Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Babylon-Toolbar, BProtect-D und andere Schädlinge werde ich nicht los (https://www.trojaner-board.de/156503-babylon-toolbar-bprotect-d-andere-schaedlinge-los.html)

Teabone 16.07.2014 10:05
Babylon-Toolbar, BProtect-D und andere Schädlinge werde ich nicht los
 
Hallo liebe Helfer,

schon seit längerem ist irgendwie die Babylon Toolbar auf meinen Rechner gelangt und ich hatte das Gefühl der Rechner wird langsamer. Da jedoch Antivir mir auch bei Scans keine Schädlingssoftware gemeldet hat, habe ich das Problem zunächst ignoriert. Nun nach einer längeren Zeit, in dem ich den Rechner nicht genutzt habe ist die Lizenz abgelaufen und ich habe avast! installiert, welcher bei dem ersten boot-scan eine ganze reihe verschiedener Schädlingssoftware entdeckt hat, aber nicht bereinigen konnte (Win32:BProtect-D, TR Dropper.Gen, PUP-...) etc.

Könnt Ihr mir bitte helfen meinen Rechner wieder Virenfrei zu machen und mich effektiv zu schützen?

Anbei die Logs:

FRST.txt
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:15-07-2014 01
Ran by Cas (administrator) on CAS-PC on 16-07-2014 10:29:33
Running from C:\Users\Cas\Desktop
Platform: Microsoft® Windows Vista™ Ultimate  (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 7
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\System32\atiesrxx.exe
(Microsoft Corporation) C:\Windows\System32\audiodg.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Cisco Systems, Inc.) C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(pdfforge GmbH) C:\Program Files\PDF Architect\HelperService.exe
(Nullsoft, Inc.) C:\Program Files\Winamp\winampa.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(pdfforge GmbH) C:\Program Files\PDF Architect\ConversionService.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\Update\realsched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Cisco Systems, Inc.) C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Spotify Ltd) C:\Users\Cas\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
() C:\Windows\System32\PSIService.exe
() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
() C:\Users\Cas\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmplayer.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\tv_w32.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(MAGIX AG) C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
() C:\Users\Cas\Desktop\Defogger.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1006264 2012-09-14] (Microsoft Corporation)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [946352 2012-12-03] (Adobe Systems Incorporated)
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [343168 2011-10-12] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [WinampAgent] => C:\Program Files\Winamp\winampa.exe [74752 2012-06-20] (Nullsoft, Inc.)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [1603152 2007-04-03] (CANON INC.)
HKLM\...\Run: [TrayServer] => C:\Program Files\MAGIX\Video_deluxe_MX_Plus_Sonderedition\TrayServer_de.exe [90112 2008-08-07] (MAGIX AG)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
HKLM\...\Run: [Ocs_SM] => C:\Users\Cas\AppData\Roaming\OCS\SM\SearchAnonymizer.exe [106496 2012-11-17] (OCS)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM\...\Run: [TkBellExe] => C:\Program Files\Real\RealPlayer\Update\realsched.exe [295512 2013-03-21] (RealNetworks, Inc.)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [345144 2013-07-29] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [703888 2013-06-19] (Cisco Systems, Inc.)
HKLM\...\Run: [Avira Systray] => C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe [189520 2014-07-07] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM\...\Run: [MRT] => C:\Windows\system32\MRT.exe [93585272 2014-06-26] (Microsoft Corporation)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4086432 2014-07-16] (AVAST Software)
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-1399156017-4130152259-970843329-1000\...\Run: [Steam] => D:\Programme\Steam\steam.exe [1811880 2013-08-28] (Valve Corporation)
HKU\S-1-5-21-1399156017-4130152259-970843329-1000\...\Run: [Spotify Web Helper] => C:\Users\Cas\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1178168 2014-07-16] (Spotify Ltd)
HKU\S-1-5-21-1399156017-4130152259-970843329-1000\...\Run: [Spotify] => C:\Users\Cas\AppData\Roaming\Spotify\spotify.exe [6162488 2014-07-16] (Spotify Ltd)
HKU\S-1-5-21-1399156017-4130152259-970843329-1000\...\MountPoints2: K - K:\Setup.exe
HKU\S-1-5-21-1399156017-4130152259-970843329-1000\...\MountPoints2: {6dca9c0c-0590-11e2-a489-0022159f3420} - J:\SETUP.EXE
HKU\S-1-5-21-1399156017-4130152259-970843329-1000\...\MountPoints2: {6dca9c14-0590-11e2-a489-0022159f3420} - K:\Setup.exe
Startup: C:\Users\Cas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Cas\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.babylon.com/?affID=109727&tt=4612_8&babsrc=HP_ss&mntrId=e49a2a8e000000000000002215a12c88
HKCU\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://search.babylon.com/?affID=109727&tt=4612_8&babsrc=HP_ss&mntrId=e49a2a8e000000000000002215a12c88
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
SearchScopes: HKCU - DefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://search.babylon.com/?q={searchTerms}&affID=109727&tt=4612_8&babsrc=SP_ss&mntrId=e49a2a8e000000000000002215a12c88
SearchScopes: HKCU - bProtectorDefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.live.com.anonymize-me.de/?anonymto=687474703A2F2F7365617263682E6C6976652E636F6D2F726573756C74732E617370783F713D7B7365617263685465726D737D267372633D7B72656665727265723A736F757263653F7D&st={searchTerms}&clid=2b1589ca-6f97-451f-8387-9d9cadf50515&pid=fotofreeware&k=0
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://search.babylon.com/?q={searchTerms}&affID=109727&tt=4612_8&babsrc=SP_ss&mntrId=e49a2a8e000000000000002215a12c88
SearchScopes: HKCU - {8B9C785E-E8BC-44E4-84A2-75445A337DE0} URL = hxxp://www.amazon.de.anonymize-me.de/?to=616D617A6F6E2E6465&st={searchTerms}&clid=2b1589ca-6f97-451f-8387-9d9cadf50515&pid=fotofreeware&mode=bounce&k=0
SearchScopes: HKCU - {8C13D732-90BE-4CE9-9F57-E927CE15A13D} URL = hxxp://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=2b1589ca-6f97-451f-8387-9d9cadf50515&pid=fotofreeware&mode=bounce&k=0
SearchScopes: HKCU - {99BE2E78-9F23-4B08-805A-949F9DAEBD33} URL = hxxp://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=2b1589ca-6f97-451f-8387-9d9cadf50515&pid=fotofreeware&mode=bounce&k=0
SearchScopes: HKCU - {A1170089-D498-429F-9992-91C1AD86ED9D} URL = hxxp://search.ebay.de.anonymize-me.de/?to=656261792E6465&st={searchTerms}&clid=2b1589ca-6f97-451f-8387-9d9cadf50515&pid=fotofreeware&mode=bounce&k=0
SearchScopes: HKCU - {B84E8222-9DC4-4CF0-AB73-9013E1247EA8} URL = hxxp://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=2b1589ca-6f97-451f-8387-9d9cadf50515&pid=fotofreeware&mode=bounce&k=0
SearchScopes: HKCU - {FA422BE7-39E3-4096-AE5D-A6015A9DDD23} URL = hxxp://de.wikipedia.org.anonymize-me.de/?to=64652E77696B6970656469612E6F7267&st={searchTerms}&clid=2b1589ca-6f97-451f-8387-9d9cadf50515&pid=fotofreeware&mode=bounce&k=0
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO: PDF Architect Helper -> {3A2D5EBA-F86D-4BD3-A177-019765996711} -> C:\Program Files\PDF Architect\PDFIEHelper.dll (pdfforge GmbH)
BHO: SwissAcademic.Citavi.Picker.IEPicker -> {609D670F-B735-4da7-AC6D-F3BD358E325E} -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - No Name - {98889811-442D-49dd-99D7-DC866BE87DBC} -  No File
Toolbar: HKLM - PDF Architect Toolbar - {25A3A431-30BB-47C8-AD6A-E1063801134F} - C:\Program Files\PDF Architect\PDFIEPlugin.dll (pdfforge GmbH)
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Winsock: Catalog9 01 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 02 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 03 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 04 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 05 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 06 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 07 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 08 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 19 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Cas\AppData\Roaming\Mozilla\Firefox\Profiles\8ka7i0u3.default
FF Homepage: hxxp://search.babylon.com/?affID=109727&tt=4612_8&babsrc=HP_ss&mntrId=e49a2a8e000000000000002215a12c88
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin: @java.com/DTPlugin,version=10.15.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.15.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=16.0.1.18 - C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=16.0.1.18 - C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin: @videolan.org/vlc,version=2.0.3 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF user.js: detected! => C:\Users\Cas\AppData\Roaming\Mozilla\Firefox\Profiles\8ka7i0u3.default\user.js
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npmieze.dll (InfiniAd GmbH)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpplugin.dll (RealPlayer)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.)
FF SearchPlugin: C:\Users\Cas\AppData\Roaming\Mozilla\Firefox\Profiles\8ka7i0u3.default\searchplugins\11-suche.xml
FF SearchPlugin: C:\Users\Cas\AppData\Roaming\Mozilla\Firefox\Profiles\8ka7i0u3.default\searchplugins\babylon.xml
FF SearchPlugin: C:\Users\Cas\AppData\Roaming\Mozilla\Firefox\Profiles\8ka7i0u3.default\searchplugins\duckduckgo.xml
FF SearchPlugin: C:\Users\Cas\AppData\Roaming\Mozilla\Firefox\Profiles\8ka7i0u3.default\searchplugins\englische-ergebnisse.xml
FF SearchPlugin: C:\Users\Cas\AppData\Roaming\Mozilla\Firefox\Profiles\8ka7i0u3.default\searchplugins\firefox-add-ons.xml
FF SearchPlugin: C:\Users\Cas\AppData\Roaming\Mozilla\Firefox\Profiles\8ka7i0u3.default\searchplugins\gmx-suche.xml
FF SearchPlugin: C:\Users\Cas\AppData\Roaming\Mozilla\Firefox\Profiles\8ka7i0u3.default\searchplugins\lastminute.xml
FF SearchPlugin: C:\Users\Cas\AppData\Roaming\Mozilla\Firefox\Profiles\8ka7i0u3.default\searchplugins\webde-suche.xml
FF SearchPlugin: C:\Users\Cas\AppData\Roaming\Mozilla\Firefox\Profiles\8ka7i0u3.default\searchplugins\{8183CA04-D4D3-4322-9980-6E4BC4CC809E}.xml
FF SearchPlugin: C:\Users\Cas\AppData\Roaming\Mozilla\Firefox\Profiles\8ka7i0u3.default\searchplugins\{94701381-8CAB-4F73-9A01-6CD89B94FB6F}.xml
FF SearchPlugin: C:\Users\Cas\AppData\Roaming\Mozilla\Firefox\Profiles\8ka7i0u3.default\searchplugins\{9AE7E708-1DC8-4294-81E4-AD0BECFC4EF0}.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Preispilot - C:\Users\Cas\AppData\Roaming\Mozilla\Firefox\Profiles\8ka7i0u3.default\Extensions\extension@preispilot.com [2012-11-18]
FF Extension: FireJump - C:\Users\Cas\AppData\Roaming\Mozilla\Firefox\Profiles\8ka7i0u3.default\Extensions\firejump@firejump.net [2012-11-17]
FF Extension: Google Search by Image - C:\Users\Cas\AppData\Roaming\Mozilla\Firefox\Profiles\8ka7i0u3.default\Extensions\google@hitachi.com [2013-01-05]
FF Extension: ProxTube - Unblock YouTube - C:\Users\Cas\AppData\Roaming\Mozilla\Firefox\Profiles\8ka7i0u3.default\Extensions\ich@maltegoetz.de [2014-07-16]
FF Extension: No Name - C:\Users\Cas\AppData\Roaming\Mozilla\Firefox\Profiles\8ka7i0u3.default\Extensions\staged [2013-04-22]
FF Extension: WEB.DE MailCheck - C:\Users\Cas\AppData\Roaming\Mozilla\Firefox\Profiles\8ka7i0u3.default\Extensions\toolbar@web.de [2014-07-16]
FF Extension: All-in-One Sidebar - C:\Users\Cas\AppData\Roaming\Mozilla\Firefox\Profiles\8ka7i0u3.default\Extensions\{097d3191-e6fa-4728-9826-b533d755359d} [2013-08-05]
FF Extension: Go To Google - C:\Users\Cas\AppData\Roaming\Mozilla\Firefox\Profiles\8ka7i0u3.default\Extensions\{BCC877E7-7F3F-4632-8338-DAEE4475DE35} [2013-01-01]
FF Extension: Easy YouTube Video Downloader - C:\Users\Cas\AppData\Roaming\Mozilla\Firefox\Profiles\8ka7i0u3.default\Extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b} [2013-08-03]
FF Extension: Adblock Plus - C:\Users\Cas\AppData\Roaming\Mozilla\Firefox\Profiles\8ka7i0u3.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2014-07-09]
FF Extension: New Tab King - C:\Users\Cas\AppData\Roaming\Mozilla\Firefox\Profiles\8ka7i0u3.default\Extensions\{FC5BAC7D-D696-4ba6-B913-CF8F000C33DF} [2014-07-16]
FF Extension: Preispilot - C:\Users\Cas\AppData\Roaming\Mozilla\Firefox\Profiles\8ka7i0u3.default\Extensions\extension@preispilot.com.xpi [2012-11-18]
FF Extension: Google Search by Image - C:\Users\Cas\AppData\Roaming\Mozilla\Firefox\Profiles\8ka7i0u3.default\Extensions\google@hitachi.com.xpi [2013-01-05]
FF Extension: All-in-One Sidebar - C:\Users\Cas\AppData\Roaming\Mozilla\Firefox\Profiles\8ka7i0u3.default\Extensions\{097d3191-e6fa-4728-9826-b533d755359d}.xpi [2012-09-23]
FF Extension: NoScript - C:\Users\Cas\AppData\Roaming\Mozilla\Firefox\Profiles\8ka7i0u3.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2013-04-16]
FF Extension: Go To Google - C:\Users\Cas\AppData\Roaming\Mozilla\Firefox\Profiles\8ka7i0u3.default\Extensions\{BCC877E7-7F3F-4632-8338-DAEE4475DE35}.xpi [2013-01-01]
FF Extension: Easy YouTube Video Downloader - C:\Users\Cas\AppData\Roaming\Mozilla\Firefox\Profiles\8ka7i0u3.default\Extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi [2013-03-23]
FF Extension: Adblock Plus - C:\Users\Cas\AppData\Roaming\Mozilla\Firefox\Profiles\8ka7i0u3.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-02-14]
FF Extension: DownThemAll! - C:\Users\Cas\AppData\Roaming\Mozilla\Firefox\Profiles\8ka7i0u3.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2012-09-23]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2012-09-19]
FF HKLM\...\Firefox\Extensions: [{8AA36F4F-6DC7-4c06-77AF-5035170634FE}] - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox
FF Extension: Citavi Picker - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2012-09-26]
FF HKLM\...\Firefox\Extensions: [{DAC3F861-B30D-40dd-9166-F4E75327FAC7}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-03-21]
FF HKLM\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files\PDF Architect\FFPDFArchitectExt [2013-05-07]
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKCU\...\Firefox\Extensions: [extension@preispilot.com] - C:\Users\Cas\AppData\Roaming\Mozilla\Firefox\Profiles\8ka7i0u3.default\extensions\extension@preispilot.com
FF HKCU\...\Firefox\Extensions: [firejump@firejump.net] - C:\Users\Cas\AppData\Roaming\Mozilla\Firefox\Profiles\8ka7i0u3.default\extensions\firejump@firejump.net

========================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [84024 2013-07-29] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [108088 2013-07-29] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [589368 2013-07-29] (Avira Operations GmbH & Co. KG)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-07-16] (AVAST Software)
R2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [141392 2014-07-07] (Avira Operations GmbH & Co. KG)
R2 Fabs; C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe [1840128 2011-05-24] (MAGIX AG) [File not signed]
S3 FirebirdServerMAGIXInstance; C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe [2702848 2011-04-26] (MAGIX®) [File not signed]
R2 PDF Architect Helper Service; C:\Program Files\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
R2 PDF Architect Service; C:\Program Files\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
R2 ProtexisLicensing; C:\Windows\system32\PSIService.exe [174656 2006-11-02] () [File not signed]
R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-03-06] ()
R2 SearchAnonymizer; C:\Users\Cas\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe [40960 2012-11-17] () [File not signed]
R2 vpnagent; C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [557968 2013-06-19] (Cisco Systems, Inc.)

==================== Drivers (Whitelisted) ====================

S3 acsint; C:\Windows\System32\DRIVERS\acsint.sys [39888 2013-06-19] (Cisco Systems, Inc.)
S3 acsmux; C:\Windows\System32\DRIVERS\acsmux.sys [58320 2013-06-19] (Cisco Systems, Inc.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-07-16] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-07-16] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [55112 2014-07-16] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-07-16] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [779536 2014-07-16] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [414520 2014-07-16] (AVAST Software)
R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [57800 2014-07-16] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [192352 2014-07-16] ()
R3 AtiHDAudioService; C:\Windows\System32\drivers\AtihdLH3.sys [75776 2013-01-15] (Advanced Micro Devices)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [84744 2013-07-29] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135136 2013-07-29] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-07-29] (Avira Operations GmbH & Co. KG)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [242240 2012-09-23] (DT Soft Ltd)
S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [14216 2011-07-29] () [File not signed]
S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [8456 2011-07-29] () [File not signed]
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [5810 2004-08-13] ()
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [16472 2010-04-09] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [11104 2010-04-09] ()
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-07-29] (Avira GmbH)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 HTCAND32; System32\Drivers\ANDROIDUSB.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S1 xuxibnch; \??\C:\Windows\system32\drivers\xuxibnch.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-07-16 10:29 - 2014-07-16 10:29 - 00026638 _____ () C:\Users\Cas\Desktop\FRST.txt
2014-07-16 10:28 - 2014-07-16 10:29 - 00000000 ____D () C:\FRST
2014-07-16 10:28 - 2014-07-16 10:28 - 01077248 _____ (Farbar) C:\Users\Cas\Desktop\FRST.exe
2014-07-16 10:27 - 2014-07-16 10:27 - 00000538 _____ () C:\Users\Cas\Desktop\defogger_disable.log
2014-07-16 10:27 - 2014-07-16 10:27 - 00000148 _____ () C:\Users\Cas\defogger_reenable
2014-07-16 10:26 - 2014-07-16 10:26 - 00050477 _____ () C:\Users\Cas\Desktop\Defogger.exe
2014-07-16 09:12 - 2014-07-16 09:12 - 00414520 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-07-16 09:12 - 2014-07-16 09:12 - 00001879 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-07-16 09:12 - 2014-07-16 09:12 - 00000000 ____D () C:\Users\Cas\AppData\Roaming\AVAST Software
2014-07-16 09:12 - 2014-07-16 09:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-07-16 09:12 - 2014-07-16 09:11 - 00779536 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-07-16 09:12 - 2014-07-16 09:11 - 00276432 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-07-16 09:12 - 2014-07-16 09:11 - 00192352 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-07-16 09:12 - 2014-07-16 09:11 - 00067824 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-07-16 09:12 - 2014-07-16 09:11 - 00057800 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2014-07-16 09:12 - 2014-07-16 09:11 - 00055112 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr.sys
2014-07-16 09:12 - 2014-07-16 09:11 - 00049944 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-07-16 09:12 - 2014-07-16 09:11 - 00024184 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-07-16 09:11 - 2014-07-16 09:11 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-07-16 09:11 - 2014-07-16 09:11 - 00000000 ____D () C:\Program Files\AVAST Software
2014-07-16 09:09 - 2014-07-16 09:11 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-07-16 09:08 - 2014-07-16 09:09 - 91906368 _____ (AVAST Software) C:\Users\Cas\Downloads\avast_free_antivirus_setup_9_0_2021.exe
2014-07-09 13:16 - 2014-07-09 13:16 - 00000000 ____D () C:\Users\Cas\AppData\Local\Apple Computer
2014-07-09 13:13 - 2014-07-16 08:33 - 00000000 ____D () C:\Users\Cas\AppData\Roaming\Apple Computer
2014-07-09 11:44 - 2014-07-09 11:45 - 00000000 ____D () C:\Program Files\QuickTime
2014-07-09 11:44 - 2014-07-09 11:44 - 00001732 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk
2014-07-09 11:44 - 2014-07-09 11:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2014-07-09 11:44 - 2014-07-09 11:44 - 00000000 ____D () C:\ProgramData\Apple Computer
2014-07-09 11:43 - 2014-07-09 11:43 - 00001830 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2014-07-09 11:43 - 2014-07-09 11:43 - 00000000 ____D () C:\Users\Cas\AppData\Local\Apple
2014-07-09 11:43 - 2014-07-09 11:43 - 00000000 ____D () C:\ProgramData\Apple
2014-07-09 11:43 - 2014-07-09 11:43 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-07-09 11:43 - 2014-07-09 11:43 - 00000000 ____D () C:\Program Files\Apple Software Update
2014-07-09 11:35 - 2014-07-09 11:36 - 41945432 _____ (Apple Inc.) C:\Users\Cas\Downloads\QuickTimeInstaller.exe
2014-07-09 10:47 - 2014-07-09 10:47 - 00001008 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-07-09 10:47 - 2014-07-09 10:47 - 00000000 ____D () C:\ProgramData\Package Cache
2014-07-09 10:46 - 2014-07-09 10:46 - 04621032 _____ (Avira Operations GmbH & Co. KG) C:\Users\Cas\Downloads\avira_de_av_4082828851__ws.exe
2014-07-09 10:40 - 2014-07-16 10:18 - 00000000 ____D () C:\Users\Cas\AppData\Roaming\DropboxMaster

==================== One Month Modified Files and Folders =======

2014-07-16 10:29 - 2014-07-16 10:29 - 00026638 _____ () C:\Users\Cas\Desktop\FRST.txt
2014-07-16 10:29 - 2014-07-16 10:28 - 00000000 ____D () C:\FRST
2014-07-16 10:28 - 2014-07-16 10:28 - 01077248 _____ (Farbar) C:\Users\Cas\Desktop\FRST.exe
2014-07-16 10:27 - 2014-07-16 10:27 - 00000538 _____ () C:\Users\Cas\Desktop\defogger_disable.log
2014-07-16 10:27 - 2014-07-16 10:27 - 00000148 _____ () C:\Users\Cas\defogger_reenable
2014-07-16 10:27 - 2012-09-13 23:06 - 00000000 ____D () C:\Users\Cas
2014-07-16 10:26 - 2014-07-16 10:26 - 00050477 _____ () C:\Users\Cas\Desktop\Defogger.exe
2014-07-16 10:23 - 2006-11-02 12:33 - 01461736 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-16 10:22 - 2012-11-03 17:59 - 00000000 ____D () C:\Users\Cas\AppData\Roaming\Spotify
2014-07-16 10:22 - 2006-11-02 14:51 - 01188837 _____ () C:\Windows\WindowsUpdate.log
2014-07-16 10:20 - 2012-11-04 18:36 - 00000000 ____D () C:\Users\Cas\AppData\Roaming\Dropbox
2014-07-16 10:18 - 2014-07-09 10:40 - 00000000 ____D () C:\Users\Cas\AppData\Roaming\DropboxMaster
2014-07-16 10:17 - 2006-11-02 14:46 - 00003936 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-16 10:17 - 2006-11-02 14:46 - 00003936 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-16 10:16 - 2012-09-19 16:37 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-07-16 10:16 - 2006-11-02 15:00 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-16 09:57 - 2012-09-19 16:49 - 00000000 ____D () C:\Users\Cas\AppData\Roaming\loadtbs
2014-07-16 09:17 - 2006-11-02 15:00 - 00032606 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-07-16 09:12 - 2014-07-16 09:12 - 00414520 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-07-16 09:12 - 2014-07-16 09:12 - 00001879 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-07-16 09:12 - 2014-07-16 09:12 - 00000000 ____D () C:\Users\Cas\AppData\Roaming\AVAST Software
2014-07-16 09:12 - 2014-07-16 09:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-07-16 09:11 - 2014-07-16 09:12 - 00779536 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-07-16 09:11 - 2014-07-16 09:12 - 00276432 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-07-16 09:11 - 2014-07-16 09:12 - 00192352 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-07-16 09:11 - 2014-07-16 09:12 - 00067824 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-07-16 09:11 - 2014-07-16 09:12 - 00057800 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2014-07-16 09:11 - 2014-07-16 09:12 - 00055112 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr.sys
2014-07-16 09:11 - 2014-07-16 09:12 - 00049944 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-07-16 09:11 - 2014-07-16 09:12 - 00024184 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-07-16 09:11 - 2014-07-16 09:11 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-07-16 09:11 - 2014-07-16 09:11 - 00000000 ____D () C:\Program Files\AVAST Software
2014-07-16 09:11 - 2014-07-16 09:09 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-07-16 09:09 - 2014-07-16 09:08 - 91906368 _____ (AVAST Software) C:\Users\Cas\Downloads\avast_free_antivirus_setup_9_0_2021.exe
2014-07-16 08:50 - 2013-04-17 18:12 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-16 08:43 - 2012-11-04 19:14 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-07-16 08:38 - 2013-07-11 08:31 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-16 08:37 - 2012-11-03 17:59 - 00000000 ____D () C:\Users\Cas\AppData\Local\Spotify
2014-07-16 08:37 - 2012-09-23 17:39 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-07-16 08:37 - 2012-09-23 17:39 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-07-16 08:36 - 2012-09-13 23:06 - 00001356 _____ () C:\Users\Cas\AppData\Local\d3d9caps.dat
2014-07-16 08:34 - 2012-09-19 17:54 - 00000000 ____D () C:\Program Files\Common Files\Steam
2014-07-16 08:33 - 2014-07-09 13:13 - 00000000 ____D () C:\Users\Cas\AppData\Roaming\Apple Computer
2014-07-09 16:02 - 2012-09-23 20:09 - 00000000 ____D () C:\Users\Cas\AppData\Roaming\vlc
2014-07-09 13:16 - 2014-07-09 13:16 - 00000000 ____D () C:\Users\Cas\AppData\Local\Apple Computer
2014-07-09 11:45 - 2014-07-09 11:44 - 00000000 ____D () C:\Program Files\QuickTime
2014-07-09 11:44 - 2014-07-09 11:44 - 00001732 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk
2014-07-09 11:44 - 2014-07-09 11:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2014-07-09 11:44 - 2014-07-09 11:44 - 00000000 ____D () C:\ProgramData\Apple Computer
2014-07-09 11:43 - 2014-07-09 11:43 - 00001830 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2014-07-09 11:43 - 2014-07-09 11:43 - 00000000 ____D () C:\Users\Cas\AppData\Local\Apple
2014-07-09 11:43 - 2014-07-09 11:43 - 00000000 ____D () C:\ProgramData\Apple
2014-07-09 11:43 - 2014-07-09 11:43 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-07-09 11:43 - 2014-07-09 11:43 - 00000000 ____D () C:\Program Files\Apple Software Update
2014-07-09 11:36 - 2014-07-09 11:35 - 41945432 _____ (Apple Inc.) C:\Users\Cas\Downloads\QuickTimeInstaller.exe
2014-07-09 10:47 - 2014-07-09 10:47 - 00001008 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-07-09 10:47 - 2014-07-09 10:47 - 00000000 ____D () C:\ProgramData\Package Cache
2014-07-09 10:47 - 2013-07-29 18:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-07-09 10:47 - 2013-07-29 18:41 - 00000000 ____D () C:\ProgramData\Avira
2014-07-09 10:47 - 2013-07-29 18:41 - 00000000 ____D () C:\Program Files\Avira
2014-07-09 10:46 - 2014-07-09 10:46 - 04621032 _____ (Avira Operations GmbH & Co. KG) C:\Users\Cas\Downloads\avira_de_av_4082828851__ws.exe
2014-07-09 10:40 - 2012-11-04 18:39 - 00000919 _____ () C:\Users\Cas\Desktop\Dropbox.lnk
2014-07-09 10:40 - 2012-11-04 18:37 - 00000000 ____D () C:\Users\Cas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-06-26 17:38 - 2006-11-02 12:24 - 93585272 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe

Files to move or delete:
====================
C:\Users\Cas\AccessibleMarshal.dll
C:\Users\Cas\crashreporter.exe
C:\Users\Cas\D3DCompiler_43.dll
C:\Users\Cas\d3dx9_43.dll
C:\Users\Cas\freebl3.dll
C:\Users\Cas\gkmedias.dll
C:\Users\Cas\libEGL.dll
C:\Users\Cas\libGLESv2.dll
C:\Users\Cas\maintenanceservice.exe
C:\Users\Cas\maintenanceservice_installer.exe
C:\Users\Cas\MapiProxy.dll
C:\Users\Cas\MapiProxy_InUse.dll
C:\Users\Cas\mozalloc.dll
C:\Users\Cas\mozglue.dll
C:\Users\Cas\mozjs.dll
C:\Users\Cas\mozMapi32.dll
C:\Users\Cas\mozMapi32_InUse.dll
C:\Users\Cas\mozsqlite3.dll
C:\Users\Cas\msvcp100.dll
C:\Users\Cas\msvcr100.dll
C:\Users\Cas\nsldap32v60.dll
C:\Users\Cas\nsldappr32v60.dll
C:\Users\Cas\nsldif32v60.dll
C:\Users\Cas\nspr4.dll
C:\Users\Cas\nss3.dll
C:\Users\Cas\nssckbi.dll
C:\Users\Cas\nssdbm3.dll
C:\Users\Cas\nssutil3.dll
C:\Users\Cas\plc4.dll
C:\Users\Cas\plds4.dll
C:\Users\Cas\plugin-container.exe
C:\Users\Cas\smime3.dll
C:\Users\Cas\softokn3.dll
C:\Users\Cas\ssl3.dll
C:\Users\Cas\thunderbird.exe
C:\Users\Cas\updater.exe
C:\Users\Cas\WSEnable.exe
C:\Users\Cas\xpcom.dll
C:\Users\Cas\xul.dll


Some content of TEMP:
====================
C:\Users\Cas\AppData\Local\Temp\AskSLib.dll
C:\Users\Cas\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmprntn8o.dll
C:\Users\Cas\AppData\Local\Temp\fp_pl_pfs_installer-1.exe
C:\Users\Cas\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\Cas\AppData\Local\Temp\JavaIC.dll
C:\Users\Cas\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\Cas\AppData\Local\Temp\msscct32.dll
C:\Users\Cas\AppData\Local\Temp\stubhelper.dll
C:\Users\Cas\AppData\Local\Temp\tmp1074.exe
C:\Users\Cas\AppData\Local\Temp\tmp1776.exe
C:\Users\Cas\AppData\Local\Temp\tmp1BE9.exe
C:\Users\Cas\AppData\Local\Temp\tmp3513.exe
C:\Users\Cas\AppData\Local\Temp\tmp3A12.exe
C:\Users\Cas\AppData\Local\Temp\tmp48D2.exe
C:\Users\Cas\AppData\Local\Temp\tmp6621.exe
C:\Users\Cas\AppData\Local\Temp\tmp70C5.exe
C:\Users\Cas\AppData\Local\Temp\tmp77E.exe
C:\Users\Cas\AppData\Local\Temp\tmp78E6.exe
C:\Users\Cas\AppData\Local\Temp\tmp9CCB.exe
C:\Users\Cas\AppData\Local\Temp\tmpCB97.exe
C:\Users\Cas\AppData\Local\Temp\tmpD68.exe
C:\Users\Cas\AppData\Local\Temp\tmpE12B.exe
C:\Users\Cas\AppData\Local\Temp\tmpF823.exe
C:\Users\Cas\AppData\Local\Temp\vlc-2.0.3-win32.exe
C:\Users\Cas\AppData\Local\Temp\ydetect.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-07-16 09:43

==================== End Of Log ============================


Âddition.txt
Code:
Additional scan result of Farbar Recovery Scan Tool (x86) Version:15-07-2014 01
Ran by Cas at 2014-07-16 10:30:07
Running from C:\Users\Cas\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================


==================== Installed Programs ======================

Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.2.0.2070 - Adobe Systems Incorporated)
Adobe AIR (Version: 3.2.0.2070 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 14 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Photoshop Lightroom 4.1 (HKLM\...\{C1575982-F1CA-46DC-A77D-43FF12F2EFC7}) (Version: 4.1.2 - Adobe)
Adobe Reader X (10.1.6) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.6 - Adobe Systems Incorporated)
AFPL Ghostscript 8.54 (HKLM\...\AFPL Ghostscript 8.54) (Version:  - )
AFPL Ghostscript Fonts (HKLM\...\AFPL Ghostscript Fonts) (Version:  - )
AMD APP SDK Runtime (Version: 10.0.1084.4 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{FF6A8312-0A62-3AC0-A49F-9CB7390AE5EC}) (Version: 8.0.911.0 - Advanced Micro Devices, Inc.)
Apple Application Support (HKLM\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
avast! Free Antivirus (HKLM\...\Avast) (Version: 9.0.2021 - AVAST Software)
Avira (HKLM\...\{142be4a8-895b-4ed9-b1ff-11c76357e3df}) (Version: 1.1.17.31000 - Avira Operations GmbH & Co. KG)
Avira (Version: 1.1.17.31000 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 13.0.0.3885 - Avira)
Batman: Arkham Asylum Game of the Year Edition (HKLM\...\{CFABC775-5386-4BA5-86B4-505BBD36E812}) (Version: 1.0.0.0 - Square Enix Limited)
BioShock (HKLM\...\{E280923D-C5D9-4728-8C79-AC9A0DC75875}) (Version: 2.5.0000 - 2K Games)
Canon MP520 series (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP520_series) (Version:  - )
Canon My Printer (HKLM\...\CanonMyPrinter) (Version:  - )
Catalyst Control Center - Branding (Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center (Version: 2011.1012.1625.27603 - Ihr Firmenname) Hidden
Catalyst Control Center Graphics Previews Common (Version: 2011.1012.1625.27603 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (Version: 2011.1012.1624.27603 - Advanced Micro Devices, Inc.) Hidden
ccc-utility (Version: 2011.1012.1625.27603 - Advanced Micro Devices, Inc.) Hidden
Cisco AnyConnect Secure Mobility Client  (HKLM\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.1.04059 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (Version: 3.1.04059 - Cisco Systems, Inc.) Hidden
Citavi (HKLM\...\{E12C6653-1FF0-4686-ADB8-589C13AE761F}) (Version: 3.3.0.0 - Swiss Academic Software)
Corel Painter Essentials 3 (HKLM\...\_{0C180787-F8C8-42FD-A9D3-689BA44BEAAF}) (Version:  - Corel Corporation)
Corel Painter Essentials 3 (Version: 3.2 - Corel Corporation) Hidden
Counter-Strike (HKLM\...\Steam App 10) (Version:  - Valve)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 4.45.4.0314 - DT Soft Ltd)
Deathmatch Classic (HKLM\...\Steam App 40) (Version:  - Valve)
DHTML Editing Component (HKLM\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
Dropbox (HKCU\...\Dropbox) (Version: 2.8.2 - Dropbox, Inc.)
EASEUS Partition Master 9.1.1 Home Edition (HKLM\...\EASEUS Partition Master Home Edition_is1) (Version:  - EASEUS)
Efficient Elements for presentations 1.5.0.176 (HKLM\...\ee4p_is1) (Version: 1.5.0.176 - Efficient Elements GmbH)
Firebird SQL Server - MAGIX Edition (HKLM\...\{6C5F8503-55D2-4398-858C-362B7A7AF51C}) (Version: 2.1.31.0 - MAGIX AG)
FireJump (HKLM\...\{D85FFE92-BF14-4E9B-BCCD-E5C16069E65F}_is1) (Version: 1.0.2.5 - FireJump.net)
IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.35 - Irfan Skiljan)
Java 7 Update 15 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217015FF}) (Version: 7.0.150 - Oracle)
Java Auto Updater (Version: 2.1.9.0 - Sun Microsystems, Inc.) Hidden
loadtbs-3.0 (HKLM\...\loadtbs-3.0) (Version:  - )
MAGIX Screenshare (HKLM\...\MAGIX_{BA816CCA-0FEA-4A68-9AD0-4CF3D2DF40CC}) (Version: 4.3.6.1987 - MAGIX AG)
MAGIX Screenshare (Version: 4.3.6.1987 - MAGIX AG) Hidden
MAGIX Speed burnR (MSI) (HKLM\...\MAGIX_{36F289DE-F9E6-4AD3-AD37-90CCB61F1638}) (Version: 7.0.2.6 - MAGIX AG)
MAGIX Speed burnR (MSI) (Version: 7.0.2.6 - MAGIX AG) Hidden
MAGIX Video deluxe MX Plus Sonderedition (HKLM\...\MAGIX_{E41712A1-DEEB-4D10-BCF1-046BA0611F94}) (Version: 11.0.5.0 - MAGIX AG)
MAGIX Video deluxe MX Plus Sonderedition (Version: 11.0.5.0 - MAGIX AG) Hidden
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft Games for Windows - LIVE (HKLM\...\{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}) (Version: 3.1.186.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Office Access MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MiniTool Drive Copy 5.0 (HKLM\...\{6C52571D-4A38-4F3B-9D7B-A8D95169852F}_is1) (Version:  - MiniTool Solution Ltd.)
Mozilla Firefox 30.0 (x86 de) (HKLM\...\Mozilla Firefox 30.0 (x86 de)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
Mozilla Thunderbird 15.0.1 (x86 de) (HKLM\...\Mozilla Thunderbird 15.0.1 (x86 de)) (Version: 15.0.1 - Mozilla)
Mozilla Thunderbird 17.0.8 (x86 de) (HKCU\...\Mozilla Thunderbird 17.0.8 (x86 de)) (Version: 17.0.8 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
MyPhoneExplorer (HKLM\...\MPE) (Version: 1.8.4 - F.J. Wechselberger)
No23 Recorder (HKLM\...\{22B0E143-2B0B-435B-9F56-136A3D16065F}) (Version: 2.1.0.3 - No23)
NVIDIA PhysX (HKLM\...\{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}) (Version: 9.09.0814 - NVIDIA Corporation)
PDF Architect (HKLM\...\{064A929A-4DE8-40CF-A901-BD40C14E4D25}) (Version: 1.1.83.9982 - pdfforge GmbH)
PDF Blender (HKLM\...\PDF Blender) (Version:  - )
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.0 - pdfforge)
Preispilot für Firefox (HKLM\...\{0D8E6567-7082-48DB-A305-293873AC8B39}_is1) (Version: 2.0 - Preispilot)
QuickTime 7 (HKLM\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
RealDownloader (Version: 1.3.1 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM\...\RealPlayer 16.0) (Version: 16.0.0 - RealNetworks)
RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden
Ricochet (HKLM\...\Steam App 60) (Version:  - Valve)
SearchAnonymizer (HKLM\...\SearchAnonymizer) (Version: 1.0.1 (de) - )
Secure Download Manager (HKLM\...\{9268B41D-6045-4F5F-A14E-3F8E51CD2666}) (Version: 3.0.5 - e-academy Inc.)
Spotify (HKCU\...\Spotify) (Version: 0.9.11.27.g2b1a638c - Spotify AB)
Steam (HKLM\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
SUPER © v2012.build.53 (Sep 13, 2012) Version v2012.build.53 (HKLM\...\{8F311E72-C27F-4DF0-8254-B739A1831668}_is1) (Version: v2012.build.53 - eRightSoft)
Sync-my-L2P (HKLM\...\Sync-my-L2P 1.0) (Version: 1.0 - Sync-my-L2P)
Team Fortress 2 (HKLM\...\Steam App 440) (Version:  - Valve)
Team Fortress Classic (HKLM\...\Steam App 20) (Version:  - Valve)
TeamViewer 8 (HKLM\...\TeamViewer 8) (Version: 8.0.20202 - TeamViewer)
TrueCrypt (HKLM\...\TrueCrypt) (Version: 7.1a - TrueCrypt Foundation)
Ulead PhotoImpact X3 (HKLM\...\InstallShield_{15803703-25FA-4C01-A062-3F4A59937E87}) (Version: 1.00.0000 - Corel)
Ulead PhotoImpact X3 (Version: 1.00.0000 - Corel) Hidden
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Office 2007 (KB946691) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{A420F522-7395-4872-9882-C591B4B92278}) (Version:  - Microsoft)
VLC media player 2.0.3 (HKLM\...\VLC media player) (Version: 2.0.3 - VideoLAN)
WEB.DE MailCheck für Mozilla Firefox (HKLM\...\1&1 Mail & Media GmbH Toolbar FF) (Version: 2.1.4.1420 - 1&1 Mail & Media GmbH)
Winamp (HKLM\...\Winamp) (Version: 5.63  - Nullsoft, Inc)
Winamp Erkennungs-Plug-in (HKCU\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows Live ID Sign-in Assistant (HKLM\...\{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}) (Version: 6.500.3165.0 - Microsoft Corporation)
WinRAR 4.20 (32-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
XMedia Recode Version 3.1.3.4 (HKLM\...\{DDA3C325-47B2-4730-9672-BF3771C08799}_is1) (Version: 3.1.3.4 - XMedia Recode)
Yahoo! Detect (HKLM\...\YTdetect) (Version:  - )

==================== Restore Points  =========================


==================== Hosts content: ==========================

2006-11-02 12:23 - 2006-09-18 23:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1      localhost
::1            localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {04021EE9-E40B-4345-BF12-889C778048A6} - System32\Tasks\Launch HTC Sync Loader => C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe
Task: {04C17329-DB5F-4E6D-B59E-E11AB774499E} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {075F7B0C-8858-426A-81EA-5161F4D13E82} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {1641123C-4B3F-4880-B1FF-2E663BAD4D72} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1399156017-4130152259-970843329-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-03-06] (RealNetworks, Inc.)
Task: {2EF1A2C3-210D-4AFD-BEB7-E51E7FD69C0C} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {3A950610-5351-4CF3-89BD-526A7E64AA8B} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2006-11-02] ()
Task: {484BB663-DC34-4626-B0AA-8779AECC21C6} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-07-16] (AVAST Software)
Task: {5A6D9831-D95C-4713-B4E9-F03D1644498F} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2006-11-02] (Microsoft Corporation)
Task: {65EB287B-9BC9-4699-B97E-F73AF0D4FF25} - \AdobeFlashPlayerUpdate No Task File <==== ATTENTION
Task: {6FCA3775-E6A7-4427-9BFF-1FE314F3802E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-16] (Adobe Systems Incorporated)
Task: {81A8C598-0BA6-4511-AC78-1AE2604DA85A} - \AdobeFlashPlayerUpdate 2 No Task File <==== ATTENTION
Task: {84484664-1E99-4691-A0C5-1375DCA01FFC} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1399156017-4130152259-970843329-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-03-06] (RealNetworks, Inc.)
Task: {D7159F95-121B-4CE4-AB4E-7D3C1A2F4FC3} - System32\Tasks\Microsoft\Windows\PLA\System\ConvertLogEntries => Rundll32.exe %windir%\system32\pla.dll,PlaConvertLogEntries
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2013-06-19 17:00 - 2013-06-19 17:00 - 00063376 _____ () C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
2014-07-16 09:11 - 2014-07-16 09:11 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll
2011-10-12 21:28 - 2011-10-12 21:28 - 00037376 _____ () C:\Windows\system32\atitmpxx.dll
2013-07-29 18:43 - 2013-07-29 10:25 - 00394824 _____ () C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
2014-07-07 13:53 - 2014-07-07 13:53 - 00137296 _____ () C:\Program Files\Avira\My Avira\Avira.OE.NativeCore.dll
2014-07-16 09:11 - 2014-07-16 09:11 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2006-11-02 20:40 - 2006-11-02 20:40 - 00174656 _____ () C:\Windows\system32\PSIService.exe
2013-03-06 03:21 - 2013-03-06 03:21 - 00039056 _____ () C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
2012-11-17 12:07 - 2012-11-17 12:07 - 00040960 _____ () C:\Users\Cas\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe
2014-07-07 13:49 - 2014-07-07 13:49 - 00245760 _____ () C:\Program Files\Avira\My Avira\System.ComponentModel.Composition.dll
2014-07-07 13:52 - 2014-07-07 13:52 - 00065616 _____ () C:\Program Files\Avira\My Avira\Avira.OE.AvConnectorNative.dll
2011-10-12 16:23 - 2011-10-12 16:23 - 00369152 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2012-11-04 19:14 - 2014-07-16 08:43 - 03852912 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2012-09-26 18:22 - 2012-09-26 18:22 - 00122880 _____ () C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox\components\CitaviPickerCommunication.dll
2014-07-16 10:26 - 2014-07-16 10:26 - 00050477 _____ () C:\Users\Cas\Desktop\Defogger.exe

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== EXE Association (whitelisted) =============


==================== MSCONFIG/TASK MANAGER disabled items =========


==================== Faulty Device Manager Devices =============

Name: SM-Bus-Controller
Description: SM-Bus-Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/16/2014 09:11:10 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts auf dem Volume (Prozess = C:\Users\Cas\AppData\Local\Temp\_av_iup.tm~a03316\instup.exe  /edition:1 /prod:ais /sfx /sfxstorage:C:\Users\Cas\AppData\Local\Temp\_av_iup.tm~a03316 ; Beschreibung = avast! antivirus system restore point; Hr = 0x80070422).

Error: (07/16/2014 08:58:33 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm firefox.exe, Version 30.0.0.5269 arbeitet nicht mehr mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem zu suchen.
Prozess-ID: 1058
Anfangszeit: 01cfa0c135e2c2d5
Zeitpunkt der Beendigung: 1475

Error: (07/16/2014 08:43:45 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".
Die abhängige Assemblierung "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (07/16/2014 08:38:33 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts auf dem Volume (Prozess = C:\Windows\system32\svchost.exe -k netsvcs; Beschreibung = Windows Update; Hr = 0x80070422).

Error: (07/16/2014 08:33:14 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".
Die abhängige Assemblierung "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (07/09/2014 08:50:00 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlerhafte Anwendung FlashPlayerUpdateService.exe, Version 11.6.602.180, Zeitstempel 0x51a4ab8c, fehlerhaftes Modul ntdll.dll, Version 6.0.6000.16386, Zeitstempel 0x4549bdc9, Ausnahmecode 0xc0000005, Fehleroffset 0x00042f6b,
Prozess-ID 0xf04, Anwendungsstartzeit FlashPlayerUpdateService.exe0.

Error: (07/09/2014 07:50:00 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlerhafte Anwendung FlashPlayerUpdateService.exe, Version 11.6.602.180, Zeitstempel 0x51a4ab8c, fehlerhaftes Modul ntdll.dll, Version 6.0.6000.16386, Zeitstempel 0x4549bdc9, Ausnahmecode 0xc0000005, Fehleroffset 0x00042f6b,
Prozess-ID 0x1b20, Anwendungsstartzeit FlashPlayerUpdateService.exe0.

Error: (07/09/2014 07:04:41 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts auf dem Volume (Prozess = C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation; Beschreibung = Geplanter Prüfpunkt; Hr = 0x80070422).

Error: (07/09/2014 06:50:00 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlerhafte Anwendung FlashPlayerUpdateService.exe, Version 11.6.602.180, Zeitstempel 0x51a4ab8c, fehlerhaftes Modul ntdll.dll, Version 6.0.6000.16386, Zeitstempel 0x4549bdc9, Ausnahmecode 0xc0000005, Fehleroffset 0x00042f6b,
Prozess-ID 0x1d44, Anwendungsstartzeit FlashPlayerUpdateService.exe0.

Error: (07/09/2014 05:50:00 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlerhafte Anwendung FlashPlayerUpdateService.exe, Version 11.6.602.180, Zeitstempel 0x51a4ab8c, fehlerhaftes Modul ntdll.dll, Version 6.0.6000.16386, Zeitstempel 0x4549bdc9, Ausnahmecode 0xc0000005, Fehleroffset 0x00042f6b,
Prozess-ID 0x1e4c, Anwendungsstartzeit FlashPlayerUpdateService.exe0.


System errors:
=============
Error: (07/16/2014 09:16:32 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (07/16/2014 08:43:23 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Browser Manager1

Error: (07/16/2014 08:37:04 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Adobe Flash Player Update Service1

Error: (07/16/2014 08:35:02 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Windows Presentation Foundation-Schriftartcache 3.0.0.0%%1053

Error: (07/16/2014 08:35:02 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: 30000Windows Presentation Foundation-Schriftartcache 3.0.0.0

Error: (07/16/2014 08:34:48 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: 30000vpnagent

Error: (08/29/2013 10:01:32 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: 30000AudioEndpointBuilder

Error: (08/25/2013 02:03:01 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: 30000vpnagent

Error: (08/23/2013 00:50:45 PM) (Source: VDS Dynamic Provider 2.0) (EventID: 10) (User: )
Description: Der Anbieter konnte Benachrichtigungen nicht speichern, die vom Treiber stammen. Der Dienst für virtuelle Datenträger muss neu gestartet werden. hr=80042505

Error: (08/19/2013 11:45:17 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}


Microsoft Office Sessions:
=========================
Error: (06/19/2013 00:22:28 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 2667 seconds with 1980 seconds of active time.  This session ended with a crash.


CodeIntegrity Errors:
===================================
  Date: 2014-07-16 08:33:01.276
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\PROGRA~2\BROWSE~1\261519~1.190\{16CDF~1\BROWSE~1.DLL" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-07-09 17:44:47.974
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\ProgramData\Browser Manager\2.6.1519.190\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-07-09 17:44:47.950
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\ProgramData\Browser Manager\2.6.1519.190\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-07-09 17:26:13.989
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\ProgramData\Browser Manager\2.6.1519.190\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-07-09 17:26:13.946
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\ProgramData\Browser Manager\2.6.1519.190\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-07-09 17:26:13.905
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\ProgramData\Browser Manager\2.6.1519.190\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-07-09 17:26:13.834
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\ProgramData\Browser Manager\2.6.1519.190\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-07-09 16:05:49.179
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\ProgramData\Browser Manager\2.6.1519.190\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-07-09 16:05:49.150
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\ProgramData\Browser Manager\2.6.1519.190\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-07-09 16:04:42.904
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\ProgramData\Browser Manager\2.6.1519.190\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info ===========================

Percentage of memory in use: 48%
Total physical RAM: 3326.25 MB
Available physical RAM: 1724.54 MB
Total Pagefile: 6827.46 MB
Available Pagefile: 5074.32 MB
Total Virtual: 2047.88 MB
Available Virtual: 1915.68 MB

==================== Drives ================================

Drive c: (SYSTEM) (Fixed) (Total:60.73 GB) (Free:2.89 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Data) (Fixed) (Total:385.2 GB) (Free:282.2 GB) NTFS
Drive j: (OFFICE14) (CDROM) (Total:0.65 GB) (Free:0 GB) UDF
Drive x: (SYSTEM) (Fixed) (Total:19.53 GB) (Free:5.01 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 466 GB) (Disk ID: FB7733E7)
Partition 1: (Active) - (Size=61 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=405 GB) - (Type=OF Extended)

==================== End Of Log ============================

Gmer.txt

Code:
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-07-16 10:45:42
Windows 6.0.6000  \Device\Harddisk0\DR0 -> \Device\Ide\IdePort3 SAMSUNG_HD501LJ rev.CR100-13 465,76GB
Running: Gmer-19357.exe; Driver: C:\Users\Cas\AppData\Local\Temp\ufrdqpow.sys


---- System - GMER 2.1 ----

SSDT            \SystemRoot\system32\drivers\aswSnx.sys                                                                          ZwAddBootEntry [0x92627BA6]
SSDT            \SystemRoot\system32\drivers\aswSnx.sys                                                                          ZwAssignProcessToJobObject [0x92628684]
SSDT            90225DAC                                                                                                        ZwClose
SSDT            \SystemRoot\system32\drivers\aswSnx.sys                                                                          ZwCreateEvent [0x926346F8]
SSDT            \SystemRoot\system32\drivers\aswSnx.sys                                                                          ZwCreateEventPair [0x92634744]
SSDT            \SystemRoot\system32\drivers\aswSnx.sys                                                                          ZwCreateIoCompletion [0x926348DE]
SSDT            \SystemRoot\system32\drivers\aswSnx.sys                                                                          ZwCreateMutant [0x92634666]
SSDT            90225DB6                                                                                                        ZwCreateSection
SSDT            \SystemRoot\system32\drivers\aswSnx.sys                                                                          ZwCreateSemaphore [0x926346AE]
SSDT            \SystemRoot\system32\drivers\aswSP.sys                                                                          ZwCreateThread [0x92DAC080]
SSDT            \SystemRoot\system32\drivers\aswSnx.sys                                                                          ZwCreateTimer [0x92634898]
SSDT            \SystemRoot\system32\drivers\aswSnx.sys                                                                          ZwDebugActiveProcess [0x92629472]
SSDT            \SystemRoot\system32\drivers\aswSnx.sys                                                                          ZwDeleteBootEntry [0x92627C0C]
SSDT            90225DA7                                                                                                        ZwDuplicateObject
SSDT            \SystemRoot\system32\drivers\aswSnx.sys                                                                          ZwLoadDriver [0x926277F8]
SSDT            \SystemRoot\system32\drivers\aswSP.sys                                                                          ZwMapViewOfSection [0x92DABED0]
SSDT            \SystemRoot\system32\drivers\aswSnx.sys                                                                          ZwModifyBootEntry [0x92627C72]
SSDT            \SystemRoot\system32\drivers\aswSnx.sys                                                                          ZwNotifyChangeKey [0x9262D05E]
SSDT            \SystemRoot\system32\drivers\aswSnx.sys                                                                          ZwNotifyChangeMultipleKeys [0x92629F5A]
SSDT            \SystemRoot\system32\drivers\aswSnx.sys                                                                          ZwOpenEvent [0x92634722]
SSDT            \SystemRoot\system32\drivers\aswSnx.sys                                                                          ZwOpenEventPair [0x92634766]
SSDT            \SystemRoot\system32\drivers\aswSnx.sys                                                                          ZwOpenIoCompletion [0x92634902]
SSDT            \SystemRoot\system32\drivers\aswSnx.sys                                                                          ZwOpenMutant [0x9263468C]
SSDT            90225D48                                                                                                        ZwOpenProcess
SSDT            \SystemRoot\system32\drivers\aswSnx.sys                                                                          ZwOpenSection [0x92634816]
SSDT            \SystemRoot\system32\drivers\aswSnx.sys                                                                          ZwOpenSemaphore [0x926346D6]
SSDT            90225D4D                                                                                                        ZwOpenThread
SSDT            \SystemRoot\system32\drivers\aswSnx.sys                                                                          ZwOpenTimer [0x926348BC]
SSDT            \SystemRoot\system32\drivers\aswSP.sys                                                                          ZwProtectVirtualMemory [0x92DABC6E]
SSDT            \SystemRoot\system32\drivers\aswSnx.sys                                                                          ZwQueryObject [0x92629DCE]
SSDT            \SystemRoot\system32\drivers\aswSnx.sys                                                                          ZwQueueApcThread [0x92629924]
SSDT            90225DC0                                                                                                        ZwRequestWaitReplyPort
SSDT            \SystemRoot\system32\drivers\aswSnx.sys                                                                          ZwSetBootEntryOrder [0x92627CD8]
SSDT            \SystemRoot\system32\drivers\aswSnx.sys                                                                          ZwSetBootOptions [0x92627D3E]
SSDT            90225DBB                                                                                                        ZwSetContextThread
SSDT            90225DC5                                                                                                        ZwSetSecurityObject
SSDT            \SystemRoot\system32\drivers\aswSnx.sys                                                                          ZwSetSystemInformation [0x92627892]
SSDT            \SystemRoot\system32\drivers\aswSnx.sys                                                                          ZwSetSystemPowerState [0x92627A64]
SSDT            \SystemRoot\system32\drivers\aswSnx.sys                                                                          ZwShutdownSystem [0x926279F2]
SSDT            \SystemRoot\system32\drivers\aswSnx.sys                                                                          ZwSuspendProcess [0x9262963C]
SSDT            \SystemRoot\system32\drivers\aswSnx.sys                                                                          ZwSuspendThread [0x9262979E]
SSDT            90225DCA                                                                                                        ZwSystemDebugControl
SSDT            90225D57                                                                                                        ZwTerminateProcess
SSDT            \SystemRoot\system32\drivers\aswSnx.sys                                                                          ZwTerminateThread [0x926292CC]
SSDT            \SystemRoot\system32\drivers\aswSnx.sys                                                                          ZwVdmControl [0x92627DA4]
SSDT            \SystemRoot\system32\drivers\aswSP.sys                                                                          ZwWriteVirtualMemory [0x92DABBA0]
SSDT            \SystemRoot\system32\drivers\aswSP.sys                                                                          ZwCreateThreadEx [0x92DAC16A]

---- Kernel code sections - GMER 2.1 ----

.text          ntkrnlpa.exe!ZwCallbackReturn + 7E0                                                                              82080CEC 12 Bytes  [3C, 96, 62, 92, 9E, 97, 62, ...] {CMP AL, 0x96; BOUND EDX, [EDX-0x6d9d6862]; RETF 0x225d; NOP }
PAGE            ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 110                                                                      821BE9A7 4 Bytes  CALL 9262A641 \SystemRoot\system32\drivers\aswSnx.sys
PAGE            ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 121                                                                    821C6428 4 Bytes  CALL 9262A657 \SystemRoot\system32\drivers\aswSnx.sys
.text          C:\Windows\system32\DRIVERS\atikmdag.sys                                                                        section is writeable [0x8F37E000, 0x3AB565, 0xE8000020]

---- User code sections - GMER 2.1 ----

.text          C:\Windows\System32\spoolsv.exe[252] kernel32.dll!GetBinaryTypeW + 70                                            75F7714D 1 Byte  [62]
.text          C:\Windows\system32\taskeng.exe[284] kernel32.dll!GetBinaryTypeW + 70                                            75F7714D 1 Byte  [62]
.text          C:\Program Files\Avira\AntiVir Desktop\sched.exe[444] kernel32.dll!GetBinaryTypeW + 70                          75F7714D 1 Byte  [62]
.text          C:\Program Files\Avira\AntiVir Desktop\avguard.exe[468] kernel32.dll!GetBinaryTypeW + 70                        75F7714D 1 Byte  [62]
.text          C:\Windows\system32\svchost.exe[512] kernel32.dll!GetBinaryTypeW + 70                                            75F7714D 1 Byte  [62]
.text          ...                                                                                                             
.text          C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1856] kernel32.dll!SetUnhandledExceptionFilter                75F7D177 8 Bytes  [31, C0, C2, 04, 00, 90, 90, ...] {XOR EAX, EAX; RET 0x4; NOP ; NOP ; NOP }
.text          C:\Windows\Explorer.EXE[1864] kernel32.dll!GetBinaryTypeW + 70                                                  75F7714D 1 Byte  [62]
.text          C:\Windows\system32\taskeng.exe[1988] kernel32.dll!GetBinaryTypeW + 70                                          75F7714D 1 Byte  [62]
.text          C:\Windows\system32\conime.exe[2084] kernel32.dll!GetBinaryTypeW + 70                                            75F7714D 1 Byte  [62]
.text          C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2324] kernel32.dll!GetBinaryTypeW + 70                  75F7714D 1 Byte  [62]
.text          C:\Program Files\PDF Architect\HelperService.exe[2448] kernel32.dll!GetBinaryTypeW + 70                          75F7714D 1 Byte  [62]
.text          ...                                                                                                             
.text          C:\Program Files\Real\RealPlayer\Update\realsched.exe[2692] kernel32.dll!SetUnhandledExceptionFilter            75F7D177 5 Bytes  [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}
.text          C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2704] kernel32.dll!GetBinaryTypeW + 70                          75F7714D 1 Byte  [62]
.text          C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe[2712] kernel32.dll!GetBinaryTypeW + 70  75F7714D 1 Byte  [62]
.text          C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe[2724] KERNEL32.dll!GetBinaryTypeW + 70                      75F7714D 1 Byte  [62]
.text          C:\Windows\system32\wbem\wmiprvse.exe[2736] kernel32.dll!GetBinaryTypeW + 70                                    75F7714D 1 Byte  [62]
.text          C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe[2748] kernel32.dll!GetBinaryTypeW + 70        75F7714D 1 Byte  [62]
.text          ...                                                                                                             
.text          C:\Program Files\AVAST Software\Avast\AvastUI.exe[2776] kernel32.dll!SetUnhandledExceptionFilter                75F7D177 8 Bytes  [31, C0, C2, 04, 00, 90, 90, ...] {XOR EAX, EAX; RET 0x4; NOP ; NOP ; NOP }
.text          C:\Program Files\Windows Sidebar\sidebar.exe[2784] kernel32.dll!GetBinaryTypeW + 70                              75F7714D 1 Byte  [62]
.text          C:\Users\Cas\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[2820] kernel32.dll!GetBinaryTypeW + 70            75F7714D 1 Byte  [62]
.text          C:\Windows\system32\svchost.exe[2864] kernel32.dll!GetBinaryTypeW + 70                                          75F7714D 1 Byte  [62]
.text          C:\Windows\system32\PSIService.exe[2912] kernel32.dll!GetBinaryTypeW + 70                                        75F7714D 1 Byte  [62]
.text          C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe[2976] kernel32.dll!GetBinaryTypeW + 70          75F7714D 1 Byte  [62]
.text          ...                                                                                                             
.text          C:\Program Files\Mozilla Firefox\firefox.exe[5116] ntdll.dll!LdrLoadDll                                          773EEB00 5 Bytes  JMP 5D8D1EAE C:\Program Files\Mozilla Firefox\mozglue.dll
.text          C:\Program Files\Mozilla Firefox\firefox.exe[5116] ntdll.dll!LdrUnloadDll                                        773FBF0A 5 Bytes  JMP 001603FC
.text          C:\Program Files\Mozilla Firefox\firefox.exe[5116] ntdll.dll!NtCreateFile                                        7741F414 5 Bytes  JMP 519AB8D0 C:\Program Files\Mozilla Firefox\xul.dll
.text          C:\Program Files\Mozilla Firefox\firefox.exe[5116] ntdll.dll!NtFlushBuffersFile                                  7741F914 5 Bytes  JMP 519A7B07 C:\Program Files\Mozilla Firefox\xul.dll
.text          C:\Program Files\Mozilla Firefox\firefox.exe[5116] ntdll.dll!NtQueryFullAttributesFile                          7741FE44 5 Bytes  JMP 519A7820 C:\Program Files\Mozilla Firefox\xul.dll
.text          C:\Program Files\Mozilla Firefox\firefox.exe[5116] ntdll.dll!NtReadFile                                          77420074 5 Bytes  JMP 519A7A00 C:\Program Files\Mozilla Firefox\xul.dll
.text          C:\Program Files\Mozilla Firefox\firefox.exe[5116] ntdll.dll!NtReadFileScatter                                  77420084 5 Bytes  JMP 521FCCC0 C:\Program Files\Mozilla Firefox\xul.dll
.text          C:\Program Files\Mozilla Firefox\firefox.exe[5116] ntdll.dll!NtWriteFile                                        774206C4 5 Bytes  JMP 519ABFE0 C:\Program Files\Mozilla Firefox\xul.dll
.text          C:\Program Files\Mozilla Firefox\firefox.exe[5116] ntdll.dll!NtWriteFileGather                                  774206D4 5 Bytes  JMP 521FCC6F C:\Program Files\Mozilla Firefox\xul.dll
.text          C:\Program Files\Mozilla Firefox\firefox.exe[5116] KERNEL32.dll!GetBinaryTypeW + 70                              75F7714D 1 Byte  [62]
.text          C:\Program Files\Mozilla Firefox\firefox.exe[5116] KERNEL32.dll!ActivateActCtx + 2C                              75F77379 7 Bytes  JMP 521C9E65 C:\Program Files\Mozilla Firefox\xul.dll
.text          C:\Program Files\Mozilla Firefox\firefox.exe[5116] KERNEL32.dll!VirtualQuery + 24                                75F7D172 7 Bytes  JMP 519A8236 C:\Program Files\Mozilla Firefox\xul.dll
.text          C:\Program Files\Mozilla Firefox\firefox.exe[5116] KERNEL32.dll!VirtualAllocEx + 54                              75F99BC5 7 Bytes  JMP 521C9E88 C:\Program Files\Mozilla Firefox\xul.dll
.text          C:\Program Files\Mozilla Firefox\firefox.exe[5116] user32.dll!GetWindowInfo                                      761300DB 5 Bytes  JMP 520D7585 C:\Program Files\Mozilla Firefox\xul.dll
.text          C:\Program Files\Mozilla Firefox\firefox.exe[5116] GDI32.dll!SetTextAlign + E6                                  775B7EEF 7 Bytes  JMP 521C9DE6 C:\Program Files\Mozilla Firefox\xul.dll
.text          C:\Users\Cas\Desktop\Gmer-19357.exe[5584] kernel32.dll!GetBinaryTypeW + 70                                      75F7714D 1 Byte  [62]

---- Devices - GMER 2.1 ----

AttachedDevice  \Driver\tdx \Device\Tcp                                                                                          aswTdi.sys
AttachedDevice  \Driver\tdx \Device\Udp                                                                                          aswTdi.sys
AttachedDevice  \FileSystem\fastfat \Fat                                                                                        fltmgr.sys

---- EOF - GMER 2.1 ----
Benötigt ihr noch weitere Logs?

Vielen vielen Dank im Voraus.

Viele Grüße,
Cassian

schrauber 16.07.2014 10:08
hi,

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Teabone 16.07.2014 10:54
Hallo Schrauber,

vielen Dank für deine sehr schnelle Rückmeldung.
Anbei der Combofix Log, dazu noch eineige Anmerkungen.

-Vor dem Scan habe ich wie von Debugger für das Re-Enable aufgefordert einen Neustart durchgeführt. Direkt danach kam es kurz nach dem Booten zu einem Crash - ich konnte jedoch neu starten

-Während des Combofix-Scans startete noch der Windows System Updater in der Quickstartleitse

-Während des Combofix-Scans wurde ich von Windows aufgefordert den jucheck.exe Prozess fortzusetzen (Oracle America - Was ist das überhaupt? Da werde ich andauernd nach gefragt) - habe ich während des Scans nicht angefasst

-Während des Combofix-Scans gab es Außerdem noch ein Antivir Werbe Pop Up und ein Windows Sicherheit Pop-Up

Combofix-Log

Code:
Combofix Logfile:

       
Code:

       
ComboFix 14-07-16.01 - Cas 16.07.2014  11:36:46.1.4 - x86
Microsoft® Windows Vista™ Ultimate   6.0.6000.0.1252.49.1031.18.3326.1737 [GMT 2:00]
ausgeführt von:: c:\users\Cas\Desktop\ComboFix.exe
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Cas\AppData\Local\lame_enc.dll
c:\users\Cas\AppData\Local\no23xwrapper.dll
c:\users\Cas\AppData\Local\ogg.dll
c:\users\Cas\AppData\Local\vorbis.dll
c:\users\Cas\AppData\Local\vorbisenc.dll
c:\users\Cas\AppData\Local\vorbisfile.dll
c:\users\Cas\mozjs.dll
c:\users\Cas\nsldap32v60.dll
c:\users\Cas\nsldappr32v60.dll
c:\users\Cas\nsldif32v60.dll
c:\users\Cas\plugin-container.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2014-06-16 bis 2014-07-16  ))))))))))))))))))))))))))))))
.
.
2014-07-16 09:43 . 2014-07-16 09:43        --------        d-----w-        c:\users\Default\AppData\Local\temp
2014-07-16 08:28 . 2014-07-16 08:30        --------        d-----w-        C:\FRST
2014-07-16 07:12 . 2014-07-16 07:12        --------        d-----w-        c:\users\Cas\AppData\Roaming\AVAST Software
2014-07-16 07:12 . 2014-07-16 07:11        57800        ----a-w-        c:\windows\system32\drivers\aswTdi.sys
2014-07-16 07:12 . 2014-07-16 07:11        192352        ----a-w-        c:\windows\system32\drivers\aswVmm.sys
2014-07-16 07:12 . 2014-07-16 07:11        779536        ----a-w-        c:\windows\system32\drivers\aswSnx.sys
2014-07-16 07:12 . 2014-07-16 07:12        414520        ----a-w-        c:\windows\system32\drivers\aswsp.sys
2014-07-16 07:12 . 2014-07-16 07:11        67824        ----a-w-        c:\windows\system32\drivers\aswMonFlt.sys
2014-07-16 07:12 . 2014-07-16 07:11        49944        ----a-w-        c:\windows\system32\drivers\aswRvrt.sys
2014-07-16 07:12 . 2014-07-16 07:11        24184        ----a-w-        c:\windows\system32\drivers\aswHwid.sys
2014-07-16 07:12 . 2014-07-16 07:11        55112        ----a-w-        c:\windows\system32\drivers\aswRdr.sys
2014-07-16 07:12 . 2014-07-16 07:11        276432        ----a-w-        c:\windows\system32\aswBoot.exe
2014-07-16 07:11 . 2014-07-16 07:11        43152        ----a-w-        c:\windows\avastSS.scr
2014-07-16 07:11 . 2014-07-16 07:11        --------        d-----w-        c:\program files\AVAST Software
2014-07-16 07:09 . 2014-07-16 07:11        --------        d-----w-        c:\programdata\AVAST Software
2014-07-16 06:43 . 2014-07-16 06:43        10594416        ----a-w-        c:\program files\Mozilla Firefox\icudt52.dll
2014-07-16 06:43 . 2014-07-16 06:43        822384        ----a-w-        c:\program files\Mozilla Firefox\icuuc52.dll
2014-07-16 06:43 . 2014-07-16 06:43        1022576        ----a-w-        c:\program files\Mozilla Firefox\icuin52.dll
2014-07-09 11:16 . 2014-07-09 11:16        --------        d-----w-        c:\users\Cas\AppData\Local\Apple Computer
2014-07-09 11:13 . 2014-07-16 06:33        --------        d-----w-        c:\users\Cas\AppData\Roaming\Apple Computer
2014-07-09 09:45 . 2014-07-09 09:45        159744        ----a-w-        c:\program files\Mozilla Firefox\plugins\npqtplugin5.dll
2014-07-09 09:45 . 2014-07-09 09:45        159744        ----a-w-        c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2014-07-09 09:45 . 2014-07-09 09:45        159744        ----a-w-        c:\program files\Mozilla Firefox\plugins\npqtplugin4.dll
2014-07-09 09:45 . 2014-07-09 09:45        159744        ----a-w-        c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2014-07-09 09:45 . 2014-07-09 09:45        159744        ----a-w-        c:\program files\Mozilla Firefox\plugins\npqtplugin3.dll
2014-07-09 09:45 . 2014-07-09 09:45        159744        ----a-w-        c:\program files\Mozilla Firefox\plugins\npqtplugin2.dll
2014-07-09 09:45 . 2014-07-09 09:45        159744        ----a-w-        c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2014-07-09 09:45 . 2014-07-09 09:45        159744        ----a-w-        c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2014-07-09 09:45 . 2014-07-09 09:45        159744        ----a-w-        c:\program files\Mozilla Firefox\plugins\npqtplugin.dll
2014-07-09 09:45 . 2014-07-09 09:45        159744        ----a-w-        c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2014-07-09 09:44 . 2014-07-09 09:45        --------        d-----w-        c:\program files\QuickTime
2014-07-09 09:44 . 2014-07-09 09:44        --------        d-----w-        c:\programdata\Apple Computer
2014-07-09 09:43 . 2014-07-09 09:43        --------        d-----w-        c:\program files\Common Files\Apple
2014-07-09 09:43 . 2014-07-09 09:43        --------        d-----w-        c:\users\Cas\AppData\Local\Apple
2014-07-09 09:43 . 2014-07-09 09:43        --------        d-----w-        c:\programdata\Apple
2014-07-09 09:43 . 2014-07-09 09:43        --------        d-----w-        c:\program files\Apple Software Update
2014-07-09 08:47 . 2014-07-09 08:47        --------        d-----w-        c:\programdata\Package Cache
2014-07-09 08:40 . 2014-07-16 09:32        --------        d-----w-        c:\users\Cas\AppData\Roaming\DropboxMaster
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-07-16 06:37 . 2012-09-23 15:39        71344        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl
2014-07-16 06:37 . 2012-09-23 15:39        699056        ----a-w-        c:\windows\system32\FlashPlayerApp.exe
2006-05-03 11:06        163328        --sha-r-        c:\windows\System32\flvDX.dll
2007-02-21 12:47        31232        --sha-r-        c:\windows\System32\msfDX.dll
2008-03-16 14:30        216064        --sha-r-        c:\windows\System32\nbDX.dll
2010-01-06 23:00        107520        --sha-r-        c:\windows\System32\TAKDSDecoder.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-07-16 07:11        578240        ----a-w-        c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09        131248        ----a-w-        c:\users\Cas\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09        131248        ----a-w-        c:\users\Cas\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09        131248        ----a-w-        c:\users\Cas\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2012-09-14 1232896]
"Steam"="d:\programme\Steam\steam.exe" [2014-07-12 1753280]
"Spotify Web Helper"="c:\users\Cas\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2014-07-16 1178168]
"Spotify"="c:\users\Cas\AppData\Roaming\Spotify\spotify.exe" [2014-07-16 6162488]
"DAEMON Tools Lite"="d:\programme\DAEMON Tools Lite\DTLite.exe" [2012-04-11 3672384]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-10-12 343168]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2012-06-20 74752]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 1603152]
"TrayServer"="c:\program files\MAGIX\Video_deluxe_MX_Plus_Sonderedition\TrayServer_de.exe" [2008-08-07 90112]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"Ocs_SM"="c:\users\Cas\AppData\Roaming\OCS\SM\SearchAnonymizer.exe" [2012-11-17 106496]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"TkBellExe"="c:\program files\Real\RealPlayer\Update\realsched.exe" [2013-03-21 295512]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2013-07-29 345144]
"Cisco AnyConnect Secure Mobility Agent for Windows"="c:\program files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" [2013-06-19 703888]
"Avira Systray"="c:\program files\Avira\My Avira\Avira.OE.Systray.exe" [2014-07-07 189520]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-09-13 59720]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2014-01-17 421888]
"MRT"="c:\windows\system32\MRT.exe" [2014-06-26 93585272]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-07-16 4086432]
.
c:\users\Cas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Cas\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-5-20 33322312]
.
R3 acsint;acsint;c:\windows\system32\DRIVERS\acsint.sys [2013-06-19 39888]
R3 acsmux;acsmux;c:\windows\system32\DRIVERS\acsmux.sys [2013-06-19 58320]
.
.
Inhalt des "geplante Tasks" Ordners
.
2014-07-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-23 06:37]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://search.babylon.com/?affID=109727&tt=4612_8&babsrc=HP_ss&mntrId=e49a2a8e000000000000002215a12c88
IE: &Citavi Picker... - file://c:\programdata\Swiss Academic Software\Citavi Picker\Internet Explorer\ShowContextMenu.html
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Cas\AppData\Roaming\Mozilla\Firefox\Profiles\8ka7i0u3.default\
FF - prefs.js: browser.startup.homepage - hxxp://search.babylon.com/?affID=109727&tt=4612_8&babsrc=HP_ss&mntrId=e49a2a8e000000000000002215a12c88
FF - ExtSQL: !HIDDEN! 2012-11-17 11:07; extension@preispilot.com; c:\users\Cas\AppData\Roaming\Mozilla\Firefox\Profiles\8ka7i0u3.default\extensions\extension@preispilot.com
FF - ExtSQL: !HIDDEN! 2012-11-17 11:07; firejump@firejump.net; c:\users\Cas\AppData\Roaming\Mozilla\Firefox\Profiles\8ka7i0u3.default\extensions\firejump@firejump.net
FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://search.babylon.com/?babsrc=TB_def&mntrId=e49a2a8e000000000000002215a12c88&q=
FF - user.js: extensions.BabylonToolbar.id - e49a2a8e000000000000002215a12c88
FF - user.js: extensions.BabylonToolbar.appId - {BDB69379-802F-4eaf-B541-F8DE92DD98DB}
FF - user.js: extensions.BabylonToolbar.instlDay - 15661
FF - user.js: extensions.BabylonToolbar.vrsn - 1.8.3.8
FF - user.js: extensions.BabylonToolbar.vrsni - 1.8.3.8
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.8.3.811:08
FF - user.js: extensions.BabylonToolbar.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar.tlbrId - base
FF - user.js: extensions.BabylonToolbar.instlRef - sst
FF - user.js: extensions.BabylonToolbar.dfltLng - en
FF - user.js: extensions.BabylonToolbar.excTlbr - false
FF - user.js: extensions.BabylonToolbar.admin - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-loadtbs-3.0 - c:\users\Cas\AppData\Roaming\loadtbs\uninstall.exe
AddRemove-_{0C180787-F8C8-42FD-A9D3-689BA44BEAAF} - c:\program files\Corel\Corel Painter Essentials 3\MSILauncher {0C180787-F8C8-42FD-A9D3-689BA44BEAAF}
AddRemove-{E280923D-C5D9-4728-8C79-AC9A0DC75875} - c:\program files\InstallShield Installation Information\{E280923D-C5D9-4728-8C79-AC9A0DC75875}\setup.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2014-07-16 11:44
Windows 6.0.6000  NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1399156017-4130152259-970843329-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*7*T%W%]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-1399156017-4130152259-970843329-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*7*T%W%\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-1399156017-4130152259-970843329-1000\Software\SecuROM\License information*]
@Allowed: (Read) (RestrictedCode)
"datasecu"=hex:ab,f7,d9,5d,8c,c8,21,74,26,2d,5e,50,68,ed,6c,72,4a,00,5f,0f,d3,
   72,52,43,32,86,cd,b0,77,15,7a,e6,7c,91,3a,e0,02,4d,8c,2a,da,2e,30,94,39,6e,\
"rkeysecu"=hex:89,60,8a,ec,50,f9,31,e4,ec,de,98,a8,ed,2b,fe,d3
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
Zeit der Fertigstellung: 2014-07-16  11:46:03
ComboFix-quarantined-files.txt  2014-07-16 09:46
.
Vor Suchlauf: 4.396.916.736 Bytes frei
Nach Suchlauf: 6.596.091.904 Bytes frei
.
- - End Of File - - 4C7F7D6EE6BD6B2C8B450F00BCA25820

--- --- ---
5C616939100B85E558DA92B899A0FC36
ich freue mich scon auf weitere Anweisungen :)

Vielen Dank im Voraus!!

schrauber 16.07.2014 19:22
Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.

Teabone 16.07.2014 22:14
Hallo Schrauber,

erneut vielen Dank für deine Hilfe!!

Einen komischen Fehler gabs und zwar ein CPU-Übertemperaturfehler beim Restart des PC's.
Ging dann aber mit Neustart.

Hier die Logs:

Mbam

Code:
Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 16.07.2014
Suchlauf-Zeit: 22:25:46
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.2.1012
Malware Datenbank: v2014.07.16.08
Rootkit Datenbank: v2014.07.14.01
Lizenz: Testversion
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Self-protection: Deaktiviert

Betriebssystem: Windows Vista
CPU: x86
Dateisystem: NTFS
Benutzer: Cas

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 272262
Verstrichene Zeit: 8 Min, 37 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristics: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 3
PUP.Optional.Babylon.A, HKU\S-1-5-21-1399156017-4130152259-970843329-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}, , [d563f9a7de9de74f1bf9e173c53d38c8],
PUP.Optional.DataMngr.A, HKU\S-1-5-21-1399156017-4130152259-970843329-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\DataMngr_Toolbar, , [8aae217fb5c6cc6af29523d8e61de917],
PUP.Optional.BProtector.A, HKU\S-1-5-21-1399156017-4130152259-970843329-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\bProtectSettings, , [53e5b2ee45368fa74c90e31be51eea16],

Registrierungswerte: 2
PUP.BProtector, HKU\S-1-5-21-1399156017-4130152259-970843329-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|bProtector Start Page, hxxp://search.babylon.com/?affID=109727&tt=4612_8&babsrc=HP_ss&mntrId=e49a2a8e000000000000002215a12c88, , [86b2e7b9bebd0531e0a97a81f80b8e72]
PUP.BProtector, HKU\S-1-5-21-1399156017-4130152259-970843329-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|bProtectorDefaultScope, {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}, , [b484138d3b4084b27d0dee0d966df20e]

Registrierungsdaten: 0
(No malicious items detected)

Ordner: 3
PUP.Optional.LoadTubes, C:\Users\Cas\AppData\Roaming\loadtbs, , [d2669b05ea913600c0f6f5d94cb79868],
PUP.Optional.LoadTubes, C:\Users\Cas\AppData\Roaming\loadtbs\chrome@loadtubes.com, , [d2669b05ea913600c0f6f5d94cb79868],
PUP.Optional.LoadTubes, C:\Users\Cas\AppData\Roaming\loadtbs\html, , [d2669b05ea913600c0f6f5d94cb79868],

Dateien: 55
PUP.LoadTubes, C:\Users\Cas\AppData\Roaming\loadtbs\ytdl.exe, , [4aee653b1764f73f714ecbe13ec23bc5],
PUP.LoadTubes, C:\Program Files\Mozilla Firefox\plugins\npmieze.dll, , [86b2b3ed116a2f07b609e1cb5fa1fa06],
PUP.Optional.OpenCandy, C:\Users\Cas\Downloads\DTLite4454-0314.exe, , [86b2e6ba5229c76fbfc39a2ec63eca36],
PUP.Optional.OpenCandy, C:\Users\Cas\Downloads\winamp563_full_emusic-7plus_all.exe, , [f93fe2bed4a72a0c9fe32e9a8e76f709],
PUP.Optional.Babylon.A, C:\Users\Cas\AppData\Roaming\Mozilla\Firefox\Profiles\8ka7i0u3.default\searchplugins\babylon.xml, , [44f4d7c96912a78fedd27f5b9f630000],
PUP.Optional.BProtector.A, C:\Users\Cas\AppData\Roaming\Mozilla\Firefox\Profiles\8ka7i0u3.default\bprotector_extensions.sqlite, , [f93f3e62f6854ee8efdc5585857de719],
PUP.Optional.BProtector.A, C:\Users\Cas\AppData\Roaming\Mozilla\Firefox\Profiles\8ka7i0u3.default\bprotector_prefs.js, , [56e2f7a9b7c490a6ffcda33761a1c53b],
PUP.Optional.LoadTubes, C:\Users\Cas\AppData\Roaming\loadtbs\keyHash.txt, , [d2669b05ea913600c0f6f5d94cb79868],
PUP.Optional.LoadTubes, C:\Users\Cas\AppData\Roaming\loadtbs\config.txt, , [d2669b05ea913600c0f6f5d94cb79868],
PUP.Optional.LoadTubes, C:\Users\Cas\AppData\Roaming\loadtbs\domHash.txt, , [d2669b05ea913600c0f6f5d94cb79868],
PUP.Optional.LoadTubes, C:\Users\Cas\AppData\Roaming\loadtbs\evHash.txt, , [d2669b05ea913600c0f6f5d94cb79868],
PUP.Optional.LoadTubes, C:\Users\Cas\AppData\Roaming\loadtbs\license.txt, , [d2669b05ea913600c0f6f5d94cb79868],
PUP.Optional.LoadTubes, C:\Users\Cas\AppData\Roaming\loadtbs\updateHash.txt, , [d2669b05ea913600c0f6f5d94cb79868],
PUP.Optional.LoadTubes, C:\Users\Cas\AppData\Roaming\loadtbs\chrome@loadtubes.com\background.html, , [d2669b05ea913600c0f6f5d94cb79868],
PUP.Optional.LoadTubes, C:\Users\Cas\AppData\Roaming\loadtbs\chrome@loadtubes.com\background.js, , [d2669b05ea913600c0f6f5d94cb79868],
PUP.Optional.LoadTubes, C:\Users\Cas\AppData\Roaming\loadtbs\chrome@loadtubes.com\download.js, , [d2669b05ea913600c0f6f5d94cb79868],
PUP.Optional.LoadTubes, C:\Users\Cas\AppData\Roaming\loadtbs\chrome@loadtubes.com\fire.js, , [d2669b05ea913600c0f6f5d94cb79868],
PUP.Optional.LoadTubes, C:\Users\Cas\AppData\Roaming\loadtbs\chrome@loadtubes.com\manifest.json, , [d2669b05ea913600c0f6f5d94cb79868],
PUP.Optional.LoadTubes, C:\Users\Cas\AppData\Roaming\loadtbs\html\dimensions.ini, , [d2669b05ea913600c0f6f5d94cb79868],
PUP.Optional.LoadTubes, C:\Users\Cas\AppData\Roaming\loadtbs\html\install.html, , [d2669b05ea913600c0f6f5d94cb79868],
PUP.Optional.LoadTubes, C:\Users\Cas\AppData\Roaming\loadtbs\html\uninstall.html, , [d2669b05ea913600c0f6f5d94cb79868],
PUP.Optional.LoadTubes, C:\Users\Cas\AppData\Roaming\loadtbs\html\uninstallComplete.html, , [d2669b05ea913600c0f6f5d94cb79868],
PUP.Optional.Babylon.A, C:\Users\Cas\AppData\Roaming\Mozilla\Firefox\Profiles\8ka7i0u3.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar.admin", false);), ,[83b5712f8dee4cead8521cb705ffd62a]
PUP.Optional.Babylon.A, C:\Users\Cas\AppData\Roaming\Mozilla\Firefox\Profiles\8ka7i0u3.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar.aflt", "babsst");), ,[290fc2defd7e25112307686be32103fd]
PUP.Optional.Babylon.A, C:\Users\Cas\AppData\Roaming\Mozilla\Firefox\Profiles\8ka7i0u3.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}");), ,[f048c1df88f37cbadd4d656ee024b14f]
PUP.Optional.Babylon.A, C:\Users\Cas\AppData\Roaming\Mozilla\Firefox\Profiles\8ka7i0u3.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar.dfltLng", "en");), ,[75c3950bf685fd39da50ce059c68e917]
PUP.Optional.Babylon.A, C:\Users\Cas\AppData\Roaming\Mozilla\Firefox\Profiles\8ka7i0u3.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar.excTlbr", false);), ,[4aee1a8663182e081317c31072920bf5]
PUP.Optional.Babylon.A, C:\Users\Cas\AppData\Roaming\Mozilla\Firefox\Profiles\8ka7i0u3.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar.id", "e49a2a8e000000000000002215a12c88");), ,[d068970996e5aa8ce149a42f1fe5dd23]
PUP.Optional.Babylon.A, C:\Users\Cas\AppData\Roaming\Mozilla\Firefox\Profiles\8ka7i0u3.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar.instlDay", "15661");), ,[74c4eab698e32b0bd753efe4c63eed13]
PUP.Optional.Babylon.A, C:\Users\Cas\AppData\Roaming\Mozilla\Firefox\Profiles\8ka7i0u3.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar.instlRef", "sst");), ,[bf79dac61b605bdb19119f346a9a01ff]
PUP.Optional.Babylon.A, C:\Users\Cas\AppData\Roaming\Mozilla\Firefox\Profiles\8ka7i0u3.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");), ,[2414bae69be050e666c408cbd52fc33d]
PUP.Optional.Babylon.A, C:\Users\Cas\AppData\Roaming\Mozilla\Firefox\Profiles\8ka7i0u3.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar.prtnrId", "babylon");), ,[65d3029ebcbf89ad2802e6ed7f8526da]
PUP.Optional.Babylon.A, C:\Users\Cas\AppData\Roaming\Mozilla\Firefox\Profiles\8ka7i0u3.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar.tlbrId", "base");), ,[b583c2deaad157df9397379cdf256c94]
PUP.Optional.Babylon.A, C:\Users\Cas\AppData\Roaming\Mozilla\Firefox\Profiles\8ka7i0u3.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://search.babylon.com/?babsrc=TB_def&mntrId=e49a2a8e000000000000002215a12c88&q=");), ,[d8601f8198e389ad55d5d5fe48bc43bd]
PUP.Optional.Babylon.A, C:\Users\Cas\AppData\Roaming\Mozilla\Firefox\Profiles\8ka7i0u3.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar.vrsn", "1.8.3.8");), ,[5eda9f010279b1859397ba19ce36966a]
PUP.Optional.Babylon.A, C:\Users\Cas\AppData\Roaming\Mozilla\Firefox\Profiles\8ka7i0u3.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar.vrsni", "1.8.3.8");), ,[102889172c4ffb3b8aa08d4628dcb848]
PUP.Optional.Babylon.A, C:\Users\Cas\AppData\Roaming\Mozilla\Firefox\Profiles\8ka7i0u3.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar_i.smplGrp", "none");), ,[44f45e426a119b9bca601fb4be46c040]
PUP.Optional.Babylon.A, C:\Users\Cas\AppData\Roaming\Mozilla\Firefox\Profiles\8ka7i0u3.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.8.3.811:08:14");), ,[94a4227ebac13cfa5cce399aca3aa45c]
PUP.Optional.Babylon.A, C:\Users\Cas\AppData\Roaming\Mozilla\Firefox\Profiles\8ka7i0u3.default\prefs.js, Gut: (), Schlecht: (user_pref("browser.startup.homepage", "hxxp://search.babylon.com/?affID=109727&tt=4612_8&babsrc=HP_ss&mntrId=e49a2a8e000000000000002215a12c88");), ,[1820168ab8c3c5717bc0ce0510f4e11f]
PUP.Optional.Babylon.A, C:\Users\Cas\AppData\Roaming\Mozilla\Firefox\Profiles\8ka7i0u3.default\user.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://search.babylon.com/?babsrc=TB_def&mntrId=e49a2a8e000000000000002215a12c88&q=");), ,[0b2ddec2df9c68ceb0fc59791fe58080]
PUP.Optional.Babylon.A, C:\Users\Cas\AppData\Roaming\Mozilla\Firefox\Profiles\8ka7i0u3.default\user.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar.id", "e49a2a8e000000000000002215a12c88");), ,[58e07c24770489adaefef4de867e28d8]
PUP.Optional.Babylon.A, C:\Users\Cas\AppData\Roaming\Mozilla\Firefox\Profiles\8ka7i0u3.default\user.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}");), ,[4aeeeab61d5e80b6baf2f5ddf90be020]
PUP.Optional.Babylon.A, C:\Users\Cas\AppData\Roaming\Mozilla\Firefox\Profiles\8ka7i0u3.default\user.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar.instlDay", "15661");), ,[073199072754dc5ab6f6587a2cd8ae52]
PUP.Optional.Babylon.A, C:\Users\Cas\AppData\Roaming\Mozilla\Firefox\Profiles\8ka7i0u3.default\user.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar.vrsn", "1.8.3.8");), ,[f93f059b4e2ded497933ae2408fc669a]
PUP.Optional.Babylon.A, C:\Users\Cas\AppData\Roaming\Mozilla\Firefox\Profiles\8ka7i0u3.default\user.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar.vrsni", "1.8.3.8");), ,[8badc1df4239ee485c50d2008282fe02]
PUP.Optional.Babylon.A, C:\Users\Cas\AppData\Roaming\Mozilla\Firefox\Profiles\8ka7i0u3.default\user.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.8.3.811:08:14");), ,[da5ecdd3d3a8a3931d8f50827c88728e]
PUP.Optional.Babylon.A, C:\Users\Cas\AppData\Roaming\Mozilla\Firefox\Profiles\8ka7i0u3.default\user.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar.prtnrId", "babylon");), ,[0c2cfda3166577bfb3f9d9f951b3718f]
PUP.Optional.Babylon.A, C:\Users\Cas\AppData\Roaming\Mozilla\Firefox\Profiles\8ka7i0u3.default\user.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");), ,[1226fba5bbc0c96dddcf11c1976db848]
PUP.Optional.Babylon.A, C:\Users\Cas\AppData\Roaming\Mozilla\Firefox\Profiles\8ka7i0u3.default\user.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar.aflt", "babsst");), ,[3800faa6d1aab08619939b37b54f639d]
PUP.Optional.Babylon.A, C:\Users\Cas\AppData\Roaming\Mozilla\Firefox\Profiles\8ka7i0u3.default\user.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar_i.smplGrp", "none");), ,[48f0f8a81c5f57dfbaf202d00afa06fa]
PUP.Optional.Babylon.A, C:\Users\Cas\AppData\Roaming\Mozilla\Firefox\Profiles\8ka7i0u3.default\user.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar.tlbrId", "base");), ,[c771c1df4e2d73c300ac646ef113f907]
PUP.Optional.Babylon.A, C:\Users\Cas\AppData\Roaming\Mozilla\Firefox\Profiles\8ka7i0u3.default\user.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar.instlRef", "sst");), ,[1b1d3d63c4b7b18586262ca6a262748c]
PUP.Optional.Babylon.A, C:\Users\Cas\AppData\Roaming\Mozilla\Firefox\Profiles\8ka7i0u3.default\user.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar.dfltLng", "en");), ,[80b8fea22457ba7cbeee4e84e51fc937]
PUP.Optional.Babylon.A, C:\Users\Cas\AppData\Roaming\Mozilla\Firefox\Profiles\8ka7i0u3.default\user.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar.excTlbr", false);), ,[67d12d730b7062d4109cc80a55af5da3]
PUP.Optional.Babylon.A, C:\Users\Cas\AppData\Roaming\Mozilla\Firefox\Profiles\8ka7i0u3.default\user.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar.admin", false);), ,[f048eab6c1babc7a9715a82aaa5ac63a]

Physische Sektoren: 0
(No malicious items detected)


(end)
AdwCleaner
AdwCleaner Logfile:
Code:
# AdwCleaner v3.215 - Bericht erstellt am 16/07/2014 um 22:38:40
# Aktualisiert 09/07/2014 von Xplode
# Betriebssystem : Windows Vista (TM) Ultimate  (32 bits)
# Benutzername : Cas - CAS-PC
# Gestartet von : C:\Users\Cas\Desktop\adwcleaner_3.215.exe
# Option : Suchen

***** [ Dienste ] *****

Dienst Gefunden : SearchAnonymizer

***** [ Dateien / Ordner ] *****

Datei Gefunden : C:\Users\Cas\AppData\Roaming\Mozilla\Firefox\Profiles\8ka7i0u3.default\Extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi
Datei Gefunden : C:\Users\Cas\AppData\Roaming\Mozilla\Firefox\Profiles\8ka7i0u3.default\foxydeal.sqlite
Datei Gefunden : C:\Users\Cas\AppData\Roaming\Mozilla\Firefox\Profiles\8ka7i0u3.default\invalidprefs.js
Datei Gefunden : C:\Users\Cas\AppData\Roaming\Mozilla\Firefox\Profiles\8ka7i0u3.default\searchplugins\11-suche.xml
Datei Gefunden : C:\Users\Cas\AppData\Roaming\Mozilla\Firefox\Profiles\8ka7i0u3.default\user.js
Ordner Gefunden : C:\ProgramData\Babylon
Ordner Gefunden : C:\Users\Cas\AppData\Roaming\Babylon
Ordner Gefunden : C:\Users\Cas\AppData\Roaming\DesktopIconForAmazon
Ordner Gefunden : C:\Users\Cas\AppData\Roaming\loadtbs
Ordner Gefunden : C:\Users\Cas\AppData\Roaming\Mozilla\Firefox\Profiles\8ka7i0u3.default\Extensions\firejump@firejump.net
Ordner Gefunden : C:\Users\Cas\AppData\Roaming\OCS
Ordner Gefunden : C:\Users\Cas\AppData\Roaming\pdfforge

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gefunden : HKCU\Software\e2d788b66de414
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{D85FFE92-BF14-4E9B-BCCD-E5C16069E65F}_is1
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\loadtbs-3.0
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SearchAnonymizer
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DFEFCDEE-CF1A-4FC8-88AD-129872198372}
Schlüssel Gefunden : HKCU\Software\OCS
Schlüssel Gefunden : HKCU\Software\YahooPartnerToolbar
Schlüssel Gefunden : HKLM\Software\Babylon
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{00B11DA2-75ED-4364-ABA5-9A95B1F5E946}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{DFEFCDEE-CF1A-4FC8-88AD-129872198372}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gefunden : HKLM\SOFTWARE\e2d788b66de414
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D85FFE92-BF14-4E9B-BCCD-E5C16069E65F}_is1
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchAnonymizer
Wert Gefunden : HKCU\Software\Mozilla\Firefox\Extensions [firejump@firejump.net]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs [bProtectTabs]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{25A3A431-30BB-47C8-AD6A-E1063801134F}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49DD-99D7-DC866BE87DBC}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Ocs_SM]

***** [ Browser ] *****

-\\ Internet Explorer v7.0.6000.16982

Einstellung Gefunden : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://search.babylon.com/?affID=109727&tt=4612_8&babsrc=HP_ss&mntrId=e49a2a8e000000000000002215a12c88

-\\ Mozilla Firefox v30.0 (de)

[ Datei : C:\Users\Cas\AppData\Roaming\Mozilla\Firefox\Profiles\8ka7i0u3.default\prefs.js ]

Zeile gefunden : user_pref("extensions.ntk.HISTORY", "[{\"title\":\"Babylon Search\",\"icon\":{\"spec\":\"moz-anno:favicon:hxxp://search.babylon.com/favicon.ico\"},\"uri\":\"hxxp://search.babylon.com/?affID=109727&tt=[...]
Zeile gefunden : user_pref("extensions.ntk.blacklist", "hxxp://gmail.com;hxxp://search.babylon.com/?affID=109727&tt=4612_8&babsrc=HP_ss&mntrId=e49a2a8e000000000000002215a12c88");
Zeile gefunden : user_pref("extensions.ntk.feedStore", "{\"URLtoFeedCount\":15,\"FeedStoriesCount\":4,\"data\":[{\"uri\":\"hxxp://search.babylon.com/%3FaffID=109727%26tt=4612_8%26babsrc=HP_ss%26mntrId=e49a2a8e00000000[...]
Zeile gefunden : user_pref("extensions.ntk.thumbsUrls", "hxxp://search.babylon.com/?affID=109727&tt=4612_8&babsrc=HP_ss&mntrId=e49a2a8e000000000000002215a12c88;hxxp://www.spiegel.de/;hxxps://web.de/;hxxps://www.facebo[...]

*************************

AdwCleaner[R0].txt - [5008 octets] - [16/07/2014 22:38:40]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [5068 octets] ##########
--- --- ---

[/CODE]

JRT

Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.3 (03.23.2014:1)
OS: Windows Vista (TM) Ultimate x86
Ran by Cas on 16.07.2014 at 22:57:38,39
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values




~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\yahoopartnertoolbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1399156017-4130152259-970843329-1000\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\babylon
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\prod.cap
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\searchanonymizer
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{d85ffe92-bf14-4e9b-bccd-e5c16069e65f}_is1



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\babylon"
Successfully deleted: [Folder] "C:\Users\Cas\AppData\Roaming\babylon"
Successfully deleted: [Folder] "C:\Users\Cas\AppData\Roaming\pdfforge"



~~~ FireFox

Successfully deleted: [File] C:\Users\Cas\AppData\Roaming\mozilla\firefox\profiles\8ka7i0u3.default\user.js
Successfully deleted: [File] C:\Users\Cas\AppData\Roaming\mozilla\firefox\profiles\8ka7i0u3.default\invalidprefs.js
Successfully deleted: [Folder] C:\Users\Cas\AppData\Roaming\mozilla\firefox\profiles\8ka7i0u3.default\extensions\staged
Successfully deleted: [Folder] C:\Users\Cas\AppData\Roaming\mozilla\firefox\profiles\8ka7i0u3.default\extensions\toolbar@web.de
Successfully deleted the following from C:\Users\Cas\AppData\Roaming\mozilla\firefox\profiles\8ka7i0u3.default\prefs.js

user_pref("browser.startup.homepage", "hxxp://search.babylon.com/?affID=109727&tt=4612_8&babsrc=HP_ss&mntrId=e49a2a8e000000000000002215a12c88");
user_pref("extensions.BabylonToolbar.admin", false);
user_pref("extensions.BabylonToolbar.aflt", "babsst");
user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}");
user_pref("extensions.BabylonToolbar.dfltLng", "en");
user_pref("extensions.BabylonToolbar.excTlbr", false);
user_pref("extensions.BabylonToolbar.id", "e49a2a8e000000000000002215a12c88");
user_pref("extensions.BabylonToolbar.instlDay", "15661");
user_pref("extensions.BabylonToolbar.instlRef", "sst");
user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
user_pref("extensions.BabylonToolbar.tlbrId", "base");
user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://search.babylon.com/?babsrc=TB_def&mntrId=e49a2a8e000000000000002215a12c88&q=");
user_pref("extensions.BabylonToolbar.vrsn", "1.8.3.8");
user_pref("extensions.BabylonToolbar.vrsni", "1.8.3.8");
user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.8.3.811:08:14");
user_pref("extensions.ntk.HISTORY", "[{\"title\":\"Babylon Search\",\"icon\":{\"spec\":\"moz-anno:favicon:hxxp://search.babylon.com/favicon.ico\"},\"uri\":\"hxxp://search.baby
user_pref("extensions.ntk.blacklist", "hxxp://gmail.com;hxxp://search.babylon.com/?affID=109727&tt=4612_8&babsrc=HP_ss&mntrId=e49a2a8e000000000000002215a12c88");
user_pref("extensions.ntk.feedStore", "{\"URLtoFeedCount\":15,\"FeedStoriesCount\":4,\"data\":[{\"uri\":\"hxxp://search.babylon.com/%3FaffID=109727%26tt=4612_8%26babsrc=HP_ss%
user_pref("extensions.ntk.thumbsUrls", "hxxp://search.babylon.com/?affID=109727&tt=4612_8&babsrc=HP_ss&mntrId=e49a2a8e000000000000002215a12c88;hxxp://www.spiegel.de/;hxxps://w
Emptied folder: C:\Users\Cas\AppData\Roaming\mozilla\firefox\profiles\8ka7i0u3.default\minidumps [160 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 16.07.2014 at 23:04:32,79
Computer was rebooted
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST


FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:15-07-2014 01
Ran by Cas (administrator) on CAS-PC on 16-07-2014 23:05:19
Running from C:\Users\Cas\Desktop
Platform: Microsoft® Windows Vista™ Ultimate  (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 7
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(AMD) C:\Windows\System32\atiesrxx.exe
(Microsoft Corporation) C:\Windows\System32\audiodg.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Cisco Systems, Inc.) C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(pdfforge GmbH) C:\Program Files\PDF Architect\HelperService.exe
(pdfforge GmbH) C:\Program Files\PDF Architect\ConversionService.exe
() C:\Windows\System32\PSIService.exe
() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
() C:\Users\Cas\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\tv_w32.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Nullsoft, Inc.) C:\Program Files\Winamp\winampa.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\Update\realsched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Cisco Systems, Inc.) C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Spotify Ltd) C:\Users\Cas\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Spotify Ltd) C:\Users\Cas\AppData\Roaming\Spotify\spotify.exe
(Dropbox, Inc.) C:\Users\Cas\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(MAGIX AG) C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
() C:\Users\Cas\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Cas\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Cas\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Cas\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\ipmgui.exe
() C:\Users\Cas\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [946352 2012-12-03] (Adobe Systems Incorporated)
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [343168 2011-10-12] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [WinampAgent] => C:\Program Files\Winamp\winampa.exe [74752 2012-06-20] (Nullsoft, Inc.)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [1603152 2007-04-03] (CANON INC.)
HKLM\...\Run: [TrayServer] => C:\Program Files\MAGIX\Video_deluxe_MX_Plus_Sonderedition\TrayServer_de.exe [90112 2008-08-07] (MAGIX AG)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
HKLM\...\Run: [Ocs_SM] => C:\Users\Cas\AppData\Roaming\OCS\SM\SearchAnonymizer.exe [106496 2012-11-17] (OCS)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM\...\Run: [TkBellExe] => C:\Program Files\Real\RealPlayer\Update\realsched.exe [295512 2013-03-21] (RealNetworks, Inc.)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [345144 2013-07-29] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [703888 2013-06-19] (Cisco Systems, Inc.)
HKLM\...\Run: [Avira Systray] => C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe [189520 2014-07-07] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM\...\Run: [MRT] => C:\Windows\system32\MRT.exe [93585272 2014-06-26] (Microsoft Corporation)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4086432 2014-07-16] (AVAST Software)
HKU\S-1-5-21-1399156017-4130152259-970843329-1000\...\Run: [Steam] => D:\Programme\Steam\steam.exe [1753280 2014-07-12] (Valve Corporation)
HKU\S-1-5-21-1399156017-4130152259-970843329-1000\...\Run: [Spotify Web Helper] => C:\Users\Cas\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1178168 2014-07-16] (Spotify Ltd)
HKU\S-1-5-21-1399156017-4130152259-970843329-1000\...\Run: [Spotify] => C:\Users\Cas\AppData\Roaming\Spotify\spotify.exe [6162488 2014-07-16] (Spotify Ltd)
HKU\S-1-5-21-1399156017-4130152259-970843329-1000\...\Run: [DAEMON Tools Lite] => D:\Programme\DAEMON Tools Lite\DTLite.exe [3672384 2012-04-11] (DT Soft Ltd)
Startup: C:\Users\Cas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Cas\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search
SearchScopes: HKCU - DefaultScope {0633ee93-d776-472f-a0ff-e1416b8b2e3a} URL = hxxp://www.bing.com/search
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search
SearchScopes: HKCU - {8B9C785E-E8BC-44E4-84A2-75445A337DE0} URL = hxxp://www.amazon.de.anonymize-me.de/?to=616D617A6F6E2E6465&st={searchTerms}&clid=2b1589ca-6f97-451f-8387-9d9cadf50515&pid=fotofreeware&mode=bounce&k=0
SearchScopes: HKCU - {8C13D732-90BE-4CE9-9F57-E927CE15A13D} URL = hxxp://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=2b1589ca-6f97-451f-8387-9d9cadf50515&pid=fotofreeware&mode=bounce&k=0
SearchScopes: HKCU - {99BE2E78-9F23-4B08-805A-949F9DAEBD33} URL = hxxp://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=2b1589ca-6f97-451f-8387-9d9cadf50515&pid=fotofreeware&mode=bounce&k=0
SearchScopes: HKCU - {A1170089-D498-429F-9992-91C1AD86ED9D} URL = hxxp://search.ebay.de.anonymize-me.de/?to=656261792E6465&st={searchTerms}&clid=2b1589ca-6f97-451f-8387-9d9cadf50515&pid=fotofreeware&mode=bounce&k=0
SearchScopes: HKCU - {B84E8222-9DC4-4CF0-AB73-9013E1247EA8} URL = hxxp://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=2b1589ca-6f97-451f-8387-9d9cadf50515&pid=fotofreeware&mode=bounce&k=0
SearchScopes: HKCU - {FA422BE7-39E3-4096-AE5D-A6015A9DDD23} URL = hxxp://de.wikipedia.org.anonymize-me.de/?to=64652E77696B6970656469612E6F7267&st={searchTerms}&clid=2b1589ca-6f97-451f-8387-9d9cadf50515&pid=fotofreeware&mode=bounce&k=0
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO: PDF Architect Helper -> {3A2D5EBA-F86D-4BD3-A177-019765996711} -> C:\Program Files\PDF Architect\PDFIEHelper.dll (pdfforge GmbH)
BHO: SwissAcademic.Citavi.Picker.IEPicker -> {609D670F-B735-4da7-AC6D-F3BD358E325E} -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - PDF Architect Toolbar - {25A3A431-30BB-47C8-AD6A-E1063801134F} - C:\Program Files\PDF Architect\PDFIEPlugin.dll (pdfforge GmbH)
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Winsock: Catalog9 01 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 02 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 03 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 04 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 05 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 06 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 07 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 08 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 19 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Cas\AppData\Roaming\Mozilla\Firefox\Profiles\8ka7i0u3.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin: @java.com/DTPlugin,version=10.15.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.15.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=16.0.1.18 - C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=16.0.1.18 - C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin: @videolan.org/vlc,version=2.0.3 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpplugin.dll (RealPlayer)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.)
FF SearchPlugin: C:\Users\Cas\AppData\Roaming\Mozilla\Firefox\Profiles\8ka7i0u3.default\searchplugins\11-suche.xml
FF SearchPlugin: C:\Users\Cas\AppData\Roaming\Mozilla\Firefox\Profiles\8ka7i0u3.default\searchplugins\duckduckgo.xml
FF SearchPlugin: C:\Users\Cas\AppData\Roaming\Mozilla\Firefox\Profiles\8ka7i0u3.default\searchplugins\englische-ergebnisse.xml
FF SearchPlugin: C:\Users\Cas\AppData\Roaming\Mozilla\Firefox\Profiles\8ka7i0u3.default\searchplugins\firefox-add-ons.xml
FF SearchPlugin: C:\Users\Cas\AppData\Roaming\Mozilla\Firefox\Profiles\8ka7i0u3.default\searchplugins\gmx-suche.xml
FF SearchPlugin: C:\Users\Cas\AppData\Roaming\Mozilla\Firefox\Profiles\8ka7i0u3.default\searchplugins\lastminute.xml
FF SearchPlugin: C:\Users\Cas\AppData\Roaming\Mozilla\Firefox\Profiles\8ka7i0u3.default\searchplugins\webde-suche.xml
FF SearchPlugin: C:\Users\Cas\AppData\Roaming\Mozilla\Firefox\Profiles\8ka7i0u3.default\searchplugins\{8183CA04-D4D3-4322-9980-6E4BC4CC809E}.xml
FF SearchPlugin: C:\Users\Cas\AppData\Roaming\Mozilla\Firefox\Profiles\8ka7i0u3.default\searchplugins\{94701381-8CAB-4F73-9A01-6CD89B94FB6F}.xml
FF SearchPlugin: C:\Users\Cas\AppData\Roaming\Mozilla\Firefox\Profiles\8ka7i0u3.default\searchplugins\{9AE7E708-1DC8-4294-81E4-AD0BECFC4EF0}.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Preispilot - C:\Users\Cas\AppData\Roaming\Mozilla\Firefox\Profiles\8ka7i0u3.default\Extensions\extension@preispilot.com [2012-11-18]
FF Extension: FireJump - C:\Users\Cas\AppData\Roaming\Mozilla\Firefox\Profiles\8ka7i0u3.default\Extensions\firejump@firejump.net [2012-11-17]
FF Extension: Google Search by Image - C:\Users\Cas\AppData\Roaming\Mozilla\Firefox\Profiles\8ka7i0u3.default\Extensions\google@hitachi.com [2013-01-05]
FF Extension: ProxTube - Unblock YouTube - C:\Users\Cas\AppData\Roaming\Mozilla\Firefox\Profiles\8ka7i0u3.default\Extensions\ich@maltegoetz.de [2014-07-16]
FF Extension: Go To Google - C:\Users\Cas\AppData\Roaming\Mozilla\Firefox\Profiles\8ka7i0u3.default\Extensions\{BCC877E7-7F3F-4632-8338-DAEE4475DE35} [2013-01-01]
FF Extension: Easy YouTube Video Downloader - C:\Users\Cas\AppData\Roaming\Mozilla\Firefox\Profiles\8ka7i0u3.default\Extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b} [2013-08-03]
FF Extension: Adblock Plus - C:\Users\Cas\AppData\Roaming\Mozilla\Firefox\Profiles\8ka7i0u3.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2014-07-09]
FF Extension: New Tab King - C:\Users\Cas\AppData\Roaming\Mozilla\Firefox\Profiles\8ka7i0u3.default\Extensions\{FC5BAC7D-D696-4ba6-B913-CF8F000C33DF} [2014-07-16]
FF Extension: Preispilot - C:\Users\Cas\AppData\Roaming\Mozilla\Firefox\Profiles\8ka7i0u3.default\Extensions\extension@preispilot.com.xpi [2012-11-18]
FF Extension: Google Search by Image - C:\Users\Cas\AppData\Roaming\Mozilla\Firefox\Profiles\8ka7i0u3.default\Extensions\google@hitachi.com.xpi [2013-01-05]
FF Extension: All-in-One Sidebar - C:\Users\Cas\AppData\Roaming\Mozilla\Firefox\Profiles\8ka7i0u3.default\Extensions\{097d3191-e6fa-4728-9826-b533d755359d}.xpi [2012-09-23]
FF Extension: NoScript - C:\Users\Cas\AppData\Roaming\Mozilla\Firefox\Profiles\8ka7i0u3.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2013-04-16]
FF Extension: Go To Google - C:\Users\Cas\AppData\Roaming\Mozilla\Firefox\Profiles\8ka7i0u3.default\Extensions\{BCC877E7-7F3F-4632-8338-DAEE4475DE35}.xpi [2013-01-01]
FF Extension: Easy YouTube Video Downloader - C:\Users\Cas\AppData\Roaming\Mozilla\Firefox\Profiles\8ka7i0u3.default\Extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi [2013-03-23]
FF Extension: Adblock Plus - C:\Users\Cas\AppData\Roaming\Mozilla\Firefox\Profiles\8ka7i0u3.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-02-14]
FF Extension: DownThemAll! - C:\Users\Cas\AppData\Roaming\Mozilla\Firefox\Profiles\8ka7i0u3.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2012-09-23]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2012-09-19]
FF HKLM\...\Firefox\Extensions: [{8AA36F4F-6DC7-4c06-77AF-5035170634FE}] - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox
FF Extension: Citavi Picker - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2012-09-26]
FF HKLM\...\Firefox\Extensions: [{DAC3F861-B30D-40dd-9166-F4E75327FAC7}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-03-21]
FF HKLM\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files\PDF Architect\FFPDFArchitectExt [2013-05-07]
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKCU\...\Firefox\Extensions: [extension@preispilot.com] - C:\Users\Cas\AppData\Roaming\Mozilla\Firefox\Profiles\8ka7i0u3.default\extensions\extension@preispilot.com
FF HKCU\...\Firefox\Extensions: [firejump@firejump.net] - C:\Users\Cas\AppData\Roaming\Mozilla\Firefox\Profiles\8ka7i0u3.default\extensions\firejump@firejump.net

========================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [84024 2013-07-29] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [108088 2013-07-29] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [589368 2013-07-29] (Avira Operations GmbH & Co. KG)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-07-16] (AVAST Software)
R2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [141392 2014-07-07] (Avira Operations GmbH & Co. KG)
R2 Fabs; C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe [1840128 2011-05-24] (MAGIX AG) [File not signed]
S3 FirebirdServerMAGIXInstance; C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe [2702848 2011-04-26] (MAGIX®) [File not signed]
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 PDF Architect Helper Service; C:\Program Files\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
R2 PDF Architect Service; C:\Program Files\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
R2 ProtexisLicensing; C:\Windows\system32\PSIService.exe [174656 2006-11-02] () [File not signed]
R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-03-06] ()
R2 SearchAnonymizer; C:\Users\Cas\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe [40960 2012-11-17] () [File not signed]
R2 vpnagent; C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [557968 2013-06-19] (Cisco Systems, Inc.)

==================== Drivers (Whitelisted) ====================

S3 acsint; C:\Windows\System32\DRIVERS\acsint.sys [39888 2013-06-19] (Cisco Systems, Inc.)
S3 acsmux; C:\Windows\System32\DRIVERS\acsmux.sys [58320 2013-06-19] (Cisco Systems, Inc.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-07-16] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-07-16] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [55112 2014-07-16] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-07-16] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [779536 2014-07-16] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [414520 2014-07-16] (AVAST Software)
R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [57800 2014-07-16] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [192352 2014-07-16] ()
R3 AtiHDAudioService; C:\Windows\System32\drivers\AtihdLH3.sys [75776 2013-01-15] (Advanced Micro Devices)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [84744 2013-07-29] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135136 2013-07-29] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-07-29] (Avira Operations GmbH & Co. KG)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [242240 2012-09-23] (DT Soft Ltd)
S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [14216 2011-07-29] () [File not signed]
S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [8456 2011-07-29] () [File not signed]
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [110296 2014-07-16] (Malwarebytes Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [5810 2004-08-13] ()
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [16472 2010-04-09] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [11104 2010-04-09] ()
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-07-29] (Avira GmbH)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 catchme; \??\C:\Users\Cas\AppData\Local\Temp\catchme.sys [X]
S3 HTCAND32; System32\Drivers\ANDROIDUSB.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S1 xuxibnch; \??\C:\Windows\system32\drivers\xuxibnch.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-07-16 23:04 - 2014-07-16 23:04 - 00004556 _____ () C:\Users\Cas\Desktop\JRT.txt
2014-07-16 22:52 - 2014-07-16 22:52 - 00000000 ____D () C:\Windows\ERUNT
2014-07-16 22:51 - 2014-07-16 22:51 - 01016261 _____ (Thisisu) C:\Users\Cas\Desktop\JRT.exe
2014-07-16 22:50 - 2014-07-16 22:39 - 00005148 _____ () C:\Users\Cas\Desktop\AdwCleaner[R0].txt
2014-07-16 22:38 - 2014-07-16 22:39 - 00000000 ____D () C:\AdwCleaner
2014-07-16 22:37 - 2014-07-16 22:37 - 01348263 _____ () C:\Users\Cas\Desktop\adwcleaner_3.215.exe
2014-07-16 22:36 - 2014-07-16 22:36 - 00013014 _____ () C:\Users\Cas\Desktop\mbam.txt
2014-07-16 22:24 - 2014-07-16 23:00 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-16 22:24 - 2014-07-16 22:24 - 00000905 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-16 22:24 - 2014-07-16 22:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-16 22:24 - 2014-07-16 22:24 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-16 22:24 - 2014-07-16 22:24 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-07-16 22:24 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-07-16 22:24 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-07-16 22:24 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-07-16 22:23 - 2014-07-16 22:23 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Cas\Desktop\mbam-setup-2.0.2.1012.exe
2014-07-16 18:56 - 2007-01-04 12:02 - 00663552 _____ (MAGIX AG) C:\Windows\system32\mgxoschk.dll
2014-07-16 11:46 - 2014-07-16 11:46 - 00013619 _____ () C:\ComboFix.txt
2014-07-16 11:35 - 2014-07-16 11:46 - 00000000 ____D () C:\Qoobox
2014-07-16 11:35 - 2014-07-16 11:46 - 00000000 ____D () C:\ComboFix
2014-07-16 11:35 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-07-16 11:35 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-07-16 11:35 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-07-16 11:35 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-07-16 11:35 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-07-16 11:35 - 2000-08-31 02:00 - 00212480 _____ (SteelWerX) C:\Windows\SWXCACLS.exe
2014-07-16 11:35 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-07-16 11:35 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-07-16 11:35 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-07-16 11:34 - 2014-07-16 11:44 - 00000000 ____D () C:\Windows\erdnt
2014-07-16 11:29 - 2014-07-16 11:29 - 00139816 _____ () C:\Windows\Minidump\Mini071614-01.dmp
2014-07-16 11:19 - 2014-07-16 11:19 - 05221615 ____R (Swearware) C:\Users\Cas\Desktop\ComboFix.exe
2014-07-16 10:45 - 2014-07-16 10:45 - 00016413 _____ () C:\Users\Cas\Desktop\Gmer.txt
2014-07-16 10:30 - 2014-07-16 10:30 - 00380416 _____ () C:\Users\Cas\Desktop\Gmer-19357.exe
2014-07-16 10:29 - 2014-07-16 23:05 - 00025784 _____ () C:\Users\Cas\Desktop\FRST.txt
2014-07-16 10:28 - 2014-07-16 23:05 - 00000000 ____D () C:\FRST
2014-07-16 10:28 - 2014-07-16 10:28 - 01077248 _____ (Farbar) C:\Users\Cas\Desktop\FRST.exe
2014-07-16 10:26 - 2014-07-16 10:26 - 00050477 _____ () C:\Users\Cas\Desktop\Defogger.exe
2014-07-16 09:12 - 2014-07-16 09:12 - 00414520 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-07-16 09:12 - 2014-07-16 09:12 - 00001879 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-07-16 09:12 - 2014-07-16 09:12 - 00000000 ____D () C:\Users\Cas\AppData\Roaming\AVAST Software
2014-07-16 09:12 - 2014-07-16 09:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-07-16 09:12 - 2014-07-16 09:11 - 00779536 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-07-16 09:12 - 2014-07-16 09:11 - 00276432 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-07-16 09:12 - 2014-07-16 09:11 - 00192352 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-07-16 09:12 - 2014-07-16 09:11 - 00067824 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-07-16 09:12 - 2014-07-16 09:11 - 00057800 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2014-07-16 09:12 - 2014-07-16 09:11 - 00055112 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr.sys
2014-07-16 09:12 - 2014-07-16 09:11 - 00049944 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-07-16 09:12 - 2014-07-16 09:11 - 00024184 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-07-16 09:11 - 2014-07-16 09:11 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-07-16 09:11 - 2014-07-16 09:11 - 00000000 ____D () C:\Program Files\AVAST Software
2014-07-16 09:09 - 2014-07-16 09:11 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-07-16 09:08 - 2014-07-16 09:09 - 91906368 _____ (AVAST Software) C:\Users\Cas\Downloads\avast_free_antivirus_setup_9_0_2021.exe
2014-07-09 13:16 - 2014-07-09 13:16 - 00000000 ____D () C:\Users\Cas\AppData\Local\Apple Computer
2014-07-09 13:13 - 2014-07-16 08:33 - 00000000 ____D () C:\Users\Cas\AppData\Roaming\Apple Computer
2014-07-09 11:44 - 2014-07-09 11:45 - 00000000 ____D () C:\Program Files\QuickTime
2014-07-09 11:44 - 2014-07-09 11:44 - 00001732 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk
2014-07-09 11:44 - 2014-07-09 11:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2014-07-09 11:44 - 2014-07-09 11:44 - 00000000 ____D () C:\ProgramData\Apple Computer
2014-07-09 11:43 - 2014-07-09 11:43 - 00001830 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2014-07-09 11:43 - 2014-07-09 11:43 - 00000000 ____D () C:\Users\Cas\AppData\Local\Apple
2014-07-09 11:43 - 2014-07-09 11:43 - 00000000 ____D () C:\ProgramData\Apple
2014-07-09 11:43 - 2014-07-09 11:43 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-07-09 11:43 - 2014-07-09 11:43 - 00000000 ____D () C:\Program Files\Apple Software Update
2014-07-09 11:35 - 2014-07-09 11:36 - 41945432 _____ (Apple Inc.) C:\Users\Cas\Downloads\QuickTimeInstaller.exe
2014-07-09 10:47 - 2014-07-09 10:47 - 00001008 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-07-09 10:47 - 2014-07-09 10:47 - 00000000 ____D () C:\ProgramData\Package Cache
2014-07-09 10:46 - 2014-07-09 10:46 - 04621032 _____ (Avira Operations GmbH & Co. KG) C:\Users\Cas\Downloads\avira_de_av_4082828851__ws.exe
2014-07-09 10:40 - 2014-07-16 22:59 - 00000000 ____D () C:\Users\Cas\AppData\Roaming\DropboxMaster

==================== One Month Modified Files and Folders =======

2014-07-16 23:05 - 2014-07-16 10:29 - 00025784 _____ () C:\Users\Cas\Desktop\FRST.txt
2014-07-16 23:05 - 2014-07-16 10:28 - 00000000 ____D () C:\FRST
2014-07-16 23:04 - 2014-07-16 23:04 - 00004556 _____ () C:\Users\Cas\Desktop\JRT.txt
2014-07-16 23:02 - 2006-11-02 12:33 - 01461736 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-16 23:00 - 2014-07-16 22:24 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-16 23:00 - 2006-11-02 14:51 - 01235118 _____ () C:\Windows\WindowsUpdate.log
2014-07-16 22:59 - 2014-07-09 10:40 - 00000000 ____D () C:\Users\Cas\AppData\Roaming\DropboxMaster
2014-07-16 22:59 - 2012-11-04 18:36 - 00000000 ____D () C:\Users\Cas\AppData\Roaming\Dropbox
2014-07-16 22:58 - 2012-11-03 17:59 - 00000000 ____D () C:\Users\Cas\AppData\Roaming\Spotify
2014-07-16 22:56 - 2006-11-02 15:00 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-16 22:55 - 2006-11-02 14:59 - 00039560 _____ () C:\Windows\PFRO.log
2014-07-16 22:55 - 2006-11-02 14:46 - 00003936 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-16 22:55 - 2006-11-02 14:46 - 00003936 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-16 22:53 - 2006-11-02 15:00 - 00032606 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-07-16 22:52 - 2014-07-16 22:52 - 00000000 ____D () C:\Windows\ERUNT
2014-07-16 22:51 - 2014-07-16 22:51 - 01016261 _____ (Thisisu) C:\Users\Cas\Desktop\JRT.exe
2014-07-16 22:50 - 2013-04-17 18:12 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-16 22:46 - 2012-11-03 17:59 - 00000000 ____D () C:\Users\Cas\AppData\Local\Spotify
2014-07-16 22:39 - 2014-07-16 22:50 - 00005148 _____ () C:\Users\Cas\Desktop\AdwCleaner[R0].txt
2014-07-16 22:39 - 2014-07-16 22:38 - 00000000 ____D () C:\AdwCleaner
2014-07-16 22:39 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\Resources
2014-07-16 22:37 - 2014-07-16 22:37 - 01348263 _____ () C:\Users\Cas\Desktop\adwcleaner_3.215.exe
2014-07-16 22:36 - 2014-07-16 22:36 - 00013014 _____ () C:\Users\Cas\Desktop\mbam.txt
2014-07-16 22:24 - 2014-07-16 22:24 - 00000905 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-16 22:24 - 2014-07-16 22:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-16 22:24 - 2014-07-16 22:24 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-16 22:24 - 2014-07-16 22:24 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-07-16 22:23 - 2014-07-16 22:23 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Cas\Desktop\mbam-setup-2.0.2.1012.exe
2014-07-16 19:15 - 2012-09-19 16:17 - 00070144 _____ () C:\Users\Cas\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-07-16 19:10 - 2012-09-23 20:09 - 00000000 ____D () C:\Users\Cas\AppData\Roaming\vlc
2014-07-16 15:23 - 2013-01-29 18:43 - 00000973 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 8.lnk
2014-07-16 15:23 - 2013-01-29 18:43 - 00000961 _____ () C:\Users\Public\Desktop\TeamViewer 8.lnk
2014-07-16 11:46 - 2014-07-16 11:46 - 00013619 _____ () C:\ComboFix.txt
2014-07-16 11:46 - 2014-07-16 11:35 - 00000000 ____D () C:\Qoobox
2014-07-16 11:46 - 2014-07-16 11:35 - 00000000 ____D () C:\ComboFix
2014-07-16 11:46 - 2006-11-02 13:18 - 00000000 __RHD () C:\Users\Default
2014-07-16 11:46 - 2006-11-02 13:18 - 00000000 ___RD () C:\Users\Public
2014-07-16 11:44 - 2014-07-16 11:34 - 00000000 ____D () C:\Windows\erdnt
2014-07-16 11:44 - 2006-11-02 12:23 - 00000215 _____ () C:\Windows\system.ini
2014-07-16 11:43 - 2012-09-13 23:06 - 00000000 ____D () C:\Users\Cas
2014-07-16 11:29 - 2014-07-16 11:29 - 00139816 _____ () C:\Windows\Minidump\Mini071614-01.dmp
2014-07-16 11:29 - 2012-11-12 23:26 - 304599041 _____ () C:\Windows\MEMORY.DMP
2014-07-16 11:29 - 2012-11-12 23:26 - 00000000 ____D () C:\Windows\Minidump
2014-07-16 11:19 - 2014-07-16 11:19 - 05221615 ____R (Swearware) C:\Users\Cas\Desktop\ComboFix.exe
2014-07-16 10:45 - 2014-07-16 10:45 - 00016413 _____ () C:\Users\Cas\Desktop\Gmer.txt
2014-07-16 10:30 - 2014-07-16 10:30 - 00380416 _____ () C:\Users\Cas\Desktop\Gmer-19357.exe
2014-07-16 10:28 - 2014-07-16 10:28 - 01077248 _____ (Farbar) C:\Users\Cas\Desktop\FRST.exe
2014-07-16 10:26 - 2014-07-16 10:26 - 00050477 _____ () C:\Users\Cas\Desktop\Defogger.exe
2014-07-16 10:16 - 2012-09-19 16:37 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-07-16 09:12 - 2014-07-16 09:12 - 00414520 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-07-16 09:12 - 2014-07-16 09:12 - 00001879 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-07-16 09:12 - 2014-07-16 09:12 - 00000000 ____D () C:\Users\Cas\AppData\Roaming\AVAST Software
2014-07-16 09:12 - 2014-07-16 09:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-07-16 09:11 - 2014-07-16 09:12 - 00779536 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-07-16 09:11 - 2014-07-16 09:12 - 00276432 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-07-16 09:11 - 2014-07-16 09:12 - 00192352 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-07-16 09:11 - 2014-07-16 09:12 - 00067824 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-07-16 09:11 - 2014-07-16 09:12 - 00057800 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2014-07-16 09:11 - 2014-07-16 09:12 - 00055112 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr.sys
2014-07-16 09:11 - 2014-07-16 09:12 - 00049944 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-07-16 09:11 - 2014-07-16 09:12 - 00024184 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-07-16 09:11 - 2014-07-16 09:11 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-07-16 09:11 - 2014-07-16 09:11 - 00000000 ____D () C:\Program Files\AVAST Software
2014-07-16 09:11 - 2014-07-16 09:09 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-07-16 09:09 - 2014-07-16 09:08 - 91906368 _____ (AVAST Software) C:\Users\Cas\Downloads\avast_free_antivirus_setup_9_0_2021.exe
2014-07-16 08:43 - 2012-11-04 19:14 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-07-16 08:38 - 2013-07-11 08:31 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-16 08:37 - 2012-09-23 17:39 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-07-16 08:37 - 2012-09-23 17:39 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-07-16 08:36 - 2012-09-13 23:06 - 00001356 _____ () C:\Users\Cas\AppData\Local\d3d9caps.dat
2014-07-16 08:34 - 2012-09-19 17:54 - 00000000 ____D () C:\Program Files\Common Files\Steam
2014-07-16 08:33 - 2014-07-09 13:13 - 00000000 ____D () C:\Users\Cas\AppData\Roaming\Apple Computer
2014-07-09 13:16 - 2014-07-09 13:16 - 00000000 ____D () C:\Users\Cas\AppData\Local\Apple Computer
2014-07-09 11:45 - 2014-07-09 11:44 - 00000000 ____D () C:\Program Files\QuickTime
2014-07-09 11:44 - 2014-07-09 11:44 - 00001732 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk
2014-07-09 11:44 - 2014-07-09 11:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2014-07-09 11:44 - 2014-07-09 11:44 - 00000000 ____D () C:\ProgramData\Apple Computer
2014-07-09 11:43 - 2014-07-09 11:43 - 00001830 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2014-07-09 11:43 - 2014-07-09 11:43 - 00000000 ____D () C:\Users\Cas\AppData\Local\Apple
2014-07-09 11:43 - 2014-07-09 11:43 - 00000000 ____D () C:\ProgramData\Apple
2014-07-09 11:43 - 2014-07-09 11:43 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-07-09 11:43 - 2014-07-09 11:43 - 00000000 ____D () C:\Program Files\Apple Software Update
2014-07-09 11:36 - 2014-07-09 11:35 - 41945432 _____ (Apple Inc.) C:\Users\Cas\Downloads\QuickTimeInstaller.exe
2014-07-09 10:47 - 2014-07-09 10:47 - 00001008 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-07-09 10:47 - 2014-07-09 10:47 - 00000000 ____D () C:\ProgramData\Package Cache
2014-07-09 10:47 - 2013-07-29 18:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-07-09 10:47 - 2013-07-29 18:41 - 00000000 ____D () C:\ProgramData\Avira
2014-07-09 10:47 - 2013-07-29 18:41 - 00000000 ____D () C:\Program Files\Avira
2014-07-09 10:46 - 2014-07-09 10:46 - 04621032 _____ (Avira Operations GmbH & Co. KG) C:\Users\Cas\Downloads\avira_de_av_4082828851__ws.exe
2014-07-09 10:40 - 2012-11-04 18:39 - 00000919 _____ () C:\Users\Cas\Desktop\Dropbox.lnk
2014-07-09 10:40 - 2012-11-04 18:37 - 00000000 ____D () C:\Users\Cas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-06-26 17:38 - 2006-11-02 12:24 - 93585272 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe

Files to move or delete:
====================
C:\Users\Cas\AccessibleMarshal.dll
C:\Users\Cas\crashreporter.exe
C:\Users\Cas\D3DCompiler_43.dll
C:\Users\Cas\d3dx9_43.dll
C:\Users\Cas\freebl3.dll
C:\Users\Cas\gkmedias.dll
C:\Users\Cas\libEGL.dll
C:\Users\Cas\libGLESv2.dll
C:\Users\Cas\maintenanceservice.exe
C:\Users\Cas\maintenanceservice_installer.exe
C:\Users\Cas\MapiProxy.dll
C:\Users\Cas\MapiProxy_InUse.dll
C:\Users\Cas\mozalloc.dll
C:\Users\Cas\mozglue.dll
C:\Users\Cas\mozMapi32.dll
C:\Users\Cas\mozMapi32_InUse.dll
C:\Users\Cas\mozsqlite3.dll
C:\Users\Cas\msvcp100.dll
C:\Users\Cas\msvcr100.dll
C:\Users\Cas\nspr4.dll
C:\Users\Cas\nss3.dll
C:\Users\Cas\nssckbi.dll
C:\Users\Cas\nssdbm3.dll
C:\Users\Cas\nssutil3.dll
C:\Users\Cas\plc4.dll
C:\Users\Cas\plds4.dll
C:\Users\Cas\smime3.dll
C:\Users\Cas\softokn3.dll
C:\Users\Cas\ssl3.dll
C:\Users\Cas\thunderbird.exe
C:\Users\Cas\updater.exe
C:\Users\Cas\WSEnable.exe
C:\Users\Cas\xpcom.dll
C:\Users\Cas\xul.dll


Some content of TEMP:
====================
C:\Users\Cas\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpv7mcdi.dll
C:\Users\Cas\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-07-16 23:02

==================== End Of Log ============================
--- --- ---

--- --- ---


Babylon besiegt? ;)

Viele Grüße.

schrauber 17.07.2014 15:50
Du musst den AdwCleaner auch löschen lassen :)


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)

Teabone 17.07.2014 19:06
Hallo Schrauber,

leider scheint es zumindest ein Trojaner noch überlebt zu haben.
Beim Starten des Rechners (und Steam's Update versuchen) meldet sich Antivir mit der Zugriffsverweigerung auf Steam\GameOverlayUI.exe weil diese angeblich TR/Dropper.Gen enthält.

Ansonsten hier die neuen Logs:

ESET

Code:
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=6768842a42d95e4bb1c2418d001ae9a1
# engine=19223
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-07-17 05:38:57
# local_time=2014-07-17 07:38:57 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.0.6000 NT
# compatibility_mode_1='avast! Antivirus'
# compatibility_mode=783 16777213 100 94 123654 124162 0 0
# compatibility_mode_1='Avira Desktop'
# compatibility_mode=1804 16775165 100 95 27855428 176290042 27848044 0
# compatibility_mode_1=''
# compatibility_mode=5892 16776574 100 100 30502823 243151592 0 0
# scanned=283269
# found=7
# cleaned=0
# scan_time=6191
sh=594FF5D084FEEDCB971E83821CABBD1067870A90 ft=1 fh=77b67014f649749f vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Cas\Documents\MAGIX Downloads\Quick EXIF Editor Installer.exe"
sh=7865F72A09630306977C48EC1AEFB77C00A01D65 ft=1 fh=989c98f9162840a4 vn="Win32/DownWare.W evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Cas\Documents\MAGIX Downloads\SUPERsetup.exe"
sh=D0357617961BF3D526BEFAAB0048CBB983EA4DF9 ft=1 fh=c604c933e8b9509f vn="Win32/InstallMonetizer.AQ evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Cas\Downloads\PDFCreator-1_7_0_setup.exe"
sh=D466CE5076CDBA688A4C4FAFE614E0EAFCCF0086 ft=0 fh=0000000000000000 vn="Win32/bProtector.F evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Cas\updated\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6R03CWCV\pack[1].7z"
sh=AC76360969B4C1DEABBF392242705FF7A8BF5922 ft=0 fh=0000000000000000 vn="Win32/bProtector.F evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Cas\updated\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WEBO4OS9\pack[1].7z"
sh=5543317AB6CC3C84B018F7262CD7F6048CA22C4B ft=1 fh=1b57474b1411cddc vn="Win32/InstallMonetizer.AH evtl. unerwünschte Anwendung" ac=I fn="D:\Setups\MyPhoneExplorer_Setup_1.8.4.exe"
sh=C8FB6D061DA6E2130C25401503DF3CEFA087A8AB ft=1 fh=a23eb8810803d92c vn="Win32/SoftonicDownloader.G evtl. unerwünschte Anwendung" ac=I fn="K:\Sicherung\Bewerbungsunterlagen\Bewerbungen\Bildungsfonds 2014\SoftonicDownloader_for_pdf-blender.exe"

SecurityCheck

Code:
Results of screen317's Security Check version 0.99.85 
 Windows Vista  x86 (UAC is enabled) 
 Out of date service pack!!
 Internet Explorer 7 Out of date!
``````````````Antivirus/Firewall Check:``````````````
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 Java 7 Update 15 
 Java version out of Date!
 Adobe Flash Player        14.0.0.145 
 Adobe Reader 10.1.10 Adobe Reader out of Date! 
 Mozilla Firefox (Firefox.)
 Mozilla Thunderbird 15.0.1 Thunderbird out of Date! 
````````Process Check: objlist.exe by Laurent```````` 
 Malwarebytes Anti-Malware mbamservice.exe 
 Malwarebytes Anti-Malware mbam.exe 
 Avira Antivir avgnt.exe
 Avira Antivir avguard.exe
 Malwarebytes Anti-Malware mbamscheduler.exe 
 AVAST Software Avast AvastSvc.exe 
 AVAST Software Avast AvastUI.exe 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:  %
````````````````````End of Log``````````````````````
FRST


FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:15-07-2014 01
Ran by Cas (administrator) on CAS-PC on 17-07-2014 19:47:42
Running from C:\Users\Cas\Desktop
Platform: Microsoft® Windows Vista™ Ultimate  (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 7
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(AMD) C:\Windows\System32\atiesrxx.exe
(Microsoft Corporation) C:\Windows\System32\audiodg.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Cisco Systems, Inc.) C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(pdfforge GmbH) C:\Program Files\PDF Architect\HelperService.exe
(pdfforge GmbH) C:\Program Files\PDF Architect\ConversionService.exe
() C:\Windows\System32\PSIService.exe
() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Nullsoft, Inc.) C:\Program Files\Winamp\winampa.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\Update\realsched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Spotify Ltd) C:\Users\Cas\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Dropbox, Inc.) C:\Users\Cas\AppData\Roaming\Dropbox\bin\Dropbox.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(MAGIX AG) C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avcenter.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [343168 2011-10-12] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [WinampAgent] => C:\Program Files\Winamp\winampa.exe [74752 2012-06-20] (Nullsoft, Inc.)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [1603152 2007-04-03] (CANON INC.)
HKLM\...\Run: [TrayServer] => C:\Program Files\MAGIX\Video_deluxe_MX_Plus_Sonderedition\TrayServer_de.exe [90112 2008-08-07] (MAGIX AG)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
HKLM\...\Run: [Ocs_SM] => C:\Users\Cas\AppData\Roaming\OCS\SM\SearchAnonymizer.exe [106496 2012-11-17] (OCS)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM\...\Run: [TkBellExe] => C:\Program Files\Real\RealPlayer\Update\realsched.exe [295512 2013-03-21] (RealNetworks, Inc.)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [345144 2013-07-29] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [703888 2013-06-19] (Cisco Systems, Inc.)
HKLM\...\Run: [Avira Systray] => C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe [189520 2014-07-07] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM\...\Run: [MRT] => C:\Windows\system32\MRT.exe [93585272 2014-06-26] (Microsoft Corporation)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4086432 2014-07-16] (AVAST Software)
HKU\S-1-5-21-1399156017-4130152259-970843329-1000\...\Run: [Steam] => D:\Programme\Steam\steam.exe [1753280 2014-07-12] (Valve Corporation)
HKU\S-1-5-21-1399156017-4130152259-970843329-1000\...\Run: [Spotify Web Helper] => C:\Users\Cas\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1178168 2014-07-16] (Spotify Ltd)
HKU\S-1-5-21-1399156017-4130152259-970843329-1000\...\Run: [Spotify] => C:\Users\Cas\AppData\Roaming\Spotify\spotify.exe [6162488 2014-07-16] (Spotify Ltd)
HKU\S-1-5-21-1399156017-4130152259-970843329-1000\...\Run: [DAEMON Tools Lite] => D:\Programme\DAEMON Tools Lite\DTLite.exe [3672384 2012-04-11] (DT Soft Ltd)
Startup: C:\Users\Cas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Cas\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search
SearchScopes: HKCU - DefaultScope {0633ee93-d776-472f-a0ff-e1416b8b2e3a} URL = hxxp://www.bing.com/search
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search
SearchScopes: HKCU - {8B9C785E-E8BC-44E4-84A2-75445A337DE0} URL = hxxp://www.amazon.de.anonymize-me.de/?to=616D617A6F6E2E6465&st={searchTerms}&clid=2b1589ca-6f97-451f-8387-9d9cadf50515&pid=fotofreeware&mode=bounce&k=0
SearchScopes: HKCU - {8C13D732-90BE-4CE9-9F57-E927CE15A13D} URL = hxxp://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=2b1589ca-6f97-451f-8387-9d9cadf50515&pid=fotofreeware&mode=bounce&k=0
SearchScopes: HKCU - {99BE2E78-9F23-4B08-805A-949F9DAEBD33} URL = hxxp://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=2b1589ca-6f97-451f-8387-9d9cadf50515&pid=fotofreeware&mode=bounce&k=0
SearchScopes: HKCU - {A1170089-D498-429F-9992-91C1AD86ED9D} URL = hxxp://search.ebay.de.anonymize-me.de/?to=656261792E6465&st={searchTerms}&clid=2b1589ca-6f97-451f-8387-9d9cadf50515&pid=fotofreeware&mode=bounce&k=0
SearchScopes: HKCU - {B84E8222-9DC4-4CF0-AB73-9013E1247EA8} URL = hxxp://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=2b1589ca-6f97-451f-8387-9d9cadf50515&pid=fotofreeware&mode=bounce&k=0
SearchScopes: HKCU - {FA422BE7-39E3-4096-AE5D-A6015A9DDD23} URL = hxxp://de.wikipedia.org.anonymize-me.de/?to=64652E77696B6970656469612E6F7267&st={searchTerms}&clid=2b1589ca-6f97-451f-8387-9d9cadf50515&pid=fotofreeware&mode=bounce&k=0
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO: PDF Architect Helper -> {3A2D5EBA-F86D-4BD3-A177-019765996711} -> C:\Program Files\PDF Architect\PDFIEHelper.dll (pdfforge GmbH)
BHO: SwissAcademic.Citavi.Picker.IEPicker -> {609D670F-B735-4da7-AC6D-F3BD358E325E} -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - PDF Architect Toolbar - {25A3A431-30BB-47C8-AD6A-E1063801134F} - C:\Program Files\PDF Architect\PDFIEPlugin.dll (pdfforge GmbH)
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Winsock: Catalog9 01 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 02 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 03 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 04 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 05 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 06 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 07 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 08 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 19 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Cas\AppData\Roaming\Mozilla\Firefox\Profiles\8ka7i0u3.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin: @java.com/DTPlugin,version=10.15.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.15.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=16.0.1.18 - C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=16.0.1.18 - C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin: @videolan.org/vlc,version=2.0.3 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpplugin.dll (RealPlayer)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.)
FF SearchPlugin: C:\Users\Cas\AppData\Roaming\Mozilla\Firefox\Profiles\8ka7i0u3.default\searchplugins\11-suche.xml
FF SearchPlugin: C:\Users\Cas\AppData\Roaming\Mozilla\Firefox\Profiles\8ka7i0u3.default\searchplugins\duckduckgo.xml
FF SearchPlugin: C:\Users\Cas\AppData\Roaming\Mozilla\Firefox\Profiles\8ka7i0u3.default\searchplugins\englische-ergebnisse.xml
FF SearchPlugin: C:\Users\Cas\AppData\Roaming\Mozilla\Firefox\Profiles\8ka7i0u3.default\searchplugins\firefox-add-ons.xml
FF SearchPlugin: C:\Users\Cas\AppData\Roaming\Mozilla\Firefox\Profiles\8ka7i0u3.default\searchplugins\gmx-suche.xml
FF SearchPlugin: C:\Users\Cas\AppData\Roaming\Mozilla\Firefox\Profiles\8ka7i0u3.default\searchplugins\lastminute.xml
FF SearchPlugin: C:\Users\Cas\AppData\Roaming\Mozilla\Firefox\Profiles\8ka7i0u3.default\searchplugins\webde-suche.xml
FF SearchPlugin: C:\Users\Cas\AppData\Roaming\Mozilla\Firefox\Profiles\8ka7i0u3.default\searchplugins\{8183CA04-D4D3-4322-9980-6E4BC4CC809E}.xml
FF SearchPlugin: C:\Users\Cas\AppData\Roaming\Mozilla\Firefox\Profiles\8ka7i0u3.default\searchplugins\{94701381-8CAB-4F73-9A01-6CD89B94FB6F}.xml
FF SearchPlugin: C:\Users\Cas\AppData\Roaming\Mozilla\Firefox\Profiles\8ka7i0u3.default\searchplugins\{9AE7E708-1DC8-4294-81E4-AD0BECFC4EF0}.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Preispilot - C:\Users\Cas\AppData\Roaming\Mozilla\Firefox\Profiles\8ka7i0u3.default\Extensions\extension@preispilot.com [2012-11-18]
FF Extension: FireJump - C:\Users\Cas\AppData\Roaming\Mozilla\Firefox\Profiles\8ka7i0u3.default\Extensions\firejump@firejump.net [2012-11-17]
FF Extension: Google Search by Image - C:\Users\Cas\AppData\Roaming\Mozilla\Firefox\Profiles\8ka7i0u3.default\Extensions\google@hitachi.com [2013-01-05]
FF Extension: ProxTube - Unblock YouTube - C:\Users\Cas\AppData\Roaming\Mozilla\Firefox\Profiles\8ka7i0u3.default\Extensions\ich@maltegoetz.de [2014-07-16]
FF Extension: No Name - C:\Users\Cas\AppData\Roaming\Mozilla\Firefox\Profiles\8ka7i0u3.default\Extensions\staged [2014-07-17]
FF Extension: Go To Google - C:\Users\Cas\AppData\Roaming\Mozilla\Firefox\Profiles\8ka7i0u3.default\Extensions\{BCC877E7-7F3F-4632-8338-DAEE4475DE35} [2013-01-01]
FF Extension: Easy YouTube Video Downloader - C:\Users\Cas\AppData\Roaming\Mozilla\Firefox\Profiles\8ka7i0u3.default\Extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b} [2013-08-03]
FF Extension: Adblock Plus - C:\Users\Cas\AppData\Roaming\Mozilla\Firefox\Profiles\8ka7i0u3.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2014-07-09]
FF Extension: New Tab King - C:\Users\Cas\AppData\Roaming\Mozilla\Firefox\Profiles\8ka7i0u3.default\Extensions\{FC5BAC7D-D696-4ba6-B913-CF8F000C33DF} [2014-07-16]
FF Extension: Preispilot - C:\Users\Cas\AppData\Roaming\Mozilla\Firefox\Profiles\8ka7i0u3.default\Extensions\extension@preispilot.com.xpi [2012-11-18]
FF Extension: Google Search by Image - C:\Users\Cas\AppData\Roaming\Mozilla\Firefox\Profiles\8ka7i0u3.default\Extensions\google@hitachi.com.xpi [2013-01-05]
FF Extension: All-in-One Sidebar - C:\Users\Cas\AppData\Roaming\Mozilla\Firefox\Profiles\8ka7i0u3.default\Extensions\{097d3191-e6fa-4728-9826-b533d755359d}.xpi [2012-09-23]
FF Extension: NoScript - C:\Users\Cas\AppData\Roaming\Mozilla\Firefox\Profiles\8ka7i0u3.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2013-04-16]
FF Extension: Go To Google - C:\Users\Cas\AppData\Roaming\Mozilla\Firefox\Profiles\8ka7i0u3.default\Extensions\{BCC877E7-7F3F-4632-8338-DAEE4475DE35}.xpi [2013-01-01]
FF Extension: Easy YouTube Video Downloader - C:\Users\Cas\AppData\Roaming\Mozilla\Firefox\Profiles\8ka7i0u3.default\Extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi [2013-03-23]
FF Extension: Adblock Plus - C:\Users\Cas\AppData\Roaming\Mozilla\Firefox\Profiles\8ka7i0u3.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-02-14]
FF Extension: DownThemAll! - C:\Users\Cas\AppData\Roaming\Mozilla\Firefox\Profiles\8ka7i0u3.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2012-09-23]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2012-09-19]
FF HKLM\...\Firefox\Extensions: [{8AA36F4F-6DC7-4c06-77AF-5035170634FE}] - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox
FF Extension: Citavi Picker - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2012-09-26]
FF HKLM\...\Firefox\Extensions: [{DAC3F861-B30D-40dd-9166-F4E75327FAC7}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-03-21]
FF HKLM\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files\PDF Architect\FFPDFArchitectExt [2013-05-07]
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKCU\...\Firefox\Extensions: [extension@preispilot.com] - C:\Users\Cas\AppData\Roaming\Mozilla\Firefox\Profiles\8ka7i0u3.default\extensions\extension@preispilot.com
FF HKCU\...\Firefox\Extensions: [firejump@firejump.net] - C:\Users\Cas\AppData\Roaming\Mozilla\Firefox\Profiles\8ka7i0u3.default\extensions\firejump@firejump.net

========================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [84024 2013-07-29] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [108088 2013-07-29] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [589368 2013-07-29] (Avira Operations GmbH & Co. KG)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-07-16] (AVAST Software)
R2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [141392 2014-07-07] (Avira Operations GmbH & Co. KG)
R2 Fabs; C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe [1840128 2011-05-24] (MAGIX AG) [File not signed]
S3 FirebirdServerMAGIXInstance; C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe [2702848 2011-04-26] (MAGIX®) [File not signed]
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 PDF Architect Helper Service; C:\Program Files\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
R2 PDF Architect Service; C:\Program Files\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
R2 ProtexisLicensing; C:\Windows\system32\PSIService.exe [174656 2006-11-02] () [File not signed]
R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-03-06] ()
S2 SearchAnonymizer; C:\Users\Cas\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe [40960 2012-11-17] () [File not signed]
R2 vpnagent; C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [557968 2013-06-19] (Cisco Systems, Inc.)

==================== Drivers (Whitelisted) ====================

S3 acsint; C:\Windows\System32\DRIVERS\acsint.sys [39888 2013-06-19] (Cisco Systems, Inc.)
S3 acsmux; C:\Windows\System32\DRIVERS\acsmux.sys [58320 2013-06-19] (Cisco Systems, Inc.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-07-16] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-07-16] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [55112 2014-07-16] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-07-16] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [779536 2014-07-16] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [414520 2014-07-16] (AVAST Software)
R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [57800 2014-07-16] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [192352 2014-07-16] ()
R3 AtiHDAudioService; C:\Windows\System32\drivers\AtihdLH3.sys [75776 2013-01-15] (Advanced Micro Devices)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [84744 2013-07-29] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135136 2013-07-29] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-07-29] (Avira Operations GmbH & Co. KG)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [242240 2012-09-23] (DT Soft Ltd)
S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [14216 2011-07-29] () [File not signed]
S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [8456 2011-07-29] () [File not signed]
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [110296 2014-07-17] (Malwarebytes Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [5810 2004-08-13] ()
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [16472 2010-04-09] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [11104 2010-04-09] ()
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-07-29] (Avira GmbH)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 catchme; \??\C:\Users\Cas\AppData\Local\Temp\catchme.sys [X]
S3 HTCAND32; System32\Drivers\ANDROIDUSB.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S1 xuxibnch; \??\C:\Windows\system32\drivers\xuxibnch.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-07-17 19:47 - 2014-07-17 19:47 - 00001305 _____ () C:\Users\Cas\Desktop\checkup.txt
2014-07-17 19:41 - 2014-07-17 19:41 - 00854390 _____ () C:\Users\Cas\Desktop\SecurityCheck.exe
2014-07-17 17:53 - 2014-07-17 17:53 - 00000000 ____D () C:\Program Files\ESET
2014-07-17 17:51 - 2014-07-17 17:51 - 02347384 _____ (ESET) C:\Users\Cas\Desktop\esetsmartinstaller_deu.exe
2014-07-17 08:57 - 2009-06-04 01:56 - 00675152 _____ (Microsoft Corporation) C:\Windows\system32\gpprefcl.dll
2014-07-16 23:04 - 2014-07-16 23:04 - 00004556 _____ () C:\Users\Cas\Desktop\JRT.txt
2014-07-16 22:52 - 2014-07-16 22:52 - 00000000 ____D () C:\Windows\ERUNT
2014-07-16 22:51 - 2014-07-16 22:51 - 01016261 _____ (Thisisu) C:\Users\Cas\Desktop\JRT.exe
2014-07-16 22:50 - 2014-07-16 22:39 - 00005148 _____ () C:\Users\Cas\Desktop\AdwCleaner[R0].txt
2014-07-16 22:38 - 2014-07-16 22:39 - 00000000 ____D () C:\AdwCleaner
2014-07-16 22:37 - 2014-07-16 22:37 - 01348263 _____ () C:\Users\Cas\Desktop\adwcleaner_3.215.exe
2014-07-16 22:36 - 2014-07-16 22:36 - 00013014 _____ () C:\Users\Cas\Desktop\mbam.txt
2014-07-16 22:24 - 2014-07-17 19:34 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-16 22:24 - 2014-07-16 22:24 - 00000905 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-16 22:24 - 2014-07-16 22:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-16 22:24 - 2014-07-16 22:24 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-16 22:24 - 2014-07-16 22:24 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-07-16 22:24 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-07-16 22:24 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-07-16 22:24 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-07-16 22:23 - 2014-07-16 22:23 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Cas\Desktop\mbam-setup-2.0.2.1012.exe
2014-07-16 18:56 - 2007-01-04 12:02 - 00663552 _____ (MAGIX AG) C:\Windows\system32\mgxoschk.dll
2014-07-16 11:46 - 2014-07-16 11:46 - 00013619 _____ () C:\ComboFix.txt
2014-07-16 11:35 - 2014-07-16 11:46 - 00000000 ____D () C:\Qoobox
2014-07-16 11:35 - 2014-07-16 11:46 - 00000000 ____D () C:\ComboFix
2014-07-16 11:35 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-07-16 11:35 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-07-16 11:35 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-07-16 11:35 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-07-16 11:35 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-07-16 11:35 - 2000-08-31 02:00 - 00212480 _____ (SteelWerX) C:\Windows\SWXCACLS.exe
2014-07-16 11:35 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-07-16 11:35 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-07-16 11:35 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-07-16 11:34 - 2014-07-16 11:44 - 00000000 ____D () C:\Windows\erdnt
2014-07-16 11:29 - 2014-07-16 11:29 - 00139816 _____ () C:\Windows\Minidump\Mini071614-01.dmp
2014-07-16 11:19 - 2014-07-16 11:19 - 05221615 ____R (Swearware) C:\Users\Cas\Desktop\ComboFix.exe
2014-07-16 10:45 - 2014-07-16 10:45 - 00016413 _____ () C:\Users\Cas\Desktop\Gmer.txt
2014-07-16 10:30 - 2014-07-16 10:30 - 00380416 _____ () C:\Users\Cas\Desktop\Gmer-19357.exe
2014-07-16 10:29 - 2014-07-17 19:47 - 00024947 _____ () C:\Users\Cas\Desktop\FRST.txt
2014-07-16 10:28 - 2014-07-17 19:47 - 00000000 ____D () C:\FRST
2014-07-16 10:28 - 2014-07-16 10:28 - 01077248 _____ (Farbar) C:\Users\Cas\Desktop\FRST.exe
2014-07-16 10:26 - 2014-07-16 10:26 - 00050477 _____ () C:\Users\Cas\Desktop\Defogger.exe
2014-07-16 09:12 - 2014-07-16 09:12 - 00414520 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-07-16 09:12 - 2014-07-16 09:12 - 00001879 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-07-16 09:12 - 2014-07-16 09:12 - 00000000 ____D () C:\Users\Cas\AppData\Roaming\AVAST Software
2014-07-16 09:12 - 2014-07-16 09:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-07-16 09:12 - 2014-07-16 09:11 - 00779536 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-07-16 09:12 - 2014-07-16 09:11 - 00276432 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-07-16 09:12 - 2014-07-16 09:11 - 00192352 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-07-16 09:12 - 2014-07-16 09:11 - 00067824 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-07-16 09:12 - 2014-07-16 09:11 - 00057800 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2014-07-16 09:12 - 2014-07-16 09:11 - 00055112 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr.sys
2014-07-16 09:12 - 2014-07-16 09:11 - 00049944 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-07-16 09:12 - 2014-07-16 09:11 - 00024184 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-07-16 09:11 - 2014-07-16 09:11 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-07-16 09:11 - 2014-07-16 09:11 - 00000000 ____D () C:\Program Files\AVAST Software
2014-07-16 09:09 - 2014-07-16 09:11 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-07-16 09:08 - 2014-07-16 09:09 - 91906368 _____ (AVAST Software) C:\Users\Cas\Downloads\avast_free_antivirus_setup_9_0_2021.exe
2014-07-09 13:16 - 2014-07-09 13:16 - 00000000 ____D () C:\Users\Cas\AppData\Local\Apple Computer
2014-07-09 13:13 - 2014-07-16 08:33 - 00000000 ____D () C:\Users\Cas\AppData\Roaming\Apple Computer
2014-07-09 11:44 - 2014-07-09 11:45 - 00000000 ____D () C:\Program Files\QuickTime
2014-07-09 11:44 - 2014-07-09 11:44 - 00001732 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk
2014-07-09 11:44 - 2014-07-09 11:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2014-07-09 11:44 - 2014-07-09 11:44 - 00000000 ____D () C:\ProgramData\Apple Computer
2014-07-09 11:43 - 2014-07-09 11:43 - 00001830 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2014-07-09 11:43 - 2014-07-09 11:43 - 00000000 ____D () C:\Users\Cas\AppData\Local\Apple
2014-07-09 11:43 - 2014-07-09 11:43 - 00000000 ____D () C:\ProgramData\Apple
2014-07-09 11:43 - 2014-07-09 11:43 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-07-09 11:43 - 2014-07-09 11:43 - 00000000 ____D () C:\Program Files\Apple Software Update
2014-07-09 11:35 - 2014-07-09 11:36 - 41945432 _____ (Apple Inc.) C:\Users\Cas\Downloads\QuickTimeInstaller.exe
2014-07-09 10:47 - 2014-07-09 10:47 - 00001008 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-07-09 10:47 - 2014-07-09 10:47 - 00000000 ____D () C:\ProgramData\Package Cache
2014-07-09 10:46 - 2014-07-09 10:46 - 04621032 _____ (Avira Operations GmbH & Co. KG) C:\Users\Cas\Downloads\avira_de_av_4082828851__ws.exe
2014-07-09 10:40 - 2014-07-17 08:47 - 00000000 ____D () C:\Users\Cas\AppData\Roaming\DropboxMaster

==================== One Month Modified Files and Folders =======

2014-07-17 19:48 - 2014-07-16 10:29 - 00024947 _____ () C:\Users\Cas\Desktop\FRST.txt
2014-07-17 19:47 - 2014-07-17 19:47 - 00001305 _____ () C:\Users\Cas\Desktop\checkup.txt
2014-07-17 19:47 - 2014-07-16 10:28 - 00000000 ____D () C:\FRST
2014-07-17 19:41 - 2014-07-17 19:41 - 00854390 _____ () C:\Users\Cas\Desktop\SecurityCheck.exe
2014-07-17 19:34 - 2014-07-16 22:24 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-17 19:02 - 2006-11-02 14:46 - 00003936 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-17 19:02 - 2006-11-02 14:46 - 00003936 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-17 18:50 - 2013-04-17 18:12 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-17 17:53 - 2014-07-17 17:53 - 00000000 ____D () C:\Program Files\ESET
2014-07-17 17:53 - 2006-11-02 14:51 - 01354846 _____ () C:\Windows\WindowsUpdate.log
2014-07-17 17:52 - 2006-11-02 12:33 - 01461736 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-17 17:51 - 2014-07-17 17:51 - 02347384 _____ (ESET) C:\Users\Cas\Desktop\esetsmartinstaller_deu.exe
2014-07-17 09:04 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\rescache
2014-07-17 08:57 - 2012-09-13 23:06 - 00000000 ____D () C:\Users\Cas
2014-07-17 08:57 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\system32\de-DE
2014-07-17 08:53 - 2012-09-19 16:44 - 00002425 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2014-07-17 08:48 - 2012-11-04 18:36 - 00000000 ____D () C:\Users\Cas\AppData\Roaming\Dropbox
2014-07-17 08:47 - 2014-07-09 10:40 - 00000000 ____D () C:\Users\Cas\AppData\Roaming\DropboxMaster
2014-07-17 08:47 - 2012-11-03 17:59 - 00000000 ____D () C:\Users\Cas\AppData\Roaming\Spotify
2014-07-17 08:44 - 2006-11-02 15:00 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-16 23:24 - 2006-11-02 15:00 - 00032606 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-07-16 23:04 - 2014-07-16 23:04 - 00004556 _____ () C:\Users\Cas\Desktop\JRT.txt
2014-07-16 22:55 - 2006-11-02 14:59 - 00039560 _____ () C:\Windows\PFRO.log
2014-07-16 22:52 - 2014-07-16 22:52 - 00000000 ____D () C:\Windows\ERUNT
2014-07-16 22:51 - 2014-07-16 22:51 - 01016261 _____ (Thisisu) C:\Users\Cas\Desktop\JRT.exe
2014-07-16 22:46 - 2012-11-03 17:59 - 00000000 ____D () C:\Users\Cas\AppData\Local\Spotify
2014-07-16 22:39 - 2014-07-16 22:50 - 00005148 _____ () C:\Users\Cas\Desktop\AdwCleaner[R0].txt
2014-07-16 22:39 - 2014-07-16 22:38 - 00000000 ____D () C:\AdwCleaner
2014-07-16 22:39 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\Resources
2014-07-16 22:37 - 2014-07-16 22:37 - 01348263 _____ () C:\Users\Cas\Desktop\adwcleaner_3.215.exe
2014-07-16 22:36 - 2014-07-16 22:36 - 00013014 _____ () C:\Users\Cas\Desktop\mbam.txt
2014-07-16 22:24 - 2014-07-16 22:24 - 00000905 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-16 22:24 - 2014-07-16 22:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-16 22:24 - 2014-07-16 22:24 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-16 22:24 - 2014-07-16 22:24 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-07-16 22:23 - 2014-07-16 22:23 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Cas\Desktop\mbam-setup-2.0.2.1012.exe
2014-07-16 19:15 - 2012-09-19 16:17 - 00070144 _____ () C:\Users\Cas\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-07-16 19:10 - 2012-09-23 20:09 - 00000000 ____D () C:\Users\Cas\AppData\Roaming\vlc
2014-07-16 15:23 - 2013-01-29 18:43 - 00000973 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 8.lnk
2014-07-16 15:23 - 2013-01-29 18:43 - 00000961 _____ () C:\Users\Public\Desktop\TeamViewer 8.lnk
2014-07-16 11:46 - 2014-07-16 11:46 - 00013619 _____ () C:\ComboFix.txt
2014-07-16 11:46 - 2014-07-16 11:35 - 00000000 ____D () C:\Qoobox
2014-07-16 11:46 - 2014-07-16 11:35 - 00000000 ____D () C:\ComboFix
2014-07-16 11:46 - 2006-11-02 13:18 - 00000000 __RHD () C:\Users\Default
2014-07-16 11:46 - 2006-11-02 13:18 - 00000000 ___RD () C:\Users\Public
2014-07-16 11:44 - 2014-07-16 11:34 - 00000000 ____D () C:\Windows\erdnt
2014-07-16 11:44 - 2006-11-02 12:23 - 00000215 _____ () C:\Windows\system.ini
2014-07-16 11:29 - 2014-07-16 11:29 - 00139816 _____ () C:\Windows\Minidump\Mini071614-01.dmp
2014-07-16 11:29 - 2012-11-12 23:26 - 304599041 _____ () C:\Windows\MEMORY.DMP
2014-07-16 11:29 - 2012-11-12 23:26 - 00000000 ____D () C:\Windows\Minidump
2014-07-16 11:19 - 2014-07-16 11:19 - 05221615 ____R (Swearware) C:\Users\Cas\Desktop\ComboFix.exe
2014-07-16 10:45 - 2014-07-16 10:45 - 00016413 _____ () C:\Users\Cas\Desktop\Gmer.txt
2014-07-16 10:30 - 2014-07-16 10:30 - 00380416 _____ () C:\Users\Cas\Desktop\Gmer-19357.exe
2014-07-16 10:28 - 2014-07-16 10:28 - 01077248 _____ (Farbar) C:\Users\Cas\Desktop\FRST.exe
2014-07-16 10:26 - 2014-07-16 10:26 - 00050477 _____ () C:\Users\Cas\Desktop\Defogger.exe
2014-07-16 10:16 - 2012-09-19 16:37 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-07-16 09:12 - 2014-07-16 09:12 - 00414520 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-07-16 09:12 - 2014-07-16 09:12 - 00001879 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-07-16 09:12 - 2014-07-16 09:12 - 00000000 ____D () C:\Users\Cas\AppData\Roaming\AVAST Software
2014-07-16 09:12 - 2014-07-16 09:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-07-16 09:11 - 2014-07-16 09:12 - 00779536 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-07-16 09:11 - 2014-07-16 09:12 - 00276432 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-07-16 09:11 - 2014-07-16 09:12 - 00192352 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-07-16 09:11 - 2014-07-16 09:12 - 00067824 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-07-16 09:11 - 2014-07-16 09:12 - 00057800 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2014-07-16 09:11 - 2014-07-16 09:12 - 00055112 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr.sys
2014-07-16 09:11 - 2014-07-16 09:12 - 00049944 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-07-16 09:11 - 2014-07-16 09:12 - 00024184 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-07-16 09:11 - 2014-07-16 09:11 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-07-16 09:11 - 2014-07-16 09:11 - 00000000 ____D () C:\Program Files\AVAST Software
2014-07-16 09:11 - 2014-07-16 09:09 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-07-16 09:09 - 2014-07-16 09:08 - 91906368 _____ (AVAST Software) C:\Users\Cas\Downloads\avast_free_antivirus_setup_9_0_2021.exe
2014-07-16 08:43 - 2012-11-04 19:14 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-07-16 08:38 - 2013-07-11 08:31 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-16 08:37 - 2012-09-23 17:39 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-07-16 08:37 - 2012-09-23 17:39 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-07-16 08:36 - 2012-09-13 23:06 - 00001356 _____ () C:\Users\Cas\AppData\Local\d3d9caps.dat
2014-07-16 08:34 - 2012-09-19 17:54 - 00000000 ____D () C:\Program Files\Common Files\Steam
2014-07-16 08:33 - 2014-07-09 13:13 - 00000000 ____D () C:\Users\Cas\AppData\Roaming\Apple Computer
2014-07-09 13:16 - 2014-07-09 13:16 - 00000000 ____D () C:\Users\Cas\AppData\Local\Apple Computer
2014-07-09 11:45 - 2014-07-09 11:44 - 00000000 ____D () C:\Program Files\QuickTime
2014-07-09 11:44 - 2014-07-09 11:44 - 00001732 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk
2014-07-09 11:44 - 2014-07-09 11:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2014-07-09 11:44 - 2014-07-09 11:44 - 00000000 ____D () C:\ProgramData\Apple Computer
2014-07-09 11:43 - 2014-07-09 11:43 - 00001830 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2014-07-09 11:43 - 2014-07-09 11:43 - 00000000 ____D () C:\Users\Cas\AppData\Local\Apple
2014-07-09 11:43 - 2014-07-09 11:43 - 00000000 ____D () C:\ProgramData\Apple
2014-07-09 11:43 - 2014-07-09 11:43 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-07-09 11:43 - 2014-07-09 11:43 - 00000000 ____D () C:\Program Files\Apple Software Update
2014-07-09 11:36 - 2014-07-09 11:35 - 41945432 _____ (Apple Inc.) C:\Users\Cas\Downloads\QuickTimeInstaller.exe
2014-07-09 10:47 - 2014-07-09 10:47 - 00001008 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-07-09 10:47 - 2014-07-09 10:47 - 00000000 ____D () C:\ProgramData\Package Cache
2014-07-09 10:47 - 2013-07-29 18:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-07-09 10:47 - 2013-07-29 18:41 - 00000000 ____D () C:\ProgramData\Avira
2014-07-09 10:47 - 2013-07-29 18:41 - 00000000 ____D () C:\Program Files\Avira
2014-07-09 10:46 - 2014-07-09 10:46 - 04621032 _____ (Avira Operations GmbH & Co. KG) C:\Users\Cas\Downloads\avira_de_av_4082828851__ws.exe
2014-07-09 10:40 - 2012-11-04 18:39 - 00000919 _____ () C:\Users\Cas\Desktop\Dropbox.lnk
2014-07-09 10:40 - 2012-11-04 18:37 - 00000000 ____D () C:\Users\Cas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-06-26 17:38 - 2006-11-02 12:24 - 93585272 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe

Files to move or delete:
====================
C:\Users\Cas\AccessibleMarshal.dll
C:\Users\Cas\crashreporter.exe
C:\Users\Cas\D3DCompiler_43.dll
C:\Users\Cas\d3dx9_43.dll
C:\Users\Cas\freebl3.dll
C:\Users\Cas\gkmedias.dll
C:\Users\Cas\libEGL.dll
C:\Users\Cas\libGLESv2.dll
C:\Users\Cas\maintenanceservice.exe
C:\Users\Cas\maintenanceservice_installer.exe
C:\Users\Cas\MapiProxy.dll
C:\Users\Cas\MapiProxy_InUse.dll
C:\Users\Cas\mozalloc.dll
C:\Users\Cas\mozglue.dll
C:\Users\Cas\mozMapi32.dll
C:\Users\Cas\mozMapi32_InUse.dll
C:\Users\Cas\mozsqlite3.dll
C:\Users\Cas\msvcp100.dll
C:\Users\Cas\msvcr100.dll
C:\Users\Cas\nspr4.dll
C:\Users\Cas\nss3.dll
C:\Users\Cas\nssckbi.dll
C:\Users\Cas\nssdbm3.dll
C:\Users\Cas\nssutil3.dll
C:\Users\Cas\plc4.dll
C:\Users\Cas\plds4.dll
C:\Users\Cas\smime3.dll
C:\Users\Cas\softokn3.dll
C:\Users\Cas\ssl3.dll
C:\Users\Cas\thunderbird.exe
C:\Users\Cas\updater.exe
C:\Users\Cas\WSEnable.exe
C:\Users\Cas\xpcom.dll
C:\Users\Cas\xul.dll


Some content of TEMP:
====================
C:\Users\Cas\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpxvppbt.dll
C:\Users\Cas\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-07-17 08:55

==================== End Of Log ============================
--- --- ---

--- --- ---


Viele Grüße und vielen Dank

schrauber 18.07.2014 05:15
Java, Adobe und Thunderbird updaten. Windows updaten, da weigert sich jemand seit 5 Jahren updates zu installieren......

Lass die Steam-Datei mal bei www.virustotal.com scannen. Ich schätze mal Fehlalarm, wie immer....

Teabone 18.07.2014 12:22
Hallo Schrauber,

virustotal sagt, die Datei ist in Ordnung. Vielen Dank.

Ich habe die updates durchgeführt, allerdings startet das Servicepaket 1 die Installation nicht - wenn ich drauf klicke sagt er mir das der Rechner mehrfach hoch und runtergefahren wird etc. bei dem Klick auf installieren passiert dann allerdings nichts. (Aber windows update sagt mir alle updates installiert)

Hast du des Weiteren eine Empfehlung für ein Schutzprogramm, was durchweg gute Arbeit leistet? - da kann man ja vielleicht auchmal ein wenig Geld investieren

Ich möchte mich nochmals für die schnelle Hilfe bedanken. :dankeschoen:
Unterstützen kann man euch am besten über eine Spende?

Viele Grüße.

schrauber 18.07.2014 18:57
Genau, Spende unterstützt uns super :)

Ich empfehle immer Emsisoft.

Offline Installer des Servicepacks schon versucht?

Teabone 26.07.2014 10:48
Sevice pack installiert und spende überwiesen :)
Vielen Dank nochmal!

Das einzige Problem was bleibt ist, das AntiVir mir jedes mal die GameOverlay.exe von Steam abblockt(Fehlalarm), obwohl ich schon angegeben habe dies zu ignorien. Dazu noch irgendwelche Vorschläge?

schrauber 26.07.2014 20:07
Antivir deinstallieren ;)


Alle Zeitangaben in WEZ +1. Es ist jetzt 08:56 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131