Trojaner-Board - TR/BProtector.gen2 durch Quarantäne und Systemwiederherstellung entfernt? [Windows 7]

Trojaner-Board (https://www.trojaner-board.de/)

- Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)

- - TR/BProtector.gen2 durch Quarantäne und Systemwiederherstellung entfernt? [Windows 7] (https://www.trojaner-board.de/152145-tr-bprotector-gen2-quarantaene-systemwiederherstellung-entfernt-windows-7-a.html)

TR/BProtector.gen2 durch Quarantäne und Systemwiederherstellung entfernt? [Windows 7]

Hallo,

gestern Abend zeigte mir Avira bei einem Scan den TR/BProtector.gen2 an. Ich habe ihn daraufhin von Avira unter Quarantäne stellen lassen. Anschließend habe ich eine Systemwiederherstellung (Windows 7 Enterprise) auf den 27.03.2014 gemacht, da ich mir sicher war, danach den "Protector.gen" gefangen zu haben. Daraufhin habe ich Avira noch einmal einen Scan machen lassen, bei dem nichts gefunden wurde.

Könnt Ihr mir sagen, ob ich nach wie vor infiziert bin:

Hier der FRST log

Code:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2014  01

Ran by Schmidt (administrator) on SCHMIDT-PC on 07-04-2014 11:54:58

Running from C:\Users\Schmidt\Desktop

Microsoft Windows 7 Enterprise  Service Pack 1 (X86) OS Language: German Standard

Internet Explorer Version 10

Boot Mode: Normal
 

The only official download link for FRST:

Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ 

Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ 

Download link from any site other than Bleeping Computer is unpermitted or outdated.

See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 

==================== Processes (Whitelisted) =================
 

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(Cisco Systems, Inc.) C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe

() C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe

(Geek Software GmbH) C:\Program Files\pdf24\pdf24.exe

(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe

(Schomäcker GmbH) C:\Program Files\Schomaecker\XPrint-Client\XPrint-Client-GUI\XPrint-Client-GUI.exe

(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

(Schomäcker GmbH) C:\Program Files\Schomaecker\XPrint-Client\XPrint-Client-Service\XPrint-Client-Service.exe

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe

(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe

(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
 
 

==================== Registry (Whitelisted) ==================
 

HKLM\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [35760 2011-01-31] (Adobe Systems Incorporated)

HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)

HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-11-28] (Apple Inc.)

HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152544 2012-12-12] (Apple Inc.)

HKLM\...\Run: [PDFPrint] - C:\Program Files\pdf24\pdf24.exe [163000 2012-12-12] (Geek Software GmbH)

HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)

HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-25] (Avira Operations GmbH & Co. KG)

HKU\S-1-5-21-1821403941-2808816676-4169380932-1000\...\Policies\system: [LogonHoursAction] 2

HKU\S-1-5-21-1821403941-2808816676-4169380932-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1

HKU\S-1-5-21-1821403941-2808816676-4169380932-1000\...\MountPoints2: {209f0af0-367a-11df-9d64-002622deffb2} - F:\LaunchU3.exe -a

HKU\S-1-5-21-1821403941-2808816676-4169380932-1000\...\MountPoints2: {e7eaa366-797a-11e0-8efd-dc2e1e0c14e7} - F:\AutoRun.exe

Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk

ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

Startup: C:\Users\Schmidt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk

ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
 

==================== Internet (Whitelisted) ====================
 

ProxyServer: proxy.uni-bonn.de:8080

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=936e739d-aa4f-cad5-4dec-a34f97dfdc68&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=13/01/2014&type=hp1000

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=936e739d-aa4f-cad5-4dec-a34f97dfdc68&searchtype=hp&fr=linkury-tb&installDate=13/01/2014&type=hp1000

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xCB1B98FD7DCACA01

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de

HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=936e739d-aa4f-cad5-4dec-a34f97dfdc68&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=13/01/2014&type=hp1000

SearchScopes: HKLM - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=936e739d-aa4f-cad5-4dec-a34f97dfdc68&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=13/01/2014&type=hp1000

SearchScopes: HKLM - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=936e739d-aa4f-cad5-4dec-a34f97dfdc68&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=13/01/2014&type=hp1000

SearchScopes: HKCU - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=936e739d-aa4f-cad5-4dec-a34f97dfdc68&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=13/01/2014&type=hp1000

SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=936e739d-aa4f-cad5-4dec-a34f97dfdc68&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=13/01/2014&type=hp1000

BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

BHO: DVDVideoSoft IE Extension - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)

Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)

Tcpip\Parameters: [DhcpNameServer] 131.220.16.220 131.220.14.203
 

FireFox:

========

FF ProfilePath: C:\Users\Schmidt\AppData\Roaming\Mozilla\Firefox\Profiles\zr7mxhro.default

FF SelectedSearchEngine: Wikipedia (de)

FF Homepage: www.google.de

FF Keyword.URL: hxxp://vshare.toolbarhome.com/search.aspx?srch=ku&q=

FF NetworkProxy: "backup.ftp", "proxy.uni-bonn.de"

FF NetworkProxy: "backup.ftp_port", 8081

FF NetworkProxy: "backup.socks", "proxy.uni-bonn.de"

FF NetworkProxy: "backup.socks_port", 8081

FF NetworkProxy: "backup.ssl", "proxy.uni-bonn.de"

FF NetworkProxy: "backup.ssl_port", 8081

FF NetworkProxy: "ftp", "proxy.uni-bonn.de"

FF NetworkProxy: "ftp_port", 8081

FF NetworkProxy: "http", "proxy.uni-bonn.de"

FF NetworkProxy: "http_port", 8081

FF NetworkProxy: "no_proxies_on", "uni-bonn.de, wikipedia.de, juris.de, beck.de, google.de, uni-karlsruhe.de"

FF NetworkProxy: "share_proxy_settings", true

FF NetworkProxy: "socks", "proxy.uni-bonn.de"

FF NetworkProxy: "socks_port", 8081

FF NetworkProxy: "ssl", "proxy.uni-bonn.de"

FF NetworkProxy: "ssl_port", 8081

FF NetworkProxy: "type", 0

FF NewTab: about:blank

FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll ()

FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)

FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll (Sun Microsystems, Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)

FF SearchPlugin: C:\Users\Schmidt\AppData\Roaming\Mozilla\Firefox\Profiles\zr7mxhro.default\searchplugins\web-search.xml

FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2011-01-03]

FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2011-01-19]

FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [2011-06-29]

FF HKCU\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff\

FF Extension: Download videos and MP3s from YouTube - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff\ []
 

Chrome: 

=======

CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\33.0.1750.154\PepperFlash\pepflashplayer.dll ()

CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer

CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll ()

CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\33.0.1750.154\pdf.dll ()

CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)

CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll No File

CHR Plugin: (Java Deployment Toolkit 7.0.510.13) - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

CHR Plugin: (Java(TM) Platform SE 7 U51) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)

CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll ()

CHR Extension: (Google Docs) - C:\Users\Schmidt\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-05]

CHR Extension: (Google Drive) - C:\Users\Schmidt\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-05]

CHR Extension: (YouTube) - C:\Users\Schmidt\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-04-05]

CHR Extension: (Google-Suche) - C:\Users\Schmidt\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-04-05]

CHR Extension: (DVDVideoSoft) - C:\Users\Schmidt\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp [2014-01-13]

CHR Extension: (Google Wallet) - C:\Users\Schmidt\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]

CHR Extension: (Citavi Picker) - C:\Users\Schmidt\AppData\Local\Google\Chrome\User Data\Default\Extensions\piehhloihgjjiomhieeddiidpekaajio [2013-05-03]

CHR Extension: (Google Mail) - C:\Users\Schmidt\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-04-05]

CHR HKLM\...\Chrome\Extension: [piehhloihgjjiomhieeddiidpekaajio] - C:\ProgramData\Swiss Academic Software\Citavi Picker\Chrome\ChromePicker.crx [2013-05-03]

CHR HKCU\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Program Files\Common Files\DVDVideoSoft\plugins\DVDVideoSoftBrowserExtension.crx [2014-01-13]
 

========================== Services (Whitelisted) =================
 

R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [440400 2014-02-25] (Avira Operations GmbH & Co. KG)

R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-25] (Avira Operations GmbH & Co. KG)

S4 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [1017424 2014-02-25] (Avira Operations GmbH & Co. KG)

R2 CVPND; C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [1528616 2010-03-23] (Cisco Systems, Inc.)

R2 PassThru Service; C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] ()

R2 XPrint-Client-Service; C:\Program Files\Schomaecker\XPrint-Client\XPrint-Client-Service\XPrint-Client-Service.exe [1501184 2008-09-30] (Schomäcker GmbH)
 

==================== Drivers (Whitelisted) ====================
 

R3 ACPIVPC; C:\Windows\System32\DRIVERS\AcpiVpc.sys [23136 2010-01-20] (Lenovo Corporation)

S3 AVerAF35; C:\Windows\System32\Drivers\AVerAF35.sys [769024 2012-11-29] (AVerMedia TECHNOLOGIES, Inc.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [90400 2014-02-25] (Avira Operations GmbH & Co. KG)

R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135648 2014-02-25] (Avira Operations GmbH & Co. KG)

R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2014-02-25] (Avira Operations GmbH & Co. KG)

S3 CVirtA; C:\Windows\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.)

R2 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [308859 2010-03-23] (Cisco Systems, Inc.)

R3 DNE; C:\Windows\System32\DRIVERS\dne2000.sys [131984 2008-11-16] (Deterministic Networks, Inc.)

S3 HtcVCom32; C:\Windows\System32\DRIVERS\HtcVComV32.sys [103424 2009-01-24] (QUALCOMM Incorporated)

S1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2014-02-25] (Avira GmbH)

S3 VNUSB; C:\Windows\System32\DRIVERS\VNUSB.sys [38496 2006-04-07] (OLYMPUS IMAGING CORP.)

R3 vpcbus; C:\Windows\System32\DRIVERS\vpchbus.sys [172416 2010-11-20] (Microsoft Corporation)

R1 vpcnfltr; C:\Windows\System32\DRIVERS\vpcnfltr.sys [48128 2010-11-20] (Microsoft Corporation)

R3 vpcusb; C:\Windows\System32\DRIVERS\vpcusb.sys [78336 2010-11-20] (Microsoft Corporation)

R1 vpcvmm; C:\Windows\System32\drivers\vpcvmm.sys [296064 2010-11-20] (Microsoft Corporation)

S3 massfilter; system32\drivers\massfilter.sys [X]

S3 massfilter_hs; system32\drivers\massfilter_hs.sys [X]

S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]

S3 tsusbhub; system32\drivers\tsusbhub.sys [X]

S3 VGPU; System32\drivers\rdvgkmd.sys [X]

S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [X]

S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X]

S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [X]
 

==================== NetSvcs (Whitelisted) ===================
 
 

==================== One Month Created Files and Folders ========
 

2014-04-07 11:54 - 2014-04-07 11:55 - 00017235 _____ () C:\Users\Schmidt\Desktop\FRST.txt

2014-04-07 11:54 - 2014-04-07 11:54 - 00000000 ____D () C:\FRST

2014-04-07 11:52 - 2014-04-07 11:52 - 01145856 _____ (Farbar) C:\Users\Schmidt\Desktop\FRST.exe

2014-04-07 11:50 - 2014-04-07 11:51 - 00000476 _____ () C:\Users\Schmidt\Downloads\defogger_disable.log

2014-04-07 11:50 - 2014-04-07 11:50 - 00000000 _____ () C:\Users\Schmidt\defogger_reenable

2014-04-07 11:48 - 2014-04-07 11:49 - 00050477 _____ () C:\Users\Schmidt\Downloads\Defogger.exe

2014-04-06 22:31 - 2014-04-06 22:31 - 00000000 _____ () C:\Windows\setuperr.log

2014-04-06 22:31 - 2014-04-06 21:42 - 00000112 _____ () C:\Windows\setupact.log

2014-04-06 22:12 - 2014-04-07 11:23 - 00001100 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-04-06 22:12 - 2014-04-06 22:23 - 00001096 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-04-06 22:00 - 2014-04-06 22:00 - 00000000 ____D () C:\Users\Schmidt\AppData\Roaming\Avira

2014-04-06 21:58 - 2014-04-06 21:58 - 00000000 ____D () C:\Program Files\Avira

2014-04-06 21:58 - 2014-02-25 11:41 - 00135648 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys

2014-04-06 21:58 - 2014-02-25 11:41 - 00090400 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys

2014-04-06 21:58 - 2014-02-25 11:41 - 00037352 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys

2014-04-06 21:58 - 2014-02-25 11:41 - 00028520 _____ (Avira GmbH) C:\Windows\system32\Drivers\ssmdrv.sys

2014-04-06 21:42 - 2014-04-06 21:42 - 00000322 _____ () C:\Windows\PFRO.log

2014-04-05 16:37 - 2014-04-06 22:12 - 00000000 ____D () C:\Users\Schmidt\AppData\Local\Deployment

2014-04-05 16:37 - 2014-04-06 22:11 - 00000000 ____D () C:\Users\Schmidt\AppData\Local\Apps\2.0

2014-04-05 15:59 - 2014-04-06 21:30 - 00000000 ____D () C:\ProgramData\WPM

2014-04-05 15:59 - 2014-04-06 21:30 - 00000000 ____D () C:\ProgramData\IePluginService

2014-04-05 15:59 - 2014-04-06 21:30 - 00000000 ____D () C:\Program Files\SupTab

2014-03-28 23:01 - 2014-03-28 23:01 - 00000000 ____D () C:\ProgramData\AVerTV

2014-03-27 13:22 - 2014-03-27 13:22 - 00015592 _____ () C:\Users\Schmidt\Downloads\dokument_randziffern_2010.zip

2014-03-15 23:26 - 2012-11-29 08:05 - 00769024 _____ (AVerMedia TECHNOLOGIES, Inc.) C:\Windows\system32\Drivers\AVerAF35.sys

2014-03-15 23:20 - 2012-12-14 12:16 - 00000000 ____D () C:\Users\Schmidt\Downloads\A835_AP6.5.2.12120702_Drv8.2.x.64(8.0.x.65+2.3.x.28)

2014-03-15 23:18 - 2014-03-15 23:20 - 69272753 _____ () C:\Users\Schmidt\Downloads\A835_AP6.5.2.12120702_Drv8.2.x.64_121214.exe

2014-03-15 23:10 - 2014-03-15 23:11 - 02594368 _____ (AVerMedia TECHNOLOGIES, Inc.) C:\Users\Schmidt\Downloads\InstalDrv_A835_Win7_x86_V8.0.0.70_140114.exe

2014-03-14 11:32 - 2014-02-23 08:54 - 01767936 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2014-03-14 11:32 - 2014-02-23 08:54 - 01140736 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2014-03-14 11:32 - 2014-02-23 08:54 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2014-03-14 11:32 - 2014-02-23 08:53 - 14358016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-03-14 11:32 - 2014-02-23 08:53 - 13761024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2014-03-14 11:32 - 2014-02-23 08:53 - 02877952 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2014-03-14 11:32 - 2014-02-23 08:53 - 02049024 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2014-03-14 11:32 - 2014-02-23 08:53 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll

2014-03-14 11:32 - 2014-02-23 08:53 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2014-03-14 11:32 - 2014-02-23 08:53 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2014-03-14 11:32 - 2014-02-23 08:53 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2014-03-14 11:32 - 2014-02-23 08:53 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll

2014-03-14 11:32 - 2014-02-23 08:53 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2014-03-14 11:32 - 2014-02-23 08:53 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2014-03-14 11:32 - 2014-02-23 08:53 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2014-03-14 11:32 - 2014-02-23 08:31 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-03-14 11:32 - 2014-02-23 07:35 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe

2014-03-14 02:26 - 2014-02-07 03:07 - 02349056 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2014-03-14 02:26 - 2014-02-04 04:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll

2014-03-14 02:26 - 2014-02-04 04:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll

2014-03-14 02:26 - 2014-01-29 04:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll

2014-03-14 02:26 - 2014-01-28 04:07 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
 

==================== One Month Modified Files and Folders =======
 

2014-04-07 11:55 - 2014-04-07 11:54 - 00017235 _____ () C:\Users\Schmidt\Desktop\FRST.txt

2014-04-07 11:54 - 2014-04-07 11:54 - 00000000 ____D () C:\FRST

2014-04-07 11:52 - 2014-04-07 11:52 - 01145856 _____ (Farbar) C:\Users\Schmidt\Desktop\FRST.exe

2014-04-07 11:51 - 2014-04-07 11:50 - 00000476 _____ () C:\Users\Schmidt\Downloads\defogger_disable.log

2014-04-07 11:50 - 2014-04-07 11:50 - 00000000 _____ () C:\Users\Schmidt\defogger_reenable

2014-04-07 11:50 - 2010-03-23 13:40 - 00000000 ____D () C:\Users\Schmidt

2014-04-07 11:49 - 2014-04-07 11:48 - 00050477 _____ () C:\Users\Schmidt\Downloads\Defogger.exe

2014-04-07 11:38 - 2014-03-05 16:24 - 00000000 ____D () C:\ProgramData\EPSON

2014-04-07 11:23 - 2014-04-06 22:12 - 00001100 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-04-07 11:19 - 2013-02-27 11:49 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2014-04-07 11:06 - 2010-12-04 20:23 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information

2014-04-07 11:05 - 2010-12-04 19:51 - 00000000 ____D () C:\Windows\Driver Cache

2014-04-07 10:32 - 2010-03-23 13:44 - 01629444 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-04-07 10:31 - 2010-03-23 13:35 - 01680082 _____ () C:\Windows\WindowsUpdate.log

2014-04-06 22:31 - 2014-04-06 22:31 - 00000000 _____ () C:\Windows\setuperr.log

2014-04-06 22:23 - 2014-04-06 22:12 - 00001096 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-04-06 22:14 - 2011-11-14 22:29 - 00000000 ____D () C:\Users\Schmidt\Desktop\Blandat

2014-04-06 22:12 - 2014-04-05 16:37 - 00000000 ____D () C:\Users\Schmidt\AppData\Local\Deployment

2014-04-06 22:12 - 2012-08-27 15:40 - 00000000 ____D () C:\Program Files\Google

2014-04-06 22:11 - 2014-04-05 16:37 - 00000000 ____D () C:\Users\Schmidt\AppData\Local\Apps\2.0

2014-04-06 22:10 - 2011-12-08 15:44 - 00000000 ____D () C:\Users\Schmidt\AppData\Local\Google

2014-04-06 22:00 - 2014-04-06 22:00 - 00000000 ____D () C:\Users\Schmidt\AppData\Roaming\Avira

2014-04-06 21:58 - 2014-04-06 21:58 - 00000000 ____D () C:\Program Files\Avira

2014-04-06 21:58 - 2013-08-07 12:43 - 00000000 ____D () C:\ProgramData\Avira

2014-04-06 21:50 - 2009-07-14 06:34 - 00017088 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-04-06 21:50 - 2009-07-14 06:34 - 00017088 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-04-06 21:44 - 2009-07-14 06:52 - 00000000 ____D () C:\Windows\system32\FxsTmp

2014-04-06 21:42 - 2014-04-06 22:31 - 00000112 _____ () C:\Windows\setupact.log

2014-04-06 21:42 - 2014-04-06 21:42 - 00000322 _____ () C:\Windows\PFRO.log

2014-04-06 21:42 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-04-06 21:40 - 2013-05-03 17:49 - 00000000 ____D () C:\Users\Schmidt\Documents\Citavi 4

2014-04-06 21:30 - 2014-04-05 15:59 - 00000000 ____D () C:\ProgramData\WPM

2014-04-06 21:30 - 2014-04-05 15:59 - 00000000 ____D () C:\ProgramData\IePluginService

2014-04-06 21:30 - 2014-04-05 15:59 - 00000000 ____D () C:\Program Files\SupTab

2014-04-06 21:30 - 2013-05-03 17:47 - 00000000 ____D () C:\Users\Schmidt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Citavi 4

2014-04-06 21:30 - 2013-04-12 14:47 - 00000000 ____D () C:\Users\Administrator

2014-04-06 21:30 - 2012-07-25 00:02 - 00000000 ____D () C:\Users\Schmidt\AppData\Roaming\vlc

2014-04-06 21:30 - 2012-07-25 00:02 - 00000000 ____D () C:\Users\Schmidt\AppData\Roaming\dvdcss

2014-04-06 21:30 - 2010-03-23 13:40 - 00000000 ___RD () C:\Users\Schmidt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance

2014-04-06 21:30 - 2010-03-23 13:40 - 00000000 ___RD () C:\Users\Schmidt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories

2014-04-06 21:30 - 2009-07-14 11:14 - 00000000 ___RD () C:\Users\Public\Recorded TV

2014-04-06 21:30 - 2009-07-14 04:37 - 00000000 ___HD () C:\Windows\system32\GroupPolicy

2014-04-06 21:30 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\wfp

2014-04-06 21:30 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\registration

2014-04-06 21:30 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\AppCompat

2014-04-06 13:10 - 2010-04-24 15:37 - 00000000 ____D () C:\Windows\Minidump

2014-04-02 11:01 - 2013-10-23 15:12 - 00000000 _____ () C:\Users\Schmidt\juraerror.log

2014-03-28 23:01 - 2014-03-28 23:01 - 00000000 ____D () C:\ProgramData\AVerTV

2014-03-27 13:23 - 2011-09-02 15:38 - 00018940 _____ () C:\Users\Schmidt\Desktop\dokument_randziffern_2010.dotx

2014-03-27 13:22 - 2014-03-27 13:22 - 00015592 _____ () C:\Users\Schmidt\Downloads\dokument_randziffern_2010.zip

2014-03-25 00:38 - 2010-12-04 22:41 - 00000064 _____ () C:\Windows\AVerText.ini

2014-03-20 11:40 - 2013-07-14 09:44 - 00000000 ____D () C:\Windows\system32\MRT

2014-03-20 11:33 - 2010-03-23 14:04 - 87350280 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2014-03-15 23:20 - 2014-03-15 23:18 - 69272753 _____ () C:\Users\Schmidt\Downloads\A835_AP6.5.2.12120702_Drv8.2.x.64_121214.exe

2014-03-15 23:11 - 2014-03-15 23:10 - 02594368 _____ (AVerMedia TECHNOLOGIES, Inc.) C:\Users\Schmidt\Downloads\InstalDrv_A835_Win7_x86_V8.0.0.70_140114.exe

2014-03-15 14:10 - 2010-03-23 13:31 - 00000000 ____D () C:\Windows\Panther

2014-03-14 15:42 - 2009-07-14 06:33 - 00418768 _____ () C:\Windows\system32\FNTCACHE.DAT

2014-03-14 15:41 - 2013-01-02 01:48 - 00000000 ____D () C:\Program Files\Microsoft Silverlight

2014-03-14 11:31 - 2010-03-23 13:54 - 00000000 ____D () C:\ProgramData\Microsoft Help

2014-03-12 13:19 - 2013-02-27 11:49 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe

2014-03-12 13:19 - 2013-02-27 11:49 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
 

Files to move or delete:

====================

C:\Users\Vpn Client\vpnclient-win-msi-5.0.06.0110-k9.exe
 
 

Some content of TEMP:

====================

C:\Users\Schmidt\AppData\Local\Temp\avgnt.exe
 
 

==================== Bamital & volsnap Check =================
 

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\system32\winlogon.exe => MD5 is legit

C:\Windows\system32\wininit.exe => MD5 is legit

C:\Windows\system32\svchost.exe => MD5 is legit

C:\Windows\system32\services.exe => MD5 is legit

C:\Windows\system32\User32.dll => MD5 is legit

C:\Windows\system32\userinit.exe => MD5 is legit

C:\Windows\system32\rpcss.dll => MD5 is legit

C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit
 
 

LastRegBack: 2014-03-31 13:58
 

==================== End Of Log ============================

Hier der Addition log:

Code:

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 13-03-2014  01

Ran by Schmidt at 2014-04-07 11:55:52

Running from C:\Users\Schmidt\Desktop

Boot Mode: Normal

==========================================================
 
 

==================== Security Center ========================
 

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}

AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}

AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 

==================== Installed Programs ======================
 

 Update for Microsoft Office 2007 (KB2508958) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version:  - Microsoft)

Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.5.0.880 - Adobe Systems Incorporated)

Adobe AIR (Version: 3.5.0.880 - Adobe Systems Incorporated) Hidden

Adobe Flash Player 10 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 10.0.45.2 - Adobe Systems Incorporated)

Adobe Flash Player 12 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)

Adobe Reader 9.4.4 - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-A94000000001}) (Version: 9.4.4 - Adobe Systems Incorporated)

Adobe Shockwave Player 11.5 (HKLM\...\Adobe Shockwave Player) (Version: 11.5.9.620 - Adobe Systems, Inc.)

AFPL Ghostscript 8.54 (HKLM\...\AFPL Ghostscript 8.54) (Version:  - )

AFPL Ghostscript Fonts (HKLM\...\AFPL Ghostscript Fonts) (Version:  - )

Apple Application Support (HKLM\...\{CCE825DB-347A-4004-A186-5F4A6FDD8547}) (Version: 2.3.2 - Apple Inc.)

Apple Mobile Device Support (HKLM\...\{459699C3-9430-4381-964B-4248D87B49F9}) (Version: 6.0.1.3 - Apple Inc.)

Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)

Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.3.350 - Avira)

Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)

CCleaner (HKLM\...\CCleaner) (Version: 4.10 - Piriform)

Cisco Systems VPN Client 5.0.07.0290 (HKLM\...\{B0BF7057-6869-4E4B-920C-EA2A58DA07F0}) (Version: 5.0.6 - Cisco Systems, Inc.)

Citavi (HKLM\...\{E12C6653-1FF0-4686-ADB8-589C13AE761F}) (Version: 3.4.0.2 - Swiss Academic Software)

Citavi 4 (HKLM\...\{CC0A85B2-734A-45B3-B678-05F6A6499AC7}) (Version: 4.2.0.11 - Swiss Academic Software)

Free YouTube to MP3 Converter version 3.12.20.1230 (HKLM\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.20.1230 - DVDVideoSoft Ltd.)

Google Chrome (HKLM\...\Google Chrome) (Version: 33.0.1750.154 - Google Inc.)

Google Update Helper (Version: 1.3.23.9 - Google Inc.) Hidden

Intel(R) TV Wizard (HKLM\...\TVWiz) (Version:  - Intel Corporation)

IPTInstaller (HKLM\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.8 - HTC)

iTunes (HKLM\...\{B0261E53-B6F1-474A-864B-E7C3CBF468E0}) (Version: 11.0.1.12 - Apple Inc.)

Java 7 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.510 - Oracle)

Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden

Java(TM) 6 Update 22 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216022F0}) (Version: 6.0.220 - Oracle)

Java(TM) 6 Update 26 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216020FF}) (Version: 6.0.260 - Sun Microsystems, Inc.)

Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden

Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)

Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)

Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden

Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)

Microsoft Office 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden

Microsoft Office Access MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)

Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Excel MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)

Microsoft Office Groove MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office InfoPath MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)

Microsoft Office OneNote MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Outlook MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office PowerPoint MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (Italian) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden

Microsoft Office Publisher MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Shared MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Word MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)

MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)

MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)

MSXML 4.0 SP3 Parser (KB2721691) (HKLM\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)

MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)

MSXML 4.0 SP3 Parser (KB973685) (HKLM\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)

PDF24 Creator 5.2.0 (HKLM\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)

SecureW2 EAP Suite 1.1.3 for Windows (HKLM\...\SecureW2 EAP Suite) (Version:  - )

TVicPort 4.1 Free Personal Edition (HKLM\...\TVicPort 4.1 Free Personal Edition) (Version:  - )

Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)

Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)

Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6FAA03BD-2B51-4029-9AD9-64A3B8E3C84C}) (Version:  - Microsoft)

Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)

Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)

Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{EA54F104-79D2-48CC-9ABC-91A63C43D353}) (Version:  - Microsoft)

Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2878234) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{EC1934B0-AE0F-4BBD-8955-54BB3247ED9E}) (Version:  - Microsoft)

Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)

Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version:  - Microsoft)

Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)

Update für Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)

VLC media player 2.0.3 (HKLM\...\VLC media player) (Version: 2.0.3 - VideoLAN)

XMind 2013 (v3.4.1) (HKLM\...\XMind_is1) (Version: 3.4.1.201401221918 - XMind Ltd.)

X-Print 4.0 Client (HKLM\...\X-Print Client Uni Bonn_is1) (Version:  - Schomaecker GmbH)
 

==================== Restore Points  =========================
 

27-03-2014 12:36:48 Geplanter Prüfpunkt

05-04-2014 14:02:32 Removed DownQuick

07-04-2014 09:03:45 Konfiguriert AVerTV 3D

07-04-2014 09:38:47 Removed IPTInstaller
 

==================== Hosts content: ==========================
 

2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 

==================== Scheduled Tasks (whitelisted) =============
 

Task: {2160B9E6-9CF9-4F4B-8E7E-848B1B10EABB} - System32\Tasks\CCleaner => C:\Program Files\CCleaner\CCleaner.exe [2014-01-21] (Piriform Ltd)

Task: {2C42C6C1-BD53-44F6-8A70-4FD154D15A32} - System32\Tasks\Launch HTC Sync Loader => C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe

Task: {2E173B31-601A-4C99-9BED-A049EC9806A6} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-01-21] (Piriform Ltd)

Task: {489F78E3-1638-402E-885B-E0C15FA1A4C2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-04-06] (Google Inc.)

Task: {66E1B559-11E9-447B-9A31-C4C0E6231623} - System32\Tasks\Launch HTC AutoDetect => C:\Program Files\HTC\HTC Sync for BrewMP\AutoDetect.exe

Task: {6C662879-9F00-4042-9F18-3A59785B9DC9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-04-06] (Google Inc.)

Task: {80E1F38B-D5D0-4E0F-A970-FCA949025FAB} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-12] (Adobe Systems Incorporated)

Task: {82D2E218-C838-4CE2-97FF-90F08196F288} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)

Task: {BE8E94F4-105B-43C8-801C-ED3815C3D242} - System32\Tasks\Core Temp Autostart Schmidt => C:\Program Files\Core Temp\Core Temp.exe

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
 

==================== Loaded Modules (whitelisted) =============
 

2009-09-01 05:31 - 2009-09-01 05:31 - 00022723 _____ () C:\Windows\System32\ssp2ml3.dll

2012-11-28 15:13 - 2012-11-28 15:13 - 00087952 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll

2012-11-28 15:13 - 2012-11-28 15:13 - 01242512 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll

2010-03-23 14:26 - 2010-03-23 14:26 - 00201512 _____ () C:\Windows\system32\vpnapi.dll

2013-03-09 21:50 - 2012-12-07 18:26 - 00167424 _____ () C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe

2010-04-24 16:13 - 2008-09-30 15:17 - 07954432 _____ () C:\Program Files\Schomaecker\XPrint-Client\Common\rt\jetrt\XKRN6407.dll

2010-04-24 16:13 - 2008-09-30 15:17 - 04504576 _____ () C:\Program Files\Schomaecker\XPrint-Client\Common\rt\jetrt\XXXL6407.dll

2010-04-24 16:13 - 2008-09-30 15:17 - 00578560 _____ () C:\Program Files\Schomaecker\XPrint-Client\Common\rt\jetrt\XSSE6407.dll

2010-04-24 16:13 - 2008-09-30 15:17 - 08599552 _____ () C:\Program Files\Schomaecker\XPrint-Client\Common\rt\jetrt\XXML6407.dll

2010-04-24 16:13 - 2008-09-30 15:17 - 02849280 _____ () C:\Program Files\Schomaecker\XPrint-Client\Common\rt\jetrt\XMNG6407.dll

2010-04-24 16:13 - 2008-09-30 15:17 - 03029504 _____ () C:\Program Files\Schomaecker\XPrint-Client\Common\rt\jetrt\XMIS6407.dll

2010-04-24 16:13 - 2008-09-30 15:17 - 00479232 _____ () C:\Program Files\Schomaecker\XPrint-Client\Common\rt\jetrt\XJCE6407.dll

2010-04-24 16:13 - 2008-09-30 15:17 - 01511424 _____ () C:\Program Files\Schomaecker\XPrint-Client\Common\rt\jetrt\XSEC6407.dll

2010-04-24 16:13 - 2008-09-30 15:17 - 00518144 _____ () C:\Program Files\Schomaecker\XPrint-Client\Common\rt\jetrt\XPKC6407.dll

2010-04-24 16:13 - 2008-09-30 15:17 - 00647168 _____ () C:\Program Files\Schomaecker\XPrint-Client\Common\rt\jetrt\XSQL6407.dll

2010-04-24 16:13 - 2008-09-30 15:17 - 01105408 _____ () C:\Program Files\Schomaecker\XPrint-Client\Common\rt\jetrt\XSWN6407.dll

2010-04-24 16:13 - 2008-09-30 15:17 - 00567808 _____ () C:\Program Files\Schomaecker\XPrint-Client\Common\rt\jetrt\XSND6407.dll

2010-04-24 16:13 - 2008-09-30 15:17 - 12067328 _____ () C:\Program Files\Schomaecker\XPrint-Client\Common\rt\jetrt\XAWT6407.dll

2010-04-24 16:13 - 2008-09-30 15:17 - 00241152 _____ () C:\Program Files\Schomaecker\XPrint-Client\Common\rt\jetrt\XRMI6407.dll

2010-04-24 16:13 - 2008-09-30 15:17 - 00020480 _____ () C:\Program Files\Schomaecker\XPrint-Client\Common\rt\bin\jetvm\jvm.dll

2010-04-24 16:13 - 2008-09-30 15:17 - 00069632 _____ () C:\Program Files\Schomaecker\XPrint-Client\Common\rt\bin\java.dll

2010-04-24 16:13 - 2008-09-30 15:17 - 02392576 _____ () C:\Program Files\Schomaecker\XPrint-Client\Common\rt\jetrt\xjit640.dll

2010-04-24 16:13 - 2008-09-30 15:17 - 00096256 _____ () C:\Program Files\Schomaecker\XPrint-Client\Common\rt\jetrt\baseline640.dll

2014-04-06 21:58 - 2014-02-25 11:41 - 00394808 _____ () C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll

2014-04-06 22:13 - 2014-03-15 02:50 - 00051016 _____ () C:\Program Files\Google\Chrome\Application\33.0.1750.154\chrome_elf.dll

2014-04-06 22:13 - 2014-03-15 02:50 - 00716616 _____ () C:\Program Files\Google\Chrome\Application\33.0.1750.154\libglesv2.dll

2014-04-06 22:13 - 2014-03-15 02:50 - 00100168 _____ () C:\Program Files\Google\Chrome\Application\33.0.1750.154\libegl.dll

2014-04-06 22:13 - 2014-03-15 02:50 - 04061000 _____ () C:\Program Files\Google\Chrome\Application\33.0.1750.154\pdf.dll

2014-04-06 22:13 - 2014-03-15 02:50 - 00394568 _____ () C:\Program Files\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll

2014-04-06 22:13 - 2014-03-15 02:50 - 01647432 _____ () C:\Program Files\Google\Chrome\Application\33.0.1750.154\ffmpegsumo.dll

2014-04-06 22:13 - 2014-03-15 02:50 - 13637448 _____ () C:\Program Files\Google\Chrome\Application\33.0.1750.154\PepperFlash\pepflashplayer.dll
 

==================== Alternate Data Streams (whitelisted) =========
 
 

==================== Safe Mode (whitelisted) ===================
 
 

==================== Disabled items from MSCONFIG ==============
 
 

==================== Faulty Device Manager Devices =============
 

Name: Cisco Systems VPN Adapter

Description: Cisco Systems VPN Adapter

Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}

Manufacturer: Cisco Systems

Service: CVirtA

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 

==================== Event log errors: =========================
 

Application errors:

==================

Error: (04/07/2014 11:37:18 AM) (Source: RpcNs) (User: )

Description: "C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_JT50RP.EXE"1704
 

Error: (04/07/2014 11:03:43 AM) (Source: VSS) (User: )

Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert

.

Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.
 
 

Vorgang:

   Generatordaten werden gesammelt
 

Kontext:

   Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}

   Generatorname: System Writer

   Generatorinstanz-ID: {af861d16-016c-493f-97d4-5d88293b5202}
 

Error: (04/07/2014 10:32:41 AM) (Source: Microsoft-Windows-EapHost) (User: NT-AUTORITÄT)

Description: Überspringen: Eap method DLL path Fehler bei der Überprüfung. Fehler: Type-ID=18, Autor-ID=288, Lieferant-ID=0, Lieferant-Typ=0
 

Error: (04/07/2014 10:32:41 AM) (Source: Microsoft-Windows-EapHost) (User: NT-AUTORITÄT)

Description: Überspringen: Eap method DLL path name Fehler bei der Überprüfung. Fehler: Type-ID=18, Autor-ID=288, Lieferant-ID=0, Lieferant-Typ=0
 

Error: (04/07/2014 10:32:41 AM) (Source: Microsoft-Windows-EapHost) (User: NT-AUTORITÄT)

Description: Überspringen: Eap method DLL path Fehler bei der Überprüfung. Fehler: Type-ID=18, Autor-ID=288, Lieferant-ID=0, Lieferant-Typ=0
 

Error: (04/07/2014 10:32:41 AM) (Source: Microsoft-Windows-EapHost) (User: NT-AUTORITÄT)

Description: Überspringen: Eap method DLL path name Fehler bei der Überprüfung. Fehler: Type-ID=18, Autor-ID=288, Lieferant-ID=0, Lieferant-Typ=0
 

Error: (04/07/2014 10:32:41 AM) (Source: Microsoft-Windows-EapHost) (User: NT-AUTORITÄT)

Description: Überspringen: Eap method DLL path Fehler bei der Überprüfung. Fehler: Type-ID=18, Autor-ID=288, Lieferant-ID=0, Lieferant-Typ=0
 

Error: (04/07/2014 10:32:41 AM) (Source: Microsoft-Windows-EapHost) (User: NT-AUTORITÄT)

Description: Überspringen: Eap method DLL path Fehler bei der Überprüfung. Fehler: Type-ID=18, Autor-ID=288, Lieferant-ID=0, Lieferant-Typ=0
 

Error: (04/07/2014 10:30:29 AM) (Source: Microsoft-Windows-EapHost) (User: NT-AUTORITÄT)

Description: Überspringen: Eap method DLL path Fehler bei der Überprüfung. Fehler: Type-ID=18, Autor-ID=288, Lieferant-ID=0, Lieferant-Typ=0
 

Error: (04/07/2014 10:30:29 AM) (Source: Microsoft-Windows-EapHost) (User: NT-AUTORITÄT)

Description: Überspringen: Eap method DLL path Fehler bei der Überprüfung. Fehler: Type-ID=18, Autor-ID=288, Lieferant-ID=0, Lieferant-Typ=0
 
 

System errors:

=============

Error: (04/07/2014 11:05:18 AM) (Source: Service Control Manager) (User: )

Description: Der Dienst "AVerRemote" wurde aufgrund folgenden Fehlers nicht gestartet: 

%%1053
 

Error: (04/07/2014 11:05:18 AM) (Source: Service Control Manager) (User: )

Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst AVerRemote erreicht.
 

Error: (04/06/2014 09:42:58 PM) (Source: Service Control Manager) (User: )

Description: Der Dienst "Net.Tcp-Listeneradapter" ist von folgendem Dienst abhängig: was. Dieser Dienst ist eventuell nicht installiert.
 

Error: (04/06/2014 09:42:58 PM) (Source: Service Control Manager) (User: )

Description: Der Dienst "Net.Pipe-Listeneradapter" ist von folgendem Dienst abhängig: was. Dieser Dienst ist eventuell nicht installiert.
 

Error: (04/06/2014 09:42:58 PM) (Source: Service Control Manager) (User: )

Description: Der Dienst "Net.Msmq-Listeneradapter" ist von folgendem Dienst abhängig: msmq. Dieser Dienst ist eventuell nicht installiert.
 

Error: (04/06/2014 10:31:46 PM) (Source: Service Control Manager) (User: )

Description: Der Dienst "Net.Tcp-Listeneradapter" ist von folgendem Dienst abhängig: was. Dieser Dienst ist eventuell nicht installiert.
 

Error: (04/06/2014 10:31:46 PM) (Source: Service Control Manager) (User: )

Description: Der Dienst "Net.Pipe-Listeneradapter" ist von folgendem Dienst abhängig: was. Dieser Dienst ist eventuell nicht installiert.
 

Error: (04/06/2014 10:31:46 PM) (Source: Service Control Manager) (User: )

Description: Der Dienst "Net.Msmq-Listeneradapter" ist von folgendem Dienst abhängig: msmq. Dieser Dienst ist eventuell nicht installiert.
 

Error: (04/06/2014 09:25:55 PM) (Source: DCOM) (User: )

Description: 1084wuauserv{E60687F7-01A1-40AA-86AC-DB1CBF673334}
 

Error: (04/06/2014 09:25:00 PM) (Source: Service Control Manager) (User: )

Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 

AFD

avipbb

avkmgr

CSC

DfsC

discache

NetBIOS

NetBT

nsiproxy

Psched

rdbss

spldr

ssmdrv

tdx

vpcnfltr

vpcvmm

vwififlt

Wanarpv6

WfpLwf
 
 

Microsoft Office Sessions:

=========================

Error: (02/24/2014 05:09:45 PM) (Source: Microsoft Office 12 Sessions)(User: )

Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6680.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 3049 seconds with 1980 seconds of active time.  This session ended with a crash.
 

Error: (02/19/2014 01:55:32 PM) (Source: Microsoft Office 12 Sessions)(User: )

Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 85 seconds with 60 seconds of active time.  This session ended with a crash.
 

Error: (02/10/2014 04:00:20 PM) (Source: Microsoft Office 12 Sessions)(User: )

Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6690.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 921 seconds with 60 seconds of active time.  This session ended with a crash.
 

Error: (02/06/2014 03:18:43 PM) (Source: Microsoft Office 12 Sessions)(User: )

Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6680.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 4 seconds with 0 seconds of active time.  This session ended with a crash.
 

Error: (01/25/2014 01:25:56 PM) (Source: Microsoft Office 12 Sessions)(User: )

Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6680.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 4 seconds with 0 seconds of active time.  This session ended with a crash.
 

Error: (01/20/2014 05:54:12 PM) (Source: Microsoft Office 12 Sessions)(User: )

Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6680.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 3 seconds with 0 seconds of active time.  This session ended with a crash.
 

Error: (10/19/2013 04:35:43 PM) (Source: Microsoft Office 12 Sessions)(User: )

Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 88 seconds with 0 seconds of active time.  This session ended with a crash.
 

Error: (10/07/2013 08:38:01 PM) (Source: Microsoft Office 12 Sessions)(User: )

Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6680.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 8 seconds with 0 seconds of active time.  This session ended with a crash.
 

Error: (10/04/2013 04:41:42 PM) (Source: Microsoft Office 12 Sessions)(User: )

Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6680.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 3 seconds with 0 seconds of active time.  This session ended with a crash.
 

Error: (09/08/2013 01:44:31 PM) (Source: Microsoft Office 12 Sessions)(User: )

Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6680.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 8 seconds with 0 seconds of active time.  This session ended with a crash.
 
 

==================== Memory info =========================== 
 

Percentage of memory in use: 83%

Total physical RAM: 984.57 MB

Available physical RAM: 162.48 MB

Total Pagefile: 7460.57 MB

Available Pagefile: 6135.66 MB

Total Virtual: 2047.88 MB

Available Virtual: 1898.57 MB
 

==================== Drives ================================
 

Drive c: () (Fixed) (Total:74.87 GB) (Free:25.51 GB) NTFS

Drive d: (Volume) (Fixed) (Total:74.08 GB) (Free:72.51 GB) NTFS
 

==================== MBR & Partition Table ==================
 

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149 GB) (Disk ID: CBE282ED)
 

Partition: GPT Partition Type.
 

==================== End Of Log ============================

Hier der GMER log:

Code:

GMER 2.1.19357 - hxxp://www.gmer.net

Rootkit scan 2014-04-07 12:20:42

Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD1600BEVT-22ZCT0 rev.11.01A11 149,05GB

Running: Gmer-19357.exe; Driver: C:\Users\Schmidt\AppData\Local\Temp\pwrirfoc.sys
 
 

---- System - GMER 2.1 ----
 

SSDT   8F0BEC76                                                                           ZwCreateSection

SSDT   8F0BEC80                                                                           ZwRequestWaitReplyPort

SSDT   8F0BEC7B                                                                           ZwSetContextThread

SSDT   8F0BEC85                                                                           ZwSetSecurityObject

SSDT   8F0BEC8A                                                                           ZwSystemDebugControl

SSDT   8F0BEC17                                                                           ZwTerminateProcess
 

---- Kernel code sections - GMER 2.1 ----
 

.text  ntkrnlpa.exe!ZwRollbackEnlistment + 142D                                           82E78A15 1 Byte  [06]

.text  ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                             82EB2212 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}

.text  ntkrnlpa.exe!KeRemoveQueueEx + 11F7                                                82EB958C 4 Bytes  [76, EC, 0B, 8F]

.text  ntkrnlpa.exe!KeRemoveQueueEx + 1553                                                82EB98E8 4 Bytes  [80, EC, 0B, 8F]

.text  ntkrnlpa.exe!KeRemoveQueueEx + 1597                                                82EB992C 4 Bytes  [7B, EC, 0B, 8F]

.text  ntkrnlpa.exe!KeRemoveQueueEx + 1613                                                82EB99A8 4 Bytes  [85, EC, 0B, 8F]

.text  ntkrnlpa.exe!KeRemoveQueueEx + 1667                                                82EB99FC 4 Bytes  [8A, EC, 0B, 8F]

.text  ...                                                                                
 

---- Registry - GMER 2.1 ----
 

Reg    HKLM\SYSTEM\CurrentControlSet\Control\Session Manager@PendingFileRenameOperations  ?????l???????????????????????????????????????|??????????????????????system32\drivers\volmgr.sys???????:??v????????h??????????????v???h???????????????????????????w?????????????????????????????????????n????????????????????keyboard.inf???????t??????$??|?????????e?????v?v?v???v?v?v??????????????????????????????? ???????t?????t?????t???? ???????????????s??????????s??????????????? ???????t???????????s??????????????????v???????????????s????????t?????????a???????l???????t????? ???????t???????????t?????????????? ???????????C:\ProgramData?????????????????????????????t???t????? ???????o?????t?????t??????????R????????s????R??t????????h?????????????????????????\SystemRoot\system32\DRIVERS\megasas.sys?i???????t??????p???nsiproxy???????t???t????SCSI Miniport?????R??t???????????d??megasas.inf_x86_neutral_395276dd9b7a7448?????t?t?t?t?t?t76???????????????e??? ???????t?????t?????t?????????????? ????????????t???t???????????????????t???????????r??? ???????t???????????t??????????????????????enableMSI=1????????????????????????????
 

---- EOF - GMER 2.1 ----

Vielen Dank schon mal!

hi,

Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

und ein frisches FRST log bitte.

Ok, also hier der mbam log:

Code:

Malwarebytes Anti-Malware

www.malwarebytes.org
 

Suchlauf Datum: 07.04.2014

Suchlauf-Zeit: 14:39:20

Logdatei: mbam.txt

Administrator: Ja
 

Version: 2.00.1.1004

Malware Datenbank: v2014.04.07.06

Rootkit Datenbank: v2014.03.27.01

Lizenz: Kostenlos

Malware Schutz: Deaktiviert

Bösartiger Webseiten Schutz: Deaktiviert

Chameleon: Deaktiviert
 

Betriebssystem: Windows 7 Service Pack 1

CPU: x86

Dateisystem: NTFS

Benutzer: Schmidt
 

Suchlauf-Art: Bedrohungs-Suchlauf

Ergebnis: Abgeschlossen

Durchsuchte Objekte: 259535

Verstrichene Zeit: 1 Std, 30 Min, 34 Sek
 

Speicher: Aktiviert

Autostart: Aktiviert

Dateisystem: Aktiviert

Archive: Aktiviert

Rootkits: Aktiviert

Shuriken: Aktiviert

PUP: Aktiviert

PUM: Aktiviert
 

Prozesse: 0

(No malicious items detected)
 

Module: 0

(No malicious items detected)
 

Registrierungsschlüssel: 0

(No malicious items detected)
 

Registrierungswerte: 0

(No malicious items detected)
 

Registrierungsdaten: 12

PUP.Optional.HelperBar.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|Default, hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=936e739d-aa4f-cad5-4dec-a34f97dfdc68&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=13/01/2014&type=hp1000, Gut: (www.google.com), Schlecht: (hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=936e739d-aa4f-cad5-4dec-a34f97dfdc68&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=13/01/2014&type=hp1000),Ersetzt,[47b9689832ce40c0dc04b25a13f14bb5]

PUP.Optional.HelperBar.A, HKU\S-1-5-21-1821403941-2808816676-4169380932-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=936e739d-aa4f-cad5-4dec-a34f97dfdc68&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=13/01/2014&type=hp1000, Gut: (www.google.com), Schlecht: (hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=936e739d-aa4f-cad5-4dec-a34f97dfdc68&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=13/01/2014&type=hp1000),Löschen bei Neustart,[ec143dc3b34db24eb52ec24a8a7add23]

PUP.Optional.HelperBar.A, HKU\S-1-5-21-1821403941-2808816676-4169380932-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=936e739d-aa4f-cad5-4dec-a34f97dfdc68&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=13/01/2014&type=hp1000, Gut: (hxxp://www.google.com), Schlecht: (hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=936e739d-aa4f-cad5-4dec-a34f97dfdc68&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=13/01/2014&type=hp1000),Löschen bei Neustart,[9c649a6645bb5fa14986d3438381d729]

PUP.Optional.HelperBar.A, HKU\S-1-5-21-1821403941-2808816676-4169380932-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=936e739d-aa4f-cad5-4dec-a34f97dfdc68&searchtype=hp&fr=linkury-tb&installDate=13/01/2014&type=hp1000, Gut: (www.google.com), Schlecht: (hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=936e739d-aa4f-cad5-4dec-a34f97dfdc68&searchtype=hp&fr=linkury-tb&installDate=13/01/2014&type=hp1000),Löschen bei Neustart,[af510cf457a950b0558fc844cb3943bd]

PUP.Optional.HelperBar.A, HKU\S-1-5-21-1821403941-2808816676-4169380932-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=936e739d-aa4f-cad5-4dec-a34f97dfdc68&searchtype=hp&fr=linkury-tb&installDate=13/01/2014&type=hp1000, Gut: (hxxp://www.google.com), Schlecht: (hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=936e739d-aa4f-cad5-4dec-a34f97dfdc68&searchtype=hp&fr=linkury-tb&installDate=13/01/2014&type=hp1000),Löschen bei Neustart,[c937f010af51728e8d43bc5a10f42bd5]

PUP.Optional.HelperBar.A, HKU\S-1-5-21-1821403941-2808816676-4169380932-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Bar, hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=936e739d-aa4f-cad5-4dec-a34f97dfdc68&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=13/01/2014&type=hp1000, Gut: (www.google.com), Schlecht: (hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=936e739d-aa4f-cad5-4dec-a34f97dfdc68&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=13/01/2014&type=hp1000),Löschen bei Neustart,[fe0210f08d73f808eaf8d933eb196c94]

PUP.Optional.HelperBar.A, HKU\S-1-5-21-1821403941-2808816676-4169380932-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Bar, hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=936e739d-aa4f-cad5-4dec-a34f97dfdc68&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=13/01/2014&type=hp1000, Gut: (hxxp://www.google.com), Schlecht: (hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=936e739d-aa4f-cad5-4dec-a34f97dfdc68&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=13/01/2014&type=hp1000),Löschen bei Neustart,[b050eb15fb05d927c5097b9b20e440c0]

PUP.Optional.HelperBar.A, HKU\S-1-5-21-1821403941-2808816676-4169380932-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|Default_Search_URL, hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=936e739d-aa4f-cad5-4dec-a34f97dfdc68&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=13/01/2014&type=hp1000, Gut: (www.google.com), Schlecht: (hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=936e739d-aa4f-cad5-4dec-a34f97dfdc68&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=13/01/2014&type=hp1000),Löschen bei Neustart,[ea16be420cf451afde07a5672cd8f30d]

PUP.Optional.HelperBar.A, HKU\S-1-5-21-1821403941-2808816676-4169380932-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|Default_Search_URL, hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=936e739d-aa4f-cad5-4dec-a34f97dfdc68&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=13/01/2014&type=hp1000, Gut: (hxxp://www.google.com), Schlecht: (hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=936e739d-aa4f-cad5-4dec-a34f97dfdc68&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=13/01/2014&type=hp1000),Löschen bei Neustart,[58a8837df60a8977ddf4d73f37cd4fb1]

PUP.Optional.HelperBar.A, HKU\S-1-5-21-1821403941-2808816676-4169380932-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|SearchAssistant, hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=936e739d-aa4f-cad5-4dec-a34f97dfdc68&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=13/01/2014&type=hp1000, Gut: (www.google.com), Schlecht: (hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=936e739d-aa4f-cad5-4dec-a34f97dfdc68&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=13/01/2014&type=hp1000),Löschen bei Neustart,[1fe1b54b44bc35cb25c16aa2d133f50b]

PUP.Optional.HelperBar.A, HKU\S-1-5-21-1821403941-2808816676-4169380932-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|SearchAssistant, hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=936e739d-aa4f-cad5-4dec-a34f97dfdc68&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=13/01/2014&type=hp1000, Gut: (hxxp://www.google.com), Schlecht: (hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=936e739d-aa4f-cad5-4dec-a34f97dfdc68&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=13/01/2014&type=hp1000),Löschen bei Neustart,[659bc73932cef10fe0f274a2a55f9070]

PUP.Optional.HelperBar.A, HKU\S-1-5-21-1821403941-2808816676-4169380932-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|Default, hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=936e739d-aa4f-cad5-4dec-a34f97dfdc68&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=13/01/2014&type=hp1000, Gut: (www.google.com), Schlecht: (hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=936e739d-aa4f-cad5-4dec-a34f97dfdc68&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=13/01/2014&type=hp1000),Löschen bei Neustart,[be42dc240bf58977c51c0a02dd27946c]
 

Ordner: 7

PUP.Optional.OpenCandy, C:\Users\Schmidt\AppData\Roaming\OpenCandy, In Quarantäne, [ba46b64ad030a45ca0d7431208fa18e8], 

PUP.Optional.OpenCandy, C:\Users\Schmidt\AppData\Roaming\OpenCandy\178C2818F83847B096DF989DE00F068B, In Quarantäne, [ba46b64ad030a45ca0d7431208fa18e8], 

PUP.Optional.OpenCandy, C:\Users\Schmidt\AppData\Roaming\OpenCandy\F3B37DC1AB704F1AA7CAD0F23988780A, In Quarantäne, [ba46b64ad030a45ca0d7431208fa18e8], 

PUP.Optional.IePluginService.A, C:\ProgramData\IePluginService, In Quarantäne, [e020d927c7399b65e5643226d62c6997], 

PUP.Optional.IePluginService.A, C:\ProgramData\IePluginService\update, In Quarantäne, [e020d927c7399b65e5643226d62c6997], 

PUP.Optional.WebsSearches.A, C:\Users\Schmidt\AppData\Roaming\webssearches, In Quarantäne, [926e8b75857b26da354f3c20be44629e], 

PUP.Optional.WebsSearches.A, C:\Users\Schmidt\AppData\Roaming\webssearches\images, In Quarantäne, [926e8b75857b26da354f3c20be44629e], 
 

Dateien: 14

PUP.Optional.Linkury.A, C:\Users\Schmidt\AppData\Roaming\OpenCandy\F3B37DC1AB704F1AA7CAD0F23988780A\Installer.exe, In Quarantäne, [56aac23e9d63d0300ba5866318ebdf21], 

PUP.Optional.Bundlore, C:\Users\Schmidt\Downloads\setup (1).exe, In Quarantäne, [827ede22fc04ff018c7d43aff40f966a], 

PUP.Optional.Bundlore, C:\Users\Schmidt\Downloads\setup.exe, In Quarantäne, [4db3a957eb154eb2c643b43ed92a2ad6], 

PUP.Optional.OpenCandy, C:\Users\Schmidt\AppData\Roaming\OpenCandy\178C2818F83847B096DF989DE00F068B\Trial-14.0.1000.89_de-DE_1004733_DE-2.exe, In Quarantäne, [ba46b64ad030a45ca0d7431208fa18e8], 

PUP.Optional.IePluginService.A, C:\ProgramData\IePluginService\update\conf, In Quarantäne, [e020d927c7399b65e5643226d62c6997], 

PUP.Optional.WebsSearches.A, C:\Users\Schmidt\AppData\Roaming\webssearches\92.json, In Quarantäne, [926e8b75857b26da354f3c20be44629e], 

PUP.Optional.WebsSearches.A, C:\Users\Schmidt\AppData\Roaming\webssearches\uninstallDlg.xml, In Quarantäne, [926e8b75857b26da354f3c20be44629e], 

PUP.Optional.WebsSearches.A, C:\Users\Schmidt\AppData\Roaming\webssearches\images\bg1.png, In Quarantäne, [926e8b75857b26da354f3c20be44629e], 

PUP.Optional.WebsSearches.A, C:\Users\Schmidt\AppData\Roaming\webssearches\images\button1.png, In Quarantäne, [926e8b75857b26da354f3c20be44629e], 

PUP.Optional.WebsSearches.A, C:\Users\Schmidt\AppData\Roaming\webssearches\images\checked.png, In Quarantäne, [926e8b75857b26da354f3c20be44629e], 

PUP.Optional.WebsSearches.A, C:\Users\Schmidt\AppData\Roaming\webssearches\images\close.png, In Quarantäne, [926e8b75857b26da354f3c20be44629e], 

PUP.Optional.WebsSearches.A, C:\Users\Schmidt\AppData\Roaming\webssearches\images\min.png, In Quarantäne, [926e8b75857b26da354f3c20be44629e], 

PUP.Optional.WebsSearches.A, C:\Users\Schmidt\AppData\Roaming\webssearches\images\Thumbs.db, In Quarantäne, [926e8b75857b26da354f3c20be44629e], 

PUP.Optional.WebsSearches.A, C:\Users\Schmidt\AppData\Roaming\webssearches\images\unchecked.png, In Quarantäne, [926e8b75857b26da354f3c20be44629e], 
 

Physische Sektoren: 0

(No malicious items detected)
 
 

(end)

Hier die adwcleaner log datei:

Code:

# AdwCleaner v3.023 - Bericht erstellt am 07/04/2014 um 14:55:04

# Aktualisiert 01/04/2014 von Xplode

# Betriebssystem : Windows 7 Enterprise Service Pack 1 (32 bits)

# Benutzername : Schmidt - SCHMIDT-PC

# Gestartet von : C:\Users\Schmidt\Desktop\adwcleaner.exe

# Option : Löschen
 

***** [ Dienste ] *****
 
 

***** [ Dateien / Ordner ] *****
 

Ordner Gelöscht : C:\ProgramData\WPM

Ordner Gelöscht : C:\Program Files\SupTab

Ordner Gelöscht : C:\Users\Schmidt\AppData\Local\CrashRpt

Ordner Gelöscht : C:\Users\Schmidt\AppData\Local\TempDir

Ordner Gelöscht : C:\Users\Schmidt\AppData\Roaming\dvdvideosoftiehelpers

Datei Gelöscht : C:\Users\Schmidt\AppData\Roaming\Mozilla\Firefox\Profiles\zr7mxhro.default\searchplugins\web-search.xml
 

***** [ Verknüpfungen ] *****
 
 

***** [ Registrierungsdatenbank ] *****
 

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\smartbar_rasapi32

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\smartbar_rasmancs

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_xmind (1)_RASAPI32

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_xmind (1)_RASMANCS

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_xmind_RASAPI32

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_xmind_RASMANCS

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}

Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]

Schlüssel Gelöscht : HKCU\Software\SmartBar

Schlüssel Gelöscht : HKCU\Software\Softonic

Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar
 

***** [ Browser ] *****
 

-\\ Internet Explorer v10.0.9200.16843
 
 

-\\ Mozilla Firefox v
 

[ Datei : C:\Users\Schmidt\AppData\Roaming\Mozilla\Firefox\Profiles\zr7mxhro.default\prefs.js ]
 

Zeile gelöscht : user_pref("extensions.enabledItems", "vshare@toolbar:1.0.0,{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20,{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23,{8AA36F4F-6DC7-4c06-77AF-5035170634FE}:2011.01.25[...]

Zeile gelöscht : user_pref("keyword.URL", "hxxp://vshare.toolbarhome.com/search.aspx?srch=ku&q=");

Zeile gelöscht : user_pref("vshare.install.date", "1287273600000");

Zeile gelöscht : user_pref("vshare.install.finished", "1.0.0");

Zeile gelöscht : user_pref("vshare.install.guid", "{bdf3a61d-7cd4-4f0f-91d7-13710216c161}");

Zeile gelöscht : user_pref("vshare.install.isHidden", true);

Zeile gelöscht : user_pref("vshare.install.istoolbarhp", true);

Zeile gelöscht : user_pref("vshare.install.istoolbarsearch", true);

Zeile gelöscht : user_pref("vshare.install.laststatreq", "1306368000000");

Zeile gelöscht : user_pref("vshare.install.newtab", false);
 

-\\ Google Chrome v33.0.1750.154
 

[ Datei : C:\Users\Schmidt\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 

*************************
 

AdwCleaner[R0].txt - [4022 octets] - [07/04/2014 14:52:41]

AdwCleaner[S0].txt - [3953 octets] - [07/04/2014 14:55:04]
 

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4013 octets] ##########

Hier der Inhalt der JRT.txt:

Code:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.1.4 (04.06.2014:1)

OS: Windows 7 Enterprise x86

Ran by Schmidt on 07.04.2014 at 15:04:23,69

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 

~~~ Services
 
 
 

~~~ Registry Values
 
 
 

~~~ Registry Keys
 
 
 

~~~ Files
 
 
 

~~~ Folders
 
 
 

~~~ Event Viewer Logs were cleared
 
 
 
 
 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on 07.04.2014 at 15:07:21,26

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Und hier noch der FRST log:

FRST Logfile:

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2014  01

Ran by Schmidt (administrator) on SCHMIDT-PC on 07-04-2014 15:11:11

Running from C:\Users\Schmidt\Desktop

Microsoft Windows 7 Enterprise  Service Pack 1 (X86) OS Language: German Standard

Internet Explorer Version 10

Boot Mode: Normal
 
 
 

==================== Processes (Whitelisted) =================
 

(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe

(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(Cisco Systems, Inc.) C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

(Microsoft Corporation) C:\Windows\System32\Eap3Host.exe

(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe

() C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe

(Schomäcker GmbH) C:\Program Files\Schomaecker\XPrint-Client\XPrint-Client-Service\XPrint-Client-Service.exe

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe

(Geek Software GmbH) C:\Program Files\pdf24\pdf24.exe

(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe

(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

(Schomäcker GmbH) C:\Program Files\Schomaecker\XPrint-Client\XPrint-Client-GUI\XPrint-Client-GUI.exe

(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
 
 

==================== Registry (Whitelisted) ==================
 

HKLM\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [35760 2011-01-31] (Adobe Systems Incorporated)

HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)

HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-11-28] (Apple Inc.)

HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152544 2012-12-12] (Apple Inc.)

HKLM\...\Run: [PDFPrint] - C:\Program Files\pdf24\pdf24.exe [163000 2012-12-12] (Geek Software GmbH)

HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)

HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-25] (Avira Operations GmbH & Co. KG)

HKU\S-1-5-21-1821403941-2808816676-4169380932-1000\...\Policies\system: [LogonHoursAction] 2

HKU\S-1-5-21-1821403941-2808816676-4169380932-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1

HKU\S-1-5-21-1821403941-2808816676-4169380932-1000\...\MountPoints2: {209f0af0-367a-11df-9d64-002622deffb2} - F:\LaunchU3.exe -a

HKU\S-1-5-21-1821403941-2808816676-4169380932-1000\...\MountPoints2: {e7eaa366-797a-11e0-8efd-dc2e1e0c14e7} - F:\AutoRun.exe

Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk

ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

Startup: C:\Users\Schmidt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk

ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
 

==================== Internet (Whitelisted) ====================
 

ProxyServer: proxy.uni-bonn.de:8080

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xCB1B98FD7DCACA01

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de

SearchScopes: HKLM - DefaultScope value is missing.

BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)

Tcpip\Parameters: [DhcpNameServer] 131.220.16.220 131.220.14.203
 

FireFox:

========

FF ProfilePath: C:\Users\Schmidt\AppData\Roaming\Mozilla\Firefox\Profiles\zr7mxhro.default

FF SelectedSearchEngine: Wikipedia (de)

FF Homepage: www.google.de

FF NetworkProxy: "backup.ftp", "proxy.uni-bonn.de"

FF NetworkProxy: "backup.ftp_port", 8081

FF NetworkProxy: "backup.socks", "proxy.uni-bonn.de"

FF NetworkProxy: "backup.socks_port", 8081

FF NetworkProxy: "backup.ssl", "proxy.uni-bonn.de"

FF NetworkProxy: "backup.ssl_port", 8081

FF NetworkProxy: "ftp", "proxy.uni-bonn.de"

FF NetworkProxy: "ftp_port", 8081

FF NetworkProxy: "http", "proxy.uni-bonn.de"

FF NetworkProxy: "http_port", 8081

FF NetworkProxy: "no_proxies_on", "uni-bonn.de, wikipedia.de, juris.de, beck.de, google.de, uni-karlsruhe.de"

FF NetworkProxy: "share_proxy_settings", true

FF NetworkProxy: "socks", "proxy.uni-bonn.de"

FF NetworkProxy: "socks_port", 8081

FF NetworkProxy: "ssl", "proxy.uni-bonn.de"

FF NetworkProxy: "ssl_port", 8081

FF NetworkProxy: "type", 0

FF NewTab: about:blank

FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll ()

FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)

FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll (Sun Microsystems, Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)

FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2011-01-03]

FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2011-01-19]

FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [2011-06-29]

FF HKCU\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff\

FF Extension: Download videos and MP3s from YouTube - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff\ []
 

Chrome: 

=======

CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\33.0.1750.154\PepperFlash\pepflashplayer.dll ()

CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer

CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll ()

CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\33.0.1750.154\pdf.dll ()

CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)

CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll No File

CHR Plugin: (Java Deployment Toolkit 7.0.510.13) - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

CHR Plugin: (Java(TM) Platform SE 7 U51) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)

CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll ()

CHR Extension: (Google Docs) - C:\Users\Schmidt\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-05]

CHR Extension: (Google Drive) - C:\Users\Schmidt\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-05]

CHR Extension: (YouTube) - C:\Users\Schmidt\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-04-05]

CHR Extension: (Google-Suche) - C:\Users\Schmidt\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-04-05]

CHR Extension: (DVDVideoSoft) - C:\Users\Schmidt\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp [2014-01-13]

CHR Extension: (Google Wallet) - C:\Users\Schmidt\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]

CHR Extension: (Citavi Picker) - C:\Users\Schmidt\AppData\Local\Google\Chrome\User Data\Default\Extensions\piehhloihgjjiomhieeddiidpekaajio [2013-05-03]

CHR Extension: (Google Mail) - C:\Users\Schmidt\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-04-05]

CHR HKLM\...\Chrome\Extension: [piehhloihgjjiomhieeddiidpekaajio] - C:\ProgramData\Swiss Academic Software\Citavi Picker\Chrome\ChromePicker.crx [2013-05-03]

CHR HKCU\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Program Files\Common Files\DVDVideoSoft\plugins\DVDVideoSoftBrowserExtension.crx [2014-01-13]
 

========================== Services (Whitelisted) =================
 

R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [440400 2014-02-25] (Avira Operations GmbH & Co. KG)

R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-25] (Avira Operations GmbH & Co. KG)

S4 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [1017424 2014-02-25] (Avira Operations GmbH & Co. KG)

R2 CVPND; C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [1528616 2010-03-23] (Cisco Systems, Inc.)

R2 PassThru Service; C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] ()

R2 XPrint-Client-Service; C:\Program Files\Schomaecker\XPrint-Client\XPrint-Client-Service\XPrint-Client-Service.exe [1501184 2008-09-30] (Schomäcker GmbH)
 

==================== Drivers (Whitelisted) ====================
 

R3 ACPIVPC; C:\Windows\System32\DRIVERS\AcpiVpc.sys [23136 2010-01-20] (Lenovo Corporation)

S3 AVerAF35; C:\Windows\System32\Drivers\AVerAF35.sys [769024 2012-11-29] (AVerMedia TECHNOLOGIES, Inc.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [90400 2014-02-25] (Avira Operations GmbH & Co. KG)

R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135648 2014-02-25] (Avira Operations GmbH & Co. KG)

R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2014-02-25] (Avira Operations GmbH & Co. KG)

S3 CVirtA; C:\Windows\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.)

R2 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [308859 2010-03-23] (Cisco Systems, Inc.)

R3 DNE; C:\Windows\System32\DRIVERS\dne2000.sys [131984 2008-11-16] (Deterministic Networks, Inc.)

S3 HtcVCom32; C:\Windows\System32\DRIVERS\HtcVComV32.sys [103424 2009-01-24] (QUALCOMM Incorporated)

R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2014-02-25] (Avira GmbH)

S3 VNUSB; C:\Windows\System32\DRIVERS\VNUSB.sys [38496 2006-04-07] (OLYMPUS IMAGING CORP.)

R3 vpcbus; C:\Windows\System32\DRIVERS\vpchbus.sys [172416 2010-11-20] (Microsoft Corporation)

R1 vpcnfltr; C:\Windows\System32\DRIVERS\vpcnfltr.sys [48128 2010-11-20] (Microsoft Corporation)

R3 vpcusb; C:\Windows\System32\DRIVERS\vpcusb.sys [78336 2010-11-20] (Microsoft Corporation)

R1 vpcvmm; C:\Windows\System32\drivers\vpcvmm.sys [296064 2010-11-20] (Microsoft Corporation)

S3 massfilter; system32\drivers\massfilter.sys [X]

S3 massfilter_hs; system32\drivers\massfilter_hs.sys [X]

S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]

S3 tsusbhub; system32\drivers\tsusbhub.sys [X]

S3 VGPU; System32\drivers\rdvgkmd.sys [X]

S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [X]

S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X]

S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [X]
 

==================== NetSvcs (Whitelisted) ===================
 
 

==================== One Month Created Files and Folders ========
 

2014-04-07 15:11 - 2014-04-07 15:11 - 00015000 _____ () C:\Users\Schmidt\Desktop\FRST.txt

2014-04-07 15:07 - 2014-04-07 15:07 - 00000625 _____ () C:\Users\Schmidt\Desktop\JRT.txt

2014-04-07 15:03 - 2014-04-07 15:03 - 00000000 ____D () C:\Windows\ERUNT

2014-04-07 15:01 - 2014-04-07 15:01 - 01016261 _____ (Thisisu) C:\Users\Schmidt\Downloads\JRT.exe

2014-04-07 15:01 - 2014-04-07 15:01 - 01016261 _____ (Thisisu) C:\Users\Schmidt\Desktop\JRT.exe

2014-04-07 14:58 - 2014-04-07 14:58 - 00004093 _____ () C:\Users\Schmidt\Desktop\AdwCleaner[S0].txt

2014-04-07 14:52 - 2014-04-07 14:55 - 00000000 ____D () C:\AdwCleaner

2014-04-07 14:52 - 2014-04-07 14:51 - 01426178 _____ () C:\Users\Schmidt\Desktop\adwcleaner.exe

2014-04-07 14:51 - 2014-04-07 14:51 - 01426178 _____ () C:\Users\Schmidt\Downloads\adwcleaner.exe

2014-04-07 14:50 - 2014-04-07 14:50 - 00011615 _____ () C:\Users\Schmidt\Desktop\mbam.txt

2014-04-07 14:43 - 2014-04-07 14:57 - 00000112 _____ () C:\Windows\setupact.log

2014-04-07 14:43 - 2014-04-07 14:43 - 00000000 _____ () C:\Windows\setuperr.log

2014-04-07 14:42 - 2014-04-07 14:57 - 00106072 _____ () C:\Windows\PFRO.log

2014-04-07 13:05 - 2014-04-07 14:48 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-04-07 13:04 - 2014-04-07 13:07 - 00001064 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-04-07 13:04 - 2014-04-07 13:07 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware

2014-04-07 13:04 - 2014-04-07 13:04 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-04-07 13:04 - 2014-04-03 09:51 - 00073432 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2014-04-07 13:04 - 2014-04-03 09:51 - 00051416 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2014-04-07 13:04 - 2014-04-03 09:50 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2014-04-07 13:02 - 2014-04-07 13:03 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\Schmidt\Downloads\mbam-setup-2.0.0.1000.exe

2014-04-07 12:20 - 2014-04-07 12:20 - 00003285 _____ () C:\Users\Schmidt\Desktop\gmer.txt

2014-04-07 12:03 - 2014-04-07 12:03 - 00380416 _____ () C:\Users\Schmidt\Downloads\Gmer-19357.exe

2014-04-07 12:03 - 2014-04-07 12:03 - 00380416 _____ () C:\Users\Schmidt\Desktop\Gmer-19357.exe

2014-04-07 11:55 - 2014-04-07 11:56 - 00025973 _____ () C:\Users\Schmidt\Desktop\Addition.txt

2014-04-07 11:54 - 2014-04-07 15:11 - 00000000 ____D () C:\FRST

2014-04-07 11:52 - 2014-04-07 11:52 - 01145856 _____ (Farbar) C:\Users\Schmidt\Desktop\FRST.exe

2014-04-07 11:50 - 2014-04-07 11:51 - 00000476 _____ () C:\Users\Schmidt\Downloads\defogger_disable.log

2014-04-07 11:50 - 2014-04-07 11:50 - 00000000 _____ () C:\Users\Schmidt\defogger_reenable

2014-04-07 11:48 - 2014-04-07 11:49 - 00050477 _____ () C:\Users\Schmidt\Downloads\Defogger.exe

2014-04-06 22:12 - 2014-04-07 14:58 - 00001096 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-04-06 22:12 - 2014-04-07 14:23 - 00001100 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-04-06 22:00 - 2014-04-06 22:00 - 00000000 ____D () C:\Users\Schmidt\AppData\Roaming\Avira

2014-04-06 21:58 - 2014-04-06 21:58 - 00000000 ____D () C:\Program Files\Avira

2014-04-06 21:58 - 2014-02-25 11:41 - 00135648 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys

2014-04-06 21:58 - 2014-02-25 11:41 - 00090400 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys

2014-04-06 21:58 - 2014-02-25 11:41 - 00037352 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys

2014-04-06 21:58 - 2014-02-25 11:41 - 00028520 _____ (Avira GmbH) C:\Windows\system32\Drivers\ssmdrv.sys

2014-04-05 16:37 - 2014-04-06 22:12 - 00000000 ____D () C:\Users\Schmidt\AppData\Local\Deployment

2014-04-05 16:37 - 2014-04-06 22:11 - 00000000 ____D () C:\Users\Schmidt\AppData\Local\Apps\2.0

2014-03-28 23:01 - 2014-03-28 23:01 - 00000000 ____D () C:\ProgramData\AVerTV

2014-03-27 13:22 - 2014-03-27 13:22 - 00015592 _____ () C:\Users\Schmidt\Downloads\dokument_randziffern_2010.zip

2014-03-15 23:26 - 2012-11-29 08:05 - 00769024 _____ (AVerMedia TECHNOLOGIES, Inc.) C:\Windows\system32\Drivers\AVerAF35.sys

2014-03-15 23:20 - 2012-12-14 12:16 - 00000000 ____D () C:\Users\Schmidt\Downloads\A835_AP6.5.2.12120702_Drv8.2.x.64(8.0.x.65+2.3.x.28)

2014-03-15 23:18 - 2014-03-15 23:20 - 69272753 _____ () C:\Users\Schmidt\Downloads\A835_AP6.5.2.12120702_Drv8.2.x.64_121214.exe

2014-03-15 23:10 - 2014-03-15 23:11 - 02594368 _____ (AVerMedia TECHNOLOGIES, Inc.) C:\Users\Schmidt\Downloads\InstalDrv_A835_Win7_x86_V8.0.0.70_140114.exe

2014-03-14 11:32 - 2014-02-23 08:54 - 01767936 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2014-03-14 11:32 - 2014-02-23 08:54 - 01140736 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2014-03-14 11:32 - 2014-02-23 08:54 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2014-03-14 11:32 - 2014-02-23 08:53 - 14358016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-03-14 11:32 - 2014-02-23 08:53 - 13761024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2014-03-14 11:32 - 2014-02-23 08:53 - 02877952 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2014-03-14 11:32 - 2014-02-23 08:53 - 02049024 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2014-03-14 11:32 - 2014-02-23 08:53 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll

2014-03-14 11:32 - 2014-02-23 08:53 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2014-03-14 11:32 - 2014-02-23 08:53 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2014-03-14 11:32 - 2014-02-23 08:53 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2014-03-14 11:32 - 2014-02-23 08:53 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll

2014-03-14 11:32 - 2014-02-23 08:53 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2014-03-14 11:32 - 2014-02-23 08:53 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2014-03-14 11:32 - 2014-02-23 08:53 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2014-03-14 11:32 - 2014-02-23 08:31 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-03-14 11:32 - 2014-02-23 07:35 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe

2014-03-14 02:26 - 2014-02-07 03:07 - 02349056 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2014-03-14 02:26 - 2014-02-04 04:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll

2014-03-14 02:26 - 2014-02-04 04:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll

2014-03-14 02:26 - 2014-01-29 04:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll

2014-03-14 02:26 - 2014-01-28 04:07 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
 

==================== One Month Modified Files and Folders =======
 

2014-04-07 15:13 - 2014-04-07 15:11 - 00015000 _____ () C:\Users\Schmidt\Desktop\FRST.txt

2014-04-07 15:11 - 2014-04-07 11:54 - 00000000 ____D () C:\FRST

2014-04-07 15:07 - 2014-04-07 15:07 - 00000625 _____ () C:\Users\Schmidt\Desktop\JRT.txt

2014-04-07 15:05 - 2009-07-14 06:34 - 00017088 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-04-07 15:05 - 2009-07-14 06:34 - 00017088 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-04-07 15:03 - 2014-04-07 15:03 - 00000000 ____D () C:\Windows\ERUNT

2014-04-07 15:03 - 2010-03-23 13:44 - 01629444 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-04-07 15:01 - 2014-04-07 15:01 - 01016261 _____ (Thisisu) C:\Users\Schmidt\Downloads\JRT.exe

2014-04-07 15:01 - 2014-04-07 15:01 - 01016261 _____ (Thisisu) C:\Users\Schmidt\Desktop\JRT.exe

2014-04-07 14:58 - 2014-04-07 14:58 - 00004093 _____ () C:\Users\Schmidt\Desktop\AdwCleaner[S0].txt

2014-04-07 14:58 - 2014-04-06 22:12 - 00001096 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-04-07 14:57 - 2014-04-07 14:43 - 00000112 _____ () C:\Windows\setupact.log

2014-04-07 14:57 - 2014-04-07 14:42 - 00106072 _____ () C:\Windows\PFRO.log

2014-04-07 14:57 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-04-07 14:56 - 2010-03-23 13:35 - 01703669 _____ () C:\Windows\WindowsUpdate.log

2014-04-07 14:55 - 2014-04-07 14:52 - 00000000 ____D () C:\AdwCleaner

2014-04-07 14:51 - 2014-04-07 14:52 - 01426178 _____ () C:\Users\Schmidt\Desktop\adwcleaner.exe

2014-04-07 14:51 - 2014-04-07 14:51 - 01426178 _____ () C:\Users\Schmidt\Downloads\adwcleaner.exe

2014-04-07 14:50 - 2014-04-07 14:50 - 00011615 _____ () C:\Users\Schmidt\Desktop\mbam.txt

2014-04-07 14:48 - 2014-04-07 13:05 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-04-07 14:43 - 2014-04-07 14:43 - 00000000 _____ () C:\Windows\setuperr.log

2014-04-07 14:42 - 2012-08-27 15:40 - 00000000 ____D () C:\Program Files\Google

2014-04-07 14:23 - 2014-04-06 22:12 - 00001100 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-04-07 14:19 - 2013-02-27 11:49 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2014-04-07 13:25 - 2011-11-14 22:29 - 00000000 ____D () C:\Users\Schmidt\Desktop\Blandat

2014-04-07 13:07 - 2014-04-07 13:04 - 00001064 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-04-07 13:07 - 2014-04-07 13:04 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware

2014-04-07 13:04 - 2014-04-07 13:04 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-04-07 13:03 - 2014-04-07 13:02 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\Schmidt\Downloads\mbam-setup-2.0.0.1000.exe

2014-04-07 12:20 - 2014-04-07 12:20 - 00003285 _____ () C:\Users\Schmidt\Desktop\gmer.txt

2014-04-07 12:03 - 2014-04-07 12:03 - 00380416 _____ () C:\Users\Schmidt\Downloads\Gmer-19357.exe

2014-04-07 12:03 - 2014-04-07 12:03 - 00380416 _____ () C:\Users\Schmidt\Desktop\Gmer-19357.exe

2014-04-07 11:56 - 2014-04-07 11:55 - 00025973 _____ () C:\Users\Schmidt\Desktop\Addition.txt

2014-04-07 11:52 - 2014-04-07 11:52 - 01145856 _____ (Farbar) C:\Users\Schmidt\Desktop\FRST.exe

2014-04-07 11:51 - 2014-04-07 11:50 - 00000476 _____ () C:\Users\Schmidt\Downloads\defogger_disable.log

2014-04-07 11:50 - 2014-04-07 11:50 - 00000000 _____ () C:\Users\Schmidt\defogger_reenable

2014-04-07 11:50 - 2010-03-23 13:40 - 00000000 ____D () C:\Users\Schmidt

2014-04-07 11:49 - 2014-04-07 11:48 - 00050477 _____ () C:\Users\Schmidt\Downloads\Defogger.exe

2014-04-07 11:38 - 2014-03-05 16:24 - 00000000 ____D () C:\ProgramData\EPSON

2014-04-07 11:06 - 2010-12-04 20:23 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information

2014-04-07 11:05 - 2010-12-04 19:51 - 00000000 ____D () C:\Windows\Driver Cache

2014-04-06 22:12 - 2014-04-05 16:37 - 00000000 ____D () C:\Users\Schmidt\AppData\Local\Deployment

2014-04-06 22:11 - 2014-04-05 16:37 - 00000000 ____D () C:\Users\Schmidt\AppData\Local\Apps\2.0

2014-04-06 22:10 - 2011-12-08 15:44 - 00000000 ____D () C:\Users\Schmidt\AppData\Local\Google

2014-04-06 22:00 - 2014-04-06 22:00 - 00000000 ____D () C:\Users\Schmidt\AppData\Roaming\Avira

2014-04-06 21:58 - 2014-04-06 21:58 - 00000000 ____D () C:\Program Files\Avira

2014-04-06 21:58 - 2013-08-07 12:43 - 00000000 ____D () C:\ProgramData\Avira

2014-04-06 21:44 - 2009-07-14 06:52 - 00000000 ____D () C:\Windows\system32\FxsTmp

2014-04-06 21:40 - 2013-05-03 17:49 - 00000000 ____D () C:\Users\Schmidt\Documents\Citavi 4

2014-04-06 21:30 - 2013-05-03 17:47 - 00000000 ____D () C:\Users\Schmidt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Citavi 4

2014-04-06 21:30 - 2013-04-12 14:47 - 00000000 ____D () C:\Users\Administrator

2014-04-06 21:30 - 2012-07-25 00:02 - 00000000 ____D () C:\Users\Schmidt\AppData\Roaming\vlc

2014-04-06 21:30 - 2012-07-25 00:02 - 00000000 ____D () C:\Users\Schmidt\AppData\Roaming\dvdcss

2014-04-06 21:30 - 2010-03-23 13:40 - 00000000 ___RD () C:\Users\Schmidt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance

2014-04-06 21:30 - 2010-03-23 13:40 - 00000000 ___RD () C:\Users\Schmidt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories

2014-04-06 21:30 - 2009-07-14 11:14 - 00000000 ___RD () C:\Users\Public\Recorded TV

2014-04-06 21:30 - 2009-07-14 04:37 - 00000000 ___HD () C:\Windows\system32\GroupPolicy

2014-04-06 21:30 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\wfp

2014-04-06 21:30 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\registration

2014-04-06 21:30 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\AppCompat

2014-04-06 13:10 - 2010-04-24 15:37 - 00000000 ____D () C:\Windows\Minidump

2014-04-03 09:51 - 2014-04-07 13:04 - 00073432 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2014-04-03 09:51 - 2014-04-07 13:04 - 00051416 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2014-04-03 09:50 - 2014-04-07 13:04 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2014-04-02 11:01 - 2013-10-23 15:12 - 00000000 _____ () C:\Users\Schmidt\juraerror.log

2014-03-28 23:01 - 2014-03-28 23:01 - 00000000 ____D () C:\ProgramData\AVerTV

2014-03-27 13:23 - 2011-09-02 15:38 - 00018940 _____ () C:\Users\Schmidt\Desktop\dokument_randziffern_2010.dotx

2014-03-27 13:22 - 2014-03-27 13:22 - 00015592 _____ () C:\Users\Schmidt\Downloads\dokument_randziffern_2010.zip

2014-03-25 00:38 - 2010-12-04 22:41 - 00000064 _____ () C:\Windows\AVerText.ini

2014-03-20 11:40 - 2013-07-14 09:44 - 00000000 ____D () C:\Windows\system32\MRT

2014-03-20 11:33 - 2010-03-23 14:04 - 87350280 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2014-03-15 23:20 - 2014-03-15 23:18 - 69272753 _____ () C:\Users\Schmidt\Downloads\A835_AP6.5.2.12120702_Drv8.2.x.64_121214.exe

2014-03-15 23:11 - 2014-03-15 23:10 - 02594368 _____ (AVerMedia TECHNOLOGIES, Inc.) C:\Users\Schmidt\Downloads\InstalDrv_A835_Win7_x86_V8.0.0.70_140114.exe

2014-03-15 14:10 - 2010-03-23 13:31 - 00000000 ____D () C:\Windows\Panther

2014-03-14 15:42 - 2009-07-14 06:33 - 00418768 _____ () C:\Windows\system32\FNTCACHE.DAT

2014-03-14 15:41 - 2013-01-02 01:48 - 00000000 ____D () C:\Program Files\Microsoft Silverlight

2014-03-14 11:31 - 2010-03-23 13:54 - 00000000 ____D () C:\ProgramData\Microsoft Help

2014-03-12 13:19 - 2013-02-27 11:49 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe

2014-03-12 13:19 - 2013-02-27 11:49 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
 

Files to move or delete:

====================

C:\Users\Vpn Client\vpnclient-win-msi-5.0.06.0110-k9.exe
 
 

Some content of TEMP:

====================

C:\Users\Schmidt\AppData\Local\Temp\avgnt.exe

C:\Users\Schmidt\AppData\Local\Temp\Quarantine.exe
 
 

==================== Bamital & volsnap Check =================
 

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\system32\winlogon.exe => MD5 is legit

C:\Windows\system32\wininit.exe => MD5 is legit

C:\Windows\system32\svchost.exe => MD5 is legit

C:\Windows\system32\services.exe => MD5 is legit

C:\Windows\system32\User32.dll => MD5 is legit

C:\Windows\system32\userinit.exe => MD5 is legit

C:\Windows\system32\rpcss.dll => MD5 is legit

C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit
 
 

LastRegBack: 2014-03-31 13:58
 

==================== End Of Log ============================

--- --- ---

--- --- ---

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)

hi schrauber,

der Computer läuft vllt. einen Tick schneller als sonst, Probleme habe ich keine mehr. Danke schon mal für die Hilfestellung.

Also, ich habe ESET laufen lassen, es lief auch alles ohne Probleme, allerdings findet sich in dem ESET Ordner keine .txt Datei. Außerdem finde ich das Programm unter der Systemsteuerung nicht. Der Scan wurde allerdings mit dem Hinweis "no threats found" beendet.

Hier der security check log:

Code:

 Results of screen317's Security Check version 0.99.81  

 Windows 7 Service Pack 1 x86 (UAC is disabled!)  

 Internet Explorer 10 Out of date! 
 ``````````````Antivirus/Firewall Check:`````````````` 

Avira Desktop   

 Antivirus up to date!   
 `````````Anti-malware/Other Utilities Check:````````` 

 CCleaner     

 Java(TM) 6 Update 26  

 Java(TM) 6 Update 22  

 Java 7 Update 51  

 Adobe Flash Player 10 Flash Player out of Date! 

 Adobe Flash Player         12.0.0.77  

 Adobe Reader 9 Adobe Reader out of Date! 

 Google Chrome 33.0.1750.154  
 ````````Process Check: objlist.exe by Laurent````````  

 Avira Antivir avgnt.exe 

 Avira Antivir avguard.exe 
 `````````````````System Health check````````````````` 

 Total Fragmentation on Drive C:  
 ````````````````````End of Log``````````````````````

Und der frische FRST log:

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2014  01 (ATTENTION: ====> FRST version is 26 days old and could be outdated)

Ran by Schmidt (administrator) on SCHMIDT-PC on 08-04-2014 14:19:10

Running from C:\Users\Schmidt\Desktop\AntiVirenstuff

Microsoft Windows 7 Enterprise  Service Pack 1 (X86) OS Language: German Standard

Internet Explorer Version 10

Boot Mode: Normal
 
 
 

==================== Processes (Whitelisted) =================
 

(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe

(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(Cisco Systems, Inc.) C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

(Microsoft Corporation) C:\Windows\System32\Eap3Host.exe

(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe

() C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe

(Schomäcker GmbH) C:\Program Files\Schomaecker\XPrint-Client\XPrint-Client-Service\XPrint-Client-Service.exe

(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

(Microsoft Corporation) C:\Windows\System32\Eap3Host.exe

(Microsoft Corporation) C:\Windows\System32\Eap3Host.exe

(Microsoft Corporation) C:\Windows\System32\Eap3Host.exe

(Microsoft Corporation) C:\Windows\System32\Eap3Host.exe

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe

(Geek Software GmbH) C:\Program Files\pdf24\pdf24.exe

(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe

(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

(Schomäcker GmbH) C:\Program Files\Schomaecker\XPrint-Client\XPrint-Client-GUI\XPrint-Client-GUI.exe

(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
 
 

==================== Registry (Whitelisted) ==================
 

HKLM\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [35760 2011-01-31] (Adobe Systems Incorporated)

HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)

HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-11-28] (Apple Inc.)

HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152544 2012-12-12] (Apple Inc.)

HKLM\...\Run: [PDFPrint] - C:\Program Files\pdf24\pdf24.exe [163000 2012-12-12] (Geek Software GmbH)

HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)

HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-25] (Avira Operations GmbH & Co. KG)

HKU\S-1-5-21-1821403941-2808816676-4169380932-1000\...\Policies\system: [LogonHoursAction] 2

HKU\S-1-5-21-1821403941-2808816676-4169380932-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1

HKU\S-1-5-21-1821403941-2808816676-4169380932-1000\...\MountPoints2: {209f0af0-367a-11df-9d64-002622deffb2} - F:\LaunchU3.exe -a

HKU\S-1-5-21-1821403941-2808816676-4169380932-1000\...\MountPoints2: {e7eaa366-797a-11e0-8efd-dc2e1e0c14e7} - F:\AutoRun.exe

Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk

ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

Startup: C:\Users\Schmidt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk

ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
 

==================== Internet (Whitelisted) ====================
 

ProxyServer: proxy.uni-bonn.de:8080

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xCB1B98FD7DCACA01

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de

SearchScopes: HKLM - DefaultScope value is missing.

SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)

Tcpip\Parameters: [DhcpNameServer] 131.220.16.220 131.220.14.203
 

FireFox:

========

FF ProfilePath: C:\Users\Schmidt\AppData\Roaming\Mozilla\Firefox\Profiles\zr7mxhro.default

FF SelectedSearchEngine: Wikipedia (de)

FF Homepage: www.google.de

FF NetworkProxy: "backup.ftp", "proxy.uni-bonn.de"

FF NetworkProxy: "backup.ftp_port", 8081

FF NetworkProxy: "backup.socks", "proxy.uni-bonn.de"

FF NetworkProxy: "backup.socks_port", 8081

FF NetworkProxy: "backup.ssl", "proxy.uni-bonn.de"

FF NetworkProxy: "backup.ssl_port", 8081

FF NetworkProxy: "ftp", "proxy.uni-bonn.de"

FF NetworkProxy: "ftp_port", 8081

FF NetworkProxy: "http", "proxy.uni-bonn.de"

FF NetworkProxy: "http_port", 8081

FF NetworkProxy: "no_proxies_on", "uni-bonn.de, wikipedia.de, juris.de, beck.de, google.de, uni-karlsruhe.de"

FF NetworkProxy: "share_proxy_settings", true

FF NetworkProxy: "socks", "proxy.uni-bonn.de"

FF NetworkProxy: "socks_port", 8081

FF NetworkProxy: "ssl", "proxy.uni-bonn.de"

FF NetworkProxy: "ssl_port", 8081

FF NetworkProxy: "type", 0

FF NewTab: about:blank

FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll ()

FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)

FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll (Sun Microsystems, Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)

FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2011-01-03]

FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2011-01-19]

FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [2011-06-29]

FF HKCU\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff\

FF Extension: Download videos and MP3s from YouTube - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff\ []
 

Chrome: 

=======

CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\33.0.1750.154\PepperFlash\pepflashplayer.dll ()

CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer

CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll ()

CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\33.0.1750.154\pdf.dll ()

CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)

CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll No File

CHR Plugin: (Java Deployment Toolkit 7.0.510.13) - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

CHR Plugin: (Java(TM) Platform SE 7 U51) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)

CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll ()

CHR Extension: (Google Docs) - C:\Users\Schmidt\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-05]

CHR Extension: (Google Drive) - C:\Users\Schmidt\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-05]

CHR Extension: (YouTube) - C:\Users\Schmidt\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-04-05]

CHR Extension: (Google-Suche) - C:\Users\Schmidt\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-04-05]

CHR Extension: (DVDVideoSoft) - C:\Users\Schmidt\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp [2014-01-13]

CHR Extension: (Google Wallet) - C:\Users\Schmidt\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]

CHR Extension: (Citavi Picker) - C:\Users\Schmidt\AppData\Local\Google\Chrome\User Data\Default\Extensions\piehhloihgjjiomhieeddiidpekaajio [2013-05-03]

CHR Extension: (Google Mail) - C:\Users\Schmidt\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-04-05]

CHR HKLM\...\Chrome\Extension: [piehhloihgjjiomhieeddiidpekaajio] - C:\ProgramData\Swiss Academic Software\Citavi Picker\Chrome\ChromePicker.crx [2013-05-03]

CHR HKCU\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Program Files\Common Files\DVDVideoSoft\plugins\DVDVideoSoftBrowserExtension.crx [2014-01-13]
 

========================== Services (Whitelisted) =================
 

R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [440400 2014-02-25] (Avira Operations GmbH & Co. KG)

R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-25] (Avira Operations GmbH & Co. KG)

S4 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [1017424 2014-02-25] (Avira Operations GmbH & Co. KG)

R2 CVPND; C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [1528616 2010-03-23] (Cisco Systems, Inc.)

R2 PassThru Service; C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] ()

R2 XPrint-Client-Service; C:\Program Files\Schomaecker\XPrint-Client\XPrint-Client-Service\XPrint-Client-Service.exe [1501184 2008-09-30] (Schomäcker GmbH)
 

==================== Drivers (Whitelisted) ====================
 

R3 ACPIVPC; C:\Windows\System32\DRIVERS\AcpiVpc.sys [23136 2010-01-20] (Lenovo Corporation)

S3 AVerAF35; C:\Windows\System32\Drivers\AVerAF35.sys [769024 2012-11-29] (AVerMedia TECHNOLOGIES, Inc.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [90400 2014-02-25] (Avira Operations GmbH & Co. KG)

R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135648 2014-02-25] (Avira Operations GmbH & Co. KG)

R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2014-02-25] (Avira Operations GmbH & Co. KG)

S3 CVirtA; C:\Windows\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.)

R2 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [308859 2010-03-23] (Cisco Systems, Inc.)

R3 DNE; C:\Windows\System32\DRIVERS\dne2000.sys [131984 2008-11-16] (Deterministic Networks, Inc.)

S3 HtcVCom32; C:\Windows\System32\DRIVERS\HtcVComV32.sys [103424 2009-01-24] (QUALCOMM Incorporated)

R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2014-02-25] (Avira GmbH)

S3 VNUSB; C:\Windows\System32\DRIVERS\VNUSB.sys [38496 2006-04-07] (OLYMPUS IMAGING CORP.)

R3 vpcbus; C:\Windows\System32\DRIVERS\vpchbus.sys [172416 2010-11-20] (Microsoft Corporation)

R1 vpcnfltr; C:\Windows\System32\DRIVERS\vpcnfltr.sys [48128 2010-11-20] (Microsoft Corporation)

R3 vpcusb; C:\Windows\System32\DRIVERS\vpcusb.sys [78336 2010-11-20] (Microsoft Corporation)

R1 vpcvmm; C:\Windows\System32\drivers\vpcvmm.sys [296064 2010-11-20] (Microsoft Corporation)

S3 massfilter; system32\drivers\massfilter.sys [X]

S3 massfilter_hs; system32\drivers\massfilter_hs.sys [X]

S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]

S3 tsusbhub; system32\drivers\tsusbhub.sys [X]

S3 VGPU; System32\drivers\rdvgkmd.sys [X]

S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [X]

S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X]

S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [X]
 

==================== NetSvcs (Whitelisted) ===================
 
 

==================== One Month Created Files and Folders ========
 

2014-04-08 14:15 - 2014-04-08 14:15 - 00987448 _____ () C:\Users\Schmidt\Downloads\SecurityCheck.exe

2014-04-08 14:15 - 2014-04-08 14:15 - 00987448 _____ () C:\Users\Schmidt\Desktop\SecurityCheck.exe

2014-04-08 12:25 - 2014-04-08 12:25 - 00000000 ____D () C:\Program Files\ESET

2014-04-08 12:22 - 2014-04-08 12:22 - 02347384 _____ (ESET) C:\Users\Schmidt\Downloads\esetsmartinstaller_enu.exe

2014-04-08 12:22 - 2014-04-08 12:22 - 02347384 _____ (ESET) C:\Users\Schmidt\Desktop\esetsmartinstaller_enu.exe

2014-04-08 10:34 - 2014-04-08 14:19 - 00000000 ____D () C:\Users\Schmidt\Desktop\AntiVirenstuff

2014-04-07 16:58 - 2014-04-08 14:09 - 00001100 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-04-07 16:58 - 2014-04-07 17:09 - 00001096 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-04-07 16:50 - 2014-04-07 16:50 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google

2014-04-07 16:30 - 2014-04-07 16:30 - 00069240 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys

2014-04-07 15:03 - 2014-04-07 15:03 - 00000000 ____D () C:\Windows\ERUNT

2014-04-07 15:01 - 2014-04-07 15:01 - 01016261 _____ (Thisisu) C:\Users\Schmidt\Downloads\JRT.exe

2014-04-07 14:52 - 2014-04-07 14:55 - 00000000 ____D () C:\AdwCleaner

2014-04-07 14:51 - 2014-04-07 14:51 - 01426178 _____ () C:\Users\Schmidt\Downloads\adwcleaner.exe

2014-04-07 13:05 - 2014-04-07 14:48 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-04-07 13:04 - 2014-04-07 13:07 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware

2014-04-07 13:04 - 2014-04-07 13:04 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-04-07 13:04 - 2014-04-03 09:51 - 00073432 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2014-04-07 13:04 - 2014-04-03 09:51 - 00051416 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2014-04-07 13:04 - 2014-04-03 09:50 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2014-04-07 13:02 - 2014-04-07 13:03 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\Schmidt\Downloads\mbam-setup-2.0.0.1000.exe

2014-04-07 12:03 - 2014-04-07 12:03 - 00380416 _____ () C:\Users\Schmidt\Downloads\Gmer-19357.exe

2014-04-07 11:54 - 2014-04-08 14:19 - 00000000 ____D () C:\FRST

2014-04-07 11:50 - 2014-04-07 11:51 - 00000476 _____ () C:\Users\Schmidt\Downloads\defogger_disable.log

2014-04-07 11:50 - 2014-04-07 11:50 - 00000000 _____ () C:\Users\Schmidt\defogger_reenable

2014-04-07 11:48 - 2014-04-07 11:49 - 00050477 _____ () C:\Users\Schmidt\Downloads\Defogger.exe

2014-04-06 22:00 - 2014-04-06 22:00 - 00000000 ____D () C:\Users\Schmidt\AppData\Roaming\Avira

2014-04-06 21:58 - 2014-04-06 21:58 - 00000000 ____D () C:\Program Files\Avira

2014-04-06 21:58 - 2014-02-25 11:41 - 00135648 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys

2014-04-06 21:58 - 2014-02-25 11:41 - 00090400 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys

2014-04-06 21:58 - 2014-02-25 11:41 - 00037352 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys

2014-04-06 21:58 - 2014-02-25 11:41 - 00028520 _____ (Avira GmbH) C:\Windows\system32\Drivers\ssmdrv.sys

2014-04-05 16:37 - 2014-04-07 16:58 - 00000000 ____D () C:\Users\Schmidt\AppData\Local\Deployment

2014-04-05 16:37 - 2014-04-06 22:11 - 00000000 ____D () C:\Users\Schmidt\AppData\Local\Apps\2.0

2014-03-28 23:01 - 2014-03-28 23:01 - 00000000 ____D () C:\ProgramData\AVerTV

2014-03-27 13:22 - 2014-03-27 13:22 - 00015592 _____ () C:\Users\Schmidt\Downloads\dokument_randziffern_2010.zip

2014-03-15 23:26 - 2012-11-29 08:05 - 00769024 _____ (AVerMedia TECHNOLOGIES, Inc.) C:\Windows\system32\Drivers\AVerAF35.sys

2014-03-15 23:20 - 2012-12-14 12:16 - 00000000 ____D () C:\Users\Schmidt\Downloads\A835_AP6.5.2.12120702_Drv8.2.x.64(8.0.x.65+2.3.x.28)

2014-03-15 23:18 - 2014-03-15 23:20 - 69272753 _____ () C:\Users\Schmidt\Downloads\A835_AP6.5.2.12120702_Drv8.2.x.64_121214.exe

2014-03-15 23:10 - 2014-03-15 23:11 - 02594368 _____ (AVerMedia TECHNOLOGIES, Inc.) C:\Users\Schmidt\Downloads\InstalDrv_A835_Win7_x86_V8.0.0.70_140114.exe

2014-03-14 11:32 - 2014-02-23 08:54 - 01767936 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2014-03-14 11:32 - 2014-02-23 08:54 - 01140736 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2014-03-14 11:32 - 2014-02-23 08:54 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2014-03-14 11:32 - 2014-02-23 08:53 - 14358016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-03-14 11:32 - 2014-02-23 08:53 - 13761024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2014-03-14 11:32 - 2014-02-23 08:53 - 02877952 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2014-03-14 11:32 - 2014-02-23 08:53 - 02049024 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2014-03-14 11:32 - 2014-02-23 08:53 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll

2014-03-14 11:32 - 2014-02-23 08:53 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2014-03-14 11:32 - 2014-02-23 08:53 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2014-03-14 11:32 - 2014-02-23 08:53 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2014-03-14 11:32 - 2014-02-23 08:53 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll

2014-03-14 11:32 - 2014-02-23 08:53 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2014-03-14 11:32 - 2014-02-23 08:53 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2014-03-14 11:32 - 2014-02-23 08:53 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2014-03-14 11:32 - 2014-02-23 08:31 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-03-14 11:32 - 2014-02-23 07:35 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe

2014-03-14 02:26 - 2014-02-07 03:07 - 02349056 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2014-03-14 02:26 - 2014-02-04 04:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll

2014-03-14 02:26 - 2014-02-04 04:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll

2014-03-14 02:26 - 2014-01-29 04:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll

2014-03-14 02:26 - 2014-01-28 04:07 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
 

==================== One Month Modified Files and Folders =======
 

2014-04-08 14:19 - 2014-04-08 10:34 - 00000000 ____D () C:\Users\Schmidt\Desktop\AntiVirenstuff

2014-04-08 14:19 - 2014-04-07 11:54 - 00000000 ____D () C:\FRST

2014-04-08 14:19 - 2013-02-27 11:49 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2014-04-08 14:15 - 2014-04-08 14:15 - 00987448 _____ () C:\Users\Schmidt\Downloads\SecurityCheck.exe

2014-04-08 14:15 - 2014-04-08 14:15 - 00987448 _____ () C:\Users\Schmidt\Desktop\SecurityCheck.exe

2014-04-08 14:09 - 2014-04-07 16:58 - 00001100 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-04-08 12:25 - 2014-04-08 12:25 - 00000000 ____D () C:\Program Files\ESET

2014-04-08 12:22 - 2014-04-08 12:22 - 02347384 _____ (ESET) C:\Users\Schmidt\Downloads\esetsmartinstaller_enu.exe

2014-04-08 12:22 - 2014-04-08 12:22 - 02347384 _____ (ESET) C:\Users\Schmidt\Desktop\esetsmartinstaller_enu.exe

2014-04-08 10:23 - 2010-03-23 13:44 - 01629444 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-04-07 17:09 - 2014-04-07 16:58 - 00001096 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-04-07 17:01 - 2011-11-14 22:29 - 00000000 ____D () C:\Users\Schmidt\Desktop\Blandat

2014-04-07 16:59 - 2012-08-27 15:40 - 00000000 ____D () C:\Program Files\Google

2014-04-07 16:58 - 2014-04-05 16:37 - 00000000 ____D () C:\Users\Schmidt\AppData\Local\Deployment

2014-04-07 16:50 - 2014-04-07 16:50 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google

2014-04-07 16:30 - 2014-04-07 16:30 - 00069240 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys

2014-04-07 16:30 - 2009-07-14 06:34 - 00017088 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-04-07 16:30 - 2009-07-14 06:34 - 00017088 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-04-07 15:03 - 2014-04-07 15:03 - 00000000 ____D () C:\Windows\ERUNT

2014-04-07 15:01 - 2014-04-07 15:01 - 01016261 _____ (Thisisu) C:\Users\Schmidt\Downloads\JRT.exe

2014-04-07 14:57 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-04-07 14:56 - 2010-03-23 13:35 - 01732292 ____N () C:\Windows\WindowsUpdate.log

2014-04-07 14:55 - 2014-04-07 14:52 - 00000000 ____D () C:\AdwCleaner

2014-04-07 14:51 - 2014-04-07 14:51 - 01426178 _____ () C:\Users\Schmidt\Downloads\adwcleaner.exe

2014-04-07 14:48 - 2014-04-07 13:05 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-04-07 13:07 - 2014-04-07 13:04 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware

2014-04-07 13:04 - 2014-04-07 13:04 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-04-07 13:03 - 2014-04-07 13:02 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\Schmidt\Downloads\mbam-setup-2.0.0.1000.exe

2014-04-07 12:03 - 2014-04-07 12:03 - 00380416 _____ () C:\Users\Schmidt\Downloads\Gmer-19357.exe

2014-04-07 11:51 - 2014-04-07 11:50 - 00000476 _____ () C:\Users\Schmidt\Downloads\defogger_disable.log

2014-04-07 11:50 - 2014-04-07 11:50 - 00000000 _____ () C:\Users\Schmidt\defogger_reenable

2014-04-07 11:50 - 2010-03-23 13:40 - 00000000 ____D () C:\Users\Schmidt

2014-04-07 11:49 - 2014-04-07 11:48 - 00050477 _____ () C:\Users\Schmidt\Downloads\Defogger.exe

2014-04-07 11:38 - 2014-03-05 16:24 - 00000000 ____D () C:\ProgramData\EPSON

2014-04-07 11:06 - 2010-12-04 20:23 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information

2014-04-07 11:05 - 2010-12-04 19:51 - 00000000 ____D () C:\Windows\Driver Cache

2014-04-06 22:11 - 2014-04-05 16:37 - 00000000 ____D () C:\Users\Schmidt\AppData\Local\Apps\2.0

2014-04-06 22:10 - 2011-12-08 15:44 - 00000000 ____D () C:\Users\Schmidt\AppData\Local\Google

2014-04-06 22:00 - 2014-04-06 22:00 - 00000000 ____D () C:\Users\Schmidt\AppData\Roaming\Avira

2014-04-06 21:58 - 2014-04-06 21:58 - 00000000 ____D () C:\Program Files\Avira

2014-04-06 21:58 - 2013-08-07 12:43 - 00000000 ____D () C:\ProgramData\Avira

2014-04-06 21:44 - 2009-07-14 06:52 - 00000000 ____D () C:\Windows\system32\FxsTmp

2014-04-06 21:40 - 2013-05-03 17:49 - 00000000 ____D () C:\Users\Schmidt\Documents\Citavi 4

2014-04-06 21:30 - 2013-05-03 17:47 - 00000000 ____D () C:\Users\Schmidt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Citavi 4

2014-04-06 21:30 - 2013-04-12 14:47 - 00000000 ____D () C:\Users\Administrator

2014-04-06 21:30 - 2012-07-25 00:02 - 00000000 ____D () C:\Users\Schmidt\AppData\Roaming\vlc

2014-04-06 21:30 - 2012-07-25 00:02 - 00000000 ____D () C:\Users\Schmidt\AppData\Roaming\dvdcss

2014-04-06 21:30 - 2010-03-23 13:40 - 00000000 ___RD () C:\Users\Schmidt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance

2014-04-06 21:30 - 2010-03-23 13:40 - 00000000 ___RD () C:\Users\Schmidt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories

2014-04-06 21:30 - 2009-07-14 11:14 - 00000000 ___RD () C:\Users\Public\Recorded TV

2014-04-06 21:30 - 2009-07-14 04:37 - 00000000 ___HD () C:\Windows\system32\GroupPolicy

2014-04-06 21:30 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\wfp

2014-04-06 21:30 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\registration

2014-04-06 21:30 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\AppCompat

2014-04-06 13:10 - 2010-04-24 15:37 - 00000000 ____D () C:\Windows\Minidump

2014-04-03 09:51 - 2014-04-07 13:04 - 00073432 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2014-04-03 09:51 - 2014-04-07 13:04 - 00051416 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2014-04-03 09:50 - 2014-04-07 13:04 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2014-04-02 11:01 - 2013-10-23 15:12 - 00000000 _____ () C:\Users\Schmidt\juraerror.log

2014-03-28 23:01 - 2014-03-28 23:01 - 00000000 ____D () C:\ProgramData\AVerTV

2014-03-27 13:23 - 2011-09-02 15:38 - 00018940 _____ () C:\Users\Schmidt\Desktop\dokument_randziffern_2010.dotx

2014-03-27 13:22 - 2014-03-27 13:22 - 00015592 _____ () C:\Users\Schmidt\Downloads\dokument_randziffern_2010.zip

2014-03-25 00:38 - 2010-12-04 22:41 - 00000064 _____ () C:\Windows\AVerText.ini

2014-03-20 11:40 - 2013-07-14 09:44 - 00000000 ____D () C:\Windows\system32\MRT

2014-03-20 11:33 - 2010-03-23 14:04 - 87350280 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2014-03-15 23:20 - 2014-03-15 23:18 - 69272753 _____ () C:\Users\Schmidt\Downloads\A835_AP6.5.2.12120702_Drv8.2.x.64_121214.exe

2014-03-15 23:11 - 2014-03-15 23:10 - 02594368 _____ (AVerMedia TECHNOLOGIES, Inc.) C:\Users\Schmidt\Downloads\InstalDrv_A835_Win7_x86_V8.0.0.70_140114.exe

2014-03-15 14:10 - 2010-03-23 13:31 - 00000000 ____D () C:\Windows\Panther

2014-03-14 15:42 - 2009-07-14 06:33 - 00418768 _____ () C:\Windows\system32\FNTCACHE.DAT

2014-03-14 15:41 - 2013-01-02 01:48 - 00000000 ____D () C:\Program Files\Microsoft Silverlight

2014-03-14 11:31 - 2010-03-23 13:54 - 00000000 ____D () C:\ProgramData\Microsoft Help

2014-03-12 13:19 - 2013-02-27 11:49 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe

2014-03-12 13:19 - 2013-02-27 11:49 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
 

Files to move or delete:

====================

C:\Users\Vpn Client\vpnclient-win-msi-5.0.06.0110-k9.exe
 
 

Some content of TEMP:

====================

C:\Users\Administrator\AppData\Local\Temp\avgnt.exe

C:\Users\Schmidt\AppData\Local\Temp\avgnt.exe

C:\Users\Schmidt\AppData\Local\Temp\Quarantine.exe
 
 

==================== Bamital & volsnap Check =================
 

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\system32\winlogon.exe => MD5 is legit

C:\Windows\system32\wininit.exe => MD5 is legit

C:\Windows\system32\svchost.exe => MD5 is legit

C:\Windows\system32\services.exe => MD5 is legit

C:\Windows\system32\User32.dll => MD5 is legit

C:\Windows\system32\userinit.exe => MD5 is legit

C:\Windows\system32\rpcss.dll => MD5 is legit

C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit
 
 

LastRegBack: 2014-03-31 13:58
 

==================== End Of Log ============================

--- --- ---

Flash und Adobe updaten.

Fertig :)

Die Reihenfolge ist hier entscheidend.

Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
- Windowstaste + R > Combofix /Uninstall (eingeben) > OK
- Alternative: Combofix.exe in uninstall.exe umbenennen und starten
- Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
Downloade Dir bitte auf jeden Fall DelFix auf deinen Desktop:
- Schließe alle offenen Programme.
- Starte die delfix.exe mit einem Doppelklick.
- Setze vor jede Funktion ein Häkchen.
- Klicke auf Start.
- Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
- Starte deinen Rechner abschließend neu.
Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.

Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun :)

Hier noch ein paar Tipps zur Absicherung deines Systems.

Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.

Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
Windows Updates
- Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
- Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
Gehe sicher das die automatischen Updates aktiviert sind.
Software Updates
Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.

Anti- Viren Software

Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.

Zusätzlicher Schutz

MalwareBytes Anti Malware
Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
Ein Tutorial zur Verwendung findest Du hier.
WinPatrol
Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.

Sicheres Browsen

SpywareBlaster
Eine kurze Einführung findest du Hier
MVPs hosts file
Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
WOT (Web of trust)
Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.

Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.

Opera
Mozilla Firefox.
- Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
- NoScript
  Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
- AdblockPlus
  Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
  Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )

Don'ts

Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe

Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.

Hallo Schrauber,

so, habe alles wie beschrieben erledigt! Vielen Dank nochmal für die Hilfe!!!!:applaus::dankeschoen: