-11-04 09:29 - 104845822 _____ C:\Windows\SysWOW64\귟ᵌL

2013-10-31 14:40 - 2013-10-31 14:33 - 00000000 ____D C:\Users\Angela\AppData\Roaming\CyberLink

2013-10-31 14:33 - 2012-01-08 23:02 - 00000000 ____D C:\ProgramData\CyberLink

2013-10-31 14:32 - 2013-10-31 14:31 - 00000000 ____D C:\ProgramData\Google

2013-10-31 14:31 - 2013-10-31 14:31 - 00000000 ____D C:\Program Files\Google

2013-10-31 14:31 - 2012-08-28 19:59 - 00000000 ____D C:\Program Files (x86)\Google

2013-10-31 14:29 - 2012-07-15 10:57 - 00000000 ____D C:\Program Files (x86)\Adobe

2013-10-31 14:00 - 2013-10-31 14:00 - 00000000 ____D C:\Users\Angela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Media Player Utilities 4.28

2013-10-31 14:00 - 2013-10-31 14:00 - 00000000 ____D C:\Program Files (x86)\Media Player Utilities 4.28

2013-10-30 16:15 - 2013-10-30 16:15 - 00000000 ____D C:\Users\Angela\AppData\Local\{BD18DA81-5B02-4FC2-A674-FFA34B47E483}
 

Some content of TEMP:

====================

C:\Users\Angela\AppData\Local\Temp\avgnt.exe

C:\Users\Angela\AppData\Local\Temp\avguidx.dll

C:\Users\Angela\AppData\Local\Temp\CommonInstaller.exe

C:\Users\Angela\AppData\Local\Temp\GMX_Toolbar_IE_Setup.exe

C:\Users\Angela\AppData\Local\Temp\iGearedHelper.dll

C:\Users\Angela\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe

C:\Users\Angela\AppData\Local\Temp\MachineIdCreator.exe

C:\Users\Angela\AppData\Local\Temp\oi_{4F27BB94-C5CE-4309-89C4-EF5E38F3AC27}.exe

C:\Users\Angela\AppData\Local\Temp\ose00000.exe

C:\Users\Angela\AppData\Local\Temp\setup.exe

C:\Users\Angela\AppData\Local\Temp\ToolbarInstaller.exe

C:\Users\Angela\AppData\Local\Temp\WEB.DE_Toolbar_IE_Setup.exe
 
 

==================== Bamital & volsnap Check =================
 

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 

LastRegBack: 2013-10-02 09:27
 

==================== End Of Log ============================

--- --- ---

--- --- ---

FRST Additions Logfile:

Code:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-11-2013

Ran by Angela at 2013-11-27 10:40:37

Running from C:\Users\Angela\Desktop

Boot Mode: Normal

==========================================================
 
 

==================== Security Center ========================
 

AV: Avira Desktop (Enabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}

AS: Avira Desktop (Enabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 

==================== Installed Programs ======================
 

AAVUpdateManager (x32 Version: 18.00.0000)

ABBYY FineReader 9.0 Sprint (x32 Version: 9.01.513.58212)

Adobe AIR (x32 Version: 3.2.0.2070)

Adobe Flash Player 10 Plugin (x32 Version: 10.0.32.18)

Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.152)

Adobe Reader XI (11.0.05) - Deutsch (x32 Version: 11.0.05)

AMD APP SDK Runtime (Version: 2.5.709.2)

AMD Catalyst Install Manager (Version: 3.0.838.0)

AMD Fuel (Version: 2011.0713.1830.31376)

AMD Media Foundation Decoders (Version: 1.0.60713.1822)

AMD VISION Engine Control Center (x32 Version: 2011.0713.1830.31376)

Apple Application Support (x32 Version: 2.3.6)

Apple Mobile Device Support (Version: 7.0.0.117)

Apple Software Update (x32 Version: 2.1.3.127)

ASUS AI Recovery (x32 Version: 1.0.16)

ASUS FancyStart (x32 Version: 1.1.0)

ASUS LifeFrame3 (x32 Version: 3.0.24)

ASUS Live Update (x32 Version: 3.1.7)

ASUS Power4Gear Hybrid (Version: 1.1.44)

ASUS SmartLogon (x32 Version: 1.0.0011)

ASUS Sonic Focus (x32 Version: 1.0.0.5)

ASUS Virtual Camera (x32 Version: 1.0.21)

ASUS WebStorage (x32 Version: 3.0.108.222)

ASUS_Screensaver (x32)

AsusVibe2.0 (x32 Version: 2.0.7.142)

Atheros Client Installation Program (x32 Version: 7.0)

ATK Package (x32 Version: 1.0.0010)

AVG Security Toolbar (x32 Version: 17.1.2.1)

Avira Free Antivirus (x32 Version: 14.0.1.749)

Benutzerhandbuch - Grundlagen EPSON SX430 Series (x32)

Benutzerhandbuch EPSON SX430 Series (x32)

Bing Bar (x32 Version: 7.0.610.0)

Bonjour (Version: 3.0.0.10)

Bubbletown (x32)

Catalyst Control Center Graphics Previews Common (x32 Version: 2011.0713.1830.31376)

Catalyst Control Center InstallProxy (x32 Version: 2011.0713.1830.31376)

Catalyst Control Center Localization All (x32 Version: 2011.0713.1830.31376)

Catalyst Control Center Profiles Mobile (x32 Version: 2011.0713.1830.31376)

CCC Help Chinese Standard (x32 Version: 2011.0713.1829.31376)

CCC Help Chinese Traditional (x32 Version: 2011.0713.1829.31376)

CCC Help Czech (x32 Version: 2011.0713.1829.31376)

CCC Help Danish (x32 Version: 2011.0713.1829.31376)

CCC Help Dutch (x32 Version: 2011.0713.1829.31376)

CCC Help English (x32 Version: 2011.0713.1829.31376)

CCC Help Finnish (x32 Version: 2011.0713.1829.31376)

CCC Help French (x32 Version: 2011.0713.1829.31376)

CCC Help German (x32 Version: 2011.0713.1829.31376)

CCC Help Greek (x32 Version: 2011.0713.1829.31376)

CCC Help Hungarian (x32 Version: 2011.0713.1829.31376)

CCC Help Italian (x32 Version: 2011.0713.1829.31376)

CCC Help Japanese (x32 Version: 2011.0713.1829.31376)

CCC Help Korean (x32 Version: 2011.0713.1829.31376)

CCC Help Norwegian (x32 Version: 2011.0713.1829.31376)

CCC Help Polish (x32 Version: 2011.0713.1829.31376)

CCC Help Portuguese (x32 Version: 2011.0713.1829.31376)

CCC Help Russian (x32 Version: 2011.0713.1829.31376)

CCC Help Spanish (x32 Version: 2011.0713.1829.31376)

CCC Help Swedish (x32 Version: 2011.0713.1829.31376)

CCC Help Thai (x32 Version: 2011.0713.1829.31376)

CCC Help Turkish (x32 Version: 2011.0713.1829.31376)

ccc-utility64 (Version: 2011.0713.1830.31376)

Control ActiveX de Windows Live Mesh para conexiones remotas (x32 Version: 15.4.5722.2)

Contrôle ActiveX Windows Live Mesh pour connexions à distance (x32 Version: 15.4.5722.2)

Controlo ActiveX do Windows Live Mesh para Ligações Remotas (x32 Version: 15.4.5722.2)

CyberLink LabelPrint (x32 Version: 2.5.3624)

CyberLink Media Suite (x32 Version: 8.0.2926)

CyberLink Power2Go (x32 Version: 7.0.0.1126)

D3DX10 (x32 Version: 15.4.2368.0902)

Deadtime Stories (x32)

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32)

Dream Day First Home (x32)

Dream Vacation Solitaire (x32)

Druckerdeinstallation für EPSON BX635FWD Series

Epson Easy Photo Print 2 (x32 Version: 2.2.4.0)

Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) (x32 Version: 1.00.0000)

Epson Event Manager (x32 Version: 2.50.0000)

EPSON Scan (x32)

EPSON SX430 Series Printer Uninstall

EpsonNet Print (x32 Version: 2.5.00)

ETDWare PS/2-X64 8.0.5.1_WHQL (Version: 8.0.5.1)

Evernote v. 5.0.2 (x32 Version: 5.0.2.1392)

Farm Frenzy 3 - Madagascar (x32)

Fast Boot (Version: 1.0.9)

Galapago (x32)

Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922)

Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922)

Galerie de photos Windows Live (x32 Version: 15.4.3502.0922)

Game Park Console (x32 Version: 1.2.4.431)

Google Chrome (x32 Version: 31.0.1650.57)

Google Toolbar for Internet Explorer (x32 Version: 1.0.0)

Google Toolbar for Internet Explorer (x32 Version: 7.5.4601.54)

Google Update Helper (x32 Version: 1.3.21.165)

iTunes (Version: 11.1.3.8)

Java 7 Update 45 (x32 Version: 7.0.450)

Java Auto Updater (x32 Version: 2.1.9.8)

Junk Mail filter update (x32 Version: 15.4.3502.0922)

Mahjong Memoirs (x32)

Media Player Utilities 4.28 (x32 Version: 4.28)

Mesh Runtime (x32 Version: 15.4.5722.2)

Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)

Microsoft .NET Framework 4 Extended (Version: 4.0.30319)

Microsoft Application Error Reporting (Version: 12.0.6015.5000)

Microsoft Office 2010 (x32 Version: 14.0.4763.1000)

Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.7015.1000)

Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.7015.1000)

Microsoft Office Groove MUI (German) 2010 (x32 Version: 14.0.7015.1000)

Microsoft Office InfoPath MUI (German) 2010 (x32 Version: 14.0.7015.1000)

Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000)

Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.7015.1000)

Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.7015.1000)

Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.7015.1000)

Microsoft Office Professional Plus 2010 (x32 Version: 14.0.7015.1000)

Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000)

Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000)

Microsoft Office Proof (German) 2010 (x32 Version: 14.0.7015.1000)

Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.7015.1000)

Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.7015.1000)

Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.7015.1000)

Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.7015.1000)

Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.7015.1000)

Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.7015.1000)

Microsoft Silverlight (Version: 5.1.20913.0)

Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)

Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336)

Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)

Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)

Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192)

Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (Version: 10.0.30319)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)

Mobile Partner (x32 Version: 11.302.09.04.382)

MSVCRT (x32 Version: 15.4.2862.0708)

MSVCRT_amd64 (x32 Version: 15.4.2862.0708)

MSXML 4.0 SP3 Parser (KB2721691) (x32 Version: 4.30.2114.0)

MSXML 4.0 SP3 Parser (KB2758694) (x32 Version: 4.30.2117.0)

MSXML 4.0 SP3 Parser (x32 Version: 4.30.2100.0)

Netzwerkhandbuch EPSON SX430 Series (x32)

Nuance PDF Reader (x32 Version: 6.00.0041)

PDFCreator (x32 Version: 1.4.0)

Plants vs Zombies (x32)

Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922)

Realtek Ethernet Controller Driver (x32 Version: 7.42.304.2011)

Realtek High Definition Audio Driver (x32 Version: 6.0.1.6482)

Realtek USB 2.0 Card Reader (x32 Version: 6.1.7600.30127)

Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32)

Sigel Enjoy Your Photo (x32)

Steuer-Spar-Erklärung 2011 (x32 Version: 16.14)

Steuer-Spar-Erklärung 2012 (x32 Version: 17.11)

Steuer-Spar-Erklärung 2013 (x32 Version: 18.09)

sysTPL (x32 Version: 1.0.0)

Turbo Fiesta (x32)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)

Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)

Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3)

Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)

Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)

Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)

Update for Microsoft .NET Framework 4 Extended (KB2836939) (x32 Version: 1)

Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (x32 Version: 3)

Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (x32)

Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (x32)

Update for Microsoft Office 2010 (KB2494150) (x32)

Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (x32)

Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (x32)

Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (x32)

Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (x32)

Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (x32)

Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32)

Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (x32)

Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (x32)

Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition (x32)

Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition (x32)

Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (x32)

Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (x32)

Update for Microsoft Word 2010 (KB2827323) 32-Bit Edition (x32)

VideoDownloadConverter Internet Explorer Toolbar (x32)

WeatherBlink Internet Explorer Toolbar (x32)

WEB.DE Desktop Icons (x32 Version: 3.0.3.0)

WEB.DE MailCheck für Internet Explorer (x32 Version: 2.4.0.0)

WEB.DE Softwareaktualisierung (x32 Version: 3.0.0.55)

Windows Live Communications Platform (x32 Version: 15.4.3502.0922)

Windows Live Essentials (x32 Version: 15.4.3502.0922)

Windows Live Essentials (x32 Version: 15.4.3538.0513)

Windows Live Family Safety (Version: 15.4.3538.0513)

Windows Live Fotogalerie (x32 Version: 15.4.3502.0922)

Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)

Windows Live Installer (x32 Version: 15.4.3502.0922)

Windows Live Language Selector (Version: 15.4.3538.0513)

Windows Live Mail (x32 Version: 15.4.3502.0922)

Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen (x32 Version: 15.4.5722.2)

Windows Live Mesh (x32 Version: 15.4.3502.0922)

Windows Live Mesh ActiveX Control for Remote Connections (x32 Version: 15.4.5722.2)

Windows Live Mesh ActiveX control for remote connections (x32 Version: 15.4.5722.2)

Windows Live Messenger (x32 Version: 15.4.3538.0513)

Windows Live MIME IFilter (Version: 15.4.3502.0922)

Windows Live Movie Maker (x32 Version: 15.4.3502.0922)

Windows Live Photo Common (x32 Version: 15.4.3502.0922)

Windows Live Photo Gallery (x32 Version: 15.4.3502.0922)

Windows Live PIMT Platform (x32 Version: 15.4.3508.1109)

Windows Live Remote Client (Version: 15.4.5722.2)

Windows Live Remote Client Resources (Version: 15.4.5722.2)

Windows Live Remote Service (Version: 15.4.5722.2)

Windows Live Remote Service Resources (Version: 15.4.5722.2)

Windows Live SOXE (x32 Version: 15.4.3502.0922)

Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)

Windows Live UX Platform (x32 Version: 15.4.3502.0922)

Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109)

Windows Live Writer (x32 Version: 15.4.3502.0922)

Windows Live Writer Resources (x32 Version: 15.4.3502.0922)

Windows Live 影像中心 (x32 Version: 15.4.3502.0922)

Windows Live 程式集 (x32 Version: 15.4.3502.0922)

WinFlash (x32 Version: 2.31.1)

Wireless Console 3 (x32 Version: 3.0.21)

World of Goo (x32)

Στοιχείο ελέγχου ActiveX του Windows Live Mesh για απομακρυσμένες συνδέσεις (x32 Version: 15.4.5722.2)

Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922)

Основные компоненты Windows Live (x32 Version: 15.4.3502.0922)

Почта Windows Live (x32 Version: 15.4.3502.0922)

Фотоальбом Windows Live (x32 Version: 15.4.3502.0922)

Элемент управления Windows Live Mesh ActiveX для удаленных подключений (x32 Version: 15.4.5722.2)

גלריית התמונות של Windows Live (x32 Version: 15.4.3502.0922)

פקד ActiveX של Windows Live Mesh עבור חיבורים מרוחקים (x32 Version: 15.4.5722.2)

بريد Windows Live (x32 Version: 15.4.3502.0922)

عنصر تحكم ActiveX الخاص بـ Windows Live Mesh للاتصالات البعيدة (x32 Version: 15.4.5722.2)

معرض صور Windows Live (x32 Version: 15.4.3502.0922)

適用遠端連線的 Windows Live Mesh ActiveX 控制項 (x32 Version: 15.4.5722.2)
 

==================== Restore Points  =========================
 

12-11-2013 14:40:26 Windows Update

13-11-2013 14:34:48 Windows Update

15-11-2013 08:53:31 Removed HTC Sync.

15-11-2013 08:55:56 Removed HTC Driver Installer.

15-11-2013 08:57:04 Removed HTC BMP USB Driver.

17-11-2013 18:00:54 Windows-Sicherung

19-11-2013 09:05:22 Windows Update

21-11-2013 14:03:35 Gerätetreiber-Paketinstallation: EPSON Drucker

22-11-2013 09:25:13 Windows Update

25-11-2013 08:06:59 Windows-Sicherung

26-11-2013 17:03:51 Windows Update
 

==================== Hosts content: ==========================
 

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 

==================== Scheduled Tasks (whitelisted) =============
 

Task: {00F11048-96AE-4C80-97F3-D910D483F8DF} - System32\Tasks\ASUS SmartLogon Console Sensor => C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe [2010-11-15] (ASUS)

Task: {14179603-8968-484E-8CAB-F87960691DC2} - System32\Tasks\Launch HTC Sync Loader => C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe

Task: {3BFD60E9-598A-4FC0-9C2A-391A30132905} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-08-28] (Google Inc.)

Task: {69595600-7F96-4DB2-A623-3C8875FCDDF1} - System32\Tasks\Microsoft\Windows\MUI\Lpksetup => C:\Windows\System32\lpksetup.exe [2010-11-20] (Microsoft Corporation)

Task: {6E7F9920-79A7-4CEA-9C44-4E169ECD2427} - System32\Tasks\ATKOSD2 => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [2010-08-17] (ASUS)

Task: {6FA0C84C-F4A5-4EF2-BAEA-A8990D40550A} - System32\Tasks\Registration 1und1 Task => C:\Program Files (x86)\1und1Softwareaktualisierung\cdsupdclient.exe [2013-06-18] (1&1 Mail & Media GmbH)

Task: {82F41C53-C854-4142-AA95-DC195C35A4C8} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc

Task: {86B45854-BA2C-4040-B8E7-8B08B5B68A06} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)

Task: {912E9A5C-476B-4BA5-9846-FAB50D520565} - System32\Tasks\ASUS P4G => C:\Program Files\P4G\BatteryLife.exe [2011-03-07] (ASUS)

Task: {B799D64C-C0BA-4148-B59E-1A583574770F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-08-28] (Google Inc.)

Task: {C3BB6FEE-803E-4CEA-837F-10BD54C7BD70} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv => C:\Windows\TEMP\{E66CEBAF-635E-4630-8B9C-2A670A72F859}.exe

Task: {D99F5FF3-798E-4112-8DA4-6C344F48E964} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv => C:\Windows\TEMP\{A3F8D336-A898-40F3-9668-6170D83979BC}.exe

Task: {F41F0838-EF6D-458F-8A5B-F514335D93AD} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-11-13] (Adobe Systems Incorporated)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job => C:\Windows\TEMP\{A3F8D336-A898-40F3-9668-6170D83979BC}.exe

Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => C:\Windows\TEMP\{E66CEBAF-635E-4630-8B9C-2A670A72F859}.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 

==================== Loaded Modules (whitelisted) =============
 

2013-11-12 12:17 - 2013-11-12 12:17 - 00292424 _____ () C:\Program Files (x86)\WeatherBlink\bar\1.bin\AppIntegratorStub64.dll

2013-11-04 10:46 - 2013-11-04 10:46 - 00292424 _____ () C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\AppIntegratorStub64.dll

2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF

2010-07-15 01:11 - 2010-07-15 01:11 - 00031360 _____ () C:\Program Files\P4G\DevMng.dll

2013-11-04 10:46 - 2013-11-04 10:46 - 00442952 _____ () C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\HPG64.DLL

2013-11-12 12:17 - 2013-11-12 12:17 - 00442952 _____ () C:\Program Files (x86)\WeatherBlink\bar\1.bin\HPG64.DLL

2013-02-07 11:40 - 2012-09-19 18:17 - 00397088 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll

2013-09-13 19:51 - 2013-09-13 19:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

2013-09-13 19:51 - 2013-09-13 19:51 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

2013-07-21 22:21 - 2013-07-21 22:21 - 00044656 _____ () C:\Program Files (x86)\sysTPL\sysTPLUtil.dll

2013-11-11 17:30 - 2013-11-11 17:30 - 00519704 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.1.2\log4cplusU.dll

2013-09-26 12:50 - 2013-09-26 12:50 - 00433664 _____ () C:\Program Files (x86)\Evernote\Evernote\libxml2.dll

2013-09-26 12:49 - 2013-09-26 12:49 - 00315392 _____ () C:\Program Files (x86)\Evernote\Evernote\libtidy.dll

2010-08-20 18:57 - 2010-08-20 18:57 - 00619816 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll

2010-08-20 18:57 - 2010-08-20 18:57 - 00013096 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll

2011-06-10 19:49 - 2011-06-10 19:49 - 01163264 _____ () C:\Program Files (x86)\ASUS\Wireless Console 3\acAuth.dll

2013-11-11 17:30 - 2013-11-11 17:30 - 00142360 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\17.1.2\SiteSafety.dll
 

==================== Alternate Data Streams (whitelisted) =========
 

AlternateDataStreams: C:\ProgramData\Temp:5216CD26

AlternateDataStreams: C:\ProgramData\Temp:FEF919E6
 

==================== Safe Mode (whitelisted) ===================
 
 

==================== Faulty Device Manager Devices =============
 
 

==================== Event log errors: =========================
 

Application errors:

==================

Error: (11/24/2013 08:08:17 PM) (Source: Bonjour Service) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 15944
 

Error: (11/24/2013 08:08:17 PM) (Source: Bonjour Service) (User: )

Description: Task Scheduling Error: m->NextScheduledEvent 15944
 

Error: (11/24/2013 08:08:17 PM) (Source: Bonjour Service) (User: )

Description: Task Scheduling Error: Continuously busy for more than a second
 

Error: (11/24/2013 02:23:38 PM) (Source: Bonjour Service) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 16084
 

Error: (11/24/2013 02:23:38 PM) (Source: Bonjour Service) (User: )

Description: Task Scheduling Error: m->NextScheduledEvent 16084
 

Error: (11/24/2013 02:23:38 PM) (Source: Bonjour Service) (User: )

Description: Task Scheduling Error: Continuously busy for more than a second
 

Error: (11/23/2013 07:09:07 AM) (Source: Bonjour Service) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 18021579
 

Error: (11/23/2013 07:09:07 AM) (Source: Bonjour Service) (User: )

Description: Task Scheduling Error: m->NextScheduledEvent 18021579
 

Error: (11/23/2013 07:09:07 AM) (Source: Bonjour Service) (User: )

Description: Task Scheduling Error: Continuously busy for more than a second
 

Error: (11/23/2013 01:51:30 AM) (Source: Bonjour Service) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 18016041
 
 

System errors:

=============

Error: (11/26/2013 10:47:20 PM) (Source: DCOM) (User: )

Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
 

Error: (11/26/2013 06:20:54 PM) (Source: DCOM) (User: )

Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
 

Error: (11/25/2013 05:51:32 PM) (Source: DCOM) (User: )

Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
 

Error: (11/25/2013 03:50:11 PM) (Source: DCOM) (User: )

Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
 

Error: (11/25/2013 03:03:55 PM) (Source: Service Control Manager) (User: )

Description: Das Zeitlimit (120000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst Wlansvc erreicht.
 

Error: (11/25/2013 11:20:45 AM) (Source: Service Control Manager) (User: )

Description: Das Zeitlimit (120000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst WwanSvc erreicht.
 

Error: (11/24/2013 02:33:51 PM) (Source: BugCheck) (User: )

Description: 0x00000116 (0xfffffa800540b4e0, 0xfffff88003f72a48, 0x0000000000000000, 0x0000000000000002)C:\Windows\MEMORY.DMP112413-93600-01
 

Error: (11/24/2013 02:33:47 PM) (Source: EventLog) (User: )

Description: Das System wurde zuvor am ‎24.‎11.‎2013 um 14:31:15 unerwartet heruntergefahren.
 

Error: (11/24/2013 11:58:25 AM) (Source: BugCheck) (User: )

Description: 0x00000116 (0xfffffa800569d4e0, 0xfffff88003e78a48, 0x0000000000000000, 0x0000000000000002)C:\Windows\MEMORY.DMP112413-28672-01
 

Error: (11/24/2013 11:58:20 AM) (Source: EventLog) (User: )

Description: Das System wurde zuvor am ‎24.‎11.‎2013 um 11:56:15 unerwartet heruntergefahren.
 
 

Microsoft Office Sessions:

=========================

Error: (11/24/2013 08:08:17 PM) (Source: Bonjour Service)(User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 15944
 

Error: (11/24/2013 08:08:17 PM) (Source: Bonjour Service)(User: )

Description: Task Scheduling Error: m->NextScheduledEvent 15944
 

Error: (11/24/2013 08:08:17 PM) (Source: Bonjour Service)(User: )

Description: Task Scheduling Error: Continuously busy for more than a second
 

Error: (11/24/2013 02:23:38 PM) (Source: Bonjour Service)(User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 16084
 

Error: (11/24/2013 02:23:38 PM) (Source: Bonjour Service)(User: )

Description: Task Scheduling Error: m->NextScheduledEvent 16084
 

Error: (11/24/2013 02:23:38 PM) (Source: Bonjour Service)(User: )

Description: Task Scheduling Error: Continuously busy for more than a second
 

Error: (11/23/2013 07:09:07 AM) (Source: Bonjour Service)(User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 18021579
 

Error: (11/23/2013 07:09:07 AM) (Source: Bonjour Service)(User: )

Description: Task Scheduling Error: m->NextScheduledEvent 18021579
 

Error: (11/23/2013 07:09:07 AM) (Source: Bonjour Service)(User: )

Description: Task Scheduling Error: Continuously busy for more than a second
 

Error: (11/23/2013 01:51:30 AM) (Source: Bonjour Service)(User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 18016041
 
 

==================== Memory info =========================== 
 

Percentage of memory in use: 41%

Total physical RAM: 3691.71 MB

Available physical RAM: 2174.94 MB

Total Pagefile: 7381.61 MB

Available Pagefile: 5361.72 MB

Total Virtual: 8192 MB

Available Virtual: 8191.81 MB
 

==================== Drives ================================
 

Drive c: (OS) (Fixed) (Total:128.18 GB) (Free:51.91 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

Drive d: (DATA) (Fixed) (Total:144.91 GB) (Free:32.37 GB) NTFS
 

==================== MBR & Partition Table ==================
 

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: 125FC5E1)

Partition 1: (Not Active) - (Size=25 GB) - (Type=1C)

Partition 2: (Active) - (Size=128 GB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=145 GB) - (Type=07 NTFS)
 

==================== End Of Log ============================

--- --- ---

hi,

Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

WICHTIG: Speichere Combofix auf deinem Desktop.

Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!

Wenn Combofix fertig ist, wird es ein Logfile erstellen.

Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Keine Fehlermeldung bekommen!
Hier das file

Combofix Logfile:

Code:

ComboFix 13-11-27.01 - Angela 28.11.2013  15:36:26.1.2 - x64

Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.3692.2348 [GMT 1:00]

ausgeführt von:: c:\users\Angela\Desktop\ComboFix.exe

AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}

SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\program files (x86)\WeatherBlink

c:\program files (x86)\WeatherBlink\bar\1.bin\AppIntegrator64.exe

c:\program files (x86)\WeatherBlink\bar\1.bin\AppIntegratorStub64.dll

c:\program files (x86)\WeatherBlink\bar\1.bin\BOOTSTRAP.JS

c:\program files (x86)\WeatherBlink\bar\1.bin\CREXT.DLL

c:\program files (x86)\WeatherBlink\bar\1.bin\CrExtPgc.exe

c:\program files (x86)\WeatherBlink\bar\1.bin\DPNMNGR.DLL

c:\program files (x86)\WeatherBlink\bar\1.bin\EXEMANAGER.DLL

c:\program files (x86)\WeatherBlink\bar\1.bin\gcauxstb.dll

c:\program files (x86)\WeatherBlink\bar\1.bin\gcbar.dll

c:\program files (x86)\WeatherBlink\bar\1.bin\gcbarsvc.exe

c:\program files (x86)\WeatherBlink\bar\1.bin\gcbprtct.dll

c:\program files (x86)\WeatherBlink\bar\1.bin\gcbrmon.exe

c:\program files (x86)\WeatherBlink\bar\1.bin\gcbrstub.dll

c:\program files (x86)\WeatherBlink\bar\1.bin\gcdatact.dll

c:\program files (x86)\WeatherBlink\bar\1.bin\gcdlghk.dll

c:\program files (x86)\WeatherBlink\bar\1.bin\gcdyn.dll

c:\program files (x86)\WeatherBlink\bar\1.bin\gcfeedmg.dll

c:\program files (x86)\WeatherBlink\bar\1.bin\gchighin.exe

c:\program files (x86)\WeatherBlink\bar\1.bin\gchkstub.dll

c:\program files (x86)\WeatherBlink\bar\1.bin\gchtmlmu.dll

c:\program files (x86)\WeatherBlink\bar\1.bin\gchttpct.dll

c:\program files (x86)\WeatherBlink\bar\1.bin\gcidle.dll

c:\program files (x86)\WeatherBlink\bar\1.bin\gcieovr.dll

c:\program files (x86)\WeatherBlink\bar\1.bin\gcimpipe.exe

c:\program files (x86)\WeatherBlink\bar\1.bin\gcmedint.exe

c:\program files (x86)\WeatherBlink\bar\1.bin\gcmlbtn.dll

c:\program files (x86)\WeatherBlink\bar\1.bin\gcmsg.dll

c:\program files (x86)\WeatherBlink\bar\1.bin\gcPlugin.dll

c:\program files (x86)\WeatherBlink\bar\1.bin\gcradio.dll

c:\program files (x86)\WeatherBlink\bar\1.bin\gcreghk.dll

c:\program files (x86)\WeatherBlink\bar\1.bin\gcregiet.dll

c:\program files (x86)\WeatherBlink\bar\1.bin\gcscript.dll

c:\program files (x86)\WeatherBlink\bar\1.bin\gcskin.dll

c:\program files (x86)\WeatherBlink\bar\1.bin\gcsknlcr.dll

c:\program files (x86)\WeatherBlink\bar\1.bin\gcskplay.exe

c:\program files (x86)\WeatherBlink\bar\1.bin\gcSrcAs.dll

c:\program files (x86)\WeatherBlink\bar\1.bin\gcSrchMn.exe

c:\program files (x86)\WeatherBlink\bar\1.bin\gctpinst.dll

c:\program files (x86)\WeatherBlink\bar\1.bin\gcuabtn.dll

c:\program files (x86)\WeatherBlink\bar\1.bin\Hpg64.dll

c:\program files (x86)\WeatherBlink\bar\1.bin\installKeys.js

c:\program files (x86)\WeatherBlink\bar\1.bin\LOGO.BMP

c:\program files (x86)\WeatherBlink\bar\1.bin\NPgcStub.dll

c:\program files (x86)\WeatherBlink\bar\1.bin\T8EXTEX.DLL

c:\program files (x86)\WeatherBlink\bar\1.bin\T8EXTPEX.DLL

c:\program files (x86)\WeatherBlink\bar\1.bin\T8HTML.DLL

c:\program files (x86)\WeatherBlink\bar\1.bin\T8RES.DLL

c:\program files (x86)\WeatherBlink\bar\1.bin\T8TICKER.DLL

c:\program files (x86)\WeatherBlink\bar\1.bin\VERIFY.DLL

c:\program files (x86)\WeatherBlink\bar\gen1\COMMON.T8S

c:\program files (x86)\WeatherBlink\bar\IE9Mesg\COMMON.T8S

c:\program files (x86)\WeatherBlink\bar\Message\COMMON.T8S

c:\program files (x86)\WeatherBlink\bar\Settings\s_pid.dat

c:\windows\msvcr71.dll

c:\windows\SysWow64\FlashPlayerApp.exe

.

.

(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Service_DCService.exe

-------\Service_WeatherBlinkService

.

.

(((((((((((((((((((((((   Dateien erstellt von 2013-10-28 bis 2013-11-28  ))))))))))))))))))))))))))))))

.

.

2013-11-28 14:52 . 2013-11-28 14:52        --------        d-----w-        c:\users\Default\AppData\Local\temp

2013-11-27 09:34 . 2013-11-27 09:34        --------        d-----w-        C:\FRST

2013-11-26 17:04 . 2013-11-08 03:12        10285968        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{942C0102-2192-402A-AD38-C4F12913AF05}\mpengine.dll

2013-11-21 14:02 . 2007-04-10 00:06        10752        ----a-w-        c:\windows\system32\E_GCINST.DLL

2013-11-21 14:02 . 2011-03-15 02:03        83968        ----a-w-        c:\windows\system32\E_YD4BHVE.DLL

2013-11-13 18:27 . 2013-11-13 18:27        --------        d-----w-        c:\programdata\McAfee

2013-11-13 10:54 . 2013-10-05 20:25        1474048        ----a-w-        c:\windows\system32\crypt32.dll

2013-11-13 10:51 . 2013-10-03 02:23        404480        ----a-w-        c:\windows\system32\gdi32.dll

2013-11-13 10:51 . 2013-10-03 02:00        311808        ----a-w-        c:\windows\SysWow64\gdi32.dll

2013-11-13 10:51 . 2013-10-12 02:29        859648        ----a-w-        c:\windows\system32\IKEEXT.DLL

2013-11-13 10:51 . 2013-10-12 02:30        830464        ----a-w-        c:\windows\system32\nshwfp.dll

2013-11-13 10:51 . 2013-10-12 02:29        324096        ----a-w-        c:\windows\system32\FWPUCLNT.DLL

2013-11-13 10:51 . 2013-10-12 02:03        656896        ----a-w-        c:\windows\SysWow64\nshwfp.dll

2013-11-13 10:51 . 2013-10-12 02:01        216576        ----a-w-        c:\windows\SysWow64\FWPUCLNT.DLL

2013-11-09 17:59 . 2013-11-09 18:05        --------        d-----w-        c:\users\Angela\AppData\Roaming\Apple Computer

2013-11-09 17:59 . 2013-11-09 17:59        --------        d-----w-        c:\users\Angela\AppData\Local\Apple Computer

2013-11-09 17:58 . 2012-08-21 12:01        33240        ----a-w-        c:\windows\system32\drivers\GEARAspiWDM.sys

2013-11-09 17:57 . 2013-11-09 17:57        --------        d-----w-        c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69

2013-11-09 17:57 . 2013-11-09 17:57        --------        d-----w-        c:\program files\iTunes

2013-11-09 17:57 . 2013-11-09 17:57        --------        d-----w-        c:\program files (x86)\iTunes

2013-11-09 17:57 . 2013-11-09 17:57        --------        d-----w-        c:\programdata\Apple Computer

2013-11-09 17:57 . 2013-11-09 17:57        --------        d-----w-        c:\program files\iPod

2013-11-09 17:55 . 2013-11-09 17:55        --------        d-----w-        c:\users\Angela\AppData\Local\Apple

2013-11-09 17:55 . 2013-11-09 17:55        --------        d-----w-        c:\program files (x86)\Apple Software Update

2013-11-09 17:54 . 2013-11-09 17:54        --------        d-----w-        c:\program files\Common Files\Apple

2013-11-09 17:54 . 2013-11-09 17:54        --------        d-----w-        c:\program files\Bonjour

2013-11-09 17:54 . 2013-11-09 17:54        --------        d-----w-        c:\program files (x86)\Bonjour

2013-11-09 17:54 . 2013-11-09 17:57        --------        d-----w-        c:\program files (x86)\Common Files\Apple

2013-11-09 17:54 . 2013-11-09 17:55        --------        d-----w-        c:\programdata\Apple

2013-11-06 14:21 . 2013-11-06 14:21        --------        d-sh--w-        c:\windows\SysWow64\AI_RecycleBin

2013-11-06 14:21 . 2013-11-07 14:40        --------        d-----w-        c:\program files (x86)\sysTPL

2013-11-06 14:20 . 2013-11-06 14:25        --------        d-----w-        c:\users\Angela\AppData\Roaming\Tlapia

2013-11-04 09:49 . 2013-11-04 09:49        --------        d-----w-        c:\users\Angela\AppData\Local\IAC

2013-11-04 09:49 . 2013-11-04 09:49        --------        d-----w-        c:\users\Angela\AppData\Local\VideoDownloadConverter_4z

2013-11-04 09:47 . 2013-11-04 09:47        --------        d-----w-        c:\program files (x86)\VideoDownloadConverter

2013-10-31 13:33 . 2013-10-31 13:40        --------        d-----w-        c:\users\Angela\AppData\Roaming\CyberLink

2013-10-31 13:31 . 2013-10-31 13:31        --------        d-----w-        c:\program files\Google

2013-10-31 13:29 . 2013-10-31 13:30        --------        d-----w-        c:\program files (x86)\Common Files\Adobe

2013-10-31 13:00 . 2013-10-31 13:00        --------        d-----w-        c:\program files (x86)\Media Player Utilities 4.28

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-11-26 17:13 . 2013-05-08 19:39        83160        ----a-w-        c:\windows\system32\drivers\avnetflt.sys

2013-11-26 17:13 . 2013-04-01 19:53        28600        ----a-w-        c:\windows\system32\drivers\avkmgr.sys

2013-11-26 17:13 . 2013-04-01 19:53        132600        ----a-w-        c:\windows\system32\drivers\avipbb.sys

2013-11-26 17:13 . 2013-04-01 19:53        106904        ----a-w-        c:\windows\system32\drivers\avgntflt.sys

2013-11-13 18:26 . 2012-07-15 09:39        71048        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2013-11-13 14:37 . 2012-03-06 17:33        82896128        ----a-w-        c:\windows\system32\MRT.exe

2013-11-11 16:30 . 2012-11-09 19:59        46368        ----a-w-        c:\windows\system32\drivers\avgtpx64.sys

2013-11-11 04:50 . 2012-07-14 15:41        267936        ------w-        c:\windows\system32\MpSigStub.exe

2013-10-08 05:50 . 2013-10-17 09:48        96168        ----a-w-        c:\windows\SysWow64\WindowsAccessBridge-32.dll

2013-09-08 02:30 . 2013-10-09 13:35        1903552        ----a-w-        c:\windows\system32\drivers\tcpip.sys

2013-09-08 02:27 . 2013-10-09 13:35        327168        ----a-w-        c:\windows\system32\mswsock.dll

2013-09-08 02:03 . 2013-10-09 13:35        231424        ----a-w-        c:\windows\SysWow64\mswsock.dll

2013-09-04 12:12 . 2013-10-09 13:33        343040        ----a-w-        c:\windows\system32\drivers\usbhub.sys

2013-09-04 12:11 . 2013-10-09 13:33        325120        ----a-w-        c:\windows\system32\drivers\usbport.sys

2013-09-04 12:11 . 2013-10-09 13:33        99840        ----a-w-        c:\windows\system32\drivers\usbccgp.sys

2013-09-04 12:11 . 2013-10-09 13:33        52736        ----a-w-        c:\windows\system32\drivers\usbehci.sys

2013-09-04 12:11 . 2013-10-09 13:33        30720        ----a-w-        c:\windows\system32\drivers\usbuhci.sys

2013-09-04 12:11 . 2013-10-09 13:33        25600        ----a-w-        c:\windows\system32\drivers\usbohci.sys

2013-09-04 12:11 . 2013-10-09 13:33        7808        ----a-w-        c:\windows\system32\drivers\usbd.sys

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{312f84fb-8970-4fd3-bddb-7012eac4afc9}]

2013-11-04 09:46        716360        ----a-w-        c:\progra~2\VIDEOD~2\bar\1.bin\4zbar.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]

2013-11-11 16:30        3353624        ----a-w-        c:\program files (x86)\AVG Secure Search\17.1.2.1\AVG Secure Search_toolbar.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{c547c6c2-561b-4169-a2a5-20ba771ca93b}]

2013-11-04 09:46        62864        ----a-w-        c:\program files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zSrcAs.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]

"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\17.1.2.1\AVG Secure Search_toolbar.dll" [2013-11-11 3353624]

"{48586425-6bb7-4f51-8dc6-38c88e3ebb58}"= "c:\program files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zbar.dll" [2013-11-04 716360]

.

[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]

[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]

[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]

.

[HKEY_CLASSES_ROOT\clsid\{48586425-6bb7-4f51-8dc6-38c88e3ebb58}]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ISUSPM"="c:\programdata\FLEXnet\Connect\11\ISUSPM.exe" [2009-05-05 222496]

"OfficeSyncProcess"="c:\program files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" [2013-04-22 720064]

"EPLTarget\P0000000000000001"="c:\windows\system32\spool\DRIVERS\x64\3\E_YATIHVE.EXE" [2012-07-12 241280]

"EPLTarget\P0000000000000000"="c:\windows\system32\spool\DRIVERS\x64\3\E_IATIHAE.EXE" [2012-02-29 283232]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"Nuance PDF Reader-reminder"="c:\program files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" [2008-11-03 328992]

"ASUSPRP"="c:\program files (x86)\ASUS\APRP\APRP.EXE" [2011-10-19 3331312]

"ASUSWebStorage"="c:\program files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe" [2011-07-29 737104]

"SonicMasterTray"="c:\program files (x86)\ASUS\ASUS Sonic Focus\SonicFocusTray.exe" [2010-07-10 984400]

"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2010-08-17 5732992]

"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-10-07 170624]

"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]

"Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2011-06-10 2255360]

"EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe" [2010-10-12 979328]

"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 89184]

"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2013-11-11 2420248]

"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-11-26 683576]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]

"MailCheck IE Broker"="c:\program files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe" [2013-10-16 1766464]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-09-05 958576]

"VideoDownloadConverter Search Scope Monitor"="c:\progra~2\VIDEOD~2\bar\1.bin\4zsrchmn.exe" [2013-11-04 44784]

"VideoDownloadConverter_4z Browser Plugin Loader"="c:\progra~2\VIDEOD~2\bar\1.bin\4zbrmon.exe" [2013-11-04 30096]

"sysTPL"="c:\program files (x86)\sysTPL\sysTPL.exe" [2013-07-21 504600]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-09-13 59720]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-11-01 152392]

.

c:\users\Angela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

EvernoteClipper.lnk - c:\program files (x86)\Evernote\Evernote\EvernoteClipper.exe [2013-10-3 1103200]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

AsusVibeLauncher.lnk - c:\program files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe /start [2011-10-19 549040]

FancyStart daemon.lnk - c:\windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_94E3CE3704FE82FBF49A6A.exe -d [2012-1-8 12862]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]

"Userinit"="userinit.exe"

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]

R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [x]

R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ew_hwusbdev.sys [x]

R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbnet.sys [x]

R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys;c:\windows\SYSNATIVE\Drivers\ANDROIDUSB.sys [x]

R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]

R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys;c:\windows\SYSNATIVE\DRIVERS\SiSG664.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]

R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]

S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_sata.sys [x]

S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_xata.sys [x]

S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [x]

S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys;c:\windows\SYSNATIVE\drivers\avgtpx64.sys [x]

S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]

S2 AAV UpdateService;AAV UpdateService;c:\program files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe;c:\program files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [x]

S2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe;c:\program files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [x]

S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe;c:\windows\SYSNATIVE\FBAgent.exe [x]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]

S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]

S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]

S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [x]

S2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE;c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [x]

S2 EPSON_PM_RPCV4_05;EPSON V3 Service4(05);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_WT50RP.EXE;c:\program files\Common Files\EPSON\EPW!3 SSRP\E_WT50RP.EXE [x]

S2 sysTPLMonitor.exe;sysTPLMonitor;c:\program files (x86)\sysTPL\sysTPLMonitor.exe;c:\program files (x86)\sysTPL\sysTPLMonitor.exe [x]

S2 sysTPLService.exe;sysTPLService;c:\program files (x86)\sysTPL\sysTPLService.exe;c:\program files (x86)\sysTPL\sysTPLService.exe [x]

S2 VideoDownloadConverter_4zService;VideoDownloadConverterService;c:\progra~2\VIDEOD~2\bar\1.bin\4zbarsvc.exe;c:\progra~2\VIDEOD~2\bar\1.bin\4zbarsvc.exe [x]

S2 vToolbarUpdater17.1.2;vToolbarUpdater17.1.2;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.1.2\ToolbarUpdater.exe;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.1.2\ToolbarUpdater.exe [x]

S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys;c:\windows\SYSNATIVE\DRIVERS\amdiox64.sys [x]

S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]

S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]

S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jubusenum.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]

S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]

.

.

--- Andere Dienste/Treiber im Speicher ---

.

*NewlyCreated* - WS2IFSL

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2013-11-17 17:11        1210320        ----a-w-        c:\program files (x86)\Google\Chrome\Application\31.0.1650.57\Installer\chrmstp.exe

.

Inhalt des "geplante Tasks" Ordners

.

2013-11-28 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-15 18:26]

.

2013-11-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-28 18:59]

.

2013-11-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-28 18:59]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]

@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"

[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]

2011-05-25 07:09        227840        ----a-w-        c:\program files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSShellExt64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]

@="{64174815-8D98-4CE6-8646-4C039977D808}"

[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]

2011-05-25 07:09        227840        ----a-w-        c:\program files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSShellExt64.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-10-14 2278504]

"VideoDownloadConverter Home Page Guard 64 bit"="c:\progra~2\VIDEOD~2\bar\1.bin\AppIntegrator64.exe" [2013-11-04 548936]

.

------- Zusätzlicher Suchlauf -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://home.tb.ask.com/index.jhtml?n=77FD7B63&p2=^HJ^man000^YYA^&ptb=0E68884F-B533-4D4D-B3AF-02BAF2CD5486

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local;<local>

IE: Add to AMV/AVI Video Converter... - c:\program files (x86)\Media Player Utilities 4.28\AMVConverter\grab.html

IE: An OneNote s&enden - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105

IE: Auswahl speichern - c:\program files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3

IE: Bild ausschneiden - c:\program files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=4

IE: Diese Seite ausschneiden - c:\program files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1

IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000

IE: Neue Notiz - c:\program files (x86)\Evernote\Evernote\\EvernoteIERes\NewNote.html

IE: URL notieren - c:\program files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0

Trusted Zone: ing-diba.de\www

Trusted Zone: jobrapido.com\de

Trusted Zone: web.de

Trusted Zone: web.de\navigator

Trusted Zone: westwing.de\www

Trusted Zone: xing.com\www

TCP: DhcpNameServer = 192.168.178.1

TCP: Interfaces\{936CB760-98DF-451C-8301-D8C258E9B683}: NameServer = 193.189.244.225 193.189.244.206

TCP: Interfaces\{E79ED8EB-7F22-4B47-9017-056B0723096D}: NameServer = 193.189.244.225 193.189.244.206

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\17.1.2\ViProtocol.dll

Handler: webde - {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - c:\program files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll

DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/4.0.4.0/GarminAxControl_32.CAB

DPF: {85C86CCC-2158-4123-9C7D-785190CED875} - hxxps://lernboerse.arbeitsagentur.de/exklusiv/ilias/data/balihob/lm_data/httppath/dpLaunchPlugin.cab

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -

.

BHO-{9b9dcae3-be34-424c-8d73-75e305a9e091} - c:\program files (x86)\WeatherBlink\bar\1.bin\gcSrcAs.dll

BHO-{dc9051c2-8f55-479a-97a4-747980d9047f} - c:\progra~2\WEATHE~2\bar\1.bin\gcbar.dll

Toolbar-Locked - (no file)

Toolbar-{f20de5e0-2a6e-4c54-985f-1cf59551ce39} - c:\program files (x86)\WeatherBlink\bar\1.bin\gcbar.dll

Wow6432Node-HKLM-Run-WeatherBlink Search Scope Monitor - c:\progra~2\WEATHE~2\bar\1.bin\gcsrchmn.exe

Wow6432Node-HKLM-Run-WeatherBlink Browser Plugin Loader - c:\progra~2\WEATHE~2\bar\1.bin\gcbrmon.exe

HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start

Toolbar-Locked - (no file)

HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe

HKLM-Run-WeatherBlink Home Page Guard 64 bit - c:\progra~2\WEATHE~2\bar\1.bin\AppIntegrator64.exe

AddRemove-ASUS_Screensaver - c:\windows\system32\ASUS_Screensaver.scr

.

.

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_152_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_152_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_152_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_152_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_152.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_152.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_152.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_152.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Weitere laufende Prozesse ------------------------

.

c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe

c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe

c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE

c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.1.2\loggingserver.exe

c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe

c:\program files (x86)\ASUS\SmartLogon\sensorsrv.exe

c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe

c:\windows\AsScrPro.exe

c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe

c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe

c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe

.

**************************************************************************

.

Zeit der Fertigstellung: 2013-11-28  16:08:07 - PC wurde neu gestartet

ComboFix-quarantined-files.txt  2013-11-28 15:08

.

Vor Suchlauf: 10 Verzeichnis(se), 55.317.659.648 Bytes frei

Nach Suchlauf: 17 Verzeichnis(se), 56.769.220.608 Bytes frei

.

- - End Of File - - 00766E52F2596B8025B5DF6B985690E1

--- --- ---
A36C5E4F47E84449FF07ED3517B43A31
[/CODE]Combofix Logfile:

Code:

ComboFix 13-11-27.01 - Angela 28.11.2013  15:36:26.1.2 - x64

Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.3692.2348 [GMT 1:00]

ausgeführt von:: c:\users\Angela\Desktop\ComboFix.exe

AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}

SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\program files (x86)\WeatherBlink

c:\program files (x86)\WeatherBlink\bar\1.bin\AppIntegrator64.exe

c:\program files (x86)\WeatherBlink\bar\1.bin\AppIntegratorStub64.dll

c:\program files (x86)\WeatherBlink\bar\1.bin\BOOTSTRAP.JS

c:\program files (x86)\WeatherBlink\bar\1.bin\CREXT.DLL

c:\program files (x86)\WeatherBlink\bar\1.bin\CrExtPgc.exe

c:\program files (x86)\WeatherBlink\bar\1.bin\DPNMNGR.DLL

c:\program files (x86)\WeatherBlink\bar\1.bin\EXEMANAGER.DLL

c:\program files (x86)\WeatherBlink\bar\1.bin\gcauxstb.dll

c:\program files (x86)\WeatherBlink\bar\1.bin\gcbar.dll

c:\program files (x86)\WeatherBlink\bar\1.bin\gcbarsvc.exe

c:\program files (x86)\WeatherBlink\bar\1.bin\gcbprtct.dll

c:\program files (x86)\WeatherBlink\bar\1.bin\gcbrmon.exe

c:\program files (x86)\WeatherBlink\bar\1.bin\gcbrstub.dll

c:\program files (x86)\WeatherBlink\bar\1.bin\gcdatact.dll

c:\program files (x86)\WeatherBlink\bar\1.bin\gcdlghk.dll

c:\program files (x86)\WeatherBlink\bar\1.bin\gcdyn.dll

c:\program files (x86)\WeatherBlink\bar\1.bin\gcfeedmg.dll

c:\program files (x86)\WeatherBlink\bar\1.bin\gchighin.exe

c:\program files (x86)\WeatherBlink\bar\1.bin\gchkstub.dll

c:\program files (x86)\WeatherBlink\bar\1.bin\gchtmlmu.dll

c:\program files (x86)\WeatherBlink\bar\1.bin\gchttpct.dll

c:\program files (x86)\WeatherBlink\bar\1.bin\gcidle.dll

c:\program files (x86)\WeatherBlink\bar\1.bin\gcieovr.dll

c:\program files (x86)\WeatherBlink\bar\1.bin\gcimpipe.exe

c:\program files (x86)\WeatherBlink\bar\1.bin\gcmedint.exe

c:\program files (x86)\WeatherBlink\bar\1.bin\gcmlbtn.dll

c:\program files (x86)\WeatherBlink\bar\1.bin\gcmsg.dll

c:\program files (x86)\WeatherBlink\bar\1.bin\gcPlugin.dll

c:\program files (x86)\WeatherBlink\bar\1.bin\gcradio.dll

c:\program files (x86)\WeatherBlink\bar\1.bin\gcreghk.dll

c:\program files (x86)\WeatherBlink\bar\1.bin\gcregiet.dll

c:\program files (x86)\WeatherBlink\bar\1.bin\gcscript.dll

c:\program files (x86)\WeatherBlink\bar\1.bin\gcskin.dll

c:\program files (x86)\WeatherBlink\bar\1.bin\gcsknlcr.dll

c:\program files (x86)\WeatherBlink\bar\1.bin\gcskplay.exe

c:\program files (x86)\WeatherBlink\bar\1.bin\gcSrcAs.dll

c:\program files (x86)\WeatherBlink\bar\1.bin\gcSrchMn.exe

c:\program files (x86)\WeatherBlink\bar\1.bin\gctpinst.dll

c:\program files (x86)\WeatherBlink\bar\1.bin\gcuabtn.dll

c:\program files (x86)\WeatherBlink\bar\1.bin\Hpg64.dll

c:\program files (x86)\WeatherBlink\bar\1.bin\installKeys.js

c:\program files (x86)\WeatherBlink\bar\1.bin\LOGO.BMP

c:\program files (x86)\WeatherBlink\bar\1.bin\NPgcStub.dll

c:\program files (x86)\WeatherBlink\bar\1.bin\T8EXTEX.DLL

c:\program files (x86)\WeatherBlink\bar\1.bin\T8EXTPEX.DLL

c:\program files (x86)\WeatherBlink\bar\1.bin\T8HTML.DLL

c:\program files (x86)\WeatherBlink\bar\1.bin\T8RES.DLL

c:\program files (x86)\WeatherBlink\bar\1.bin\T8TICKER.DLL

c:\program files (x86)\WeatherBlink\bar\1.bin\VERIFY.DLL

c:\program files (x86)\WeatherBlink\bar\gen1\COMMON.T8S

c:\program files (x86)\WeatherBlink\bar\IE9Mesg\COMMON.T8S

c:\program files (x86)\WeatherBlink\bar\Message\COMMON.T8S

c:\program files (x86)\WeatherBlink\bar\Settings\s_pid.dat

c:\windows\msvcr71.dll

c:\windows\SysWow64\FlashPlayerApp.exe

.

.

(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Service_DCService.exe

-------\Service_WeatherBlinkService

.

.

(((((((((((((((((((((((   Dateien erstellt von 2013-10-28 bis 2013-11-28  ))))))))))))))))))))))))))))))

.

.

2013-11-28 14:52 . 2013-11-28 14:52        --------        d-----w-        c:\users\Default\AppData\Local\temp

2013-11-27 09:34 . 2013-11-27 09:34        --------        d-----w-        C:\FRST

2013-11-26 17:04 . 2013-11-08 03:12        10285968        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{942C0102-2192-402A-AD38-C4F12913AF05}\mpengine.dll

2013-11-21 14:02 . 2007-04-10 00:06        10752        ----a-w-        c:\windows\system32\E_GCINST.DLL

2013-11-21 14:02 . 2011-03-15 02:03        83968        ----a-w-        c:\windows\system32\E_YD4BHVE.DLL

2013-11-13 18:27 . 2013-11-13 18:27        --------        d-----w-        c:\programdata\McAfee

2013-11-13 10:54 . 2013-10-05 20:25        1474048        ----a-w-        c:\windows\system32\crypt32.dll

2013-11-13 10:51 . 2013-10-03 02:23        404480        ----a-w-        c:\windows\system32\gdi32.dll

2013-11-13 10:51 . 2013-10-03 02:00        311808        ----a-w-        c:\windows\SysWow64\gdi32.dll

2013-11-13 10:51 . 2013-10-12 02:29        859648        ----a-w-        c:\windows\system32\IKEEXT.DLL

2013-11-13 10:51 . 2013-10-12 02:30        830464        ----a-w-        c:\windows\system32\nshwfp.dll

2013-11-13 10:51 . 2013-10-12 02:29        324096        ----a-w-        c:\windows\system32\FWPUCLNT.DLL

2013-11-13 10:51 . 2013-10-12 02:03        656896        ----a-w-        c:\windows\SysWow64\nshwfp.dll

2013-11-13 10:51 . 2013-10-12 02:01        216576        ----a-w-        c:\windows\SysWow64\FWPUCLNT.DLL

2013-11-09 17:59 . 2013-11-09 18:05        --------        d-----w-        c:\users\Angela\AppData\Roaming\Apple Computer

2013-11-09 17:59 . 2013-11-09 17:59        --------        d-----w-        c:\users\Angela\AppData\Local\Apple Computer

2013-11-09 17:58 . 2012-08-21 12:01        33240        ----a-w-        c:\windows\system32\drivers\GEARAspiWDM.sys

2013-11-09 17:57 . 2013-11-09 17:57        --------        d-----w-        c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69

2013-11-09 17:57 . 2013-11-09 17:57        --------        d-----w-        c:\program files\iTunes

2013-11-09 17:57 . 2013-11-09 17:57        --------        d-----w-        c:\program files (x86)\iTunes

2013-11-09 17:57 . 2013-11-09 17:57        --------        d-----w-        c:\programdata\Apple Computer

2013-11-09 17:57 . 2013-11-09 17:57        --------        d-----w-        c:\program files\iPod

2013-11-09 17:55 . 2013-11-09 17:55        --------        d-----w-        c:\users\Angela\AppData\Local\Apple

2013-11-09 17:55 . 2013-11-09 17:55        --------        d-----w-        c:\program files (x86)\Apple Software Update

2013-11-09 17:54 . 2013-11-09 17:54        --------        d-----w-        c:\program files\Common Files\Apple

2013-11-09 17:54 . 2013-11-09 17:54        --------        d-----w-        c:\program files\Bonjour

2013-11-09 17:54 . 2013-11-09 17:54        --------        d-----w-        c:\program files (x86)\Bonjour

2013-11-09 17:54 . 2013-11-09 17:57        --------        d-----w-        c:\program files (x86)\Common Files\Apple

2013-11-09 17:54 . 2013-11-09 17:55        --------        d-----w-        c:\programdata\Apple

2013-11-06 14:21 . 2013-11-06 14:21        --------        d-sh--w-        c:\windows\SysWow64\AI_RecycleBin

2013-11-06 14:21 . 2013-11-07 14:40        --------        d-----w-        c:\program files (x86)\sysTPL

2013-11-06 14:20 . 2013-11-06 14:25        --------        d-----w-        c:\users\Angela\AppData\Roaming\Tlapia

2013-11-04 09:49 . 2013-11-04 09:49        --------        d-----w-        c:\users\Angela\AppData\Local\IAC

2013-11-04 09:49 . 2013-11-04 09:49        --------        d-----w-        c:\users\Angela\AppData\Local\VideoDownloadConverter_4z

2013-11-04 09:47 . 2013-11-04 09:47        --------        d-----w-        c:\program files (x86)\VideoDownloadConverter

2013-10-31 13:33 . 2013-10-31 13:40        --------        d-----w-        c:\users\Angela\AppData\Roaming\CyberLink

2013-10-31 13:31 . 2013-10-31 13:31        --------        d-----w-        c:\program files\Google

2013-10-31 13:29 . 2013-10-31 13:30        --------        d-----w-        c:\program files (x86)\Common Files\Adobe

2013-10-31 13:00 . 2013-10-31 13:00        --------        d-----w-        c:\program files (x86)\Media Player Utilities 4.28

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-11-26 17:13 . 2013-05-08 19:39        83160        ----a-w-        c:\windows\system32\drivers\avnetflt.sys

2013-11-26 17:13 . 2013-04-01 19:53        28600        ----a-w-        c:\windows\system32\drivers\avkmgr.sys

2013-11-26 17:13 . 2013-04-01 19:53        132600        ----a-w-        c:\windows\system32\drivers\avipbb.sys

2013-11-26 17:13 . 2013-04-01 19:53        106904        ----a-w-        c:\windows\system32\drivers\avgntflt.sys

2013-11-13 18:26 . 2012-07-15 09:39        71048        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2013-11-13 14:37 . 2012-03-06 17:33        82896128        ----a-w-        c:\windows\system32\MRT.exe

2013-11-11 16:30 . 2012-11-09 19:59        46368        ----a-w-        c:\windows\system32\drivers\avgtpx64.sys

2013-11-11 04:50 . 2012-07-14 15:41        267936        ------w-        c:\windows\system32\MpSigStub.exe

2013-10-08 05:50 . 2013-10-17 09:48        96168        ----a-w-        c:\windows\SysWow64\WindowsAccessBridge-32.dll

2013-09-08 02:30 . 2013-10-09 13:35        1903552        ----a-w-        c:\windows\system32\drivers\tcpip.sys

2013-09-08 02:27 . 2013-10-09 13:35        327168        ----a-w-        c:\windows\system32\mswsock.dll

2013-09-08 02:03 . 2013-10-09 13:35        231424        ----a-w-        c:\windows\SysWow64\mswsock.dll

2013-09-04 12:12 . 2013-10-09 13:33        343040        ----a-w-        c:\windows\system32\drivers\usbhub.sys

2013-09-04 12:11 . 2013-10-09 13:33        325120        ----a-w-        c:\windows\system32\drivers\usbport.sys

2013-09-04 12:11 . 2013-10-09 13:33        99840        ----a-w-        c:\windows\system32\drivers\usbccgp.sys

2013-09-04 12:11 . 2013-10-09 13:33        52736        ----a-w-        c:\windows\system32\drivers\usbehci.sys

2013-09-04 12:11 . 2013-10-09 13:33        30720        ----a-w-        c:\windows\system32\drivers\usbuhci.sys

2013-09-04 12:11 . 2013-10-09 13:33        25600        ----a-w-        c:\windows\system32\drivers\usbohci.sys

2013-09-04 12:11 . 2013-10-09 13:33        7808        ----a-w-        c:\windows\system32\drivers\usbd.sys

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{312f84fb-8970-4fd3-bddb-7012eac4afc9}]

2013-11-04 09:46        716360        ----a-w-        c:\progra~2\VIDEOD~2\bar\1.bin\4zbar.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]

2013-11-11 16:30        3353624        ----a-w-        c:\program files (x86)\AVG Secure Search\17.1.2.1\AVG Secure Search_toolbar.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{c547c6c2-561b-4169-a2a5-20ba771ca93b}]

2013-11-04 09:46        62864        ----a-w-        c:\program files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zSrcAs.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]

"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\17.1.2.1\AVG Secure Search_toolbar.dll" [2013-11-11 3353624]

"{48586425-6bb7-4f51-8dc6-38c88e3ebb58}"= "c:\program files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zbar.dll" [2013-11-04 716360]

.

[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]

[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]

[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]

.

[HKEY_CLASSES_ROOT\clsid\{48586425-6bb7-4f51-8dc6-38c88e3ebb58}]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ISUSPM"="c:\programdata\FLEXnet\Connect\11\ISUSPM.exe" [2009-05-05 222496]

"OfficeSyncProcess"="c:\program files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" [2013-04-22 720064]

"EPLTarget\P0000000000000001"="c:\windows\system32\spool\DRIVERS\x64\3\E_YATIHVE.EXE" [2012-07-12 241280]

"EPLTarget\P0000000000000000"="c:\windows\system32\spool\DRIVERS\x64\3\E_IATIHAE.EXE" [2012-02-29 283232]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"Nuance PDF Reader-reminder"="c:\program files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" [2008-11-03 328992]

"ASUSPRP"="c:\program files (x86)\ASUS\APRP\APRP.EXE" [2011-10-19 3331312]

"ASUSWebStorage"="c:\program files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe" [2011-07-29 737104]

"SonicMasterTray"="c:\program files (x86)\ASUS\ASUS Sonic Focus\SonicFocusTray.exe" [2010-07-10 984400]

"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2010-08-17 5732992]

"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-10-07 170624]

"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]

"Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2011-06-10 2255360]

"EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe" [2010-10-12 979328]

"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 89184]

"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2013-11-11 2420248]

"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-11-26 683576]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]

"MailCheck IE Broker"="c:\program files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe" [2013-10-16 1766464]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-09-05 958576]

"VideoDownloadConverter Search Scope Monitor"="c:\progra~2\VIDEOD~2\bar\1.bin\4zsrchmn.exe" [2013-11-04 44784]

"VideoDownloadConverter_4z Browser Plugin Loader"="c:\progra~2\VIDEOD~2\bar\1.bin\4zbrmon.exe" [2013-11-04 30096]

"sysTPL"="c:\program files (x86)\sysTPL\sysTPL.exe" [2013-07-21 504600]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-09-13 59720]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-11-01 152392]

.

c:\users\Angela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

EvernoteClipper.lnk - c:\program files (x86)\Evernote\Evernote\EvernoteClipper.exe [2013-10-3 1103200]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

AsusVibeLauncher.lnk - c:\program files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe /start [2011-10-19 549040]

FancyStart daemon.lnk - c:\windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_94E3CE3704FE82FBF49A6A.exe -d [2012-1-8 12862]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]

"Userinit"="userinit.exe"

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]

R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [x]

R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ew_hwusbdev.sys [x]

R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbnet.sys [x]

R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys;c:\windows\SYSNATIVE\Drivers\ANDROIDUSB.sys [x]

R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132

        Code:


        
ComboFix 13-11-27.01 - Angela 28.11.2013  15:36:26.1.2 - x64

Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.3692.2348 [GMT 1:00]

ausgeführt von:: c:\users\Angela\Desktop\ComboFix.exe

AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}

SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\program files (x86)\WeatherBlink

c:\program files (x86)\WeatherBlink\bar\1.bin\AppIntegrator64.exe

c:\program files (x86)\WeatherBlink\bar\1.bin\AppIntegratorStub64.dll

c:\program files (x86)\WeatherBlink\bar\1.bin\BOOTSTRAP.JS

c:\program files (x86)\WeatherBlink\bar\1.bin\CREXT.DLL

c:\program files (x86)\WeatherBlink\bar\1.bin\CrExtPgc.exe

c:\program files (x86)\WeatherBlink\bar\1.bin\DPNMNGR.DLL

c:\program files (x86)\WeatherBlink\bar\1.bin\EXEMANAGER.DLL

c:\program files (x86)\WeatherBlink\bar\1.bin\gcauxstb.dll

c:\program files (x86)\WeatherBlink\bar\1.bin\gcbar.dll

c:\program files (x86)\WeatherBlink\bar\1.bin\gcbarsvc.exe

c:\program files (x86)\WeatherBlink\bar\1.bin\gcbprtct.dll

c:\program files (x86)\WeatherBlink\bar\1.bin\gcbrmon.exe

c:\program files (x86)\WeatherBlink\bar\1.bin\gcbrstub.dll

c:\program files (x86)\WeatherBlink\bar\1.bin\gcdatact.dll

c:\program files (x86)\WeatherBlink\bar\1.bin\gcdlghk.dll

c:\program files (x86)\WeatherBlink\bar\1.bin\gcdyn.dll

c:\program files (x86)\WeatherBlink\bar\1.bin\gcfeedmg.dll

c:\program files (x86)\WeatherBlink\bar\1.bin\gchighin.exe

c:\program files (x86)\WeatherBlink\bar\1.bin\gchkstub.dll

c:\program files (x86)\WeatherBlink\bar\1.bin\gchtmlmu.dll

c:\program files (x86)\WeatherBlink\bar\1.bin\gchttpct.dll

c:\program files (x86)\WeatherBlink\bar\1.bin\gcidle.dll

c:\program files (x86)\WeatherBlink\bar\1.bin\gcieovr.dll

c:\program files (x86)\WeatherBlink\bar\1.bin\gcimpipe.exe

c:\program files (x86)\WeatherBlink\bar\1.bin\gcmedint.exe

c:\program files (x86)\WeatherBlink\bar\1.bin\gcmlbtn.dll

c:\program files (x86)\WeatherBlink\bar\1.bin\gcmsg.dll

c:\program files (x86)\WeatherBlink\bar\1.bin\gcPlugin.dll

c:\program files (x86)\WeatherBlink\bar\1.bin\gcradio.dll

c:\program files (x86)\WeatherBlink\bar\1.bin\gcreghk.dll

c:\program files (x86)\WeatherBlink\bar\1.bin\gcregiet.dll

c:\program files (x86)\WeatherBlink\bar\1.bin\gcscript.dll

c:\program files (x86)\WeatherBlink\bar\1.bin\gcskin.dll

c:\program files (x86)\WeatherBlink\bar\1.bin\gcsknlcr.dll

c:\program files (x86)\WeatherBlink\bar\1.bin\gcskplay.exe

c:\program files (x86)\WeatherBlink\bar\1.bin\gcSrcAs.dll

c:\program files (x86)\WeatherBlink\bar\1.bin\gcSrchMn.exe

c:\program files (x86)\WeatherBlink\bar\1.bin\gctpinst.dll

c:\program files (x86)\WeatherBlink\bar\1.bin\gcuabtn.dll

c:\program files (x86)\WeatherBlink\bar\1.bin\Hpg64.dll

c:\program files (x86)\WeatherBlink\bar\1.bin\installKeys.js

c:\program files (x86)\WeatherBlink\bar\1.bin\LOGO.BMP

c:\program files (x86)\WeatherBlink\bar\1.bin\NPgcStub.dll

c:\program files (x86)\WeatherBlink\bar\1.bin\T8EXTEX.DLL

c:\program files (x86)\WeatherBlink\bar\1.bin\T8EXTPEX.DLL

c:\program files (x86)\WeatherBlink\bar\1.bin\T8HTML.DLL

c:\program files (x86)\WeatherBlink\bar\1.bin\T8RES.DLL

c:\program files (x86)\WeatherBlink\bar\1.bin\T8TICKER.DLL

c:\program files (x86)\WeatherBlink\bar\1.bin\VERIFY.DLL

c:\program files (x86)\WeatherBlink\bar\gen1\COMMON.T8S

c:\program files (x86)\WeatherBlink\bar\IE9Mesg\COMMON.T8S

c:\program files (x86)\WeatherBlink\bar\Message\COMMON.T8S

c:\program files (x86)\WeatherBlink\bar\Settings\s_pid.dat

c:\windows\msvcr71.dll

c:\windows\SysWow64\FlashPlayerApp.exe

.

.

(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Service_DCService.exe

-------\Service_WeatherBlinkService

.

.

(((((((((((((((((((((((   Dateien erstellt von 2013-10-28 bis 2013-11-28  ))))))))))))))))))))))))))))))

.

.

2013-11-28 14:52 . 2013-11-28 14:52        --------        d-----w-        c:\users\Default\AppData\Local\temp

2013-11-27 09:34 . 2013-11-27 09:34        --------        d-----w-        C:\FRST

2013-11-26 17:04 . 2013-11-08 03:12        10285968        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{942C0102-2192-402A-AD38-C4F12913AF05}\mpengine.dll

2013-11-21 14:02 . 2007-04-10 00:06        10752        ----a-w-        c:\windows\system32\E_GCINST.DLL

2013-11-21 14:02 . 2011-03-15 02:03        83968        ----a-w-        c:\windows\system32\E_YD4BHVE.DLL

2013-11-13 18:27 . 2013-11-13 18:27        --------        d-----w-        c:\programdata\McAfee

2013-11-13 10:54 . 2013-10-05 20:25        1474048        ----a-w-        c:\windows\system32\crypt32.dll

2013-11-13 10:51 . 2013-10-03 02:23        404480        ----a-w-        c:\windows\system32\gdi32.dll

2013-11-13 10:51 . 2013-10-03 02:00        311808        ----a-w-        c:\windows\SysWow64\gdi32.dll

2013-11-13 10:51 . 2013-10-12 02:29        859648        ----a-w-        c:\windows\system32\IKEEXT.DLL

2013-11-13 10:51 . 2013-10-12 02:30        830464        ----a-w-        c:\windows\system32\nshwfp.dll

2013-11-13 10:51 . 2013-10-12 02:29        324096        ----a-w-        c:\windows\system32\FWPUCLNT.DLL

2013-11-13 10:51 . 2013-10-12 02:03        656896        ----a-w-        c:\windows\SysWow64\nshwfp.dll

2013-11-13 10:51 . 2013-10-12 02:01        216576        ----a-w-        c:\windows\SysWow64\FWPUCLNT.DLL

2013-11-09 17:59 . 2013-11-09 18:05        --------        d-----w-        c:\users\Angela\AppData\Roaming\Apple Computer

2013-11-09 17:59 . 2013-11-09 17:59        --------        d-----w-        c:\users\Angela\AppData\Local\Apple Computer

2013-11-09 17:58 . 2012-08-21 12:01        33240        ----a-w-        c:\windows\system32\drivers\GEARAspiWDM.sys

2013-11-09 17:57 . 2013-11-09 17:57        --------        d-----w-        c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69

2013-11-09 17:57 . 2013-11-09 17:57        --------        d-----w-        c:\program files\iTunes

2013-11-09 17:57 . 2013-11-09 17:57        --------        d-----w-        c:\program files (x86)\iTunes

2013-11-09 17:57 . 2013-11-09 17:57        --------        d-----w-        c:\programdata\Apple Computer

2013-11-09 17:57 . 2013-11-09 17:57        --------        d-----w-        c:\program files\iPod

2013-11-09 17:55 . 2013-11-09 17:55        --------        d-----w-        c:\users\Angela\AppData\Local\Apple

2013-11-09 17:55 . 2013-11-09 17:55        --------        d-----w-        c:\program files (x86)\Apple Software Update

2013-11-09 17:54 . 2013-11-09 17:54        --------        d-----w-        c:\program files\Common Files\Apple

2013-11-09 17:54 . 2013-11-09 17:54        --------        d-----w-        c:\program files\Bonjour

2013-11-09 17:54 . 2013-11-09 17:54        --------        d-----w-        c:\program files (x86)\Bonjour

2013-11-09 17:54 . 2013-11-09 17:57        --------        d-----w-        c:\program files (x86)\Common Files\Apple

2013-11-09 17:54 . 2013-11-09 17:55        --------        d-----w-        c:\programdata\Apple

2013-11-06 14:21 . 2013-11-06 14:21        --------        d-sh--w-        c:\windows\SysWow64\AI_RecycleBin

2013-11-06 14:21 . 2013-11-07 14:40        --------        d-----w-        c:\program files (x86)\sysTPL

2013-11-06 14:20 . 2013-11-06 14:25        --------        d-----w-        c:\users\Angela\AppData\Roaming\Tlapia

2013-11-04 09:49 . 2013-11-04 09:49        --------        d-----w-        c:\users\Angela\AppData\Local\IAC

2013-11-04 09:49 . 2013-11-04 09:49        --------        d-----w-        c:\users\Angela\AppData\Local\VideoDownloadConverter_4z

2013-11-04 09:47 . 2013-11-04 09:47        --------        d-----w-        c:\program files (x86)\VideoDownloadConverter

2013-10-31 13:33 . 2013-10-31 13:40        --------        d-----w-        c:\users\Angela\AppData\Roaming\CyberLink

2013-10-31 13:31 . 2013-10-31 13:31        --------        d-----w-        c:\program files\Google

2013-10-31 13:29 . 2013-10-31 13:30        --------        d-----w-        c:\program files (x86)\Common Files\Adobe

2013-10-31 13:00 . 2013-10-31 13:00        --------        d-----w-        c:\program files (x86)\Media Player Utilities 4.28

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-11-26 17:13 . 2013-05-08 19:39        83160        ----a-w-        c:\windows\system32\drivers\avnetflt.sys

2013-11-26 17:13 . 2013-04-01 19:53        28600        ----a-w-        c:\windows\system32\drivers\avkmgr.sys

2013-11-26 17:13 . 2013-04-01 19:53        132600        ----a-w-        c:\windows\system32\drivers\avipbb.sys

2013-11-26 17:13 . 2013-04-01 19:53        106904        ----a-w-        c:\windows\system32\drivers\avgntflt.sys

2013-11-13 18:26 . 2012-07-15 09:39        71048        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2013-11-13 14:37 . 2012-03-06 17:33        82896128        ----a-w-        c:\windows\system32\MRT.exe

2013-11-11 16:30 . 2012-11-09 19:59        46368        ----a-w-        c:\windows\system32\drivers\avgtpx64.sys

2013-11-11 04:50 . 2012-07-14 15:41        267936        ------w-        c:\windows\system32\MpSigStub.exe

2013-10-08 05:50 . 2013-10-17 09:48        96168        ----a-w-        c:\windows\SysWow64\WindowsAccessBridge-32.dll

2013-09-08 02:30 . 2013-10-09 13:35        1903552        ----a-w-        c:\windows\system32\drivers\tcpip.sys

2013-09-08 02:27 . 2013-10-09 13:35        327168        ----a-w-        c:\windows\system32\mswsock.dll

2013-09-08 02:03 . 2013-10-09 13:35        231424        ----a-w-        c:\windows\SysWow64\mswsock.dll

2013-09-04 12:12 . 2013-10-09 13:33        343040        ----a-w-        c:\windows\system32\drivers\usbhub.sys

2013-09-04 12:11 . 2013-10-09 13:33        325120        ----a-w-        c:\windows\system32\drivers\usbport.sys

2013-09-04 12:11 . 2013-10-09 13:33        99840        ----a-w-        c:\windows\system32\drivers\usbccgp.sys

2013-09-04 12:11 . 2013-10-09 13:33        52736        ----a-w-        c:\windows\system32\drivers\usbehci.sys

2013-09-04 12:11 . 2013-10-09 13:33        30720        ----a-w-        c:\windows\system32\drivers\usbuhci.sys

2013-09-04 12:11 . 2013-10-09 13:33        25600        ----a-w-        c:\windows\system32\drivers\usbohci.sys

2013-09-04 12:11 . 2013-10-09 13:33        7808        ----a-w-        c:\windows\system32\drivers\usbd.sys

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{312f84fb-8970-4fd3-bddb-7012eac4afc9}]

2013-11-04 09:46        716360        ----a-w-        c:\progra~2\VIDEOD~2\bar\1.bin\4zbar.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]

2013-11-11 16:30        3353624        ----a-w-        c:\program files (x86)\AVG Secure Search\17.1.2.1\AVG Secure Search_toolbar.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{c547c6c2-561b-4169-a2a5-20ba771ca93b}]

2013-11-04 09:46        62864        ----a-w-        c:\program files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zSrcAs.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]

"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\17.1.2.1\AVG Secure Search_toolbar.dll" [2013-11-11 3353624]

"{48586425-6bb7-4f51-8dc6-38c88e3ebb58}"= "c:\program files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zbar.dll" [2013-11-04 716360]

.

[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]

[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]

[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]

.

[HKEY_CLASSES_ROOT\clsid\{48586425-6bb7-4f51-8dc6-38c88e3ebb58}]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ISUSPM"="c:\programdata\FLEXnet\Connect\11\ISUSPM.exe" [2009-05-05 222496]

"OfficeSyncProcess"="c:\program files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" [2013-04-22 720064]

"EPLTarget\P0000000000000001"="c:\windows\system32\spool\DRIVERS\x64\3\E_YATIHVE.EXE" [2012-07-12 241280]

"EPLTarget\P0000000000000000"="c:\windows\system32\spool\DRIVERS\x64\3\E_IATIHAE.EXE" [2012-02-29 283232]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"Nuance PDF Reader-reminder"="c:\program files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" [2008-11-03 328992]

"ASUSPRP"="c:\program files (x86)\ASUS\APRP\APRP.EXE" [2011-10-19 3331312]

"ASUSWebStorage"="c:\program files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe" [2011-07-29 737104]

"SonicMasterTray"="c:\program files (x86)\ASUS\ASUS Sonic Focus\SonicFocusTray.exe" [2010-07-10 984400]

"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2010-08-17 5732992]

"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-10-07 170624]

"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]

"Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2011-06-10 2255360]

"EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe" [2010-10-12 979328]

"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 89184]

"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2013-11-11 2420248]

"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-11-26 683576]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]

"MailCheck IE Broker"="c:\program files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe" [2013-10-16 1766464]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-09-05 958576]

"VideoDownloadConverter Search Scope Monitor"="c:\progra~2\VIDEOD~2\bar\1.bin\4zsrchmn.exe" [2013-11-04 44784]

"VideoDownloadConverter_4z Browser Plugin Loader"="c:\progra~2\VIDEOD~2\bar\1.bin\4zbrmon.exe" [2013-11-04 30096]

"sysTPL"="c:\program files (x86)\sysTPL\sysTPL.exe" [2013-07-21 504600]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-09-13 59720]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-11-01 152392]

.

c:\users\Angela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

EvernoteClipper.lnk - c:\program files (x86)\Evernote\Evernote\EvernoteClipper.exe [2013-10-3 1103200]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

AsusVibeLauncher.lnk - c:\program files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe /start [2011-10-19 549040]

FancyStart daemon.lnk - c:\windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_94E3CE3704FE82FBF49A6A.exe -d [2012-1-8 12862]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]

"Userinit"="userinit.exe"

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]

R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [x]

R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ew_hwusbdev.sys [x]

R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbnet.sys [x]

R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys;c:\windows\SYSNATIVE\Drivers\ANDROIDUSB.sys [x]

R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]

R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys;c:\windows\SYSNATIVE\DRIVERS\SiSG664.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]

R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]

S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_sata.sys [x]

S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_xata.sys [x]

S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [x]

S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys;c:\windows\SYSNATIVE\drivers\avgtpx64.sys [x]

S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]

S2 AAV UpdateService;AAV UpdateService;c:\program files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe;c:\program files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [x]

S2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe;c:\program files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [x]

S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe;c:\windows\SYSNATIVE\FBAgent.exe [x]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]

S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]

S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]

S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [x]

S2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE;c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [x]

S2 EPSON_PM_RPCV4_05;EPSON V3 Service4(05);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_WT50RP.EXE;c:\program files\Common Files\EPSON\EPW!3 SSRP\E_WT50RP.EXE [x]

S2 sysTPLMonitor.exe;sysTPLMonitor;c:\program files (x86)\sysTPL\sysTPLMonitor.exe;c:\program files (x86)\sysTPL\sysTPLMonitor.exe [x]

S2 sysTPLService.exe;sysTPLService;c:\program files (x86)\sysTPL\sysTPLService.exe;c:\program files (x86)\sysTPL\sysTPLService.exe [x]

S2 VideoDownloadConverter_4zService;VideoDownloadConverterService;c:\progra~2\VIDEOD~2\bar\1.bin\4zbarsvc.exe;c:\progra~2\VIDEOD~2\bar\1.bin\4zbarsvc.exe [x]

S2 vToolbarUpdater17.1.2;vToolbarUpdater17.1.2;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.1.2\ToolbarUpdater.exe;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.1.2\ToolbarUpdater.exe [x]

S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys;c:\windows\SYSNATIVE\DRIVERS\amdiox64.sys [x]

S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]

S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]

S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jubusenum.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]

S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]

.

.

--- Andere Dienste/Treiber im Speicher ---

.

*NewlyCreated* - WS2IFSL

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2013-11-17 17:11        1210320        ----a-w-        c:\program files (x86)\Google\Chrome\Application\31.0.1650.57\Installer\chrmstp.exe

.

Inhalt des "geplante Tasks" Ordners

.

2013-11-28 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-15 18:26]

.

2013-11-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-28 18:59]

.

2013-11-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-28 18:59]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]

@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"

[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]

2011-05-25 07:09        227840        ----a-w-        c:\program files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSShellExt64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]

@="{64174815-8D98-4CE6-8646-4C039977D808}"

[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]

2011-05-25 07:09        227840        ----a-w-        c:\program files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSShellExt64.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-10-14 2278504]

"VideoDownloadConverter Home Page Guard 64 bit"="c:\progra~2\VIDEOD~2\bar\1.bin\AppIntegrator64.exe" [2013-11-04 548936]

.

------- Zusätzlicher Suchlauf -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://home.tb.ask.com/index.jhtml?n=77FD7B63&p2=^HJ^man000^YYA^&ptb=0E68884F-B533-4D4D-B3AF-02BAF2CD5486

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local;<local>

IE: Add to AMV/AVI Video Converter... - c:\program files (x86)\Media Player Utilities 4.28\AMVConverter\grab.html

IE: An OneNote s&enden - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105

IE: Auswahl speichern - c:\program files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3

IE: Bild ausschneiden - c:\program files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=4

IE: Diese Seite ausschneiden - c:\program files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1

IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000

IE: Neue Notiz - c:\program files (x86)\Evernote\Evernote\\EvernoteIERes\NewNote.html

IE: URL notieren - c:\program files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0

Trusted Zone: ing-diba.de\www

Trusted Zone: jobrapido.com\de

Trusted Zone: web.de

Trusted Zone: web.de\navigator

Trusted Zone: westwing.de\www

Trusted Zone: xing.com\www

TCP: DhcpNameServer = 192.168.178.1

TCP: Interfaces\{936CB760-98DF-451C-8301-D8C258E9B683}: NameServer = 193.189.244.225 193.189.244.206

TCP: Interfaces\{E79ED8EB-7F22-4B47-9017-056B0723096D}: NameServer = 193.189.244.225 193.189.244.206

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\17.1.2\ViProtocol.dll

Handler: webde - {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - c:\program files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll

DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/4.0.4.0/GarminAxControl_32.CAB

DPF: {85C86CCC-2158-4123-9C7D-785190CED875} - hxxps://lernboerse.arbeitsagentur.de/exklusiv/ilias/data/balihob/lm_data/httppath/dpLaunchPlugin.cab

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -

.

BHO-{9b9dcae3-be34-424c-8d73-75e305a9e091} - c:\program files (x86)\WeatherBlink\bar\1.bin\gcSrcAs.dll

BHO-{dc9051c2-8f55-479a-97a4-747980d9047f} - c:\progra~2\WEATHE~2\bar\1.bin\gcbar.dll

Toolbar-Locked - (no file)

Toolbar-{f20de5e0-2a6e-4c54-985f-1cf59551ce39} - c:\program files (x86)\WeatherBlink\bar\1.bin\gcbar.dll

Wow6432Node-HKLM-Run-WeatherBlink Search Scope Monitor - c:\progra~2\WEATHE~2\bar\1.bin\gcsrchmn.exe

Wow6432Node-HKLM-Run-WeatherBlink Browser Plugin Loader - c:\progra~2\WEATHE~2\bar\1.bin\gcbrmon.exe

HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start

Toolbar-Locked - (no file)

HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe

HKLM-Run-WeatherBlink Home Page Guard 64 bit - c:\progra~2\WEATHE~2\bar\1.bin\AppIntegrator64.exe

AddRemove-ASUS_Screensaver - c:\windows\system32\ASUS_Screensaver.scr

.

.

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_152_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_152_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_152_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_152_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_152.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_152.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_152.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_152.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Weitere laufende Prozesse ------------------------

.

c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe

c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe

c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE

c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.1.2\loggingserver.exe

c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe

c:\program files (x86)\ASUS\SmartLogon\sensorsrv.exe

c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe

c:\windows\AsScrPro.exe

c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe

c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe

c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe

.

**************************************************************************

.

Zeit der Fertigstellung: 2013-11-28  16:08:07 - PC wurde neu gestartet

ComboFix-quarantined-files.txt  2013-11-28 15:08

.

Vor Suchlauf: 10 Verzeichnis(se), 55.317.659.648 Bytes frei

Nach Suchlauf: 17 Verzeichnis(se), 56.769.220.608 Bytes frei

.

- - End Of File - - 00766E52F2596B8025B5DF6B985690E1

 
--- --- ---

A36C5E4F47E84449FF07ED3517B43A31

PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys;c:\windows\SYSNATIVE\DRIVERS\SiSG664.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_sata.sys [x]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_xata.sys [x]
S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [x]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys;c:\windows\SYSNATIVE\drivers\avgtpx64.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S2 AAV UpdateService;AAV UpdateService;c:\program files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe;c:\program files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [x]
S2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe;c:\program files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [x]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe;c:\windows\SYSNATIVE\FBAgent.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [x]
S2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE;c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [x]
S2 EPSON_PM_RPCV4_05;EPSON V3 Service4(05);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_WT50RP.EXE;c:\program files\Common Files\EPSON\EPW!3 SSRP\E_WT50RP.EXE [x]
S2 sysTPLMonitor.exe;sysTPLMonitor;c:\program files (x86)\sysTPL\sysTPLMonitor.exe;c:\program files (x86)\sysTPL\sysTPLMonitor.exe [x]
S2 sysTPLService.exe;sysTPLService;c:\program files (x86)\sysTPL\sysTPLService.exe;c:\program files (x86)\sysTPL\sysTPLService.exe [x]
S2 VideoDownloadConverter_4zService;VideoDownloadConverterService;c:\progra~2\VIDEOD~2\bar\1.bin\4zbarsvc.exe;c:\progra~2\VIDEOD~2\bar\1.bin\4zbarsvc.exe [x]
S2 vToolbarUpdater17.1.2;vToolbarUpdater17.1.2;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.1.2\ToolbarUpdater.exe;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.1.2\ToolbarUpdater.exe [x]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys;c:\windows\SYSNATIVE\DRIVERS\amdiox64.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jubusenum.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-11-17 17:11 1210320 ----a-w- c:\program files (x86)\Google\Chrome\Application\31.0.1650.57\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-11-28 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-15 18:26]
.
2013-11-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-28 18:59]
.
2013-11-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-28 18:59]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2011-05-25 07:09 227840 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2011-05-25 07:09 227840 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-10-14 2278504]
"VideoDownloadConverter Home Page Guard 64 bit"="c:\progra~2\VIDEOD~2\bar\1.bin\AppIntegrator64.exe" [2013-11-04 548936]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://home.tb.ask.com/index.jhtml?n=77FD7B63&p2=^HJ^man000^YYA^&ptb=0E68884F-B533-4D4D-B3AF-02BAF2CD5486
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local;<local>
IE: Add to AMV/AVI Video Converter... - c:\program files (x86)\Media Player Utilities 4.28\AMVConverter\grab.html
IE: An OneNote s&enden - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Auswahl speichern - c:\program files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3
IE: Bild ausschneiden - c:\program files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=4
IE: Diese Seite ausschneiden - c:\program files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Neue Notiz - c:\program files (x86)\Evernote\Evernote\\EvernoteIERes\NewNote.html
IE: URL notieren - c:\program files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0
Trusted Zone: ing-diba.de\www
Trusted Zone: jobrapido.com\de
Trusted Zone: web.de
Trusted Zone: web.de\navigator
Trusted Zone: westwing.de\www
Trusted Zone: xing.com\www
TCP: DhcpNameServer = 192.168.178.1
TCP: Interfaces\{936CB760-98DF-451C-8301-D8C258E9B683}: NameServer = 193.189.244.225 193.189.244.206
TCP: Interfaces\{E79ED8EB-7F22-4B47-9017-056B0723096D}: NameServer = 193.189.244.225 193.189.244.206
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\17.1.2\ViProtocol.dll
Handler: webde - {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - c:\program files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/4.0.4.0/GarminAxControl_32.CAB
DPF: {85C86CCC-2158-4123-9C7D-785190CED875} - hxxps://lernboerse.arbeitsagentur.de/exklusiv/ilias/data/balihob/lm_data/httppath/dpLaunchPlugin.cab
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{9b9dcae3-be34-424c-8d73-75e305a9e091} - c:\program files (x86)\WeatherBlink\bar\1.bin\gcSrcAs.dll
BHO-{dc9051c2-8f55-479a-97a4-747980d9047f} - c:\progra~2\WEATHE~2\bar\1.bin\gcbar.dll
Toolbar-Locked - (no file)
Toolbar-{f20de5e0-2a6e-4c54-985f-1cf59551ce39} - c:\program files (x86)\WeatherBlink\bar\1.bin\gcbar.dll
Wow6432Node-HKLM-Run-WeatherBlink Search Scope Monitor - c:\progra~2\WEATHE~2\bar\1.bin\gcsrchmn.exe
Wow6432Node-HKLM-Run-WeatherBlink Browser Plugin Loader - c:\progra~2\WEATHE~2\bar\1.bin\gcbrmon.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe
HKLM-Run-WeatherBlink Home Page Guard 64 bit - c:\progra~2\WEATHE~2\bar\1.bin\AppIntegrator64.exe
AddRemove-ASUS_Screensaver - c:\windows\system32\ASUS_Screensaver.scr
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_152_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_152_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_152_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_152_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_152.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_152.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_152.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_152.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.1.2\loggingserver.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
c:\program files (x86)\ASUS\SmartLogon\sensorsrv.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
c:\windows\AsScrPro.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-11-28 16:08:07 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2013-11-28 15:08
.
Vor Suchlauf: 10 Verzeichnis(se), 55.317.659.648 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 56.769.220.608 Bytes frei
.
- - End Of File - - 00766E52F2596B8025B5DF6B985690E1
A36C5E4F47E84449FF07ED3517B43A31

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

http://www.trojaner-board.de/picture...&pictureid=307

Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

und ein frisches FRST log bitte.

Code:

Malwarebytes Anti-Malware (Test) 1.75.0.1300

www.malwarebytes.org
 

Datenbank Version: v2013.11.29.02
 

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 10.0.9200.16736

Angela :: ANGELA-PC [Administrator]
 

Schutz: Aktiviert
 

29.11.2013 10:16:35

mbam-log-2013-11-29 (10-16-35).txt
 

Art des Suchlaufs: Quick-Scan

Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM

Deaktivierte Suchlaufeinstellungen: P2P

Durchsuchte Objekte: 230834

Laufzeit: 7 Minute(n), 57 Sekunde(n)
 

Infizierte Speicherprozesse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel: 5

HKCR\CLSID\{33119133-0854-469d-807A-171568457991} (PUP.Optional.FunWebProducts.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

HKCR\TypeLib\{03119103-0854-469d-807A-171568457991} (PUP.Optional.FunWebProducts.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

HKCR\Interface\{23119123-0854-469D-807A-171568457991} (PUP.Optional.FunWebProducts.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

HKCR\WeatherBlink.SkinLauncherSettings.1 (PUP.Optional.FunWebProducts.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

HKCR\WeatherBlink.SkinLauncherSettings (PUP.Optional.FunWebProducts.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
 

Infizierte Registrierungswerte: 2

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|VideoDownloadConverter Search Scope Monitor (PUP.Optional.MindSpark) -> Daten: "C:\PROGRA~2\VIDEOD~2\bar\1.bin\4zsrchmn.exe" /m=2 /w /h -> Erfolgreich gelöscht und in Quarantäne gestellt.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|VideoDownloadConverter_4z Browser Plugin Loader (PUP.Optional.MindSpark) -> Daten: C:\PROGRA~2\VIDEOD~2\bar\1.bin\4zbrmon.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.
 

Infizierte Dateiobjekte der Registrierung: 1

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (PUP.Optional.AskWebSearch) -> Bösartig: (hxxp://home.tb.ask.com/index.jhtml?n=77FD7B63&p2=^HJ^man000^YYA^&ptb=0E68884F-B533-4D4D-B3AF-02BAF2CD5486) Gut: (hxxp://www.google.com) -> Erfolgreich ersetzt und in Quarantäne gestellt.
 

Infizierte Verzeichnisse: 2

C:\Users\Angela\AppData\Roaming\OpenCandy (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt.

C:\Users\Angela\AppData\Roaming\OpenCandy\76652E750DE94723B299A8010F3FF091 (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt.
 

Infizierte Dateien: 7

C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zSrchMn.exe (PUP.Optional.MindSpark) -> Löschen bei Neustart.

C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zbrmon.exe (PUP.Optional.MindSpark) -> Löschen bei Neustart.

C:\Users\Angela\AppData\Roaming\OpenCandy\76652E750DE94723B299A8010F3FF091\2875.ico (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt.

C:\Users\Angela\AppData\Roaming\OpenCandy\76652E750DE94723B299A8010F3FF091\avg.exe (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt.

C:\Users\Angela\AppData\Roaming\OpenCandy\76652E750DE94723B299A8010F3FF091\AVG923_p1v3.exe (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt.

C:\Users\Angela\AppData\Roaming\OpenCandy\76652E750DE94723B299A8010F3FF091\EBB77268-338F-4C6A-8590-AD88FED26F4A (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt.

C:\Users\Angela\AppData\Roaming\OpenCandy\76652E750DE94723B299A8010F3FF091\OCBrowserHelper_1.0.3.85.dll (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt.
 

(Ende)

AdwCleaner Logfile:

Code:

# AdwCleaner v3.013 - Bericht erstellt am 29/11/2013 um 10:55:33

# Updated 24/11/2013 von Xplode

# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)

# Benutzername : Angela - ANGELA-PC

# Gestartet von : C:\Users\Angela\Desktop\adwcleaner.exe

# Option : Löschen
 

***** [ Dienste ] *****
 

Dienst Gelöscht : VideoDownloadConverter_4zService
 

***** [ Dateien / Ordner ] *****
 

Ordner Gelöscht : C:\ProgramData\AVG Secure Search

Ordner Gelöscht : C:\Program Files (x86)\AVG Secure Search

Ordner Gelöscht : C:\Program Files (x86)\VideoDownloadConverter_4z

Ordner Gelöscht : C:\Program Files (x86)\Common Files\AVG Secure Search

Ordner Gelöscht : C:\Users\Angela\AppData\Local\AVG Secure Search

Ordner Gelöscht : C:\Users\Angela\AppData\Local\iac

Ordner Gelöscht : C:\Users\Angela\AppData\Local\VideoDownloadConverter_4z

Ordner Gelöscht : C:\Users\Angela\AppData\LocalLow\AVG Secure Search

Ordner Gelöscht : C:\Users\Angela\AppData\LocalLow\iac

Ordner Gelöscht : C:\Users\Angela\AppData\LocalLow\VideoDownloadConverter_4z

Ordner Gelöscht : C:\Users\Angela\AppData\Roaming\pdfforge

Ordner Gelöscht : C:\Users\Angela\AppData\Roaming\Tlapia

Ordner Gelöscht : C:\Users\Angela\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
 

***** [ Verknüpfungen ] *****
 
 

***** [ Registrierungsdatenbank ] *****
 

Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]

Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protector_dll.protectorbho

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.DynamicBarButton

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.DynamicBarButton.1

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.FeedManager

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.FeedManager.1

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.HTMLMenu

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.HTMLMenu.1

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.HTMLPanel

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.HTMLPanel.1

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.MultipleButton

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.MultipleButton.1

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.PseudoTransparentPlugin

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.PseudoTransparentPlugin.1

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.Radio

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.Radio.1

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.RadioSettings

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.RadioSettings.1

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.ScriptButton

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.ScriptButton.1

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.SettingsPlugin

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.SettingsPlugin.1

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.SkinLauncher

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.SkinLauncher.1

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.ThirdPartyInstaller

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.ThirdPartyInstaller.1

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.UrlAlertButton

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.UrlAlertButton.1

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.XMLSessionPlugin

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.XMLSessionPlugin.1

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASAPI32

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASMANCS

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS

Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]

Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ASUS_Screensaver

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{13119113-0854-469D-807A-171568457991}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1F6F39C1-00A8-4752-A94C-D0EA92D978B6}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{2A1260C1-2964-453F-B0BA-FA429472EB5F}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{312F84FB-8970-4FD3-BDDB-7012EAC4AFC9}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{363D5C92-10DC-4287-93E5-1832EECC48EC}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3B41BE90-F731-4137-AFF3-2CA951E7F0D9}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{4128C64D-F0DD-4811-9405-D22294E8151F}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5354D921-3F52-47C5-938D-77A2FB6DEFE7}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{66292684-B2C2-4C7C-B3D2-BF446E30744C}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{69407823-3494-4400-8D49-612549E8F4EE}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6BFF4BCB-7A73-45A7-AC4C-389A34E1D1EF}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{71144427-1368-4D18-8DC9-2AE3CC4C4F83}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{8FCA5302-6D6D-4645-BF99-D43CF76CE474}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{99E1F6FD-2E94-4CF6-8344-1BA63CD3BD9B}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{C424171E-592A-415A-9EB1-DFD6D95D3530}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{C547C6C2-561B-4169-A2A5-20BA771CA93B}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{DD385519-22E7-4BE2-8A8D-35C66DF4858E}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{ED345812-2722-4DCA-9976-D01832DB44EE}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{17B10E59-09E1-4C39-A738-6774D7AB7778}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1AD2049E-E483-4425-8555-8E0775ACB631}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2D73F2D0-2FAB-458E-977D-2F9050E0ED60}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3E9469AF-E866-4476-B767-810630F1F6E7}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{47700C35-9E3E-4DAD-934C-0CE28A87237C}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{716E443D-7CAA-44F1-866B-F45D00E712CC}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{72063D77-7590-4DA9-A7F8-F5ECAF3632C4}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{7FC87AC5-FA93-476E-A32C-A941229DED0B}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{2D3826A1-F3E8-45D6-94B5-C26D8EC0073B}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{3EE17DD1-E28B-4AED-A3B2-9C29CB2C19D6}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{886F93AD-3CBB-4424-8442-A7340243540F}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{AA289DBC-59B6-40A5-AC7D-C90DF850289C}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{CA723163-6FAD-43D4-8B93-0D8C52BD9974}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{F1F328EB-F5A5-432B-A54C-05F3EF5B0BD8}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{FB0E8A09-F08C-44CF-9E15-97ADAC016248}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{FE8DBB09-C3D3-4477-80CB-D38914B94BB8}

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{312F84FB-8970-4FD3-BDDB-7012EAC4AFC9}

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C547C6C2-561B-4169-A2A5-20BA771CA93B}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{312F84FB-8970-4FD3-BDDB-7012EAC4AFC9}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C424171E-592A-415A-9EB1-DFD6D95D3530}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C547C6C2-561B-4169-A2A5-20BA771CA93B}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{312F84FB-8970-4FD3-BDDB-7012EAC4AFC9}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C424171E-592A-415A-9EB1-DFD6D95D3530}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C547C6C2-561B-4169-A2A5-20BA771CA93B}

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1F6F39C1-00A8-4752-A94C-D0EA92D978B6}

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5354D921-3F52-47C5-938D-77A2FB6DEFE7}

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{71144427-1368-4D18-8DC9-2AE3CC4C4F83}

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{99E1F6FD-2E94-4CF6-8344-1BA63CD3BD9B}

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{ED345812-2722-4DCA-9976-D01832DB44EE}

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}

Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]

Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{C424171E-592A-415A-9EB1-DFD6D95D3530}]

Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{C424171E-592A-415A-9EB1-DFD6D95D3530}]

Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{93A3111F-4F74-4ED8-895E-D9708497629E}]

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{C424171E-592A-415A-9EB1-DFD6D95D3530}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{17B10E59-09E1-4C39-A738-6774D7AB7778}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{1AD2049E-E483-4425-8555-8E0775ACB631}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{2D73F2D0-2FAB-458E-977D-2F9050E0ED60}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{3E9469AF-E866-4476-B767-810630F1F6E7}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{47700C35-9E3E-4DAD-934C-0CE28A87237C}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{716E443D-7CAA-44F1-866B-F45D00E712CC}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{72063D77-7590-4DA9-A7F8-F5ECAF3632C4}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{7FC87AC5-FA93-476E-A32C-A941229DED0B}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}

Wert Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{C424171E-592A-415A-9EB1-DFD6D95D3530}]

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}

Schlüssel Gelöscht : HKCU\Software\AVG Secure Search

Schlüssel Gelöscht : HKCU\Software\FLEXnet

Schlüssel Gelöscht : HKCU\Software\IGearSettings

Schlüssel Gelöscht : HKLM\Software\AVG Secure Search

Schlüssel Gelöscht : HKLM\Software\AVG Security Toolbar

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
 

***** [ Browser ] *****
 

-\\ Internet Explorer v10.0.9200.16736
 
 

-\\ Google Chrome v31.0.1650.57
 

[ Datei : C:\Users\Angela\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 

Gelöscht : homepage

Gelöscht : urls_to_restore_on_startup

Gelöscht : search_url

Gelöscht : suggest_url
 

*************************
 

AdwCleaner[R0].txt - [17100 octets] - [29/11/2013 10:51:41]

AdwCleaner[S0].txt - [16692 octets] - [29/11/2013 10:55:33]
 

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [16753 octets] ##########

--- --- ---

[/CODE]

Code:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.0.8 (11.05.2013:1)

OS: Windows 7 Home Premium x64

Ran by Angela on 29.11.2013 at 12:20:23,10

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 

~~~ Services
 
 
 

~~~ Registry Values
 
 
 

~~~ Registry Keys
 

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{cf6e4b1c-dbde-457e-9cef-ab8ecac8a5e8}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{cf6e4b1c-dbde-457e-9cef-ab8ecac8a5e8}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9B9DCAE3-BE34-424C-8D73-75E305A9E091}
 
 
 

~~~ Files
 
 
 

~~~ Folders
 

Successfully deleted: [Folder] "C:\Users\Angela\appdata\local\apn"

Successfully deleted: [Folder] "C:\Users\Angela\appdata\locallow\weatherblink"

Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"

Successfully deleted: [Empty Folder] C:\Users\Angela\appdata\local\{0197289D-A1EB-4069-9ADD-5352AAA9BEC7}

Successfully deleted: [Empty Folder] C:\Users\Angela\appdata\local\{024BCE6A-1643-4420-8FD8-1DC9E49DA829}

Successfully deleted: [Empty Folder] C:\Users\Angela\appdata\local\{059FC00B-3C17-48FE-806D-385BA3E9859B}

Successfully deleted: [Empty Folder] C:\Users\Angela\appdata\local\{0F0CAA94-A694-4A93-B98A-8F7F1952D256}

Successfully deleted: [Empty Folder] C:\Users\Angela\appdata\local\{19AD4531-50A6-4C1F-8902-73436A2D41C9}

Successfully deleted: [Empty Folder] C:\Users\Angela\appdata\local\{1C563FCB-59AC-4484-A72B-714929E2C13C}

Successfully deleted: [Empty Folder] C:\Users\Angela\appdata\local\{22710551-B4A7-44C0-934E-4293D86714E5}

Successfully deleted: [Empty Folder] C:\Users\Angela\appdata\local\{22C23AC0-696D-44CC-A6EE-019153F4A717}

Successfully deleted: [Empty Folder] C:\Users\Angela\appdata\local\{3F0AFA29-B4C8-4EF9-B705-59C8C0466A62}

Successfully deleted: [Empty Folder] C:\Users\Angela\appdata\local\{4EA193D9-6E79-4E9C-9493-121BB8A0ECFD}

Successfully deleted: [Empty Folder] C:\Users\Angela\appdata\local\{574627E7-2F1C-4465-83E6-F2D0C87B3CFA}

Successfully deleted: [Empty Folder] C:\Users\Angela\appdata\local\{63120479-6768-41F0-AD58-90F1525929E0}

Successfully deleted: [Empty Folder] C:\Users\Angela\appdata\local\{6419C517-E115-4019-8C16-E097C8F924C7}

Successfully deleted: [Empty Folder] C:\Users\Angela\appdata\local\{6C890181-60CB-473D-A520-0D614CC272E0}

Successfully deleted: [Empty Folder] C:\Users\Angela\appdata\local\{7C3B2E5A-8540-4FBB-B326-BCD6F91F94B5}

Successfully deleted: [Empty Folder] C:\Users\Angela\appdata\local\{93CAA2F0-FA35-4765-8F3C-CCF258977BD1}

Successfully deleted: [Empty Folder] C:\Users\Angela\appdata\local\{97C8CFDE-0906-4CA6-9E11-3FF0AE99DBB2}

Successfully deleted: [Empty Folder] C:\Users\Angela\appdata\local\{9CFD8050-936D-44DE-9635-36FE2AE70FF6}

Successfully deleted: [Empty Folder] C:\Users\Angela\appdata\local\{9EC8C1CB-5172-4C7E-BDAC-54BEF37B5FB5}

Successfully deleted: [Empty Folder] C:\Users\Angela\appdata\local\{9F19E8D7-A292-4B0F-AF66-A394E6ED5EC6}

Successfully deleted: [Empty Folder] C:\Users\Angela\appdata\local\{A1FCF39F-1C0E-461D-A296-0C82A2A1526D}

Successfully deleted: [Empty Folder] C:\Users\Angela\appdata\local\{B6912E71-2B22-4FA4-84E1-4EF273D7DA3A}

Successfully deleted: [Empty Folder] C:\Users\Angela\appdata\local\{B6B979CC-53D9-4060-8AA7-D7A79430E038}

Successfully deleted: [Empty Folder] C:\Users\Angela\appdata\local\{BD18DA81-5B02-4FC2-A674-FFA34B47E483}

Successfully deleted: [Empty Folder] C:\Users\Angela\appdata\local\{D230FBA2-5024-4541-A7BE-EC19E6C3CF46}

Successfully deleted: [Empty Folder] C:\Users\Angela\appdata\local\{D733D6DA-610F-455A-86AB-C6328230FFDC}

Successfully deleted: [Empty Folder] C:\Users\Angela\appdata\local\{F8D1FD17-287B-4842-97DC-87E3F6ED91EF}
 
 
 

~~~ Event Viewer Logs were cleared
 
 
 
 
 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on 29.11.2013 at 12:40:36,68

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

FRST Logfile:

FRST Logfile:

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-11-2013

Ran by Angela (administrator) on ANGELA-PC on 29-11-2013 13:01:34

Running from C:\Users\Angela\Desktop

Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard

Internet Explorer Version 10

Boot Mode: Normal
 

==================== Processes (Whitelisted) =================
 

(AMD) C:\Windows\System32\atiesrxx.exe

(AMD) C:\Windows\System32\atieclxx.exe

(ASUSTeK Computer Inc.) C:\Windows\System32\FBAgent.exe

(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe

(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

() C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe

(ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe

(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE

(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_WT50RP.EXE

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE

() C:\Program Files (x86)\sysTPL\sysTPLMonitor.exe

() C:\Program Files (x86)\sysTPL\sysTPLService.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe

(ASUS) C:\Windows\AsScrPro.exe

(ASUS) C:\Program Files\P4G\BatteryLife.exe

(ASUS) C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe

(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe

(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe

(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe

(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe

(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE

(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATIHVE.EXE

(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATIHAE.EXE

(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe

(Virage Logic Corporation / Sonic Focus) C:\Program Files (x86)\ASUS\ASUS Sonic Focus\SonicFocusTray.exe

(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe

(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe

(ASUS) C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe

(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

(1und1 Mail und Media GmbH) C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe

() C:\Program Files (x86)\sysTPL\sysTPL.exe

(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe

(ASUS) C:\Program Files (x86)\ASUS\SmartLogon\smartlogon.exe
 

==================== Registry (Whitelisted) ==================
 

HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2278504 2011-10-14] (Realtek Semiconductor)

HKLM\...\Run: [ETDCtrl] - C:\Program Files\Elantech\ETDCtrl.exe [2587944 2010-12-31] (ELAN Microelectronics Corp.)

HKLM\...\Run: [VideoDownloadConverter Home Page Guard 64 bit] - "C:\PROGRA~2\VIDEOD~2\bar\1.bin\AppIntegrator64.exe"

HKLM\...\Run: [WeatherBlink Home Page Guard 64 bit] - "C:\PROGRA~2\WEATHE~2\bar\1.bin\AppIntegrator64.exe"

HKCU\...\Run: [ISUSPM] - C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-06] (Acresso Corporation)

HKCU\...\Run: [OfficeSyncProcess] - C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [720064 2013-04-22] (Microsoft Corporation)

HKCU\...\Run: [EPLTarget\P0000000000000001] - C:\Windows\System32\spool\drivers\x64\3\E_YATIHVE.EXE [241280 2012-07-12] (SEIKO EPSON CORPORATION)

HKCU\...\Run: [EPLTarget\P0000000000000000] - C:\Windows\System32\spool\drivers\x64\3\E_IATIHAE.EXE [283232 2012-02-29] (SEIKO EPSON CORPORATION)

HKLM-x32\...\Run: [Nuance PDF Reader-reminder] - C:\ProgramData\Nuance\PDF Reader\Ereg\Ereg.ini [370 2013-11-29] ()

HKLM-x32\...\Run: [ASUSPRP] - C:\Program Files (x86)\ASUS\APRP\aprp.exe [3331312 2011-10-19] (ASUSTek Computer Inc.)

HKLM-x32\...\Run: [ASUSWebStorage] - C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe [737104 2011-07-29] (ecareme)

HKLM-x32\...\Run: [SonicMasterTray] - C:\Program Files (x86)\ASUS\ASUS Sonic Focus\SonicFocusTray.exe [984400 2010-07-10] (Virage Logic Corporation / Sonic Focus)

HKLM-x32\...\Run: [ATKOSD2] - C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [5732992 2010-08-17] (ASUS)

HKLM-x32\...\Run: [ATKMEDIA] - C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-10-07] (ASUS)

HKLM-x32\...\Run: [HControlUser] - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)

HKLM-x32\...\Run: [Wireless Console 3] - C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [2255360 2011-06-10] (ASUS)

HKLM-x32\...\Run: [EEventManager] - C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [979328 2010-10-12] (SEIKO EPSON CORPORATION)

HKLM-x32\...\Run: [BCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)

HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [683576 2013-11-26] (Avira Operations GmbH & Co. KG)

HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)

HKLM-x32\...\Run: [MailCheck IE Broker] - C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe [1766464 2013-10-16] (1und1 Mail und Media GmbH)

HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-09-05] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [sysTPL] - C:\Program Files (x86)\sysTPL\sysTPL.exe [504600 2013-07-21] ()

HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)

HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)

Startup: C:\Users\Angela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk

ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
 

==================== Internet (Whitelisted) ====================
 

ProxyEnable: Internet Explorer proxy is enabled.

ProxyServer: http=127.0.0.1:8877;https=127.0.0.1:8877

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe

SearchScopes: HKCU - DefaultScope {3F22469A-F386-46FD-B175-217DBC962757} URL = hxxp://go.web.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8

SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKCU - {12E8A9D6-B35A-4D18-9938-73AEA9DA23F7} URL = hxxp://search.gmx.com/web?q={searchTerms}&origin=tb_splugin_ie

SearchScopes: HKCU - {3F22469A-F386-46FD-B175-217DBC962757} URL = hxxp://go.web.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8

SearchScopes: HKCU - {4FF994C5-EDB5-4819-AF3B-6850119C4E48} URL = hxxp://go.1und1.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8

SearchScopes: HKCU - {7E7DB4B8-518C-45C0-8E48-6C8CAE4F7355} URL = hxxp://go.mail.com/tb/en-us/ie_searchplugin/?q={searchTerms}&enc=UTF-8

SearchScopes: HKCU - {BA982C84-73B3-43BD-AE81-C23F3ABC246A} URL = hxxp://go.1und1.de/tb/ie_searchplugin/?su={searchTerms}

SearchScopes: HKCU - {DCB409E2-1B8A-461F-A068-4EAAC6013CD6} URL = hxxp://go.gmx.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8

BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)

BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO: WEB.DE MailCheck BHO - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH)

BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO-x32: Evernote extension - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)

BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO-x32: WEB.DE MailCheck BHO - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH)

BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)

BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

BHO-x32: Toolbar BHO - {dc9051c2-8f55-479a-97a4-747980d9047f} - C:\PROGRA~2\WEATHE~2\bar\1.bin\gcbar.dll No File

Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)

Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)

Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

Toolbar: HKLM-x32 - VideoDownloadConverter - {48586425-6bb7-4f51-8dc6-38c88e3ebb58} - C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zbar.dll No File

Toolbar: HKLM-x32 - WeatherBlink - {f20de5e0-2a6e-4c54-985f-1cf59551ce39} - C:\Program Files (x86)\WeatherBlink\bar\1.bin\gcbar.dll No File

Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

DPF: HKLM-x32 {85C86CCC-2158-4123-9C7D-785190CED875} https://lernboerse.arbeitsagentur.de/exklusiv/ilias/data/balihob/lm_data/httppath/dpLaunchPlugin.cab

Handler: webde - {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH)

Handler-x32: webde - {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH)

Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

Tcpip\..\Interfaces\{936CB760-98DF-451C-8301-D8C258E9B683}: [NameServer]193.189.244.225 193.189.244.206

Tcpip\..\Interfaces\{E79ED8EB-7F22-4B47-9017-056B0723096D}: [NameServer]193.189.244.225 193.189.244.206
 

Chrome: 

=======

CHR HomePage: hxxp://www.google.com

CHR RestoreOnStartup: "hxxp://www.google.com"

CHR DefaultSearchURL: (Ask) - hxxp://www.google.com

CHR DefaultSuggestURL: (Ask) - hxxp://www.google.com

CHR Plugin: (Remoting Viewer) - internal-remoting-viewer

CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\ppGoogleNaClPluginChrome.dll ()

CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\pdf.dll ()

CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\gcswf32.dll No File

CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File

CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

CHR Plugin: (NPCIG.dll) - C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\NPCIG.dll No File

CHR Plugin: (AVG SiteSafety plugin) - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\\npsitesafety.dll No File

CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll No File

CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File

CHR Plugin: (Zeon Plus) - C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation)

CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

CHR Extension: (Chrome In-App Payments service) - C:\Users\Angela\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 

==================== Services (Whitelisted) =================
 

R2 AAV UpdateService; C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [128296 2008-10-24] ()

R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2011-07-14] (Advanced Micro Devices, Inc.)

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376 2013-11-26] (Avira Operations GmbH & Co. KG)

R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376 2013-11-26] (Avira Operations GmbH & Co. KG)

R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)

R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)

R2 sysTPLMonitor.exe; C:\Program Files (x86)\sysTPL\sysTPLMonitor.exe [30488 2013-07-21] ()

R2 sysTPLService.exe; C:\Program Files (x86)\sysTPL\sysTPLService.exe [32536 2013-07-21] ()

S2 vToolbarUpdater17.1.2; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.1.2\ToolbarUpdater.exe [x]
 

==================== Drivers (Whitelisted) ====================
 

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [106904 2013-11-26] (Avira Operations GmbH & Co. KG)

R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [46368 2013-11-11] (AVG Technologies)

R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132600 2013-11-26] (Avira Operations GmbH & Co. KG)

R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-26] (Avira Operations GmbH & Co. KG)

S3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [250368 2010-04-07] (Huawei Technologies Co., Ltd.)

R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)

S3 catchme; \??\C:\ComboFix\catchme.sys [x]
 

==================== NetSvcs (Whitelisted) ===================
 
 

==================== One Month Created Files and Folders ========
 

2013-11-29 12:40 - 2013-11-29 12:40 - 00004196 _____ C:\Users\Angela\Desktop\JRT.txt

2013-11-29 12:20 - 2013-11-29 12:20 - 00000000 ____D C:\Windows\ERUNT

2013-11-29 12:18 - 2013-11-29 12:18 - 01034531 _____ (Thisisu) C:\Users\Angela\Desktop\JRT.exe

2013-11-29 10:51 - 2013-11-29 10:57 - 00000000 ____D C:\AdwCleaner

2013-11-29 10:48 - 2013-11-29 10:48 - 01091882 _____ C:\Users\Angela\Desktop\adwcleaner.exe

2013-11-29 10:13 - 2013-11-29 10:13 - 00001071 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2013-11-29 10:13 - 2013-11-29 10:13 - 00000000 ____D C:\Users\Angela\AppData\Roaming\Malwarebytes

2013-11-29 10:13 - 2013-11-29 10:13 - 00000000 ____D C:\ProgramData\Malwarebytes

2013-11-29 10:13 - 2013-11-29 10:13 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-11-29 10:13 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2013-11-29 09:56 - 2013-11-29 09:57 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Angela\Downloads\mbam-setup-1.75.0.1300.exe

2013-11-28 16:08 - 2013-11-28 16:08 - 00031785 _____ C:\ComboFix.txt

2013-11-28 15:31 - 2013-11-28 16:08 - 00000000 ____D C:\Qoobox

2013-11-28 15:31 - 2013-11-28 16:03 - 00000000 ____D C:\Windows\erdnt

2013-11-28 15:31 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe

2013-11-28 15:31 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe

2013-11-28 15:31 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe

2013-11-28 15:31 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe

2013-11-28 15:31 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe

2013-11-28 15:31 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe

2013-11-28 15:31 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe

2013-11-28 15:31 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe

2013-11-28 15:28 - 2013-11-28 15:28 - 05150163 ____R (Swearware) C:\Users\Angela\Desktop\ComboFix.exe

2013-11-28 11:15 - 2013-11-28 15:21 - 00011411 _____ C:\Users\Angela\Desktop\Zahnarzt.xlsx

2013-11-27 10:40 - 2013-11-27 10:42 - 00025795 _____ C:\Users\Angela\Desktop\Addition.txt

2013-11-27 10:34 - 2013-11-29 13:01 - 00017972 _____ C:\Users\Angela\Desktop\FRST.txt

2013-11-27 10:34 - 2013-11-27 10:34 - 00000000 ____D C:\FRST

2013-11-27 10:31 - 2013-11-27 10:31 - 01958818 _____ (Farbar) C:\Users\Angela\Desktop\FRST64.exe

2013-11-25 15:21 - 2013-11-25 15:21 - 00028268 _____ C:\Users\Angela\Documents\AVSCAN-20131124-143905-27969B91.LOG

2013-11-24 14:33 - 2013-11-24 14:33 - 00570432 _____ C:\Windows\Minidump\112413-93600-01.dmp

2013-11-24 12:04 - 2013-11-24 12:04 - 105937674 _____ C:\Windows\SysWOW64\⧡ᵌD

2013-11-24 11:58 - 2013-11-24 11:58 - 00569264 _____ C:\Windows\Minidump\112413-28672-01.dmp

2013-11-23 01:53 - 2013-11-23 01:53 - 00375736 _____ C:\Windows\Minidump\112313-27549-01.dmp

2013-11-21 15:30 - 2013-11-21 17:05 - 00000000 ____D C:\Users\Angela\Documents\Schlichting

2013-11-21 15:02 - 2011-03-15 03:03 - 00083968 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\E_YD4BHVE.DLL

2013-11-21 15:02 - 2007-04-10 01:06 - 00010752 _____ (SEIKO EPSON CORP.) C:\Windows\system32\E_GCINST.DLL

2013-11-20 18:00 - 2013-11-20 18:00 - 00517552 _____ C:\Windows\Minidump\112013-27939-01.dmp

2013-11-20 11:43 - 2013-11-20 11:44 - 01264416 _____ C:\Windows\Minidump\112013-27518-01.dmp

2013-11-16 12:08 - 2013-11-16 12:09 - 00569056 _____ C:\Windows\Minidump\111613-25942-01.dmp

2013-11-13 19:27 - 2013-11-13 19:27 - 00000000 ____D C:\ProgramData\McAfee

2013-11-13 15:46 - 2013-10-12 09:45 - 02241536 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2013-11-13 15:46 - 2013-10-12 09:45 - 01364992 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2013-11-13 15:46 - 2013-10-12 09:45 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2013-11-13 15:46 - 2013-10-12 09:43 - 19269632 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2013-11-13 15:46 - 2013-10-12 09:43 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2013-11-13 15:46 - 2013-10-12 09:43 - 03959808 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2013-11-13 15:46 - 2013-10-12 09:43 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2013-11-13 15:46 - 2013-10-12 09:43 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll

2013-11-13 15:46 - 2013-10-12 09:43 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2013-11-13 15:46 - 2013-10-12 09:43 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2013-11-13 15:46 - 2013-10-12 09:43 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll

2013-11-13 15:46 - 2013-10-12 09:43 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2013-11-13 15:46 - 2013-10-12 09:43 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2013-11-13 15:46 - 2013-10-12 09:43 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2013-11-13 15:46 - 2013-10-12 08:03 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2013-11-13 15:46 - 2013-10-12 08:03 - 01138176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2013-11-13 15:46 - 2013-10-12 08:02 - 14355968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2013-11-13 15:46 - 2013-10-12 08:02 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2013-11-13 15:46 - 2013-10-12 08:02 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2013-11-13 15:46 - 2013-10-12 08:02 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2013-11-13 15:46 - 2013-10-12 08:02 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2013-11-13 15:46 - 2013-10-12 08:02 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2013-11-13 15:46 - 2013-10-12 08:02 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2013-11-13 15:46 - 2013-10-12 08:02 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll

2013-11-13 15:46 - 2013-10-12 08:02 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2013-11-13 15:46 - 2013-10-12 08:02 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2013-11-13 15:46 - 2013-10-12 08:02 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2013-11-13 15:46 - 2013-10-12 07:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2013-11-13 15:46 - 2013-10-12 07:08 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2013-11-13 15:46 - 2013-10-12 06:44 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe

2013-11-13 15:46 - 2013-10-12 06:15 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe

2013-11-13 11:54 - 2013-10-05 21:25 - 01474048 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll

2013-11-13 11:54 - 2013-10-05 20:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll

2013-11-13 11:54 - 2013-10-04 03:28 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll

2013-11-13 11:54 - 2013-10-04 03:25 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll

2013-11-13 11:54 - 2013-10-04 03:24 - 01930752 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll

2013-11-13 11:54 - 2013-10-04 02:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll

2013-11-13 11:54 - 2013-10-04 02:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll

2013-11-13 11:54 - 2013-10-04 02:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll

2013-11-13 11:54 - 2013-09-28 02:09 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys

2013-11-13 11:54 - 2013-09-25 03:26 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys

2013-11-13 11:54 - 2013-09-25 03:26 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys

2013-11-13 11:54 - 2013-09-25 03:23 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll

2013-11-13 11:54 - 2013-09-25 03:23 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll

2013-11-13 11:54 - 2013-09-25 03:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll

2013-11-13 11:54 - 2013-09-25 03:22 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll

2013-11-13 11:54 - 2013-09-25 03:21 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll

2013-11-13 11:54 - 2013-09-25 03:21 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll

2013-11-13 11:54 - 2013-09-25 02:58 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll

2013-11-13 11:54 - 2013-09-25 02:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll

2013-11-13 11:54 - 2013-09-25 02:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll

2013-11-13 11:54 - 2013-09-25 02:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll

2013-11-13 11:54 - 2013-09-25 02:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe

2013-11-13 11:54 - 2013-07-04 13:18 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys

2013-11-13 11:51 - 2013-10-12 03:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll

2013-11-13 11:51 - 2013-10-12 03:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL

2013-11-13 11:51 - 2013-10-12 03:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL

2013-11-13 11:51 - 2013-10-12 03:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll

2013-11-13 11:51 - 2013-10-12 03:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL

2013-11-13 11:51 - 2013-10-03 03:23 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll

2013-11-13 11:51 - 2013-10-03 03:00 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll

2013-11-12 13:45 - 2013-11-12 13:45 - 01270800 _____ C:\Windows\Minidump\111213-28922-01.dmp

2013-11-12 10:32 - 2013-11-12 10:32 - 103837334 _____ C:\Windows\SysWOW64\ꔻᵌS

2013-11-10 18:36 - 2013-11-10 18:36 - 00569008 _____ C:\Windows\Minidump\111013-26629-01.dmp

2013-11-09 18:59 - 2013-11-09 19:05 - 00000000 ____D C:\Users\Angela\AppData\Roaming\Apple Computer

2013-11-09 18:59 - 2013-11-09 18:59 - 00000000 ____D C:\Users\Angela\AppData\Local\Apple Computer

2013-11-09 18:58 - 2012-08-21 13:01 - 00033240 _____ (GEAR Software Inc.) C:\Windows\system32\Drivers\GEARAspiWDM.sys

2013-11-09 18:57 - 2013-11-09 18:57 - 00000000 ____D C:\ProgramData\Apple Computer

2013-11-09 18:57 - 2013-11-09 18:57 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69

2013-11-09 18:57 - 2013-11-09 18:57 - 00000000 ____D C:\Program Files\iTunes

2013-11-09 18:57 - 2013-11-09 18:57 - 00000000 ____D C:\Program Files\iPod

2013-11-09 18:57 - 2013-11-09 18:57 - 00000000 ____D C:\Program Files (x86)\iTunes

2013-11-09 18:55 - 2013-11-09 18:55 - 00000000 ____D C:\Windows\System32\Tasks\Apple

2013-11-09 18:55 - 2013-11-09 18:55 - 00000000 ____D C:\Users\Angela\AppData\Local\Apple

2013-11-09 18:55 - 2013-11-09 18:55 - 00000000 ____D C:\Program Files (x86)\Apple Software Update

2013-11-09 18:54 - 2013-11-09 18:55 - 00000000 ____D C:\ProgramData\Apple

2013-11-09 18:54 - 2013-11-09 18:54 - 00000000 ____D C:\Program Files\Common Files\Apple

2013-11-09 18:54 - 2013-11-09 18:54 - 00000000 ____D C:\Program Files\Bonjour

2013-11-09 18:54 - 2013-11-09 18:54 - 00000000 ____D C:\Program Files (x86)\Bonjour

2013-11-06 15:21 - 2013-11-07 15:40 - 00000000 ____D C:\Program Files (x86)\sysTPL

2013-11-04 15:09 - 2013-11-04 15:09 - 01203952 _____ C:\Windows\Minidump\110413-33618-01.dmp

2013-11-04 10:47 - 2013-11-04 10:47 - 00000000 ____D C:\Program Files (x86)\VideoDownloadConverter

2013-11-04 10:26 - 2013-11-06 15:21 - 01325667 _____ C:\Users\Angela\Downloads\8711902027010 Lenco Podo.zip

2013-11-04 09:29 - 2013-11-04 09:29 - 104845822 _____ C:\Windows\SysWOW64\귟ᵌL

2013-10-31 14:33 - 2013-10-31 14:40 - 00000000 ____D C:\Users\Angela\AppData\Roaming\CyberLink

2013-10-31 14:31 - 2013-10-31 14:32 - 00000000 ____D C:\ProgramData\Google

2013-10-31 14:31 - 2013-10-31 14:31 - 00000000 ____D C:\Program Files\Google

2013-10-31 14:00 - 2013-10-31 14:00 - 00000000 ____D C:\Users\Angela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Media Player Utilities 4.28

2013-10-31 14:00 - 2013-10-31 14:00 - 00000000 ____D C:\Program Files (x86)\Media Player Utilities 4.28
 

==================== One Month Modified Files and Folders =======
 

2013-11-29 13:02 - 2013-11-27 10:34 - 00017972 _____ C:\Users\Angela\Desktop\FRST.txt

2013-11-29 12:56 - 2011-02-19 05:24 - 00708282 _____ C:\Windows\system32\perfh007.dat

2013-11-29 12:56 - 2011-02-19 05:24 - 00151886 _____ C:\Windows\system32\perfc007.dat

2013-11-29 12:56 - 2009-07-14 06:13 - 01643244 _____ C:\Windows\system32\PerfStringBackup.INI

2013-11-29 12:55 - 2012-07-15 10:39 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job

2013-11-29 12:40 - 2013-11-29 12:40 - 00004196 _____ C:\Users\Angela\Desktop\JRT.txt

2013-11-29 12:23 - 2012-01-08 22:29 - 01958921 _____ C:\Windows\WindowsUpdate.log

2013-11-29 12:20 - 2013-11-29 12:20 - 00000000 ____D C:\Windows\ERUNT

2013-11-29 12:18 - 2013-11-29 12:18 - 01034531 _____ (Thisisu) C:\Users\Angela\Desktop\JRT.exe

2013-11-29 12:17 - 2009-07-14 05:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2013-11-29 12:17 - 2009-07-14 05:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2013-11-29 12:09 - 2012-08-28 19:59 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2013-11-29 12:09 - 2012-08-28 19:59 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2013-11-29 12:09 - 2012-02-26 00:09 - 00000000 ___HD C:\ASUS.DAT

2013-11-29 12:08 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT

2013-11-29 12:08 - 2009-07-14 05:51 - 00095050 _____ C:\Windows\setupact.log

2013-11-29 10:57 - 2013-11-29 10:51 - 00000000 ____D C:\AdwCleaner

2013-11-29 10:48 - 2013-11-29 10:48 - 01091882 _____ C:\Users\Angela\Desktop\adwcleaner.exe

2013-11-29 10:40 - 2012-01-08 22:58 - 00001807 _____ C:\Windows\system32\ServiceFilter.ini

2013-11-29 10:38 - 2011-10-19 04:20 - 00467196 _____ C:\Windows\PFRO.log

2013-11-29 10:13 - 2013-11-29 10:13 - 00001071 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2013-11-29 10:13 - 2013-11-29 10:13 - 00000000 ____D C:\Users\Angela\AppData\Roaming\Malwarebytes

2013-11-29 10:13 - 2013-11-29 10:13 - 00000000 ____D C:\ProgramData\Malwarebytes

2013-11-29 10:13 - 2013-11-29 10:13 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-11-29 09:57 - 2013-11-29 09:56 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Angela\Downloads\mbam-setup-1.75.0.1300.exe

2013-11-29 09:29 - 2009-07-14 06:32 - 00000000 ____D C:\Windows\system32\FxsTmp

2013-11-28 16:08 - 2013-11-28 16:08 - 00031785 _____ C:\ComboFix.txt

2013-11-28 16:08 - 2013-11-28 15:31 - 00000000 ____D C:\Qoobox

2013-11-28 16:08 - 2009-07-14 04:20 - 00000000 __RHD C:\Users\Default

2013-11-28 16:03 - 2013-11-28 15:31 - 00000000 ____D C:\Windows\erdnt

2013-11-28 15:59 - 2009-07-14 03:34 - 00000215 _____ C:\Windows\system.ini

2013-11-28 15:54 - 2009-07-14 03:34 - 22806528 _____ C:\Windows\system32\config\SYSTEM.bak

2013-11-28 15:54 - 2009-07-14 03:34 - 101449728 _____ C:\Windows\system32\config\SOFTWARE.bak

2013-11-28 15:54 - 2009-07-14 03:34 - 00524288 _____ C:\Windows\system32\config\DEFAULT.bak

2013-11-28 15:54 - 2009-07-14 03:34 - 00262144 _____ C:\Windows\system32\config\SECURITY.bak

2013-11-28 15:54 - 2009-07-14 03:34 - 00262144 _____ C:\Windows\system32\config\SAM.bak

2013-11-28 15:28 - 2013-11-28 15:28 - 05150163 ____R (Swearware) C:\Users\Angela\Desktop\ComboFix.exe

2013-11-28 15:21 - 2013-11-28 11:15 - 00011411 _____ C:\Users\Angela\Desktop\Zahnarzt.xlsx

2013-11-27 10:42 - 2013-11-27 10:40 - 00025795 _____ C:\Users\Angela\Desktop\Addition.txt

2013-11-27 10:34 - 2013-11-27 10:34 - 00000000 ____D C:\FRST

2013-11-27 10:31 - 2013-11-27 10:31 - 01958818 _____ (Farbar) C:\Users\Angela\Desktop\FRST64.exe

2013-11-27 10:29 - 2013-10-09 09:01 - 00028160 _____ C:\Users\Angela\Desktop\Überweisungen an Melanie + Armin jun. Klippe.xls

2013-11-26 18:13 - 2013-05-08 20:39 - 00083160 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys

2013-11-26 18:13 - 2013-04-01 20:53 - 00132600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys

2013-11-26 18:13 - 2013-04-01 20:53 - 00106904 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys

2013-11-26 18:13 - 2013-04-01 20:53 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys

2013-11-25 15:31 - 2012-03-06 20:34 - 00000000 ____D C:\Users\Angela\Documents\Steuerfälle

2013-11-25 15:21 - 2013-11-25 15:21 - 00028268 _____ C:\Users\Angela\Documents\AVSCAN-20131124-143905-27969B91.LOG

2013-11-24 14:33 - 2013-11-24 14:33 - 00570432 _____ C:\Windows\Minidump\112413-93600-01.dmp

2013-11-24 14:33 - 2012-05-25 00:00 - 00000000 ____D C:\Windows\Minidump

2013-11-24 14:32 - 2012-05-24 23:59 - 483554360 _____ C:\Windows\MEMORY.DMP

2013-11-24 12:04 - 2013-11-24 12:04 - 105937674 _____ C:\Windows\SysWOW64\⧡ᵌD

2013-11-24 11:58 - 2013-11-24 11:58 - 00569264 _____ C:\Windows\Minidump\112413-28672-01.dmp

2013-11-23 01:53 - 2013-11-23 01:53 - 00375736 _____ C:\Windows\Minidump\112313-27549-01.dmp

2013-11-21 17:05 - 2013-11-21 15:30 - 00000000 ____D C:\Users\Angela\Documents\Schlichting

2013-11-21 15:41 - 2012-02-26 00:09 - 00000000 ____D C:\Users\Angela

2013-11-21 15:30 - 2013-01-24 17:03 - 00000000 ____D C:\Users\Angela\Documents\schriftverkehr Finanzamt Eichstätt für Steuer 2011

2013-11-21 15:29 - 2012-02-26 00:09 - 00000000 ____D C:\Users\Angela\AppData\Local\VirtualStore

2013-11-21 15:28 - 2012-03-04 00:09 - 00000000 ____D C:\Users\Angela\AppData\Roaming\Epson

2013-11-20 18:00 - 2013-11-20 18:00 - 00517552 _____ C:\Windows\Minidump\112013-27939-01.dmp

2013-11-20 11:44 - 2013-11-20 11:43 - 01264416 _____ C:\Windows\Minidump\112013-27518-01.dmp

2013-11-20 10:44 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF

2013-11-16 12:09 - 2013-11-16 12:08 - 00569056 _____ C:\Windows\Minidump\111613-25942-01.dmp

2013-11-15 09:56 - 2012-01-08 22:53 - 00028382 _____ C:\Windows\DPINST.LOG

2013-11-15 09:55 - 2012-07-15 10:58 - 00000000 ____D C:\Users\Angela\AppData\Local\Downloaded Installations

2013-11-13 19:42 - 2012-07-15 10:57 - 00000000 ____D C:\Users\Angela\AppData\Local\Adobe

2013-11-13 19:27 - 2013-11-13 19:27 - 00000000 ____D C:\ProgramData\McAfee

2013-11-13 19:26 - 2012-07-15 10:39 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2013-11-13 19:26 - 2012-07-15 10:39 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater

2013-11-13 15:48 - 2012-03-06 16:48 - 00000000 ____D C:\ProgramData\Microsoft Help

2013-11-13 15:43 - 2013-08-19 22:44 - 00000000 ____D C:\Windows\system32\MRT

2013-11-13 15:37 - 2012-03-06 18:33 - 82896128 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2013-11-12 13:46 - 2012-01-08 22:58 - 00002790 _____ C:\Windows\system32\AutoRunFilter.ini

2013-11-12 13:45 - 2013-11-12 13:45 - 01270800 _____ C:\Windows\Minidump\111213-28922-01.dmp

2013-11-12 10:32 - 2013-11-12 10:32 - 103837334 _____ C:\Windows\SysWOW64\ꔻᵌS

2013-11-11 17:30 - 2012-11-09 20:59 - 00046368 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx64.sys

2013-11-11 05:50 - 2012-07-14 16:41 - 00267936 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

2013-11-10 18:36 - 2013-11-10 18:36 - 00569008 _____ C:\Windows\Minidump\111013-26629-01.dmp

2013-11-09 19:05 - 2013-11-09 18:59 - 00000000 ____D C:\Users\Angela\AppData\Roaming\Apple Computer

2013-11-09 18:59 - 2013-11-09 18:59 - 00000000 ____D C:\Users\Angela\AppData\Local\Apple Computer

2013-11-09 18:57 - 2013-11-09 18:57 - 00000000 ____D C:\ProgramData\Apple Computer

2013-11-09 18:57 - 2013-11-09 18:57 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69

2013-11-09 18:57 - 2013-11-09 18:57 - 00000000 ____D C:\Program Files\iTunes

2013-11-09 18:57 - 2013-11-09 18:57 - 00000000 ____D C:\Program Files\iPod

2013-11-09 18:57 - 2013-11-09 18:57 - 00000000 ____D C:\Program Files (x86)\iTunes

2013-11-09 18:55 - 2013-11-09 18:55 - 00000000 ____D C:\Windows\System32\Tasks\Apple

2013-11-09 18:55 - 2013-11-09 18:55 - 00000000 ____D C:\Users\Angela\AppData\Local\Apple

2013-11-09 18:55 - 2013-11-09 18:55 - 00000000 ____D C:\Program Files (x86)\Apple Software Update

2013-11-09 18:55 - 2013-11-09 18:54 - 00000000 ____D C:\ProgramData\Apple

2013-11-09 18:54 - 2013-11-09 18:54 - 00000000 ____D C:\Program Files\Common Files\Apple

2013-11-09 18:54 - 2013-11-09 18:54 - 00000000 ____D C:\Program Files\Bonjour

2013-11-09 18:54 - 2013-11-09 18:54 - 00000000 ____D C:\Program Files (x86)\Bonjour

2013-11-08 09:44 - 2012-07-15 10:57 - 00000000 ____D C:\ProgramData\Adobe

2013-11-07 15:40 - 2013-11-06 15:21 - 00000000 ____D C:\Program Files (x86)\sysTPL

2013-11-06 15:21 - 2013-11-04 10:26 - 01325667 _____ C:\Users\Angela\Downloads\8711902027010 Lenco Podo.zip

2013-11-05 10:33 - 2012-03-06 16:49 - 00000000 ____D C:\Program Files\Microsoft Office

2013-11-05 09:55 - 2012-12-14 15:46 - 00000000 ____D C:\Users\Angela\Documents\Outlook-Dateien

2013-11-04 15:48 - 2012-03-04 23:50 - 00000000 ___RD C:\Users\Angela\Documents\KA Ordner 2010

2013-11-04 15:48 - 2012-03-04 23:28 - 00000000 ____D C:\Users\Angela\Documents\Bewerbung

2013-11-04 15:47 - 2012-03-04 22:50 - 00000000 ____D C:\Users\Angela\Documents\roter stick

2013-11-04 15:43 - 2013-06-13 11:53 - 00000000 ____D C:\Users\Angela\Documents\Modernisierung

2013-11-04 15:43 - 2013-04-22 19:03 - 00000000 ____D C:\Users\Angela\Documents\Arbeitsamt 2013

2013-11-04 15:43 - 2013-03-18 21:19 - 00000000 ____D C:\Users\Angela\Documents\Melanie erhaltenen Zahlungen

2013-11-04 15:43 - 2013-03-06 10:47 - 00000000 ____D C:\Users\Angela\Documents\Nebenkostenabrechnung

2013-11-04 15:43 - 2013-03-05 11:28 - 00000000 ____D C:\Users\Angela\Documents\Zweitwohnungssteuer

2013-11-04 15:09 - 2013-11-04 15:09 - 01203952 _____ C:\Windows\Minidump\110413-33618-01.dmp

2013-11-04 10:47 - 2013-11-04 10:47 - 00000000 ____D C:\Program Files (x86)\VideoDownloadConverter

2013-11-04 10:23 - 2012-02-26 00:15 - 00000000 ____D C:\Users\Angela\AppData\Roaming\Adobe

2013-11-04 09:38 - 2012-08-28 19:59 - 00000000 ____D C:\Users\Angela\AppData\Local\Google

2013-11-04 09:29 - 2013-11-04 09:29 - 104845822 _____ C:\Windows\SysWOW64\귟ᵌL

2013-10-31 14:40 - 2013-10-31 14:33 - 00000000 ____D C:\Users\Angela\AppData\Roaming\CyberLink

2013-10-31 14:33 - 2012-01-08 23:02 - 00000000 ____D C:\ProgramData\CyberLink

2013-10-31 14:32 - 2013-10-31 14:31 - 00000000 ____D C:\ProgramData\Google

2013-10-31 14:31 - 2013-10-31 14:31 - 00000000 ____D C:\Program Files\Google

2013-10-31 14:31 - 2012-08-28 19:59 - 00000000 ____D C:\Program Files (x86)\Google

2013-10-31 14:29 - 2012-07-15 10:57 - 00000000 ____D C:\Program Files (x86)\Adobe

2013-10-31 14:00 - 2013-10-31 14:00 - 00000000 ____D C:\Users\Angela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Media Player Utilities 4.28

2013-10-31 14:00 - 2013-10-31 14:00 - 00000000 ____D C:\Program Files (x86)\Media Player Utilities 4.28
 

Some content of TEMP:

====================

C:\Users\Angela\AppData\Local\Temp\avgnt.exe

C:\Users\Angela\AppData\Local\Temp\Quarantine.exe
 
 

==================== Bamital & volsnap Check =================
 

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 

LastRegBack: 2013-10-02 09:27
 

==================== End Of Log ============================

--- --- ---

--- --- ---

--- --- ---

Code:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-11-2013

Ran by Angela at 2013-11-29 13:52:19

Running from C:\Users\Angela\Desktop

Boot Mode: Normal

==========================================================
 
 

==================== Security Center ========================
 

AV: Avira Desktop (Disabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}

AS: Avira Desktop (Disabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 

==================== Installed Programs ======================
 

AAVUpdateManager (x32 Version: 18.00.0000)

ABBYY FineReader 9.0 Sprint (x32 Version: 9.01.513.58212)

Adobe AIR (x32 Version: 3.2.0.2070)

Adobe Flash Player 10 Plugin (x32 Version: 10.0.32.18)

Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.152)

Adobe Reader XI (11.0.05) - Deutsch (x32 Version: 11.0.05)

AMD APP SDK Runtime (Version: 2.5.709.2)

AMD Catalyst Install Manager (Version: 3.0.838.0)

AMD Fuel (Version: 2011.0713.1830.31376)

AMD Media Foundation Decoders (Version: 1.0.60713.1822)

AMD VISION Engine Control Center (x32 Version: 2011.0713.1830.31376)

Apple Application Support (x32 Version: 2.3.6)

Apple Mobile Device Support (Version: 7.0.0.117)

Apple Software Update (x32 Version: 2.1.3.127)

ASUS AI Recovery (x32 Version: 1.0.16)

ASUS FancyStart (x32 Version: 1.1.0)

ASUS LifeFrame3 (x32 Version: 3.0.24)

ASUS Live Update (x32 Version: 3.1.7)

ASUS Power4Gear Hybrid (Version: 1.1.44)

ASUS SmartLogon (x32 Version: 1.0.0011)

ASUS Sonic Focus (x32 Version: 1.0.0.5)

ASUS Virtual Camera (x32 Version: 1.0.21)

ASUS WebStorage (x32 Version: 3.0.108.222)

AsusVibe2.0 (x32 Version: 2.0.7.142)

Atheros Client Installation Program (x32 Version: 7.0)

ATK Package (x32 Version: 1.0.0010)

Avira Free Antivirus (x32 Version: 14.0.1.749)

Benutzerhandbuch - Grundlagen EPSON SX430 Series (x32)

Benutzerhandbuch EPSON SX430 Series (x32)

Bing Bar (x32 Version: 7.0.610.0)

Bonjour (Version: 3.0.0.10)

Bubbletown (x32)

Catalyst Control Center Graphics Previews Common (x32 Version: 2011.0713.1830.31376)

Catalyst Control Center InstallProxy (x32 Version: 2011.0713.1830.31376)

Catalyst Control Center Localization All (x32 Version: 2011.0713.1830.31376)

Catalyst Control Center Profiles Mobile (x32 Version: 2011.0713.1830.31376)

CCC Help Chinese Standard (x32 Version: 2011.0713.1829.31376)

CCC Help Chinese Traditional (x32 Version: 2011.0713.1829.31376)

CCC Help Czech (x32 Version: 2011.0713.1829.31376)

CCC Help Danish (x32 Version: 2011.0713.1829.31376)

CCC Help Dutch (x32 Version: 2011.0713.1829.31376)

CCC Help English (x32 Version: 2011.0713.1829.31376)

CCC Help Finnish (x32 Version: 2011.0713.1829.31376)

CCC Help French (x32 Version: 2011.0713.1829.31376)

CCC Help German (x32 Version: 2011.0713.1829.31376)

CCC Help Greek (x32 Version: 2011.0713.1829.31376)

CCC Help Hungarian (x32 Version: 2011.0713.1829.31376)

CCC Help Italian (x32 Version: 2011.0713.1829.31376)

CCC Help Japanese (x32 Version: 2011.0713.1829.31376)

CCC Help Korean (x32 Version: 2011.0713.1829.31376)

CCC Help Norwegian (x32 Version: 2011.0713.1829.31376)

CCC Help Polish (x32 Version: 2011.0713.1829.31376)

CCC Help Portuguese (x32 Version: 2011.0713.1829.31376)

CCC Help Russian (x32 Version: 2011.0713.1829.31376)

CCC Help Spanish (x32 Version: 2011.0713.1829.31376)

CCC Help Swedish (x32 Version: 2011.0713.1829.31376)

CCC Help Thai (x32 Version: 2011.0713.1829.31376)

CCC Help Turkish (x32 Version: 2011.0713.1829.31376)

ccc-utility64 (Version: 2011.0713.1830.31376)

Control ActiveX de Windows Live Mesh para conexiones remotas (x32 Version: 15.4.5722.2)

Contrôle ActiveX Windows Live Mesh pour connexions à distance (x32 Version: 15.4.5722.2)

Controlo ActiveX do Windows Live Mesh para Ligações Remotas (x32 Version: 15.4.5722.2)

CyberLink LabelPrint (x32 Version: 2.5.3624)

CyberLink Media Suite (x32 Version: 8.0.2926)

CyberLink Power2Go (x32 Version: 7.0.0.1126)

D3DX10 (x32 Version: 15.4.2368.0902)

Deadtime Stories (x32)

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32)

Dream Day First Home (x32)

Dream Vacation Solitaire (x32)

Druckerdeinstallation für EPSON BX635FWD Series

Epson Easy Photo Print 2 (x32 Version: 2.2.4.0)

Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) (x32 Version: 1.00.0000)

Epson Event Manager (x32 Version: 2.50.0000)

EPSON Scan (x32)

EPSON SX430 Series Printer Uninstall

EpsonNet Print (x32 Version: 2.5.00)

ETDWare PS/2-X64 8.0.5.1_WHQL (Version: 8.0.5.1)

Evernote v. 5.0.2 (x32 Version: 5.0.2.1392)

Farm Frenzy 3 - Madagascar (x32)

Fast Boot (Version: 1.0.9)

Galapago (x32)

Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922)

Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922)

Galerie de photos Windows Live (x32 Version: 15.4.3502.0922)

Game Park Console (x32 Version: 1.2.4.431)

Google Chrome (x32 Version: 31.0.1650.57)

Google Toolbar for Internet Explorer (x32 Version: 1.0.0)

Google Toolbar for Internet Explorer (x32 Version: 7.5.4601.54)

Google Update Helper (x32 Version: 1.3.21.165)

iTunes (Version: 11.1.3.8)

Java 7 Update 45 (x32 Version: 7.0.450)

Java Auto Updater (x32 Version: 2.1.9.8)

Junk Mail filter update (x32 Version: 15.4.3502.0922)

Mahjong Memoirs (x32)

Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300)

Media Player Utilities 4.28 (x32 Version: 4.28)

Mesh Runtime (x32 Version: 15.4.5722.2)

Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)

Microsoft .NET Framework 4 Extended (Version: 4.0.30319)

Microsoft Application Error Reporting (Version: 12.0.6015.5000)

Microsoft Office 2010 (x32 Version: 14.0.4763.1000)

Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.7015.1000)

Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.7015.1000)

Microsoft Office Groove MUI (German) 2010 (x32 Version: 14.0.7015.1000)

Microsoft Office InfoPath MUI (German) 2010 (x32 Version: 14.0.7015.1000)

Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000)

Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.7015.1000)

Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.7015.1000)

Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.7015.1000)

Microsoft Office Professional Plus 2010 (x32 Version: 14.0.7015.1000)

Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000)

Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000)

Microsoft Office Proof (German) 2010 (x32 Version: 14.0.7015.1000)

Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.7015.1000)

Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.7015.1000)

Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.7015.1000)

Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.7015.1000)

Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.7015.1000)

Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.7015.1000)

Microsoft Silverlight (Version: 5.1.20913.0)

Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)

Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336)

Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)

Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)

Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192)

Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (Version: 10.0.30319)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)

Mobile Partner (x32 Version: 11.302.09.04.382)

MSVCRT (x32 Version: 15.4.2862.0708)

MSVCRT_amd64 (x32 Version: 15.4.2862.0708)

MSXML 4.0 SP3 Parser (KB2721691) (x32 Version: 4.30.2114.0)

MSXML 4.0 SP3 Parser (KB2758694) (x32 Version: 4.30.2117.0)

MSXML 4.0 SP3 Parser (x32 Version: 4.30.2100.0)

Netzwerkhandbuch EPSON SX430 Series (x32)

Nuance PDF Reader (x32 Version: 6.00.0041)

PDFCreator (x32 Version: 1.4.0)

Plants vs Zombies (x32)

Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922)

Realtek Ethernet Controller Driver (x32 Version: 7.42.304.2011)

Realtek High Definition Audio Driver (x32 Version: 6.0.1.6482)

Realtek USB 2.0 Card Reader (x32 Version: 6.1.7600.30127)

Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32)

Sigel Enjoy Your Photo (x32)

Steuer-Spar-Erklärung 2011 (x32 Version: 16.14)

Steuer-Spar-Erklärung 2012 (x32 Version: 17.11)

Steuer-Spar-Erklärung 2013 (x32 Version: 18.09)

sysTPL (x32 Version: 1.0.0)

Turbo Fiesta (x32)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)

Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)

Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3)

Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)

Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)

Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)

Update for Microsoft .NET Framework 4 Extended (KB2836939) (x32 Version: 1)

Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (x32 Version: 3)

Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (x32)

Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (x32)

Update for Microsoft Office 2010 (KB2494150) (x32)

Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (x32)

Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (x32)

Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (x32)

Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (x32)

Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (x32)

Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32)

Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (x32)

Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (x32)

Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition (x32)

Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition (x32)

Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (x32)

Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (x32)

Update for Microsoft Word 2010 (KB2827323) 32-Bit Edition (x32)

VideoDownloadConverter Internet Explorer Toolbar (x32)

WeatherBlink Internet Explorer Toolbar (x32)

WEB.DE Desktop Icons (x32 Version: 3.0.3.0)

WEB.DE MailCheck für Internet Explorer (x32 Version: 2.4.0.0)

WEB.DE Softwareaktualisierung (x32 Version: 3.0.0.55)

Windows Live Communications Platform (x32 Version: 15.4.3502.0922)

Windows Live Essentials (x32 Version: 15.4.3502.0922)

Windows Live Essentials (x32 Version: 15.4.3538.0513)

Windows Live Family Safety (Version: 15.4.3538.0513)

Windows Live Fotogalerie (x32 Version: 15.4.3502.0922)

Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)

Windows Live Installer (x32 Version: 15.4.3502.0922)

Windows Live Language Selector (Version: 15.4.3538.0513)

Windows Live Mail (x32 Version: 15.4.3502.0922)

Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen (x32 Version: 15.4.5722.2)

Windows Live Mesh (x32 Version: 15.4.3502.0922)

Windows Live Mesh ActiveX control for remote connections (x32 Version: 15.4.5722.2)

Windows Live Mesh ActiveX Control for Remote Connections (x32 Version: 15.4.5722.2)

Windows Live Messenger (x32 Version: 15.4.3538.0513)

Windows Live MIME IFilter (Version: 15.4.3502.0922)

Windows Live Movie Maker (x32 Version: 15.4.3502.0922)

Windows Live Photo Common (x32 Version: 15.4.3502.0922)

Windows Live Photo Gallery (x32 Version: 15.4.3502.0922)

Windows Live PIMT Platform (x32 Version: 15.4.3508.1109)

Windows Live Remote Client (Version: 15.4.5722.2)

Windows Live Remote Client Resources (Version: 15.4.5722.2)

Windows Live Remote Service (Version: 15.4.5722.2)

Windows Live Remote Service Resources (Version: 15.4.5722.2)

Windows Live SOXE (x32 Version: 15.4.3502.0922)

Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)

Windows Live UX Platform (x32 Version: 15.4.3502.0922)

Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109)

Windows Live Writer (x32 Version: 15.4.3502.0922)

Windows Live Writer Resources (x32 Version: 15.4.3502.0922)

Windows Live 影像中心 (x32 Version: 15.4.3502.0922)

Windows Live 程式集 (x32 Version: 15.4.3502.0922)

WinFlash (x32 Version: 2.31.1)

Wireless Console 3 (x32 Version: 3.0.21)

World of Goo (x32)

Στοιχείο ελέγχου ActiveX του Windows Live Mesh για απομακρυσμένες συνδέσεις (x32 Version: 15.4.5722.2)

Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922)

Основные компоненты Windows Live (x32 Version: 15.4.3502.0922)

Почта Windows Live (x32 Version: 15.4.3502.0922)

Фотоальбом Windows Live (x32 Version: 15.4.3502.0922)

Элемент управления Windows Live Mesh ActiveX для удаленных подключений (x32 Version: 15.4.5722.2)

גלריית התמונות של Windows Live (x32 Version: 15.4.3502.0922)

פקד ActiveX של Windows Live Mesh עבור חיבורים מרוחקים (x32 Version: 15.4.5722.2)

بريد Windows Live (x32 Version: 15.4.3502.0922)

عنصر تحكم ActiveX الخاص بـ Windows Live Mesh للاتصالات البعيدة (x32 Version: 15.4.5722.2)

معرض صور Windows Live (x32 Version: 15.4.3502.0922)

適用遠端連線的 Windows Live Mesh ActiveX 控制項 (x32 Version: 15.4.5722.2)
 

==================== Restore Points  =========================
 

12-11-2013 14:40:26 Windows Update

13-11-2013 14:34:48 Windows Update

15-11-2013 08:53:31 Removed HTC Sync.

15-11-2013 08:55:56 Removed HTC Driver Installer.

15-11-2013 08:57:04 Removed HTC BMP USB Driver.

17-11-2013 18:00:54 Windows-Sicherung

19-11-2013 09:05:22 Windows Update

21-11-2013 14:03:35 Gerätetreiber-Paketinstallation: EPSON Drucker

22-11-2013 09:25:13 Windows Update

25-11-2013 08:06:59 Windows-Sicherung

26-11-2013 17:03:51 Windows Update

28-11-2013 14:31:55 ComboFix created restore point
 

==================== Hosts content: ==========================
 

2009-07-14 03:34 - 2013-11-28 15:54 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost
 

==================== Scheduled Tasks (whitelisted) =============
 

Task: {00F11048-96AE-4C80-97F3-D910D483F8DF} - System32\Tasks\ASUS SmartLogon Console Sensor => C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe [2010-11-15] (ASUS)

Task: {14179603-8968-484E-8CAB-F87960691DC2} - System32\Tasks\Launch HTC Sync Loader => C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe

Task: {3BFD60E9-598A-4FC0-9C2A-391A30132905} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-08-28] (Google Inc.)

Task: {6E7F9920-79A7-4CEA-9C44-4E169ECD2427} - System32\Tasks\ATKOSD2 => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [2010-08-17] (ASUS)

Task: {6FA0C84C-F4A5-4EF2-BAEA-A8990D40550A} - System32\Tasks\Registration 1und1 Task => C:\Program Files (x86)\1und1Softwareaktualisierung\cdsupdclient.exe [2013-06-18] (1&1 Mail & Media GmbH)

Task: {82F41C53-C854-4142-AA95-DC195C35A4C8} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc

Task: {86B45854-BA2C-4040-B8E7-8B08B5B68A06} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)

Task: {912E9A5C-476B-4BA5-9846-FAB50D520565} - System32\Tasks\ASUS P4G => C:\Program Files\P4G\BatteryLife.exe [2011-03-07] (ASUS)

Task: {B799D64C-C0BA-4148-B59E-1A583574770F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-08-28] (Google Inc.)

Task: {F41F0838-EF6D-458F-8A5B-F514335D93AD} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-11-13] (Adobe Systems Incorporated)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 

==================== Loaded Modules (whitelisted) =============
 

2011-07-14 03:23 - 2011-07-14 03:23 - 00073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll

2010-07-15 01:11 - 2010-07-15 01:11 - 00031360 _____ () C:\Program Files\P4G\DevMng.dll

2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF

2009-03-02 03:08 - 2009-03-02 03:08 - 00003584 _____ () C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\LogicNP.PropSheetExtensionHelper_x64.dll

2013-02-07 11:40 - 2012-09-19 18:17 - 00397088 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll

2013-09-13 19:51 - 2013-09-13 19:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

2013-09-13 19:51 - 2013-09-13 19:51 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

2013-07-21 22:21 - 2013-07-21 22:21 - 00044656 _____ () C:\Program Files (x86)\sysTPL\sysTPLUtil.dll

2010-08-20 18:57 - 2010-08-20 18:57 - 00619816 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll

2010-08-20 18:57 - 2010-08-20 18:57 - 00013096 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll

2013-09-26 12:50 - 2013-09-26 12:50 - 00433664 _____ () C:\Program Files (x86)\Evernote\Evernote\libxml2.dll

2013-09-26 12:49 - 2013-09-26 12:49 - 00315392 _____ () C:\Program Files (x86)\Evernote\Evernote\libtidy.dll

2011-06-10 19:49 - 2011-06-10 19:49 - 01163264 _____ () C:\Program Files (x86)\ASUS\Wireless Console 3\acAuth.dll
 

==================== Alternate Data Streams (whitelisted) =========
 

AlternateDataStreams: C:\ProgramData\Temp:5216CD26

AlternateDataStreams: C:\ProgramData\Temp:FEF919E6
 

==================== Safe Mode (whitelisted) ===================
 
 

==================== Faulty Device Manager Devices =============
 
 

==================== Event log errors: =========================
 

Application errors:

==================
 

System errors:

=============

Error: (11/29/2013 00:55:26 PM) (Source: DCOM) (User: )

Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}
 
 

Microsoft Office Sessions:

=========================
 

CodeIntegrity Errors:

===================================

  Date: 2013-11-28 15:50:48.080

  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
 

  Date: 2013-11-28 15:50:47.222

  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
 
 

==================== Memory info =========================== 
 

Percentage of memory in use: 40%

Total physical RAM: 3691.71 MB

Available physical RAM: 2181.21 MB

Total Pagefile: 7381.61 MB

Available Pagefile: 5352.81 MB

Total Virtual: 8192 MB

Available Virtual: 8191.82 MB
 

==================== Drives ================================
 

Drive c: (OS) (Fixed) (Total:128.18 GB) (Free:52.66 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

Drive d: (DATA) (Fixed) (Total:144.91 GB) (Free:32.37 GB) NTFS
 

==================== MBR & Partition Table ==================
 

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: 125FC5E1)

Partition 1: (Not Active) - (Size=25 GB) - (Type=1C)

Partition 2: (Active) - (Size=128 GB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=145 GB) - (Type=07 NTFS)
 

==================== End Of Log ============================

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)

Code:

ESETSmartInstaller@High as downloader log:

all ok

# version=8

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6920

# api_version=3.0.2

# EOSSerial=d541eb84086c224c99e49bad84678ace

# engine=16093

# end=stopped

# remove_checked=false

# archives_checked=true

# unwanted_checked=false

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2013-12-01 04:33:59

# local_time=2013-12-01 05:33:59 (+0100, Mitteleuropäische Zeit)

# country="Germany"

# lang=1033

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode=1799 16775165 100 96 98004 251338929 90739 0

# compatibility_mode=5893 16776573 100 94 194662 137545489 0 0

# scanned=50022

# found=0

# cleaned=0

# scan_time=4315

Code:

 Results of screen317's Security Check version 0.99.76  

 Windows 7 Service Pack 1 x64 (UAC is enabled)  

 Internet Explorer 10  
 ``````````````Antivirus/Firewall Check:`````````````` 

Avira Desktop   

 Antivirus up to date!  (On Access scanning disabled!) 
 `````````Anti-malware/Other Utilities Check:````````` 

 Malwarebytes Anti-Malware Version 1.75.0.1300  

 Java 7 Update 45  

 Adobe Flash Player 10 Flash Player out of Date! 

 Adobe Reader XI  

 Google Chrome 30.0.1599.101  

 Google Chrome 31.0.1650.57  
 ````````Process Check: objlist.exe by Laurent````````  

 Malwarebytes Anti-Malware mbamservice.exe  

 Malwarebytes Anti-Malware mbamgui.exe  

 Avira Antivir avgnt.exe 

 Avira Antivir avguard.exe 

 Malwarebytes' Anti-Malware mbamscheduler.exe   
 `````````````````System Health check````````````````` 

 Total Fragmentation on Drive C:  
 ````````````````````End of Log``````````````````````

FRST Logfile:

FRST Logfile:

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-12-2013

Ran by Angela (administrator) on ANGELA-PC on 01-12-2013 18:15:32

Running from C:\Users\Angela\Desktop

Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard

Internet Explorer Version 10

Boot Mode: Normal
 

==================== Processes (Whitelisted) =================
 

(AMD) C:\Windows\System32\atiesrxx.exe

(AMD) C:\Windows\System32\atieclxx.exe

(ASUSTeK Computer Inc.) C:\Windows\System32\FBAgent.exe

(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe

(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

() C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe

(ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe

(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE

(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_WT50RP.EXE

(ASUS) C:\Program Files\P4G\BatteryLife.exe

(ASUS) C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe

(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe

(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe

(ASUS) C:\Windows\AsScrPro.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe

(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE

(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATIHVE.EXE

(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATIHAE.EXE

(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe

(Virage Logic Corporation / Sonic Focus) C:\Program Files (x86)\ASUS\ASUS Sonic Focus\SonicFocusTray.exe

(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe

(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe

(ASUS) C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe

(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

(1und1 Mail und Media GmbH) C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe

() C:\Program Files (x86)\sysTPL\sysTPL.exe

(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

() C:\Program Files (x86)\sysTPL\sysTPLMonitor.exe

() C:\Program Files (x86)\sysTPL\sysTPLService.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE

(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe

(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe

(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe

(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

(Google Inc.) C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe
 

==================== Registry (Whitelisted) ==================
 

HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2278504 2011-10-14] (Realtek Semiconductor)

HKLM\...\Run: [ETDCtrl] - C:\Program Files\Elantech\ETDCtrl.exe [2587944 2010-12-31] (ELAN Microelectronics Corp.)

HKLM\...\Run: [VideoDownloadConverter Home Page Guard 64 bit] - "C:\PROGRA~2\VIDEOD~2\bar\1.bin\AppIntegrator64.exe"

HKLM\...\Run: [WeatherBlink Home Page Guard 64 bit] - "C:\PROGRA~2\WEATHE~2\bar\1.bin\AppIntegrator64.exe"

HKLM-x32\...\Winlogon: [Userinit] C:\Windows\sysWOW64\userinit.exe [26624 2010-11-20] (Microsoft Corporation)

HKCU\...\Run: [ISUSPM] - C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-06] (Acresso Corporation)

HKCU\...\Run: [OfficeSyncProcess] - C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [720064 2013-04-22] (Microsoft Corporation)

HKCU\...\Run: [EPLTarget\P0000000000000001] - C:\Windows\System32\spool\drivers\x64\3\E_YATIHVE.EXE [241280 2012-07-12] (SEIKO EPSON CORPORATION)

HKCU\...\Run: [EPLTarget\P0000000000000000] - C:\Windows\System32\spool\drivers\x64\3\E_IATIHAE.EXE [283232 2012-02-29] (SEIKO EPSON CORPORATION)

HKLM-x32\...\Run: [Nuance PDF Reader-reminder] - C:\ProgramData\Nuance\PDF Reader\Ereg\Ereg.ini [370 2013-12-01] ()

HKLM-x32\...\Run: [ASUSPRP] - C:\Program Files (x86)\ASUS\APRP\aprp.exe [3331312 2011-10-19] (ASUSTek Computer Inc.)

HKLM-x32\...\Run: [ASUSWebStorage] - C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe [737104 2011-07-29] (ecareme)

HKLM-x32\...\Run: [SonicMasterTray] - C:\Program Files (x86)\ASUS\ASUS Sonic Focus\SonicFocusTray.exe [984400 2010-07-10] (Virage Logic Corporation / Sonic Focus)

HKLM-x32\...\Run: [ATKOSD2] - C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [5732992 2010-08-17] (ASUS)

HKLM-x32\...\Run: [ATKMEDIA] - C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-10-07] (ASUS)

HKLM-x32\...\Run: [HControlUser] - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)

HKLM-x32\...\Run: [Wireless Console 3] - C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [2255360 2011-06-10] (ASUS)

HKLM-x32\...\Run: [EEventManager] - C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [979328 2010-10-12] (SEIKO EPSON CORPORATION)

HKLM-x32\...\Run: [BCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)

HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [683576 2013-11-26] (Avira Operations GmbH & Co. KG)

HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)

HKLM-x32\...\Run: [MailCheck IE Broker] - C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe [1766464 2013-10-16] (1und1 Mail und Media GmbH)

HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-09-05] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [sysTPL] - C:\Program Files (x86)\sysTPL\sysTPL.exe [504600 2013-07-21] ()

HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)

HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)

Startup: C:\Users\Angela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk

ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
 

==================== Internet (Whitelisted) ====================
 

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe

SearchScopes: HKCU - DefaultScope {3F22469A-F386-46FD-B175-217DBC962757} URL = hxxp://go.web.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8

SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKCU - {12E8A9D6-B35A-4D18-9938-73AEA9DA23F7} URL = hxxp://search.gmx.com/web?q={searchTerms}&origin=tb_splugin_ie

SearchScopes: HKCU - {3F22469A-F386-46FD-B175-217DBC962757} URL = hxxp://go.web.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8

SearchScopes: HKCU - {4FF994C5-EDB5-4819-AF3B-6850119C4E48} URL = hxxp://go.1und1.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8

SearchScopes: HKCU - {7E7DB4B8-518C-45C0-8E48-6C8CAE4F7355} URL = hxxp://go.mail.com/tb/en-us/ie_searchplugin/?q={searchTerms}&enc=UTF-8

SearchScopes: HKCU - {BA982C84-73B3-43BD-AE81-C23F3ABC246A} URL = hxxp://go.1und1.de/tb/ie_searchplugin/?su={searchTerms}

SearchScopes: HKCU - {DCB409E2-1B8A-461F-A068-4EAAC6013CD6} URL = hxxp://go.gmx.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8

BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)

BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO: WEB.DE MailCheck BHO - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH)

BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO-x32: Evernote extension - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)

BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO-x32: WEB.DE MailCheck BHO - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH)

BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)

BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

BHO-x32: Toolbar BHO - {dc9051c2-8f55-479a-97a4-747980d9047f} - C:\PROGRA~2\WEATHE~2\bar\1.bin\gcbar.dll No File

Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)

Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)

Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

Toolbar: HKLM-x32 - VideoDownloadConverter - {48586425-6bb7-4f51-8dc6-38c88e3ebb58} - C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zbar.dll No File

Toolbar: HKLM-x32 - WeatherBlink - {f20de5e0-2a6e-4c54-985f-1cf59551ce39} - C:\Program Files (x86)\WeatherBlink\bar\1.bin\gcbar.dll No File

Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

DPF: HKLM-x32 {85C86CCC-2158-4123-9C7D-785190CED875} https://lernboerse.arbeitsagentur.de/exklusiv/ilias/data/balihob/lm_data/httppath/dpLaunchPlugin.cab

Handler: webde - {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH)

Handler-x32: webde - {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH)

Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

Tcpip\..\Interfaces\{936CB760-98DF-451C-8301-D8C258E9B683}: [NameServer]193.189.244.225 193.189.244.206

Tcpip\..\Interfaces\{E79ED8EB-7F22-4B47-9017-056B0723096D}: [NameServer]193.189.244.225 193.189.244.206
 

Chrome: 

=======

CHR HomePage: hxxp://www.google.com

CHR RestoreOnStartup: "hxxp://www.google.com"

CHR DefaultSearchURL: (Ask) - hxxp://www.google.com

CHR DefaultSuggestURL: (Ask) - hxxp://www.google.com

CHR Plugin: (Remoting Viewer) - internal-remoting-viewer

CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\ppGoogleNaClPluginChrome.dll ()

CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\pdf.dll ()

CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\gcswf32.dll No File

CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File

CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

CHR Plugin: (NPCIG.dll) - C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\NPCIG.dll No File

CHR Plugin: (AVG SiteSafety plugin) - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\\npsitesafety.dll No File

CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll No File

CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File

CHR Plugin: (Zeon Plus) - C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation)

CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

CHR Extension: (Chrome In-App Payments service) - C:\Users\Angela\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 

==================== Services (Whitelisted) =================
 

R2 AAV UpdateService; C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [128296 2008-10-24] ()

R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2011-07-14] (Advanced Micro Devices, Inc.)

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376 2013-11-26] (Avira Operations GmbH & Co. KG)

R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376 2013-11-26] (Avira Operations GmbH & Co. KG)

R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)

R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)

R2 sysTPLMonitor.exe; C:\Program Files (x86)\sysTPL\sysTPLMonitor.exe [30488 2013-07-21] ()

R2 sysTPLService.exe; C:\Program Files (x86)\sysTPL\sysTPLService.exe [32536 2013-07-21] ()

S2 vToolbarUpdater17.1.2; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.1.2\ToolbarUpdater.exe [x]
 

==================== Drivers (Whitelisted) ====================
 

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [106904 2013-11-26] (Avira Operations GmbH & Co. KG)

R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [46368 2013-11-11] (AVG Technologies)

R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132600 2013-11-26] (Avira Operations GmbH & Co. KG)

R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-26] (Avira Operations GmbH & Co. KG)

S3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [250368 2010-04-07] (Huawei Technologies Co., Ltd.)

R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)

S3 catchme; \??\C:\ComboFix\catchme.sys [x]
 

==================== NetSvcs (Whitelisted) ===================
 
 

==================== One Month Created Files and Folders ========
 

2013-12-01 18:13 - 2013-12-01 18:13 - 01959184 _____ (Farbar) C:\Users\Angela\Desktop\FRST64.exe

2013-11-29 13:52 - 2013-11-29 13:53 - 00021303 _____ C:\Users\Angela\Desktop\Addition.txt

2013-11-29 13:49 - 2013-12-01 18:15 - 00018166 _____ C:\Users\Angela\Desktop\FRST.txt

2013-11-29 12:40 - 2013-11-29 12:40 - 00004196 _____ C:\Users\Angela\Desktop\JRT.txt

2013-11-29 12:20 - 2013-11-29 12:20 - 00000000 ____D C:\Windows\ERUNT

2013-11-29 12:18 - 2013-11-29 12:18 - 01034531 _____ (Thisisu) C:\Users\Angela\Desktop\JRT.exe

2013-11-29 10:51 - 2013-11-29 10:57 - 00000000 ____D C:\AdwCleaner

2013-11-29 10:48 - 2013-11-29 10:48 - 01091882 _____ C:\Users\Angela\Desktop\adwcleaner.exe

2013-11-29 10:13 - 2013-11-29 10:13 - 00001071 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2013-11-29 10:13 - 2013-11-29 10:13 - 00000000 ____D C:\Users\Angela\AppData\Roaming\Malwarebytes

2013-11-29 10:13 - 2013-11-29 10:13 - 00000000 ____D C:\ProgramData\Malwarebytes

2013-11-29 10:13 - 2013-11-29 10:13 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-11-29 10:13 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2013-11-29 09:56 - 2013-11-29 09:57 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Angela\Downloads\mbam-setup-1.75.0.1300.exe

2013-11-28 16:08 - 2013-11-28 16:08 - 00031785 _____ C:\ComboFix.txt

2013-11-28 15:31 - 2013-11-28 16:08 - 00000000 ____D C:\Qoobox

2013-11-28 15:31 - 2013-11-28 16:03 - 00000000 ____D C:\Windows\erdnt

2013-11-28 15:31 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe

2013-11-28 15:31 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe

2013-11-28 15:31 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe

2013-11-28 15:31 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe

2013-11-28 15:31 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe

2013-11-28 15:31 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe

2013-11-28 15:31 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe

2013-11-28 15:31 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe

2013-11-28 15:28 - 2013-11-28 15:28 - 05150163 ____R (Swearware) C:\Users\Angela\Desktop\ComboFix.exe

2013-11-28 11:15 - 2013-11-28 15:21 - 00011411 _____ C:\Users\Angela\Desktop\Zahnarzt.xlsx

2013-11-27 10:34 - 2013-11-27 10:34 - 00000000 ____D C:\FRST

2013-11-25 15:21 - 2013-11-25 15:21 - 00028268 _____ C:\Users\Angela\Documents\AVSCAN-20131124-143905-27969B91.LOG

2013-11-24 14:33 - 2013-11-24 14:33 - 00570432 _____ C:\Windows\Minidump\112413-93600-01.dmp

2013-11-24 12:04 - 2013-11-24 12:04 - 105937674 _____ C:\Windows\SysWOW64\⧡ᵌD

2013-11-24 11:58 - 2013-11-24 11:58 - 00569264 _____ C:\Windows\Minidump\112413-28672-01.dmp

2013-11-23 01:53 - 2013-11-23 01:53 - 00375736 _____ C:\Windows\Minidump\112313-27549-01.dmp

2013-11-21 15:30 - 2013-11-21 17:05 - 00000000 ____D C:\Users\Angela\Documents\Schlichting

2013-11-21 15:02 - 2011-03-15 03:03 - 00083968 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\E_YD4BHVE.DLL

2013-11-21 15:02 - 2007-04-10 01:06 - 00010752 _____ (SEIKO EPSON CORP.) C:\Windows\system32\E_GCINST.DLL

2013-11-20 18:00 - 2013-11-20 18:00 - 00517552 _____ C:\Windows\Minidump\112013-27939-01.dmp

2013-11-20 11:43 - 2013-11-20 11:44 - 01264416 _____ C:\Windows\Minidump\112013-27518-01.dmp

2013-11-16 12:08 - 2013-11-16 12:09 - 00569056 _____ C:\Windows\Minidump\111613-25942-01.dmp

2013-11-13 19:27 - 2013-11-13 19:27 - 00000000 ____D C:\ProgramData\McAfee

2013-11-13 15:46 - 2013-10-12 09:45 - 02241536 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2013-11-13 15:46 - 2013-10-12 09:45 - 01364992 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2013-11-13 15:46 - 2013-10-12 09:45 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2013-11-13 15:46 - 2013-10-12 09:43 - 19269632 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2013-11-13 15:46 - 2013-10-12 09:43 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2013-11-13 15:46 - 2013-10-12 09:43 - 03959808 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2013-11-13 15:46 - 2013-10-12 09:43 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2013-11-13 15:46 - 2013-10-12 09:43 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll

2013-11-13 15:46 - 2013-10-12 09:43 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2013-11-13 15:46 - 2013-10-12 09:43 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2013-11-13 15:46 - 2013-10-12 09:43 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll

2013-11-13 15:46 - 2013-10-12 09:43 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2013-11-13 15:46 - 2013-10-12 09:43 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2013-11-13 15:46 - 2013-10-12 09:43 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2013-11-13 15:46 - 2013-10-12 08:03 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2013-11-13 15:46 - 2013-10-12 08:03 - 01138176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2013-11-13 15:46 - 2013-10-12 08:02 - 14355968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2013-11-13 15:46 - 2013-10-12 08:02 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2013-11-13 15:46 - 2013-10-12 08:02 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2013-11-13 15:46 - 2013-10-12 08:02 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2013-11-13 15:46 - 2013-10-12 08:02 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2013-11-13 15:46 - 2013-10-12 08:02 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2013-11-13 15:46 - 2013-10-12 08:02 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2013-11-13 15:46 - 2013-10-12 08:02 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll

2013-11-13 15:46 - 2013-10-12 08:02 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2013-11-13 15:46 - 2013-10-12 08:02 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2013-11-13 15:46 - 2013-10-12 08:02 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2013-11-13 15:46 - 2013-10-12 07:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2013-11-13 15:46 - 2013-10-12 07:08 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2013-11-13 15:46 - 2013-10-12 06:44 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe

2013-11-13 15:46 - 2013-10-12 06:15 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe

2013-11-13 11:54 - 2013-10-05 21:25 - 01474048 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll

2013-11-13 11:54 - 2013-10-05 20:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll

2013-11-13 11:54 - 2013-10-04 03:28 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll

2013-11-13 11:54 - 2013-10-04 03:25 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll

2013-11-13 11:54 - 2013-10-04 03:24 - 01930752 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll

2013-11-13 11:54 - 2013-10-04 02:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll

2013-11-13 11:54 - 2013-10-04 02:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll

2013-11-13 11:54 - 2013-10-04 02:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll

2013-11-13 11:54 - 2013-09-28 02:09 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys

2013-11-13 11:54 - 2013-09-25 03:26 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys

2013-11-13 11:54 - 2013-09-25 03:26 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys

2013-11-13 11:54 - 2013-09-25 03:23 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll

2013-11-13 11:54 - 2013-09-25 03:23 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll

2013-11-13 11:54 - 2013-09-25 03:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll

2013-11-13 11:54 - 2013-09-25 03:22 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll

2013-11-13 11:54 - 2013-09-25 03:21 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll

2013-11-13 11:54 - 2013-09-25 03:21 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll

2013-11-13 11:54 - 2013-09-25 02:58 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll

2013-11-13 11:54 - 2013-09-25 02:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll

2013-11-13 11:54 - 2013-09-25 02:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll

2013-11-13 11:54 - 2013-09-25 02:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll

2013-11-13 11:54 - 2013-09-25 02:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe

2013-11-13 11:54 - 2013-07-04 13:18 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys

2013-11-13 11:51 - 2013-10-12 03:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll

2013-11-13 11:51 - 2013-10-12 03:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL

2013-11-13 11:51 - 2013-10-12 03:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL

2013-11-13 11:51 - 2013-10-12 03:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll

2013-11-13 11:51 - 2013-10-12 03:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL

2013-11-13 11:51 - 2013-10-03 03:23 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll

2013-11-13 11:51 - 2013-10-03 03:00 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll

2013-11-12 13:45 - 2013-11-12 13:45 - 01270800 _____ C:\Windows\Minidump\111213-28922-01.dmp

2013-11-12 10:32 - 2013-11-12 10:32 - 103837334 _____ C:\Windows\SysWOW64\ꔻᵌS

2013-11-10 18:36 - 2013-11-10 18:36 - 00569008 _____ C:\Windows\Minidump\111013-26629-01.dmp

2013-11-09 18:59 - 2013-11-09 19:05 - 00000000 ____D C:\Users\Angela\AppData\Roaming\Apple Computer

2013-11-09 18:59 - 2013-11-09 18:59 - 00000000 ____D C:\Users\Angela\AppData\Local\Apple Computer

2013-11-09 18:58 - 2012-08-21 13:01 - 00033240 _____ (GEAR Software Inc.) C:\Windows\system32\Drivers\GEARAspiWDM.sys

2013-11-09 18:57 - 2013-11-09 18:57 - 00000000 ____D C:\ProgramData\Apple Computer

2013-11-09 18:57 - 2013-11-09 18:57 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69

2013-11-09 18:57 - 2013-11-09 18:57 - 00000000 ____D C:\Program Files\iTunes

2013-11-09 18:57 - 2013-11-09 18:57 - 00000000 ____D C:\Program Files\iPod

2013-11-09 18:57 - 2013-11-09 18:57 - 00000000 ____D C:\Program Files (x86)\iTunes

2013-11-09 18:55 - 2013-11-09 18:55 - 00000000 ____D C:\Windows\System32\Tasks\Apple

2013-11-09 18:55 - 2013-11-09 18:55 - 00000000 ____D C:\Users\Angela\AppData\Local\Apple

2013-11-09 18:55 - 2013-11-09 18:55 - 00000000 ____D C:\Program Files (x86)\Apple Software Update

2013-11-09 18:54 - 2013-11-09 18:55 - 00000000 ____D C:\ProgramData\Apple

2013-11-09 18:54 - 2013-11-09 18:54 - 00000000 ____D C:\Program Files\Common Files\Apple

2013-11-09 18:54 - 2013-11-09 18:54 - 00000000 ____D C:\Program Files\Bonjour

2013-11-09 18:54 - 2013-11-09 18:54 - 00000000 ____D C:\Program Files (x86)\Bonjour

2013-11-06 15:21 - 2013-11-07 15:40 - 00000000 ____D C:\Program Files (x86)\sysTPL

2013-11-04 15:09 - 2013-11-04 15:09 - 01203952 _____ C:\Windows\Minidump\110413-33618-01.dmp

2013-11-04 10:47 - 2013-11-04 10:47 - 00000000 ____D C:\Program Files (x86)\VideoDownloadConverter

2013-11-04 10:26 - 2013-11-06 15:21 - 01325667 _____ C:\Users\Angela\Downloads\8711902027010 Lenco Podo.zip

2013-11-04 09:29 - 2013-11-04 09:29 - 104845822 _____ C:\Windows\SysWOW64\귟ᵌL
 

==================== One Month Modified Files and Folders =======
 

2013-12-01 18:15 - 2013-11-29 13:49 - 00018166 _____ C:\Users\Angela\Desktop\FRST.txt

2013-12-01 18:13 - 2013-12-01 18:13 - 01959184 _____ (Farbar) C:\Users\Angela\Desktop\FRST64.exe

2013-12-01 18:09 - 2012-08-28 19:59 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2013-12-01 17:58 - 2012-01-08 22:29 - 02013406 _____ C:\Windows\WindowsUpdate.log

2013-12-01 17:46 - 2012-07-15 10:39 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job

2013-12-01 17:01 - 2011-02-19 05:24 - 00708282 _____ C:\Windows\system32\perfh007.dat

2013-12-01 17:01 - 2011-02-19 05:24 - 00151886 _____ C:\Windows\system32\perfc007.dat

2013-12-01 17:01 - 2009-07-14 06:13 - 01643244 _____ C:\Windows\system32\PerfStringBackup.INI

2013-12-01 16:11 - 2009-07-14 05:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2013-12-01 16:11 - 2009-07-14 05:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2013-12-01 16:03 - 2009-07-14 06:32 - 00000000 ____D C:\Windows\system32\FxsTmp

2013-12-01 16:02 - 2012-02-26 00:09 - 00000000 ___HD C:\ASUS.DAT

2013-12-01 16:01 - 2012-08-28 19:59 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2013-12-01 16:01 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT

2013-12-01 16:01 - 2009-07-14 05:51 - 00095162 _____ C:\Windows\setupact.log

2013-11-29 13:53 - 2013-11-29 13:52 - 00021303 _____ C:\Users\Angela\Desktop\Addition.txt

2013-11-29 12:40 - 2013-11-29 12:40 - 00004196 _____ C:\Users\Angela\Desktop\JRT.txt

2013-11-29 12:20 - 2013-11-29 12:20 - 00000000 ____D C:\Windows\ERUNT

2013-11-29 12:18 - 2013-11-29 12:18 - 01034531 _____ (Thisisu) C:\Users\Angela\Desktop\JRT.exe

2013-11-29 10:57 - 2013-11-29 10:51 - 00000000 ____D C:\AdwCleaner

2013-11-29 10:48 - 2013-11-29 10:48 - 01091882 _____ C:\Users\Angela\Desktop\adwcleaner.exe

2013-11-29 10:40 - 2012-01-08 22:58 - 00001807 _____ C:\Windows\system32\ServiceFilter.ini

2013-11-29 10:38 - 2011-10-19 04:20 - 00467196 _____ C:\Windows\PFRO.log

2013-11-29 10:13 - 2013-11-29 10:13 - 00001071 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2013-11-29 10:13 - 2013-11-29 10:13 - 00000000 ____D C:\Users\Angela\AppData\Roaming\Malwarebytes

2013-11-29 10:13 - 2013-11-29 10:13 - 00000000 ____D C:\ProgramData\Malwarebytes

2013-11-29 10:13 - 2013-11-29 10:13 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-11-29 09:57 - 2013-11-29 09:56 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Angela\Downloads\mbam-setup-1.75.0.1300.exe

2013-11-28 16:08 - 2013-11-28 16:08 - 00031785 _____ C:\ComboFix.txt

2013-11-28 16:08 - 2013-11-28 15:31 - 00000000 ____D C:\Qoobox

2013-11-28 16:08 - 2009-07-14 04:20 - 00000000 __RHD C:\Users\Default

2013-11-28 16:03 - 2013-11-28 15:31 - 00000000 ____D C:\Windows\erdnt

2013-11-28 15:59 - 2009-07-14 03:34 - 00000215 _____ C:\Windows\system.ini

2013-11-28 15:54 - 2009-07-14 03:34 - 22806528 _____ C:\Windows\system32\config\SYSTEM.bak

2013-11-28 15:54 - 2009-07-14 03:34 - 101449728 _____ C:\Windows\system32\config\SOFTWARE.bak

2013-11-28 15:54 - 2009-07-14 03:34 - 00524288 _____ C:\Windows\system32\config\DEFAULT.bak

2013-11-28 15:54 - 2009-07-14 03:34 - 00262144 _____ C:\Windows\system32\config\SECURITY.bak

2013-11-28 15:54 - 2009-07-14 03:34 - 00262144 _____ C:\Windows\system32\config\SAM.bak

2013-11-28 15:28 - 2013-11-28 15:28 - 05150163 ____R (Swearware) C:\Users\Angela\Desktop\ComboFix.exe

2013-11-28 15:21 - 2013-11-28 11:15 - 00011411 _____ C:\Users\Angela\Desktop\Zahnarzt.xlsx

2013-11-27 10:34 - 2013-11-27 10:34 - 00000000 ____D C:\FRST

2013-11-27 10:29 - 2013-10-09 09:01 - 00028160 _____ C:\Users\Angela\Desktop\Überweisungen an Melanie + Armin jun. Klippe.xls

2013-11-26 18:13 - 2013-05-08 20:39 - 00083160 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys

2013-11-26 18:13 - 2013-04-01 20:53 - 00132600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys

2013-11-26 18:13 - 2013-04-01 20:53 - 00106904 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys

2013-11-26 18:13 - 2013-04-01 20:53 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys

2013-11-25 15:31 - 2012-03-06 20:34 - 00000000 ____D C:\Users\Angela\Documents\Steuerfälle

2013-11-25 15:21 - 2013-11-25 15:21 - 00028268 _____ C:\Users\Angela\Documents\AVSCAN-20131124-143905-27969B91.LOG

2013-11-24 14:33 - 2013-11-24 14:33 - 00570432 _____ C:\Windows\Minidump\112413-93600-01.dmp

2013-11-24 14:33 - 2012-05-25 00:00 - 00000000 ____D C:\Windows\Minidump

2013-11-24 14:32 - 2012-05-24 23:59 - 483554360 _____ C:\Windows\MEMORY.DMP

2013-11-24 12:04 - 2013-11-24 12:04 - 105937674 _____ C:\Windows\SysWOW64\⧡ᵌD

2013-11-24 11:58 - 2013-11-24 11:58 - 00569264 _____ C:\Windows\Minidump\112413-28672-01.dmp

2013-11-23 01:53 - 2013-11-23 01:53 - 00375736 _____ C:\Windows\Minidump\112313-27549-01.dmp

2013-11-21 17:05 - 2013-11-21 15:30 - 00000000 ____D C:\Users\Angela\Documents\Schlichting

2013-11-21 15:41 - 2012-02-26 00:09 - 00000000 ____D C:\Users\Angela

2013-11-21 15:30 - 2013-01-24 17:03 - 00000000 ____D C:\Users\Angela\Documents\schriftverkehr Finanzamt Eichstätt für Steuer 2011

2013-11-21 15:29 - 2012-02-26 00:09 - 00000000 ____D C:\Users\Angela\AppData\Local\VirtualStore

2013-11-21 15:28 - 2012-03-04 00:09 - 00000000 ____D C:\Users\Angela\AppData\Roaming\Epson

2013-11-20 18:00 - 2013-11-20 18:00 - 00517552 _____ C:\Windows\Minidump\112013-27939-01.dmp

2013-11-20 11:44 - 2013-11-20 11:43 - 01264416 _____ C:\Windows\Minidump\112013-27518-01.dmp

2013-11-20 10:44 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF

2013-11-16 12:09 - 2013-11-16 12:08 - 00569056 _____ C:\Windows\Minidump\111613-25942-01.dmp

2013-11-15 09:56 - 2012-01-08 22:53 - 00028382 _____ C:\Windows\DPINST.LOG

2013-11-15 09:55 - 2012-07-15 10:58 - 00000000 ____D C:\Users\Angela\AppData\Local\Downloaded Installations

2013-11-13 19:42 - 2012-07-15 10:57 - 00000000 ____D C:\Users\Angela\AppData\Local\Adobe

2013-11-13 19:27 - 2013-11-13 19:27 - 00000000 ____D C:\ProgramData\McAfee

2013-11-13 19:26 - 2012-07-15 10:39 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2013-11-13 19:26 - 2012-07-15 10:39 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater

2013-11-13 15:48 - 2012-03-06 16:48 - 00000000 ____D C:\ProgramData\Microsoft Help

2013-11-13 15:43 - 2013-08-19 22:44 - 00000000 ____D C:\Windows\system32\MRT

2013-11-13 15:37 - 2012-03-06 18:33 - 82896128 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2013-11-12 13:46 - 2012-01-08 22:58 - 00002790 _____ C:\Windows\system32\AutoRunFilter.ini

2013-11-12 13:45 - 2013-11-12 13:45 - 01270800 _____ C:\Windows\Minidump\111213-28922-01.dmp

2013-11-12 10:32 - 2013-11-12 10:32 - 103837334 _____ C:\Windows\SysWOW64\ꔻᵌS

2013-11-11 17:30 - 2012-11-09 20:59 - 00046368 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx64.sys

2013-11-11 05:50 - 2012-07-14 16:41 - 00267936 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

2013-11-10 18:36 - 2013-11-10 18:36 - 00569008 _____ C:\Windows\Minidump\111013-26629-01.dmp

2013-11-09 19:05 - 2013-11-09 18:59 - 00000000 ____D C:\Users\Angela\AppData\Roaming\Apple Computer

2013-11-09 18:59 - 2013-11-09 18:59 - 00000000 ____D C:\Users\Angela\AppData\Local\Apple Computer

2013-11-09 18:57 - 2013-11-09 18:57 - 00000000 ____D C:\ProgramData\Apple Computer

2013-11-09 18:57 - 2013-11-09 18:57 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69

2013-11-09 18:57 - 2013-11-09 18:57 - 00000000 ____D C:\Program Files\iTunes

2013-11-09 18:57 - 2013-11-09 18:57 - 00000000 ____D C:\Program Files\iPod

2013-11-09 18:57 - 2013-11-09 18:57 - 00000000 ____D C:\Program Files (x86)\iTunes

2013-11-09 18:55 - 2013-11-09 18:55 - 00000000 ____D C:\Windows\System32\Tasks\Apple

2013-11-09 18:55 - 2013-11-09 18:55 - 00000000 ____D C:\Users\Angela\AppData\Local\Apple

2013-11-09 18:55 - 2013-11-09 18:55 - 00000000 ____D C:\Program Files (x86)\Apple Software Update

2013-11-09 18:55 - 2013-11-09 18:54 - 00000000 ____D C:\ProgramData\Apple

2013-11-09 18:54 - 2013-11-09 18:54 - 00000000 ____D C:\Program Files\Common Files\Apple

2013-11-09 18:54 - 2013-11-09 18:54 - 00000000 ____D C:\Program Files\Bonjour

2013-11-09 18:54 - 2013-11-09 18:54 - 00000000 ____D C:\Program Files (x86)\Bonjour

2013-11-08 09:44 - 2012-07-15 10:57 - 00000000 ____D C:\ProgramData\Adobe

2013-11-07 15:40 - 2013-11-06 15:21 - 00000000 ____D C:\Program Files (x86)\sysTPL

2013-11-06 15:21 - 2013-11-04 10:26 - 01325667 _____ C:\Users\Angela\Downloads\8711902027010 Lenco Podo.zip

2013-11-05 10:33 - 2012-03-06 16:49 - 00000000 ____D C:\Program Files\Microsoft Office

2013-11-05 09:55 - 2012-12-14 15:46 - 00000000 ____D C:\Users\Angela\Documents\Outlook-Dateien

2013-11-04 15:48 - 2012-03-04 23:50 - 00000000 ___RD C:\Users\Angela\Documents\KA Ordner 2010

2013-11-04 15:48 - 2012-03-04 23:28 - 00000000 ____D C:\Users\Angela\Documents\Bewerbung

2013-11-04 15:47 - 2012-03-04 22:50 - 00000000 ____D C:\Users\Angela\Documents\roter stick

2013-11-04 15:43 - 2013-06-13 11:53 - 00000000 ____D C:\Users\Angela\Documents\Modernisierung

2013-11-04 15:43 - 2013-04-22 19:03 - 00000000 ____D C:\Users\Angela\Documents\Arbeitsamt 2013

2013-11-04 15:43 - 2013-03-18 21:19 - 00000000 ____D C:\Users\Angela\Documents\Melanie erhaltenen Zahlungen

2013-11-04 15:43 - 2013-03-06 10:47 - 00000000 ____D C:\Users\Angela\Documents\Nebenkostenabrechnung

2013-11-04 15:43 - 2013-03-05 11:28 - 00000000 ____D C:\Users\Angela\Documents\Zweitwohnungssteuer

2013-11-04 15:09 - 2013-11-04 15:09 - 01203952 _____ C:\Windows\Minidump\110413-33618-01.dmp

2013-11-04 10:47 - 2013-11-04 10:47 - 00000000 ____D C:\Program Files (x86)\VideoDownloadConverter

2013-11-04 10:23 - 2012-02-26 00:15 - 00000000 ____D C:\Users\Angela\AppData\Roaming\Adobe

2013-11-04 09:38 - 2012-08-28 19:59 - 00000000 ____D C:\Users\Angela\AppData\Local\Google

2013-11-04 09:29 - 2013-11-04 09:29 - 104845822 _____ C:\Windows\SysWOW64\귟ᵌL
 

Some content of TEMP:

====================

C:\Users\Angela\AppData\Local\Temp\avgnt.exe

C:\Users\Angela\AppData\Local\Temp\Quarantine.exe
 
 

==================== Bamital & volsnap Check =================
 

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 

LastRegBack: 2013-10-02 09:27
 

==================== End Of Log ============================

--- --- ---

--- --- ---

--- --- ---

Flash Player updaten.

Fertig :)

Die Reihenfolge ist hier entscheidend.

Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
- Windowstaste + R > Combofix /Uninstall (eingeben) > OK
- Alternative: Combofix.exe in uninstall.exe umbenennen und starten
- Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
Downloade Dir bitte auf jeden Fall DelFix auf deinen Desktop:
- Schließe alle offenen Programme.
- Starte die delfix.exe mit einem Doppelklick.
- Setze vor jede Funktion ein Häkchen.
- Klicke auf Start.
- Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
- Starte deinen Rechner abschließend neu.
Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.

Hier noch ein paar Tipps zur Absicherung deines Systems.

Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.

Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
Windows Updates
- Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
- Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
Gehe sicher das die automatischen Updates aktiviert sind.
Software Updates
Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.

Anti- Viren Software

Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.

Zusätzlicher Schutz

MalwareBytes Anti Malware
Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
Ein Tutorial zur Verwendung findest Du hier.
WinPatrol
Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.

Sicheres Browsen

SpywareBlaster
Eine kurze Einführung findest du Hier
MVPs hosts file
Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
WOT (Web of trust)
Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.

Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.

Opera
Mozilla Firefox.
- Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
- NoScript
  Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
- AdblockPlus
  Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
  Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )

Don'ts

Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe

Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.