Trojaner-Board - TR/PSW.Fareit.C.5420 von Avira gefunden

Trojaner-Board (https://www.trojaner-board.de/)

- Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)

- - TR/PSW.Fareit.C.5420 von Avira gefunden (https://www.trojaner-board.de/139775-tr-psw-fareit-c-5420-avira-gefunden.html)

TR/PSW.Fareit.C.5420 von Avira gefunden

Hallo,

Ich hab blöderweise ein Email bzw. dessen Anhang gespeichert und geöffnet, das mir vertrauenswürdig vorkam - kaum wollte ich die Datei im zip Ordner dann öffnen kam von Avira die Meldung, dass folgender Trojaner gefunden wurde: TR/PSW.Fareit.C.5420

Ich habe ihn dann mit Avira in Quarantäne verschoben, bin mir aber jetzt nicht sicher ob ich sonst noch etwas machen sollte.

Vielen Dank schon mal im Voraus, hab bisschen Angst weil ich irgendwo gelesen habe, dass das ein ziemlich gefährlicher Trojaner ist..

LG,
Balarooo

Ich hoffe ich poste hier jetzt das richtige, hab versucht den Anweisungen zu folgen:

Exportierte Ereignisse:

13.08.2013 16:00 [System-Scanner] Malware gefunden
Die Datei 'C:\Users\Raphaela\Downloads\Land Registry report.zip'
enthielt einen Virus oder unerwünschtes Programm 'TR/PSW.Fareit.C.5420'
[trojan].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '56df9399.qua'
verschoben!

13.08.2013 16:00 [System-Scanner] Suchlauf
Suchlauf beendet [Der Suchlauf wurde vollständig durchgeführt.].
Anzahl Dateien: 3
Anzahl Verzeichnisse: 0
Anzahl Malware: 1
Anzahl Warnungen: 1

13.08.2013 15:58 [System-Scanner] Suchlauf
Suchlauf beendet [Der Suchlauf wurde vollständig durchgeführt.].
Anzahl Dateien: 1534
Anzahl Verzeichnisse: 0
Anzahl Malware: 1
Anzahl Warnungen: 0

13.08.2013 15:57 [System-Scanner] Malware gefunden
Die Datei 'C:\Users\Raphaela\AppData\Local\Temp\Temp1_Land Registry
report.zip\Land Registry report.exe'
enthielt einen Virus oder unerwünschtes Programm 'TR/PSW.Fareit.C.5420'
[trojan].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '57aaa9d7.qua'
verschoben!

13.08.2013 15:56 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Users\Raphaela\AppData\Local\Temp\Temp1_Land Registry
report.zip\Land Registry report.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/PSW.Fareit.C.5420' [trojan]
gefunden.
Ausgeführte Aktion: Übergeben an Scanner

13.08.2013 15:56 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Users\Raphaela\AppData\Local\Temp\Temp1_Land Registry
report.zip\Land Registry report.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/PSW.Fareit.C.5420' [trojan]
gefunden.
Ausgeführte Aktion: Zugriff verweigern

13.08.2013 15:39 [System-Scanner] Suchlauf
Suchlauf beendet [Der Suchlauf wurde vollständig durchgeführt.].
Anzahl Dateien: 6855
Anzahl Verzeichnisse: 0
Anzahl Malware: 0
Anzahl Warnungen: 0

13.08.2013 15:38 [Updater] Update erfolgreich durchgeführt
Update von Avira Free Antivirus auf Computer RAPHAELA-PC (192.168.1.8)
erfolgreich durchgeführt.
Folgende Dateien wurden von "hxxp://89.105.213.17/update" aktualisiert:
vbase015.vdf 7.11.93.93
vbase016.vdf 7.11.93.170
vbase017.vdf 7.11.94.31
vbase018.vdf 7.11.94.141
vbase019.vdf 7.11.94.203
vbase020.vdf 7.11.95.8
vbase021.vdf 7.11.95.81
vbase022.vdf 7.11.95.175
vbase023.vdf 7.11.95.248
vbase024.vdf 7.11.96.43
vbase025.vdf 7.11.96.83
vbase026.vdf 7.11.96.151
vbase027.vdf 7.11.96.152
vbase028.vdf 7.11.96.153
vbase029.vdf 7.11.96.154
vbase030.vdf 7.11.96.155
vbase031.vdf 7.11.96.160
aevdf.dat 7.11.96.160
aegen.dll 8.1.7.12
aeheur.dll 8.1.4.538
aeoffice.dll 8.1.2.76
aescript.dll 8.1.4.140
aesbx.dll 8.2.16.20
aeexp.dll 8.4.1.46
aeset.dat 8.2.12.104
build.dat 13.0.0.3885
setup.dll 13.6.0.2058
setup.exe 13.6.1.2058

13.08.2013 15:38 [Echtzeit-Scanner] Engine neu geladen
Die Engine wurde neu geladen.
Engine Version: 8.2.12.104
VDF Version: 7.11.96.160

13.08.2013 15:37 [Planer] Auftrag gestartet
Auftrag "Schnelle Systemprüfung"
wurde erfolgreich gestartet.

13.08.2013 15:37 [Planer] Auftrag gestartet
Auftrag "Automatisches Update"
wurde erfolgreich gestartet.

27.07.2013 23:20 [Echtzeit-Scanner] Dienst gestartet
Der Dienst wurde gestartet.
Dienst Version: 13.6.0.1550
Engine Version: 8.2.12.94
VDF Version: 7.11.93.86

27.07.2013 23:20 [Hilfsdienst] Dienst gestartet
Der Dienst wurde gestartet.
Dienst Version: 13.6.0.1550
Engine Version: 8.2.12.94
VDF Version: 7.11.93.86

27.07.2013 23:20 [Planer] Dienst gestartet
Der Dienst wurde gestartet.
Dienst Version 13.6.0.1550

27.07.2013 23:19 [Echtzeit-Scanner] Dienst gestoppt
Der Dienst wurde gestoppt.

27.07.2013 23:19 [Planer] Dienst gestoppt
Der Dienst wurde gestoppt.

27.07.2013 20:47 [Updater] Update erfolgreich durchgeführt
Update von Avira Free Antivirus auf Computer RAPHAELA-PC (192.168.1.8)
erfolgreich durchgeführt.
Folgende Dateien wurden von "hxxp://89.105.213.17/update" aktualisiert:
vbase031.vdf 7.11.93.86
aevdf.dat 7.11.93.86
aegen.dll 8.1.7.10
aeheur.dll 8.1.4.504
aeoffice.dll 8.1.2.74
aescript.dll 8.1.4.136
aeexp.dll 8.4.1.36
aeset.dat 8.2.12.94

27.07.2013 20:47 [Echtzeit-Scanner] Engine neu geladen
Die Engine wurde neu geladen.
Engine Version: 8.2.12.94
VDF Version: 7.11.93.86

27.07.2013 20:47 [Planer] Auftrag gestartet
Auftrag "Automatisches Update"
wurde erfolgreich gestartet.

25.07.2013 16:33 [Updater] Update erfolgreich durchgeführt
Update von Avira Free Antivirus auf Computer RAPHAELA-PC (192.168.1.8)
erfolgreich durchgeführt.
Folgende Dateien wurden von "hxxp://89.105.213.17/update" aktualisiert:
vbase014.vdf 7.11.92.147
vbase015.vdf 7.11.92.148
vbase016.vdf 7.11.92.149
vbase017.vdf 7.11.92.150
vbase018.vdf 7.11.92.151
vbase019.vdf 7.11.92.152
vbase020.vdf 7.11.92.153
vbase021.vdf 7.11.92.154
vbase022.vdf 7.11.92.155
vbase023.vdf 7.11.92.156
vbase024.vdf 7.11.92.157
vbase025.vdf 7.11.92.158
vbase026.vdf 7.11.92.159
vbase027.vdf 7.11.92.160
vbase028.vdf 7.11.92.161
vbase029.vdf 7.11.92.162
vbase030.vdf 7.11.92.163
vbase031.vdf 7.11.92.166
aevdf.dat 7.11.92.166

25.07.2013 16:33 [Echtzeit-Scanner] Engine neu geladen
Die Engine wurde neu geladen.
Engine Version: 8.2.12.88
VDF Version: 7.11.92.166

25.07.2013 16:32 [Planer] Auftrag gestartet
Auftrag "Automatisches Update"
wurde erfolgreich gestartet.

25.07.2013 10:18 [Updater] Update erfolgreich durchgeführt
Update von Avira Free Antivirus auf Computer RAPHAELA-PC (192.168.1.8)
erfolgreich durchgeführt.
Folgende Dateien wurden von "hxxp://89.105.213.18/update" aktualisiert:
vbase031.vdf 7.11.92.140
aevdf.dat 7.11.92.140

25.07.2013 10:18 [Echtzeit-Scanner] Engine neu geladen
Die Engine wurde neu geladen.
Engine Version: 8.2.12.88
VDF Version: 7.11.92.140

25.07.2013 10:18 [Planer] Auftrag gestartet
Auftrag "Automatisches Update"
wurde erfolgreich gestartet.

24.07.2013 19:52 [Updater] Update erfolgreich durchgeführt
Update von Avira Free Antivirus auf Computer RAPHAELA-PC (192.168.1.4)
erfolgreich durchgeführt.
Folgende Dateien wurden von "hxxp://89.105.213.17/update" aktualisiert:
vbase031.vdf 7.11.92.122
aevdf.dat 7.11.92.122

24.07.2013 19:52 [Echtzeit-Scanner] Engine neu geladen
Die Engine wurde neu geladen.
Engine Version: 8.2.12.88
VDF Version: 7.11.92.122

24.07.2013 19:52 [Planer] Auftrag gestartet
Auftrag "Automatisches Update"
wurde erfolgreich gestartet.

24.07.2013 13:52 [Updater] Update erfolgreich durchgeführt
Update von Avira Free Antivirus auf Computer RAPHAELA-PC (192.168.1.9)
erfolgreich durchgeführt.
Folgende Dateien wurden von "hxxp://89.105.213.18/update" aktualisiert:
vbase013.vdf 7.11.92.32
vbase014.vdf 7.11.92.33
vbase015.vdf 7.11.92.34
vbase016.vdf 7.11.92.35
vbase017.vdf 7.11.92.36
vbase018.vdf 7.11.92.37
vbase019.vdf 7.11.92.38
vbase020.vdf 7.11.92.39
vbase021.vdf 7.11.92.40
vbase022.vdf 7.11.92.41
vbase023.vdf 7.11.92.42
vbase024.vdf 7.11.92.43
vbase025.vdf 7.11.92.44
vbase026.vdf 7.11.92.45
vbase027.vdf 7.11.92.46
vbase028.vdf 7.11.92.47
vbase029.vdf 7.11.92.48
vbase030.vdf 7.11.92.49
vbase031.vdf 7.11.92.90
aevdf.dat 7.11.92.90

24.07.2013 13:52 [Echtzeit-Scanner] Engine neu geladen
Die Engine wurde neu geladen.
Engine Version: 8.2.12.88
VDF Version: 7.11.92.90

24.07.2013 13:52 [Planer] Auftrag gestartet
Auftrag "Automatisches Update"
wurde erfolgreich gestartet.

24.07.2013 00:25 [Updater] Update erfolgreich durchgeführt
Update von Avira Free Antivirus auf Computer RAPHAELA-PC (192.168.1.2)
erfolgreich durchgeführt.
Folgende Dateien wurden von "hxxp://80.190.148.74/update" aktualisiert:
vbase031.vdf 7.11.92.24
aevdf.dat 7.11.92.24

24.07.2013 00:25 [Echtzeit-Scanner] Engine neu geladen
Die Engine wurde neu geladen.
Engine Version: 8.2.12.88
VDF Version: 7.11.92.24

24.07.2013 00:24 [Planer] Auftrag gestartet
Auftrag "Automatisches Update"
wurde erfolgreich gestartet.

23.07.2013 15:37 [Updater] Update erfolgreich durchgeführt
Update von Avira Free Antivirus auf Computer RAPHAELA-PC (192.168.1.9)
erfolgreich durchgeführt.
Folgende Dateien wurden von "hxxp://89.105.213.17/update" aktualisiert:
vbase004.vdf 7.11.91.176
vbase005.vdf 7.11.91.177
vbase006.vdf 7.11.91.178
vbase007.vdf 7.11.91.179
vbase008.vdf 7.11.91.180
vbase009.vdf 7.11.91.181
vbase010.vdf 7.11.91.182
vbase011.vdf 7.11.91.183
vbase012.vdf 7.11.91.184
vbase013.vdf 7.11.91.185
vbase014.vdf 7.11.91.186
vbase015.vdf 7.11.91.187
vbase016.vdf 7.11.91.188
vbase017.vdf 7.11.91.189
vbase018.vdf 7.11.91.190
vbase019.vdf 7.11.91.191
vbase020.vdf 7.11.91.192
vbase021.vdf 7.11.91.193
vbase022.vdf 7.11.91.194
vbase023.vdf 7.11.91.195
vbase024.vdf 7.11.91.196
vbase025.vdf 7.11.91.197
vbase026.vdf 7.11.91.198
vbase027.vdf 7.11.91.199
vbase028.vdf 7.11.91.200
vbase029.vdf 7.11.91.201
vbase030.vdf 7.11.91.202
vbase031.vdf 7.11.91.236
aevdf.dat 7.11.91.236
aeheur.dll 8.1.4.486
aeoffice.dll 8.1.2.70
aescript.dll 8.1.4.134
aeexp.dll 8.4.1.28
aeset.dat 8.2.12.88
build.dat 13.0.0.3884
setup.exe 13.6.1.2052

23.07.2013 15:37 [Echtzeit-Scanner] Engine neu geladen
Die Engine wurde neu geladen.
Engine Version: 8.2.12.88
VDF Version: 7.11.91.236

23.07.2013 15:36 [System-Scanner] Suchlauf
Suchlauf beendet [Der Suchlauf wurde abgebrochen!].
Anzahl Dateien: 0
Anzahl Verzeichnisse: 0
Anzahl Malware: 0
Anzahl Warnungen: 0

23.07.2013 15:36 [Planer] Auftrag gestartet
Auftrag "Schnelle Systemprüfung"
wurde erfolgreich gestartet.

23.07.2013 15:36 [Planer] Auftrag gestartet
Auftrag "Automatisches Update"
wurde erfolgreich gestartet.

hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

FRST Logfile:

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-08-2013

Ran by Raphaela (administrator) on 13-08-2013 16:58:27

Running from C:\Users\Raphaela\Downloads

Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: German Standard

Internet Explorer Version 9

Boot Mode: Normal
 

==================== Processes (Whitelisted) ===================
 

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe

(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe

(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(Steganos Software GmbH) C:\Program Files\OkayFreedom\VPNService.exe

(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

(Ask) C:\Program Files\Ask.com\Updater\Updater.exe

() C:\Program Files\DivX\DivX Update\DivXUpdate.exe

(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe

(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe

(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe

(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\ubd.exe

(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe

(Steganos Software GmbH) C:\Program Files\OkayFreedom\OkayFreedomClient.exe

(Dropbox, Inc.) C:\Users\Raphaela\AppData\Roaming\Dropbox\bin\Dropbox.exe

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

(Apple Inc.) C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

(Microsoft Corporation) C:\Windows\system32\wuauclt.exe

(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\update\realsched.exe

(Google Inc.) C:\Users\Raphaela\AppData\Local\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Users\Raphaela\AppData\Local\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Users\Raphaela\AppData\Local\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Users\Raphaela\AppData\Local\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Users\Raphaela\AppData\Local\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Users\Raphaela\AppData\Local\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Users\Raphaela\AppData\Local\Google\Chrome\Application\chrome.exe

(Avira Operations GmbH & Co. KG) C:\program files\avira\antivir desktop\avcenter.exe
 

==================== Registry (Whitelisted) ==================
 

HKLM\...\Run: [NeroFilterCheck] - C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [155648 2006-01-12] (Nero AG)

HKLM\...\Run: [AppleSyncNotifier] - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-11-02] (Apple Inc.)

HKLM\...\Run: [] -  [x]

HKLM\...\Run: [ApnUpdater] - C:\Program Files\Ask.com\Updater\Updater.exe [887976 2011-08-23] (Ask)

HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)

HKLM\...\Run: [DivXUpdate] - C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1259376 2011-07-29] ()

HKLM\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [41208 2012-12-19] (Adobe Systems Incorporated)

HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [946352 2012-12-03] (Adobe Systems Incorporated)

HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254696 2012-01-18] (Sun Microsystems, Inc.)

HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [421776 2012-06-07] (Apple Inc.)

HKLM\...\Run: [TkBellExe] - c:\program files\real\realplayer\Update\realsched.exe [296096 2012-10-05] (RealNetworks, Inc.)

HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [345144 2013-06-25] (Avira Operations GmbH & Co. KG)

HKLM\...\Run: [HP Software Update] - C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)

HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)

HKCU\...\Run: [MobileDocuments] - C:\Program Files\Common Files\Apple\Internet Services\ubd.exe [59240 2012-02-23] (Apple Inc.)

HKCU\...\Run: [OKAYFREEDOM_Agent] - C:\Program Files\OkayFreedom\OkayFreedomClient.exe [4458712 2013-05-02] (Steganos Software GmbH)

Startup: C:\Users\Raphaela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

ShortcutTarget: Dropbox.lnk -> C:\Users\Raphaela\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

Startup: C:\Users\Raphaela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Photosmart 5520 series.lnk

ShortcutTarget: Tintenwarnungen überwachen - HP Photosmart 5520 series.lnk -> C:\Program Files\HP\HP Photosmart 5520 series\bin\HPStatusBL.dll (Hewlett-Packard Co.)
 

==================== Internet (Whitelisted) ====================
 

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN AT: Hotmail, Outlook, Messenger, Skype, Unterhaltung, Nachrichten & Lifestyle

SearchScopes: HKLM - DefaultScope {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050

SearchScopes: HKLM - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050

SearchScopes: HKCU - DefaultScope {ACA5F5BD-231B-4BBC-977C-F0B9805361AE} URL = hxxp://www.google.de/search?q={searchTerms}

SearchScopes: HKCU - {ACA5F5BD-231B-4BBC-977C-F0B9805361AE} URL = hxxp://www.google.de/search?q={searchTerms}

SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050

BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)

BHO: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)

BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

BHO: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)

BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

Toolbar: HKLM - Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)

Toolbar: HKCU -Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)

DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

Handler: msdaipp - No CLSID Value - 

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)

Winsock: Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 

FireFox:

========

FF ProfilePath: C:\Users\Raphaela\AppData\Roaming\Mozilla\Firefox\Profiles\2g6fq912.default

FF Homepage: hxxp://www.imdb.com/

FF Keyword.URL: hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&q=

FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()

FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)

FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)

FF Plugin: @java.com/DTPlugin,version=1.6.0_33 - C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)

FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)

FF Plugin: @microsoft.com/GENUINE - disabled No File

FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

FF Plugin: @nvidia.com/3DVision - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

FF Plugin: @nvidia.com/3DVisionStreaming - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF Plugin: @real.com/nppl3260;version=15.0.6.14 - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)

FF Plugin: @real.com/nprjplug;version=15.0.6.14 - c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)

FF Plugin: @real.com/nprpchromebrowserrecordext;version=15.0.6.14 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)

FF Plugin: @real.com/nprphtml5videoshim;version=15.0.6.14 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)

FF Plugin: @real.com/nprpplugin;version=15.0.6.14 - c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)

FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF SearchPlugin: C:\Users\Raphaela\AppData\Roaming\Mozilla\Firefox\Profiles\2g6fq912.default\searchplugins\conduit.xml

FF Extension: No Name - C:\Users\Raphaela\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}

FF Extension: Conduit Engine  - C:\Users\Raphaela\AppData\Roaming\Mozilla\Firefox\Profiles\2g6fq912.default\Extensions\engine@conduit.com

FF Extension: No Name - C:\Users\Raphaela\AppData\Roaming\Mozilla\Firefox\Profiles\2g6fq912.default\Extensions\toolbar@ask.com

FF Extension: DVDVideoSoftTB Community Toolbar - C:\Users\Raphaela\AppData\Roaming\Mozilla\Firefox\Profiles\2g6fq912.default\Extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}

FF Extension: DVDVideoSoft Toolbar - C:\Users\Raphaela\AppData\Roaming\Mozilla\Firefox\Profiles\2g6fq912.default\Extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}

FF Extension: No Name - C:\Users\Raphaela\AppData\Roaming\Mozilla\Firefox\Profiles\2g6fq912.default\Extensions\{DB981CCA-088E-4731-A4A2-2FE218703C0E}.xpi

FF Extension: Skype extension for Firefox - C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}

FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}

FF Extension: Default - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5

FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5

FF HKLM\...\Firefox\Extensions: [{0153E448-190B-4987-BDE1-F256CADA672F}] C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext

FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
 

Chrome: 

=======

CHR HomePage: hxxp://www.google.com/

CHR DefaultSearchURL: (Google) - {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}

CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}

CHR Plugin: (Shockwave Flash) - C:\Users\Raphaela\AppData\Local\Google\Chrome\Application\15.0.874.121\gcswf32.dll ()

CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll No File

CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll No File

CHR Plugin: (Java(TM) Platform SE 6 U33) - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)

CHR Plugin: (Java Deployment Toolkit 6.0.330.5) - C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)

CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)

CHR Plugin: (Shockwave for Director) - C:\Program Files\Mozilla Firefox\plugins\np32dsw.dll (Macromedia, Inc.)

CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll (RealNetworks, Inc.)

CHR Plugin: (RealPlayer Download Plugin) - C:\Program Files\Mozilla Firefox\plugins\nprpplugin.dll (RealPlayer)

CHR Plugin: (RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)

CHR Plugin: (Microsoft Office 2003) - C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)

CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

CHR Plugin: (Remoting Viewer) - internal-remoting-viewer

CHR Plugin: (Native Client) - C:\Users\Raphaela\AppData\Local\Google\Chrome\Application\15.0.874.121\ppGoogleNaClPluginChrome.dll ()

CHR Plugin: (Chrome PDF Viewer) - C:\Users\Raphaela\AppData\Local\Google\Chrome\Application\15.0.874.121\pdf.dll ()

CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll (RealNetworks, Inc.)

CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)

CHR Plugin: (DivX Plus Web Player) - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)

CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

CHR Plugin: (RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)

CHR Plugin: (Default Plug-in) - default_plugin No File

CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Users\Raphaela\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0

CHR Extension: (DivX Plus Web Player HTML5 \u003Cvideo\u003E) - C:\Users\Raphaela\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0

CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx

CHR HKLM\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx
 

========================== Services (Whitelisted) =================
 

R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [84024 2013-06-25] (Avira Operations GmbH & Co. KG)

R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [108088 2013-06-25] (Avira Operations GmbH & Co. KG)

R2 OkayFreedom VPN Starter Service; C:\Program Files\OkayFreedom\VPNService.exe [303344 2013-05-02] (Steganos Software GmbH)
 

==================== Drivers (Whitelisted) ====================
 

S2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [278728 2010-05-18] ()

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [84744 2013-02-27] (Avira Operations GmbH & Co. KG)

R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135136 2013-02-27] (Avira Operations GmbH & Co. KG)

R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-03-06] (Avira Operations GmbH & Co. KG)

R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [25416 2010-05-18] ()

R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2012-08-27] (Avira GmbH)

R3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [31360 2013-02-08] (The OpenVPN Project)
 

==================== NetSvcs (Whitelisted) ===================
 
 

==================== One Month Created Files and Folders ========
 

2013-08-13 16:57 - 2013-08-13 16:57 - 01068525 _____ (Farbar) C:\Users\Raphaela\Downloads\FRST.exe

2013-08-13 16:44 - 2013-08-13 16:44 - 00022222 _____ C:\Users\Raphaela\Documents\Ereignisse.txt

2013-08-13 15:52 - 2013-08-13 15:52 - 03111104 _____ (Hewlett-Packard                                              ) C:\Users\Raphaela\Downloads\hpusetup.exe

2013-08-13 15:51 - 2013-08-13 15:51 - 00000327 _____ C:\Users\Raphaela\Desktop\HP PS 5520 Firmware VR3 *Update.url

2013-08-13 15:51 - 2013-08-13 15:51 - 00000000 ____D C:\Windows\Hewlett-Packard
 

==================== One Month Modified Files and Folders =======
 

2013-08-13 16:58 - 2013-08-13 16:58 - 00000000 ____D C:\FRST

2013-08-13 16:57 - 2013-08-13 16:57 - 01068525 _____ (Farbar) C:\Users\Raphaela\Downloads\FRST.exe

2013-08-13 16:44 - 2013-08-13 16:44 - 00022222 _____ C:\Users\Raphaela\Documents\Ereignisse.txt

2013-08-13 16:21 - 2012-03-29 18:04 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job

2013-08-13 15:54 - 2013-06-02 10:57 - 00000000 ____D C:\Users\Raphaela\AppData\Roaming\HpUpdate

2013-08-13 15:52 - 2013-08-13 15:52 - 03111104 _____ (Hewlett-Packard                                              ) C:\Users\Raphaela\Downloads\hpusetup.exe

2013-08-13 15:51 - 2013-08-13 15:51 - 00000327 _____ C:\Users\Raphaela\Desktop\HP PS 5520 Firmware VR3 *Update.url

2013-08-13 15:51 - 2013-08-13 15:51 - 00000000 ____D C:\Windows\Hewlett-Packard

2013-08-13 15:43 - 2009-07-14 06:34 - 00013440 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2013-08-13 15:43 - 2009-07-14 06:34 - 00013440 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2013-08-13 15:37 - 2011-07-04 23:39 - 00000000 ____D C:\Users\Raphaela\AppData\Roaming\Dropbox

2013-08-13 15:37 - 2010-03-21 03:30 - 00000000 _____ C:\Windows\system32\Drivers\lvuvc.hs

2013-07-28 01:07 - 2010-03-21 03:10 - 01256656 _____ C:\Windows\WindowsUpdate.log

2013-07-27 23:51 - 2013-04-21 15:15 - 00000000 ____D C:\Users\Raphaela\Documents\kulTOUR mit Holender

2013-07-27 23:21 - 2011-07-04 23:41 - 00000000 ___RD C:\Users\Raphaela\Dropbox

2013-07-27 23:20 - 2011-03-24 13:16 - 00031439 _____ C:\Windows\setupact.log

2013-07-27 23:20 - 2011-03-24 13:15 - 00052648 _____ C:\Windows\PFRO.log

2013-07-27 23:20 - 2010-04-19 01:21 - 00000000 ____D C:\ProgramData\NVIDIA

2013-07-27 23:20 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT

2013-07-27 23:19 - 2012-01-16 19:59 - 00000000 ____D C:\Users\Raphaela\AppData\Roaming\vlc

2013-07-27 23:16 - 2012-01-20 03:24 - 00001775 _____ C:\Users\Public\Desktop\QuickTime Player.lnk

2013-07-27 23:16 - 2012-01-20 03:23 - 00000000 ____D C:\Program Files\QuickTime

2013-07-27 23:10 - 2010-03-22 01:04 - 00000000 ____D C:\Users\Raphaela\AppData\Local\Apple Computer

2013-07-14 09:25 - 2010-03-21 03:21 - 01498742 _____ C:\Windows\system32\PerfStringBackup.INI
 

==================== Bamital & volsnap Check =================
 

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 

LastRegBack: 2013-07-25 17:35
 

==================== End Of Log ===========================

--- --- ---

--- --- ---

FRST Additions Logfile:

Code:

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 13-08-2013

Ran by Raphaela at 2013-08-13 16:59:34

Running from C:\Users\Raphaela\Downloads

Boot Mode: Normal

==========================================================
 
 

==================== Installed Programs =======================
 

Adobe Digital Editions

Adobe Flash Player 11 ActiveX (Version: 11.7.700.224)

Adobe Flash Player 11 Plugin (Version: 11.7.700.224)

Adobe Reader 9.5.4 - Deutsch (Version: 9.5.4)

Apple Application Support (Version: 2.3.4)

Apple Mobile Device Support (Version: 5.2.0.6)

Apple Software Update (Version: 2.1.3.127)

Ask Toolbar (Version: 1.13.1.0)

Avira Free Antivirus (Version: 13.0.0.3885)

Bonjour (Version: 3.0.0.10)

calibre (Version: 0.7.59)

CCleaner (Version: 3.04)

Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)

DivX-Setup (Version: 2.6.1.3)

Dropbox (HKCU Version: 2.0.22)

Google Chrome (HKCU Version: 15.0.874.121)

HP FWUpdateEDO2 (Version: 1.2.0.0)

HP Photo Creations (Version: 1.0.0.7702)

HP Photosmart 5520 series - Grundlegende Software für das Gerät (Version: 28.0.1315.0)

HP Photosmart 5520 series Hilfe (Version: 27.0.0)

HP Update (Version: 5.003.003.001)

HPDiagnosticAlert (Version: 1.00.0000)

iCloud (Version: 1.1.0.40)

iTunes (Version: 10.6.3.25)

Java Auto Updater (Version: 2.0.7.1)

Java(TM) 6 Update 33 (Version: 6.0.330)

Junk Mail filter update (Version: 14.0.8089.726)

Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)

Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)

Microsoft Application Error Reporting (Version: 12.0.6012.5000)

Microsoft Choice Guard (Version: 2.0.48.0)

Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)

Microsoft Office Live Add-in 1.5 (Version: 2.0.4024.1)

Microsoft Office Professional Edition 2003 (Version: 11.0.8173.0)

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)

MobileMe Control Panel (Version: 3.1.8.0)

Mozilla Firefox 21.0 (x86 de) (Version: 21.0)

Mozilla Maintenance Service (Version: 21.0)

MSVCRT (Version: 14.0.1468.721)

Nero 7 Essentials (Version: 7.02.3246)

NVIDIA 3D Vision Controller-Treiber 310.70 (Version: 310.70)

NVIDIA 3D Vision Treiber 311.06 (Version: 311.06)

NVIDIA Grafiktreiber 311.06 (Version: 311.06)

NVIDIA Install Application (Version: 2.1002.108.688)

NVIDIA PhysX (Version: 9.12.1031)

NVIDIA PhysX-Systemsoftware 9.12.1031 (Version: 9.12.1031)

NVIDIA Stereoscopic 3D Driver (Version: 7.17.13.1106)

NVIDIA Systemsteuerung 311.06 (Version: 311.06)

NVIDIA Update 1.11.3 (Version: 1.11.3)

NVIDIA Update Components (Version: 1.11.3)

OkayFreedom (Version: 1.0.9)

PS5520FWUpdateAlert (Version: 1.00.0000)

PVSonyDll (Version: 1.00.0001)

Python 2.7 pycrypto-2.1.0

Python 2.7.1 (Version: 2.7.1150)

QuickTime (Version: 7.74.80.86)

RarZilla Free Unrar (Version: 2.55)

RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0)

RealPlayer (Version: 15.0.6)

RealUpgrade 1.1 (Version: 1.1.0)

Sacred 2 (Version: 2.0.2.0)

Shockwave

Skype Toolbars (Version: 1.0.4051)

Skype™ 5.10 (Version: 5.10.116)

System Requirements Lab CYRI (Version: 4.5.1.0)

Uninstall 1.0.0.1

Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)

VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0)

VLC media player 1.1.11 (Version: 1.1.11)

Windows Live Anmelde-Assistent (Version: 5.000.818.5)

Windows Live Communications Platform (Version: 14.0.8098.930)

Windows Live Essentials (Version: 14.0.8089.0726)

Windows Live Essentials (Version: 14.0.8089.726)

Windows Live Mail (Version: 14.0.8089.0726)

Windows Live-Uploadtool (Version: 14.0.8014.1029)

 
 

==================== Restore Points  =========================
 

24-04-2013 01:00:25 Windows Update

30-04-2013 13:39:19 Windows Update

03-05-2013 15:01:44 Windows Update

07-05-2013 13:19:53 Windows Update

09-05-2013 19:16:22 Gerätetreiber-Paketinstallation: TAP-Windows Provider V9 Netzwerkadapter

11-05-2013 01:00:26 Windows Update

11-05-2013 10:01:17 Wiederherstellungsvorgang

03-06-2013 08:28:32 Geplanter Prüfpunkt

14-06-2013 00:44:42 Geplanter Prüfpunkt

21-06-2013 09:10:19 Geplanter Prüfpunkt

28-06-2013 09:12:09 Geplanter Prüfpunkt

12-07-2013 19:56:18 Geplanter Prüfpunkt

25-07-2013 15:43:14 Geplanter Prüfpunkt

13-08-2013 13:53:48 Installed HP Update.
 

==================== Hosts content: ==========================
 

2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 

==================== Scheduled Tasks (whitelisted) =============
 

Task: {50220055-96E8-4973-BC5E-BC8A2F08D960} - System32\Tasks\{BD052BA6-30C5-4365-8C63-1DBCBC094316} => C:\Program Files\Skype\Phone\Skype.exe [2012-07-13] (Skype Technologies S.A.)

Task: {586CAFAC-8F4C-4E59-A322-6BF760BEF411} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-3622156399-1363326566-1803836715-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2012-07-27] (RealNetworks, Inc.)

Task: {924D5715-4E7A-421A-AE08-748465BFCE81} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files\Ask.com\UpdateTask.exe [2011-08-23] ()

Task: {B86A0631-1D29-4516-997A-038F0E957DF3} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-13] (Adobe Systems Incorporated)

Task: {BD685423-5516-486B-8024-640CBCFFA19B} - System32\Tasks\{D57C034E-B9F2-4F21-9A3C-C3A321F964DE} => C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe No File

Task: {CF37806C-28E4-4129-9A26-72462982EEAF} - System32\Tasks\{F315CD03-0C02-4FEA-B5D7-C7433502FBF8} => C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe No File

Task: {E21777FD-268C-4B72-8769-546EB11EE675} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-3622156399-1363326566-1803836715-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2012-07-27] (RealNetworks, Inc.)

Task: {E808D5F0-2107-44FB-BEE9-E525FE88B27A} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
 

==================== Faulty Device Manager Devices =============
 
 

==================== Event log errors: =========================
 

Application errors:

==================

Error: (08/13/2013 03:54:08 PM) (Source: MsiInstaller) (User: Raphaela-PC)

Description: Produkt: HP Update -- Auf Ihrem System wurde eine neuere Version von HP Update gefunden. Setup wird beendet.
 

Error: (08/13/2013 03:51:27 PM) (Source: MsiInstaller) (User: Raphaela-PC)

Description: Produkt: HP Update -- Auf Ihrem System wurde eine neuere Version von HP Update gefunden. Setup wird beendet.
 

Error: (07/27/2013 11:15:41 PM) (Source: Microsoft-Windows-RestartManager) (User: Raphaela-PC)

Description: Die Anwendung oder der Dienst "Windows-Explorer" konnte nicht heruntergefahren werden.
 

Error: (07/25/2013 05:48:44 PM) (Source: Bonjour Service) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 12995
 

Error: (07/25/2013 05:48:44 PM) (Source: Bonjour Service) (User: )

Description: Task Scheduling Error: m->NextScheduledEvent 12995
 

Error: (07/25/2013 05:48:44 PM) (Source: Bonjour Service) (User: )

Description: Task Scheduling Error: Continuously busy for more than a second
 

Error: (07/25/2013 05:48:43 PM) (Source: Bonjour Service) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 11997
 

Error: (07/25/2013 05:48:43 PM) (Source: Bonjour Service) (User: )

Description: Task Scheduling Error: m->NextScheduledEvent 11997
 

Error: (07/25/2013 05:48:43 PM) (Source: Bonjour Service) (User: )

Description: Task Scheduling Error: Continuously busy for more than a second
 

Error: (07/25/2013 05:48:42 PM) (Source: Bonjour Service) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 10998
 
 

System errors:

=============

Error: (08/13/2013 03:37:09 PM) (Source: Service Control Manager) (User: )

Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst lmhosts erreicht.
 

Error: (07/27/2013 11:22:50 PM) (Source: Service Control Manager) (User: )

Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: 

%%1069
 

Error: (07/27/2013 11:22:50 PM) (Source: Service Control Manager) (User: )

Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: 

%%1330
 

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).
 

Error: (07/27/2013 11:20:40 PM) (Source: Service Control Manager) (User: )

Description: Der Dienst "atksgt" wurde aufgrund folgenden Fehlers nicht gestartet: 

%%1275
 

Error: (07/27/2013 11:20:40 PM) (Source: Application Popup) (User: )

Description: Treiber atksgt.sys konnte nicht geladen werden.
 

Error: (06/29/2013 01:13:54 PM) (Source: Service Control Manager) (User: )

Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: 

%%1069
 

Error: (06/29/2013 01:13:54 PM) (Source: Service Control Manager) (User: )

Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: 

%%1330
 

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).
 

Error: (06/29/2013 01:11:00 PM) (Source: Service Control Manager) (User: )

Description: Der Dienst "atksgt" wurde aufgrund folgenden Fehlers nicht gestartet: 

%%1275
 

Error: (06/29/2013 01:11:00 PM) (Source: Application Popup) (User: )

Description: Treiber atksgt.sys konnte nicht geladen werden.
 

Error: (06/29/2013 01:10:55 PM) (Source: EventLog) (User: )

Description: Das System wurde zuvor am ‎29.‎06.‎2013 um 13:08:04 unerwartet heruntergefahren.
 
 

Microsoft Office Sessions:

=========================

Error: (08/13/2013 03:54:08 PM) (Source: MsiInstaller)(User: Raphaela-PC)

Description: Produkt: HP Update -- Auf Ihrem System wurde eine neuere Version von HP Update gefunden. Setup wird beendet.(NULL)(NULL)(NULL)(NULL)(NULL)
 

Error: (08/13/2013 03:51:27 PM) (Source: MsiInstaller)(User: Raphaela-PC)

Description: Produkt: HP Update -- Auf Ihrem System wurde eine neuere Version von HP Update gefunden. Setup wird beendet.(NULL)(NULL)(NULL)(NULL)(NULL)
 

Error: (07/27/2013 11:15:41 PM) (Source: Microsoft-Windows-RestartManager)(User: Raphaela-PC)

Description: 1C:\Windows\explorer.exeWindows-Explorer0411719960
 

Error: (07/25/2013 05:48:44 PM) (Source: Bonjour Service)(User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 12995
 

Error: (07/25/2013 05:48:44 PM) (Source: Bonjour Service)(User: )

Description: Task Scheduling Error: m->NextScheduledEvent 12995
 

Error: (07/25/2013 05:48:44 PM) (Source: Bonjour Service)(User: )

Description: Task Scheduling Error: Continuously busy for more than a second
 

Error: (07/25/2013 05:48:43 PM) (Source: Bonjour Service)(User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 11997
 

Error: (07/25/2013 05:48:43 PM) (Source: Bonjour Service)(User: )

Description: Task Scheduling Error: m->NextScheduledEvent 11997
 

Error: (07/25/2013 05:48:43 PM) (Source: Bonjour Service)(User: )

Description: Task Scheduling Error: Continuously busy for more than a second
 

Error: (07/25/2013 05:48:42 PM) (Source: Bonjour Service)(User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 10998
 
 

==================== Memory info =========================== 
 

Percentage of memory in use: 38%

Total physical RAM: 3070.17 MB

Available physical RAM: 1881.73 MB

Total Pagefile: 6138.63 MB

Available Pagefile: 4562.19 MB

Total Virtual: 2047.88 MB

Available Virtual: 1897.32 MB
 

==================== Drives ================================
 

Drive c: () (Fixed) (Total:313.35 GB) (Free:85.16 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

Drive d: (RECOVER) (Fixed) (Total:21.98 GB) (Free:14.3 GB) FAT32

Drive j: (Externe Raphi) (Fixed) (Total:1397.26 GB) (Free:209.77 GB) NTFS
 

==================== MBR & Partition Table ==================
 

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 335 GB) (Disk ID: 2BAB359D)

Partition 1: (Active) - (Size=313 GB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=22 GB) - (Type=OF Extended)
 

========================================================

Disk: 1 (MBR Code: Windows XP) (Size: 1397 GB) (Disk ID: 00144E82)

Partition 1: (Not Active) - (Size=-698722394112) - (Type=07 NTFS)
 

==================== End Of Log ============================

--- --- ---

Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

und ein frisches FRST log bitte.

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.08.13.06

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Raphaela :: RAPHAELA-PC [Administrator]

13.08.2013 23:21:56
mbam-log-2013-08-13 (23-21-56).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 236692
Laufzeit: 8 Minute(n), 20 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 2
C:\Users\Raphaela\Downloads\DVD_Decrypter.exe (Trojan.Repacked) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Raphaela\Downloads\wirelesskeyview134.zip (PUP.WirelessKeyView) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

AdwCleaner Logfile:

Code:

# AdwCleaner v3.000 - Report created13/08/2013at23:39:37

# Updated 13/08/2013 by Xplode

# Operating System : Windows 7 Home Premium Service Pack 1 (32 bits)

# Username : Raphaela - RAPHAELA-PC

# Running from : C:\Users\Raphaela\Downloads\adwcleaner.exe
 

***** [ Services ] *****
 
 

***** [ Files / Folders ] *****
 

Folder Deleted : C:\Program Files\Ask.com

Folder Deleted : C:\Program Files\Conduit

Folder Deleted : C:\Users\Raphaela\AppData\Local\Temp\AskSearch

Folder Deleted : C:\Users\Raphaela\AppData\LocalLow\AskToolbar

Folder Deleted : C:\Users\Raphaela\AppData\LocalLow\boost_interprocess

Folder Deleted : C:\Users\Raphaela\AppData\LocalLow\Conduit

Folder Deleted : C:\Users\Raphaela\AppData\Roaming\dvdvideosoftiehelpers

Folder Deleted : C:\Users\Raphaela\AppData\Roaming\Mozilla\Firefox\Profiles\2g6fq912.default\Conduit

Folder Deleted : C:\Users\Raphaela\AppData\Roaming\Mozilla\Firefox\Profiles\2g6fq912.default\ConduitEngine

Folder Deleted : C:\Users\Raphaela\AppData\Roaming\Mozilla\Firefox\Profiles\2g6fq912.default\CT2269050

File Deleted : C:\Windows\System32\Tasks\Scheduled Update for Ask Toolbar

[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Scheduled Update for Ask Toolbar

[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{924D5715-4E7A-421A-AE08-748465BFCE81}

[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{924D5715-4E7A-421A-AE08-748465BFCE81}
 

***** [ Shortcuts ] *****
 
 

***** [ Registry ] *****
 

Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_anydvd-hd_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_anydvd-hd_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_dvd43_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_dvd43_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_magic-dvd-copier_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_magic-dvd-copier_RASMANCS

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}

Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd

Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1}

Key Deleted : HKCU\Software\APN

Key Deleted : HKCU\Software\Ask.com

Key Deleted : HKCU\Software\Conduit

Key Deleted : HKCU\Software\Softonic

Key Deleted : HKCU\Software\YahooPartnerToolbar

Key Deleted : HKCU\Software\AppDataLow\AskToolbarInfo

Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar

Key Deleted : HKCU\Software\AppDataLow\Software\Conduit

Key Deleted : HKLM\Software\APN

Key Deleted : HKLM\Software\AskToolbar

Key Deleted : HKLM\Software\Conduit

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
 

***** [ Browsers ] *****
 

-\\ Internet Explorer v9.0.8112.16476
 

[OK] No bad entry found.
 

-\\ Mozilla Firefox v21.0 (de)
 

Folder Deleted : C:\Users\Raphaela\AppData\Roaming\Mozilla\Firefox\Profiles\2g6fq912.default\Extensions\engine@conduit.com

Folder Deleted : C:\Users\Raphaela\AppData\Roaming\Mozilla\Firefox\Profiles\2g6fq912.default\Extensions\toolbar@ask.com

Folder Deleted : C:\Users\Raphaela\AppData\Roaming\Mozilla\Firefox\Profiles\2g6fq912.default\Extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}

Folder Deleted : C:\Users\Raphaela\AppData\Roaming\Mozilla\Firefox\Profiles\2g6fq912.default\Extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}

File Deleted : C:\Users\Raphaela\AppData\Roaming\Mozilla\Firefox\Profiles\2g6fq912.default\searchplugins\Conduit.xml
 

[ File : C:\Users\Raphaela\AppData\Roaming\Mozilla\Firefox\Profiles\2g6fq912.default\prefs.js ]
 

Line Deleted : user_pref("CT2269050.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");

Line Deleted : user_pref("CT2269050.CTID", "CT2269050");

Line Deleted : user_pref("CT2269050.CurrentServerDate", "28-8-2010");

Line Deleted : user_pref("CT2269050.DialogsAlignMode", "LTR");

Line Deleted : user_pref("CT2269050.DownloadReferralCookieData", "");

Line Deleted : user_pref("CT2269050.EMailNotifierPollDate", "Sat Aug 28 2010 18:18:46 GMT+0200");

Line Deleted : user_pref("CT2269050.FirstServerDate", "24-4-2010");

Line Deleted : user_pref("CT2269050.FirstTime", true);

Line Deleted : user_pref("CT2269050.FirstTimeFF3", true);

Line Deleted : user_pref("CT2269050.FirstTimeSettingsDone", true);

Line Deleted : user_pref("CT2269050.FixPageNotFoundErrors", true);

Line Deleted : user_pref("CT2269050.GroupingServerCheckInterval", 1440);

Line Deleted : user_pref("CT2269050.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");

Line Deleted : user_pref("CT2269050.Initialize", true);

Line Deleted : user_pref("CT2269050.InitializeCommonPrefs", true);

Line Deleted : user_pref("CT2269050.InstallationAndCookieDataSentCount", 3);

Line Deleted : user_pref("CT2269050.InstalledDate", "Sat Apr 24 2010 22:25:23 GMT+0200");

Line Deleted : user_pref("CT2269050.InvalidateCache", false);

Line Deleted : user_pref("CT2269050.IsGrouping", false);

Line Deleted : user_pref("CT2269050.IsMulticommunity", false);

Line Deleted : user_pref("CT2269050.IsOpenThankYouPage", false);

Line Deleted : user_pref("CT2269050.IsOpenUninstallPage", false);

Line Deleted : user_pref("CT2269050.LanguagePackLastCheckTime", "Sat Aug 28 2010 13:36:26 GMT+0200");

Line Deleted : user_pref("CT2269050.LanguagePackReloadIntervalMM", 1440);

Line Deleted : user_pref("CT2269050.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]

Line Deleted : user_pref("CT2269050.LastLogin_2.5.8.6", "Sat Apr 24 2010 22:25:23 GMT+0200");

Line Deleted : user_pref("CT2269050.LastLogin_2.7.2.0", "Sat Aug 28 2010 18:08:46 GMT+0200");

Line Deleted : user_pref("CT2269050.LatestVersion", "2.7.2.0");

Line Deleted : user_pref("CT2269050.Locale", "en");

Line Deleted : user_pref("CT2269050.LoginCache", 4);

Line Deleted : user_pref("CT2269050.MCDetectTooltipHeight", "83");

Line Deleted : user_pref("CT2269050.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");

Line Deleted : user_pref("CT2269050.MCDetectTooltipWidth", "295");

Line Deleted : user_pref("CT2269050.RadioIsPodcast", false);

Line Deleted : user_pref("CT2269050.RadioLastCheckTime", "Sat Aug 28 2010 13:36:26 GMT+0200");

Line Deleted : user_pref("CT2269050.RadioLastUpdateIPServer", "3");

Line Deleted : user_pref("CT2269050.RadioLastUpdateServer", "129132338014870000");

Line Deleted : user_pref("CT2269050.RadioMediaID", "12473383");

Line Deleted : user_pref("CT2269050.RadioMediaType", "Media Player");

Line Deleted : user_pref("CT2269050.RadioMenuSelectedID", "EBRadioMenu_CT226905012473383");

Line Deleted : user_pref("CT2269050.RadioStationName", "Hotmix%20108");

Line Deleted : user_pref("CT2269050.RadioStationURL", "hxxp://67.202.67.18:8082");

Line Deleted : user_pref("CT2269050.SHRINK_TOOLBAR", 1);

Line Deleted : user_pref("CT2269050.SavedHomepage", "resource:/browserconfig.properties");

Line Deleted : user_pref("CT2269050.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER[...]

Line Deleted : user_pref("CT2269050.SearchFromAddressBarIsInit", true);

Line Deleted : user_pref("CT2269050.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT226[...]

Line Deleted : user_pref("CT2269050.SearchInNewTabEnabled", true);

Line Deleted : user_pref("CT2269050.SearchInNewTabIntervalMM", 1440);

Line Deleted : user_pref("CT2269050.SearchInNewTabLastCheckTime", "Sat Aug 28 2010 13:36:26 GMT+0200");

Line Deleted : user_pref("CT2269050.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]

Line Deleted : user_pref("CT2269050.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]

Line Deleted : user_pref("CT2269050.SettingsCheckIntervalMin", 120);

Line Deleted : user_pref("CT2269050.SettingsLastCheckTime", "Sat Aug 28 2010 18:08:46 GMT+0200");

Line Deleted : user_pref("CT2269050.SettingsLastUpdate", "1282841510");

Line Deleted : user_pref("CT2269050.ThirdPartyComponentsInterval", 504);

Line Deleted : user_pref("CT2269050.ThirdPartyComponentsLastCheck", "Fri Aug 27 2010 10:08:24 GMT+0200");

Line Deleted : user_pref("CT2269050.ThirdPartyComponentsLastUpdate", "1271669372");

Line Deleted : user_pref("CT2269050.TrusteLinkUrl", "hxxp://www.truste.org/pvr.php?page=validate&softwareProgramId=[...]

Line Deleted : user_pref("CT2269050.UserID", "UN33620912327891178");

Line Deleted : user_pref("CT2269050.WeatherNetwork", "");

Line Deleted : user_pref("CT2269050.WeatherPollDate", "Sat Aug 28 2010 18:08:47 GMT+0200");

Line Deleted : user_pref("CT2269050.WeatherUnit", "C");

Line Deleted : user_pref("CT2269050.alertChannelId", "666138");

Line Deleted : user_pref("CT2269050.backendstorage.hxxp://cmg1_conduit-widgets_com/pitsi.state", "4F50454E");

Line Deleted : user_pref("CT2269050.clientLogIsEnabled", true);

Line Deleted : user_pref("CT2269050.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asm[...]

Line Deleted : user_pref("CT2269050.myStuffEnabled", true);

Line Deleted : user_pref("CT2269050.myStuffPublihserMinWidth", 400);

Line Deleted : user_pref("CT2269050.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]

Line Deleted : user_pref("CT2269050.myStuffServiceIntervalMM", 1440);

Line Deleted : user_pref("CT2269050.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]

Line Deleted : user_pref("CT2269050.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Reg[...]

Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/AT", "\"0\"")[...]

Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]

Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.3[...]

Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "63[...]

Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=3/13/20[...]

Line Deleted : user_pref("CommunityToolbar.EngineOwner", "ConduitEngine");

Line Deleted : user_pref("CommunityToolbar.EngineOwnerGuid", "engine@conduit.com");

Line Deleted : user_pref("CommunityToolbar.EngineOwnerToolbarId", "conduitengine");

Line Deleted : user_pref("CommunityToolbar.IsEngineShown", true);

Line Deleted : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);

Line Deleted : user_pref("CommunityToolbar.OriginalEngineOwner", "ConduitEngine");

Line Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "engine@conduit.com");

Line Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "conduitengine");

Line Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.pr[...]

Line Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT2269050,ConduitEngine");

Line Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT2269050");

Line Deleted : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Thu Mar 24 2011 12:44:36 GMT+01[...]

Line Deleted : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);

Line Deleted : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Fri Jun 17 2011 10:01:02 GMT+0200");

Line Deleted : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");

Line Deleted : user_pref("CommunityToolbar.alert.locale", "en");

Line Deleted : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);

Line Deleted : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Wed Jun 22 2011 19:12:08 GMT+0200");

Line Deleted : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1305622559");

Line Deleted : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);

Line Deleted : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");

Line Deleted : user_pref("CommunityToolbar.alert.showTrayIcon", false);

Line Deleted : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);

Line Deleted : user_pref("CommunityToolbar.alert.userId", "eba7a343-6d5f-4bac-8836-056ff6d3eb6f");

Line Deleted : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Sat Aug 28 2010 13:36:26 GMT+0200");

Line Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);

Line Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);

Line Deleted : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2269050");

Line Deleted : user_pref("ConduitEngine.AppTrackingLastCheckTime", "Fri Mar 25 2011 16:42:32 GMT+0100");

Line Deleted : user_pref("ConduitEngine.CTID", "ConduitEngine");

Line Deleted : user_pref("ConduitEngine.DialogsGetterLastCheckTime", "Wed Jun 22 2011 19:12:12 GMT+0200");

Line Deleted : user_pref("ConduitEngine.FirstServerDate", "03/24/2011 14");

Line Deleted : user_pref("ConduitEngine.FirstTime", true);

Line Deleted : user_pref("ConduitEngine.FirstTimeFF3", true);

Line Deleted : user_pref("ConduitEngine.HasUserGlobalKeys", true);

Line Deleted : user_pref("ConduitEngine.Initialize", true);

Line Deleted : user_pref("ConduitEngine.InitializeCommonPrefs", true);

Line Deleted : user_pref("ConduitEngine.InstalledDate", "Thu Mar 24 2011 12:44:37 GMT+0100");

Line Deleted : user_pref("ConduitEngine.IsMulticommunity", false);

Line Deleted : user_pref("ConduitEngine.IsOpenThankYouPage", false);

Line Deleted : user_pref("ConduitEngine.IsOpenUninstallPage", true);

Line Deleted : user_pref("ConduitEngine.LanguagePackLastCheckTime", "Wed Jun 22 2011 19:12:13 GMT+0200");

Line Deleted : user_pref("ConduitEngine.LastLogin_3.3.3.2", "Wed Jun 22 2011 19:12:10 GMT+0200");

Line Deleted : user_pref("ConduitEngine.SearchFromAddressBarIsInit", true);

Line Deleted : user_pref("ConduitEngine.SettingsLastCheckTime", "Wed Jun 22 2011 19:12:13 GMT+0200");

Line Deleted : user_pref("ConduitEngine.UserID", "UN32982982469794017");

Line Deleted : user_pref("ConduitEngine.componentAlertEnabled", false);

Line Deleted : user_pref("ConduitEngine.engineLocale", "de");

Line Deleted : user_pref("ConduitEngine.enngineContextMenuLastCheckTime", "Wed Jun 22 2011 19:12:12 GMT+0200");

Line Deleted : user_pref("ConduitEngine.globalFirstTimeInfoLastCheckTime", "Wed Jun 22 2011 19:12:13 GMT+0200");

Line Deleted : user_pref("ConduitEngine.initDone", true);

Line Deleted : user_pref("ConduitEngine.isAppTrackingManagerOn", true);

Line Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&Sea[...]

Line Deleted : user_pref("extensions.asktb.InstallDir", "C:\\Program Files\\Ask.com\\");

Line Deleted : user_pref("extensions.asktb.abar-war-timeout", "4000");

Line Deleted : user_pref("extensions.asktb.autofill-competitor-query-enabled", true);

Line Deleted : user_pref("extensions.asktb.autofill-text-highlight-enabled", true);

Line Deleted : user_pref("extensions.asktb.cbid", "RN");

Line Deleted : user_pref("extensions.asktb.config-updated", true);

Line Deleted : user_pref("extensions.asktb.default-channel-url-mask", "hxxp://www.ask.com/web?q={query}&o={o}&l={l}[...]

Line Deleted : user_pref("extensions.asktb.displaybehavior", "");

Line Deleted : user_pref("extensions.asktb.displaytext", "");

Line Deleted : user_pref("extensions.asktb.dyn-weather-do-locid-lookup-weatherWidget", true);

Line Deleted : user_pref("extensions.asktb.first-launch-url", "hxxp://www.amazon.de/gp/r.html?R=NNDH69S4Y3B4&C=W12K[...]

Line Deleted : user_pref("extensions.asktb.first-restart-after-config-update", true);

Line Deleted : user_pref("extensions.asktb.fresh-install", false);

Line Deleted : user_pref("extensions.asktb.guid", "E5AA0735-E5CB-4EBE-B35D-05476DAD1F78");

Line Deleted : user_pref("extensions.asktb.hxxp-header-whitelist-uri", "hxxp://sp.ask.com/toolbar/config/main/asktb[...]

Line Deleted : user_pref("extensions.asktb.if", "su");

Line Deleted : user_pref("extensions.asktb.l", "dis");

Line Deleted : user_pref("extensions.asktb.last-config-req", "1323390506007");

Line Deleted : user_pref("extensions.asktb.last-v", "3.12.2.100006");

Line Deleted : user_pref("extensions.asktb.locale", "de_US");

Line Deleted : user_pref("extensions.asktb.lstation", "");

Line Deleted : user_pref("extensions.asktb.o", "15132");

Line Deleted : user_pref("extensions.asktb.options-lang", "de");

Line Deleted : user_pref("extensions.asktb.options-locale", "US");

Line Deleted : user_pref("extensions.asktb.overlay-reloaded-using-restart", true);

Line Deleted : user_pref("extensions.asktb.pstate", "");

Line Deleted : user_pref("extensions.asktb.qsrc", "2871");

Line Deleted : user_pref("extensions.asktb.r", "4");

Line Deleted : user_pref("extensions.asktb.sa", "NO");

Line Deleted : user_pref("extensions.asktb.search-suggestions-enabled", true);

Line Deleted : user_pref("extensions.asktb.silent-upgrade", true);

Line Deleted : user_pref("extensions.asktb.silent-upgrade-from-pre-newtabs-build", true);

Line Deleted : user_pref("extensions.asktb.socialmini-first", true);

Line Deleted : user_pref("extensions.asktb.socialmini-interval", "1200000");

Line Deleted : user_pref("extensions.asktb.socialmini-max-char-ticker", "33");

Line Deleted : user_pref("extensions.asktb.socialmini-max-items", "30");

Line Deleted : user_pref("extensions.asktb.socialmini-native-on", true);

Line Deleted : user_pref("extensions.asktb.socialmini-speed", "5000");

Line Deleted : user_pref("extensions.asktb.socialmini-transition-first-open", false);

Line Deleted : user_pref("extensions.asktb.themeid", "");

Line Deleted : user_pref("extensions.asktb.timeinstalled", "03.10.2011 19:01:59");

Line Deleted : user_pref("extensions.asktb.v", "3.13.1.100008");

Line Deleted : user_pref("extensions.asktb.version", "5.13.1.18107");

Line Deleted : user_pref("extensions.asktb.volume", "");

Line Deleted : user_pref("extensions.enabledItems", "toolbar@ask.com:3.11.3.15590,{e9911ec6-1bcc-40b0-9993-e0eea7f6[...]

Line Deleted : user_pref("extensions.installCache", "[{\"name\":\"winreg-app-global\",\"addons\":{\"{23fcfd51-4958-[...]

Line Deleted : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&q=");
 

-\\ Google Chrome v
 
 

[ File : C:\Users\Raphaela\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 

[OK] No bad entry found.
 

*************************
 

AdwCleaner[0].txt - [20449 octets] - [13/08/2013 23:39:37]
 

########## EOF - C:\AdwCleaner\AdwCleaner[0].txt - [20509 octets] ##########

--- --- ---JRT Logfile:

Code:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 5.4.4 (08.12.2013:1)

OS: Windows 7 Home Premium x86

Ran by Raphaela on 13.08.2013 at 23:48:38,86

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 

~~~ Services
 
 
 

~~~ Registry Values
 
 
 

~~~ Registry Keys
 

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\features\a28b4d68debaa244eb686953b7074fef

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\products\a28b4d68debaa244eb686953b7074fef

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT2269050
 
 
 

~~~ Files
 
 
 

~~~ Folders
 
 
 

~~~ FireFox
 

Emptied folder: C:\Users\Raphaela\AppData\Roaming\mozilla\firefox\profiles\2g6fq912.default\minidumps [21 files]
 
 
 

~~~ Event Viewer Logs were cleared
 
 
 
 
 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on 13.08.2013 at 23:50:10,95

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

--- --- ---

FRST Logfile:

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-08-2013

Ran by Raphaela (administrator) on 13-08-2013 23:52:59

Running from C:\Users\Raphaela\Downloads

Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: German Standard

Internet Explorer Version 9

Boot Mode: Normal
 

==================== Processes (Whitelisted) ===================
 

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe

(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe

(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(Steganos Software GmbH) C:\Program Files\OkayFreedom\VPNService.exe

(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

(Microsoft Corporation) C:\Windows\system32\wuauclt.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

(Google Inc.) C:\Users\Raphaela\AppData\Local\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Users\Raphaela\AppData\Local\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Users\Raphaela\AppData\Local\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Users\Raphaela\AppData\Local\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Users\Raphaela\AppData\Local\Google\Chrome\Application\chrome.exe
 

==================== Registry (Whitelisted) ==================
 

HKLM\...\Run: [NeroFilterCheck] - C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [155648 2006-01-12] (Nero AG)

HKLM\...\Run: [AppleSyncNotifier] - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-11-02] (Apple Inc.)

HKLM\...\Run: [] -  [x]

HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)

HKLM\...\Run: [DivXUpdate] - C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1259376 2011-07-29] ()

HKLM\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [41208 2012-12-19] (Adobe Systems Incorporated)

HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [946352 2012-12-03] (Adobe Systems Incorporated)

HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254696 2012-01-18] (Sun Microsystems, Inc.)

HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [421776 2012-06-07] (Apple Inc.)

HKLM\...\Run: [TkBellExe] - c:\program files\real\realplayer\Update\realsched.exe [296096 2012-10-05] (RealNetworks, Inc.)

HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [345144 2013-06-25] (Avira Operations GmbH & Co. KG)

HKLM\...\Run: [HP Software Update] - C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)

HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)

HKCU\...\Run: [MobileDocuments] - C:\Program Files\Common Files\Apple\Internet Services\ubd.exe [59240 2012-02-23] (Apple Inc.)

HKCU\...\Run: [OKAYFREEDOM_Agent] - C:\Program Files\OkayFreedom\OkayFreedomClient.exe [4458712 2013-05-02] (Steganos Software GmbH)

HKCU\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\system32\Macromed\Flash\FlashUtil32_11_7_700_224_ActiveX.exe -update activex [814472 2013-06-13] (Adobe Systems Incorporated)

Startup: C:\Users\Raphaela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

ShortcutTarget: Dropbox.lnk -> C:\Users\Raphaela\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

Startup: C:\Users\Raphaela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Photosmart 5520 series.lnk

ShortcutTarget: Tintenwarnungen überwachen - HP Photosmart 5520 series.lnk -> C:\Program Files\HP\HP Photosmart 5520 series\bin\HPStatusBL.dll (Hewlett-Packard Co.)
 

==================== Internet (Whitelisted) ====================
 

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN AT: Hotmail, Outlook, Messenger, Skype, Unterhaltung, Nachrichten & Lifestyle

SearchScopes: HKLM - DefaultScope value is missing.

SearchScopes: HKCU - DefaultScope {ACA5F5BD-231B-4BBC-977C-F0B9805361AE} URL = hxxp://www.google.de/search?q={searchTerms}

SearchScopes: HKCU - {ACA5F5BD-231B-4BBC-977C-F0B9805361AE} URL = hxxp://www.google.de/search?q={searchTerms}

BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)

BHO: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)

BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

Handler: msdaipp - No CLSID Value - 

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)

Winsock: Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 

FireFox:

========

FF ProfilePath: C:\Users\Raphaela\AppData\Roaming\Mozilla\Firefox\Profiles\2g6fq912.default

FF Homepage: hxxp://www.imdb.com/

FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()

FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)

FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)

FF Plugin: @java.com/DTPlugin,version=1.6.0_33 - C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)

FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)

FF Plugin: @microsoft.com/GENUINE - disabled No File

FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

FF Plugin: @nvidia.com/3DVision - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

FF Plugin: @nvidia.com/3DVisionStreaming - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF Plugin: @real.com/nppl3260;version=15.0.6.14 - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)

FF Plugin: @real.com/nprjplug;version=15.0.6.14 - c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)

FF Plugin: @real.com/nprpchromebrowserrecordext;version=15.0.6.14 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)

FF Plugin: @real.com/nprphtml5videoshim;version=15.0.6.14 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)

FF Plugin: @real.com/nprpplugin;version=15.0.6.14 - c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)

FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Extension: No Name - C:\Users\Raphaela\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}

FF Extension: No Name - C:\Users\Raphaela\AppData\Roaming\Mozilla\Firefox\Profiles\2g6fq912.default\Extensions\{DB981CCA-088E-4731-A4A2-2FE218703C0E}.xpi

FF Extension: Skype extension for Firefox - C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}

FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}

FF Extension: Default - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5

FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5

FF HKLM\...\Firefox\Extensions: [{0153E448-190B-4987-BDE1-F256CADA672F}] C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext

FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
 

Chrome: 

=======

CHR HomePage: hxxp://www.google.com/

CHR DefaultSearchURL: (Google) - {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}

CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}

CHR Plugin: (Shockwave Flash) - C:\Users\Raphaela\AppData\Local\Google\Chrome\Application\15.0.874.121\gcswf32.dll ()

CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll No File

CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll No File

CHR Plugin: (Java(TM) Platform SE 6 U33) - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)

CHR Plugin: (Java Deployment Toolkit 6.0.330.5) - C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)

CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)

CHR Plugin: (Shockwave for Director) - C:\Program Files\Mozilla Firefox\plugins\np32dsw.dll (Macromedia, Inc.)

CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll (RealNetworks, Inc.)

CHR Plugin: (RealPlayer Download Plugin) - C:\Program Files\Mozilla Firefox\plugins\nprpplugin.dll (RealPlayer)

CHR Plugin: (RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)

CHR Plugin: (Microsoft Office 2003) - C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)

CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

CHR Plugin: (Remoting Viewer) - internal-remoting-viewer

CHR Plugin: (Native Client) - C:\Users\Raphaela\AppData\Local\Google\Chrome\Application\15.0.874.121\ppGoogleNaClPluginChrome.dll ()

CHR Plugin: (Chrome PDF Viewer) - C:\Users\Raphaela\AppData\Local\Google\Chrome\Application\15.0.874.121\pdf.dll ()

CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll (RealNetworks, Inc.)

CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)

CHR Plugin: (DivX Plus Web Player) - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)

CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

CHR Plugin: (RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)

CHR Plugin: (Default Plug-in) - default_plugin No File

CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Users\Raphaela\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0

CHR Extension: (DivX Plus Web Player HTML5 \u003Cvideo\u003E) - C:\Users\Raphaela\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0

CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx

CHR HKLM\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx
 

========================== Services (Whitelisted) =================
 

R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [84024 2013-06-25] (Avira Operations GmbH & Co. KG)

R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [108088 2013-06-25] (Avira Operations GmbH & Co. KG)

R2 OkayFreedom VPN Starter Service; C:\Program Files\OkayFreedom\VPNService.exe [303344 2013-05-02] (Steganos Software GmbH)
 

==================== Drivers (Whitelisted) ====================
 

S2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [278728 2010-05-18] ()

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [84744 2013-02-27] (Avira Operations GmbH & Co. KG)

R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135136 2013-02-27] (Avira Operations GmbH & Co. KG)

R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-03-06] (Avira Operations GmbH & Co. KG)

R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [25416 2010-05-18] ()

R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2012-08-27] (Avira GmbH)

R3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [31360 2013-02-08] (The OpenVPN Project)
 

==================== NetSvcs (Whitelisted) ===================
 
 

==================== One Month Created Files and Folders ========
 

2013-08-13 23:48 - 2013-08-13 23:48 - 00000000 ____D C:\Windows\ERUNT

2013-08-13 23:47 - 2013-08-13 23:47 - 01158722 _____ (Thisisu) C:\Users\Raphaela\Downloads\JRT.exe

2013-08-13 23:39 - 2013-08-13 23:43 - 00000000 ____D C:\AdwCleaner

2013-08-13 23:39 - 2013-08-13 23:39 - 00800594 _____ C:\Users\Raphaela\Downloads\adwcleaner.exe

2013-08-13 23:20 - 2013-08-13 23:20 - 00001031 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2013-08-13 23:20 - 2013-08-13 23:20 - 00000000 ____D C:\Users\Raphaela\AppData\Roaming\Malwarebytes

2013-08-13 23:20 - 2013-08-13 23:20 - 00000000 ____D C:\ProgramData\Malwarebytes

2013-08-13 23:20 - 2013-08-13 23:20 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware

2013-08-13 23:20 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2013-08-13 23:19 - 2013-08-13 23:19 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Raphaela\Downloads\mbam-setup-1.75.0.1300.exe

2013-08-13 16:59 - 2013-08-13 16:59 - 00013439 _____ C:\Users\Raphaela\Downloads\Addition.txt

2013-08-13 16:58 - 2013-08-13 16:58 - 00000000 ____D C:\FRST

2013-08-13 16:57 - 2013-08-13 16:57 - 01068525 _____ (Farbar) C:\Users\Raphaela\Downloads\FRST.exe

2013-08-13 16:44 - 2013-08-13 16:44 - 00022222 _____ C:\Users\Raphaela\Documents\Ereignisse.txt

2013-08-13 15:52 - 2013-08-13 15:52 - 03111104 _____ (Hewlett-Packard                                              ) C:\Users\Raphaela\Downloads\hpusetup.exe

2013-08-13 15:51 - 2013-08-13 15:51 - 00000327 _____ C:\Users\Raphaela\Desktop\HP PS 5520 Firmware VR3 *Update.url

2013-08-13 15:51 - 2013-08-13 15:51 - 00000000 ____D C:\Windows\Hewlett-Packard
 

==================== One Month Modified Files and Folders =======
 

2013-08-13 23:50 - 2013-08-13 23:50 - 00001239 _____ C:\Users\Raphaela\Desktop\JRT.txt

2013-08-13 23:48 - 2013-08-13 23:48 - 00000000 ____D C:\Windows\ERUNT

2013-08-13 23:47 - 2013-08-13 23:47 - 01158722 _____ (Thisisu) C:\Users\Raphaela\Downloads\JRT.exe

2013-08-13 23:43 - 2013-08-13 23:39 - 00000000 ____D C:\AdwCleaner

2013-08-13 23:43 - 2009-07-14 06:34 - 00013440 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2013-08-13 23:43 - 2009-07-14 06:34 - 00013440 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2013-08-13 23:39 - 2013-08-13 23:39 - 00800594 _____ C:\Users\Raphaela\Downloads\adwcleaner.exe

2013-08-13 23:37 - 2011-07-04 23:41 - 00000000 ___RD C:\Users\Raphaela\Dropbox

2013-08-13 23:37 - 2011-07-04 23:39 - 00000000 ____D C:\Users\Raphaela\AppData\Roaming\Dropbox

2013-08-13 23:36 - 2011-03-24 13:16 - 00031495 _____ C:\Windows\setupact.log

2013-08-13 23:36 - 2011-03-24 13:15 - 00053228 _____ C:\Windows\PFRO.log

2013-08-13 23:36 - 2010-04-19 01:21 - 00000000 ____D C:\ProgramData\NVIDIA

2013-08-13 23:36 - 2010-03-21 03:30 - 00000000 _____ C:\Windows\system32\Drivers\lvuvc.hs

2013-08-13 23:36 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT

2013-08-13 23:36 - 2009-07-14 04:37 - 00000000 __RSD C:\Windows\Media

2013-08-13 23:35 - 2010-03-21 03:10 - 01282279 _____ C:\Windows\WindowsUpdate.log

2013-08-13 23:21 - 2012-03-29 18:04 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job

2013-08-13 23:20 - 2013-08-13 23:20 - 00001031 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2013-08-13 23:20 - 2013-08-13 23:20 - 00000000 ____D C:\Users\Raphaela\AppData\Roaming\Malwarebytes

2013-08-13 23:20 - 2013-08-13 23:20 - 00000000 ____D C:\ProgramData\Malwarebytes

2013-08-13 23:20 - 2013-08-13 23:20 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware

2013-08-13 23:19 - 2013-08-13 23:19 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Raphaela\Downloads\mbam-setup-1.75.0.1300.exe

2013-08-13 16:59 - 2013-08-13 16:59 - 00013439 _____ C:\Users\Raphaela\Downloads\Addition.txt

2013-08-13 16:58 - 2013-08-13 16:58 - 00000000 ____D C:\FRST

2013-08-13 16:57 - 2013-08-13 16:57 - 01068525 _____ (Farbar) C:\Users\Raphaela\Downloads\FRST.exe

2013-08-13 16:44 - 2013-08-13 16:44 - 00022222 _____ C:\Users\Raphaela\Documents\Ereignisse.txt

2013-08-13 15:54 - 2013-06-02 10:57 - 00000000 ____D C:\Users\Raphaela\AppData\Roaming\HpUpdate

2013-08-13 15:52 - 2013-08-13 15:52 - 03111104 _____ (Hewlett-Packard                                              ) C:\Users\Raphaela\Downloads\hpusetup.exe

2013-08-13 15:51 - 2013-08-13 15:51 - 00000327 _____ C:\Users\Raphaela\Desktop\HP PS 5520 Firmware VR3 *Update.url

2013-08-13 15:51 - 2013-08-13 15:51 - 00000000 ____D C:\Windows\Hewlett-Packard

2013-07-27 23:51 - 2013-04-21 15:15 - 00000000 ____D C:\Users\Raphaela\Documents\kulTOUR mit Holender

2013-07-27 23:19 - 2012-01-16 19:59 - 00000000 ____D C:\Users\Raphaela\AppData\Roaming\vlc

2013-07-27 23:16 - 2012-01-20 03:24 - 00001775 _____ C:\Users\Public\Desktop\QuickTime Player.lnk

2013-07-27 23:16 - 2012-01-20 03:23 - 00000000 ____D C:\Program Files\QuickTime

2013-07-27 23:10 - 2010-03-22 01:04 - 00000000 ____D C:\Users\Raphaela\AppData\Local\Apple Computer

2013-07-14 09:25 - 2010-03-21 03:21 - 01498742 _____ C:\Windows\system32\PerfStringBackup.INI
 

==================== Bamital & volsnap Check =================
 

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 

LastRegBack: 2013-07-25 17:35
 

==================== End Of Log ============================

--- --- ---

--- --- ---

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=1ec9e337cdfe614cba1e9ced7e7e8f73
# engine=14911
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-08-27 10:01:38
# local_time=2013-08-27 12:01:38 (+0100, Mitteleuropäische Sommerzeit)
# country="Austria"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 97 47990 243020988 40736 0
# compatibility_mode=5893 16776574 100 94 48477 129228889 0 0
# scanned=292232
# found=0
# cleaned=0
# scan_time=46136

Results of screen317's Security Check version 0.99.72
Windows 7 Service Pack 1 x86 (UAC is enabled)
Internet Explorer 10
``````````````Antivirus/Firewall Check:``````````````
Avira Desktop
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware Version 1.75.0.1300
CCleaner
Java(TM) 6 Update 33
Java version out of Date!
Adobe Flash Player 11.8.800.94
Adobe Reader 9 Adobe Reader out of Date!
Mozilla Firefox 21.0 Firefox out of Date!
Google Chrome 15.0.874.121
````````Process Check: objlist.exe by Laurent````````
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````

FRST Logfile:

FRST Logfile:

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-08-2013 (ATTENTION: ====> FRST version is 14 days old and could be outdated)

Ran by Raphaela (administrator) on 27-08-2013 12:32:32

Running from C:\Users\Raphaela\Downloads

Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: German Standard

Internet Explorer Version 10

Boot Mode: Normal
 

==================== Processes (Whitelisted) ===================
 

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(Steganos Software GmbH) C:\Program Files\OkayFreedom\VPNService.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

() C:\Program Files\DivX\DivX Update\DivXUpdate.exe

(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe

(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe

(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\Update\realsched.exe

(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe

(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\ubd.exe

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe

(Steganos Software GmbH) C:\Program Files\OkayFreedom\OkayFreedomClient.exe

(Dropbox, Inc.) C:\Users\Raphaela\AppData\Roaming\Dropbox\bin\Dropbox.exe

(Apple Inc.) C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe

(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe

(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

(Google Inc.) C:\Users\Raphaela\AppData\Local\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Users\Raphaela\AppData\Local\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Users\Raphaela\AppData\Local\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Users\Raphaela\AppData\Local\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Users\Raphaela\AppData\Local\Google\Chrome\Application\chrome.exe
 

==================== Registry (Whitelisted) ==================
 

HKLM\...\Run: [NeroFilterCheck] - C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [155648 2006-01-12] (Nero AG)

HKLM\...\Run: [AppleSyncNotifier] - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-11-02] (Apple Inc.)

HKLM\...\Run: [] -  [x]

HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)

HKLM\...\Run: [DivXUpdate] - C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1259376 2011-07-29] ()

HKLM\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [41208 2012-12-19] (Adobe Systems Incorporated)

HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [946352 2012-12-03] (Adobe Systems Incorporated)

HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254696 2012-01-18] (Sun Microsystems, Inc.)

HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [421776 2012-06-07] (Apple Inc.)

HKLM\...\Run: [TkBellExe] - c:\program files\real\realplayer\Update\realsched.exe [296096 2012-10-05] (RealNetworks, Inc.)

HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [345144 2013-06-25] (Avira Operations GmbH & Co. KG)

HKLM\...\Run: [HP Software Update] - C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)

HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)

HKCU\...\Run: [MobileDocuments] - C:\Program Files\Common Files\Apple\Internet Services\ubd.exe [59240 2012-02-23] (Apple Inc.)

HKCU\...\Run: [OKAYFREEDOM_Agent] - C:\Program Files\OkayFreedom\OkayFreedomClient.exe [4458712 2013-05-02] (Steganos Software GmbH)

Startup: C:\Users\Raphaela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

ShortcutTarget: Dropbox.lnk -> C:\Users\Raphaela\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

Startup: C:\Users\Raphaela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Photosmart 5520 series.lnk

ShortcutTarget: Tintenwarnungen überwachen - HP Photosmart 5520 series.lnk -> C:\Program Files\HP\HP Photosmart 5520 series\bin\HPStatusBL.dll (Hewlett-Packard Co.)
 

==================== Internet (Whitelisted) ====================
 

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN AT: Hotmail, Outlook, Messenger, Skype, Unterhaltung, Nachrichten & Lifestyle

SearchScopes: HKLM - DefaultScope value is missing.

SearchScopes: HKCU - DefaultScope {ACA5F5BD-231B-4BBC-977C-F0B9805361AE} URL = hxxp://www.google.de/search?q={searchTerms}

SearchScopes: HKCU - {ACA5F5BD-231B-4BBC-977C-F0B9805361AE} URL = hxxp://www.google.de/search?q={searchTerms}

BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)

BHO: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)

BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

Handler: msdaipp - No CLSID Value - 

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)

Winsock: Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 

FireFox:

========

FF ProfilePath: C:\Users\Raphaela\AppData\Roaming\Mozilla\Firefox\Profiles\2g6fq912.default

FF Homepage: hxxp://www.imdb.com/

FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll ()

FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)

FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)

FF Plugin: @java.com/DTPlugin,version=1.6.0_33 - C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)

FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)

FF Plugin: @microsoft.com/GENUINE - disabled No File

FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

FF Plugin: @nvidia.com/3DVision - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

FF Plugin: @nvidia.com/3DVisionStreaming - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF Plugin: @real.com/nppl3260;version=15.0.6.14 - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)

FF Plugin: @real.com/nprjplug;version=15.0.6.14 - c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)

FF Plugin: @real.com/nprpchromebrowserrecordext;version=15.0.6.14 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)

FF Plugin: @real.com/nprphtml5videoshim;version=15.0.6.14 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)

FF Plugin: @real.com/nprpplugin;version=15.0.6.14 - c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)

FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Extension: No Name - C:\Users\Raphaela\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}

FF Extension: No Name - C:\Users\Raphaela\AppData\Roaming\Mozilla\Firefox\Profiles\2g6fq912.default\Extensions\{DB981CCA-088E-4731-A4A2-2FE218703C0E}.xpi

FF Extension: Skype extension for Firefox - C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}

FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}

FF Extension: Default - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5

FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5

FF HKLM\...\Firefox\Extensions: [{0153E448-190B-4987-BDE1-F256CADA672F}] C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext

FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
 

Chrome: 

=======

CHR HomePage: hxxp://www.google.com/

CHR DefaultSearchURL: (Google) - {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}

CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}

CHR Plugin: (Shockwave Flash) - C:\Users\Raphaela\AppData\Local\Google\Chrome\Application\15.0.874.121\gcswf32.dll ()

CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll No File

CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll No File

CHR Plugin: (Java(TM) Platform SE 6 U33) - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)

CHR Plugin: (Java Deployment Toolkit 6.0.330.5) - C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)

CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)

CHR Plugin: (Shockwave for Director) - C:\Program Files\Mozilla Firefox\plugins\np32dsw.dll (Macromedia, Inc.)

CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll (RealNetworks, Inc.)

CHR Plugin: (RealPlayer Download Plugin) - C:\Program Files\Mozilla Firefox\plugins\nprpplugin.dll (RealPlayer)

CHR Plugin: (RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)

CHR Plugin: (Microsoft Office 2003) - C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)

CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

CHR Plugin: (Remoting Viewer) - internal-remoting-viewer

CHR Plugin: (Native Client) - C:\Users\Raphaela\AppData\Local\Google\Chrome\Application\15.0.874.121\ppGoogleNaClPluginChrome.dll ()

CHR Plugin: (Chrome PDF Viewer) - C:\Users\Raphaela\AppData\Local\Google\Chrome\Application\15.0.874.121\pdf.dll ()

CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll (RealNetworks, Inc.)

CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)

CHR Plugin: (DivX Plus Web Player) - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)

CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

CHR Plugin: (RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)

CHR Plugin: (Default Plug-in) - default_plugin No File

CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Users\Raphaela\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0

CHR Extension: (DivX Plus Web Player HTML5 \u003Cvideo\u003E) - C:\Users\Raphaela\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0

CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx

CHR HKLM\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx
 

========================== Services (Whitelisted) =================
 

R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [84024 2013-06-25] (Avira Operations GmbH & Co. KG)

R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [108088 2013-06-25] (Avira Operations GmbH & Co. KG)

R2 OkayFreedom VPN Starter Service; C:\Program Files\OkayFreedom\VPNService.exe [303344 2013-05-02] (Steganos Software GmbH)
 

==================== Drivers (Whitelisted) ====================
 

S2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [278728 2010-05-18] ()

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [84744 2013-02-27] (Avira Operations GmbH & Co. KG)

R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135136 2013-02-27] (Avira Operations GmbH & Co. KG)

R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-03-06] (Avira Operations GmbH & Co. KG)

R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [25416 2010-05-18] ()

R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2012-08-27] (Avira GmbH)

R3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [31360 2013-02-08] (The OpenVPN Project)
 

==================== NetSvcs (Whitelisted) ===================
 
 

==================== One Month Created Files and Folders ========
 

2013-08-26 23:11 - 2013-08-26 23:11 - 00000000 ____D C:\Program Files\ESET

2013-08-26 23:09 - 2013-08-26 23:09 - 02347384 _____ (ESET) C:\Users\Raphaela\Downloads\esetsmartinstaller_enu.exe

2013-08-19 00:52 - 2013-08-19 00:53 - 00000000 ____D C:\Windows\system32\MRT

2013-08-19 00:38 - 2013-08-19 00:38 - 14329344 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2013-08-19 00:38 - 2013-08-19 00:38 - 13761024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2013-08-19 00:38 - 2013-08-19 00:38 - 02877440 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2013-08-19 00:38 - 2013-08-19 00:38 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2013-08-19 00:38 - 2013-08-19 00:38 - 02048512 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2013-08-19 00:38 - 2013-08-19 00:38 - 01767936 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2013-08-19 00:38 - 2013-08-19 00:38 - 01441280 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2013-08-19 00:38 - 2013-08-19 00:38 - 01400416 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat

2013-08-19 00:38 - 2013-08-19 00:38 - 01141248 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2013-08-19 00:38 - 2013-08-19 00:38 - 00745472 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe

2013-08-19 00:38 - 2013-08-19 00:38 - 00719360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll

2013-08-19 00:38 - 2013-08-19 00:38 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll

2013-08-19 00:38 - 2013-08-19 00:38 - 00629248 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2013-08-19 00:38 - 2013-08-19 00:38 - 00523264 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2013-08-19 00:38 - 2013-08-19 00:38 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2013-08-19 00:38 - 2013-08-19 00:38 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2013-08-19 00:38 - 2013-08-19 00:38 - 00361984 _____ (Microsoft Corporation) C:\Windows\system32\html.iec

2013-08-19 00:38 - 2013-08-19 00:38 - 00357888 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2013-08-19 00:38 - 2013-08-19 00:38 - 00242200 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll

2013-08-19 00:38 - 2013-08-19 00:38 - 00232960 _____ (Microsoft Corporation) C:\Windows\system32\url.dll

2013-08-19 00:38 - 2013-08-19 00:38 - 00226816 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2013-08-19 00:38 - 2013-08-19 00:38 - 00204800 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll

2013-08-19 00:38 - 2013-08-19 00:38 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll

2013-08-19 00:38 - 2013-08-19 00:38 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2013-08-19 00:38 - 2013-08-19 00:38 - 00158720 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll

2013-08-19 00:38 - 2013-08-19 00:38 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe

2013-08-19 00:38 - 2013-08-19 00:38 - 00138752 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe

2013-08-19 00:38 - 2013-08-19 00:38 - 00137216 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2013-08-19 00:38 - 2013-08-19 00:38 - 00125440 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll

2013-08-19 00:38 - 2013-08-19 00:38 - 00117248 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll

2013-08-19 00:38 - 2013-08-19 00:38 - 00110592 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll

2013-08-19 00:38 - 2013-08-19 00:38 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll

2013-08-19 00:38 - 2013-08-19 00:38 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll

2013-08-19 00:38 - 2013-08-19 00:38 - 00079872 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2013-08-19 00:38 - 2013-08-19 00:38 - 00073728 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe

2013-08-19 00:38 - 2013-08-19 00:38 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe

2013-08-19 00:38 - 2013-08-19 00:38 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll

2013-08-19 00:38 - 2013-08-19 00:38 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx

2013-08-19 00:38 - 2013-08-19 00:38 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2013-08-19 00:38 - 2013-08-19 00:38 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll

2013-08-19 00:38 - 2013-08-19 00:38 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll

2013-08-19 00:38 - 2013-08-19 00:38 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2013-08-19 00:38 - 2013-08-19 00:38 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll

2013-08-19 00:38 - 2013-08-19 00:38 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2013-08-19 00:38 - 2013-08-19 00:38 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll

2013-08-19 00:38 - 2013-08-19 00:38 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2013-08-19 00:38 - 2013-08-19 00:38 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll

2013-08-19 00:38 - 2013-08-19 00:38 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe

2013-08-19 00:38 - 2013-08-19 00:38 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe

2013-08-19 00:37 - 2013-08-19 00:40 - 00010518 _____ C:\Windows\IE10_main.log

2013-08-19 00:37 - 2013-08-19 00:37 - 01505280 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll

2013-08-15 22:18 - 2013-08-15 22:18 - 00021504 _____ C:\Users\Raphaela\Downloads\Eigenbeleg.ms-word

2013-08-15 19:06 - 2013-07-09 07:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe

2013-08-15 19:06 - 2013-07-09 07:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe

2013-08-15 19:06 - 2013-07-09 06:53 - 01289096 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll

2013-08-15 19:06 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll

2013-08-15 19:06 - 2013-07-09 06:50 - 00652800 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll

2013-08-15 19:06 - 2013-07-09 06:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll

2013-08-15 19:06 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll

2013-08-15 19:06 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll

2013-08-15 19:05 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL

2013-08-15 19:05 - 2013-07-19 03:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll

2013-08-15 19:05 - 2013-07-06 07:05 - 01293760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys

2013-08-15 19:05 - 2013-06-15 05:38 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys

2013-08-13 23:50 - 2013-08-13 23:50 - 00001239 _____ C:\Users\Raphaela\Desktop\JRT.txt

2013-08-13 23:48 - 2013-08-13 23:48 - 00000000 ____D C:\Windows\ERUNT

2013-08-13 23:39 - 2013-08-13 23:43 - 00000000 ____D C:\AdwCleaner

2013-08-13 23:39 - 2013-08-13 23:39 - 00800594 _____ C:\Users\Raphaela\Downloads\adwcleaner.exe

2013-08-13 23:20 - 2013-08-13 23:20 - 00001031 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2013-08-13 23:20 - 2013-08-13 23:20 - 00000000 ____D C:\Users\Raphaela\AppData\Roaming\Malwarebytes

2013-08-13 23:20 - 2013-08-13 23:20 - 00000000 ____D C:\ProgramData\Malwarebytes

2013-08-13 23:20 - 2013-08-13 23:20 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware

2013-08-13 23:20 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2013-08-13 23:19 - 2013-08-13 23:19 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Raphaela\Downloads\mbam-setup-1.75.0.1300.exe

2013-08-13 16:59 - 2013-08-13 16:59 - 00013439 _____ C:\Users\Raphaela\Downloads\Addition.txt

2013-08-13 16:58 - 2013-08-13 16:58 - 00000000 ____D C:\FRST

2013-08-13 16:57 - 2013-08-13 16:57 - 01068525 _____ (Farbar) C:\Users\Raphaela\Downloads\FRST.exe

2013-08-13 16:44 - 2013-08-13 16:44 - 00022222 _____ C:\Users\Raphaela\Documents\Ereignisse.txt

2013-08-13 15:52 - 2013-08-13 15:52 - 03111104 _____ (Hewlett-Packard                                              ) C:\Users\Raphaela\Downloads\hpusetup.exe

2013-08-13 15:51 - 2013-08-13 15:51 - 00000327 _____ C:\Users\Raphaela\Desktop\HP PS 5520 Firmware VR3 *Update.url

2013-08-13 15:51 - 2013-08-13 15:51 - 00000000 ____D C:\Windows\Hewlett-Packard
 

==================== One Month Modified Files and Folders =======
 

2013-08-27 12:27 - 2013-08-27 12:27 - 00891115 _____ C:\Users\Raphaela\Downloads\SecurityCheck.exe

2013-08-27 12:21 - 2012-03-29 18:04 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job

2013-08-27 11:48 - 2010-03-21 03:10 - 01755613 _____ C:\Windows\WindowsUpdate.log

2013-08-27 11:47 - 2010-03-21 03:30 - 00000000 _____ C:\Windows\system32\Drivers\lvuvc.hs

2013-08-27 00:21 - 2012-03-29 18:04 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe

2013-08-27 00:21 - 2011-05-16 13:15 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl

2013-08-26 23:25 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\Microsoft.NET

2013-08-26 23:11 - 2013-08-26 23:11 - 00000000 ____D C:\Program Files\ESET

2013-08-26 23:09 - 2013-08-26 23:09 - 02347384 _____ (ESET) C:\Users\Raphaela\Downloads\esetsmartinstaller_enu.exe

2013-08-26 22:45 - 2009-07-14 06:34 - 00013440 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2013-08-26 22:45 - 2009-07-14 06:34 - 00013440 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2013-08-26 22:43 - 2013-06-02 10:57 - 00000000 ____D C:\Users\Raphaela\AppData\Roaming\HpUpdate

2013-08-26 22:39 - 2011-07-04 23:41 - 00000000 ___RD C:\Users\Raphaela\Dropbox

2013-08-26 22:39 - 2011-07-04 23:39 - 00000000 ____D C:\Users\Raphaela\AppData\Roaming\Dropbox

2013-08-26 22:36 - 2011-03-24 13:16 - 00031663 _____ C:\Windows\setupact.log

2013-08-26 22:36 - 2010-04-19 01:21 - 00000000 ____D C:\ProgramData\NVIDIA

2013-08-26 22:36 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT

2013-08-26 22:36 - 2009-07-14 06:33 - 00358208 _____ C:\Windows\system32\FNTCACHE.DAT

2013-08-26 22:33 - 2011-03-24 13:15 - 00054984 _____ C:\Windows\PFRO.log

2013-08-26 22:33 - 2009-07-14 10:56 - 00000000 ____D C:\Program Files\Windows Journal

2013-08-26 22:33 - 2009-07-14 06:52 - 00000000 ____D C:\Program Files\Windows Defender

2013-08-26 22:33 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\de-DE

2013-08-19 00:57 - 2010-03-21 03:21 - 01519798 _____ C:\Windows\system32\PerfStringBackup.INI

2013-08-19 00:56 - 2009-07-14 04:04 - 00000499 _____ C:\Windows\win.ini

2013-08-19 00:53 - 2013-08-19 00:52 - 00000000 ____D C:\Windows\system32\MRT

2013-08-19 00:40 - 2013-08-19 00:37 - 00010518 _____ C:\Windows\IE10_main.log

2013-08-19 00:38 - 2013-08-19 00:38 - 14329344 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2013-08-19 00:38 - 2013-08-19 00:38 - 13761024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2013-08-19 00:38 - 2013-08-19 00:38 - 02877440 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2013-08-19 00:38 - 2013-08-19 00:38 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2013-08-19 00:38 - 2013-08-19 00:38 - 02048512 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2013-08-19 00:38 - 2013-08-19 00:38 - 01767936 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2013-08-19 00:38 - 2013-08-19 00:38 - 01441280 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2013-08-19 00:38 - 2013-08-19 00:38 - 01400416 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat

2013-08-19 00:38 - 2013-08-19 00:38 - 01141248 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2013-08-19 00:38 - 2013-08-19 00:38 - 00745472 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe

2013-08-19 00:38 - 2013-08-19 00:38 - 00719360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll

2013-08-19 00:38 - 2013-08-19 00:38 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll

2013-08-19 00:38 - 2013-08-19 00:38 - 00629248 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2013-08-19 00:38 - 2013-08-19 00:38 - 00523264 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2013-08-19 00:38 - 2013-08-19 00:38 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2013-08-19 00:38 - 2013-08-19 00:38 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2013-08-19 00:38 - 2013-08-19 00:38 - 00361984 _____ (Microsoft Corporation) C:\Windows\system32\html.iec

2013-08-19 00:38 - 2013-08-19 00:38 - 00357888 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2013-08-19 00:38 - 2013-08-19 00:38 - 00242200 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll

2013-08-19 00:38 - 2013-08-19 00:38 - 00232960 _____ (Microsoft Corporation) C:\Windows\system32\url.dll

2013-08-19 00:38 - 2013-08-19 00:38 - 00226816 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2013-08-19 00:38 - 2013-08-19 00:38 - 00204800 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll

2013-08-19 00:38 - 2013-08-19 00:38 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll

2013-08-19 00:38 - 2013-08-19 00:38 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2013-08-19 00:38 - 2013-08-19 00:38 - 00158720 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll

2013-08-19 00:38 - 2013-08-19 00:38 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe

2013-08-19 00:38 - 2013-08-19 00:38 - 00138752 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe

2013-08-19 00:38 - 2013-08-19 00:38 - 00137216 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2013-08-19 00:38 - 2013-08-19 00:38 - 00125440 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll

2013-08-19 00:38 - 2013-08-19 00:38 - 00117248 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll

2013-08-19 00:38 - 2013-08-19 00:38 - 00110592 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll

2013-08-19 00:38 - 2013-08-19 00:38 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll

2013-08-19 00:38 - 2013-08-19 00:38 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll

2013-08-19 00:38 - 2013-08-19 00:38 - 00079872 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2013-08-19 00:38 - 2013-08-19 00:38 - 00073728 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe

2013-08-19 00:38 - 2013-08-19 00:38 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe

2013-08-19 00:38 - 2013-08-19 00:38 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll

2013-08-19 00:38 - 2013-08-19 00:38 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx

2013-08-19 00:38 - 2013-08-19 00:38 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2013-08-19 00:38 - 2013-08-19 00:38 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll

2013-08-19 00:38 - 2013-08-19 00:38 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll

2013-08-19 00:38 - 2013-08-19 00:38 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2013-08-19 00:38 - 2013-08-19 00:38 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll

2013-08-19 00:38 - 2013-08-19 00:38 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2013-08-19 00:38 - 2013-08-19 00:38 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll

2013-08-19 00:38 - 2013-08-19 00:38 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2013-08-19 00:38 - 2013-08-19 00:38 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll

2013-08-19 00:38 - 2013-08-19 00:38 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe

2013-08-19 00:38 - 2013-08-19 00:38 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe

2013-08-19 00:37 - 2013-08-19 00:37 - 01505280 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll

2013-08-18 22:24 - 2013-04-21 15:15 - 00000000 ____D C:\Users\Raphaela\Documents\kulTOUR mit Holender

2013-08-18 21:54 - 2013-05-23 15:29 - 00000000 ____D C:\Program Files\Mozilla Firefox

2013-08-17 11:39 - 2013-05-11 12:08 - 00014336 ___SH C:\Users\Raphaela\Documents\Thumbs.db

2013-08-15 22:18 - 2013-08-15 22:18 - 00021504 _____ C:\Users\Raphaela\Downloads\Eigenbeleg.ms-word

2013-08-13 23:50 - 2013-08-13 23:50 - 00001239 _____ C:\Users\Raphaela\Desktop\JRT.txt

2013-08-13 23:48 - 2013-08-13 23:48 - 00000000 ____D C:\Windows\ERUNT

2013-08-13 23:43 - 2013-08-13 23:39 - 00000000 ____D C:\AdwCleaner

2013-08-13 23:39 - 2013-08-13 23:39 - 00800594 _____ C:\Users\Raphaela\Downloads\adwcleaner.exe

2013-08-13 23:36 - 2009-07-14 04:37 - 00000000 __RSD C:\Windows\Media

2013-08-13 23:20 - 2013-08-13 23:20 - 00001031 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2013-08-13 23:20 - 2013-08-13 23:20 - 00000000 ____D C:\Users\Raphaela\AppData\Roaming\Malwarebytes

2013-08-13 23:20 - 2013-08-13 23:20 - 00000000 ____D C:\ProgramData\Malwarebytes

2013-08-13 23:20 - 2013-08-13 23:20 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware

2013-08-13 23:19 - 2013-08-13 23:19 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Raphaela\Downloads\mbam-setup-1.75.0.1300.exe

2013-08-13 16:59 - 2013-08-13 16:59 - 00013439 _____ C:\Users\Raphaela\Downloads\Addition.txt

2013-08-13 16:58 - 2013-08-13 16:58 - 00000000 ____D C:\FRST

2013-08-13 16:57 - 2013-08-13 16:57 - 01068525 _____ (Farbar) C:\Users\Raphaela\Downloads\FRST.exe

2013-08-13 16:44 - 2013-08-13 16:44 - 00022222 _____ C:\Users\Raphaela\Documents\Ereignisse.txt

2013-08-13 15:52 - 2013-08-13 15:52 - 03111104 _____ (Hewlett-Packard                                              ) C:\Users\Raphaela\Downloads\hpusetup.exe

2013-08-13 15:51 - 2013-08-13 15:51 - 00000327 _____ C:\Users\Raphaela\Desktop\HP PS 5520 Firmware VR3 *Update.url

2013-08-13 15:51 - 2013-08-13 15:51 - 00000000 ____D C:\Windows\Hewlett-Packard

2013-08-05 16:00 - 2012-06-12 11:28 - 75778376 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
 

==================== Bamital & volsnap Check =================
 

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 

LastRegBack: 2013-08-27 12:20
 

==================== End Of Log ============================

--- --- ---

--- --- ---

--- --- ---

Ich bin gerade ein bisschen verunsichert.. Avira hat mir gestern angezeigt, dass ich "TR/Rogue.1178267" am PC habe.. muss ich da jetzt noch etwas machen? D
Vielen, vielen Dank übrigens für die Hilfe!!!

Java, Adobe und Firefox updaten.

Wo zeigt Avira den an?

Ich hab ihn in die Quarantäne verschoben und da steht bei der quelle "downloads" (Users\Raphaela\Downloads\JRT.exe)
Habe gerade nochmal den Avira Scan drüberlaufen lassen und es wurde noch etwas gefunden :-(
dieses Mal: ADWARE/InstallRex.Gen
bei Quelle steht Users\Raphaela\Downloads\Nicht bestätigt 10849.crdownload

Leere deinen Downloads.Ordner und scanne nochmal.