Trojaner-Board - pdfforge Toolbar v7.3

Trojaner-Board (https://www.trojaner-board.de/)

- Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)

- - pdfforge Toolbar v7.3 - ein Trojaner? (https://www.trojaner-board.de/139750-pdfforge-toolbar-v7-3-trojaner.html)

pdfforge Toolbar v7.3 - ein Trojaner?

Hallo!

Mein Name ist Sonja. Ich habe eine kleine Kindereventfirma, nutze meinen Rechner zu 50 % gewerblich.

Seit einiger Zeit stürzt mein Rechner wiederholt bei dem Erstellen einer PDF-Datei ab. Egal aus welchem Programm. Sobald ich die Schnelltaste dafür benutze, also NICHT über den Befehl Drucken->PDF-Drucker wählen->speichern, erhalte ich Bluescreen und der Rechner startet sich neu. Ich kann jetzt leider nicht sagen, was für eine Fehlermeldung da dann steht, das geht immer so schnell.:wtf:

Ich hatte nun eigentlich vor, das PDF-Programm zu deinstallieren und nach einer neueren Version zu suchen. In der Software-Verwaltung stieß ich dann auf pdfforge Toolbar v7.3, es kam mir gleich merkwürdig vor, weil ich nicht wußte, wo das nun zugehören soll. Ausserdem stand da als Installtionsdatum 25.07.2013, ich habe aber keine neuen Sachen installiert.
Also habe ich das gegooglet und bin dabei über Euer Forum gestolpert.

Ist das ein Trojaner?

Ich habe schon die Checkliste befolgt, allerdings hängt sich der Rechner bei der Ausführung von GMER immer auf. Im abgesicherten Modus flog ich ebenfalls raus.

http://imageshack.us/a/img405/8651/7lvy.jpg

Eigentlich bin ich der Meinung, alle Programme geschlossen und deaktiviert zu haben. Ich habe es sowohl mit Haken bei Devices als auch ohne probiert.

Ich hoffe auf Eure Hilfe und sage schon mal Danke für Eure Mühe!:rolleyes:

hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

Edit: Schrauber war schneller

Hallo Schrauber,

diesen Schritt habe ich gestern schon gemacht. Hier sind die Dateien:

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-08-2013 02

Ran by Lütte (administrator) on 12-08-2013 11:16:23

Running from C:\Users\Lütte\Downloads

Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: German Standard

Internet Explorer Version 9

Boot Mode: Normal
 

==================== Processes (Whitelisted) ===================
 

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe

(Microsoft Corporation) C:\Windows\system32\SLsvc.exe

(CyberLink) C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Spigot, Inc.) C:\Program Files\Application Updater\ApplicationUpdater.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(NewTech Infosystems, Inc.) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe

(Egis Incorporated) C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe

() C:\Program Files\Acer\Empowering Technology\Service\ETService.exe

(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe

(Symantec Corporation) C:\Program Files\Norton AntiVirus\Engine\20.4.0.40\ccSvcHst.exe

(NewTech InfoSystems, Inc.) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe

() C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe

() C:\Windows\system32\PSIService.exe

() C:\Program Files\CyberLink\Shared Files\RichVideo.exe

(Samsung Electronics Co., Ltd.) C:\Windows\system32\spool\drivers\w32x86\3\NetFaxServer.exe

(TeamViewer GmbH) C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe

(Symantec Corporation) C:\Program Files\Norton AntiVirus\Engine\20.4.0.40\ccSvcHst.exe

(Google Inc.) C:\Program Files\Google\Update\1.3.21.153\GoogleCrashHandler.exe

() C:\Program Files\bin32\nSvcAppFlt.exe

() C:\Program Files\bin32\nSvcIp.exe

(Microsoft Corporation) C:\Windows\System32\mobsync.exe

(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe

() C:\Program Files\Acer\Empowering Technology\SysMonitor.exe

(Egis Incorporated) C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe

() C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe

() C:\Windows\twain_32\Samsung\CLX3180\Scan2Pc.exe

() C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe

(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe

(Spigot, Inc.) C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe

(Microsoft Corporation) C:\Windows\ehome\ehtray.exe

(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe

(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe

(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.exe

(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.bin

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\Windows\system32\conime.exe
 

==================== Registry (Whitelisted) ==================
 

HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation)

HKLM\...\Run: [RtHDVCpl] - C:\Windows\RtHDVCpl.exe [5369856 2008-03-26] (Realtek Semiconductor)

HKLM\...\Run: [Acer Empowering Technology Monitor] - C:\Program Files\Acer\Empowering Technology\SysMonitor.exe [319488 2008-04-25] ()

HKLM\...\Run: [eDataSecurity Loader] - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe [526896 2008-03-04] (Egis Incorporated)

HKLM\...\Run: [BkupTray] - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe [28672 2008-04-25] ()

HKLM\...\Run: [WarReg_PopUp] - C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe [303104 2008-01-29] (Acer Incorporated)

HKLM\...\Run: [PCMMediaSharing] - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe [204908 2008-05-20] ()

HKLM\...\Run: [CLX3180_Scan2Pc] - C:\Windows\Twain_32\Samsung\CLX3180\Scan2pc.exe [1990144 2011-04-29] ()

HKLM\...\Run: [EmpoweringTechnology] - C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe [319488 2008-04-25] ()

HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)

HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)

HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)

HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.)

HKLM\...\Run: [] -  [x]

HKLM\...\Run: [SearchSettings] - C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe [1303360 2013-07-05] (Spigot, Inc.)

HKCU\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)

HKCU\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)

HKU\Default\...\Run: [WindowsWelcomeCenter] - C:\Windows\System32\oobefldr.dll [ 2009-04-11] (Microsoft Corporation)

HKU\Default\...\RunOnce: [RUN] - C:\Windows\Acer_Normal\run_DT.exe [ 2007-04-19] ()

HKU\Default User\...\Run: [WindowsWelcomeCenter] - C:\Windows\System32\oobefldr.dll [ 2009-04-11] (Microsoft Corporation)

HKU\Default User\...\RunOnce: [RUN] - C:\Windows\Acer_Normal\run_DT.exe [ 2007-04-19] ()

Startup: C:\Users\Lütte\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk

ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
 

==================== Internet (Whitelisted) ====================
 

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.1und1.de/links/home

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp32&d=1006&m=aspire_x3200

HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.incredimail.com/

hxxp://www.google.de/

hxxp://mystart.incredimail.com/

hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp32&d=1006&m=aspire_x3200

hxxp://global.acer.com

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com

HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.intl.acer.yahoo.com

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.intl.acer.yahoo.com

URLSearchHook: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\7.3\pdfforgeToolbarIE.dll (Spigot, Inc.)

SearchScopes: HKCU - DefaultScope {24B29738-A4FD-40E7-8F80-F052DC9AF2B9} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=302398&p={searchTerms}

SearchScopes: HKCU - {0335C993-9A97-4739-BBBC-550D44D95BBB} URL = hxxp://go.1und1.de/suchbox/1und1suche?su={searchTerms}

SearchScopes: HKCU - {24B29738-A4FD-40E7-8F80-F052DC9AF2B9} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=302398&p={searchTerms}

SearchScopes: HKCU - {67BE73E8-423E-4A9D-BDC6-0E2233BA7EC9} URL = hxxp://go.1und1.de/suchbox/amazon?tag=1und1icon-21&field-keywords={searchTerms}

SearchScopes: HKCU - {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} URL = hxxp://mystart.incredimail.com/?search={searchTerms}&loc=search_box_im2_test_v2

SearchScopes: HKCU - {DEE70BA0-8E22-425B-9CAE-311513D59C6D} URL = hxxp://go.web.de/suchbox/ebay?query={searchTerms}

BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\20.4.0.40\IPS\IPSBHO.DLL (Symantec Corporation)

BHO: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\7.3\pdfforgeToolbarIE.dll (Spigot, Inc.)

BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.6.0_22\bin\jp2ssv.dll (Sun Microsystems, Inc.)

Toolbar: HKLM - Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)

Toolbar: HKLM - pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\7.3\pdfforgeToolbarIE.dll (Spigot, Inc.)

Toolbar: HKCU -&Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\system32\ieframe.dll (Microsoft Corporation)

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)

Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)

Handler: msdaipp - No CLSID Value - 

Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)

Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)

Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
 

FireFox:

========

FF ProfilePath: C:\Users\Lütte\AppData\Roaming\Mozilla\Firefox\Profiles\u605vppl.default

FF user.js: detected! => C:\Users\Lütte\AppData\Roaming\Mozilla\Firefox\Profiles\u605vppl.default\user.js

FF Homepage: hxxp://www.google.de/

FF SelectedSearchEngine: Yahoo

FF Keyword.URL: hxxp://search.yahoo.com/search?ei=utf-8&fr=greentree_ff1&type=302398&ilc=12&p=

FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()

FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre1.6.0_22\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)

FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)

FF Plugin: @zylom.com/ZylomGamesPlayer - C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)

FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Plugin HKCU: @movenetworks.com/Quantum Media Player - C:\Users\Lütte\AppData\Roaming\Move Networks\plugins\071802000001\npqmp071802000001.dll (Move Networks)

FF Extension: No Name - C:\Users\Lütte\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}

FF Extension: No Name - C:\Users\Lütte\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}

FF Extension: Yahoo! Toolbar - C:\Users\Lütte\AppData\Roaming\Mozilla\Firefox\Profiles\u605vppl.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}

FF Extension: FoxLingo - C:\Users\Lütte\AppData\Roaming\Mozilla\Firefox\Profiles\u605vppl.default\Extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}

FF Extension: pdfforge - C:\Users\Lütte\AppData\Roaming\Mozilla\Firefox\Profiles\u605vppl.default\Extensions\pdfforge@mybrowserbar.com

FF Extension: No Name - C:\Users\Lütte\AppData\Roaming\Mozilla\Firefox\Profiles\u605vppl.default\Extensions\sfStatistics.xml

FF Extension: No Name - C:\Users\Lütte\AppData\Roaming\Mozilla\Firefox\Profiles\u605vppl.default\Extensions\{097d3191-e6fa-4728-9826-b533d755359d}.xpi

FF Extension: No Name - C:\Users\Lütte\AppData\Roaming\Mozilla\Firefox\Profiles\u605vppl.default\Extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}.xpi

FF Extension: No Name - C:\Users\Lütte\AppData\Roaming\Mozilla\Firefox\Profiles\u605vppl.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

FF HKLM\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.0.24\IPSFFPlgn\

FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.0.24\IPSFFPlgn\
 

Chrome: 

=======

CHR HomePage: hxxp://go.1und1.de/links/home

CHR RestoreOnStartup: "https://www.google.com/"

CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}

CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}

CHR Plugin: (Shockwave Flash) - C:\Users\L\u00FCtte\AppData\Local\Google\Chrome\User Data\PepperFlash\11.7.700.202\pepflashplayer.dll No File

CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer

CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll No File

CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\26.0.1410.64\pdf.dll No File

CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)

CHR Plugin: (Java Deployment Toolkit 6.0.220.4) - C:\Program Files\Java\jre1.6.0_22\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.)

CHR Plugin: (Java(TM) Platform SE 6 U22) - C:\Program Files\Java\jre1.6.0_22\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

CHR Plugin: (Microsoft\u00AE Windows Media Player Firefox Plugin) - C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)

CHR Plugin: (Authorware Web Player) - C:\Program Files\Mozilla Firefox\plugins\np32asw.dll (Macromedia, Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll (Apple Inc.)

CHR Plugin: (Zylom Plugin) - C:\Program Files\Mozilla Firefox\plugins\npzylomgamesplayer.dll (Zylom)

CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File

CHR Plugin: (Magellan Plug-In) - C:\Program Files\Magellan\Magellan Communicator\npMgnPlg.dll No File

CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File

CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

CHR Plugin: (Move Media Player 7) - C:\Users\L\u00FCtte\AppData\Roaming\Move Networks\plugins\071802000001\npqmp071802000001.dll No File

CHR Plugin: (Windows Presentation Foundation) - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll No File

CHR Extension: (Docs) - C:\Users\LTTE~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0

CHR Extension: (Google Drive) - C:\Users\LTTE~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0

CHR Extension: (YouTube) - C:\Users\LTTE~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0

CHR Extension: (Google Search) - C:\Users\LTTE~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0

CHR Extension: (Gmail) - C:\Users\LTTE~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0

CHR StartMenuInternet: Google Chrome - C:\Program Files\Google\Chrome\Application\chrome.exe
 

========================== Services (Whitelisted) =================
 

R2 Acer HomeMedia Connect Service; C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [269448 2008-05-20] (CyberLink)

R2 Application Updater; C:\Program Files\Application Updater\ApplicationUpdater.exe [807800 2013-07-05] (Spigot, Inc.)

R2 BUNAgentSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [16384 2008-03-03] (NewTech Infosystems, Inc.)

R2 ETService; C:\Program Files\Acer\Empowering Technology\Service\ETService.exe [24576 2008-04-25] ()

R2 ForceWare Intelligent Application Manager (IAM); C:\Program Files\bin32\nSvcAppFlt.exe [598016 2008-01-29] ()

R2 NAV; C:\Program Files\Norton AntiVirus\Engine\20.4.0.40\diMaster.dll [556336 2013-05-30] (Symantec Corporation)

R2 nSvcIp; C:\Program Files\bin32\nSvcIp.exe [163840 2008-01-29] ()

R2 NTISchedulerSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [131072 2008-04-25] ()

R2 ProtexisLicensing; C:\Windows\system32\PSIService.exe [177704 2007-06-05] ()

R2 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [241734 2008-06-13] ()

R2 Samsung Network Fax Server; C:\Windows\system32\spool\drivers\w32x86\3\NetFaxServer.exe [175104 2011-04-28] (Samsung Electronics Co., Ltd.)
 

==================== Drivers (Whitelisted) ====================
 

R1 BHDrvx86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.0.24\Definitions\BASHDefs\20130715.001\BHDrvx86.sys [1002072 2013-05-31] (Symantec Corporation)

R1 ccSet_NAV; C:\Windows\system32\drivers\NAV\1404000.028\ccSetx86.sys [134744 2013-04-16] (Symantec Corporation)

S2 DgiVecp; C:\Windows\system32\Drivers\DgiVecp.sys [38400 2009-07-13] (Samsung Electronics Co., Ltd.)

R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376480 2012-08-10] (Symantec Corporation)

R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [106656 2012-08-10] (Symantec Corporation)

R1 IDSVix86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.0.24\Definitions\IPSDefs\20130807.001\IDSvix86.sys [386720 2012-12-21] (Symantec Corporation)

R2 int15; C:\Windows\system32\drivers\int15.sys [15392 2008-04-25] (Acer, Inc.)

R3 KMWDFILTER; C:\Windows\System32\DRIVERS\KMWDFILTER.sys [17408 2008-10-09] (Windows (R) Codename Longhorn DDK provider)

R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.0.24\Definitions\VirusDefs\20130807.022\NAVENG.SYS [93272 2013-05-23] (Symantec Corporation)

R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.0.24\Definitions\VirusDefs\20130807.022\NAVEX15.SYS [1611992 2013-05-23] (Symantec Corporation)

R3 SRTSP; C:\Windows\System32\Drivers\NAV\1404000.028\SRTSP.SYS [603224 2013-05-16] (Symantec Corporation)

R1 SRTSPX; C:\Windows\system32\drivers\NAV\1404000.028\SRTSPX.SYS [32344 2013-03-05] (Symantec Corporation)

R2 SSPORT; C:\Windows\system32\Drivers\SSPORT.sys [5120 2009-07-12] (Samsung Electronics)

R0 SymDS; C:\Windows\System32\drivers\NAV\1404000.028\SYMDS.SYS [367704 2013-05-21] (Symantec Corporation)

R0 SymEFA; C:\Windows\System32\drivers\NAV\1404000.028\SYMEFA.SYS [934488 2013-05-23] (Symantec Corporation)

R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [142496 2013-06-19] (Symantec Corporation)

R1 SymIRON; C:\Windows\system32\drivers\NAV\1404000.028\Ironx86.SYS [175264 2013-03-05] (Symantec Corporation)

R1 SYMTDIv; C:\Windows\System32\Drivers\NAV\1404000.028\SYMTDIV.SYS [352344 2013-04-25] (Symantec Corporation)

S3 IpInIp; system32\DRIVERS\ipinip.sys [x]

S3 lvpopflt; system32\DRIVERS\lvpopflt.sys [x]

S3 LVRS; system32\DRIVERS\lvrs.sys [x]

S3 LVUVC; system32\DRIVERS\lvuvc.sys [x]

S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]

S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]

S3 SYMDNS; \??\C:\Windows\system32\drivers\NAV\1000000.07D\SYMDNS.SYS [x]

S3 SYMFW; \SystemRoot\System32\Drivers\NAV\1008000.029\SYMFW.SYS [x]

S3 SYMNDISV; \SystemRoot\System32\Drivers\NAV\1008000.029\SYMNDISV.SYS [x]

S3 SYMREDRV; \??\C:\Windows\system32\drivers\NAV\1000000.07D\SYMREDRV.SYS [x]
 

==================== NetSvcs (Whitelisted) ===================
 
 

==================== One Month Created Files and Folders ========
 

2013-08-12 11:11 - 2013-08-12 11:11 - 00000000 ____D C:\FRST

2013-08-12 11:10 - 2013-08-12 11:10 - 01068593 _____ (Farbar) C:\Users\Lütte\Downloads\FRST.exe

2013-08-12 11:08 - 2013-08-12 11:08 - 00000472 _____ C:\Users\Lütte\Downloads\defogger_disable.log

2013-08-12 11:08 - 2013-08-12 11:08 - 00000000 _____ C:\Users\Lütte\defogger_reenable

2013-08-12 11:06 - 2013-08-12 11:06 - 00050477 _____ C:\Users\Lütte\Downloads\Defogger.exe

2013-08-12 11:06 - 2013-08-12 11:06 - 00000680 _____ C:\Users\LTTE~1\AppData\Local\d3d9caps.dat

2013-08-08 09:49 - 2013-08-08 11:04 - 00000000 ____D C:\Program Files\Mozilla Thunderbird

2013-08-07 23:08 - 2013-08-07 23:08 - 00139352 _____ C:\Windows\Minidump\Mini080713-01.dmp

2013-08-07 22:15 - 2013-08-07 22:15 - 00010227 _____ C:\Users\Lütte\Downloads\Cuxnatur_Geocaching_Kuestenwald.gpx

2013-08-07 22:13 - 2013-08-07 22:13 - 00010344 _____ C:\Users\Lütte\Downloads\Cuxnatur_Geocaching_Kuestenheide.gpx

2013-08-07 21:06 - 2013-08-07 21:06 - 00368128 _____ C:\Users\Lütte\Downloads\Einladung_Geocaching_Kindergeburtstag (1).ppt

2013-08-04 14:16 - 2013-08-04 14:16 - 00368128 _____ C:\Users\Lütte\Downloads\Einladung_Geocaching_Kindergeburtstag.ppt

2013-07-25 13:25 - 2013-07-25 13:25 - 00000000 ____D C:\Program Files\pdfforge Toolbar

2013-07-25 13:25 - 2013-07-25 13:25 - 00000000 ____D C:\Program Files\Common Files\Spigot

2013-07-25 13:25 - 2013-07-25 13:25 - 00000000 ____D C:\Program Files\Application Updater

2013-07-24 14:22 - 2013-07-24 14:22 - 00139352 _____ C:\Windows\Minidump\Mini072413-01.dmp

2013-07-15 10:12 - 2013-05-29 03:56 - 12333568 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2013-07-15 10:12 - 2013-05-29 03:50 - 01800704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2013-07-15 10:12 - 2013-05-29 03:48 - 09738752 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2013-07-15 10:12 - 2013-05-29 03:41 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2013-07-15 10:12 - 2013-05-29 03:41 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2013-07-15 10:12 - 2013-05-29 03:41 - 01104384 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2013-07-15 10:12 - 2013-05-29 03:40 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll

2013-07-15 10:12 - 2013-05-29 03:38 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2013-07-15 10:12 - 2013-05-29 03:37 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2013-07-15 10:12 - 2013-05-29 03:36 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2013-07-15 10:12 - 2013-05-29 03:35 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll

2013-07-15 10:12 - 2013-05-29 03:35 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2013-07-15 10:12 - 2013-05-29 03:33 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2013-07-15 10:12 - 2013-05-29 03:33 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2013-07-15 10:12 - 2013-05-29 03:33 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2013-07-15 10:12 - 2013-05-29 03:29 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
 

==================== One Month Modified Files and Folders =======
 

2013-08-12 11:13 - 2013-08-12 11:12 - 00021128 _____ C:\Users\Lütte\Downloads\Addition.txt

2013-08-12 11:11 - 2013-08-12 11:11 - 00000000 ____D C:\FRST

2013-08-12 11:10 - 2013-08-12 11:10 - 01068593 _____ (Farbar) C:\Users\Lütte\Downloads\FRST.exe

2013-08-12 11:09 - 2006-11-02 14:47 - 00003216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

2013-08-12 11:09 - 2006-11-02 14:47 - 00003216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

2013-08-12 11:08 - 2013-08-12 11:08 - 00000472 _____ C:\Users\Lütte\Downloads\defogger_disable.log

2013-08-12 11:08 - 2013-08-12 11:08 - 00000000 _____ C:\Users\Lütte\defogger_reenable

2013-08-12 11:08 - 2009-09-27 10:37 - 00000000 ____D C:\Users\Lütte

2013-08-12 11:06 - 2013-08-12 11:06 - 00050477 _____ C:\Users\Lütte\Downloads\Defogger.exe

2013-08-12 11:06 - 2013-08-12 11:06 - 00000680 _____ C:\Users\LTTE~1\AppData\Local\d3d9caps.dat

2013-08-12 11:02 - 2013-05-16 11:44 - 00001096 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2013-08-12 11:01 - 2006-10-12 00:36 - 01711370 _____ C:\Windows\WindowsUpdate.log

2013-08-12 10:56 - 2013-05-16 11:44 - 00001092 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2013-08-12 10:56 - 2008-05-09 11:54 - 00000147 _____ C:\Windows\system32\agent.log

2013-08-12 10:56 - 2008-01-21 04:47 - 04824052 _____ C:\Windows\PFRO.log

2013-08-12 10:56 - 2006-11-02 15:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT

2013-08-12 10:56 - 2006-10-12 00:52 - 00000000 _____ C:\Windows\system32\LogConfigTemp.xml

2013-08-11 12:23 - 2006-11-02 15:01 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT

2013-08-11 11:53 - 2012-04-11 11:10 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job

2013-08-11 11:34 - 2012-05-06 12:47 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service

2013-08-11 11:34 - 2009-10-26 15:51 - 00000000 ____D C:\Program Files\WinRAR

2013-08-08 11:04 - 2013-08-08 09:49 - 00000000 ____D C:\Program Files\Mozilla Thunderbird

2013-08-08 10:08 - 2011-10-22 14:45 - 00000030 _____ C:\Windows\Iedit_.INI

2013-08-08 09:23 - 2010-07-17 19:06 - 00000000 ____D C:\ProgramData\maxdome

2013-08-08 09:23 - 2010-07-17 19:05 - 00000000 ____D C:\Program Files\maxdome

2013-08-07 23:08 - 2013-08-07 23:08 - 00139352 _____ C:\Windows\Minidump\Mini080713-01.dmp

2013-08-07 23:08 - 2013-05-27 13:16 - 361623707 _____ C:\Windows\MEMORY.DMP

2013-08-07 23:08 - 2009-09-29 08:32 - 00000000 ____D C:\Windows\Minidump

2013-08-07 22:15 - 2013-08-07 22:15 - 00010227 _____ C:\Users\Lütte\Downloads\Cuxnatur_Geocaching_Kuestenwald.gpx

2013-08-07 22:13 - 2013-08-07 22:13 - 00010344 _____ C:\Users\Lütte\Downloads\Cuxnatur_Geocaching_Kuestenheide.gpx

2013-08-07 21:06 - 2013-08-07 21:06 - 00368128 _____ C:\Users\Lütte\Downloads\Einladung_Geocaching_Kindergeburtstag (1).ppt

2013-08-04 15:54 - 2012-07-30 08:10 - 00000000 ___RD C:\Users\Lütte\Dropbox

2013-08-04 15:15 - 2011-05-22 17:45 - 00000000 ____D C:\Users\LTTE~1\AppData\Local\CrashDumps

2013-08-04 14:16 - 2013-08-04 14:16 - 00368128 _____ C:\Users\Lütte\Downloads\Einladung_Geocaching_Kindergeburtstag.ppt

2013-08-01 09:12 - 2008-01-21 09:16 - 01459222 _____ C:\Windows\system32\PerfStringBackup.INI

2013-08-01 09:09 - 2013-04-28 12:01 - 00002388 _____ C:\Windows\setupact.log

2013-07-30 22:28 - 2013-06-25 21:24 - 00000031 _____ C:\Windows\DeskCalc.INI

2013-07-28 20:06 - 2012-07-30 08:08 - 00000000 ____D C:\Users\Lütte\AppData\Roaming\Dropbox

2013-07-25 13:25 - 2013-07-25 13:25 - 00000000 ____D C:\Program Files\pdfforge Toolbar

2013-07-25 13:25 - 2013-07-25 13:25 - 00000000 ____D C:\Program Files\Common Files\Spigot

2013-07-25 13:25 - 2013-07-25 13:25 - 00000000 ____D C:\Program Files\Application Updater

2013-07-24 14:22 - 2013-07-24 14:22 - 00139352 _____ C:\Windows\Minidump\Mini072413-01.dmp

2013-07-24 14:19 - 2012-06-22 11:40 - 00000000 ____D C:\Users\Lütte\Documents\Badgematic

2013-07-16 10:56 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\Microsoft.NET

2013-07-15 15:59 - 2009-10-08 20:50 - 00000000 ____D C:\Program Files\Microsoft Silverlight

2013-07-15 15:59 - 2006-11-02 14:47 - 00382424 _____ C:\Windows\system32\FNTCACHE.DAT

2013-07-15 15:55 - 2006-11-02 14:37 - 00000000 ____D C:\Windows\system32\XPSViewer

2013-07-15 10:14 - 2006-11-02 12:24 - 75699896 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe

2013-07-15 10:00 - 2006-11-02 14:37 - 00000000 ____D C:\Program Files\Windows Journal
 

==================== Bamital & volsnap Check =================
 

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 

LastRegBack: 2013-08-12 11:02
 

==================== End Of Log ============================

--- --- ---

Code:

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 11-08-2013 02

Ran by Lütte at 2013-08-12 11:17:37

Running from C:\Users\Lütte\Downloads

Boot Mode: Normal

==========================================================
 
 

==================== Installed Programs =======================
 

Acer Arcade Live Main Page (Version: 1.1.2704)

Acer DV Magician (Version: 1.5.2704)

Acer DVDivine (Version: 3.2.2704)

Acer eDataSecurity Management (Version: 3.0.3060)

Acer Empowering Technology (Version: 3.0.3008)

Acer eRecovery Management (Version: 3.0.3014)

Acer HomeMedia (Version: 1.5.1504)

Acer HomeMedia Connect (Version: 1.4.5330)

Acer HomeMedia Trial Creator (Version: 1.5.1504)

Acer ScreenSaver (Version: 4.01.0422)

Acer SlideShow DVD (Version: 1.5.2704)

Acer VideoMagician (Version: 1.4.2704)

Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0)

Adobe Flash Player 11 ActiveX (Version: 11.7.700.224)

Adobe Flash Player 11 Plugin (Version: 11.7.700.224)

Adobe Reader X (10.1.7) - Deutsch (Version: 10.1.7)

Agatha Christie: Das Haus an der D&uuml;ne

Apple Application Support (Version: 2.3.4)

Apple Mobile Device Support (Version: 6.1.0.13)

Apple Software Update (Version: 2.1.3.127)

AV Input Selection (Version: 1.02.0047)

Blood Ties Deluxe (HKCU Version: 1.0.0)

Bonjour (Version: 3.0.0.10)

Book of Legends Deluxe (HKCU Version: 1.0.0)

Can You See What I See Deluxe (HKCU Version: 1.0.0)

Coyote's Tale - Fire and Water Deluxe (HKCU Version: 1.0.0)

Designer 2.0 (Version: 7.8.4)

DHTML Editing Component (Version: 6.02.0001)

Dream Sleuth Deluxe (HKCU Version: 1.0.0)

Dropbox (HKCU Version: 2.0.22)

ElsterFormular (Version: 13.2.0.8623k)

ElsterFormular-Upgrade (Version: 13.3.0.9066)

eSobi v2 (Version: 2.0.3.000189)

Fishdom H2O - Hidden Odyssey Deluxe (HKCU Version: 1.0.0)

Google Chrome (Version: 28.0.1500.95)

Google Update Helper (Version: 1.3.21.153)

Hollywood - The Director's Cut Deluxe (HKCU Version: 1.0.0)

iCloud (Version: 2.1.2.8)

iTunes (Version: 11.0.4.4)

Java Auto Updater (Version: 2.0.5.1)

Java(TM) 6 Update 22 (Version: 6.0.220)

Lexware Abschreibungsrechner (Version: 12.00.04.0003)

Lexware büro easy 2013 (Version: 26.10.04.0051)

Lexware Elster (Version: 13.04.00.0113)

Lexware Info Service (Version: 2.90.00.0009)

Lexware online banking (Version: 18.00.00.0035)

LightScribe  1.4.142.1 (Version: 1.4.142.1)

Lost City of Z Deluxe (HKCU Version: 1.0.0)

maxdome - Online Videothek Version 3.1.0

Microsoft .NET Framework 3.5 Language Pack SP1 - DEU

Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729)

Microsoft .NET Framework 3.5 SP1

Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)

Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)

Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)

Microsoft Application Error Reporting (Version: 12.0.6012.5000)

Microsoft Choice Guard (Version: 2.0.48.0)

Microsoft Silverlight (Version: 5.1.20513.0)

Microsoft Silverlight 3 SDK (Version: 3.0.40818.0)

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)

Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)

Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 (Version: 9.0.21022.218)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (Version: 9.0.30729)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)

Microsoft Works (Version: 08.05.0822)

Million Dollar Quest Deluxe (HKCU Version: 1.0.0)

Move Media Player

Mozilla Maintenance Service (Version: 17.0.8)

Mozilla Thunderbird 17.0.8 (x86 de) (Version: 17.0.8)

MSVCRT (Version: 14.0.1468.721)

MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)

MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)

Mysteryville

Nightshift Legacy - The Jaguars Eye Deluxe (HKCU Version: 1.0.0)

Norton AntiVirus (Version: 20.4.0.40)

NTI Backup Now 5 (Version: 5.1.2.606)

NTI Backup Now Standard (Version: 5.1.2.606)

NTI Media Maker 8 (Version: 8.0.2.6329)

NVIDIA Drivers (Version: 1.10)

NVIDIA ForceWare Network Access Manager (Version: 1.00.6776)

NVIDIA HD-Audiotreiber 1.3.18.0 (Version: 1.3.18.0)

NVIDIA Install Application (Version: 2.1002.109.718)

OpenOffice.org 3.3 (Version: 3.3.9567)

pdfforge Toolbar v7.3 (Version: 7.3)

Pirateville Deluxe (HKCU Version: 1.0.0)

PVSonyDll (Version: 1.00.0001)

QuickTime (Version: 7.74.80.86)

Readiris Pro 10

Realtek High Definition Audio Driver (Version: 6.0.1.5591)

Samsung Network PC Fax (Version: 1.05.22.00)

Samsung Scan Assistant (Version: 1.04.20.00)

Servicepack Datumsaktualisierung (Version: 1.00.00.0005)

SmarThru 4

Spirit of Wandering Deluxe (HKCU Version: 1.0.0)

TeamViewer 7 (Version: 7.0.13936)

The Tudors Deluxe (HKCU Version: 1.0.0)

Ulead COOL 360 1.0

Ulead PhotoImpact X3 (Version: 1.00.0000)

Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)

Wartung Samsung CLX-3180 Series

Willi und die Wunder dieser Welt - Expedition 2: Arktis und Wüste (Version: 1.00.000)

Windows Live Call (Version: 14.0.8117.0416)

Windows Live Communications Platform (Version: 14.0.8117.416)

Windows Live Essentials (Version: 14.0.8117.0416)

Windows Live Essentials (Version: 14.0.8117.416)

Windows Live Messenger (Version: 14.0.8117.0416)

Windows Live-Uploadtool (Version: 14.0.8014.1029)

Windows Media Player Firefox Plugin (Version: 1.0.0.8)

WPF Toolkit June 2009 (Version 3.5.40619.1) (Version: 3.5.40619.1)

Zylom Games Player Plugin

 
 

==================== Restore Points  =========================
 

26-04-2013 10:46:57 Windows Update

13-05-2013 09:32:38 Installed Magellan Communicator

13-05-2013 09:42:26 Configured Magellan Communicator

13-05-2013 09:45:20 Installed Magellan Communicator

18-05-2013 08:15:55 Windows Update

18-05-2013 15:40:34 Configured Magellan Communicator

29-05-2013 07:26:58 Windows Update

18-06-2013 10:00:56 Windows Update

15-07-2013 07:59:02 Windows Update

23-07-2013 08:38:43 Geplanter Prüfpunkt

08-08-2013 07:18:01 Removed Safari

08-08-2013 07:23:11 maxdome Download Manager 4.1.300.78 wird entfernt

08-08-2013 08:04:23 Removed pdfforge Toolbar v7.3.
 

==================== Hosts content: ==========================
 

2006-11-02 12:23 - 2006-09-18 23:41 - 00000761 ____N C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost

::1             localhost
 

==================== Scheduled Tasks (whitelisted) =============
 

Task: {03449EF9-5584-40F6-9F97-999B0461D856} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-05-16] (Google Inc.)

Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM

Task: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI

Task: {3AFA7A74-5A06-426C-919A-F9C49AB8B357} - System32\Tasks\Norton AntiVirus\Norton Error Analyzer => C:\Program Files\Norton AntiVirus\Engine\20.4.0.40\SymErr.exe [2013-06-04] (Symantec Corporation)

Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages

Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-21] (Microsoft Corporation)

Task: {4FCAD1B6-1364-43BE-8E07-3C91FDE83D95} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)

Task: {58FE31BA-EC39-4C5A-9CD8-4C050D059DCE} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Lütte => C:\Program Files\Windows Calendar\WinCal.exe [2009-04-11] (Microsoft Corporation)

Task: {6AD269A0-1DC2-4CA2-B978-EBCEF7F5C134} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-05-16] (Google Inc.)

Task: {70E26CE3-8718-44CA-85AA-FD0996BFCFD2} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-18] (Adobe Systems Incorporated)

Task: {817C1E4E-D650-4FEE-A294-2D46FBC5A381} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\schtasks.exe [2008-01-21] (Microsoft Corporation)

Task: {A61555D3-7840-45C1-A5A9-0D49851DE37A} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\OptinNotification => C:\Windows\System32\wsqmcons.exe [2008-01-21] (Microsoft Corporation)

Task: {BE6168AC-B814-4F49-BF15-376E0C76AD38} - System32\Tasks\Norton AntiVirus\Norton Error Processor => C:\Program Files\Norton AntiVirus\Engine\20.4.0.40\SymErr.exe [2013-06-04] (Symantec Corporation)

Task: {C9F1382D-C1A8-4557-A52C-772061CC648A} - System32\Tasks\Norton WSC Integration => C:\Program Files\Norton AntiVirus\Engine\20.4.0.40\WSCStub.exe [2013-06-04] (Symantec Corporation)

Task: {CB635615-0F6F-497F-B906-7675FAD36FDC} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04] (Adobe Systems Incorporated)

Task: {E2E3258A-C0FA-4EDD-85B1-F94B943C8EBC} - System32\Tasks\Lexware-Online-Aktualisierungsprogramm => C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe [2011-07-31] (Haufe-Lexware GmbH & Co. KG)

Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-21] ()

Task: {FAC12C13-0A78-4560-B597-04F008C9BEFE} - System32\Tasks\Microsoft\Windows\Defrag\ManualDefrag => C:\Windows\system32\defrag.exe [2008-01-21] (Microsoft Corp.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
 

==================== Faulty Device Manager Devices =============
 

Name: Teredo Tunneling Pseudo-Interface

Description: Microsoft Tun-Miniportadapter

Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}

Manufacturer: Microsoft

Service: tunmp

Problem: : This device cannot start. (Code10)

Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.

On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
 

==================== Event log errors: =========================
 

Application errors:

==================

Error: (08/12/2013 10:57:52 AM) (Source: WinMgmt) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (08/11/2013 11:36:35 AM) (Source: WinMgmt) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (08/08/2013 09:09:26 AM) (Source: WinMgmt) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (08/07/2013 08:58:58 PM) (Source: WinMgmt) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (08/04/2013 03:15:14 PM) (Source: Application Error) (User: )

Description: Fehlerhafte Anwendung Iedit_.exe, Version 13.0.0.0, Zeitstempel 0x47203be5, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000, Ausnahmecode 0xc0000005, Fehleroffset 0x8b575655,

Prozess-ID 0x112c, Anwendungsstartzeit Iedit_.exe0.
 

Error: (08/04/2013 02:08:45 PM) (Source: WinMgmt) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (08/02/2013 03:59:33 PM) (Source: WinMgmt) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (08/01/2013 08:48:09 AM) (Source: WinMgmt) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (07/30/2013 08:55:37 PM) (Source: .NET Runtime) (User: )

Description: Anwendung: QBW32.exe

Frameworkversion: v4.0.30319

Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.

Ausnahmeinformationen: Ausnahmecode c0000005, Ausnahmeadresse 5A66287F

Stapel:
 

Error: (07/30/2013 08:55:34 PM) (Source: Application Error) (User: )

Description: Fehlerhafte Anwendung QBW32.exe, Version 26.10.4.51, Zeitstempel 0x514762f4, fehlerhaftes Modul Forms.dll, Version 26.10.4.51, Zeitstempel 0x51476309, Ausnahmecode 0xc0000005, Fehleroffset 0x0011287f,

Prozess-ID 0x%9, Anwendungsstartzeit QBW32.exe0.
 
 

System errors:

=============

Error: (08/12/2013 10:57:52 AM) (Source: Service Control Manager) (User: )

Description: Windows Search%%1053
 

Error: (08/12/2013 10:57:52 AM) (Source: Service Control Manager) (User: )

Description: 30000Windows Search
 

Error: (08/12/2013 10:57:52 AM) (Source: Service Control Manager) (User: )

Description: DgiVecp%%20
 

Error: (08/11/2013 11:36:35 AM) (Source: Service Control Manager) (User: )

Description: DgiVecp%%20
 

Error: (08/08/2013 09:09:28 AM) (Source: Service Control Manager) (User: )

Description: DgiVecp%%20
 

Error: (08/07/2013 11:08:53 PM) (Source: EventLog) (User: )

Description: Das System wurde zuvor am 07.08.2013 um 23:07:14 unerwartet heruntergefahren.
 

Error: (08/07/2013 08:58:58 PM) (Source: Service Control Manager) (User: )

Description: DgiVecp%%20
 

Error: (08/07/2013 08:57:34 PM) (Source: Print) (User: NT-AUTORITÄT)

Description: Der Druckspooler konnte den Drucker Samsung Network PC Fax nicht unter dem Namen Samsung Network PC Fax freigeben. Fehler: 2114. Der Drucker kann nicht von anderen Benutzern im Netzwerk verwendet werden.
 

Error: (08/04/2013 03:55:17 PM) (Source: cdrom) (User: )

Description: Fehlerhafter Block bei Gerät \Device\CdRom0.
 

Error: (08/04/2013 03:55:13 PM) (Source: cdrom) (User: )

Description: Fehlerhafter Block bei Gerät \Device\CdRom0.
 
 

Microsoft Office Sessions:

=========================

Error: (08/12/2013 10:57:52 AM) (Source: WinMgmt)(User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (08/11/2013 11:36:35 AM) (Source: WinMgmt)(User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (08/08/2013 09:09:26 AM) (Source: WinMgmt)(User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (08/07/2013 08:58:58 PM) (Source: WinMgmt)(User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (08/04/2013 03:15:14 PM) (Source: Application Error)(User: )

Description: Iedit_.exe13.0.0.047203be5unknown0.0.0.000000000c00000058b575655112c01ce910eaa8cb18e
 

Error: (08/04/2013 02:08:45 PM) (Source: WinMgmt)(User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (08/02/2013 03:59:33 PM) (Source: WinMgmt)(User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (08/01/2013 08:48:09 AM) (Source: WinMgmt)(User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (07/30/2013 08:55:37 PM) (Source: .NET Runtime)(User: )

Description: Anwendung: QBW32.exe

Frameworkversion: v4.0.30319

Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.

Ausnahmeinformationen: Ausnahmecode c0000005, Ausnahmeadresse 5A66287F

Stapel:
 

Error: (07/30/2013 08:55:34 PM) (Source: Application Error)(User: )

Description: QBW32.exe26.10.4.51514762f4Forms.dll26.10.4.5151476309c00000050011287f
 
 

CodeIntegrity Errors:

===================================

  Date: 2013-06-19 10:36:20.247

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\Temp\TEMP.^^^\SYMEVENT.SYS" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
 

  Date: 2013-06-19 10:36:19.857

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\Temp\TEMP.^^^\SYMEVENT.SYS" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
 

  Date: 2013-06-19 10:36:19.498

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\Temp\TEMP.^^^\SYMEVENT.SYS" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
 

  Date: 2013-06-19 10:36:19.171

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\Temp\TEMP.^^^\SYMEVENT.SYS" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
 

  Date: 2013-02-06 12:59:34.913

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Common Files\Spigot\Search Settings\wth157.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
 

  Date: 2013-02-06 12:59:34.417

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Common Files\Spigot\Search Settings\wth157.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
 

  Date: 2012-12-20 08:29:06.525

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Symantec\TEMP.^^^\SYMEVENT.SYS" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
 

  Date: 2012-12-20 08:29:06.220

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Symantec\TEMP.^^^\SYMEVENT.SYS" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
 

  Date: 2012-12-20 08:29:05.907

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Symantec\TEMP.^^^\SYMEVENT.SYS" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
 

  Date: 2012-12-20 08:29:05.589

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Symantec\TEMP.^^^\SYMEVENT.SYS" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
 
 

==================== Memory info =========================== 
 

Percentage of memory in use: 43%

Total physical RAM: 2813.62 MB

Available physical RAM: 1591.08 MB

Total Pagefile: 5849.69 MB

Available Pagefile: 4555.53 MB

Total Virtual: 2047.88 MB

Available Virtual: 1896.09 MB
 

==================== Drives ================================
 

Drive c: (ACER) (Fixed) (Total:342.08 GB) (Free:171.58 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

Drive e: (DATA) (Fixed) (Total:342.56 GB) (Free:314.27 GB) NTFS
 

==================== MBR & Partition Table ==================
 

========================================================

Disk: 0 (Size: 699 GB) (Disk ID: 0E80F1C7)

Partition 1: (Not Active) - (Size=14 GB) - (Type=27)

Partition 2: (Active) - (Size=342 GB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=343 GB) - (Type=07 NTFS)
 

==================== End Of Log ============================

Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

und ein frisches FRST log bitte.

Mal eben vorweg gefragt:
1. Mein Rechner kommt mir heute extrem langsam vor, liegt das nun an den ganzen Programmen, die ich wegen des vermeintlichen Trojaners laufen lasse?
2. Ich sichere meine Dokumente, Bilder, Musik und die ausgeführte Datensicherung von Lexware auf einer externen Festplatte. Ist die dann auch befallen?

Hier die Logs:

Code:

Malwarebytes Anti-Malware (Test) 1.75.0.1300

www.malwarebytes.org
 

Datenbank Version: v2013.08.14.02
 

Windows Vista Service Pack 2 x86 NTFS

Internet Explorer 9.0.8112.16421

Lütte :: LÜTTESPC [Administrator]
 

Schutz: Aktiviert
 

14.08.2013 12:38:40

mbam-log-2013-08-14 (12-38-40).txt
 

Art des Suchlaufs: Quick-Scan

Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM

Deaktivierte Suchlaufeinstellungen: P2P

Durchsuchte Objekte: 219960

Laufzeit: 8 Minute(n), 12 Sekunde(n)
 

Infizierte Speicherprozesse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungswerte: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateiobjekte der Registrierung: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien: 0

(Keine bösartigen Objekte gefunden)
 

(Ende)

Code:

# AdwCleaner v3.000 - Report created14/08/2013at12:57:57

# Updated 13/08/2013 by Xplode

# Operating System : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)

# Username : Lütte - LÜTTESPC

# Running from : C:\Users\Lütte\Downloads\adwcleaner (1).exe
 

***** [ Services ] *****
 

Service Deleted : Application Updater
 

***** [ Files / Folders ] *****
 

Folder Deleted : C:\Program Files\Application Updater

Folder Deleted : C:\Program Files\pdfforge Toolbar

Folder Deleted : C:\Program Files\Common Files\spigot

Folder Deleted : C:\Users\Lütte\AppData\LocalLow\pdfforge

Folder Deleted : C:\Users\Lütte\AppData\LocalLow\Search Settings

Folder Deleted : C:\Users\Lütte\AppData\Roaming\Systweak

File Deleted : C:\Windows\system32\roboot.exe
 

***** [ Shortcuts ] *****
 
 

***** [ Registry ] *****
 

Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [SearchSettings]

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B922D405-6D13-4A2B-AE89-08A030DA4402}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B922D405-6D13-4A2B-AE89-08A030DA4402}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B922D405-6D13-4A2B-AE89-08A030DA4402}

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{B922D405-6D13-4A2B-AE89-08A030DA4402}]

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{B922D405-6D13-4A2B-AE89-08A030DA4402}]

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{00000500-0000-0010-8000-00AA006D2EA4}

Key Deleted : HKCU\Software\pdfforge

Key Deleted : HKCU\Software\Search Settings

Key Deleted : HKCU\Software\systweak

Key Deleted : HKCU\Software\YahooPartnerToolbar

Key Deleted : HKCU\Software\AppDataLow\Software\pdfforge

Key Deleted : HKCU\Software\AppDataLow\Software\Search Settings

Key Deleted : HKLM\Software\Application Updater

Key Deleted : HKLM\Software\pdfforge

Key Deleted : HKLM\Software\Search Settings

Key Deleted : HKLM\Software\systweak

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{A0B139A7-E8D5-49E8-A7BF-12421E652208}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{BE7785D6-045F-44FB-A1E4-3FA555874415}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\RegClean Pro_is1
 

***** [ Browsers ] *****
 

-\\ Internet Explorer v9.0.8112.16496
 

Setting Reset : HKCU\Software\Microsoft\Internet Explorer\Main [Secondary Start Pages]
 

-\\ Mozilla Firefox v
 

File Deleted : C:\Users\Lütte\AppData\Roaming\Mozilla\Firefox\Profiles\u605vppl.default\Extensions\pdfforge@mybrowserbar.com

File Deleted : C:\Users\Lütte\AppData\Roaming\Mozilla\Firefox\Profiles\u605vppl.default\user.js
 

[ File : C:\Users\Lütte\AppData\Roaming\Mozilla\Firefox\Profiles\u605vppl.default\prefs.js ]
 

Line Deleted : user_pref("browser.newtabpage.blocked", "{\"7e3hV6mA2TZnfoyOfsk62A==\":1,\"Sw8Bteu2pv2kwzl/xtyFfw==\[...]
 

-\\ Google Chrome v28.0.1500.95
 
 

[ File : C:\Users\Lütte\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 

[OK] No bad entry found.
 

*************************
 

AdwCleaner[0].txt - [3515 octets] - [14/08/2013 12:57:57]
 

########## EOF - C:\AdwCleaner\AdwCleaner[0].txt - [3574 octets] ##########

Code:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 5.4.5 (08.13.2013:1)

OS: Windows Vista (TM) Home Premium x86

Ran by Ltte on 14.08.2013 at 13:05:02,44

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 

~~~ Services
 
 
 

~~~ Registry Values
 
 
 

~~~ Registry Keys
 
 
 

~~~ Files
 

Successfully deleted: [File] "C:\Windows\wininit.ini"
 
 
 

~~~ Folders
 

Successfully deleted: [Folder] "C:\Program Files\pc speed up"
 
 
 

~~~ Event Viewer Logs were cleared
 
 
 
 
 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on 14.08.2013 at 13:08:01,39

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-08-2013 02

Ran by Lütte (administrator) on 14-08-2013 13:12:52

Running from C:\Users\Lütte\Downloads

Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: German Standard

Internet Explorer Version 9

Boot Mode: Normal
 

==================== Processes (Whitelisted) ===================
 

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe

(Microsoft Corporation) C:\Windows\system32\SLsvc.exe

(CyberLink) C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(NewTech Infosystems, Inc.) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe

(Egis Incorporated) C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe

() C:\Program Files\Acer\Empowering Technology\Service\ETService.exe

(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe

(Symantec Corporation) C:\Program Files\Norton AntiVirus\Engine\20.4.0.40\ccSvcHst.exe

(NewTech InfoSystems, Inc.) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe

() C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe

() C:\Windows\system32\PSIService.exe

() C:\Program Files\CyberLink\Shared Files\RichVideo.exe

(Samsung Electronics Co., Ltd.) C:\Windows\system32\spool\drivers\w32x86\3\NetFaxServer.exe

(TeamViewer GmbH) C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe

() C:\Program Files\bin32\nSvcAppFlt.exe

() C:\Program Files\bin32\nSvcIp.exe

(Symantec Corporation) C:\Program Files\Norton AntiVirus\Engine\20.4.0.40\ccSvcHst.exe

(Google Inc.) C:\Program Files\Google\Update\1.3.21.153\GoogleCrashHandler.exe

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

(Microsoft Corporation) C:\Windows\system32\conime.exe

(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
 

==================== Registry (Whitelisted) ==================
 

HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation)

HKLM\...\Run: [RtHDVCpl] - C:\Windows\RtHDVCpl.exe [5369856 2008-03-26] (Realtek Semiconductor)

HKLM\...\Run: [Acer Empowering Technology Monitor] - C:\Program Files\Acer\Empowering Technology\SysMonitor.exe [319488 2008-04-25] ()

HKLM\...\Run: [eDataSecurity Loader] - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe [526896 2008-03-04] (Egis Incorporated)

HKLM\...\Run: [BkupTray] - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe [28672 2008-04-25] ()

HKLM\...\Run: [WarReg_PopUp] - C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe [303104 2008-01-29] (Acer Incorporated)

HKLM\...\Run: [PCMMediaSharing] - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe [204908 2008-05-20] ()

HKLM\...\Run: [CLX3180_Scan2Pc] - C:\Windows\Twain_32\Samsung\CLX3180\Scan2pc.exe [1990144 2011-04-29] ()

HKLM\...\Run: [EmpoweringTechnology] - C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe [319488 2008-04-25] ()

HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)

HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)

HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)

HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.)

HKLM\...\Run: [] -  [x]

HKLM\...\RunOnce: [Malwarebytes Anti-Malware] - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [532040 2013-04-04] (Malwarebytes Corporation)

HKCU\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)

HKCU\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)

HKCU\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\system32\Macromed\Flash\FlashUtil32_11_7_700_224_ActiveX.exe -update activex [814472 2013-06-18] (Adobe Systems Incorporated)

HKU\Default\...\Run: [WindowsWelcomeCenter] - C:\Windows\System32\oobefldr.dll [ 2009-04-11] (Microsoft Corporation)

HKU\Default\...\RunOnce: [RUN] - C:\Windows\Acer_Normal\run_DT.exe [ 2007-04-19] ()

HKU\Default User\...\Run: [WindowsWelcomeCenter] - C:\Windows\System32\oobefldr.dll [ 2009-04-11] (Microsoft Corporation)

HKU\Default User\...\RunOnce: [RUN] - C:\Windows\Acer_Normal\run_DT.exe [ 2007-04-19] ()

Startup: C:\Users\Lütte\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk

ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
 

==================== Internet (Whitelisted) ====================
 

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.1und1.de/links/home

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp32&d=1006&m=aspire_x3200

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com

HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.intl.acer.yahoo.com

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.intl.acer.yahoo.com

SearchScopes: HKLM - DefaultScope value is missing.

SearchScopes: HKCU - DefaultScope {24B29738-A4FD-40E7-8F80-F052DC9AF2B9} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=302398&p={searchTerms}

SearchScopes: HKCU - {0335C993-9A97-4739-BBBC-550D44D95BBB} URL = hxxp://go.1und1.de/suchbox/1und1suche?su={searchTerms}

SearchScopes: HKCU - {24B29738-A4FD-40E7-8F80-F052DC9AF2B9} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=302398&p={searchTerms}

SearchScopes: HKCU - {67BE73E8-423E-4A9D-BDC6-0E2233BA7EC9} URL = hxxp://go.1und1.de/suchbox/amazon?tag=1und1icon-21&field-keywords={searchTerms}

SearchScopes: HKCU - {DEE70BA0-8E22-425B-9CAE-311513D59C6D} URL = hxxp://go.web.de/suchbox/ebay?query={searchTerms}

BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\20.4.0.40\IPS\IPSBHO.DLL (Symantec Corporation)

BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.6.0_22\bin\jp2ssv.dll (Sun Microsystems, Inc.)

Toolbar: HKLM - Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)

Toolbar: HKCU -&Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\system32\ieframe.dll (Microsoft Corporation)

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)

Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)

Handler: msdaipp - No CLSID Value - 

Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)

Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)

Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
 

FireFox:

========

FF ProfilePath: C:\Users\Lütte\AppData\Roaming\Mozilla\Firefox\Profiles\u605vppl.default

FF Homepage: hxxp://www.google.de/

FF SelectedSearchEngine: Yahoo

FF Keyword.URL: hxxp://search.yahoo.com/search?ei=utf-8&fr=greentree_ff1&type=302398&ilc=12&p=

FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()

FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre1.6.0_22\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)

FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)

FF Plugin: @zylom.com/ZylomGamesPlayer - C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)

FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Plugin HKCU: @movenetworks.com/Quantum Media Player - C:\Users\Lütte\AppData\Roaming\Move Networks\plugins\071802000001\npqmp071802000001.dll (Move Networks)

FF Extension: No Name - C:\Users\Lütte\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}

FF Extension: No Name - C:\Users\Lütte\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}

FF Extension: Yahoo! Toolbar - C:\Users\Lütte\AppData\Roaming\Mozilla\Firefox\Profiles\u605vppl.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}

FF Extension: FoxLingo - C:\Users\Lütte\AppData\Roaming\Mozilla\Firefox\Profiles\u605vppl.default\Extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}

FF Extension: No Name - C:\Users\Lütte\AppData\Roaming\Mozilla\Firefox\Profiles\u605vppl.default\Extensions\sfStatistics.xml

FF Extension: No Name - C:\Users\Lütte\AppData\Roaming\Mozilla\Firefox\Profiles\u605vppl.default\Extensions\{097d3191-e6fa-4728-9826-b533d755359d}.xpi

FF Extension: No Name - C:\Users\Lütte\AppData\Roaming\Mozilla\Firefox\Profiles\u605vppl.default\Extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}.xpi

FF Extension: No Name - C:\Users\Lütte\AppData\Roaming\Mozilla\Firefox\Profiles\u605vppl.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

FF HKLM\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.0.24\IPSFFPlgn\

FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.0.24\IPSFFPlgn\
 

Chrome: 

=======

CHR HomePage: hxxp://go.1und1.de/links/home

CHR RestoreOnStartup: "https://www.google.com/"

CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}

CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}

CHR Plugin: (Shockwave Flash) - C:\Users\L\u00FCtte\AppData\Local\Google\Chrome\User Data\PepperFlash\11.7.700.202\pepflashplayer.dll No File

CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer

CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll No File

CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\26.0.1410.64\pdf.dll No File

CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)

CHR Plugin: (Java Deployment Toolkit 6.0.220.4) - C:\Program Files\Java\jre1.6.0_22\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.)

CHR Plugin: (Java(TM) Platform SE 6 U22) - C:\Program Files\Java\jre1.6.0_22\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

CHR Plugin: (Microsoft\u00AE Windows Media Player Firefox Plugin) - C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)

CHR Plugin: (Authorware Web Player) - C:\Program Files\Mozilla Firefox\plugins\np32asw.dll (Macromedia, Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll (Apple Inc.)

CHR Plugin: (Zylom Plugin) - C:\Program Files\Mozilla Firefox\plugins\npzylomgamesplayer.dll (Zylom)

CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File

CHR Plugin: (Magellan Plug-In) - C:\Program Files\Magellan\Magellan Communicator\npMgnPlg.dll No File

CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File

CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

CHR Plugin: (Move Media Player 7) - C:\Users\L\u00FCtte\AppData\Roaming\Move Networks\plugins\071802000001\npqmp071802000001.dll No File

CHR Plugin: (Windows Presentation Foundation) - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll No File

CHR Extension: (Docs) - C:\Users\LTTE~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0

CHR Extension: (Google Drive) - C:\Users\LTTE~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0

CHR Extension: (YouTube) - C:\Users\LTTE~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0

CHR Extension: (Google Search) - C:\Users\LTTE~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0

CHR Extension: (Gmail) - C:\Users\LTTE~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0

CHR StartMenuInternet: Google Chrome - C:\Program Files\Google\Chrome\Application\chrome.exe
 

========================== Services (Whitelisted) =================
 

R2 Acer HomeMedia Connect Service; C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [269448 2008-05-20] (CyberLink)

R2 BUNAgentSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [16384 2008-03-03] (NewTech Infosystems, Inc.)

R2 ETService; C:\Program Files\Acer\Empowering Technology\Service\ETService.exe [24576 2008-04-25] ()

R2 ForceWare Intelligent Application Manager (IAM); C:\Program Files\bin32\nSvcAppFlt.exe [598016 2008-01-29] ()

S2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)

S2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)

R2 NAV; C:\Program Files\Norton AntiVirus\Engine\20.4.0.40\diMaster.dll [556336 2013-05-30] (Symantec Corporation)

R2 nSvcIp; C:\Program Files\bin32\nSvcIp.exe [163840 2008-01-29] ()

R2 NTISchedulerSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [131072 2008-04-25] ()

R2 ProtexisLicensing; C:\Windows\system32\PSIService.exe [177704 2007-06-05] ()

R2 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [241734 2008-06-13] ()

R2 Samsung Network Fax Server; C:\Windows\system32\spool\drivers\w32x86\3\NetFaxServer.exe [175104 2011-04-28] (Samsung Electronics Co., Ltd.)
 

==================== Drivers (Whitelisted) ====================
 

R1 BHDrvx86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.0.24\Definitions\BASHDefs\20130715.001\BHDrvx86.sys [1002072 2013-05-31] (Symantec Corporation)

R1 ccSet_NAV; C:\Windows\system32\drivers\NAV\1404000.028\ccSetx86.sys [134744 2013-04-16] (Symantec Corporation)

S2 DgiVecp; C:\Windows\system32\Drivers\DgiVecp.sys [38400 2009-07-13] (Samsung Electronics Co., Ltd.)

R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376480 2012-08-10] (Symantec Corporation)

R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [106656 2012-08-10] (Symantec Corporation)

R1 IDSVix86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.0.24\Definitions\IPSDefs\20130813.001\IDSvix86.sys [386720 2012-12-21] (Symantec Corporation)

R2 int15; C:\Windows\system32\drivers\int15.sys [15392 2008-04-25] (Acer, Inc.)

R3 KMWDFILTER; C:\Windows\System32\DRIVERS\KMWDFILTER.sys [17408 2008-10-09] (Windows (R) Codename Longhorn DDK provider)

S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)

R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.0.24\Definitions\VirusDefs\20130813.021\NAVENG.SYS [93272 2013-05-23] (Symantec Corporation)

R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.0.24\Definitions\VirusDefs\20130813.021\NAVEX15.SYS [1611992 2013-05-23] (Symantec Corporation)

R3 SRTSP; C:\Windows\System32\Drivers\NAV\1404000.028\SRTSP.SYS [603224 2013-05-16] (Symantec Corporation)

R1 SRTSPX; C:\Windows\system32\drivers\NAV\1404000.028\SRTSPX.SYS [32344 2013-03-05] (Symantec Corporation)

R2 SSPORT; C:\Windows\system32\Drivers\SSPORT.sys [5120 2009-07-12] (Samsung Electronics)

R0 SymDS; C:\Windows\System32\drivers\NAV\1404000.028\SYMDS.SYS [367704 2013-05-21] (Symantec Corporation)

R0 SymEFA; C:\Windows\System32\drivers\NAV\1404000.028\SYMEFA.SYS [934488 2013-05-23] (Symantec Corporation)

R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [142496 2013-06-19] (Symantec Corporation)

R1 SymIRON; C:\Windows\system32\drivers\NAV\1404000.028\Ironx86.SYS [175264 2013-03-05] (Symantec Corporation)

R1 SYMTDIv; C:\Windows\System32\Drivers\NAV\1404000.028\SYMTDIV.SYS [352344 2013-04-25] (Symantec Corporation)

S3 IpInIp; system32\DRIVERS\ipinip.sys [x]

S3 lvpopflt; system32\DRIVERS\lvpopflt.sys [x]

S3 LVRS; system32\DRIVERS\lvrs.sys [x]

S3 LVUVC; system32\DRIVERS\lvuvc.sys [x]

S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]

S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]

S3 SYMDNS; \??\C:\Windows\system32\drivers\NAV\1000000.07D\SYMDNS.SYS [x]

S3 SYMFW; \SystemRoot\System32\Drivers\NAV\1008000.029\SYMFW.SYS [x]

S3 SYMNDISV; \SystemRoot\System32\Drivers\NAV\1008000.029\SYMNDISV.SYS [x]

S3 SYMREDRV; \??\C:\Windows\system32\drivers\NAV\1000000.07D\SYMREDRV.SYS [x]
 

==================== NetSvcs (Whitelisted) ===================
 
 

==================== One Month Created Files and Folders ========
 

2013-08-14 13:04 - 2013-08-14 13:04 - 01158897 _____ (Thisisu) C:\Users\Lütte\Downloads\JRT.exe

2013-08-14 13:04 - 2013-08-14 13:04 - 00000000 ____D C:\Windows\ERUNT

2013-08-14 12:57 - 2013-08-14 13:05 - 00000000 ____D C:\AdwCleaner

2013-08-14 12:56 - 2013-08-14 12:56 - 00800594 _____ C:\Users\Lütte\Downloads\adwcleaner (1).exe

2013-08-14 12:51 - 2013-08-14 12:51 - 00800594 _____ C:\Users\Lütte\Downloads\adwcleaner.exe

2013-08-14 12:35 - 2013-08-14 12:35 - 00000910 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2013-08-14 12:35 - 2013-08-14 12:35 - 00000000 ____D C:\Users\Lütte\AppData\Roaming\Malwarebytes

2013-08-14 12:35 - 2013-08-14 12:35 - 00000000 ____D C:\ProgramData\Malwarebytes

2013-08-14 12:35 - 2013-08-14 12:35 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware

2013-08-14 12:35 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2013-08-14 12:34 - 2013-08-14 12:34 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Lütte\Downloads\mbam-setup-1.75.0.1300.exe

2013-08-13 10:57 - 2013-08-13 10:57 - 00714352 _____ C:\Users\Lütte\Downloads\ZipOpenerSetup.exe

2013-08-13 10:10 - 2013-08-14 10:25 - 00000000 ____D C:\Users\Lütte\Documents\Buttons

2013-08-12 11:27 - 2013-08-12 11:27 - 00377856 _____ C:\Users\Lütte\Downloads\gmer_2.1.19163.exe

2013-08-12 11:18 - 2013-08-12 11:18 - 00029984 _____ C:\Users\Lütte\Desktop\FRST.txt

2013-08-12 11:18 - 2013-08-12 11:18 - 00021128 _____ C:\Users\Lütte\Desktop\Addition.txt

2013-08-12 11:12 - 2013-08-12 11:17 - 00021128 _____ C:\Users\Lütte\Downloads\Addition.txt

2013-08-12 11:11 - 2013-08-12 11:11 - 00000000 ____D C:\FRST

2013-08-12 11:10 - 2013-08-12 11:10 - 01068593 _____ (Farbar) C:\Users\Lütte\Downloads\FRST.exe

2013-08-12 11:08 - 2013-08-12 11:08 - 00000472 _____ C:\Users\Lütte\Desktop\defogger_disable.log

2013-08-12 11:08 - 2013-08-12 11:08 - 00000000 _____ C:\Users\Lütte\defogger_reenable

2013-08-12 11:06 - 2013-08-12 11:06 - 00050477 _____ C:\Users\Lütte\Downloads\Defogger.exe

2013-08-12 11:06 - 2013-08-12 11:06 - 00000680 _____ C:\Users\LTTE~1\AppData\Local\d3d9caps.dat

2013-08-08 09:49 - 2013-08-08 11:04 - 00000000 ____D C:\Program Files\Mozilla Thunderbird

2013-08-07 23:08 - 2013-08-07 23:08 - 00139352 _____ C:\Windows\Minidump\Mini080713-01.dmp

2013-08-07 22:15 - 2013-08-07 22:15 - 00010227 _____ C:\Users\Lütte\Downloads\Cuxnatur_Geocaching_Kuestenwald.gpx

2013-08-07 22:13 - 2013-08-07 22:13 - 00010344 _____ C:\Users\Lütte\Downloads\Cuxnatur_Geocaching_Kuestenheide.gpx

2013-08-07 21:06 - 2013-08-07 21:06 - 00368128 _____ C:\Users\Lütte\Downloads\Einladung_Geocaching_Kindergeburtstag (1).ppt

2013-08-04 14:16 - 2013-08-04 14:16 - 00368128 _____ C:\Users\Lütte\Downloads\Einladung_Geocaching_Kindergeburtstag.ppt

2013-07-24 14:22 - 2013-07-24 14:22 - 00139352 _____ C:\Windows\Minidump\Mini072413-01.dmp

2013-07-15 10:12 - 2013-05-29 03:56 - 12333568 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2013-07-15 10:12 - 2013-05-29 03:50 - 01800704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2013-07-15 10:12 - 2013-05-29 03:48 - 09738752 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2013-07-15 10:12 - 2013-05-29 03:41 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2013-07-15 10:12 - 2013-05-29 03:41 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2013-07-15 10:12 - 2013-05-29 03:41 - 01104384 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2013-07-15 10:12 - 2013-05-29 03:40 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll

2013-07-15 10:12 - 2013-05-29 03:38 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2013-07-15 10:12 - 2013-05-29 03:37 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2013-07-15 10:12 - 2013-05-29 03:36 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2013-07-15 10:12 - 2013-05-29 03:35 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll

2013-07-15 10:12 - 2013-05-29 03:35 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2013-07-15 10:12 - 2013-05-29 03:33 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2013-07-15 10:12 - 2013-05-29 03:33 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2013-07-15 10:12 - 2013-05-29 03:33 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2013-07-15 10:12 - 2013-05-29 03:29 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
 

==================== One Month Modified Files and Folders =======
 

2013-08-14 13:08 - 2013-08-14 13:08 - 00000756 _____ C:\Users\Lütte\Desktop\JRT.txt

2013-08-14 13:05 - 2013-08-14 12:57 - 00000000 ____D C:\AdwCleaner

2013-08-14 13:04 - 2013-08-14 13:04 - 01158897 _____ (Thisisu) C:\Users\Lütte\Downloads\JRT.exe

2013-08-14 13:04 - 2013-08-14 13:04 - 00000000 ____D C:\Windows\ERUNT

2013-08-14 13:02 - 2013-05-16 11:44 - 00001096 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2013-08-14 12:56 - 2013-08-14 12:56 - 00800594 _____ C:\Users\Lütte\Downloads\adwcleaner (1).exe

2013-08-14 12:53 - 2012-04-11 11:10 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job

2013-08-14 12:51 - 2013-08-14 12:51 - 00800594 _____ C:\Users\Lütte\Downloads\adwcleaner.exe

2013-08-14 12:35 - 2013-08-14 12:35 - 00000910 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2013-08-14 12:35 - 2013-08-14 12:35 - 00000000 ____D C:\Users\Lütte\AppData\Roaming\Malwarebytes

2013-08-14 12:35 - 2013-08-14 12:35 - 00000000 ____D C:\ProgramData\Malwarebytes

2013-08-14 12:35 - 2013-08-14 12:35 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware

2013-08-14 12:34 - 2013-08-14 12:34 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Lütte\Downloads\mbam-setup-1.75.0.1300.exe

2013-08-14 11:41 - 2006-11-02 14:47 - 00003216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

2013-08-14 11:41 - 2006-11-02 14:47 - 00003216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

2013-08-14 11:38 - 2006-10-12 00:36 - 02000750 _____ C:\Windows\WindowsUpdate.log

2013-08-14 10:25 - 2013-08-13 10:10 - 00000000 ____D C:\Users\Lütte\Documents\Buttons

2013-08-14 10:17 - 2011-10-22 14:45 - 00000030 _____ C:\Windows\Iedit_.INI

2013-08-14 10:02 - 2013-05-16 11:44 - 00001092 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2013-08-14 09:41 - 2008-05-09 11:54 - 00000147 _____ C:\Windows\system32\agent.log

2013-08-14 09:41 - 2008-01-21 04:47 - 04825148 _____ C:\Windows\PFRO.log

2013-08-14 09:41 - 2006-11-02 15:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT

2013-08-14 09:41 - 2006-10-12 00:52 - 00000000 _____ C:\Windows\system32\LogConfigTemp.xml

2013-08-13 21:02 - 2006-11-02 15:01 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT

2013-08-13 12:25 - 2006-11-02 14:37 - 00000000 ___RD C:\Users\Public\Recorded TV

2013-08-13 10:57 - 2013-08-13 10:57 - 00714352 _____ C:\Users\Lütte\Downloads\ZipOpenerSetup.exe

2013-08-13 09:19 - 2012-07-30 08:08 - 00000000 ____D C:\Users\Lütte\AppData\Roaming\Dropbox

2013-08-13 09:09 - 2012-07-30 08:10 - 00000000 ___RD C:\Users\Lütte\Dropbox

2013-08-12 11:59 - 2011-05-22 17:45 - 00000000 ____D C:\Users\LTTE~1\AppData\Local\CrashDumps

2013-08-12 11:27 - 2013-08-12 11:27 - 00377856 _____ C:\Users\Lütte\Downloads\gmer_2.1.19163.exe

2013-08-12 11:18 - 2013-08-12 11:18 - 00029984 _____ C:\Users\Lütte\Desktop\FRST.txt

2013-08-12 11:18 - 2013-08-12 11:18 - 00021128 _____ C:\Users\Lütte\Desktop\Addition.txt

2013-08-12 11:17 - 2013-08-12 11:12 - 00021128 _____ C:\Users\Lütte\Downloads\Addition.txt

2013-08-12 11:11 - 2013-08-12 11:11 - 00000000 ____D C:\FRST

2013-08-12 11:10 - 2013-08-12 11:10 - 01068593 _____ (Farbar) C:\Users\Lütte\Downloads\FRST.exe

2013-08-12 11:08 - 2013-08-12 11:08 - 00000472 _____ C:\Users\Lütte\Desktop\defogger_disable.log

2013-08-12 11:08 - 2013-08-12 11:08 - 00000000 _____ C:\Users\Lütte\defogger_reenable

2013-08-12 11:08 - 2009-09-27 10:37 - 00000000 ____D C:\Users\Lütte

2013-08-12 11:06 - 2013-08-12 11:06 - 00050477 _____ C:\Users\Lütte\Downloads\Defogger.exe

2013-08-12 11:06 - 2013-08-12 11:06 - 00000680 _____ C:\Users\LTTE~1\AppData\Local\d3d9caps.dat

2013-08-11 11:34 - 2012-05-06 12:47 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service

2013-08-11 11:34 - 2009-10-26 15:51 - 00000000 ____D C:\Program Files\WinRAR

2013-08-08 11:04 - 2013-08-08 09:49 - 00000000 ____D C:\Program Files\Mozilla Thunderbird

2013-08-08 09:23 - 2010-07-17 19:06 - 00000000 ____D C:\ProgramData\maxdome

2013-08-08 09:23 - 2010-07-17 19:05 - 00000000 ____D C:\Program Files\maxdome

2013-08-07 23:08 - 2013-08-07 23:08 - 00139352 _____ C:\Windows\Minidump\Mini080713-01.dmp

2013-08-07 23:08 - 2013-05-27 13:16 - 361623707 _____ C:\Windows\MEMORY.DMP

2013-08-07 23:08 - 2009-09-29 08:32 - 00000000 ____D C:\Windows\Minidump

2013-08-07 22:15 - 2013-08-07 22:15 - 00010227 _____ C:\Users\Lütte\Downloads\Cuxnatur_Geocaching_Kuestenwald.gpx

2013-08-07 22:13 - 2013-08-07 22:13 - 00010344 _____ C:\Users\Lütte\Downloads\Cuxnatur_Geocaching_Kuestenheide.gpx

2013-08-07 21:06 - 2013-08-07 21:06 - 00368128 _____ C:\Users\Lütte\Downloads\Einladung_Geocaching_Kindergeburtstag (1).ppt

2013-08-04 14:16 - 2013-08-04 14:16 - 00368128 _____ C:\Users\Lütte\Downloads\Einladung_Geocaching_Kindergeburtstag.ppt

2013-08-01 09:12 - 2008-01-21 09:16 - 01459222 _____ C:\Windows\system32\PerfStringBackup.INI

2013-08-01 09:09 - 2013-04-28 12:01 - 00002388 _____ C:\Windows\setupact.log

2013-07-30 22:28 - 2013-06-25 21:24 - 00000031 _____ C:\Windows\DeskCalc.INI

2013-07-24 14:22 - 2013-07-24 14:22 - 00139352 _____ C:\Windows\Minidump\Mini072413-01.dmp

2013-07-24 14:19 - 2012-06-22 11:40 - 00000000 ____D C:\Users\Lütte\Documents\Badgematic

2013-07-16 10:56 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\Microsoft.NET

2013-07-15 15:59 - 2009-10-08 20:50 - 00000000 ____D C:\Program Files\Microsoft Silverlight

2013-07-15 15:59 - 2006-11-02 14:47 - 00382424 _____ C:\Windows\system32\FNTCACHE.DAT

2013-07-15 15:55 - 2006-11-02 14:37 - 00000000 ____D C:\Windows\system32\XPSViewer

2013-07-15 10:14 - 2006-11-02 12:24 - 75699896 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe

2013-07-15 10:00 - 2006-11-02 14:37 - 00000000 ____D C:\Program Files\Windows Journal
 

==================== Bamital & volsnap Check =================
 

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 

LastRegBack: 2013-08-14 09:49
 

==================== End Of Log ============================

--- --- ---

Rechner SPeed schauen wir im Anschluss, Externe wird jetzt gescannt :)

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)

Moin Schrauber,

hat ein wenig länger gedauert bei mir. Aber nun kommen endlich die nächsten Berichte:

Code:

ESETSmartInstaller@High as downloader log:

all ok

# version=8

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6920

# api_version=3.0.2

# EOSSerial=7b835d640ab4454eadb46db6831c77cc

# engine=14875

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=false

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2013-08-23 02:05:21

# local_time=2013-08-23 04:05:21 (+0100, Mitteleuropäische Sommerzeit)

# country="Germany"

# lang=1033

# osver=6.0.6002 NT Service Pack 2

# compatibility_mode=3590 16777213 100 90 3392013 196284907 0 0

# compatibility_mode=5892 16776574 100 100 81028559 214799449 0 0

# scanned=372647

# found=3

# cleaned=0

# scan_time=13057

sh=6FF9A8FC04CDED6DEE572873FA4B27EC0EF4ACCF ft=0 fh=0000000000000000 vn="INF/Autorun.gen worm" ac=I fn="C:\Program Files\Acer Arcade Live\Acer HomeMedia Trial Creator\Export\SoftDMA_Trial\Autorun.inf"

sh=B9D3F35109C9A6BCF774A7AC69BF859986F77213 ft=0 fh=0000000000000000 vn="a variant of Java/Exploit.CVE-2012-0507.AG trojan" ac=I fn="C:\Users\Lütte\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62\28ae7e-341ed138"

sh=F1157E55D1B777A857B711014BD2888E3472576D ft=1 fh=41fbb2820be21b47 vn="Win32/Adware.Ascentive application" ac=I fn="C:\Windows\System32\AscConTest.dll"

ESETSmartInstaller@High as downloader log:

all ok

# version=8

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6920

# api_version=3.0.2

# EOSSerial=7b835d640ab4454eadb46db6831c77cc

# engine=14881

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=false

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2013-08-23 08:14:45

# local_time=2013-08-23 10:14:45 (+0100, Mitteleuropäische Sommerzeit)

# country="Germany"

# lang=1033

# osver=6.0.6002 NT Service Pack 2

# compatibility_mode=3590 16777213 100 90 3414177 196307071 0 0

# compatibility_mode=5892 16776574 100 100 81054323 214821613 0 0

# scanned=372660

# found=3

# cleaned=0

# scan_time=9522

sh=6FF9A8FC04CDED6DEE572873FA4B27EC0EF4ACCF ft=0 fh=0000000000000000 vn="INF/Autorun.gen worm" ac=I fn="C:\Program Files\Acer Arcade Live\Acer HomeMedia Trial Creator\Export\SoftDMA_Trial\Autorun.inf"

sh=B9D3F35109C9A6BCF774A7AC69BF859986F77213 ft=0 fh=0000000000000000 vn="a variant of Java/Exploit.CVE-2012-0507.AG trojan" ac=I fn="C:\Users\Lütte\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62\28ae7e-341ed138"

sh=F1157E55D1B777A857B711014BD2888E3472576D ft=1 fh=41fbb2820be21b47 vn="Win32/Adware.Ascentive application" ac=I fn="C:\Windows\System32\AscConTest.dll"

Code:

Results of screen317's Security Check version 0.99.72  

 Windows Vista Service Pack 2 x86 (UAC is enabled)  

 Internet Explorer 9  

 Internet Explorer 8  
 ``````````````Antivirus/Firewall Check:`````````````` 

Norton AntiVirus Online   

 WMI entry may not exist for antivirus; attempting automatic update. 
 `````````Anti-malware/Other Utilities Check:````````` 

 Malwarebytes Anti-Malware Version 1.75.0.1300  

 Java(TM) 6 Update 22  

 Java version out of Date! 

 Adobe Flash Player         11.8.800.94  

 Adobe Reader 10.1.7 Adobe Reader out of Date!  

 Mozilla Thunderbird (17.0.8) 

 Google Chrome 28.0.1500.72  

 Google Chrome 28.0.1500.95  
 ````````Process Check: objlist.exe by Laurent````````  

 Norton ccSvcHst.exe 

 Malwarebytes Anti-Malware mbamservice.exe  

 Malwarebytes Anti-Malware mbamgui.exe  

 Norton AntiVirus Engine 20.4.0.40 ccSvcHst.exe 
 `````````````````System Health check````````````````` 

 Total Fragmentation on Drive C:  % 
 ````````````````````End of Log``````````````````````

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-08-2013 02 (ATTENTION: ====> FRST version is 13 days old and could be outdated)

Ran by Lütte (administrator) on 24-08-2013 13:33:29

Running from C:\Users\Lütte\Downloads

Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: German Standard

Internet Explorer Version 9

Boot Mode: Normal
 

==================== Processes (Whitelisted) ===================
 

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe

(Microsoft Corporation) C:\Windows\system32\SLsvc.exe

(CyberLink) C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(NewTech Infosystems, Inc.) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe

(Egis Incorporated) C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe

() C:\Program Files\Acer\Empowering Technology\Service\ETService.exe

(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe

(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

(Symantec Corporation) C:\Program Files\Norton AntiVirus\Engine\20.4.0.40\ccSvcHst.exe

(NewTech InfoSystems, Inc.) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe

() C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe

() C:\Windows\system32\PSIService.exe

() C:\Program Files\CyberLink\Shared Files\RichVideo.exe

(Samsung Electronics Co., Ltd.) C:\Windows\system32\spool\drivers\w32x86\3\NetFaxServer.exe

(TeamViewer GmbH) C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe

() C:\Program Files\bin32\nSvcAppFlt.exe

() C:\Program Files\bin32\nSvcIp.exe

(Google Inc.) C:\Program Files\Google\Update\1.3.21.153\GoogleCrashHandler.exe

(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe

() C:\Program Files\Acer\Empowering Technology\SysMonitor.exe

(Egis Incorporated) C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe

() C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe

(Symantec Corporation) C:\Program Files\Norton AntiVirus\Engine\20.4.0.40\ccSvcHst.exe

() C:\Windows\twain_32\Samsung\CLX3180\Scan2Pc.exe

() C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe

(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe

(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe

(Microsoft Corporation) C:\Windows\ehome\ehtray.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

(Microsoft Corporation) C:\Windows\system32\conime.exe

(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
 

==================== Registry (Whitelisted) ==================
 

HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation)

HKLM\...\Run: [RtHDVCpl] - C:\Windows\RtHDVCpl.exe [5369856 2008-03-26] (Realtek Semiconductor)

HKLM\...\Run: [Acer Empowering Technology Monitor] - C:\Program Files\Acer\Empowering Technology\SysMonitor.exe [319488 2008-04-25] ()

HKLM\...\Run: [eDataSecurity Loader] - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe [526896 2008-03-04] (Egis Incorporated)

HKLM\...\Run: [BkupTray] - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe [28672 2008-04-25] ()

HKLM\...\Run: [WarReg_PopUp] - C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe [303104 2008-01-29] (Acer Incorporated)

HKLM\...\Run: [PCMMediaSharing] - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe [204908 2008-05-20] ()

HKLM\...\Run: [CLX3180_Scan2Pc] - C:\Windows\Twain_32\Samsung\CLX3180\Scan2pc.exe [1990144 2011-04-29] ()

HKLM\...\Run: [EmpoweringTechnology] - C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe [319488 2008-04-25] ()

HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)

HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)

HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)

HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.)

HKLM\...\Run: [] -  [x]

HKCU\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)

HKCU\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)

HKU\Default\...\Run: [WindowsWelcomeCenter] - C:\Windows\System32\oobefldr.dll [ 2009-04-11] (Microsoft Corporation)

HKU\Default\...\RunOnce: [RUN] - C:\Windows\Acer_Normal\run_DT.exe [ 2007-04-19] ()

HKU\Default User\...\Run: [WindowsWelcomeCenter] - C:\Windows\System32\oobefldr.dll [ 2009-04-11] (Microsoft Corporation)

HKU\Default User\...\RunOnce: [RUN] - C:\Windows\Acer_Normal\run_DT.exe [ 2007-04-19] ()

Startup: C:\Users\Lütte\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk

ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
 

==================== Internet (Whitelisted) ====================
 

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.1und1.de/links/home

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp32&d=1006&m=aspire_x3200

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com

HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.intl.acer.yahoo.com

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.intl.acer.yahoo.com

SearchScopes: HKLM - DefaultScope value is missing.

SearchScopes: HKCU - DefaultScope {24B29738-A4FD-40E7-8F80-F052DC9AF2B9} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=302398&p={searchTerms}

SearchScopes: HKCU - {0335C993-9A97-4739-BBBC-550D44D95BBB} URL = hxxp://go.1und1.de/suchbox/1und1suche?su={searchTerms}

SearchScopes: HKCU - {24B29738-A4FD-40E7-8F80-F052DC9AF2B9} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=302398&p={searchTerms}

SearchScopes: HKCU - {67BE73E8-423E-4A9D-BDC6-0E2233BA7EC9} URL = hxxp://go.1und1.de/suchbox/amazon?tag=1und1icon-21&field-keywords={searchTerms}

SearchScopes: HKCU - {DEE70BA0-8E22-425B-9CAE-311513D59C6D} URL = hxxp://go.web.de/suchbox/ebay?query={searchTerms}

BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\20.4.0.40\IPS\IPSBHO.DLL (Symantec Corporation)

BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.6.0_22\bin\jp2ssv.dll (Sun Microsystems, Inc.)

Toolbar: HKLM - Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)

Toolbar: HKCU -&Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\system32\ieframe.dll (Microsoft Corporation)

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)

Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)

Handler: msdaipp - No CLSID Value - 

Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)

Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)

Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
 

FireFox:

========

FF ProfilePath: C:\Users\Lütte\AppData\Roaming\Mozilla\Firefox\Profiles\u605vppl.default

FF Homepage: hxxp://www.google.de/

FF SelectedSearchEngine: Yahoo

FF Keyword.URL: hxxp://search.yahoo.com/search?ei=utf-8&fr=greentree_ff1&type=302398&ilc=12&p=

FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll ()

FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre1.6.0_22\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)

FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)

FF Plugin: @zylom.com/ZylomGamesPlayer - C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)

FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Plugin HKCU: @movenetworks.com/Quantum Media Player - C:\Users\Lütte\AppData\Roaming\Move Networks\plugins\071802000001\npqmp071802000001.dll (Move Networks)

FF Extension: No Name - C:\Users\Lütte\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}

FF Extension: No Name - C:\Users\Lütte\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}

FF Extension: Yahoo! Toolbar - C:\Users\Lütte\AppData\Roaming\Mozilla\Firefox\Profiles\u605vppl.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}

FF Extension: FoxLingo - C:\Users\Lütte\AppData\Roaming\Mozilla\Firefox\Profiles\u605vppl.default\Extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}

FF Extension: No Name - C:\Users\Lütte\AppData\Roaming\Mozilla\Firefox\Profiles\u605vppl.default\Extensions\sfStatistics.xml

FF Extension: No Name - C:\Users\Lütte\AppData\Roaming\Mozilla\Firefox\Profiles\u605vppl.default\Extensions\{097d3191-e6fa-4728-9826-b533d755359d}.xpi

FF Extension: No Name - C:\Users\Lütte\AppData\Roaming\Mozilla\Firefox\Profiles\u605vppl.default\Extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}.xpi

FF Extension: No Name - C:\Users\Lütte\AppData\Roaming\Mozilla\Firefox\Profiles\u605vppl.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

FF HKLM\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.0.24\IPSFFPlgn\

FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.0.24\IPSFFPlgn\
 

Chrome: 

=======

CHR HomePage: hxxp://go.1und1.de/links/home

CHR RestoreOnStartup: "https://www.google.com/"

CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}

CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}

CHR Plugin: (Shockwave Flash) - C:\Users\L\u00FCtte\AppData\Local\Google\Chrome\User Data\PepperFlash\11.7.700.202\pepflashplayer.dll No File

CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer

CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll No File

CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\26.0.1410.64\pdf.dll No File

CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)

CHR Plugin: (Java Deployment Toolkit 6.0.220.4) - C:\Program Files\Java\jre1.6.0_22\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.)

CHR Plugin: (Java(TM) Platform SE 6 U22) - C:\Program Files\Java\jre1.6.0_22\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

CHR Plugin: (Microsoft\u00AE Windows Media Player Firefox Plugin) - C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)

CHR Plugin: (Authorware Web Player) - C:\Program Files\Mozilla Firefox\plugins\np32asw.dll (Macromedia, Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll (Apple Inc.)

CHR Plugin: (Zylom Plugin) - C:\Program Files\Mozilla Firefox\plugins\npzylomgamesplayer.dll (Zylom)

CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File

CHR Plugin: (Magellan Plug-In) - C:\Program Files\Magellan\Magellan Communicator\npMgnPlg.dll No File

CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File

CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

CHR Plugin: (Move Media Player 7) - C:\Users\L\u00FCtte\AppData\Roaming\Move Networks\plugins\071802000001\npqmp071802000001.dll No File

CHR Plugin: (Windows Presentation Foundation) - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll No File

CHR Extension: (Docs) - C:\Users\LTTE~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0

CHR Extension: (Google Drive) - C:\Users\LTTE~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0

CHR Extension: (YouTube) - C:\Users\LTTE~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0

CHR Extension: (Google Search) - C:\Users\LTTE~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0

CHR Extension: (Gmail) - C:\Users\LTTE~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0

CHR StartMenuInternet: Google Chrome - C:\Program Files\Google\Chrome\Application\chrome.exe
 

========================== Services (Whitelisted) =================
 

R2 Acer HomeMedia Connect Service; C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [269448 2008-05-20] (CyberLink)

R2 BUNAgentSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [16384 2008-03-03] (NewTech Infosystems, Inc.)

R2 ETService; C:\Program Files\Acer\Empowering Technology\Service\ETService.exe [24576 2008-04-25] ()

R2 ForceWare Intelligent Application Manager (IAM); C:\Program Files\bin32\nSvcAppFlt.exe [598016 2008-01-29] ()

S2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)

R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)

R2 NAV; C:\Program Files\Norton AntiVirus\Engine\20.4.0.40\diMaster.dll [556336 2013-05-30] (Symantec Corporation)

R2 nSvcIp; C:\Program Files\bin32\nSvcIp.exe [163840 2008-01-29] ()

R2 NTISchedulerSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [131072 2008-04-25] ()

R2 ProtexisLicensing; C:\Windows\system32\PSIService.exe [177704 2007-06-05] ()

R2 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [241734 2008-06-13] ()

R2 Samsung Network Fax Server; C:\Windows\system32\spool\drivers\w32x86\3\NetFaxServer.exe [175104 2011-04-28] (Samsung Electronics Co., Ltd.)
 

==================== Drivers (Whitelisted) ====================
 

R1 BHDrvx86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.0.24\Definitions\BASHDefs\20130715.001\BHDrvx86.sys [1002072 2013-05-31] (Symantec Corporation)

R1 ccSet_NAV; C:\Windows\system32\drivers\NAV\1404000.028\ccSetx86.sys [134744 2013-04-16] (Symantec Corporation)

S2 DgiVecp; C:\Windows\system32\Drivers\DgiVecp.sys [38400 2009-07-13] (Samsung Electronics Co., Ltd.)

R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376480 2013-04-23] (Symantec Corporation)

R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [106656 2012-08-10] (Symantec Corporation)

R1 IDSVix86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.0.24\Definitions\IPSDefs\20130823.001\IDSvix86.sys [392792 2013-08-23] (Symantec Corporation)

R2 int15; C:\Windows\system32\drivers\int15.sys [15392 2008-04-25] (Acer, Inc.)

R3 KMWDFILTER; C:\Windows\System32\DRIVERS\KMWDFILTER.sys [17408 2008-10-09] (Windows (R) Codename Longhorn DDK provider)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)

R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.0.24\Definitions\VirusDefs\20130823.019\NAVENG.SYS [93272 2013-05-23] (Symantec Corporation)

R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.0.24\Definitions\VirusDefs\20130823.019\NAVEX15.SYS [1611992 2013-05-23] (Symantec Corporation)

R3 SRTSP; C:\Windows\System32\Drivers\NAV\1404000.028\SRTSP.SYS [603224 2013-05-16] (Symantec Corporation)

R1 SRTSPX; C:\Windows\system32\drivers\NAV\1404000.028\SRTSPX.SYS [32344 2013-03-05] (Symantec Corporation)

R2 SSPORT; C:\Windows\system32\Drivers\SSPORT.sys [5120 2009-07-12] (Samsung Electronics)

R0 SymDS; C:\Windows\System32\drivers\NAV\1404000.028\SYMDS.SYS [367704 2013-05-21] (Symantec Corporation)

R0 SymEFA; C:\Windows\System32\drivers\NAV\1404000.028\SYMEFA.SYS [934488 2013-05-23] (Symantec Corporation)

R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [142496 2013-06-19] (Symantec Corporation)

R1 SymIRON; C:\Windows\system32\drivers\NAV\1404000.028\Ironx86.SYS [175264 2013-03-05] (Symantec Corporation)

R1 SYMTDIv; C:\Windows\System32\Drivers\NAV\1404000.028\SYMTDIV.SYS [352344 2013-04-25] (Symantec Corporation)

S3 IpInIp; system32\DRIVERS\ipinip.sys [x]

S3 lvpopflt; system32\DRIVERS\lvpopflt.sys [x]

S3 LVRS; system32\DRIVERS\lvrs.sys [x]

S3 LVUVC; system32\DRIVERS\lvuvc.sys [x]

S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]

S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]

S3 SYMDNS; \??\C:\Windows\system32\drivers\NAV\1000000.07D\SYMDNS.SYS [x]

S3 SYMFW; \SystemRoot\System32\Drivers\NAV\1008000.029\SYMFW.SYS [x]

S3 SYMNDISV; \SystemRoot\System32\Drivers\NAV\1008000.029\SYMNDISV.SYS [x]

S3 SYMREDRV; \??\C:\Windows\system32\drivers\NAV\1000000.07D\SYMREDRV.SYS [x]
 

==================== NetSvcs (Whitelisted) ===================
 
 

==================== One Month Created Files and Folders ========
 

2013-08-23 19:31 - 2013-08-23 19:32 - 02347384 _____ (ESET) C:\Users\Lütte\Downloads\esetsmartinstaller_enu (1).exe

2013-08-23 12:23 - 2013-08-23 12:23 - 02347384 _____ (ESET) C:\Users\Lütte\Downloads\esetsmartinstaller_enu.exe

2013-08-15 08:41 - 2013-08-15 08:44 - 00000000 ____D C:\Windows\system32\MRT

2013-08-15 08:31 - 2013-07-25 04:40 - 12334080 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2013-08-15 08:31 - 2013-07-25 04:32 - 01800704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2013-08-15 08:31 - 2013-07-25 04:30 - 09738752 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2013-08-15 08:31 - 2013-07-25 04:26 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2013-08-15 08:31 - 2013-07-25 04:26 - 01104384 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2013-08-15 08:31 - 2013-07-25 04:25 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2013-08-15 08:31 - 2013-07-25 04:24 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll

2013-08-15 08:31 - 2013-07-25 04:24 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2013-08-15 08:31 - 2013-07-25 04:23 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2013-08-15 08:31 - 2013-07-25 04:23 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll

2013-08-15 08:31 - 2013-07-25 04:23 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2013-08-15 08:31 - 2013-07-25 04:23 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2013-08-15 08:31 - 2013-07-25 04:23 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2013-08-15 08:31 - 2013-07-25 04:22 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2013-08-15 08:31 - 2013-07-25 04:22 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2013-08-15 08:31 - 2013-07-25 04:22 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2013-08-14 13:08 - 2013-08-14 13:08 - 00000756 _____ C:\Users\Lütte\Desktop\JRT.txt

2013-08-14 13:04 - 2013-08-14 13:04 - 01158897 _____ (Thisisu) C:\Users\Lütte\Downloads\JRT.exe

2013-08-14 13:04 - 2013-08-14 13:04 - 00000000 ____D C:\Windows\ERUNT

2013-08-14 12:57 - 2013-08-14 13:05 - 00000000 ____D C:\AdwCleaner

2013-08-14 12:56 - 2013-08-14 12:56 - 00800594 _____ C:\Users\Lütte\Downloads\adwcleaner (1).exe

2013-08-14 12:51 - 2013-08-14 12:51 - 00800594 _____ C:\Users\Lütte\Downloads\adwcleaner.exe

2013-08-14 12:35 - 2013-08-14 12:35 - 00000910 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2013-08-14 12:35 - 2013-08-14 12:35 - 00000000 ____D C:\Users\Lütte\AppData\Roaming\Malwarebytes

2013-08-14 12:35 - 2013-08-14 12:35 - 00000000 ____D C:\ProgramData\Malwarebytes

2013-08-14 12:35 - 2013-08-14 12:35 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware

2013-08-14 12:35 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2013-08-14 12:34 - 2013-08-14 12:34 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Lütte\Downloads\mbam-setup-1.75.0.1300.exe

2013-08-14 09:55 - 2013-07-17 21:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll

2013-08-14 09:55 - 2013-07-10 11:47 - 00783360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll

2013-08-14 09:55 - 2013-07-09 14:10 - 01205168 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll

2013-08-14 09:55 - 2013-07-08 06:55 - 03603904 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe

2013-08-14 09:55 - 2013-07-08 06:55 - 03551680 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe

2013-08-14 09:55 - 2013-07-08 06:20 - 00172544 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll

2013-08-14 09:55 - 2013-07-08 06:16 - 00992768 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll

2013-08-14 09:55 - 2013-07-08 06:16 - 00133120 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll

2013-08-14 09:55 - 2013-07-08 06:16 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll

2013-08-14 09:55 - 2013-07-05 06:53 - 00905664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys

2013-08-14 09:55 - 2013-06-15 15:22 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\icaapi.dll

2013-08-14 09:55 - 2013-06-15 13:23 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys

2013-08-13 10:57 - 2013-08-13 10:57 - 00714352 _____ C:\Users\Lütte\Downloads\ZipOpenerSetup.exe

2013-08-13 10:10 - 2013-08-15 11:39 - 00000000 ____D C:\Users\Lütte\Documents\Buttons

2013-08-12 11:27 - 2013-08-12 11:27 - 00377856 _____ C:\Users\Lütte\Downloads\gmer_2.1.19163.exe

2013-08-12 11:18 - 2013-08-12 11:18 - 00029984 _____ C:\Users\Lütte\Desktop\FRST.txt

2013-08-12 11:18 - 2013-08-12 11:18 - 00021128 _____ C:\Users\Lütte\Desktop\Addition.txt

2013-08-12 11:12 - 2013-08-12 11:17 - 00021128 _____ C:\Users\Lütte\Downloads\Addition.txt

2013-08-12 11:11 - 2013-08-12 11:11 - 00000000 ____D C:\FRST

2013-08-12 11:10 - 2013-08-12 11:10 - 01068593 _____ (Farbar) C:\Users\Lütte\Downloads\FRST.exe

2013-08-12 11:08 - 2013-08-12 11:08 - 00000472 _____ C:\Users\Lütte\Desktop\defogger_disable.log

2013-08-12 11:08 - 2013-08-12 11:08 - 00000000 _____ C:\Users\Lütte\defogger_reenable

2013-08-12 11:06 - 2013-08-12 11:06 - 00050477 _____ C:\Users\Lütte\Downloads\Defogger.exe

2013-08-12 11:06 - 2013-08-12 11:06 - 00000680 _____ C:\Users\LTTE~1\AppData\Local\d3d9caps.dat

2013-08-08 09:49 - 2013-08-08 11:04 - 00000000 ____D C:\Program Files\Mozilla Thunderbird

2013-08-07 23:08 - 2013-08-07 23:08 - 00139352 _____ C:\Windows\Minidump\Mini080713-01.dmp

2013-08-07 22:15 - 2013-08-07 22:15 - 00010227 _____ C:\Users\Lütte\Downloads\Cuxnatur_Geocaching_Kuestenwald.gpx

2013-08-07 22:13 - 2013-08-07 22:13 - 00010344 _____ C:\Users\Lütte\Downloads\Cuxnatur_Geocaching_Kuestenheide.gpx

2013-08-07 21:06 - 2013-08-07 21:06 - 00368128 _____ C:\Users\Lütte\Downloads\Einladung_Geocaching_Kindergeburtstag (1).ppt

2013-08-04 14:16 - 2013-08-04 14:16 - 00368128 _____ C:\Users\Lütte\Downloads\Einladung_Geocaching_Kindergeburtstag.ppt
 

==================== One Month Modified Files and Folders =======
 

2013-08-24 13:28 - 2013-08-24 13:28 - 00891115 _____ C:\Users\Lütte\Downloads\SecurityCheck.exe

2013-08-24 13:02 - 2013-05-16 11:44 - 00001096 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2013-08-24 12:53 - 2012-04-11 11:10 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job

2013-08-24 12:14 - 2006-11-02 14:47 - 00003216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

2013-08-24 12:14 - 2006-11-02 14:47 - 00003216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

2013-08-24 10:02 - 2013-05-16 11:44 - 00001092 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2013-08-24 01:07 - 2006-10-12 00:36 - 01251854 _____ C:\Windows\WindowsUpdate.log

2013-08-23 19:32 - 2013-08-23 19:31 - 02347384 _____ (ESET) C:\Users\Lütte\Downloads\esetsmartinstaller_enu (1).exe

2013-08-23 12:54 - 2012-04-11 11:10 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe

2013-08-23 12:54 - 2011-05-20 17:33 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl

2013-08-23 12:23 - 2013-08-23 12:23 - 02347384 _____ (ESET) C:\Users\Lütte\Downloads\esetsmartinstaller_enu.exe

2013-08-23 12:14 - 2008-05-09 11:54 - 00000147 _____ C:\Windows\system32\agent.log

2013-08-23 12:14 - 2006-11-02 15:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT

2013-08-23 12:14 - 2006-10-12 00:52 - 00000000 _____ C:\Windows\system32\LogConfigTemp.xml

2013-08-23 12:13 - 2008-01-21 04:47 - 04849832 _____ C:\Windows\PFRO.log

2013-08-21 20:28 - 2006-11-02 15:01 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT

2013-08-20 13:22 - 2011-10-22 14:45 - 00000030 _____ C:\Windows\Iedit_.INI

2013-08-18 11:25 - 2013-06-25 21:24 - 00000031 _____ C:\Windows\DeskCalc.INI

2013-08-15 11:39 - 2013-08-13 10:10 - 00000000 ____D C:\Users\Lütte\Documents\Buttons

2013-08-15 09:09 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\rescache

2013-08-15 09:05 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\Microsoft.NET

2013-08-15 08:50 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\system32\de-DE

2013-08-15 08:44 - 2013-08-15 08:41 - 00000000 ____D C:\Windows\system32\MRT

2013-08-15 08:41 - 2006-11-02 12:24 - 75778376 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe

2013-08-15 08:34 - 2008-01-21 09:16 - 01482390 _____ C:\Windows\system32\PerfStringBackup.INI

2013-08-14 17:35 - 2013-02-11 11:15 - 00002467 _____ C:\Users\Public\Desktop\Lexware büro easy.lnk

2013-08-14 13:08 - 2013-08-14 13:08 - 00000756 _____ C:\Users\Lütte\Desktop\JRT.txt

2013-08-14 13:05 - 2013-08-14 12:57 - 00000000 ____D C:\AdwCleaner

2013-08-14 13:04 - 2013-08-14 13:04 - 01158897 _____ (Thisisu) C:\Users\Lütte\Downloads\JRT.exe

2013-08-14 13:04 - 2013-08-14 13:04 - 00000000 ____D C:\Windows\ERUNT

2013-08-14 12:56 - 2013-08-14 12:56 - 00800594 _____ C:\Users\Lütte\Downloads\adwcleaner (1).exe

2013-08-14 12:51 - 2013-08-14 12:51 - 00800594 _____ C:\Users\Lütte\Downloads\adwcleaner.exe

2013-08-14 12:35 - 2013-08-14 12:35 - 00000910 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2013-08-14 12:35 - 2013-08-14 12:35 - 00000000 ____D C:\Users\Lütte\AppData\Roaming\Malwarebytes

2013-08-14 12:35 - 2013-08-14 12:35 - 00000000 ____D C:\ProgramData\Malwarebytes

2013-08-14 12:35 - 2013-08-14 12:35 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware

2013-08-14 12:34 - 2013-08-14 12:34 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Lütte\Downloads\mbam-setup-1.75.0.1300.exe

2013-08-13 12:25 - 2006-11-02 14:37 - 00000000 ___RD C:\Users\Public\Recorded TV

2013-08-13 10:57 - 2013-08-13 10:57 - 00714352 _____ C:\Users\Lütte\Downloads\ZipOpenerSetup.exe

2013-08-13 09:19 - 2012-07-30 08:08 - 00000000 ____D C:\Users\Lütte\AppData\Roaming\Dropbox

2013-08-13 09:09 - 2012-07-30 08:10 - 00000000 ___RD C:\Users\Lütte\Dropbox

2013-08-12 11:59 - 2011-05-22 17:45 - 00000000 ____D C:\Users\LTTE~1\AppData\Local\CrashDumps

2013-08-12 11:27 - 2013-08-12 11:27 - 00377856 _____ C:\Users\Lütte\Downloads\gmer_2.1.19163.exe

2013-08-12 11:18 - 2013-08-12 11:18 - 00029984 _____ C:\Users\Lütte\Desktop\FRST.txt

2013-08-12 11:18 - 2013-08-12 11:18 - 00021128 _____ C:\Users\Lütte\Desktop\Addition.txt

2013-08-12 11:17 - 2013-08-12 11:12 - 00021128 _____ C:\Users\Lütte\Downloads\Addition.txt

2013-08-12 11:11 - 2013-08-12 11:11 - 00000000 ____D C:\FRST

2013-08-12 11:10 - 2013-08-12 11:10 - 01068593 _____ (Farbar) C:\Users\Lütte\Downloads\FRST.exe

2013-08-12 11:08 - 2013-08-12 11:08 - 00000472 _____ C:\Users\Lütte\Desktop\defogger_disable.log

2013-08-12 11:08 - 2013-08-12 11:08 - 00000000 _____ C:\Users\Lütte\defogger_reenable

2013-08-12 11:08 - 2009-09-27 10:37 - 00000000 ____D C:\Users\Lütte

2013-08-12 11:06 - 2013-08-12 11:06 - 00050477 _____ C:\Users\Lütte\Downloads\Defogger.exe

2013-08-12 11:06 - 2013-08-12 11:06 - 00000680 _____ C:\Users\LTTE~1\AppData\Local\d3d9caps.dat

2013-08-11 11:34 - 2012-05-06 12:47 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service

2013-08-11 11:34 - 2009-10-26 15:51 - 00000000 ____D C:\Program Files\WinRAR

2013-08-08 11:04 - 2013-08-08 09:49 - 00000000 ____D C:\Program Files\Mozilla Thunderbird

2013-08-08 09:23 - 2010-07-17 19:06 - 00000000 ____D C:\ProgramData\maxdome

2013-08-08 09:23 - 2010-07-17 19:05 - 00000000 ____D C:\Program Files\maxdome

2013-08-07 23:08 - 2013-08-07 23:08 - 00139352 _____ C:\Windows\Minidump\Mini080713-01.dmp

2013-08-07 23:08 - 2013-05-27 13:16 - 361623707 _____ C:\Windows\MEMORY.DMP

2013-08-07 23:08 - 2009-09-29 08:32 - 00000000 ____D C:\Windows\Minidump

2013-08-07 22:15 - 2013-08-07 22:15 - 00010227 _____ C:\Users\Lütte\Downloads\Cuxnatur_Geocaching_Kuestenwald.gpx

2013-08-07 22:13 - 2013-08-07 22:13 - 00010344 _____ C:\Users\Lütte\Downloads\Cuxnatur_Geocaching_Kuestenheide.gpx

2013-08-07 21:06 - 2013-08-07 21:06 - 00368128 _____ C:\Users\Lütte\Downloads\Einladung_Geocaching_Kindergeburtstag (1).ppt

2013-08-04 14:16 - 2013-08-04 14:16 - 00368128 _____ C:\Users\Lütte\Downloads\Einladung_Geocaching_Kindergeburtstag.ppt

2013-08-01 09:09 - 2013-04-28 12:01 - 00002388 _____ C:\Windows\setupact.log

2013-07-25 04:40 - 2013-08-15 08:31 - 12334080 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2013-07-25 04:32 - 2013-08-15 08:31 - 01800704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2013-07-25 04:30 - 2013-08-15 08:31 - 09738752 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2013-07-25 04:26 - 2013-08-15 08:31 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2013-07-25 04:26 - 2013-08-15 08:31 - 01104384 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2013-07-25 04:25 - 2013-08-15 08:31 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2013-07-25 04:24 - 2013-08-15 08:31 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll

2013-07-25 04:24 - 2013-08-15 08:31 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2013-07-25 04:23 - 2013-08-15 08:31 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2013-07-25 04:23 - 2013-08-15 08:31 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll

2013-07-25 04:23 - 2013-08-15 08:31 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2013-07-25 04:23 - 2013-08-15 08:31 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2013-07-25 04:23 - 2013-08-15 08:31 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2013-07-25 04:22 - 2013-08-15 08:31 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2013-07-25 04:22 - 2013-08-15 08:31 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2013-07-25 04:22 - 2013-08-15 08:31 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
 

==================== Bamital & volsnap Check =================
 

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 

LastRegBack: 2013-08-24 12:27
 

==================== End Of Log ============================

--- --- ---

Java und Adobe updaten.

Downloade Dir bitte TFC ( von Oldtimer ) und speichere die Datei auf dem Desktop.
Schließe nun alle offenen Programme und trenne Dich von dem Internet.
Doppelklick auf die TFC.exe und drücke auf Start.
Sollte TFC nicht alle Dateien löschen können wird es einen Neustart verlangen. Dies bitte zulassen.

Fertig :)

Die Reihenfolge ist hier entscheidend.

Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
- Windowstaste + R > Combofix /Uninstall (eingeben) > OK
- Alternative: Combofix.exe in uninstall.exe umbenennen und starten
- Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
Downloade Dir bitte auf jeden Fall DelFix auf deinen Desktop:
- Schließe alle offenen Programme.
- Starte die delfix.exe mit einem Doppelklick.
- Setze vor jede Funktion ein Häkchen.
- Klicke auf Start.
- Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
- Starte deinen Rechner abschließend neu.
Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.

Hier noch ein paar Tipps zur Absicherung deines Systems.

Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.

Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
Windows Updates
- Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
- Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
Gehe sicher das die automatischen Updates aktiviert sind.
Software Updates
Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.

Anti- Viren Software

Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.

Zusätzlicher Schutz

MalwareBytes Anti Malware
Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
Ein Tutorial zur Verwendung findest Du hier.
WinPatrol
Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.

Sicheres Browsen

SpywareBlaster
Eine kurze Einführung findest du Hier
MVPs hosts file
Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
WOT (Web of trust)
Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.

Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.

Opera
Mozilla Firefox.
- Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
- NoScript
  Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
- AdblockPlus
  Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
  Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )

Don'ts

Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe

Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.

Moin Schrauber, soweit habe ich alle Schritte ausgeführt. Aber die PDFforge Toolbar ist immer noch in meiner Softwareliste. Kann/soll/muss/darf ich die nun deinstallieren?

Und ich habe Adobe Reader nun komplett neu installiert, aber irgendwie kommt das alle nicht in die Gänge. Hängt sich beim Öffnen auf. :eek:

Deinstalliere PDFforge.

Revo Uninstaller Pro - Uninstall Software, Remove Programs easily, Forced Uninstall, Leftovers Uninstaller
deinstallier damit Adobe, lass die Reste entfernen, und installier nochmal.

Also ich habe Adobe Reader und Flashplayer neu installiert. Ich kann nun die Dateien öffnen, aber nicht drucken, da wird irgendwie keine Verbindung aufgebaut.
Ist für mich jetzt aber auch nicht so dramatisch, habe mir "free pdf perfect" zum Erstellen von PDF-Dateien installiert. Damit kann ich auch öffnen und das Programm druckt anstandslos. Also Adobe ruhig wieder runter schmeißen?

Dann sind wir soweit durch, oder?

Lieber Schrauber, ich danke Dir für Deine tolle Hilfe! Eine Spende für das Forum habe ich veranlasst. Ich werde Euch auf jeden Fall weiter empfehlen! Danke!

Genau. Adobe runter und fertig :)

Gern Geschehen :)