Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Bei fast jedem Klick geht eine neue Seite mit Werbung auf (https://www.trojaner-board.de/163002-fast-klick-geht-neue-seite-werbung.html)

pepsiderhund 20.01.2015 20:08
Bei fast jedem Klick geht eine neue Seite mit Werbung auf
 
Hallo,

ich habe Adblock installiert und auch ein Antimalware durchlaufen lassen.

Trotzdem geht bei fast jedem Klick in einem Feld (z.B. wenn man ein Paßwort eingeben muss) eine neue Internetseite mit Werbung auf.

Oder mitten auf der Internetseite erscheint Werbung die man erst schließen muss um auf der Seite weiter arbeiten / lesen zu können.

Code:

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 16:51 on 20/01/2015 (Astrid )

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-01-2015
Ran by Astrid  (administrator) on ASTRID on 20-01-2015 16:53:46
Running from C:\Users\Astrid \Downloads
Loaded Profiles: Astrid  (Available profiles: Astrid )
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Lenovo Smart Update\LenovoSmartConnectService.exe
(Haufe-Lexware GmbH & Co. KG) C:\Program Files (x86)\Lexware\Update Service\Hmg.InstallationService.Service.exe
() C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(AVG) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe
() C:\QuickStartUtil\VAWinService.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(AVG) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesApp64.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
() C:\ProgramData\DatacardService\HWDeviceService64.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
(CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
( ) C:\Program Files (x86)\LockKey\LockKey.exe
(Vimicro) C:\Program Files (x86)\USB Camera\VM331_STI.EXE
() C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe
() C:\QuickStartUtil\VAWinAgent.exe
(Lenovo) C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\ControlCenter3\BrccMCtl.exe
(Buyond GmbH) C:\Program Files (x86)\Buyond_GmbH\GloboFleet_CC\GloboFleet_CC.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
(Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Spotify Ltd) C:\Users\Astrid Böttcher\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Dropbox, Inc.) C:\Users\Astrid Böttcher\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
() C:\Users\Astrid Böttcher\Downloads\Defogger (1).exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-11] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1212048 2012-06-07] (Realtek Semiconductor)
HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Bluetooth Suite\btvstack.exe [1022592 2012-04-28] (Atheros Communications)
HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Bluetooth Suite\athbttray.exe [801920 2012-04-28] (Atheros Commnucations)
HKLM\...\Run: [UpdatePRCShortCut] => C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-13] (CyberLink Corp.)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [8079408 2012-08-21] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [6202416 2012-08-21] (Lenovo(beijing) Limited)
HKLM\...\Run: [Lenovo EE Boot Optimizer] => C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe [206176 2012-08-21] (Lenovo)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [343168 2012-03-05] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [LockKey] => C:\Program Files (x86)\LockKey\LockKey.exe [329624 2012-06-22] ( )
HKLM-x32\...\Run: [331BigDog] => C:\Program Files (x86)\USB Camera\VM331_STI.EXE [548864 2011-11-24] (Vimicro)
HKLM-x32\...\Run: [Lenovo Registration] => C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe [4351712 2012-01-26] (Lenovo, Inc.)
HKLM-x32\...\Run: [Intelligent Touchpad] => C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe [291272 2011-12-08] ()
HKLM-x32\...\Run: [YouCam Mirage] => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488 2011-01-28] (CyberLink)
HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe [228448 2011-01-28] (CyberLink Corp.)
HKLM-x32\...\Run: [VAWinAgent] => C:\QuickStartUtil\VAWinAgent.exe [45480 2012-06-04] ()
HKLM-x32\...\Run: [VeriFaceManager] => C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe [329056 2012-08-21] (Lenovo)
HKLM-x32\...\Run: [UpdatePRCShortCut] => C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-13] (CyberLink Corp.)
HKLM-x32\...\Run: [BrMfcWnd] => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1159168 2009-05-26] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [ControlCenter3] => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [GloboFleet CC] => C:\Program Files (x86)\Buyond_GmbH\GloboFleet_CC\GloboFleet_CC.exe [235328 2013-08-08] (Buyond GmbH)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-09] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [126200 2014-11-20] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\ScCertProp: wlnotify.dll [X]
HKU\S-1-5-21-3392072093-3665888848-192803557-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-08-21] (Google Inc.)
HKU\S-1-5-21-3392072093-3665888848-192803557-1000\...\Run: [Spotify] => C:\Users\Astrid Böttcher\AppData\Roaming\Spotify\Spotify.exe [6553144 2014-10-17] (Spotify Ltd)
HKU\S-1-5-21-3392072093-3665888848-192803557-1000\...\Run: [Spotify Web Helper] => C:\Users\Astrid Böttcher\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1514040 2014-10-17] (Spotify Ltd)
HKU\S-1-5-21-3392072093-3665888848-192803557-1000\...\MountPoints2: E - E:\AutoRun.exe
HKU\S-1-5-21-3392072093-3665888848-192803557-1000\...\MountPoints2: {38f5e2a6-0ff5-11e4-9569-74e543fb024d} - E:\AutoRun.exe
HKU\S-1-5-21-3392072093-3665888848-192803557-1000\...\MountPoints2: {5a958444-3809-11e3-b04d-74e543fb024d} - E:\AutoRun.exe
HKU\S-1-5-21-3392072093-3665888848-192803557-1000\...\MountPoints2: {8ba0c14b-3737-11e3-89a8-74e543fb024d} - E:\AutoRun.exe
HKU\S-1-5-21-3392072093-3665888848-192803557-1000\...\MountPoints2: {8ba0c164-3737-11e3-89a8-74e543fb024d} - E:\AutoRun.exe
HKU\S-1-5-18\...\Run: [Bitdefender-Geldbörse-Agent] => "C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe"
HKU\S-1-5-18\...\Run: [Bitdefender-Geldbörse] => "C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe" --hidden --nowizard
HKU\S-1-5-18\...\Run: [Bitdefender-Geldbörse-Anwendungs-Agent] => "C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe"
Startup: C:\Users\Astrid Böttcher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Astrid Böttcher\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} =>  No File
ShellIconOverlayIdentifiers: [SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} =>  No File
ShellIconOverlayIdentifiers: [SugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} =>  No File
ShellIconOverlayIdentifiers: [SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} =>  No File
ShellIconOverlayIdentifiers: [VeriFace Enc] -> {771C7324-DA80-49D3-8017-753B0AF60951} => C:\Windows\system32\IcnOvrly.dll ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: [S-1-5-21-3392072093-3665888848-192803557-1000] => http=127.0.0.1:60350;https=127.0.0.1:60350
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKU\S-1-5-21-3392072093-3665888848-192803557-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3392072093-3665888848-192803557-1000 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENN_deDE537
SearchScopes: HKU\S-1-5-21-3392072093-3665888848-192803557-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENN_deDE537
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-3392072093-3665888848-192803557-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.188.1
Tcpip\..\Interfaces\{0A6F295B-354E-441C-9445-C5444681D645}: [NameServer] 193.189.244.206 193.189.244.225
Tcpip\..\Interfaces\{75E76526-9C40-4A25-A1DB-649B8E2A3BFC}: [NameServer] 193.189.244.206 193.189.244.225
Tcpip\..\Interfaces\{C2A62BED-086A-4DC6-AB12-3938572A2CCB}: [NameServer] 193.189.244.206 193.189.244.225
Tcpip\..\Interfaces\{CF5D4A81-BF43-4D86-AD28-45A03D6C1711}: [NameServer] 81.218.119.15,199.203.35.75

FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF HKLM-x32\...\Firefox\Extensions: [7go@7go.com] - C:\Users\Astrid\AppData\Roaming\Mozilla\Extensions\7go@7go.com
FF Extension: 7Go Games - C:\Users\Astrid \AppData\Roaming\Mozilla\Extensions\7go@7go.com [2013-09-16]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF HKU\S-1-5-21-3392072093-3665888848-192803557-1000\...\Firefox\Extensions: [7go@7go.com] - C:\Users\Astrid \AppData\Roaming\Mozilla\Extensions\7go@7go.com

Chrome:
=======
CHR HomePage: Default -> hxxp://www.mystart.com/?pr=vmn&id=mystarttb&v=5_4&ent=hp_5108&src=5108
CHR StartupUrls: Default -> "hxxp://www.mystart.com/?pr=vmn&id=mystarttb&v=5_4&ent=hp_5108&src=5108", "hxxp://www.google.de/"
CHR Profile: C:\Users\Astrid \AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Astrid \AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-02-17]
CHR Extension: (Google Drive) - C:\Users\Astrid \AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-02-17]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Astrid Böttcher\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-08-27]
CHR Extension: (YouTube) - C:\Users\Astrid \AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-02-17]
CHR Extension: (Google-Suche) - C:\Users\Astrid \AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-02-17]
CHR Extension: (AdBlock) - C:\Users\Astrid \AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-10-15]
CHR Extension: (appbarioDE) - C:\Users\Astrid Böttcher\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdneagjiboclldmglpjofpeipkbollcf [2014-01-13]
CHR Extension: (Google Wallet) - C:\Users\Astrid \AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-17]
CHR Extension: (Google Mail) - C:\Users\Astrid \AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-02-17]
CHR HKU\S-1-5-21-3392072093-3665888848-192803557-1000\...\Chrome\Extension: [kdneagjiboclldmglpjofpeipkbollcf] - C:\Users\Astrid Böttcher\AppData\Local\CRE\kdneagjiboclldmglpjofpeipkbollcf.crx [2013-08-28]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
CHR HKLM-x32\...\Chrome\Extension: [kdneagjiboclldmglpjofpeipkbollcf] - C:\Users\Astrid Böttcher\AppData\Local\CRE\kdneagjiboclldmglpjofpeipkbollcf.crx [2013-08-28]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-12-09] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-09] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [166192 2014-11-20] (Avira Operations GmbH & Co. KG)
S2 BootShieldSvc; C:\Windows\System32\BootShieldSvc.exe [123952 2012-02-06] (Lenovo)
R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-02-21] (Intel Corporation)
R2 LenovoSmartConnectService; C:\Program Files (x86)\Lenovo\Lenovo Smart Update\LenovoSmartConnectService.exe [66608 2012-02-20] (Lenovo)
R2 Lexware_Update_Service; C:\Program Files (x86)\Lexware\Update Service\Hmg.InstallationService.Service.exe [61992 2014-02-18] (Haufe-Lexware GmbH & Co. KG)
S2 Mobile Partner. RunOuc; C:\Program Files (x86)\Mobile Partner\UpdateDog\ouc.exe [239968 2013-10-17] ()
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [2102072 2013-12-18] (AVG)
R2 VideAceWindowsService; C:\QuickStartUtil\VAWinService.exe [91464 2011-03-25] ()
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 ZAtheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [163456 2012-04-28] (Atheros)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 amdkmpfd; C:\Windows\System32\DRIVERS\amdkmpfd.sys [31872 2012-02-01] (Advanced Micro Devices, Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-07] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-10-07] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-08-15] (Avira Operations GmbH & Co. KG)
R0 BootShield; C:\Windows\System32\drivers\BootShield.sys [31536 2012-04-16] (Lenovo Corporation")
R1 BootShieldfltr; C:\Windows\System32\drivers\BootShieldfltr.sys [61744 2012-02-16] (Lenovo Corporation)
R3 cxbu0x64; C:\Windows\System32\DRIVERS\cxbu0x64.sys [191224 2014-04-05] (HID Global Corporation)
R3 LAD; C:\Windows\System32\DRIVERS\LAD.sys [8192 2012-01-12] (TODO: <Company name>)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-20] (Malwarebytes Corporation)
S3 MHIKEY10; C:\Windows\System32\Drivers\MHIKEY10x64.sys [60288 2010-09-15] (Generic USB smartcard reader)
S3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [27960 2012-07-13] (Synaptics Incorporated)
S3 TTHID; C:\Windows\System32\DRIVERS\Cinergy_Hybrid-Stick_HID.sys [27944 2012-09-27] (DTV-DVB)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [14112 2013-12-16] (TuneUp Software)
S3 UDXTTM6010; C:\Windows\System32\DRIVERS\UDXTTM6010.sys [841384 2012-09-27] ()
R3 vm331avs; C:\Windows\System32\Drivers\vm331avs.sys [952832 2011-12-06] (Vimicro Corporation)
U3 BcmSqlStartupSvc; No ImagePath
S1 BdfNdisf; \??\c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [X]
U2 CLKMSVC10_3A60B698; No ImagePath
U2 CLKMSVC10_C3B3B687; No ImagePath
U2 DriverService; No ImagePath
U2 iATAgentService; No ImagePath
U2 idealife Update Service; No ImagePath
U3 IGRS; No ImagePath
U2 IviRegMgr; No ImagePath
U2 Oasis2Service; No ImagePath
U2 PCCarerService; No ImagePath
U2 ReadyComm.DirectRouter; No ImagePath
U2 RichVideo; No ImagePath
U2 RtLedService; No ImagePath
U2 SeaPort; No ImagePath
U2 SoftwareService; No ImagePath
U3 SQLWriter; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-20 16:53 - 2015-01-20 16:54 - 00026353 _____ () C:\Users\Astrid \Downloads\FRST.txt
2015-01-20 16:53 - 2015-01-20 16:53 - 00000000 ____D () C:\FRST
2015-01-20 16:52 - 2015-01-20 16:52 - 02126848 _____ (Farbar) C:\Users\Astrid \Downloads\FRST64.exe
2015-01-20 16:50 - 2015-01-20 16:50 - 00050477 _____ () C:\Users\Astrid \Downloads\Defogger (1).exe
2015-01-20 16:37 - 2015-01-20 16:51 - 00000492 _____ () C:\Users\Astrid \Downloads\defogger_disable.log
2015-01-20 16:37 - 2015-01-20 16:37 - 00000000 _____ () C:\Users\Astrid \defogger_reenable
2015-01-20 16:36 - 2015-01-20 16:36 - 00050477 _____ () C:\Users\Astrid \Downloads\Defogger.exe
2015-01-20 15:08 - 2015-01-20 15:09 - 02186752 _____ () C:\Users\Astrid \Downloads\adwcleaner_4.108.exe
2015-01-14 10:06 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 10:06 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 10:06 - 2014-12-11 18:47 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 10:06 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 10:06 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-14 10:06 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-14 10:05 - 2014-12-12 06:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-14 10:05 - 2014-12-12 06:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-14 10:05 - 2014-12-12 06:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-14 10:05 - 2014-12-12 06:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-14 10:05 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-14 10:05 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-14 10:05 - 2014-12-12 06:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-12 11:36 - 2015-01-09 13:20 - 00017770 _____ () C:\Users\Astrid \Documents\Ohne%20Mwst%204.%20Quartal%202014.xls_0.ods
2015-01-12 11:36 - 2015-01-09 13:00 - 00023337 _____ () C:\Users\Astrid \Documents\4.%20Quartal%202014.xls_0.ods
2015-01-12 11:36 - 2015-01-08 21:19 - 00017217 _____ () C:\Users\Astrid \Documents\Essensplan%202015.xls_1.ods
2015-01-08 17:02 - 2015-01-08 17:02 - 00083456 _____ () C:\Users\Astrid \Downloads\Polen Reiseeinzelheiten IV Quartal 2014- UMSATZSTEUER Polen.xls
2014-12-28 19:04 - 2015-01-20 08:14 - 00010240 _____ () C:\Users\Astrid \Desktop\Essensplan 2015.xls
2014-12-28 17:08 - 2014-12-30 17:43 - 00015872 _____ () C:\Users\Astrid \Desktop\Essensplan2014.xls
2014-12-28 14:03 - 2014-12-28 14:03 - 16766700 _____ (Adobe Systems Incorporated) C:\Users\Astrid Böttcher\Downloads\hauptantrag.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-20 16:46 - 2014-07-18 10:18 - 00000000 ____D () C:\Users\Astrid \Desktop\Handybilder Vladi
2015-01-20 16:44 - 2014-04-23 12:37 - 00000000 ____D () C:\Users\Astrid \AppData\Roaming\Spotify
2015-01-20 16:43 - 2014-09-02 20:16 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-20 16:43 - 2014-09-02 20:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-20 16:43 - 2014-09-02 20:16 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-01-20 16:37 - 2013-09-05 07:49 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-20 16:37 - 2013-05-21 09:30 - 00000000 ____D () C:\Users\Astrid
2015-01-20 16:35 - 2009-07-14 05:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-20 16:35 - 2009-07-14 05:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-20 16:17 - 2012-08-21 06:56 - 01694842 _____ () C:\Windows\WindowsUpdate.log
2015-01-20 16:13 - 2014-01-29 13:07 - 00000000 ___RD () C:\Users\Astrid \Dropbox
2015-01-20 16:13 - 2014-01-29 13:06 - 00000000 ____D () C:\Users\Astrid \AppData\Roaming\Dropbox
2015-01-20 16:11 - 2012-08-21 08:06 - 00669829 _____ () C:\Windows\system32\fastboot.set
2015-01-20 16:11 - 2012-08-21 07:57 - 00000000 ____D () C:\ProgramData\VeriFace
2015-01-20 16:10 - 2013-05-21 09:30 - 03178577 _____ () C:\FaceProv.log
2015-01-20 16:10 - 2012-08-21 07:58 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-20 16:09 - 2010-11-21 04:47 - 01063504 _____ () C:\Windows\PFRO.log
2015-01-20 16:09 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-20 16:09 - 2009-07-14 05:51 - 00133001 _____ () C:\Windows\setupact.log
2015-01-20 16:08 - 2014-02-17 11:57 - 00000000 ____D () C:\AdwCleaner
2015-01-20 15:58 - 2012-08-21 07:58 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-20 15:52 - 2014-12-10 12:06 - 00011264 _____ () C:\Users\Astrid \Desktop\Aktuell offene Rechnungen.xls
2015-01-19 11:29 - 2014-08-28 10:22 - 00000000 ____D () C:\Users\Astrid \AppData\Local\Windows Live
2015-01-18 12:41 - 2014-02-17 14:15 - 00002186 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-01-16 14:10 - 2012-08-21 16:34 - 00714910 _____ () C:\Windows\system32\perfh007.dat
2015-01-16 14:10 - 2012-08-21 16:34 - 00154704 _____ () C:\Windows\system32\perfc007.dat
2015-01-16 14:10 - 2009-07-14 06:13 - 01651208 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-14 22:34 - 2013-10-23 06:12 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-14 22:23 - 2013-10-23 06:12 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-14 11:37 - 2013-09-05 07:49 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-14 11:37 - 2013-09-05 07:49 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-14 11:37 - 2013-09-05 07:49 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-10 20:05 - 2013-05-21 09:33 - 00124184 _____ () C:\Users\Astrid \AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-10 20:03 - 2009-07-14 05:45 - 00479480 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-01-08 13:46 - 2013-06-03 13:06 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-01-08 13:46 - 2013-05-22 14:39 - 00000000 ____D () C:\Users\Astrid \AppData\Local\CrashDumps
2015-01-06 04:36 - 2010-11-21 04:27 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-12-28 14:17 - 2014-10-20 16:56 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk

==================== Files in the root of some directories =======
2014-08-22 08:50 - 2014-08-22 08:50 - 0033193 _____ () C:\Users\Astrid \AppData\Roaming\UserTile.png
2014-01-13 13:52 - 2014-09-02 09:18 - 0000264 _____ () C:\Users\Astrid \AppData\Roaming\WB.CFG
2014-01-13 13:52 - 2014-01-31 07:36 - 0000005 _____ () C:\Users\Astrid \AppData\Roaming\WBPU-TTL.DAT
2014-11-24 19:00 - 2014-11-24 19:00 - 0003584 _____ () C:\Users\Astrid \AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-09-02 10:42 - 2014-09-02 10:42 - 0631728 _____ () C:\Users\Astrid \AppData\Local\nsk6922.tmp
2014-03-24 09:31 - 2014-03-24 09:40 - 0135932 _____ () C:\ProgramData\1395649919.1768.bin
2014-03-24 09:32 - 2014-03-24 09:32 - 0002969 _____ () C:\ProgramData\1395649919.3340.bin
2014-03-24 09:32 - 2014-03-24 09:40 - 0205400 _____ () C:\ProgramData\1395649919.3372.bin
2014-03-24 09:32 - 2014-03-24 09:36 - 0017164 _____ () C:\ProgramData\1395649919.3904.bin
2014-03-24 09:32 - 2014-03-24 09:32 - 0017887 _____ () C:\ProgramData\1395649919.3976.bin
2014-03-24 09:36 - 2014-03-24 09:36 - 0002247 _____ () C:\ProgramData\1395649919.4524.bin
2014-03-24 09:32 - 2014-03-24 09:34 - 0001545 _____ () C:\ProgramData\1395649919.4556.bin
2014-03-24 09:32 - 2014-03-24 09:40 - 0075842 _____ () C:\ProgramData\1395649919.4988.bin
2014-03-24 09:32 - 2014-03-24 09:32 - 0009466 _____ () C:\ProgramData\1395649919.5884.bin
2014-03-24 09:32 - 2014-03-24 09:32 - 0001090 _____ () C:\ProgramData\1395649919.6092.bin
2014-03-24 09:32 - 2014-03-24 09:32 - 0001090 _____ () C:\ProgramData\1395649919.6620.bin
2014-03-24 09:32 - 2014-03-24 09:40 - 0047226 _____ () C:\ProgramData\1395649919.7336.bin
2014-09-04 12:37 - 2014-09-04 12:37 - 0492542 _____ () C:\ProgramData\1409830434.bdinstall.bin
2014-11-19 10:11 - 2014-11-19 10:11 - 0248150 _____ () C:\ProgramData\1416388167.bdinstall.bin
2012-08-21 08:07 - 2012-08-21 08:07 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some content of TEMP:
====================
C:\Users\Astrid \AppData\Local\Temp\APNSetup.exe
C:\Users\Astrid \AppData\Local\Temp\AskSLib.dll
C:\Users\Astrid \AppData\Local\Temp\avgnt.exe
C:\Users\Astrid \AppData\Local\Temp\BackupSetup.exe
C:\Users\Astrid \AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp7ewslq.dll
C:\Users\Astrid \AppData\Local\Temp\DseShExt-x64.dll
C:\Users\Astrid \AppData\Local\Temp\DseShExt-x86.dll
C:\Users\Astrid \AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Astrid \AppData\Local\Temp\Quarantine.exe
C:\Users\Astrid \AppData\Local\Temp\SDShelEx-win32.dll
C:\Users\Astrid \AppData\Local\Temp\SDShelEx-x64.dll
C:\Users\Astrid \AppData\Local\Temp\setup_337.exe
C:\Users\Astrid \AppData\Local\Temp\SHSetup.exe
C:\Users\Astrid \AppData\Local\Temp\sqlite3.dll
C:\Users\Astrid \AppData\Local\Temp\System.Data.SQLite.dll
C:\Users\Astrid \AppData\Local\Temp\tbappb.dll
C:\Users\Astrid \AppData\Local\Temp\TUUUninstallHelper.exe
C:\Users\Astrid \AppData\Local\Temp\uninst1.exe
C:\Users\Astrid \AppData\Local\Temp\vcredist_x64.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-06 09:26

==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-01-2015
Ran by Astrid at 2015-01-20 16:55:55
Running from C:\Users\Astrid \Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Absolute Reminder (HKLM-x32\...\{40F4FF7A-B214-4453-B973-080B09CED019}) (Version: 2.0.0.17 - Absolute Software)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 14.0.0.178 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.257 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{1AAB4E7F-4704-3EE4-D284-14CD1B170580}) (Version: 3.0.859.0 - Advanced Micro Devices, Inc.)
Atheros Bluetooth Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.4.0.135 - Atheros)
Atheros WLAN Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 9.0 - Atheros)
ATI Uninstaller (HKLM\...\ATI Uninstaller) (Version: 8.933.3.4-120305a-139851C-Lenovo - Advanced Micro Devices, Inc.)
AVG PC TuneUp 2014 (de-DE) (x32 Version: 14.0.1001.295 - AVG) Hidden
AVG PC TuneUp 2014 (HKLM-x32\...\AVG PC TuneUp) (Version: 14.0.1001.295 - AVG)
AVG PC TuneUp 2014 (x32 Version: 14.0.1001.295 - AVG) Hidden
Avira (HKLM-x32\...\{e7c7c227-b742-4878-9425-f09bbf9951db}) (Version: 1.1.27.25527 - Avira Operations & Co. KG)
Avira (x32 Version: 1.1.27.25527 - Avira Operations & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira)
Benutzerhandbuch (x32 Version: 1.0.0.6 - Lenovo) Hidden
BootShield (HKLM-x32\...\{4677B88C-CE16-4CBB-A2CB-B76E9D456C7F}) (Version: 1.0.1.9 - Lenovo)
Brother MFL-Pro Suite MFC-7840W (HKLM-x32\...\{46E1B1F2-A279-4356-9B17-029F9CC72EAE}) (Version: 1.0.1.0 - Brother Industries, Ltd.)
Cinergy Hybrid Stick V1.00.08.06a (HKLM-x32\...\Cinergy Hybrid Stick) (Version: 1.00.08.06a - )
Content Manager 2 (HKLM-x32\...\Content Manager 2) (Version: 3.18.0.342250 - NNG Llc.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
dakota.ag (x32 Version: 6.0 - ITSG GmbH) Hidden
Dolby Advanced Audio v2 (HKLM-x32\...\{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}) (Version: 7.2.8000.13 - Dolby Laboratories Inc)
Dropbox (HKU\S-1-5-21-3392072093-3665888848-192803557-1000\...\Dropbox) (Version: 3.0.3 - Dropbox, Inc.)
ElsterFormular (HKLM-x32\...\ElsterFormular) (Version: 15.1.13904 - Landesfinanzdirektion Thüringen)
Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 7.0.4.1 - Lenovo)
Energy Management (x32 Version: 7.0.4.1 - Lenovo) Hidden
Foxtab (HKLM-x32\...\foxtab) (Version:  - FoxTab) <==== ATTENTION!
FoxTab (HKU\S-1-5-21-3392072093-3665888848-192803557-1000\...\FoxTab) (Version:  - FoxTab) <==== ATTENTION!
Free PDF to Word Doc Converter v1.1 (HKLM-x32\...\Free PDF to Word Doc Converter_is1) (Version: 1.1 - www.hellopdf.com)
GloboFleet CC (HKLM-x32\...\{59A56988-9AC7-43FD-A26A-D61C587B86BD}) (Version: 3.7.4 - Buyond GmbH)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.99 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Intel(R) Display Audio Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 6.14.00.3090 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.3.1427 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.1.0.1006 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{09536BA1-E498-4CC3-B834-D884A67D7E34}) (Version: 1.23.605.1 - Intel Corporation)
Intelligent Touchpad (HKLM-x32\...\{FDB0A81A-1173-4B15-BEA4-89FEA0474F17}) (Version: 1.00.0108 - Lenovo)
Java 7 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.450 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Lenovo EasyCamera (HKLM-x32\...\{ADE16A9D-FBDC-4ecc-B6BD-9C31E51D0332}) (Version: 13.11.1206.1 - Vimicro)
Lenovo EE Boot Optimizer (HKLM\...\Lenovo EE Boot Optimizer) (Version: 0.0.1.9 - Lenovo)
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 7.0.0.3807 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 7.0.0.3807 - CyberLink Corp.) Hidden
Lenovo Registration (HKLM-x32\...\{6707C034-ED6B-4B6A-B21F-969B3606FBDE}) (Version: 1.0.4 - Lenovo Inc.)
Lenovo Smart Update (HKLM-x32\...\{29B7C0EB-A1E6-4BC3-8344-70EDE4F189F1}) (Version: 1.1.30 - Lenovo Corporation)
Lenovo YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.1.3728 - CyberLink Corp.)
Lenovo YouCam (x32 Version: 3.1.3728 - CyberLink Corp.) Hidden
LenovoDrv_x64 (HKLM\...\{83E68458-AF28-4CA4-8AFC-595A10307290}) (Version: 1.0.00 - Lenovo)
Lexware Elster (HKLM-x32\...\{CEF3D480-E4A5-4962-BCF5-D72F355B4E98}) (Version: 14.02.00.0015 - Haufe-Lexware GmbH & Co.KG)
Lexware Info Service (x32 Version: 4.01.00.0077 - Haufe-Lexware GmbH & Co.KG) Hidden
Lexware Installations Dienst (HKLM-x32\...\{F40A1497-1339-49BE-BF28-41FFBCB59E3F}) (Version: 3.02.00.0016 - Haufe-Lexware GmbH & Co.KG)
Lexware lohn+gehalt 2014 (HKLM-x32\...\{45419170-a070-49b9-a935-566c9f6c8ddf}) (Version: 18.0.0.106 - Haufe-Lexware GmbH & Co.KG)
Lexware lohn+gehalt 2014 (x32 Version: 18.04.00.0221 - Haufe-Lexware GmbH & Co.KG) Hidden
Lexware online banking (HKLM-x32\...\{7F603892-89C9-4EC4-9236-7AD4A798EA41}) (Version: 21.00.00.0039 - Haufe-Lexware GmbH & Co.KG)
LockKey (HKLM-x32\...\InstallShield_{AF192694-4B15-4AC1-92F3-1B02E98C08BD}) (Version: 1.38.2.1 - Lenovo)
LockKey (x32 Version: 1.38.2.1 - Lenovo) Hidden
Logitech Unifying-Software 2.10 (HKLM\...\Logitech Unifying) (Version: 2.10.37 - Logitech)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Professional 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM-x32\...\Office15.PROPLUSR) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Mobile Partner (HKLM-x32\...\Mobile Partner) (Version: 21.005.15.02.382 - Huawei Technologies Co.,Ltd)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.2.0 - Mozilla)
Mozilla Thunderbird 31.2.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 31.2.0 (x86 de)) (Version: 31.2.0 - Mozilla)
Naviextras Toolbox Prerequesities (HKLM-x32\...\{537575D6-3B96-474C-BD8F-DFF667363DBD}) (Version: 1.0.0 - NNG Llc.)
Office Trial Extender (HKLM-x32\...\{F18ADBD4-320F-4A67-9709-0FE9412BB0FA}_is1) (Version: 1.0.0.7 - pXc-coding.com)
OpenOffice 4.0.1 (HKLM-x32\...\{0AEC308E-7EB3-47F7-BB59-F2C9C6166B27}) (Version: 4.01.9714 - Apache Software Foundation)
Outils de vérification linguistique 2013 de Microsoft Office*- Français (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
QuickStart (HKLM-x32\...\InstallShield_{36B0DC39-3282-40EB-8587-B875CE46C3A7}) (Version: 3.3.2.33 - VideACE Co.)
QuickStart (x32 Version: 3.3.2.33 - VideACE Co.) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.54.309.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6657 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7601.39019 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Revo Uninstaller Pro 3.1.1 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.1 - VS Revo Group, Ltd.)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{7F6C4883-A18C-459A-82C1-A2F9403F2DA6}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-3392072093-3665888848-192803557-1000\...\Spotify) (Version: 0.9.14.13.gba5645ad - Spotify AB)
sv.net (HKLM-x32\...\sv.net) (Version: 14.0 - ITSG GmbH)
TERRATEC Cinergy Hybrid Stick (64 Bit) (HKLM-x32\...\{53DE5511-BBC4-441D-AD55-6B8E23A3AA05}) (Version: 1.00.08.06 - TERRATEC Electronic GmbH)
UserGuide (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.6 - Lenovo)
VeriFace (HKLM-x32\...\VeriFace) (Version: 4.0.1.1230 - Lenovo)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Windows Driver Package - Lenovo Corporation (LAD) System  (01/13/2012 1.0.0.2) (HKLM\...\5E61CDC4058A17FE9BE3046B1846F3118CD618B1) (Version: 01/13/2012 1.0.0.2 - Lenovo Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows-Treiberpaket - Lenovo (ACPIVPC) System  (12/15/2011 7.1.0.1) (HKLM\...\99841829BE839365AA67B2AD0E50D371F59F8A1E) (Version: 12/15/2011 7.1.0.1 - Lenovo)
Windows-Treiberpaket - TerraTec  (TTHID) HIDClass  (05/21/2009 1.00.01.05) (HKLM\...\7051B1F240802F891754E1EFC6431B0D98C2DA65) (Version: 05/21/2009 1.00.01.05 - TerraTec )
Windows-Treiberpaket - TerraTec  (UDXTTM6010) Media  (05/14/2009 1.00.08.06) (HKLM\...\FCC6C304DBC4CB7CFCC0BEF0BCE1BEC491CD289D) (Version: 05/14/2009 1.00.08.06 - TerraTec )
WinRAR 5.00 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3392072093-3665888848-192803557-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Astrid Böttcher\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3392072093-3665888848-192803557-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Astrid Böttcher\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3392072093-3665888848-192803557-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Astrid Böttcher\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3392072093-3665888848-192803557-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Astrid Böttcher\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3392072093-3665888848-192803557-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Astrid Böttcher\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3392072093-3665888848-192803557-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Astrid Böttcher\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3392072093-3665888848-192803557-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Astrid Böttcher\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3392072093-3665888848-192803557-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Astrid Böttcher\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3392072093-3665888848-192803557-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Astrid Böttcher\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

==================== Restore Points  =========================

02-01-2015 11:42:28 Windows Update
04-01-2015 23:21:28 Windows-Sicherung
06-01-2015 13:39:10 Windows Update
12-01-2015 10:20:30 Windows-Sicherung
14-01-2015 22:22:32 Windows Update
19-01-2015 07:35:44 Windows-Sicherung
20-01-2015 08:55:00 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0DE6B6B7-40F8-4FEC-83FE-1216C32F1722} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-22] (Microsoft Corporation)
Task: {1A7F141E-6586-4065-B81D-0C3F5E8896AC} - System32\Tasks\Lexware-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Lexware\Update Manager\LxUpdateManager.exe [2013-10-17] (Haufe-Lexware GmbH & Co. KG)
Task: {34181D99-9194-4533-9337-049720EDAEF9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-22] (Google Inc.)
Task: {3CF7A384-D880-4C10-A30C-10DE8BC4AE9A} - System32\Tasks\Absolute Reminder => C:\Program Files (x86)\Absolute Software\Absolute Reminder\AbsoluteReminder.exe [2011-07-12] (Absolute Software)
Task: {458FB7D0-196A-4D5C-8C71-85C52183A791} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe
Task: {482551A7-02EF-4BD8-BDAB-7917336C0864} - System32\Tasks\{A86E2EAC-4F55-4F24-8D01-B5EC4F1943F4} => Chrome.exe
Task: {54CEA39E-6D75-4A9B-A453-B8E83A8B7F5E} - System32\Tasks\MirageAgent => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [2011-01-28] (CyberLink)
Task: {57CB3CD4-AF8E-4875-918C-7C265FA57460} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {5E18AC64-F2CC-4C74-AC98-92FC1D1C0CCD} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {7C0BD3B8-372E-46C3-ABDD-962B26735DF1} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files (x86)\AVG\AVG PC TuneUp\OneClick.exe [2013-12-18] (AVG)
Task: {94607EFC-BBE2-4F8E-AF39-C79E44CBE998} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2013-07-02] (Oracle Corporation)
Task: {9D958EBD-6395-4B59-BF33-8883A20892FC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-22] (Google Inc.)
Task: {DD463A05-C133-4CAC-BEBE-5C6A31AFC1CD} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-22] (Microsoft Corporation)
Task: {F51D985B-E3DA-44F5-801F-9580C27BB6D3} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-14] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-10-17 15:28 - 2013-10-17 15:27 - 00239968 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe
2014-11-23 13:15 - 2005-04-22 13:36 - 00143360 _____ () C:\Windows\system32\BrSNMP64.dll
2013-12-18 09:38 - 2013-12-18 09:38 - 00742200 _____ () C:\Program Files (x86)\AVG\AVG PC TuneUp\avgrepliba.dll
2011-03-25 16:55 - 2011-03-25 16:55 - 00091464 _____ () C:\QuickStartUtil\VAWinService.exe
2012-08-21 07:57 - 2012-08-21 07:57 - 01508192 _____ () C:\Windows\system32\IcnOvrly.dll
2012-08-21 07:57 - 2012-08-21 07:57 - 00628064 _____ () C:\Windows\system32\SimpleExt.dll
2008-12-20 02:20 - 2012-08-21 08:05 - 00054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\HookLib.dll
2012-04-19 15:22 - 2012-08-21 08:05 - 01516592 _____ () C:\Program Files (x86)\Lenovo\Energy Management\EMWpfUI.dll
2012-03-10 15:31 - 2012-08-21 08:05 - 00012336 _____ () C:\Program Files (x86)\Lenovo\Energy Management\de-DE\EMWpfUI.resources.dll
2008-12-20 02:20 - 2012-08-21 08:05 - 00054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\kbdhook.dll
2011-03-14 16:27 - 2011-03-14 16:27 - 00346976 _____ () C:\ProgramData\DatacardService\HWDeviceService64.exe
2012-03-05 03:43 - 2012-03-05 03:43 - 00369152 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2012-08-21 07:52 - 2011-12-08 10:12 - 00291272 _____ () C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe
2012-06-04 12:04 - 2012-06-04 12:04 - 00045480 _____ () C:\QuickStartUtil\VAWinAgent.exe
2012-06-18 05:37 - 2012-03-26 10:33 - 00094208 _____ () C:\Windows\system32\IccLibDll_x64.dll
2015-01-20 16:50 - 2015-01-20 16:50 - 00050477 _____ () C:\Users\Astrid \Downloads\Defogger (1).exe
2013-10-17 15:28 - 2013-10-17 15:27 - 00011362 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\mingwm10.dll
2013-10-17 15:28 - 2013-10-17 15:27 - 00043008 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\libgcc_s_dw2-1.dll
2013-10-17 15:28 - 2013-10-17 15:27 - 02415104 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\QtCore4.dll
2013-10-17 15:28 - 2013-10-17 15:27 - 01148416 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\QtNetwork4.dll
2013-10-17 15:28 - 2013-10-17 15:27 - 00383488 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\QueryStrategy.dll
2013-10-17 15:28 - 2013-10-17 15:27 - 00398336 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\QtXml4.dll
2011-03-25 16:55 - 2011-03-25 16:55 - 00157000 _____ () C:\QuickStartUtil\libexpat.dll
2011-03-25 16:55 - 2011-03-25 16:55 - 00061768 _____ () C:\QuickStartUtil\netProfileDatabase.DLL
2012-08-21 07:57 - 2012-08-21 07:57 - 00013664 _____ () C:\Program Files (x86)\Lenovo\VeriFace\ChooseLang.dll
2013-05-21 11:27 - 2009-02-27 16:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2014-10-22 01:22 - 2014-10-22 01:22 - 00750080 _____ () C:\Users\Astrid \AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-01-20 16:13 - 2015-01-20 16:13 - 00043008 _____ () c:\Users\Astrid \AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp7ewslq.dll
2014-10-22 01:22 - 2014-10-22 01:22 - 00047616 _____ () C:\Users\Astrid \AppData\Roaming\Dropbox\bin\libEGL.dll
2014-10-22 01:22 - 2014-10-22 01:22 - 00863744 _____ () C:\Users\Astrid \AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2014-10-22 01:22 - 2014-10-22 01:22 - 00200704 _____ () C:\Users\Astrid \AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2015-01-18 12:41 - 2015-01-09 01:35 - 01077064 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\libglesv2.dll
2015-01-18 12:41 - 2015-01-09 01:35 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\libegl.dll
2015-01-18 12:41 - 2015-01-09 01:35 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\pdf.dll
2015-01-18 12:41 - 2015-01-09 01:35 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\ffmpegsumo.dll
2012-08-21 07:23 - 2012-02-01 15:25 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2015-01-18 12:41 - 2015-01-09 01:35 - 14913352 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\PepperFlash\pepflashplayer.dll
2012-08-21 07:09 - 2012-02-21 11:09 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\Astrid \Downloads\avira_free_antivirus_de_14.0.6.570.exe:BDU
AlternateDataStreams: C:\Users\Astrid \Downloads\Boot & Fun 2014.eml:OECustomProperty

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-3392072093-3665888848-192803557-500 - Administrator - Disabled)
Astrid (S-1-5-21-3392072093-3665888848-192803557-1000 - Administrator - Enabled) => C:\Users\Astrid
Gast (S-1-5-21-3392072093-3665888848-192803557-501 - Limited - Disabled)

==================== Faulty Device Manager Devices =============

Name: BitDefender Firewall NDIS 6 Filter Driver
Description: BitDefender Firewall NDIS 6 Filter Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: BdfNdisf
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/20/2015 04:11:38 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/20/2015 04:11:06 PM) (Source: BootShieldSvc) (EventID: 256) (User: )
Description: An error has occurred (---query FLAG_AUTO_SVC_CHANGED key success failed with 1, The Code is:0x424.).

Error: (01/20/2015 04:11:06 PM) (Source: BootShieldSvc) (EventID: 256) (User: )
Description: An error has occurred (---Get FLAG_AUTO_SVC_CHANGED Open key suc failed with 0, The Code is:0x422.).

Error: (01/20/2015 04:11:06 PM) (Source: BootShieldSvc) (EventID: 256) (User: )
Description: An error has occurred (---query FLAG_AUTO_SVC_CHANGED key success failed with 1, The Code is:0x424.).

Error: (01/20/2015 04:11:06 PM) (Source: BootShieldSvc) (EventID: 256) (User: )
Description: An error has occurred (---Get FLAG_AUTO_SVC_CHANGED Open key suc failed with 0, The Code is:0x422.).

Error: (01/20/2015 04:11:06 PM) (Source: BootShieldSvc) (EventID: 256) (User: )
Description: An error has occurred (---query POLICYVT key success failed with 0, The Code is:0x424.).

Error: (01/20/2015 04:11:06 PM) (Source: BootShieldSvc) (EventID: 256) (User: )
Description: An error has occurred (---Get Poicy Open key suc failed with 0, The Code is:0x422.).

Error: (01/20/2015 04:11:06 PM) (Source: BootShieldSvc) (EventID: 256) (User: )
Description: An error has occurred (---query FLAG_AUTO_SVC_CHANGED key success failed with 1, The Code is:0x424.).

Error: (01/20/2015 04:11:06 PM) (Source: BootShieldSvc) (EventID: 256) (User: )
Description: An error has occurred (---Get FLAG_AUTO_SVC_CHANGED Open key suc failed with 0, The Code is:0x422.).

Error: (01/20/2015 04:11:06 PM) (Source: BootShieldSvc) (EventID: 256) (User: )
Description: An error has occurred (---query POLICYVT key success failed with 0, The Code is:0x424.).


System errors:
=============
Error: (01/20/2015 04:10:40 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
BdfNdisf
cdrom

Error: (01/20/2015 04:10:10 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Mobile Partner. OUC" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053

Error: (01/20/2015 04:10:10 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Mobile Partner. OUC erreicht.

Error: (01/20/2015 04:09:56 PM) (Source: SCardSvr) (EventID: 602) (User: )
Description: Das System kann den angegebenen Pfad nicht finden.

Error: (01/20/2015 04:09:56 PM) (Source: SCardSvr) (EventID: 602) (User: )
Description: Das System kann den angegebenen Pfad nicht finden.

Error: (01/20/2015 04:09:56 PM) (Source: SCardSvr) (EventID: 602) (User: )
Description: Das System kann den angegebenen Pfad nicht finden.

Error: (01/20/2015 04:09:56 PM) (Source: SCardSvr) (EventID: 602) (User: )
Description: Das System kann den angegebenen Pfad nicht finden.

Error: (01/20/2015 04:09:56 PM) (Source: SCardSvr) (EventID: 602) (User: )
Description: Das System kann den angegebenen Pfad nicht finden.

Error: (01/20/2015 04:09:56 PM) (Source: SCardSvr) (EventID: 602) (User: )
Description: Das System kann den angegebenen Pfad nicht finden.

Error: (01/20/2015 04:09:56 PM) (Source: SCardSvr) (EventID: 602) (User: )
Description: Das System kann den angegebenen Pfad nicht finden.


Microsoft Office Sessions:
=========================
Error: (01/20/2015 04:11:38 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/20/2015 04:11:06 PM) (Source: BootShieldSvc) (EventID: 256) (User: )
Description: BootShieldSvc---query FLAG_AUTO_SVC_CHANGED key success failed with 1, The Code is:0x424.

Error: (01/20/2015 04:11:06 PM) (Source: BootShieldSvc) (EventID: 256) (User: )
Description: BootShieldSvc---Get FLAG_AUTO_SVC_CHANGED Open key suc failed with 0, The Code is:0x422.

Error: (01/20/2015 04:11:06 PM) (Source: BootShieldSvc) (EventID: 256) (User: )
Description: BootShieldSvc---query FLAG_AUTO_SVC_CHANGED key success failed with 1, The Code is:0x424.

Error: (01/20/2015 04:11:06 PM) (Source: BootShieldSvc) (EventID: 256) (User: )
Description: BootShieldSvc---Get FLAG_AUTO_SVC_CHANGED Open key suc failed with 0, The Code is:0x422.

Error: (01/20/2015 04:11:06 PM) (Source: BootShieldSvc) (EventID: 256) (User: )
Description: BootShieldSvc---query POLICYVT key success failed with 0, The Code is:0x424.

Error: (01/20/2015 04:11:06 PM) (Source: BootShieldSvc) (EventID: 256) (User: )
Description: BootShieldSvc---Get Poicy Open key suc failed with 0, The Code is:0x422.

Error: (01/20/2015 04:11:06 PM) (Source: BootShieldSvc) (EventID: 256) (User: )
Description: BootShieldSvc---query FLAG_AUTO_SVC_CHANGED key success failed with 1, The Code is:0x424.

Error: (01/20/2015 04:11:06 PM) (Source: BootShieldSvc) (EventID: 256) (User: )
Description: BootShieldSvc---Get FLAG_AUTO_SVC_CHANGED Open key suc failed with 0, The Code is:0x422.

Error: (01/20/2015 04:11:06 PM) (Source: BootShieldSvc) (EventID: 256) (User: )
Description: BootShieldSvc---query POLICYVT key success failed with 0, The Code is:0x424.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i3-2365M CPU @ 1.40GHz
Percentage of memory in use: 73%
Total physical RAM: 3996.36 MB
Available physical RAM: 1044.85 MB
Total Pagefile: 7990.9 MB
Available Pagefile: 3917.29 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (Windows7_OS) (Fixed) (Total:420.56 GB) (Free:241.57 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (LENOVO) (Fixed) (Total:25.47 GB) (Free:20.55 GB) NTFS
Drive e: (USB20FD) (Removable) (Total:3.77 GB) (Free:1.08 GB) FAT32
Drive g: (TOSHIBA EXT) (Fixed) (Total:931.51 GB) (Free:433.15 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 9A6A9913)
Partition 1: (Active) - (Size=200 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=420.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=25.5 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=19.5 GB) - (Type=12)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 5DA13049)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 3.8 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=3.8 GB) - (Type=0C)

==================== End Of Log ============================

GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-01-20 18:19:00
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 ST500LT0 rev.0001 465,76GB
Running: Gmer-19357.exe; Driver: C:\Users\ASTRID~1\AppData\Local\Temp\uftiqpow.sys


---- Kernel code sections - GMER 2.1 ----

INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 448                                                                                                                                                                                                            fffff800035fa000 45 bytes [00, 00, 09, 02, 56, 61, 64, ...]
INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 495                                                                                                                                                                                                            fffff800035fa02f 17 bytes [00, 01, 0A, 00, 00, 00, 00, ...]

---- User code sections - GMER 2.1 ----

?        C:\Windows\system32\mssprxy.dll [2920] entry point in ".rdata" section                                                                                                                                                                                                        00000000745371e6
.text    C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe[4940] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                                                                                                                            00000000762d1401 2 bytes JMP 74c8b21b C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe[4940] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                                                                                                                              00000000762d1419 2 bytes JMP 74c8b346 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe[4940] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                                                                                                                            00000000762d1431 2 bytes JMP 74d08ea9 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe[4940] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                                                                                                                            00000000762d144a 2 bytes CALL 74c648ad C:\Windows\syswow64\kernel32.dll
.text    ...                                                                                                                                                                                                                                                                          * 9
.text    C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe[4940] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                                                                                                                              00000000762d14dd 2 bytes JMP 74d087a2 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe[4940] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                                                                                                                                        00000000762d14f5 2 bytes JMP 74d08978 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe[4940] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                                                                                                                              00000000762d150d 2 bytes JMP 74d08698 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe[4940] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                                                                                                                                        00000000762d1525 2 bytes JMP 74d08a62 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe[4940] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                                                                                                                              00000000762d153d 2 bytes JMP 74c7fca8 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe[4940] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                                                                                                                                  00000000762d1555 2 bytes JMP 74c868ef C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe[4940] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                                                                                                                            00000000762d156d 2 bytes JMP 74d08f61 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe[4940] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                                                                                                                              00000000762d1585 2 bytes JMP 74d08ac2 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe[4940] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                                                                                                                                00000000762d159d 2 bytes JMP 74d0865c C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe[4940] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                                                                                                                              00000000762d15b5 2 bytes JMP 74c7fd41 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe[4940] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                                                                                                                            00000000762d15cd 2 bytes JMP 74c8b2dc C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe[4940] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                                                                                                                                        00000000762d16b2 2 bytes JMP 74d08e24 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe[4940] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                                                                                                                                        00000000762d16bd 2 bytes JMP 74d085f1 C:\Windows\syswow64\kernel32.dll
.text    C:\Users\Astrid \AppData\Roaming\Dropbox\bin\Dropbox.exe[7008] C:\Windows\syswow64\Psapi.dll!GetModuleFileNameExW + 17                                                                                                                                                00000000762d1401 2 bytes JMP 74c8b21b C:\Windows\syswow64\kernel32.dll
.text    C:\Users\Astrid \AppData\Roaming\Dropbox\bin\Dropbox.exe[7008] C:\Windows\syswow64\Psapi.dll!EnumProcessModules + 17                                                                                                                                                  00000000762d1419 2 bytes JMP 74c8b346 C:\Windows\syswow64\kernel32.dll
.text    C:\Users\Astrid \AppData\Roaming\Dropbox\bin\Dropbox.exe[7008] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 17                                                                                                                                                00000000762d1431 2 bytes JMP 74d08ea9 C:\Windows\syswow64\kernel32.dll
.text    C:\Users\Astrid \AppData\Roaming\Dropbox\bin\Dropbox.exe[7008] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 42                                                                                                                                                00000000762d144a 2 bytes CALL 74c648ad C:\Windows\syswow64\kernel32.dll
.text    ...                                                                                                                                                                                                                                                                          * 9
.text    C:\Users\Astrid \AppData\Roaming\Dropbox\bin\Dropbox.exe[7008] C:\Windows\syswow64\Psapi.dll!EnumDeviceDrivers + 17                                                                                                                                                  00000000762d14dd 2 bytes JMP 74d087a2 C:\Windows\syswow64\kernel32.dll
.text    C:\Users\Astrid \AppData\Roaming\Dropbox\bin\Dropbox.exe[7008] C:\Windows\syswow64\Psapi.dll!GetDeviceDriverBaseNameA + 17                                                                                                                                            00000000762d14f5 2 bytes JMP 74d08978 C:\Windows\syswow64\kernel32.dll
.text    C:\Users\Astrid \AppData\Roaming\Dropbox\bin\Dropbox.exe[7008] C:\Windows\syswow64\Psapi.dll!QueryWorkingSetEx + 17                                                                                                                                                  00000000762d150d 2 bytes JMP 74d08698 C:\Windows\syswow64\kernel32.dll
.text    C:\Users\Astrid \AppData\Roaming\Dropbox\bin\Dropbox.exe[7008] C:\Windows\syswow64\Psapi.dll!GetDeviceDriverBaseNameW + 17                                                                                                                                            00000000762d1525 2 bytes JMP 74d08a62 C:\Windows\syswow64\kernel32.dll
.text    C:\Users\Astrid \AppData\Roaming\Dropbox\bin\Dropbox.exe[7008] C:\Windows\syswow64\Psapi.dll!GetModuleBaseNameW + 17                                                                                                                                                  00000000762d153d 2 bytes JMP 74c7fca8 C:\Windows\syswow64\kernel32.dll
.text    C:\Users\Astrid \AppData\Roaming\Dropbox\bin\Dropbox.exe[7008] C:\Windows\syswow64\Psapi.dll!EnumProcesses + 17                                                                                                                                                      00000000762d1555 2 bytes JMP 74c868ef C:\Windows\syswow64\kernel32.dll
.text    C:\Users\Astrid \AppData\Roaming\Dropbox\bin\Dropbox.exe[7008] C:\Windows\syswow64\Psapi.dll!GetProcessMemoryInfo + 17                                                                                                                                                00000000762d156d 2 bytes JMP 74d08f61 C:\Windows\syswow64\kernel32.dll
.text    C:\Users\Astrid \AppData\Roaming\Dropbox\bin\Dropbox.exe[7008] C:\Windows\syswow64\Psapi.dll!GetPerformanceInfo + 17                                                                                                                                                  00000000762d1585 2 bytes JMP 74d08ac2 C:\Windows\syswow64\kernel32.dll
.text    C:\Users\Astrid \AppData\Roaming\Dropbox\bin\Dropbox.exe[7008] C:\Windows\syswow64\Psapi.dll!QueryWorkingSet + 17                                                                                                                                                    00000000762d159d 2 bytes JMP 74d0865c C:\Windows\syswow64\kernel32.dll
.text    C:\Users\Astrid \AppData\Roaming\Dropbox\bin\Dropbox.exe[7008] C:\Windows\syswow64\Psapi.dll!GetModuleBaseNameA + 17                                                                                                                                                  00000000762d15b5 2 bytes JMP 74c7fd41 C:\Windows\syswow64\kernel32.dll
.text    C:\Users\Astrid \AppData\Roaming\Dropbox\bin\Dropbox.exe[7008] C:\Windows\syswow64\Psapi.dll!GetModuleFileNameExA + 17                                                                                                                                                00000000762d15cd 2 bytes JMP 74c8b2dc C:\Windows\syswow64\kernel32.dll
.text    C:\Users\Astrid \AppData\Roaming\Dropbox\bin\Dropbox.exe[7008] C:\Windows\syswow64\Psapi.dll!GetProcessImageFileNameW + 20                                                                                                                                            00000000762d16b2 2 bytes JMP 74d08e24 C:\Windows\syswow64\kernel32.dll
.text    C:\Users\Astrid \AppData\Roaming\Dropbox\bin\Dropbox.exe[7008] C:\Windows\syswow64\Psapi.dll!GetProcessImageFileNameW + 31                                                                                                                                            00000000762d16bd 2 bytes JMP 74d085f1 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2580] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                                                                                                                      00000000762d1401 2 bytes JMP 74c8b21b C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2580] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                                                                                                                        00000000762d1419 2 bytes JMP 74c8b346 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2580] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                                                                                                                      00000000762d1431 2 bytes JMP 74d08ea9 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2580] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                                                                                                                      00000000762d144a 2 bytes CALL 74c648ad C:\Windows\syswow64\kernel32.dll
.text    ...                                                                                                                                                                                                                                                                          * 9
.text    C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2580] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                                                                                                                          00000000762d14dd 2 bytes JMP 74d087a2 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2580] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                                                                                                                                  00000000762d14f5 2 bytes JMP 74d08978 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2580] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                                                                                                                          00000000762d150d 2 bytes JMP 74d08698 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2580] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                                                                                                                                  00000000762d1525 2 bytes JMP 74d08a62 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2580] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                                                                                                                        00000000762d153d 2 bytes JMP 74c7fca8 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2580] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                                                                                                                              00000000762d1555 2 bytes JMP 74c868ef C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2580] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                                                                                                                      00000000762d156d 2 bytes JMP 74d08f61 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2580] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                                                                                                                        00000000762d1585 2 bytes JMP 74d08ac2 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2580] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                                                                                                                            00000000762d159d 2 bytes JMP 74d0865c C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2580] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                                                                                                                        00000000762d15b5 2 bytes JMP 74c7fd41 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2580] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                                                                                                                      00000000762d15cd 2 bytes JMP 74c8b2dc C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2580] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                                                                                                                                  00000000762d16b2 2 bytes JMP 74d08e24 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2580] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                                                                                                                                  00000000762d16bd 2 bytes JMP 74d085f1 C:\Windows\syswow64\kernel32.dll
?        C:\Windows\system32\mssprxy.dll [2580] entry point in ".rdata" section                                                                                                                                                                                                        00000000745371e6

---- Threads - GMER 2.1 ----

Thread    C:\Windows\SysWOW64\ntdll.dll [1940:1944]                                                                                                                                                                                                                                    000000000003c18f
Thread    C:\Windows\SysWOW64\ntdll.dll [1940:2076]                                                                                                                                                                                                                                    0000000072918f48
Thread    C:\Windows\SysWOW64\ntdll.dll [1940:2112]                                                                                                                                                                                                                                    0000000072918f48
Thread    C:\Windows\SysWOW64\ntdll.dll [1940:2116]                                                                                                                                                                                                                                    0000000072aa1c10
Thread    C:\Windows\SysWOW64\ntdll.dll [1940:3744]                                                                                                                                                                                                                                    0000000064c75880
Thread    C:\Windows\SysWOW64\ntdll.dll [1940:3740]                                                                                                                                                                                                                                    0000000064c75880
Thread    C:\Windows\SysWOW64\ntdll.dll [1940:3748]                                                                                                                                                                                                                                    0000000064c75880
Thread    C:\Windows\SysWOW64\ntdll.dll [1940:3784]                                                                                                                                                                                                                                    0000000064c73520
Thread    C:\Windows\SysWOW64\ntdll.dll [1940:3804]                                                                                                                                                                                                                                    0000000065123e60
Thread    C:\Windows\SysWOW64\ntdll.dll [1940:6840]                                                                                                                                                                                                                                    0000000071b75590
Thread    C:\Windows\SysWOW64\ntdll.dll [1940:2432]                                                                                                                                                                                                                                    0000000071b75d70
Thread    C:\Windows\SysWOW64\ntdll.dll [1940:4016]                                                                                                                                                                                                                                    0000000072cae69f
---- Processes - GMER 2.1 ----

Library  C:\ProgramData\Mobile Partner\OnlineUpdate\mingwm10.dll (*** suspicious ***) @ C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe [2400](2013-10-17 14:28:24)                                                                                                                000000006fbc0000
Library  C:\ProgramData\Mobile Partner\OnlineUpdate\libgcc_s_dw2-1.dll (*** suspicious ***) @ C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe [2400](2013-10-17 14:28:24)                                                                                                          000000006e940000
Library  C:\ProgramData\Mobile Partner\OnlineUpdate\QtCore4.dll (*** suspicious ***) @ C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe [2400](2013-10-17 14:28:24)                                                                                                                  000000006a1c0000
Library  C:\ProgramData\Mobile Partner\OnlineUpdate\QtNetwork4.dll (*** suspicious ***) @ C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe [2400](2013-10-17 14:28:24)                                                                                                              000000006ff00000
Library  C:\ProgramData\Mobile Partner\OnlineUpdate\QueryStrategy.dll (*** suspicious ***) @ C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe [2400](2013-10-17 14:28:24)                                                                                                            000000006efc0000
Library  C:\ProgramData\Mobile Partner\OnlineUpdate\QtXml4.dll (*** suspicious ***) @ C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe [2400](2013-10-17 14:28:24)                                                                                                                  000000006ed40000
Library  C:\Users\Astrid \AppData\Roaming\Dropbox\bin\Qt5Widgets.dll (*** suspicious ***) @ C:\Users\Astrid \AppData\Roaming\Dropbox\bin\Dropbox.exe [7008] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2014-10-22 00:22:46)        0000000058e50000
Library  C:\Users\Astrid \AppData\Roaming\Dropbox\bin\Qt5Gui.dll (*** suspicious ***) @ C:\Users\Astrid \AppData\Roaming\Dropbox\bin\Dropbox.exe [7008] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2014-10-22 00:22:38)            0000000058b10000
Library  C:\Users\Astrid \AppData\Roaming\Dropbox\bin\libGLESv2.dll (*** suspicious ***) @ C:\Users\Astrid \AppData\Roaming\Dropbox\bin\Dropbox.exe [7008](2014-10-22 00:22:50)                                                                                        0000000058a50000
Library  C:\Users\Astrid \AppData\Roaming\Dropbox\bin\Qt5Core.dll (*** suspicious ***) @ C:\Users\Astrid \AppData\Roaming\Dropbox\bin\Dropbox.exe [7008] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2014-10-22 00:22:38)          0000000058660000
Library  C:\Users\Astrid \AppData\Roaming\Dropbox\bin\icuin52.dll (*** suspicious ***) @ C:\Users\Astrid \AppData\Roaming\Dropbox\bin\Dropbox.exe [7008] (ICU I18N DLL/The ICU Project)(2014-10-22 00:22:50)                                                          000000004a900000
Library  C:\Users\Astrid \AppData\Roaming\Dropbox\bin\icuuc52.dll (*** suspicious ***) @ C:\Users\Astrid \AppData\Roaming\Dropbox\bin\Dropbox.exe [7008] (ICU Common DLL/The ICU Project)(2014-10-22 00:22:50)                                                        0000000004590000
Library  C:\Users\Astrid \AppData\Roaming\Dropbox\bin\icudt52.dll (*** suspicious ***) @ C:\Users\Astrid \AppData\Roaming\Dropbox\bin\Dropbox.exe [7008] (ICU Data DLL/The ICU Project)(2014-10-22 00:22:50)                                                          000000004ad00000
Library  c:\users\astrid~1\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp7ewslq.dll (*** suspicious ***) @ C:\Users\Astrid Böttcher\AppData\Roaming\Dropbox\bin\Dropbox.exe [7008](2015-01-20 15:13:08)                                              0000000003ff0000
Library  C:\Users\Astrid \AppData\Roaming\Dropbox\bin\Qt5Network.dll (*** suspicious ***) @ C:\Users\Astrid \AppData\Roaming\Dropbox\bin\Dropbox.exe [7008] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2014-10-22 00:22:38)        0000000051c90000
Library  C:\Users\Astrid \AppData\Roaming\Dropbox\bin\Qt5WebKit.dll (*** suspicious ***) @ C:\Users\Astrid \AppData\Roaming\Dropbox\bin\Dropbox.exe [7008] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2014-10-22 00:22:40)        0000000050c20000
Library  C:\Users\Astrid \AppData\Roaming\Dropbox\bin\Qt5Quick.dll (*** suspicious ***) @ C:\Users\Astrid \AppData\Roaming\Dropbox\bin\Dropbox.exe [7008] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2014-10-22 00:22:40)          0000000050a00000
Library  C:\Users\Astrid \AppData\Roaming\Dropbox\bin\Qt5Qml.dll (*** suspicious ***) @ C:\Users\Astrid \AppData\Roaming\Dropbox\bin\Dropbox.exe [7008] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2014-10-22 00:22:40)            00000000507a0000
Library  C:\Users\Astrid \AppData\Roaming\Dropbox\bin\Qt5Sql.dll (*** suspicious ***) @ C:\Users\Astrid \AppData\Roaming\Dropbox\bin\Dropbox.exe [7008] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2014-10-22 00:22:40)            0000000051c60000
Library  C:\Users\Astrid \AppData\Roaming\Dropbox\bin\libEGL.dll (*** suspicious ***) @ C:\Users\Astrid \AppData\Roaming\Dropbox\bin\Dropbox.exe [7008](2014-10-22 00:22:50)                                                                                          0000000059680000
Library  C:\Users\Astrid \AppData\Roaming\Dropbox\bin\Qt5WebKitWidgets.dll (*** suspicious ***) @ C:\Users\Astrid \AppData\Roaming\Dropbox\bin\Dropbox.exe [7008] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2014-10-22 00:22:46)  0000000050770000
Library  C:\Users\Astrid \AppData\Roaming\Dropbox\bin\Qt5OpenGL.dll (*** suspicious ***) @ C:\Users\Astrid \AppData\Roaming\Dropbox\bin\Dropbox.exe [7008] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2014-10-22 00:22:38)        0000000050730000
Library  C:\Users\Astrid \AppData\Roaming\Dropbox\bin\Qt5PrintSupport.dll (*** suspicious ***) @ C:\Users\Astrid \AppData\Roaming\Dropbox\bin\Dropbox.exe [7008] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2014-10-22 00:22:38)  00000000506e0000
Library  C:\Users\Astrid \AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll (*** suspicious ***) @ C:\Users\Astrid \AppData\Roaming\Dropbox\bin\Dropbox.exe [7008](2014-10-22 00:22:48)                                                                      0000000050600000
Library  C:\Users\Astrid \AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll (*** suspicious ***) @ C:\Users\Astrid \AppData\Roaming\Dropbox\bin\Dropbox.exe [7008](2014-10-22 00:22:46)                                                                      0000000051fc0000

---- Registry - GMER 2.1 ----

Reg      HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\74e543fb024d                                                                                                                                                                                                 
Reg      HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\74e543fb024d (not active ControlSet)                                                                                                                                                                             

---- EOF - GMER 2.1 ----
Gruß

Astrid

schrauber 20.01.2015 20:49
hi,

Lade Dir bitte von hier Revo Uninstaller Download Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.
  • Installiere und starte das Programm. (Bebilderte Anleitung zu Revo Uninstaller)
  • Klicke auf Optionen und wähle als Sprache Deutsch.
  • Suche im Uninstallerfeld nach den Programmen:

    Foxtab


  • Wähle die Programme nacheinander aus und klicke jedes Mal auf Uninstall.
  • Wähle anschließend den Modus "Moderat" aus.
  • Reste löschen:
    Klicke auf dann auf und dann auf .

 





Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

pepsiderhund 21.01.2015 08:33
Code:
Combofix Logfile:

       
Code:

       
ComboFix 15-01-18.01 - Astrid Böttcher 21.01.2015   8:15.2.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.3996.2373 [GMT 1:00]
ausgeführt von:: c:\users\Astrid \Downloads\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Desktop *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Vorheriger Suchlauf -------
.
c:\programdata\1395649919.1768.bin
c:\programdata\1395649919.3340.bin
c:\programdata\1395649919.3372.bin
c:\programdata\1395649919.3904.bin
c:\programdata\1395649919.3976.bin
c:\programdata\1395649919.4524.bin
c:\programdata\1395649919.4556.bin
c:\programdata\1395649919.4988.bin
c:\programdata\1395649919.5884.bin
c:\programdata\1395649919.6092.bin
c:\programdata\1395649919.6620.bin
c:\programdata\1395649919.7336.bin
c:\programdata\1409830434.bdinstall.bin
c:\programdata\1416388167.bdinstall.bin
c:\users\Astrid \AppData\Local\nsk6922.tmp
c:\users\Astrid \AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
c:\users\ASTRID~1\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
D:\autorun.inf
D:\setup.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2014-12-21 bis 2015-01-21  ))))))))))))))))))))))))))))))
.
.
2015-01-21 07:23 . 2015-01-21 07:23        --------        d-----w-        c:\users\Default\AppData\Local\temp
2015-01-21 06:43 . 2015-01-21 06:43        75888        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{AAC2E42A-8FFA-417B-A3D7-D58C1D316668}\offreg.dll
2015-01-21 06:38 . 2014-12-02 10:26        11870360        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{AAC2E42A-8FFA-417B-A3D7-D58C1D316668}\mpengine.dll
2015-01-20 15:53 . 2015-01-20 15:57        --------        d-----w-        C:\FRST
2015-01-14 09:06 . 2014-12-11 17:47        52736        ----a-w-        c:\windows\system32\TSWbPrxy.exe
2015-01-14 09:06 . 2014-12-19 03:06        210432        ----a-w-        c:\windows\system32\profsvc.dll
2015-01-14 09:06 . 2014-12-19 01:46        141312        ----a-w-        c:\windows\system32\drivers\mrxdav.sys
2015-01-14 09:06 . 2014-12-06 04:17        303616        ----a-w-        c:\windows\system32\nlasvc.dll
2015-01-14 09:06 . 2014-12-06 03:50        52224        ----a-w-        c:\windows\SysWow64\nlaapi.dll
2015-01-14 09:06 . 2014-12-06 03:50        156672        ----a-w-        c:\windows\SysWow64\ncsi.dll
2015-01-14 09:05 . 2014-12-12 05:35        5553592        ----a-w-        c:\windows\system32\ntoskrnl.exe
2015-01-14 09:05 . 2014-12-12 05:11        3971512        ----a-w-        c:\windows\SysWow64\ntkrnlpa.exe
2015-01-14 09:05 . 2014-12-12 05:31        503808        ----a-w-        c:\windows\system32\srcore.dll
2015-01-14 09:05 . 2014-12-12 05:31        50176        ----a-w-        c:\windows\system32\srclient.dll
2015-01-14 09:05 . 2014-12-12 05:31        296960        ----a-w-        c:\windows\system32\rstrui.exe
2015-01-14 09:05 . 2014-12-12 05:11        3916728        ----a-w-        c:\windows\SysWow64\ntoskrnl.exe
2015-01-14 09:05 . 2014-12-12 05:07        43008        ----a-w-        c:\windows\SysWow64\srclient.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-01-20 15:43 . 2014-09-02 19:16        129752        ----a-w-        c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-01-14 21:23 . 2013-10-23 05:12        113365784        ----a-w-        c:\windows\system32\MRT.exe
2015-01-14 10:37 . 2013-09-05 06:49        71344        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-01-14 10:37 . 2013-09-05 06:49        701616        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe
2015-01-06 03:36 . 2010-11-21 03:27        298120        ------w-        c:\windows\system32\MpSigStub.exe
2014-12-13 05:09 . 2014-12-19 12:56        144384        ----a-w-        c:\windows\system32\ieUnatt.exe
2014-12-13 03:33 . 2014-12-19 12:56        115712        ----a-w-        c:\windows\SysWow64\ieUnatt.exe
2014-12-04 02:50 . 2014-12-10 11:38        413184        ----a-w-        c:\windows\system32\generaltel.dll
2014-12-04 02:50 . 2014-12-10 11:39        741376        ----a-w-        c:\windows\system32\invagent.dll
2014-12-04 02:50 . 2014-12-10 11:38        396800        ----a-w-        c:\windows\system32\devinv.dll
2014-12-04 02:50 . 2014-12-10 11:39        830976        ----a-w-        c:\windows\system32\appraiser.dll
2014-12-04 02:50 . 2014-12-10 11:39        192000        ----a-w-        c:\windows\system32\aepic.dll
2014-12-04 02:50 . 2014-12-10 11:38        227328        ----a-w-        c:\windows\system32\aepdu.dll
2014-12-04 02:44 . 2014-12-10 11:39        1083392        ----a-w-        c:\windows\system32\aeinv.dll
2014-12-02 22:42 . 2014-12-02 22:42        0        ----a-w-        c:\windows\SysWow64\sho7B7B.tmp
2014-12-01 23:28 . 2014-12-10 11:39        1232040        ----a-w-        c:\windows\system32\aitstatic.exe
2014-11-27 01:43 . 2014-12-10 11:37        389296        ----a-w-        c:\windows\system32\iedkcs32.dll
2014-11-22 03:15 . 2014-11-22 03:15        0        ----a-w-        c:\windows\SysWow64\sho9DF8.tmp
2014-11-22 03:13 . 2014-12-10 11:37        25059840        ----a-w-        c:\windows\system32\mshtml.dll
2014-11-22 03:06 . 2014-12-10 11:37        2724864        ----a-w-        c:\windows\system32\mshtml.tlb
2014-11-22 03:06 . 2014-12-10 11:37        4096        ----a-w-        c:\windows\system32\ieetwcollectorres.dll
2014-11-22 02:50 . 2014-12-10 11:37        66560        ----a-w-        c:\windows\system32\iesetup.dll
2014-11-22 02:50 . 2014-12-10 11:37        580096        ----a-w-        c:\windows\system32\vbscript.dll
2014-11-22 02:49 . 2014-12-10 11:37        48640        ----a-w-        c:\windows\system32\ieetwproxystub.dll
2014-11-22 02:49 . 2014-12-10 11:37        2885120        ----a-w-        c:\windows\system32\iertutil.dll
2014-11-22 02:48 . 2014-12-10 11:37        88064        ----a-w-        c:\windows\system32\MshtmlDac.dll
2014-11-22 02:41 . 2014-12-10 11:37        54784        ----a-w-        c:\windows\system32\jsproxy.dll
2014-11-22 02:40 . 2014-12-10 11:37        34304        ----a-w-        c:\windows\system32\iernonce.dll
2014-11-22 02:37 . 2014-12-10 11:37        633856        ----a-w-        c:\windows\system32\ieui.dll
2014-11-22 02:35 . 2014-12-10 11:37        114688        ----a-w-        c:\windows\system32\ieetwcollector.exe
2014-11-22 02:34 . 2014-12-10 11:37        814080        ----a-w-        c:\windows\system32\jscript9diag.dll
2014-11-22 02:34 . 2014-12-10 11:37        6039552        ----a-w-        c:\windows\system32\jscript9.dll
2014-11-22 02:26 . 2014-12-10 11:37        968704        ----a-w-        c:\windows\system32\MsSpellCheckingFacility.exe
2014-11-22 02:22 . 2014-12-10 11:37        490496        ----a-w-        c:\windows\system32\dxtmsft.dll
2014-11-22 02:20 . 2014-12-10 11:37        2724864        ----a-w-        c:\windows\SysWow64\mshtml.tlb
2014-11-22 02:14 . 2014-12-10 11:37        77824        ----a-w-        c:\windows\system32\JavaScriptCollectionAgent.dll
2014-11-22 02:09 . 2014-12-10 11:37        199680        ----a-w-        c:\windows\system32\msrating.dll
2014-11-22 02:08 . 2014-12-10 11:37        92160        ----a-w-        c:\windows\system32\mshtmled.dll
2014-11-22 02:07 . 2014-12-10 11:37        501248        ----a-w-        c:\windows\SysWow64\vbscript.dll
2014-11-22 02:07 . 2014-12-10 11:37        62464        ----a-w-        c:\windows\SysWow64\iesetup.dll
2014-11-22 02:06 . 2014-12-10 11:37        47616        ----a-w-        c:\windows\SysWow64\ieetwproxystub.dll
2014-11-22 02:05 . 2014-12-10 11:37        64000        ----a-w-        c:\windows\SysWow64\MshtmlDac.dll
2014-11-22 02:05 . 2014-12-10 11:37        316928        ----a-w-        c:\windows\system32\dxtrans.dll
2014-11-22 01:54 . 2014-12-10 11:37        620032        ----a-w-        c:\windows\SysWow64\jscript9diag.dll
2014-11-22 01:49 . 2014-12-10 11:37        718848        ----a-w-        c:\windows\system32\ie4uinit.exe
2014-11-22 01:49 . 2014-12-10 11:37        800768        ----a-w-        c:\windows\system32\msfeeds.dll
2014-11-22 01:47 . 2014-12-10 11:37        1359360        ----a-w-        c:\windows\system32\mshtmlmedia.dll
2014-11-22 01:46 . 2014-12-10 11:37        2125312        ----a-w-        c:\windows\system32\inetcpl.cpl
2014-11-22 01:43 . 2014-12-10 11:37        14412800        ----a-w-        c:\windows\system32\ieframe.dll
2014-11-22 01:40 . 2014-12-10 11:37        60416        ----a-w-        c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2014-11-22 01:29 . 2014-12-10 11:37        4299264        ----a-w-        c:\windows\SysWow64\jscript9.dll
2014-11-22 01:28 . 2014-12-10 11:37        2358272        ----a-w-        c:\windows\system32\wininet.dll
2014-11-22 01:22 . 2014-12-10 11:37        2052096        ----a-w-        c:\windows\SysWow64\inetcpl.cpl
2014-11-22 01:21 . 2014-12-10 11:37        1155072        ----a-w-        c:\windows\SysWow64\mshtmlmedia.dll
2014-11-22 01:15 . 2014-12-10 11:37        1548288        ----a-w-        c:\windows\system32\urlmon.dll
2014-11-22 01:03 . 2014-12-10 11:37        800768        ----a-w-        c:\windows\system32\ieapfltr.dll
2014-11-22 01:00 . 2014-12-10 11:37        1888256        ----a-w-        c:\windows\SysWow64\wininet.dll
2014-11-21 05:14 . 2014-09-02 19:16        63704        ----a-w-        c:\windows\system32\drivers\mwac.sys
2014-11-21 05:14 . 2014-09-02 19:16        93400        ----a-w-        c:\windows\system32\drivers\mbamchameleon.sys
2014-11-21 05:14 . 2014-09-02 19:16        25816        ----a-w-        c:\windows\system32\drivers\mbam.sys
2014-11-18 19:47 . 2014-11-18 19:47        1247904        ----a-w-        c:\windows\SysWow64\FM20.DLL
2014-11-14 12:49 . 2014-11-14 12:49        0        ----a-w-        c:\windows\SysWow64\sho14B6.tmp
2014-11-11 03:09 . 2014-12-10 11:38        1424384        ----a-w-        c:\windows\system32\WindowsCodecs.dll
2014-11-11 03:08 . 2014-11-19 06:03        241152        ----a-w-        c:\windows\system32\pku2u.dll
2014-11-11 03:08 . 2014-11-19 06:03        728064        ----a-w-        c:\windows\system32\kerberos.dll
2014-11-11 02:44 . 2014-12-10 11:38        1230336        ----a-w-        c:\windows\SysWow64\WindowsCodecs.dll
2014-11-11 02:44 . 2014-11-19 06:03        186880        ----a-w-        c:\windows\SysWow64\pku2u.dll
2014-11-11 02:44 . 2014-11-19 06:03        550912        ----a-w-        c:\windows\SysWow64\kerberos.dll
2014-11-11 01:46 . 2014-12-10 11:38        119296        ----a-w-        c:\windows\system32\drivers\tdx.sys
2014-11-08 03:16 . 2014-12-10 11:36        2048        ----a-w-        c:\windows\system32\tzres.dll
2014-11-08 02:45 . 2014-12-10 11:36        2048        ----a-w-        c:\windows\SysWow64\tzres.dll
2014-10-30 02:03 . 2014-12-10 11:36        165888        ----a-w-        c:\windows\system32\charmap.exe
2014-10-30 01:45 . 2014-12-10 11:36        155136        ----a-w-        c:\windows\SysWow64\charmap.exe
2014-10-25 01:57 . 2014-11-12 10:40        77824        ----a-w-        c:\windows\system32\packager.dll
2014-10-25 01:32 . 2014-11-12 10:40        67584        ----a-w-        c:\windows\SysWow64\packager.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2014-11-12 16:16        1729744        ----a-w-        c:\progra~2\MICROS~3\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2014-11-12 16:16        1729744        ----a-w-        c:\progra~2\MICROS~3\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2014-11-12 16:16        1729744        ----a-w-        c:\progra~2\MICROS~3\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04        131480        ----a-w-        c:\users\Astrid \AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04        131480        ----a-w-        c:\users\Astrid \AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04        131480        ----a-w-        c:\users\Astrid Böttcher\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-08-21 39408]
"Spotify"="c:\users\Astrid \AppData\Roaming\Spotify\Spotify.exe" [2014-10-17 6553144]
"Spotify Web Helper"="c:\users\Astrid \AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2014-10-17 1514040]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-03-05 343168]
"LockKey"="c:\program files (x86)\LockKey\LockKey.exe" [2012-06-22 329624]
"331BigDog"="c:\program files (x86)\USB Camera\VM331_STI.EXE" [2011-11-24 548864]
"Lenovo Registration"="c:\program files (x86)\Lenovo Registration\LenovoReg.exe" [2012-01-26 4351712]
"Intelligent Touchpad"="c:\program files\Lenovo\Intelligent Touchpad\TouchZone.exe" [2011-12-08 291272]
"YouCam Mirage"="c:\program files (x86)\Lenovo\YouCam\YCMMirage.exe" [2011-01-28 136488]
"YouCam Tray"="c:\program files (x86)\Lenovo\YouCam\YouCam.exe" [2011-01-28 228448]
"VAWinAgent"="c:\quickstartutil\VAWinAgent.exe" [2012-06-04 45480]
"VeriFaceManager"="c:\program files (x86)\Lenovo\VeriFace\PManage.exe" [2012-08-21 329056]
"UpdatePRCShortCut"="c:\program files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-13 222504]
"BrMfcWnd"="c:\program files (x86)\Brother\Brmfcmon\BrMfcWnd.exe" [2009-05-26 1159168]
"ControlCenter3"="c:\program files (x86)\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688]
"GloboFleet CC"="c:\program files (x86)\Buyond_GmbH\GloboFleet_CC\GloboFleet_CC.exe" [2013-08-08 235328]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2014-12-09 702768]
"Avira Systray"="c:\program files (x86)\Avira\My Avira\Avira.OE.Systray.exe" [2014-11-20 126200]
.
c:\users\Astrid \AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Astrid Böttcher\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-12-9 39207112]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"midi2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"LexwareInfoService"=c:\program files (x86)\Lexware\Update Manager\LxUpdateManager.exe /autostart
.
R1 BdfNdisf;BitDefender Firewall NDIS 6 Filter Driver;c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys;c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [x]
R2 BootShieldSvc;Fast boot service of lenovo;c:\windows\System32\BootShieldSvc.exe;c:\windows\SYSNATIVE\BootShieldSvc.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 Mobile Partner. RunOuc;Mobile Partner. OUC;c:\program files (x86)\Mobile Partner\UpdateDog\ouc.exe;c:\program files (x86)\Mobile Partner\UpdateDog\ouc.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ew_hwusbdev.sys [x]
R3 ewusbmbb;HUAWEI USB-WWAN miniport;c:\windows\system32\DRIVERS\ewusbwwan.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbwwan.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
R3 MHIKEY10;MHIKEY10;c:\windows\system32\Drivers\MHIKEY10x64.sys;c:\windows\SYSNATIVE\Drivers\MHIKEY10x64.sys [x]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys;c:\windows\SYSNATIVE\DRIVERS\revoflt.sys [x]
R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUVStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUVStor.sys [x]
R3 SmbDrvI;SmbDrvI;c:\windows\system32\DRIVERS\Smb_driver_Intel.sys;c:\windows\SYSNATIVE\DRIVERS\Smb_driver_Intel.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 TTHID;Cinergy Hybrid-Stick HID service;c:\windows\system32\DRIVERS\Cinergy_Hybrid-Stick_HID.sys;c:\windows\SYSNATIVE\DRIVERS\Cinergy_Hybrid-Stick_HID.sys [x]
R3 UDXTTM6010;Cinergy Hybrid-Stick BDA service;c:\windows\system32\DRIVERS\UDXTTM6010.sys;c:\windows\SYSNATIVE\DRIVERS\UDXTTM6010.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys;c:\windows\SYSNATIVE\DRIVERS\wsvd.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 amdkmpfd;AMD PCI Root Bus Lower Filter;c:\windows\system32\DRIVERS\amdkmpfd.sys;c:\windows\SYSNATIVE\DRIVERS\amdkmpfd.sys [x]
S0 BootShield;BootShield;c:\windows\system32\drivers\BootShield.sys;c:\windows\SYSNATIVE\drivers\BootShield.sys [x]
S0 fbfmon;fbfmon;c:\windows\system32\drivers\fbfmon.sys;c:\windows\SYSNATIVE\drivers\fbfmon.sys [x]
S0 iusb3hcs;Intel(R) USB 3.0 Hostcontroller-Switchtreiber;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S0 LHDmgr;LHDmgr;c:\windows\System32\DRIVERS\LhdX64.sys;c:\windows\SYSNATIVE\DRIVERS\LhdX64.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S1 BootShieldfltr;BootShieldfltr;c:\windows\system32\drivers\BootShieldfltr.sys;c:\windows\SYSNATIVE\drivers\BootShieldfltr.sys [x]
S1 BPntDrv;BPntDrv;c:\windows\system32\drivers\BPntDrv.sys;c:\windows\SYSNATIVE\drivers\BPntDrv.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Bluetooth Suite\adminservice.exe [x]
S2 Avira.OE.ServiceHost;Avira Service Host;c:\program files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe;c:\program files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 HWDeviceService64.exe;HWDeviceService64.exe;c:\programdata\DatacardService\HWDeviceService64.exe;c:\programdata\DatacardService\HWDeviceService64.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 LenovoSmartConnectService;LenovoSmartConnectService;c:\program files (x86)\Lenovo\Lenovo Smart Update\LenovoSmartConnectService.exe;c:\program files (x86)\Lenovo\Lenovo Smart Update\LenovoSmartConnectService.exe [x]
S2 Lexware_Update_Service;Lexware Update Service;c:\program files (x86)\Lexware\Update Service\Hmg.InstallationService.Service.exe;c:\program files (x86)\Lexware\Update Service\Hmg.InstallationService.Service.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 TuneUp.UtilitiesSvc;AVG PC TuneUp Service;c:\program files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe;c:\program files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 VideAceWindowsService;VideAceWindowsService;c:\quickstartutil\VAWinService.exe;c:\quickstartutil\VAWinService.exe [x]
S2 ZAtheros Bt&Wlan Coex Agent;ZAtheros Bt&Wlan Coex Agent;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [x]
S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys;c:\windows\SYSNATIVE\DRIVERS\AcpiVpc.sys [x]
S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x]
S3 btath_avdt;Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys;c:\windows\SYSNATIVE\drivers\btath_avdt.sys [x]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys;c:\windows\SYSNATIVE\DRIVERS\btath_bus.sys [x]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_hcrp.sys [x]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x]
S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_rcp.sys [x]
S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]
S3 cxbu0x64;SmartTerminal XX44;c:\windows\system32\DRIVERS\cxbu0x64.sys;c:\windows\SYSNATIVE\DRIVERS\cxbu0x64.sys [x]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jubusenum.sys [x]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys;c:\windows\SYSNATIVE\DRIVERS\igdpmd64.sys [x]
S3 iusb3hub;Intel(R) USB 3.0-Hubtreiber;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible-Hostcontrollertreiber;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 LAD;Lenovo AOAC Driver;c:\windows\system32\DRIVERS\LAD.sys;c:\windows\SYSNATIVE\DRIVERS\LAD.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys;c:\program files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [x]
S3 vm331avs;Digital Camera 1;c:\windows\system32\Drivers\vm331avs.sys;c:\windows\SYSNATIVE\Drivers\vm331avs.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-01-18 11:34        1087816        ----a-w-        c:\program files (x86)\Google\Chrome\Application\39.0.2171.99\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2015-01-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-05 10:37]
.
2015-01-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-21 12:48]
.
2015-01-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-21 12:48]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2014-11-12 16:19        2334928        ----a-w-        c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2014-11-12 16:19        2334928        ----a-w-        c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2014-11-12 16:19        2334928        ----a-w-        c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04        164760        ----a-w-        c:\users\Astrid \AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04        164760        ----a-w-        c:\users\Astrid \AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04        164760        ----a-w-        c:\users\Astrid \AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04        164760        ----a-w-        c:\users\Astrid \AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\VeriFace Enc]
@="{771C7324-DA80-49D3-8017-753B0AF60951}"
[HKEY_CLASSES_ROOT\CLSID\{771C7324-DA80-49D3-8017-753B0AF60951}]
2012-08-21 06:57        1508192        ----a-w-        c:\windows\System32\IcnOvrly.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-03-26 170264]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-03-26 398616]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-03-26 439064]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-06-11 12503184]
"RtHDVBg_Dolby"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2012-06-07 1212048]
"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\btvstack.exe" [2012-04-28 1022592]
"AthBtTray"="c:\program files (x86)\Bluetooth Suite\athbttray.exe" [2012-04-28 801920]
"UpdatePRCShortCut"="c:\program files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-13 222504]
"Energy Management"="c:\program files (x86)\Lenovo\Energy Management\Energy Management.exe" [2012-08-21 8079408]
"EnergyUtility"="c:\program files (x86)\Lenovo\Energy Management\Utility.exe" [2012-08-21 6202416]
"Lenovo EE Boot Optimizer"="c:\program files (x86)\Lenovo\Boot Optimizer\PopWnd.exe" [2012-08-21 206176]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2012-09-20 1832760]
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = www.google.com
uLocal Page = c:\windows\system32\blank.htm
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = about:blank
mDefault_Page_URL = about:blank
mDefault_Search_URL = about:blank
uInternet Settings,ProxyOverride = <-loopback>
uInternet Settings,ProxyServer = http=127.0.0.1:60350;https=127.0.0.1:60350
uSearchAssistant = www.google.com
IE: An OneNote s&enden - c:\progra~2\MICROS~3\Office15\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~3\Office15\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.188.1
TCP: Interfaces\{0A6F295B-354E-441C-9445-C5444681D645}: NameServer = 193.189.244.206 193.189.244.225
TCP: Interfaces\{75E76526-9C40-4A25-A1DB-649B8E2A3BFC}: NameServer = 193.189.244.206 193.189.244.225
TCP: Interfaces\{C2A62BED-086A-4DC6-AB12-3938572A2CCB}: NameServer = 193.189.244.206 193.189.244.225
TCP: Interfaces\{CF5D4A81-BF43-4D86-AD28-45A03D6C1711}: NameServer = 81.218.119.15,199.203.35.75
TCP: Interfaces\{CF5D4A81-BF43-4D86-AD28-45A03D6C1711}\64259445A51224F6870264F6E60275C414E40273339303: NameServer = 81.218.119.15,199.203.35.75
TCP: Interfaces\{CF5D4A81-BF43-4D86-AD28-45A03D6C1711}\64259445A51224F6870275C414E40233237303: NameServer = 81.218.119.15,199.203.35.75
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKU-Default-Run-Bitdefender-Geldbörse-Agent - c:\program files\Bitdefender\Bitdefender\pmbxag.exe
Wow6432Node-HKU-Default-Run-Bitdefender-Geldbörse - c:\program files\Bitdefender\Bitdefender\pwdmanui.exe
Wow6432Node-HKU-Default-Run-Bitdefender-Geldbörse-Anwendungs-Agent - c:\program files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
ShellIconOverlayIdentifiers-{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} - (no file)
ShellIconOverlayIdentifiers-{62CCD8E3-9C21-41E1-B55E-1E26DFC68511} - (no file)
ShellIconOverlayIdentifiers-{A759AFF6-5851-457D-A540-F4ECED148351} - (no file)
ShellIconOverlayIdentifiers-{1574C9EF-7D58-488F-B358-8B78C1538F51} - (no file)
AddRemove-{7DCCF6BD-1A33-4511-AF9E-F7E577B566F4} - c:\programdata\{75D72D39-F44D-4C37-AD7F-F6277A712846}\Setup.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.16"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2015-01-21  08:26:16
ComboFix-quarantined-files.txt  2015-01-21 07:26
.
Vor Suchlauf: 9 Verzeichnis(se), 260.899.655.680 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 260.474.286.080 Bytes frei
.
- - End Of File - - B671C840E364D687F53D2924DB57AD3E

--- --- ---
Gruß

Astrid

schrauber 21.01.2015 11:37
Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.

pepsiderhund 21.01.2015 14:37
[CODE]

Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 21.01.2015
Suchlauf-Zeit: 13:05:14
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.4.1028
Malware Datenbank: v2015.01.21.06
Rootkit Datenbank: v2015.01.14.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Astrid

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 355603
Verstrichene Zeit: 22 Min, 57 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente erkannt)

Module: 0
(Keine schädliche Elemente erkannt)

Registrierungsschlüssel: 0
(Keine schädliche Elemente erkannt)

Registrierungswerte: 2
PUP.Optional.7Go.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|7go@7go.com, C:\Users\Astrid \AppData\Roaming\Mozilla\Extensions\7go@7go.com, In Quarantäne, [3ad07b7fc2c71a1c811d3b3f26ddab55]
PUP.Optional.7Go.A, HKU\S-1-5-21-3392072093-3665888848-192803557-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS|7go@7go.com, C:\Users\Astrid Böttcher\AppData\Roaming\Mozilla\Extensions\7go@7go.com, Löschen bei Neustart, [ad5d7b7f1d6c02344b54a1d9ef1403fd]

Registrierungsdaten: 0
(Keine schädliche Elemente erkannt)

Ordner: 5
PUP.Optional.7Go.A, C:\Users\Astrid \AppData\Roaming\Mozilla\Extensions\7go@7go.com, In Quarantäne, [3dcd06f40d7ce74fe2133c31cd36d927],
PUP.Optional.7Go.A, C:\Users\Astrid \AppData\Roaming\Mozilla\Extensions\7go@7go.com\chrome, In Quarantäne, [3dcd06f40d7ce74fe2133c31cd36d927],
PUP.Optional.7Go.A, C:\Users\Astrid \AppData\Roaming\Mozilla\Extensions\7go@7go.com\chrome\content, In Quarantäne, [3dcd06f40d7ce74fe2133c31cd36d927],
PUP.Optional.7Go.A, C:\Users\Astrid \AppData\Roaming\Mozilla\Extensions\7go@7go.com\chrome\content\mz, In Quarantäne, [3dcd06f40d7ce74fe2133c31cd36d927],
PUP.Optional.7Go.A, C:\Users\Astrid \AppData\Roaming\Mozilla\Extensions\7go@7go.com\chrome\skin, In Quarantäne, [3dcd06f40d7ce74fe2133c31cd36d927],

Dateien: 33
Backdoor.Bot.IAP, C:\Users\Astrid \Downloads\photo.zip, In Quarantäne, [a466be3cc7c230062e9010e7e21fea16],
PUP.Optional.MyStart.A, C:\Users\Astrid \AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.mystart.com_0.localstorage, Löschen bei Neustart, [fd0dae4cbecb3ef8a266800e7a897c84],
PUP.Optional.MyStart.A, C:\Users\Astrid \AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.mystart.com_0.localstorage-journal, Löschen bei Neustart, [58b2d22808815bdbef1976189f64b050],
PUP.Optional.7Go.A, C:\Users\Astrid \AppData\Roaming\Mozilla\Extensions\7go@7go.com\chrome.manifest, In Quarantäne, [3dcd06f40d7ce74fe2133c31cd36d927],
PUP.Optional.7Go.A, C:\Users\Astrid \AppData\Roaming\Mozilla\Extensions\7go@7go.com\install.rdf, In Quarantäne, [3dcd06f40d7ce74fe2133c31cd36d927],
PUP.Optional.7Go.A, C:\Users\Astrid \AppData\Roaming\Mozilla\Extensions\7go@7go.com\chrome\content\background.html, In Quarantäne, [3dcd06f40d7ce74fe2133c31cd36d927],
PUP.Optional.7Go.A, C:\Users\Astrid \AppData\Roaming\Mozilla\Extensions\7go@7go.com\chrome\content\bg.js, In Quarantäne, [3dcd06f40d7ce74fe2133c31cd36d927],
PUP.Optional.7Go.A, C:\Users\Astrid \AppData\Roaming\Mozilla\Extensions\7go@7go.com\chrome\content\button.xml, In Quarantäne, [3dcd06f40d7ce74fe2133c31cd36d927],
PUP.Optional.7Go.A, C:\Users\Astrid \AppData\Roaming\Mozilla\Extensions\7go@7go.com\chrome\content\config.js, In Quarantäne, [3dcd06f40d7ce74fe2133c31cd36d927],
PUP.Optional.7Go.A, C:\Users\Astrid \AppData\Roaming\Mozilla\Extensions\7go@7go.com\chrome\content\content.js, In Quarantäne, [3dcd06f40d7ce74fe2133c31cd36d927],
PUP.Optional.7Go.A, C:\Users\Astrid \AppData\Roaming\Mozilla\Extensions\7go@7go.com\chrome\content\framework.js, In Quarantäne, [3dcd06f40d7ce74fe2133c31cd36d927],
PUP.Optional.7Go.A, C:\Users\Astrid \AppData\Roaming\Mozilla\Extensions\7go@7go.com\chrome\content\framework.png, In Quarantäne, [3dcd06f40d7ce74fe2133c31cd36d927],
PUP.Optional.7Go.A, C:\Users\Astrid \AppData\Roaming\Mozilla\Extensions\7go@7go.com\chrome\content\framework.xul, In Quarantäne, [3dcd06f40d7ce74fe2133c31cd36d927],
PUP.Optional.7Go.A, C:\Users\Astrid \AppData\Roaming\Mozilla\Extensions\7go@7go.com\chrome\content\icon128.ico, In Quarantäne, [3dcd06f40d7ce74fe2133c31cd36d927],
PUP.Optional.7Go.A, C:\Users\Astrid Böttcher\AppData\Roaming\Mozilla\Extensions\7go@7go.com\chrome\content\icon128.png, In Quarantäne, [3dcd06f40d7ce74fe2133c31cd36d927],
PUP.Optional.7Go.A, C:\Users\Astrid \AppData\Roaming\Mozilla\Extensions\7go@7go.com\chrome\content\icon16.ico, In Quarantäne, [3dcd06f40d7ce74fe2133c31cd36d927],
PUP.Optional.7Go.A, C:\Users\Astrid \AppData\Roaming\Mozilla\Extensions\7go@7go.com\chrome\content\icon16.png, In Quarantäne, [3dcd06f40d7ce74fe2133c31cd36d927],
PUP.Optional.7Go.A, C:\Users\Astrid \AppData\Roaming\Mozilla\Extensions\7go@7go.com\chrome\content\icon18.ico, In Quarantäne, [3dcd06f40d7ce74fe2133c31cd36d927],
PUP.Optional.7Go.A, C:\Users\Astrid \AppData\Roaming\Mozilla\Extensions\7go@7go.com\chrome\content\icon18.png, In Quarantäne, [3dcd06f40d7ce74fe2133c31cd36d927],
PUP.Optional.7Go.A, C:\Users\Astrid \AppData\Roaming\Mozilla\Extensions\7go@7go.com\chrome\content\icon24.ico, In Quarantäne, [3dcd06f40d7ce74fe2133c31cd36d927],
PUP.Optional.7Go.A, C:\Users\Astrid \AppData\Roaming\Mozilla\Extensions\7go@7go.com\chrome\content\icon24.png, In Quarantäne, [3dcd06f40d7ce74fe2133c31cd36d927],
PUP.Optional.7Go.A, C:\Users\Astrid \AppData\Roaming\Mozilla\Extensions\7go@7go.com\chrome\content\icon32.ico, In Quarantäne, [3dcd06f40d7ce74fe2133c31cd36d927],
PUP.Optional.7Go.A, C:\Users\Astrid \AppData\Roaming\Mozilla\Extensions\7go@7go.com\chrome\content\icon32.png, In Quarantäne, [3dcd06f40d7ce74fe2133c31cd36d927],
PUP.Optional.7Go.A, C:\Users\Astrid \AppData\Roaming\Mozilla\Extensions\7go@7go.com\chrome\content\icon48.ico, In Quarantäne, [3dcd06f40d7ce74fe2133c31cd36d927],
PUP.Optional.7Go.A, C:\Users\Astrid \AppData\Roaming\Mozilla\Extensions\7go@7go.com\chrome\content\icon48.png, In Quarantäne, [3dcd06f40d7ce74fe2133c31cd36d927],
PUP.Optional.7Go.A, C:\Users\Astrid \AppData\Roaming\Mozilla\Extensions\7go@7go.com\chrome\content\icon64.ico, In Quarantäne, [3dcd06f40d7ce74fe2133c31cd36d927],
PUP.Optional.7Go.A, C:\Users\Astrid \AppData\Roaming\Mozilla\Extensions\7go@7go.com\chrome\content\icon64.png, In Quarantäne, [3dcd06f40d7ce74fe2133c31cd36d927],
PUP.Optional.7Go.A, C:\Users\Astrid \AppData\Roaming\Mozilla\Extensions\7go@7go.com\chrome\content\jquery-1.9.1.min.js, In Quarantäne, [3dcd06f40d7ce74fe2133c31cd36d927],
PUP.Optional.7Go.A, C:\Users\Astrid \AppData\Roaming\Mozilla\Extensions\7go@7go.com\chrome\content\options.xul, In Quarantäne, [3dcd06f40d7ce74fe2133c31cd36d927],
PUP.Optional.7Go.A, C:\Users\Astrid \AppData\Roaming\Mozilla\Extensions\7go@7go.com\chrome\content\settings.json, In Quarantäne, [3dcd06f40d7ce74fe2133c31cd36d927],
PUP.Optional.7Go.A, C:\Users\Astrid \AppData\Roaming\Mozilla\Extensions\7go@7go.com\chrome\content\mz\background.js, In Quarantäne, [3dcd06f40d7ce74fe2133c31cd36d927],
PUP.Optional.7Go.A, C:\Users\Astrid \AppData\Roaming\Mozilla\Extensions\7go@7go.com\chrome\content\mz\content.js, In Quarantäne, [3dcd06f40d7ce74fe2133c31cd36d927],
PUP.Optional.7Go.A, C:\Users\Astrid \AppData\Roaming\Mozilla\Extensions\7go@7go.com\chrome\skin\framework.css, In Quarantäne, [3dcd06f40d7ce74fe2133c31cd36d927],

Physische Sektoren: 0
(Keine schädliche Elemente erkannt)


(end)AdwCleaner Logfile:
Code:
# AdwCleaner v4.108 - Bericht erstellt am 21/01/2015 um 14:09:30
# Aktualisiert 17/01/2015 von Xplode
# Database : 2015-01-18.1 [Live]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Astrid - ASTRID
# Gestartet von : C:\Users\Astrid \Downloads\AdwCleaner_4.108 (1).exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Datei Gelöscht : C:\Users\Astrid \AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
Datei Gelöscht : C:\Users\Astrid \AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal

***** [ Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****


***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17496


-\\ Google Chrome v39.0.2171.99


*************************

AdwCleaner[R0].txt - [11541 octets] - [18/11/2014 21:41:57]
AdwCleaner[R1].txt - [11646 octets] - [20/01/2015 15:09:27]
AdwCleaner[R2].txt - [12876 octets] - [20/01/2015 16:01:31]
AdwCleaner[R3].txt - [1342 octets] - [21/01/2015 14:05:49]
AdwCleaner[S0].txt - [11866 octets] - [20/01/2015 16:06:16]
AdwCleaner[S1].txt - [1263 octets] - [21/01/2015 14:09:30]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1323 octets] ##########
--- --- ---JRT Logfile:
Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Windows 7 Home Premium x64
Ran by Astrid Böttcher on 21.01.2015 at 14:24:40,42
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files

Successfully deleted: [File] "C:\Users\Astrid \appdata\local\google\chrome\user data\default\local storage\http_www.superfish.com_0.localstorage"
Successfully deleted: [File] "C:\Users\Astrid \appdata\local\google\chrome\user data\default\local storage\http_www.superfish.com_0.localstorage-journal"
Successfully deleted: [File] C:\Windows\prefetch\GOOGLETOOLBARNOTIFIER.EXE-7AE0A20E.pf



~~~ Folders

Successfully deleted: [Folder] "C:\Users\Astrid \appdata\local\cre"
Successfully deleted: [Empty Folder] C:\Users\Astrid \appdata\local\{07CC5F92-BEF5-4375-9E92-487A0DDF572F}
Successfully deleted: [Empty Folder] C:\Users\Astrid \appdata\local\{1355C1FA-F1BD-4960-9D37-664BEF520391}
Successfully deleted: [Empty Folder] C:\Users\Astrid \appdata\local\{5FBC3AFA-D7A3-4FFC-B687-BABA3F8988A8}
Successfully deleted: [Empty Folder] C:\Users\Astrid \appdata\local\{6A45DF7D-0304-4ABD-97AA-60B4D69E8496}
Successfully deleted: [Empty Folder] C:\Users\Astrid \appdata\local\{71973665-407F-4428-AB9A-F663640DB696}
Successfully deleted: [Empty Folder] C:\Users\Astrid \appdata\local\{7DC8623D-91C3-4AD5-B9E7-9444A07E20D0}
Successfully deleted: [Empty Folder] C:\Users\Astrid \appdata\local\{7E0D7D00-740C-4375-84A7-37791E21DED1}
Successfully deleted: [Empty Folder] C:\Users\Astrid \appdata\local\{7E54281E-B45A-47EC-92D8-EC33EA4FFB83}
Successfully deleted: [Empty Folder] C:\Users\Astrid \appdata\local\{8C709600-AA12-4461-A78E-9E9D5B453876}



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 21.01.2015 at 14:30:45,87
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
--- --- ---


Gruß

Astrid

schrauber 21.01.2015 17:38

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)

pepsiderhund 22.01.2015 11:53
Code:

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=332592e92e5ce44d9b1ee923890b7536
# engine=22079
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-01-21 08:59:34
# local_time=2015-01-21 09:59:34 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Avira Desktop'
# compatibility_mode=1810 16777213 100 99 11970 13782571 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 10749 173503824 0 0
# scanned=233098
# found=38
# cleaned=37
# scan_time=6856
sh=278EE35195AE43C347F49D0CA496433998E23DD4 ft=1 fh=212c5df74415422e vn="Variante von Win32/Toolbar.Visicom.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\All Users\EmailNotifier\dtuser\dtUser.exe"
sh=39FEE51538F713D63BD3D2351F9FF4F7F4C75E9D ft=1 fh=f2eefd68ba8dc0d6 vn="Variante von MSIL/AdvancedSystemProtector.F evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\ASP\AspManager.exe.vir"
sh=0D8B18706A7D0B4188799F7C1F992FD2CA6FECAE ft=1 fh=beb1278ff8542fc3 vn="Win32/Systweak.K evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\ASP\ASPUninstall.exe.vir"
sh=C6D88BC2353AA0DD082914D604E1CB9E8DCC0D57 ft=1 fh=c0cb3b5fdf7d9689 vn="Variante von Win32/Systweak.F evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\ASP\Communication.dll.vir"
sh=0414F0E46A6BCA94A95A634401F16EA943A4E05E ft=1 fh=f7a37ef503e2d6af vn="Variante von MSIL/AdvancedSystemProtector.F evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\ASP\filetypehelper.exe.vir"
sh=CCC2EC71F56E030A77369EBEDEEDAB41A0741694 ft=1 fh=9b4b2ad80b5519e2 vn="Variante von MSIL/AdvancedSystemProtector.F evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\ASP\scandll.dll.vir"
sh=0B1792D46C415906E57C4B5A34D9F14EEBEC3F07 ft=1 fh=1568341c4f5af3e4 vn="MSIL/AdvancedSystemProtector.G evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\ASP\Troubleshooter\asp-fixer.com.vir"
sh=0B1792D46C415906E57C4B5A34D9F14EEBEC3F07 ft=1 fh=1568341c4f5af3e4 vn="MSIL/AdvancedSystemProtector.G evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\ASP\Troubleshooter\asp-fixer.exe.vir"
sh=0B1792D46C415906E57C4B5A34D9F14EEBEC3F07 ft=1 fh=1568341c4f5af3e4 vn="MSIL/AdvancedSystemProtector.G evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\ASP\Troubleshooter\asp-fixer.pif.vir"
sh=0B1792D46C415906E57C4B5A34D9F14EEBEC3F07 ft=1 fh=1568341c4f5af3e4 vn="MSIL/AdvancedSystemProtector.G evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\ASP\Troubleshooter\asp-fixer.scr.vir"
sh=0B1792D46C415906E57C4B5A34D9F14EEBEC3F07 ft=1 fh=1568341c4f5af3e4 vn="MSIL/AdvancedSystemProtector.G evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\ASP\Troubleshooter\firefox.com.vir"
sh=0B1792D46C415906E57C4B5A34D9F14EEBEC3F07 ft=1 fh=1568341c4f5af3e4 vn="MSIL/AdvancedSystemProtector.G evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\ASP\Troubleshooter\iexplore.exe.vir"
sh=97BCCD25561F44E9B13F05F6EEF083C9CE9BA529 ft=1 fh=641f1fb3d2e699c4 vn="Win32/Toolbar.Conduit.Y evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Conduit\Community Alerts\Alert.dll.vir"
sh=FB2BCD5A889DB9658B02E8ED3A95043BAA0094E1 ft=1 fh=f6a034ccf475a4f7 vn="Win32/Toolbar.Conduit.AC evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Conduit\CT3312331\plugins\TBVerifier.dll.vir"
sh=9BFBFB3C5AD195FB7D98AE04BD8F893152F0B76D ft=1 fh=b9fa7667e1b0a72c vn="Variante von Win32/Mobogenie.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Mobogenie\DaemonProcess.exe.vir"
sh=82F978FFA4B602EDD29C5708D0418340FE6D419B ft=1 fh=7e9f45d711ca4a76 vn="Variante von Win32/Mobogenie.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Mobogenie\New_UpdateMoboGenie.exe.vir"
sh=C86F9E4C2947B866837F4CE9E2F5156D244FCA2E ft=1 fh=0833f1c10068505a vn="Variante von Win32/Mobogenie.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Mobogenie\UpdateMoboGenie.exe.vir"
sh=6B2F37FE313C1C42B127A42EDB18DDACCA243E2C ft=1 fh=1427d39a5484cf7e vn="Variante von MSIL/MyPCBackup.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\MyPC Backup\BackupStackUI.dll.0.old.vir"
sh=3C0CD9C3E88F6F25C92A6C44FC6D65AFB0912D13 ft=1 fh=a9852dd42e0e79d1 vn="Variante von MSIL/MyPCBackup.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\MyPC Backup\BackupStackUI.dll.vir"
sh=A9AC61D0BB6C037CF3B76393FA3CD6872D07544A ft=1 fh=b9e9f99f0f3b05a5 vn="MSIL/MyPCBackup.F evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\MyPC Backup\MyPC Backup.exe.0.old.vir"
sh=F2CBBE9867A40A0928542DACE51D8B94957DFCAC ft=1 fh=28920606932e3460 vn="Win32/Systweak.E evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Tuneup Pro\systweakasp.exe.vir"
sh=5ECAD41AEE09C73F8F7BF1D8D49BEA7A222FFF85 ft=1 fh=f8e747db1e68c3e4 vn="Variante von Win32/Systweak evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Tuneup Pro\TuneupPro.exe.vir"
sh=95AABFBC3A7FCEA51179B455FBDD5B7B4888C6EC ft=1 fh=567a33047db71482 vn="Win32/Systweak.K evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Tuneup Pro\TuppUns.exe.vir"
sh=4CCF69F9B7A31D3CE2520E310D9D8C48923F8496 ft=1 fh=02082488cffc8dce vn="Variante von MSIL/AdvancedSystemProtector.F evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\ProgramData\Systweak\Advanced-System Protector\updates\aspsetup_update.exe.vir"
sh=9BFBFB3C5AD195FB7D98AE04BD8F893152F0B76D ft=1 fh=b9fa7667e1b0a72c vn="Variante von Win32/Mobogenie.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Astrid Böttcher\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\DaemonProcess.exe.vir"
sh=82F978FFA4B602EDD29C5708D0418340FE6D419B ft=1 fh=7e9f45d711ca4a76 vn="Variante von Win32/Mobogenie.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Astrid Böttcher\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\New_UpdateMoboGenie.exe.vir"
sh=9A27166FBE80069B7516C3682B12DD51D16FAB27 ft=1 fh=b69ff78d742284fb vn="Variante von Win32/VOPackage.V evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Astrid Böttcher\AppData\Roaming\VOPackage\runasu.exe.vir"
sh=DCEC412530D8FD1AD904CF72AAEB47FA446B0D4D ft=1 fh=c6d1b19365da0767 vn="Win32/VOPackage.AS evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Astrid Böttcher\AppData\Roaming\VOPackage\Uninstall.exe.vir"
sh=34BCDE11A22683EC42F88CF11A55DF978A1CA53B ft=1 fh=902e7624f4009a9d vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\ASTRID~1\AppData\Local\Temp\OCS\ocs_v7d.exe.vir"
sh=848C686280EAA04B172FCCFFBD312132A0C46172 ft=1 fh=7764b0effb0b9556 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\ASTRID~1\AppData\Local\Temp\OCS\ocs_v7f.exe.vir"
sh=EE6DF73440181C9B51706171D6F8C80B6C6249EE ft=1 fh=fb228d89a1db361e vn="Variante von Win64/Systweak.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Windows\System32\roboot64.exe.vir"
sh=AAA29097B1E5A7098E19A38F1200E636EE1C3A1E ft=1 fh=6b75069f13c3f94c vn="Win64/AdvancedSystemProtector.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Windows\System32\sasnative64.exe.vir"
sh=278EE35195AE43C347F49D0CA496433998E23DD4 ft=1 fh=212c5df74415422e vn="Variante von Win32/Toolbar.Visicom.C evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\ProgramData\EmailNotifier\dtuser\dtUser.exe"
sh=EE485B73470049B4857C1ECEDD26CDD44F9207F2 ft=1 fh=9e0b256b542ef9aa vn="Win32/VOPackage.BC evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Qoobox\Quarantine\C\Users\Astrid \AppData\Local\nsk6922.tmp.vir"
sh=B80BC68FE52796BA2CB88492EDCEBB671AF33178 ft=1 fh=af3be38f5cf96f06 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Astrid \Downloads\Free PDF to Word Doc Converter - CHIP-Downloader.exe"
sh=7E01CCF94173E87403DF22715BDDE4D429FC4984 ft=1 fh=e8822f3fac48f2de vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Astrid \Downloads\OpenOffice - CHIP-Downloader.exe"
sh=FB87DD59F4B7498550AF16FD3B21F44B9F6AC523 ft=1 fh=8ab43122b300560a vn="Win32/Systweak.K evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Astrid \Downloads\setup (1).exe"
sh=A981E3D6F03D3BD57D1472F33A4093A01533F8A8 ft=1 fh=7aaf7b3d0491af48 vn="Variante von MSIL/AdvancedSystemProtector.F evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Astrid \Downloads\wzmp_8.exe"
Gruß Astrid

Code:

 UNSUPPORTED OPERATING SYSTEM! ABORTED!
Das erscheint beim security check.

Gruß

Astrid

Ich hab den Security Check heute noch mal probiert.

Code:

 Results of screen317's Security Check version 0.99.93 
 Windows 7 Service Pack 1 x64 (UAC is enabled) 
 Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````
Avira Desktop 
 Antivirus up to date!  (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
 AVG PC TuneUp 2014 
 AVG PC TuneUp 2014 (de-DE)
 Java 7 Update 45 
 Java version 32-bit out of Date!
 Adobe Reader XI 
 Mozilla Thunderbird (31.2.0)
 Google Chrome (39.0.2171.95)
 Google Chrome (39.0.2171.99)
````````Process Check: objlist.exe by Laurent```````` 
 Avira Antivir avgnt.exe
 Avira Antivir avguard.exe
 Mobile Partner OnlineUpdate ouc.exe 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 
````````````````````End of Log``````````````````````

FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-01-2015
Ran by Astrid (administrator) on ASTRID on 22-01-2015 11:39:19
Running from C:\Users\Astrid \Downloads
Loaded Profiles: Astrid (Available profiles: Astrid Böttcher)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Lenovo Smart Update\LenovoSmartConnectService.exe
(Haufe-Lexware GmbH & Co. KG) C:\Program Files (x86)\Lexware\Update Service\Hmg.InstallationService.Service.exe
() C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(AVG) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe
() C:\QuickStartUtil\VAWinService.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
() C:\ProgramData\DatacardService\HWDeviceService64.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(AVG) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesApp64.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
( ) C:\Program Files (x86)\LockKey\LockKey.exe
(Vimicro) C:\Program Files (x86)\USB Camera\VM331_STI.EXE
() C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe
(CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
() C:\QuickStartUtil\VAWinAgent.exe
(Lenovo) C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\ControlCenter3\BrccMCtl.exe
(Buyond GmbH) C:\Program Files (x86)\Buyond_GmbH\GloboFleet_CC\GloboFleet_CC.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Spotify Ltd) C:\Users\Astrid \AppData\Roaming\Spotify\spotify.exe
(Spotify Ltd) C:\Users\Astrid \AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Dropbox, Inc.) C:\Users\Astrid \AppData\Roaming\Dropbox\bin\Dropbox.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Users\Astrid Böttcher\Downloads\SecurityCheck (3).exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Farbar) C:\Users\Astrid \Downloads\FRST64 (1).exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-11] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1212048 2012-06-07] (Realtek Semiconductor)
HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Bluetooth Suite\btvstack.exe [1022592 2012-04-28] (Atheros Communications)
HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Bluetooth Suite\athbttray.exe [801920 2012-04-28] (Atheros Commnucations)
HKLM\...\Run: [UpdatePRCShortCut] => C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-13] (CyberLink Corp.)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [8079408 2012-08-21] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [6202416 2012-08-21] (Lenovo(beijing) Limited)
HKLM\...\Run: [Lenovo EE Boot Optimizer] => C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe [206176 2012-08-21] (Lenovo)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [343168 2012-03-05] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [LockKey] => C:\Program Files (x86)\LockKey\LockKey.exe [329624 2012-06-22] ( )
HKLM-x32\...\Run: [331BigDog] => C:\Program Files (x86)\USB Camera\VM331_STI.EXE [548864 2011-11-24] (Vimicro)
HKLM-x32\...\Run: [Lenovo Registration] => C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe [4351712 2012-01-26] (Lenovo, Inc.)
HKLM-x32\...\Run: [Intelligent Touchpad] => C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe [291272 2011-12-08] ()
HKLM-x32\...\Run: [YouCam Mirage] => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488 2011-01-28] (CyberLink)
HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe [228448 2011-01-28] (CyberLink Corp.)
HKLM-x32\...\Run: [VAWinAgent] => C:\QuickStartUtil\VAWinAgent.exe [45480 2012-06-04] ()
HKLM-x32\...\Run: [VeriFaceManager] => C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe [329056 2012-08-21] (Lenovo)
HKLM-x32\...\Run: [UpdatePRCShortCut] => C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-13] (CyberLink Corp.)
HKLM-x32\...\Run: [BrMfcWnd] => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1159168 2009-05-26] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [ControlCenter3] => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [GloboFleet CC] => C:\Program Files (x86)\Buyond_GmbH\GloboFleet_CC\GloboFleet_CC.exe [235328 2013-08-08] (Buyond GmbH)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-09] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [126200 2014-11-20] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\ScCertProp: wlnotify.dll [X]
HKU\S-1-5-21-3392072093-3665888848-192803557-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-08-21] (Google Inc.)
HKU\S-1-5-21-3392072093-3665888848-192803557-1000\...\Run: [Spotify] => C:\Users\Astrid \AppData\Roaming\Spotify\Spotify.exe [6553144 2014-10-17] (Spotify Ltd)
HKU\S-1-5-21-3392072093-3665888848-192803557-1000\...\Run: [Spotify Web Helper] => C:\Users\Astrid \AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1514040 2014-10-17] (Spotify Ltd)
Startup: C:\Users\Astrid \AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Astrid Böttcher\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} =>  No File
ShellIconOverlayIdentifiers: [SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} =>  No File
ShellIconOverlayIdentifiers: [SugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} =>  No File
ShellIconOverlayIdentifiers: [SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} =>  No File
ShellIconOverlayIdentifiers: [VeriFace Enc] -> {771C7324-DA80-49D3-8017-753B0AF60951} => C:\Windows\system32\IcnOvrly.dll ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3392072093-3665888848-192803557-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyServer: [S-1-5-21-3392072093-3665888848-192803557-1000] => http=127.0.0.1:60350;https=127.0.0.1:60350
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3392072093-3665888848-192803557-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3392072093-3665888848-192803557-1000 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENN_deDE537
SearchScopes: HKU\S-1-5-21-3392072093-3665888848-192803557-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENN_deDE537
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-3392072093-3665888848-192803557-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.188.1
Tcpip\..\Interfaces\{0A6F295B-354E-441C-9445-C5444681D645}: [NameServer] 193.189.244.206 193.189.244.225
Tcpip\..\Interfaces\{75E76526-9C40-4A25-A1DB-649B8E2A3BFC}: [NameServer] 193.189.244.206 193.189.244.225
Tcpip\..\Interfaces\{C2A62BED-086A-4DC6-AB12-3938572A2CCB}: [NameServer] 193.189.244.206 193.189.244.225
Tcpip\..\Interfaces\{CF5D4A81-BF43-4D86-AD28-45A03D6C1711}: [NameServer] 81.218.119.15,199.203.35.75

FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK

Chrome:
=======
CHR HomePage: Default -> hxxp://www.mystart.com/?pr=vmn&id=mystarttb&v=5_4&ent=hp_5108&src=5108
CHR StartupUrls: Default -> "hxxp://www.mystart.com/?pr=vmn&id=mystarttb&v=5_4&ent=hp_5108&src=5108", "hxxp://www.google.de/"
CHR Profile: C:\Users\Astrid \AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Astrid \AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-02-17]
CHR Extension: (Google Drive) - C:\Users\Astrid \AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-02-17]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Astrid Böttcher\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-08-27]
CHR Extension: (YouTube) - C:\Users\Astrid Böttcher\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-02-17]
CHR Extension: (Google-Suche) - C:\Users\Astrid \AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-02-17]
CHR Extension: (AdBlock) - C:\Users\Astrid Böttcher\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-10-15]
CHR Extension: (Google Wallet) - C:\Users\Astrid \AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-17]
CHR Extension: (Google Mail) - C:\Users\Astrid \AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-02-17]
CHR HKU\S-1-5-21-3392072093-3665888848-192803557-1000\...\Chrome\Extension: [kdneagjiboclldmglpjofpeipkbollcf] - C:\Users\Astrid Böttcher\AppData\Local\CRE\kdneagjiboclldmglpjofpeipkbollcf.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
CHR HKLM-x32\...\Chrome\Extension: [kdneagjiboclldmglpjofpeipkbollcf] - C:\Users\Astrid Böttcher\AppData\Local\CRE\kdneagjiboclldmglpjofpeipkbollcf.crx [Not Found]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-12-09] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-09] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [166192 2014-11-20] (Avira Operations GmbH & Co. KG)
S2 BootShieldSvc; C:\Windows\System32\BootShieldSvc.exe [123952 2012-02-06] (Lenovo)
R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-02-21] (Intel Corporation)
R2 LenovoSmartConnectService; C:\Program Files (x86)\Lenovo\Lenovo Smart Update\LenovoSmartConnectService.exe [66608 2012-02-20] (Lenovo)
R2 Lexware_Update_Service; C:\Program Files (x86)\Lexware\Update Service\Hmg.InstallationService.Service.exe [61992 2014-02-18] (Haufe-Lexware GmbH & Co. KG)
S2 Mobile Partner. RunOuc; C:\Program Files (x86)\Mobile Partner\UpdateDog\ouc.exe [239968 2013-10-17] ()
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [2102072 2013-12-18] (AVG)
R2 VideAceWindowsService; C:\QuickStartUtil\VAWinService.exe [91464 2011-03-25] ()
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 ZAtheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [163456 2012-04-28] (Atheros)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 amdkmpfd; C:\Windows\System32\DRIVERS\amdkmpfd.sys [31872 2012-02-01] (Advanced Micro Devices, Inc.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-07] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-10-07] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-08-15] (Avira Operations GmbH & Co. KG)
R0 BootShield; C:\Windows\System32\drivers\BootShield.sys [31536 2012-04-16] (Lenovo Corporation")
R1 BootShieldfltr; C:\Windows\System32\drivers\BootShieldfltr.sys [61744 2012-02-16] (Lenovo Corporation)
R3 cxbu0x64; C:\Windows\System32\DRIVERS\cxbu0x64.sys [191224 2014-04-05] (HID Global Corporation)
R3 LAD; C:\Windows\System32\DRIVERS\LAD.sys [8192 2012-01-12] (TODO: <Company name>)
S3 MHIKEY10; C:\Windows\System32\Drivers\MHIKEY10x64.sys [60288 2010-09-15] (Generic USB smartcard reader)
S3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [27960 2012-07-13] (Synaptics Incorporated)
S3 TTHID; C:\Windows\System32\DRIVERS\Cinergy_Hybrid-Stick_HID.sys [27944 2012-09-27] (DTV-DVB)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [14112 2013-12-16] (TuneUp Software)
S3 UDXTTM6010; C:\Windows\System32\DRIVERS\UDXTTM6010.sys [841384 2012-09-27] ()
R3 vm331avs; C:\Windows\System32\Drivers\vm331avs.sys [952832 2011-12-06] (Vimicro Corporation)
U3 BcmSqlStartupSvc; No ImagePath
S1 BdfNdisf; \??\c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
U2 CLKMSVC10_3A60B698; No ImagePath
U2 CLKMSVC10_C3B3B687; No ImagePath
U2 DriverService; No ImagePath
U2 iATAgentService; No ImagePath
U2 idealife Update Service; No ImagePath
U3 IGRS; No ImagePath
U2 IviRegMgr; No ImagePath
U2 Oasis2Service; No ImagePath
U2 PCCarerService; No ImagePath
U2 ReadyComm.DirectRouter; No ImagePath
U2 RichVideo; No ImagePath
U2 RtLedService; No ImagePath
U2 SeaPort; No ImagePath
U2 SoftwareService; No ImagePath
U3 SQLWriter; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-22 11:40 - 2015-01-22 11:40 - 00000949 _____ () C:\Users\Astrid \Desktop\checkup.txt
2015-01-22 11:38 - 2015-01-22 11:38 - 02126848 _____ (Farbar) C:\Users\Astrid \Downloads\FRST64 (1).exe
2015-01-22 11:34 - 2015-01-22 11:34 - 00852504 _____ () C:\Users\Astrid \Downloads\SecurityCheck (3).exe
2015-01-21 22:14 - 2015-01-21 22:14 - 00852504 _____ () C:\Users\Astrid \Downloads\SecurityCheck (2).exe
2015-01-21 22:11 - 2015-01-21 22:11 - 00852504 _____ () C:\Users\Astrid \Downloads\SecurityCheck (1).exe
2015-01-21 22:08 - 2015-01-21 22:08 - 00852504 _____ () C:\Users\Astrid \Downloads\SecurityCheck.exe
2015-01-21 20:02 - 2015-01-21 20:02 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-01-21 20:01 - 2015-01-21 20:02 - 02347384 _____ (ESET) C:\Users\Astrid \Downloads\esetsmartinstaller_deu.exe
2015-01-21 14:30 - 2015-01-21 14:30 - 00002166 _____ () C:\Users\Astrid \Desktop\JRT.txt
2015-01-21 14:24 - 2015-01-21 14:24 - 00000000 ____D () C:\Windows\ERUNT
2015-01-21 14:23 - 2015-01-21 14:24 - 01707939 _____ (Thisisu) C:\Users\Astrid \Downloads\JRT.exe
2015-01-21 14:05 - 2015-01-21 14:05 - 02186752 _____ () C:\Users\Astrid \Downloads\AdwCleaner_4.108 (1).exe
2015-01-21 14:02 - 2015-01-21 14:22 - 00007780 _____ () C:\Users\Astrid \Desktop\mbam.txt
2015-01-21 14:00 - 2015-01-21 12:18 - 00016436 _____ () C:\Users\Astrid \Documents\Aktuell%20offene%20Rechnungen.xls_0.ods
2015-01-21 12:56 - 2015-01-21 12:56 - 00001113 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-21 12:54 - 2015-01-21 12:55 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Astrid \Downloads\mbam-setup-2.0.4.1028.exe
2015-01-21 12:02 - 2015-01-21 14:00 - 00000137 ____H () C:\Users\Astrid \Desktop\.~lock.Aktuell offene Rechnungen.xls#
2015-01-21 08:43 - 2015-01-21 08:44 - 05608785 ____R (Swearware) C:\Users\Astrid \Downloads\ComboFix (1).exe
2015-01-21 08:31 - 2015-01-21 08:31 - 00038222 _____ () C:\Users\Astrid \Desktop\Combofix.txt
2015-01-21 08:26 - 2015-01-21 08:26 - 00038318 _____ () C:\ComboFix.txt
2015-01-21 07:59 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-01-21 07:59 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-01-21 07:59 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-01-21 07:59 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-01-21 07:59 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-01-21 07:59 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2015-01-21 07:59 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2015-01-21 07:59 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2015-01-21 07:58 - 2015-01-21 08:26 - 00000000 ____D () C:\Qoobox
2015-01-21 07:58 - 2015-01-21 08:23 - 00000000 ____D () C:\Windows\erdnt
2015-01-21 07:57 - 2015-01-21 07:58 - 05608785 ____R (Swearware) C:\Users\Astrid \Downloads\ComboFix.exe
2015-01-21 07:44 - 2015-01-21 07:44 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Astrid \Downloads\revosetup95 (2).exe
2015-01-21 07:43 - 2015-01-21 07:43 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Astrid \Downloads\revosetup95 (1).exe
2015-01-20 18:39 - 2015-01-20 18:40 - 00280840 _____ () C:\Windows\Minidump\012015-21793-01.dmp
2015-01-20 18:33 - 2015-01-20 18:34 - 00031755 _____ () C:\Users\Astrid \Desktop\gmer.txt
2015-01-20 18:31 - 2015-01-20 18:31 - 00033488 _____ () C:\Users\Astrid \Desktop\Addition.txt
2015-01-20 18:29 - 2015-01-20 18:29 - 00037558 _____ () C:\Users\Astrid \Desktop\FRST.txt
2015-01-20 18:24 - 2015-01-20 18:24 - 00000478 _____ () C:\Users\Astrid \Desktop\defogger_disable.log
2015-01-20 18:19 - 2015-01-20 18:33 - 00031899 _____ () C:\Users\Astrid \Downloads\gmer.txt
2015-01-20 17:14 - 2015-01-20 17:14 - 00380416 _____ () C:\Users\Astrid \Downloads\Gmer-19357.exe
2015-01-20 16:55 - 2015-01-20 16:57 - 00033598 _____ () C:\Users\Astrid \Downloads\Addition.txt
2015-01-20 16:53 - 2015-01-22 11:39 - 00025131 _____ () C:\Users\Astrid \Downloads\FRST.txt
2015-01-20 16:53 - 2015-01-22 11:39 - 00000000 ____D () C:\FRST
2015-01-20 16:52 - 2015-01-20 16:52 - 02126848 _____ (Farbar) C:\Users\Astrid \Downloads\FRST64.exe
2015-01-20 16:50 - 2015-01-20 16:50 - 00050477 _____ () C:\Users\Astrid \Downloads\Defogger (1).exe
2015-01-20 16:37 - 2015-01-20 18:23 - 00000478 _____ () C:\Users\Astrid \Downloads\defogger_disable.log
2015-01-20 16:37 - 2015-01-20 16:37 - 00000000 _____ () C:\Users\Astrid \defogger_reenable
2015-01-20 16:36 - 2015-01-20 16:36 - 00050477 _____ () C:\Users\Astrid \Downloads\Defogger.exe
2015-01-20 15:08 - 2015-01-20 15:09 - 02186752 _____ () C:\Users\Astrid \Downloads\adwcleaner_4.108.exe
2015-01-14 10:06 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 10:06 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 10:06 - 2014-12-11 18:47 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 10:06 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 10:06 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-14 10:06 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-14 10:05 - 2014-12-12 06:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-14 10:05 - 2014-12-12 06:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-14 10:05 - 2014-12-12 06:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-14 10:05 - 2014-12-12 06:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-14 10:05 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-14 10:05 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-14 10:05 - 2014-12-12 06:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-12 11:36 - 2015-01-09 13:20 - 00017770 _____ () C:\Users\Astrid \Documents\Ohne%20Mwst%204.%20Quartal%202014.xls_0.ods
2015-01-12 11:36 - 2015-01-09 13:00 - 00023337 _____ () C:\Users\Astrid \Documents\4.%20Quartal%202014.xls_0.ods
2015-01-12 11:36 - 2015-01-08 21:19 - 00017217 _____ () C:\Users\Astrid \Documents\Essensplan%202015.xls_1.ods
2015-01-08 17:02 - 2015-01-08 17:02 - 00083456 _____ () C:\Users\Astrid \Downloads\Polen Reiseeinzelheiten IV Quartal 2014- UMSATZSTEUER Polen.xls
2014-12-28 19:04 - 2015-01-20 19:35 - 00010240 _____ () C:\Users\Astrid \Desktop\Essensplan 2015.xls
2014-12-28 17:08 - 2014-12-30 17:43 - 00015872 _____ () C:\Users\Astrid \Desktop\Essensplan2014.xls
2014-12-28 14:03 - 2014-12-28 14:03 - 16766700 _____ (Adobe Systems Incorporated) C:\Users\Astrid \Downloads\hauptantrag.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-22 11:37 - 2013-09-05 07:49 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-22 11:26 - 2014-04-23 12:37 - 00000000 ____D () C:\Users\Astrid \AppData\Roaming\Spotify
2015-01-22 11:26 - 2013-05-21 09:30 - 03198146 _____ () C:\FaceProv.log
2015-01-22 11:26 - 2012-08-21 07:57 - 00000000 ____D () C:\ProgramData\VeriFace
2015-01-22 11:26 - 2012-08-21 06:56 - 01827709 _____ () C:\Windows\WindowsUpdate.log
2015-01-22 10:58 - 2012-08-21 07:58 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-22 09:59 - 2014-01-29 13:07 - 00000000 ___RD () C:\Users\Astrid \Dropbox
2015-01-22 09:59 - 2014-01-29 13:06 - 00000000 ____D () C:\Users\Astrid \AppData\Roaming\Dropbox
2015-01-22 09:58 - 2012-08-21 08:06 - 00302145 _____ () C:\Windows\system32\fastboot.set
2015-01-22 09:58 - 2012-08-21 07:58 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-22 09:52 - 2009-07-14 05:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-22 09:52 - 2009-07-14 05:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-22 09:44 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-22 09:44 - 2009-07-14 05:51 - 00133617 _____ () C:\Windows\setupact.log
2015-01-22 09:43 - 2010-11-21 04:47 - 01078312 _____ () C:\Windows\PFRO.log
2015-01-21 19:57 - 2012-08-21 16:34 - 00714910 _____ () C:\Windows\system32\perfh007.dat
2015-01-21 19:57 - 2012-08-21 16:34 - 00154704 _____ () C:\Windows\system32\perfc007.dat
2015-01-21 19:57 - 2009-07-14 06:13 - 01651208 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-21 14:09 - 2014-02-17 11:57 - 00000000 ____D () C:\AdwCleaner
2015-01-21 13:59 - 2014-09-02 20:16 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-21 13:33 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\AppCompat
2015-01-21 12:56 - 2014-09-02 20:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-21 12:56 - 2014-09-02 20:16 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-01-21 12:03 - 2014-12-10 12:06 - 00011264 _____ () C:\Users\Astrid \Desktop\Aktuell offene Rechnungen.xls
2015-01-21 08:26 - 2009-07-14 04:20 - 00000000 ___HD () C:\Users\Default
2015-01-21 08:23 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2015-01-21 07:44 - 2014-11-19 09:41 - 00001275 _____ () C:\Users\Astrid \Desktop\Revo Uninstaller.lnk
2015-01-21 07:44 - 2014-11-19 09:41 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2015-01-20 18:39 - 2014-03-24 13:42 - 689318057 _____ () C:\Windows\MEMORY.DMP
2015-01-20 18:39 - 2014-03-24 13:42 - 00000000 ____D () C:\Windows\Minidump
2015-01-20 16:46 - 2014-07-18 10:18 - 00000000 ____D () C:\Users\Astrid \Desktop\Handybilder Vladi
2015-01-20 16:37 - 2013-05-21 09:30 - 00000000 ____D () C:\Users\Astrid
2015-01-19 11:29 - 2014-08-28 10:22 - 00000000 ____D () C:\Users\Astrid \AppData\Local\Windows Live
2015-01-18 12:41 - 2014-02-17 14:15 - 00002186 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-01-14 22:34 - 2013-10-23 06:12 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-14 22:23 - 2013-10-23 06:12 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-14 11:37 - 2013-09-05 07:49 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-14 11:37 - 2013-09-05 07:49 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-14 11:37 - 2013-09-05 07:49 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-10 20:05 - 2013-05-21 09:33 - 00124184 _____ () C:\Users\Astrid \AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-10 20:03 - 2009-07-14 05:45 - 00479480 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-01-08 13:46 - 2013-06-03 13:06 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-01-08 13:46 - 2013-05-22 14:39 - 00000000 ____D () C:\Users\Astrid \AppData\Local\CrashDumps
2015-01-06 04:36 - 2010-11-21 04:27 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-12-28 14:17 - 2014-10-20 16:56 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk

==================== Files in the root of some directories =======
2014-08-22 08:50 - 2014-08-22 08:50 - 0033193 _____ () C:\Users\Astrid \AppData\Roaming\UserTile.png
2014-01-13 13:52 - 2014-09-02 09:18 - 0000264 _____ () C:\Users\Astrid \AppData\Roaming\WB.CFG
2014-01-13 13:52 - 2014-01-31 07:36 - 0000005 _____ () C:\Users\Astrid \AppData\Roaming\WBPU-TTL.DAT
2014-11-24 19:00 - 2014-11-24 19:00 - 0003584 _____ () C:\Users\Astrid \AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-08-21 08:07 - 2012-08-21 08:07 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some content of TEMP:
====================
C:\Users\Astrid \AppData\Local\Temp\avgnt.exe
C:\Users\Astrid \AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp49kdvz.dll
C:\Users\Astrid \AppData\Local\Temp\Quarantine.exe
C:\Users\Astrid \AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-06 09:26

==================== End Of Log ============================
--- --- ---

--- --- ---

--- --- ---

Hallo,

ich habe den Computer neu gestartet, aber leider hat sich nichts geändert. Wenn ich auf dieser Seite z.B. ins Paßwortfeld klicke geht erstmal ein neuer Tab mit Werbung auf und bei ebay kleinanzeigen gehen immer noch diese Werbebilder auf.

Gruß

Astrid

schrauber 22.01.2015 17:35
In welchem Browser?

pepsiderhund 22.01.2015 18:53
Google Chrom

schrauber 23.01.2015 12:18
Java updatne.


Revo Uninstaller - Download - Filepony
damit Chrome deinstallieren, keine Daten behalten, Reste entfernen lassen, neu installieren.

Dann:
https://support.google.com/chrome/answer/3296214?hl=de


Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
C:\Users\All Users\EmailNotifier
HKU\S-1-5-21-3392072093-3665888848-192803557-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyServer: [S-1-5-21-3392072093-3665888848-192803557-1000] => http=127.0.0.1:60350;https=127.0.0.1:60350
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
CHR HKLM-x32\...\Chrome\Extension: [kdneagjiboclldmglpjofpeipkbollcf] - C:\Users\Astrid Böttcher\AppData\Local\CRE\kdneagjiboclldmglpjofpeipkbollcf.crx [Not Found]
Emptytemp:

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.




Frisches FRST Log bitte.

pepsiderhund 23.01.2015 15:02
Leider kommt folgende Meldung:

No fixlist.txt found.

The fixlist.txt should be in the same folder / directory the tool is locadet.

Ich kann aber das gespeicherte aufrufen.

Gruß Astrid

schrauber 23.01.2015 17:20
Speichere die fixlist mal im DOwnload Ordner :)

pepsiderhund 26.01.2015 13:15
Code:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 24-01-2015 01
Ran by Astrid at 2015-01-26 12:55:04 Run:1
Running from C:\Users\Astrid \Downloads
Loaded Profiles: Astrid (Available profiles: Astrid Böttcher)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
C:\Users\All Users\EmailNotifier
HKU\S-1-5-21-3392072093-3665888848-192803557-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyServer: [S-1-5-21-3392072093-3665888848-192803557-1000] => http=127.0.0.1:60350;https=127.0.0.1:60350
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
CHR HKLM-x32\...\Chrome\Extension: [kdneagjiboclldmglpjofpeipkbollcf] - C:\Users\Astrid \AppData\Local\CRE\kdneagjiboclldmglpjofpeipkbollcf.crx [Not Found]
Emptytemp:
*****************

C:\Users\All Users\EmailNotifier => Moved successfully.
"HKU\S-1-5-21-3392072093-3665888848-192803557-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKU\S-1-5-21-3392072093-3665888848-192803557-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\flliilndjeohchalpbbcdekjklbdgfkk" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\kdneagjiboclldmglpjofpeipkbollcf" => Key deleted successfully.
EmptyTemp: => Removed 328.5 MB temporary data.


The system needed a reboot.

==== End of Fixlog 12:56:00 ====

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-01-2015 01
Ran by Astrid (administrator) on ASTRID on 26-01-2015 13:08:45
Running from C:\Users\Astrid Böttcher\Downloads
Loaded Profiles: Astrid (Available profiles: Astrid Böttcher)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Lenovo Smart Update\LenovoSmartConnectService.exe
(Haufe-Lexware GmbH & Co. KG) C:\Program Files (x86)\Lexware\Update Service\Hmg.InstallationService.Service.exe
() C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(AVG) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe
() C:\QuickStartUtil\VAWinService.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
() C:\ProgramData\DatacardService\HWDeviceService64.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(AVG) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesApp64.exe
(Lenovo) C:\Program Files\Lenovo\BootShield\BootShield.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
( ) C:\Program Files (x86)\LockKey\LockKey.exe
(Vimicro) C:\Program Files (x86)\USB Camera\VM331_STI.EXE
() C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe
(CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
() C:\QuickStartUtil\VAWinAgent.exe
(Lenovo) C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe
(Buyond GmbH) C:\Program Files (x86)\Buyond_GmbH\GloboFleet_CC\GloboFleet_CC.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\ControlCenter3\BrccMCtl.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
(Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Spotify Ltd) C:\Users\Astrid \AppData\Roaming\Spotify\spotify.exe
(Spotify Ltd) C:\Users\Astrid \AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Dropbox, Inc.) C:\Users\Astrid \AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-11] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1212048 2012-06-07] (Realtek Semiconductor)
HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Bluetooth Suite\btvstack.exe [1022592 2012-04-28] (Atheros Communications)
HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Bluetooth Suite\athbttray.exe [801920 2012-04-28] (Atheros Commnucations)
HKLM\...\Run: [UpdatePRCShortCut] => C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-13] (CyberLink Corp.)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [8079408 2012-08-21] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [6202416 2012-08-21] (Lenovo(beijing) Limited)
HKLM\...\Run: [Lenovo EE Boot Optimizer] => C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe [206176 2012-08-21] (Lenovo)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [343168 2012-03-05] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [LockKey] => C:\Program Files (x86)\LockKey\LockKey.exe [329624 2012-06-22] ( )
HKLM-x32\...\Run: [331BigDog] => C:\Program Files (x86)\USB Camera\VM331_STI.EXE [548864 2011-11-24] (Vimicro)
HKLM-x32\...\Run: [Lenovo Registration] => C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe [4351712 2012-01-26] (Lenovo, Inc.)
HKLM-x32\...\Run: [Intelligent Touchpad] => C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe [291272 2011-12-08] ()
HKLM-x32\...\Run: [YouCam Mirage] => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488 2011-01-28] (CyberLink)
HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe [228448 2011-01-28] (CyberLink Corp.)
HKLM-x32\...\Run: [VAWinAgent] => C:\QuickStartUtil\VAWinAgent.exe [45480 2012-06-04] ()
HKLM-x32\...\Run: [VeriFaceManager] => C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe [329056 2012-08-21] (Lenovo)
HKLM-x32\...\Run: [UpdatePRCShortCut] => C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-13] (CyberLink Corp.)
HKLM-x32\...\Run: [BrMfcWnd] => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1159168 2009-05-26] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [ControlCenter3] => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [GloboFleet CC] => C:\Program Files (x86)\Buyond_GmbH\GloboFleet_CC\GloboFleet_CC.exe [235328 2013-08-08] (Buyond GmbH)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-09] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [126200 2014-11-20] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\ScCertProp: wlnotify.dll [X]
HKU\S-1-5-21-3392072093-3665888848-192803557-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-08-21] (Google Inc.)
HKU\S-1-5-21-3392072093-3665888848-192803557-1000\...\Run: [Spotify] => C:\Users\Astrid Böttcher\AppData\Roaming\Spotify\Spotify.exe [6553144 2014-10-17] (Spotify Ltd)
HKU\S-1-5-21-3392072093-3665888848-192803557-1000\...\Run: [Spotify Web Helper] => C:\Users\Astrid Böttcher\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1514040 2014-10-17] (Spotify Ltd)
Startup: C:\Users\Astrid Böttcher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Astrid Böttcher\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} =>  No File
ShellIconOverlayIdentifiers: [SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} =>  No File
ShellIconOverlayIdentifiers: [SugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} =>  No File
ShellIconOverlayIdentifiers: [SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} =>  No File
ShellIconOverlayIdentifiers: [VeriFace Enc] -> {771C7324-DA80-49D3-8017-753B0AF60951} => C:\Windows\system32\IcnOvrly.dll ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3392072093-3665888848-192803557-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3392072093-3665888848-192803557-1000 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENN_deDE537
SearchScopes: HKU\S-1-5-21-3392072093-3665888848-192803557-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENN_deDE537
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-3392072093-3665888848-192803557-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.188.1
Tcpip\..\Interfaces\{0A6F295B-354E-441C-9445-C5444681D645}: [NameServer] 193.189.244.206 193.189.244.225
Tcpip\..\Interfaces\{75E76526-9C40-4A25-A1DB-649B8E2A3BFC}: [NameServer] 193.189.244.206 193.189.244.225
Tcpip\..\Interfaces\{C2A62BED-086A-4DC6-AB12-3938572A2CCB}: [NameServer] 193.189.244.206 193.189.244.225
Tcpip\..\Interfaces\{CF5D4A81-BF43-4D86-AD28-45A03D6C1711}: [NameServer] 81.218.119.15,199.203.35.75

FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK

Chrome:
=======
CHR HomePage: Default -> hxxp://www.mystart.com/?pr=vmn&id=mystarttb&v=5_4&ent=hp_5108&src=5108
CHR StartupUrls: Default -> "hxxp://www.mystart.com/?pr=vmn&id=mystarttb&v=5_4&ent=hp_5108&src=5108", "hxxp://www.google.de/"
CHR Profile: C:\Users\Astrid \AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Astrid \AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-23]
CHR Extension: (Google Docs) - C:\Users\Astrid \AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-23]
CHR Extension: (Google Drive) - C:\Users\Astrid \AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-23]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Astrid Böttcher\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-01-26]
CHR Extension: (YouTube) - C:\Users\Astrid \AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-23]
CHR Extension: (Google Search) - C:\Users\Astrid \AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-23]
CHR Extension: (Google Sheets) - C:\Users\Astrid \AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-23]
CHR Extension: (AdBlock) - C:\Users\Astrid \AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-01-23]
CHR Extension: (Bookmark Manager) - C:\Users\Astrid \AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-01-26]
CHR Extension: (Google Wallet) - C:\Users\Astrid \AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-23]
CHR Extension: (Gmail) - C:\Users\Astrid \AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-23]
CHR HKU\S-1-5-21-3392072093-3665888848-192803557-1000\...\Chrome\Extension: [kdneagjiboclldmglpjofpeipkbollcf] - C:\Users\Astrid Böttcher\AppData\Local\CRE\kdneagjiboclldmglpjofpeipkbollcf.crx [Not Found]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-12-09] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-09] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [166192 2014-11-20] (Avira Operations GmbH & Co. KG)
S2 BootShieldSvc; C:\Windows\System32\BootShieldSvc.exe [123952 2012-02-06] (Lenovo)
R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-02-21] (Intel Corporation)
R2 LenovoSmartConnectService; C:\Program Files (x86)\Lenovo\Lenovo Smart Update\LenovoSmartConnectService.exe [66608 2012-02-20] (Lenovo)
R2 Lexware_Update_Service; C:\Program Files (x86)\Lexware\Update Service\Hmg.InstallationService.Service.exe [61992 2014-02-18] (Haufe-Lexware GmbH & Co. KG)
S2 Mobile Partner. RunOuc; C:\Program Files (x86)\Mobile Partner\UpdateDog\ouc.exe [239968 2013-10-17] ()
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [2102072 2013-12-18] (AVG)
R2 VideAceWindowsService; C:\QuickStartUtil\VAWinService.exe [91464 2011-03-25] ()
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 ZAtheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [163456 2012-04-28] (Atheros)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 amdkmpfd; C:\Windows\System32\DRIVERS\amdkmpfd.sys [31872 2012-02-01] (Advanced Micro Devices, Inc.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-07] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-10-07] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-08-15] (Avira Operations GmbH & Co. KG)
R0 BootShield; C:\Windows\System32\drivers\BootShield.sys [31536 2012-04-16] (Lenovo Corporation")
R1 BootShieldfltr; C:\Windows\System32\drivers\BootShieldfltr.sys [61744 2012-02-16] (Lenovo Corporation)
R3 cxbu0x64; C:\Windows\System32\DRIVERS\cxbu0x64.sys [191224 2014-04-05] (HID Global Corporation)
R3 LAD; C:\Windows\System32\DRIVERS\LAD.sys [8192 2012-01-12] (TODO: <Company name>)
S3 MHIKEY10; C:\Windows\System32\Drivers\MHIKEY10x64.sys [60288 2010-09-15] (Generic USB smartcard reader)
S3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [27960 2012-07-13] (Synaptics Incorporated)
S3 TTHID; C:\Windows\System32\DRIVERS\Cinergy_Hybrid-Stick_HID.sys [27944 2012-09-27] (DTV-DVB)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [14112 2013-12-16] (TuneUp Software)
S3 UDXTTM6010; C:\Windows\System32\DRIVERS\UDXTTM6010.sys [841384 2012-09-27] ()
R3 vm331avs; C:\Windows\System32\Drivers\vm331avs.sys [952832 2011-12-06] (Vimicro Corporation)
U3 BcmSqlStartupSvc; No ImagePath
S1 BdfNdisf; \??\c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
U2 CLKMSVC10_3A60B698; No ImagePath
U2 CLKMSVC10_C3B3B687; No ImagePath
U2 DriverService; No ImagePath
U2 iATAgentService; No ImagePath
U2 idealife Update Service; No ImagePath
U3 IGRS; No ImagePath
U2 IviRegMgr; No ImagePath
U2 Oasis2Service; No ImagePath
U2 PCCarerService; No ImagePath
U2 ReadyComm.DirectRouter; No ImagePath
U2 RichVideo; No ImagePath
U2 RtLedService; No ImagePath
U2 SeaPort; No ImagePath
U2 SoftwareService; No ImagePath
U3 SQLWriter; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-26 12:54 - 2015-01-26 12:54 - 00000000 ____D () C:\Users\Astrid \Downloads\FRST-OlderVersion
2015-01-23 14:54 - 2015-01-23 14:54 - 00000526 _____ () C:\Users\Astrid \Desktop\FRST3.txt
2015-01-23 14:49 - 2015-01-23 15:19 - 00000526 _____ () C:\Users\Astrid \Desktop\Fixlist.txt
2015-01-23 14:44 - 2015-01-23 14:44 - 00002258 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-01-23 14:44 - 2015-01-23 14:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-01-23 14:43 - 2015-01-23 14:43 - 00000000 ____D () C:\Users\Astrid \Local\Deployment
2015-01-23 14:43 - 2015-01-23 14:43 - 00000000 ____D () C:\Users\Astrid Böttcher\AppData\Local\Apps\2.0
2015-01-23 14:18 - 2015-01-23 14:18 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Astrid \Downloads\revosetup95 (5).exe
2015-01-23 14:14 - 2015-01-23 14:15 - 10801480 _____ (VS Revo Group ) C:\Users\Astrid \Downloads\RevoUninProSetup (1).exe
2015-01-23 14:13 - 2015-01-23 14:13 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Astrid \Downloads\revosetup95 (4).exe
2015-01-23 14:13 - 2015-01-23 14:13 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Astrid \Downloads\revosetup95 (3).exe
2015-01-23 09:51 - 2015-01-23 09:51 - 00908921 _____ () C:\Users\Astrid \Downloads\0000851500_15.01.2015 (2).ZIP
2015-01-23 09:50 - 2015-01-23 09:50 - 00908921 _____ () C:\Users\Astrid \Downloads\0000851500_15.01.2015 (1).ZIP
2015-01-23 09:46 - 2015-01-23 09:47 - 00908921 _____ () C:\Users\Astrid \Downloads\0000851500_15.01.2015.ZIP
2015-01-22 15:23 - 2015-01-21 14:54 - 00016488 _____ () C:\Users\Astrid \Documents\Aktuell%20offene%20Rechnungen.xls_0_1.ods
2015-01-22 11:45 - 2015-01-22 11:45 - 00038657 _____ () C:\Users\Astrid \Desktop\FRST2.txt
2015-01-22 11:40 - 2015-01-22 11:40 - 00000949 _____ () C:\Users\Astrid \Desktop\checkup.txt
2015-01-22 11:34 - 2015-01-22 11:34 - 00852504 _____ () C:\Users\Astrid \Downloads\SecurityCheck (3).exe
2015-01-21 22:14 - 2015-01-21 22:14 - 00852504 _____ () C:\Users\Astrid \Downloads\SecurityCheck (2).exe
2015-01-21 22:11 - 2015-01-21 22:11 - 00852504 _____ () C:\Users\Astrid \Downloads\SecurityCheck (1).exe
2015-01-21 22:08 - 2015-01-21 22:08 - 00852504 _____ () C:\Users\Astrid \Downloads\SecurityCheck.exe
2015-01-21 20:02 - 2015-01-21 20:02 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-01-21 20:01 - 2015-01-21 20:02 - 02347384 _____ (ESET) C:\Users\Astrid \Downloads\esetsmartinstaller_deu.exe
2015-01-21 14:30 - 2015-01-21 14:30 - 00002166 _____ () C:\Users\Astrid \Desktop\JRT.txt
2015-01-21 14:24 - 2015-01-21 14:24 - 00000000 ____D () C:\Windows\ERUNT
2015-01-21 14:23 - 2015-01-21 14:24 - 01707939 _____ (Thisisu) C:\Users\Astrid \Downloads\JRT.exe
2015-01-21 14:05 - 2015-01-21 14:05 - 02186752 _____ () C:\Users\Astrid \Downloads\AdwCleaner_4.108 (1).exe
2015-01-21 14:02 - 2015-01-21 14:22 - 00007780 _____ () C:\Users\Astrid \Desktop\mbam.txt
2015-01-21 14:00 - 2015-01-21 12:18 - 00016436 _____ () C:\Users\Astrid \Documents\Aktuell%20offene%20Rechnungen.xls_0.ods
2015-01-21 12:56 - 2015-01-21 12:56 - 00001113 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-21 12:54 - 2015-01-21 12:55 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Astrid \Downloads\mbam-setup-2.0.4.1028.exe
2015-01-21 08:43 - 2015-01-21 08:44 - 05608785 ____R (Swearware) C:\Users\Astrid \Downloads\ComboFix (1).exe
2015-01-21 08:31 - 2015-01-21 08:31 - 00038222 _____ () C:\Users\Astrid \Desktop\Combofix.txt
2015-01-21 08:26 - 2015-01-21 08:26 - 00038318 _____ () C:\ComboFix.txt
2015-01-21 07:59 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-01-21 07:59 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-01-21 07:59 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-01-21 07:59 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-01-21 07:59 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-01-21 07:59 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2015-01-21 07:59 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2015-01-21 07:59 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2015-01-21 07:58 - 2015-01-21 08:26 - 00000000 ____D () C:\Qoobox
2015-01-21 07:58 - 2015-01-21 08:23 - 00000000 ____D () C:\Windows\erdnt
2015-01-21 07:57 - 2015-01-21 07:58 - 05608785 ____R (Swearware) C:\Users\Astrid \Downloads\ComboFix.exe
2015-01-21 07:44 - 2015-01-21 07:44 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Astrid \Downloads\revosetup95 (2).exe
2015-01-21 07:43 - 2015-01-21 07:43 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Astrid \Downloads\revosetup95 (1).exe
2015-01-20 18:39 - 2015-01-20 18:40 - 00280840 _____ () C:\Windows\Minidump\012015-21793-01.dmp
2015-01-20 18:33 - 2015-01-20 18:34 - 00031755 _____ () C:\Users\Astrid \Desktop\gmer.txt
2015-01-20 18:31 - 2015-01-20 18:31 - 00033488 _____ () C:\Users\Astrid \Desktop\Addition.txt
2015-01-20 18:29 - 2015-01-20 18:29 - 00037558 _____ () C:\Users\Astrid \Desktop\FRST.txt
2015-01-20 18:24 - 2015-01-20 18:24 - 00000478 _____ () C:\Users\Astrid \Desktop\defogger_disable.log
2015-01-20 18:19 - 2015-01-20 18:33 - 00031899 _____ () C:\Users\Astrid \Downloads\gmer.txt
2015-01-20 17:14 - 2015-01-20 17:14 - 00380416 _____ () C:\Users\Astrid \Downloads\Gmer-19357.exe
2015-01-20 16:55 - 2015-01-20 16:57 - 00033598 _____ () C:\Users\Astrid \Downloads\Addition.txt
2015-01-20 16:53 - 2015-01-26 13:08 - 00024925 _____ () C:\Users\Astrid \Downloads\FRST.txt
2015-01-20 16:53 - 2015-01-26 13:08 - 00000000 ____D () C:\FRST
2015-01-20 16:52 - 2015-01-26 12:54 - 02129920 _____ (Farbar) C:\Users\Astrid \Downloads\FRST64.exe
2015-01-20 16:50 - 2015-01-20 16:50 - 00050477 _____ () C:\Users\Astrid \Downloads\Defogger (1).exe
2015-01-20 16:37 - 2015-01-20 18:23 - 00000478 _____ () C:\Users\Astrid \Downloads\defogger_disable.log
2015-01-20 16:37 - 2015-01-20 16:37 - 00000000 _____ () C:\Users\Astrid \defogger_reenable
2015-01-20 16:36 - 2015-01-20 16:36 - 00050477 _____ () C:\Users\Astrid \Downloads\Defogger.exe
2015-01-20 15:08 - 2015-01-20 15:09 - 02186752 _____ () C:\Users\Astrid \Downloads\adwcleaner_4.108.exe
2015-01-14 10:06 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 10:06 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 10:06 - 2014-12-11 18:47 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 10:06 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 10:06 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-14 10:06 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-14 10:05 - 2014-12-12 06:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-14 10:05 - 2014-12-12 06:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-14 10:05 - 2014-12-12 06:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-14 10:05 - 2014-12-12 06:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-14 10:05 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-14 10:05 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-14 10:05 - 2014-12-12 06:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-12 11:36 - 2015-01-09 13:20 - 00017770 _____ () C:\Users\Astrid \Documents\Ohne%20Mwst%204.%20Quartal%202014.xls_0.ods
2015-01-12 11:36 - 2015-01-09 13:00 - 00023337 _____ () C:\Users\Astrid \Documents\4.%20Quartal%202014.xls_0.ods
2015-01-12 11:36 - 2015-01-08 21:19 - 00017217 _____ () C:\Users\Astrid \Documents\Essensplan%202015.xls_1.ods
2015-01-08 17:02 - 2015-01-08 17:02 - 00083456 _____ () C:\Users\Astrid \Downloads\Polen Reiseeinzelheiten IV Quartal 2014- UMSATZSTEUER Polen.xls
2014-12-28 19:04 - 2015-01-23 13:43 - 00010752 _____ () C:\Users\Astrid \Desktop\Essensplan 2015.xls
2014-12-28 17:08 - 2014-12-30 17:43 - 00015872 _____ () C:\Users\Astrid \Desktop\Essensplan2014.xls
2014-12-28 14:03 - 2014-12-28 14:03 - 16766700 _____ (Adobe Systems Incorporated) C:\Users\Astrid Böttcher\Downloads\hauptantrag.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-26 13:07 - 2014-04-23 12:37 - 00000000 ____D () C:\Users\Astrid \AppData\Roaming\Spotify
2015-01-26 13:06 - 2009-07-14 05:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-26 13:06 - 2009-07-14 05:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-26 13:03 - 2014-01-29 13:07 - 00000000 ___RD () C:\Users\Astrid \Dropbox
2015-01-26 13:03 - 2014-01-29 13:06 - 00000000 ____D () C:\Users\Astrid \AppData\Roaming\Dropbox
2015-01-26 13:02 - 2012-08-21 08:06 - 00309317 _____ () C:\Windows\system32\fastboot.set
2015-01-26 13:02 - 2012-08-21 06:56 - 01949092 _____ () C:\Windows\WindowsUpdate.log
2015-01-26 13:01 - 2013-05-21 09:30 - 03213885 _____ () C:\FaceProv.log
2015-01-26 13:01 - 2012-08-21 07:58 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-26 13:01 - 2012-08-21 07:57 - 00000000 ____D () C:\ProgramData\VeriFace
2015-01-26 12:58 - 2010-11-21 04:47 - 01079452 _____ () C:\Windows\PFRO.log
2015-01-26 12:58 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-26 12:58 - 2009-07-14 05:51 - 00133953 _____ () C:\Windows\setupact.log
2015-01-26 12:37 - 2013-09-05 07:49 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-26 11:58 - 2012-08-21 07:58 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-25 20:49 - 2013-09-05 07:49 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-25 20:49 - 2013-09-05 07:49 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-25 20:49 - 2013-09-05 07:49 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-23 14:44 - 2013-05-21 09:38 - 00000000 ____D () C:\Users\Astrid Böttcher\AppData\Local\Google
2015-01-23 14:44 - 2012-08-21 07:58 - 00000000 ____D () C:\Program Files (x86)\Google
2015-01-23 14:18 - 2014-11-19 09:41 - 00001275 _____ () C:\Users\Astrid \Desktop\Revo Uninstaller.lnk
2015-01-23 14:18 - 2014-11-19 09:41 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2015-01-23 14:15 - 2014-11-19 09:49 - 00001088 _____ () C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
2015-01-23 14:15 - 2014-11-19 09:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
2015-01-22 19:39 - 2014-12-10 12:06 - 00011264 _____ () C:\Users\Astrid \Desktop\Aktuell offene Rechnungen.xls
2015-01-21 19:57 - 2012-08-21 16:34 - 00714910 _____ () C:\Windows\system32\perfh007.dat
2015-01-21 19:57 - 2012-08-21 16:34 - 00154704 _____ () C:\Windows\system32\perfc007.dat
2015-01-21 19:57 - 2009-07-14 06:13 - 01651208 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-21 14:09 - 2014-02-17 11:57 - 00000000 ____D () C:\AdwCleaner
2015-01-21 13:59 - 2014-09-02 20:16 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-21 13:33 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\AppCompat
2015-01-21 12:56 - 2014-09-02 20:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-21 12:56 - 2014-09-02 20:16 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-01-21 08:26 - 2009-07-14 04:20 - 00000000 ___HD () C:\Users\Default
2015-01-21 08:23 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2015-01-20 18:39 - 2014-03-24 13:42 - 689318057 _____ () C:\Windows\MEMORY.DMP
2015-01-20 18:39 - 2014-03-24 13:42 - 00000000 ____D () C:\Windows\Minidump
2015-01-20 16:46 - 2014-07-18 10:18 - 00000000 ____D () C:\Users\Astrid \Desktop\Handybilder Vladi
2015-01-20 16:37 - 2013-05-21 09:30 - 00000000 ____D () C:\Users\Astrid
2015-01-19 11:29 - 2014-08-28 10:22 - 00000000 ____D () C:\Users\Astrid \AppData\Local\Windows Live
2015-01-14 22:34 - 2013-10-23 06:12 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-14 22:23 - 2013-10-23 06:12 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-10 20:05 - 2013-05-21 09:33 - 00124184 _____ () C:\Users\Astrid \AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-10 20:03 - 2009-07-14 05:45 - 00479480 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-01-08 13:46 - 2013-06-03 13:06 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-01-08 13:46 - 2013-05-22 14:39 - 00000000 ____D () C:\Users\Astrid \AppData\Local\CrashDumps
2015-01-06 04:36 - 2010-11-21 04:27 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-12-28 14:17 - 2014-10-20 16:56 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk

==================== Files in the root of some directories =======

2014-08-22 08:50 - 2014-08-22 08:50 - 0033193 _____ () C:\Users\Astrid \AppData\Roaming\UserTile.png
2014-01-13 13:52 - 2014-09-02 09:18 - 0000264 _____ () C:\Users\Astrid \AppData\Roaming\WB.CFG
2014-01-13 13:52 - 2014-01-31 07:36 - 0000005 _____ () C:\Users\Astrid \AppData\Roaming\WBPU-TTL.DAT
2014-11-24 19:00 - 2014-11-24 19:00 - 0003584 _____ () C:\Users\Astrid \AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-08-21 08:07 - 2012-08-21 08:07 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some content of TEMP:
====================
C:\Users\Astrid Böttcher\AppData\Local\Temp\avgnt.exe
C:\Users\Astrid Böttcher\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpj03loa.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-06 09:26

==================== End Of Log ============================
--- --- ---

--- --- ---

schrauber 26.01.2015 18:09
Supi. Bestehen jetzt noch Probleme?

pepsiderhund 26.01.2015 20:29
Ja, es hat sich nichts verändert.

Gruß

Astrid


Alle Zeitangaben in WEZ +1. Es ist jetzt 07:47 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131