Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   ALLES voller Werbung (und wer weiß was sonst noch) (https://www.trojaner-board.de/147355-alles-voller-werbung-weiss-noch.html)

dshbb 05.01.2014 01:58
ALLES voller Werbung (und wer weiß was sonst noch)
 
Hallo liebe Trojaner-Helden,
seid ein paar Tagen ist in sämtlichen Browsern (Internet Explorern sowie Chrome) alles voller Werbung. Pop-Ups, unterstrichene Wörter mit Pseudo-Links, und Werbe-Einblendungen. Ich habe schon alles versucht: Kapersky Rettung, Anitbytes Malware mehrfach drüber laufen lassen. Nichts scheint zu helfen. Nun habe ich auch die hier im Forum beschriebene Anleitung befolgt (dds und adwcleaner) und die unten geposteten Logs erhalten - könnt ihr mich retten?

Ich wäre Euch unendlich dankbar, Vielen Dank und viele Grüße Heiner

Code:
# AdwCleaner v3.016 - Bericht erstellt am 05/01/2014 um 01:31:43
# Aktualisiert 23/12/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (32 bits)
# Benutzername : dsh - DSH-PC
# Gestartet von : C:\Users\dsh\Desktop\adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

[!] Ordner Gelöscht : C:\ProgramData\boost_interprocess
[!] Ordner Gelöscht : C:\ProgramData\Computer Updater
[!] Ordner Gelöscht : C:\ProgramData\Tarma Installer
[!] Ordner Gelöscht : C:\ProgramData\w3i
[!] Ordner Gelöscht : C:\Program Files\Ask.com
[!] Ordner Gelöscht : C:\Program Files\Freeze.com
[!] Ordner Gelöscht : C:\Program Files\GamesBar
[!] Ordner Gelöscht : C:\Program Files\Mobogenie
[!] Ordner Gelöscht : C:\Program Files\Show-Password
[!] Ordner Gelöscht : C:\Program Files\w3i
[!] Ordner Gelöscht : C:\Windows\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}
Ordner Gelöscht : C:\Users\dsh\AppData\Local\AskToolbar
Ordner Gelöscht : C:\Users\dsh\AppData\Local\filetypeassistant
Ordner Gelöscht : C:\Users\dsh\AppData\Local\iLivid
Ordner Gelöscht : C:\Users\dsh\AppData\Local\PackageAware
Ordner Gelöscht : C:\Users\dsh\AppData\Local\Wajam
Ordner Gelöscht : C:\Users\dsh\AppData\Local\Temp\AskSearch
Ordner Gelöscht : C:\Users\dsh\AppData\LocalLow\AskToolbar
Ordner Gelöscht : C:\Users\dsh\AppData\LocalLow\PriceGong
Ordner Gelöscht : C:\Users\dsh\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabfjnbeinlpljodiajipidiompfl
Datei Gelöscht : C:\END
Datei Gelöscht : C:\Users\dsh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iLivid.lnk
Datei Gelöscht : C:\Users\dsh\Desktop\iLivid.lnk
Datei Gelöscht : C:\Users\dsh\Desktop\Play Free Games.lnk
Datei Gelöscht : C:\Windows\System32\Tasks\Scheduled Update for Ask Toolbar

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Wert Gelöscht : HKCU\Software\Mozilla\Firefox\Extensions [{8A9386B4-E958-4C4C-ADF4-8F26DB3E4829}]
Wert Gelöscht : HKCU\Software\Mozilla\Firefox\Extensions [happylyrics@hpyproductions.net]
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\wajam.com
Wert Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [SearchEngineProtection]
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\smartbar_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\smartbar_rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\wajamupdater_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\wajamupdater_rasmancs
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E38FA08E-F56A-4169-ABF5-5C71E3C153A1}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E38FA08E-F56A-4169-ABF5-5C71E3C153A1}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Schlüssel Gelöscht : HKCU\Software\Ask.com
Schlüssel Gelöscht : HKCU\Software\AskToolbar
Schlüssel Gelöscht : HKCU\Software\ilivid
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\AskToolbar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\HappyLyrics
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\PriceGong
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\NetAssistant 3.8.3

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.16428

Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default]

-\\ Google Chrome v31.0.1650.63

[ Datei : C:\Users\dsh\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R].txt - [16523 octets] - [05/01/2014 01:29:45]
AdwCleaner[S].txt - [5892 octets] - [05/01/2014 01:31:43]

########## EOF - C:\AdwCleaner\AdwCleaner[S].txt - [5951 octets] ##########
Code:
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 28.12.2009 16:20:55
System Uptime: 05.01.2014 01:34:19 (0 hours ago)
.
Motherboard: ASUSTeK Computer INC. |  | M4A785TD-V EVO
Processor: AMD Phenom(tm) II X4 925 Processor | AM3 | 2800/200mhz
.
==== Disk Partitions =========================
.
A: is FIXED (NTFS) - 466 GiB total, 398,997 GiB free.
C: is FIXED (NTFS) - 144 GiB total, 61,374 GiB free.
D: is FIXED (NTFS) - 5 GiB total, 5,351 GiB free.
E: is CDROM ()
K: is Removable
M: is FIXED (FAT32) - 466 GiB total, 50,515 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP720: 29.12.2013 08:48:51 - Installed SpyHunter
RP721: 29.12.2013 10:17:37 - Removed SpyHunter
RP722: 30.12.2013 13:23:49 - Herrnhuter Losungen wird installiert
RP724: 04.01.2014 17:04:33 - Configured Microsoft Office Home and Student 2007
.
==== Installed Programs ======================
.
 Update for Microsoft Office 2007 (KB2508958)
Adobe AIR
Adobe Download Assistant
Adobe Flash Player 10 Plugin
Adobe Flash Player 11 ActiveX
Adobe Reader X (10.1.8) - Deutsch
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Architektur Designer 2010 1.1.0.5
Ask Toolbar
ATI AVIVO Codecs
Avira Free Antivirus
Avira SearchFree Toolbar plus Web Protection Updater
Bing Bar
BMW M3 Challenge
Bonjour
CameraHelperMsi
Canon Easy-PhotoPrint EX
Canon Easy-WebPrint EX
Canon MG5200 series Benutzerregistrierung
Canon MG5200 series MP Drivers
Canon MP Navigator EX 4.0
Canon My Printer
Canon Solution Menu EX
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center HydraVision Full
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CD-LabelPrint
CDBurnerXP
CHIPDRIVE MyKey
Creatix V.9X DSP Data Fax Modem
CrystalDiskInfo 5.4.2
D3DX10
DirectX for Managed Code Update (Summer 2004)
entrusted Toolbar
EPU-4 Engine
erLT
File Type Assistant
Final Media Player 2012
FTDI USB Serial Converter Drivers
GamesBar (W)
Google Chrome
Google Earth
Google Talk (remove only)
Google Toolbar for Internet Explorer
Google Update Helper
Google+ Auto Backup
Herrnhuter Losungen
HydraVision
iCloud
InstallIQ Updater
iTunes
Junk Mail filter update
Logitech Webcam-Software
Logitech Webcam Software-Treiberpaket
LWS Facebook
LWS Gallery
LWS Help_main
LWS Launcher
LWS Motion Detection
LWS Pictures And Video
LWS Twitter
LWS Video Mask Maker
LWS VideoEffects
LWS Webcam Software
LWS WLM Plugin
LWS YouTube Plugin
Mesh Runtime
Messenger Companion
Micrografx Designer 9.0
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile DEU Language Pack
Microsoft Application Error Reporting
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (German) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office Live Add-in 1.5
Microsoft Office OneNote MUI (German) 2007
Microsoft Office Outlook 2007
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (German) 2007
Microsoft Office PowerPoint MUI (German) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (German) 2007
Microsoft Office Proof (Italian) 2007
Microsoft Office Proofing (German) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (German) 2007
Microsoft Office Word MUI (German) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft Works 4 Converter
MiniTool Partition Wizard Home Edition 8.1.1
MobileMe Control Panel
MSVC80_x86_v2
MSVC90_x86
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NAVIGON Fresh 3.4.1
NetAssistant
Nokia Connectivity Cable Driver
Nokia Ovi Suite
Nokia Ovi Suite Software Updater
Nokia Software Updater
NVIDIA 3D Vision Treiber 311.06
NVIDIA Display Control Panel
NVIDIA Grafiktreiber 311.06
NVIDIA Install Application
NVIDIA Stereoscopic 3D Driver
NVIDIA Systemsteuerung 311.06
NVIDIA Update 1.11.3
NVIDIA Update Components
Ovi Desktop Sync Engine
OviMPlatform
PC Connectivity Solution
Picasa 3
PL-2303 Vista Driver Installer
Platform
PrintKey2000
PVSonyDll
QuickTime
Realtek 8136 8168 8169 Ethernet Driver
Realtek AC'97 Audio
RegistryReviver
Safari
SCR3xxx Smart Card Reader
Search Protect by conduit
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
Security Update for Microsoft .NET Framework 4 Client Profile DEU Language Pack (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile DEU Language Pack (KB2518870)
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2817641) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2827329) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2850022) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office Outlook 2007 (KB2825644) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2827330) 32-Bit Edition
Show-Password
Skype™ 6.11
Spelling Dictionaries Support For Adobe Reader 9
StarMoney
StarMoney Business 4.0
StarMoney Business 5.0
StarMoney Business 6.0
Surf & E-Mail-Stick
System 3060
System Requirements Lab
t@x 2011
t@x 2013
TeamViewer 8
UltraISO Premium V9.6
Update für Microsoft Office Excel 2007 Help (KB963678)
Update für Microsoft Office Outlook 2007 Help (KB963677)
Update für Microsoft Office Powerpoint 2007 Help (KB963669)
Update für Microsoft Office Word 2007 Help (KB963665)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2850085) 32-Bit Edition
VIA Plattform-Geräte-Manager
WD Drive Manager (x86)
Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live Fotogalerie
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX control for remote connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Yahoo Community Smartbar
Yahoo Community Smartbar Engine
Yahoo! Software Update
Yahoo! Toolbar
.
==== End Of File ===========================
Code:
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 11.0.9600.16428
Run by admin at 1:43:07 on 2014-01-05
Microsoft Windows 7 Home Premium  6.1.7601.1.1252.49.1031.18.3327.1979 [GMT 1:00]
.
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\atiesrxx.exe
C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Windows\system32\AUDIODG.EXE
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Microsoft\BingBar\7.3.124.0\BBSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\StarMoney Business 4.0\ouservice\StarMoneyOnlineUpdate.exe
C:\Program Files\StarMoney Business 5.0\ouservice\StarMoneyOnlineUpdate.exe
C:\Program Files\StarMoney Business 6.0\ouservice\StarMoneyOnlineUpdate.exe
C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\atieclxx.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe
C:\Windows\SOUNDMAN.EXE
C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE
C:\Program Files\CHIPDRIVE\CHIPDRIVE MyKey\MyKey\MyKey.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
C:\Program Files\StarMoney Business 6.0\offlagent7\offlagent.exe
C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Buhl finance\tax Steuersoftware 2013\taxaktuell.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\CHIPDRIVE\CHIPDRIVE MyKey\MyKey\scmsok.exe
C:\Windows\system32\PrintIsolationHost.exe
C:\Program Files\Skype\Updater\Updater.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\svchost.exe -k SDRSVC
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mURLSearchHooks: {e44a1809-4d10-4ab8-b343-3326b64c7cdd} - <orphaned>
BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: GamesBar (W): {2e94b700-eafb-4c9e-a696-77200aa3f89b} - c:\program files\gamesagogo_w3i\encyclopediabritannicagamesbarX.dll
BHO: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - c:\program files\canon\easy-webprint ex\ewpexbho.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Show-Password: {96304e6d-bcec-4bca-b49b-ae3b4d54afec} - c:\program files\show-password\150.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - c:\program files\windows live\companion\companioncore.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\microsoft\bingbar\7.3.124.0\BingExt.dll
BHO: Avira SearchFree Toolbar plus Web Protection: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: NetAssistant: {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - c:\program files\freeze.com\netassistant\NetAssistant.dll
BHO: {e44a1809-4d10-4ab8-b343-3326b64c7cdd} - <orphaned>
BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
TB: Avira SearchFree Toolbar plus Web Protection: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: Avira SearchFree Toolbar plus Web Protection: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: GamesBar (W): {2e94b700-eafb-4c9e-a696-77200aa3f89b} - c:\program files\gamesagogo_w3i\encyclopediabritannicagamesbarX.dll
TB: Yahoo Community Smartbar (by Linkury): {ae07101b-46d4-4a98-af68-0333ea26e113} -
TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\microsoft\bingbar\7.3.124.0\BingExt.dll
EB: Canon Easy-WebPrint EX: {21347690-EC41-4F9A-8887-1F4AEE672439} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [WD Drive Manager] c:\program files\western digital\wd drive manager\WDBtnMgrUI.exe
mRun: [StarMoneyRunEntry] "c:\program files\starmoney business 4.0\app\oflagent.exe"
mRun: [NokiaMServer] c:\program files\common files\nokia\mplatform\NokiaMServer /watchfiles startup
mRun: [HDAudDeck] c:\program files\via\viaudioi\vdeck\VDeck.exe -r
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [CanonSolutionMenuEx] c:\program files\canon\solution menu ex\CNSEMAIN.EXE /logon
mRun: [SMB50StarMoneyRunEntry] "c:\program files\starmoney business 5.0\app\oflagent.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [MyKey] c:\program files\chipdrive\chipdrive mykey\mykey\MyKey.exe
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [SMB60StarMoneyRunEntry] "c:\program files\starmoney business 6.0\app\oflagent.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [LWS] c:\program files\logitech\lws\webcam software\LWS.exe -hide
mRun: [mobilegeni daemon] c:\program files\mobogenie\DaemonProcess.exe
StartupFolder: c:\users\admin\appdata\roaming\micros~1\windows\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\ereg\eReg.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\t@xakt~1.lnk - c:\program files\buhl finance\tax steuersoftware 2013\taxaktuell.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:255
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Nach Microsoft E&xel exportieren - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
LSP: c:\program files\avira\antivir desktop\avsda.dll
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{B1DCD31E-3CA5-4FA2-978A-246B644ABACB} : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{FC5E29D2-DD0C-4359-A9C5-22FB4F661872} : DHCPNameServer = 192.168.2.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\31.0.1650.63\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
============= SERVICES / DRIVERS ===============
.
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2012-10-29 37352]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-5-5 172032]
R2 AntiVirSchedulerService;Avira Planer;c:\program files\avira\antivir desktop\sched.exe [2012-10-29 440376]
R2 AntiVirService;Avira Echtzeit-Scanner;c:\program files\avira\antivir desktop\avguard.exe [2012-10-29 440376]
R2 AntiVirWebService;Avira Browser-Schutz;c:\program files\avira\antivir desktop\avwebgrd.exe [2012-10-29 1011768]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2012-10-29 90400]
R2 BBSvc;BingBar Service;c:\program files\microsoft\bingbar\7.3.124.0\BBSvc.EXE [2013-12-16 193696]
R2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-9-5 171680]
R2 StarMoney Business 4.0 OnlineUpdate;StarMoney Business 4.0 OnlineUpdate;c:\program files\starmoney business 4.0\ouservice\StarMoneyOnlineUpdate.exe [2011-11-10 554160]
R2 StarMoney Business 5.0 OnlineUpdate;StarMoney Business 5.0 OnlineUpdate;c:\program files\starmoney business 5.0\ouservice\StarMoneyOnlineUpdate.exe [2013-2-13 699680]
R2 StarMoney Business 6.0 OnlineUpdate;StarMoney Business 6.0 OnlineUpdate;c:\program files\starmoney business 6.0\ouservice\StarMoneyOnlineUpdate.exe [2013-10-30 663184]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2013-1-18 383264]
R2 TeamViewer8;TeamViewer 8;c:\program files\teamviewer\version8\TeamViewer_Service.exe [2012-12-15 5087584]
R2 UMVPFSrv;UMVPFSrv;c:\program files\common files\logishrd\lvmvfm\UMVPFSrv.exe [2011-8-19 450848]
R2 WDBtnMgrSvc.exe;WD Drive Manager Service;c:\program files\western digital\wd drive manager\WDBtnMgrSvc.exe [2008-5-16 102400]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2010-5-26 167936]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2010-5-26 1077760]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-16 11520]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\7.3.124.0\SeaPort.EXE [2013-12-16 247968]
S3 ctxS51;Creatix V.9X DSP Data Fax Modem;c:\windows\system32\drivers\ctxS51.sys [2006-5-1 1903646]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2012-6-4 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2012-3-8 1492840]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\ieetwcollector.exe [2013-12-11 108032]
S3 Ph3xIB32;Philips 713x Inbox PCI TV Card;c:\windows\system32\drivers\Ph3xIB32.sys [2009-6-10 1311232]
S3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [2013-12-28 15688]
S3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [2013-12-28 10320]
S3 SCR3XX2K;SCR3xx USB SmartCardReader;c:\windows\system32\drivers\SCR3XX2K.sys [2011-6-16 59520]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-6-26 52224]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== Created Last 30 ================
.
2014-01-05 00:29:39        --------        d-----w-        C:\AdwCleaner
2014-01-05 00:16:07        --------        d-----w-        c:\program files\UltraISO
2014-01-05 00:16:07        --------        d-----w-        c:\program files\common files\EZB Systems
2013-12-29 07:49:36        --------        d-----w-        c:\program files\Enigma Software Group
2013-12-29 07:48:39        --------        d-----w-        c:\windows\220FB0354744483A9A0B41DF77061583.TMP
2013-12-29 07:48:38        --------        d-----w-        c:\program files\common files\Wise Installation Wizard
2013-12-28 16:22:16        2881848        ----a-w-        c:\windows\system32\pwNative.exe
2013-12-28 16:22:16        15688        ------w-        c:\windows\system32\pwdrvio.sys
2013-12-28 16:22:15        10320        ------w-        c:\windows\system32\pwdspio.sys
2013-12-28 16:22:00        --------        d-----w-        c:\program files\MiniTool Partition Wizard Home Edition 8.1.1
2013-12-28 16:16:15        --------        d-----w-        c:\users\admin\appdata\roaming\Malwarebytes
2013-12-28 16:16:03        --------        d-----w-        c:\programdata\Malwarebytes
2013-12-28 16:14:52        743248        ----a-w-        c:\windows\system32\msvcp100d.dll
2013-12-28 16:14:52        1498960        ----a-w-        c:\windows\system32\msvcr100d.dll
2013-12-28 16:14:52        --------        d-----w-        c:\program files\Malwarebytes Anti-Exploit
2013-12-26 11:59:46        --------        d-----w-        c:\program files\Show-Password
2013-12-26 11:59:45        --------        d-----w-        c:\users\admin\appdata\local\cache
2013-12-26 11:59:44        --------        d-----w-        c:\users\admin\appdata\local\Mobogenie
2013-12-26 11:59:08        --------        d-----w-        c:\program files\Mobogenie
2013-12-26 11:58:42        --------        d-----w-        c:\program files\Free M4a to MP3 Converter
2013-12-26 11:58:27        --------        d-----w-        c:\users\admin\appdata\local\Programs
2013-12-23 19:32:50        4558848        ----a-w-        c:\windows\system32\GPhotos.scr
2013-12-23 16:41:50        822272        ----a-w-        c:\windows\system32\LUCA.DLL
2013-12-23 16:41:48        --------        d-----w-        c:\program files\Simons & Voss
2013-12-23 16:41:21        304128        ----a-w-        c:\windows\unin0407.exe
2013-12-23 16:36:58        51821        ----a-w-        c:\windows\system32\ftserui2.dll
2013-12-23 16:36:58        36864        ----a-w-        c:\windows\system32\FTLang.dll
2013-12-23 16:36:57        57404        ----a-w-        c:\windows\system32\drivers\ftser2k.sys
2013-12-23 16:35:12        414208        ----a-w-        c:\windows\system32\ftdiunin.exe
2013-12-23 16:35:12        24209        ----a-w-        c:\windows\system32\drivers\ftdibus.sys
2013-12-11 17:26:45        12625408        ----a-w-        c:\windows\system32\wmploc.DLL
2013-12-11 17:26:44        164864        ----a-w-        c:\program files\windows media player\wmplayer.exe
2013-12-11 08:29:36        301568        ----a-w-        c:\windows\system32\msieftp.dll
2013-12-11 08:29:34        159232        ----a-w-        c:\windows\system32\imagehlp.dll
2013-12-11 08:29:33        417792        ----a-w-        c:\windows\system32\WMPhoto.dll
2013-12-11 08:29:33        163840        ----a-w-        c:\windows\system32\scrrun.dll
2013-12-11 08:29:33        141824        ----a-w-        c:\windows\system32\wscript.exe
2013-12-11 08:29:33        126976        ----a-w-        c:\windows\system32\cscript.exe
2013-12-11 08:29:33        121856        ----a-w-        c:\windows\system32\wshom.ocx
2013-12-11 08:29:31        2048        ----a-w-        c:\windows\system32\tzres.dll
2013-12-11 08:29:28        81408        ----a-w-        c:\windows\system32\drivers\drmk.sys
2013-12-11 08:29:28        2349056        ----a-w-        c:\windows\system32\win32k.sys
2013-12-11 08:29:28        177152        ----a-w-        c:\windows\system32\drivers\portcls.sys
.
==================== Find3M  ====================
.
2013-12-17 14:30:23        90400        ----a-w-        c:\windows\system32\drivers\avgntflt.sys
2013-12-17 14:30:23        69240        ----a-w-        c:\windows\system32\drivers\avnetflt.sys
2013-12-10 18:23:44        71048        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl
2013-12-10 18:23:44        692616        ----a-w-        c:\windows\system32\FlashPlayerApp.exe
2013-11-26 09:23:02        2724864        ----a-w-        c:\windows\system32\mshtml.tlb
2013-11-26 09:22:11        4096        ----a-w-        c:\windows\system32\ieetwcollectorres.dll
2013-11-26 08:53:56        61952        ----a-w-        c:\windows\system32\iesetup.dll
2013-11-26 08:52:26        51200        ----a-w-        c:\windows\system32\ieetwproxystub.dll
2013-11-26 08:29:55        112128        ----a-w-        c:\windows\system32\ieUnatt.exe
2013-11-26 08:29:52        108032        ----a-w-        c:\windows\system32\ieetwcollector.exe
2013-11-26 08:28:16        553472        ----a-w-        c:\windows\system32\jscript9diag.dll
2013-11-26 08:16:12        4243968        ----a-w-        c:\windows\system32\jscript9.dll
2013-11-26 07:32:06        1928192        ----a-w-        c:\windows\system32\inetcpl.cpl
2013-11-26 06:33:33        1820160        ----a-w-        c:\windows\system32\wininet.dll
2013-10-12 02:03:08        656896        ----a-w-        c:\windows\system32\nshwfp.dll
2013-10-12 02:01:41        679424        ----a-w-        c:\windows\system32\IKEEXT.DLL
2013-10-12 02:01:25        216576        ----a-w-        c:\windows\system32\FWPUCLNT.DLL
2013-10-07 13:15:43        37352        ----a-w-        c:\windows\system32\drivers\avkmgr.sys
.
============= FINISH:  1:44:42,61 ===============

aharonov 05.01.2014 02:33
Hallo,

mach bitte einen FRST-Scan:


Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)


dshbb 05.01.2014 10:12
Alles klar, erledigt - oh man. Also wenn ihr das gelöst kriegt....;)
Erst die FRST dann die Addition.txt:


FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 04-01-2014
Ran by dsh (ATTENTION: The logged in user is not administrator) on DSH-PC on 05-01-2014 09:28:41
Running from C:\Users\dsh\Desktop
Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(ASUSTeK Computer Inc.) C:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe
(Realtek Semiconductor Corp.) C:\Windows\SOUNDMAN.EXE
(WDC) C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
(Nokia) C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
(VIA) C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(CANON INC.) C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE
(Identive GmbH) C:\Program Files\CHIPDRIVE\CHIPDRIVE MyKey\MyKey\MyKey.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Logitech Inc.) C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
(Nokia) C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe
(Star Finanz-Software Entwicklung und Vertriebs GmbH) C:\Program Files\StarMoney Business 6.0\offlagent7\offlagent.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Dropbox, Inc.) C:\Users\dsh\AppData\Roaming\Dropbox\bin\Dropbox.exe
() C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
() C:\Program Files\Common Files\logishrd\LQCVFX\COCIManager.exe
(SCM Microsystems) C:\Program Files\CHIPDRIVE\CHIPDRIVE MyKey\MyKey\SCMSOK.exe
() C:\Program Files\Common Files\Nokia\NoA\nokiaaserver.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SoundMan] - C:\Windows\SOUNDMAN.EXE [604704 2009-04-14] (Realtek Semiconductor Corp.)
HKLM\...\Run: [WD Drive Manager] - C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe [430080 2008-05-16] (WDC)
HKLM\...\Run: [StarMoneyRunEntry] - C:\Program Files\StarMoney Business 4.0\app\OflAgent.exe [57864 2011-09-22] (Star Finanz - Software Entwicklung und Vertriebs GmbH)
HKLM\...\Run: [NokiaMServer] - C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup
HKLM\...\Run: [HDAudDeck] - C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe [1486848 2009-08-28] (VIA)
HKLM\...\Run: [StartCCC] - "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
HKLM\...\Run: [CanonMyPrinter] - C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE [2516296 2010-03-24] (CANON INC.)
HKLM\...\Run: [CanonSolutionMenuEx] - C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE [1185112 2010-04-02] (CANON INC.)
HKLM\...\Run: [SMB50StarMoneyRunEntry] - C:\Program Files\StarMoney Business 5.0\app\OflAgent.exe [56976 2013-12-18] (Star Finanz - Software Entwicklung und Vertriebs GmbH)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [MyKey] - C:\Program Files\CHIPDRIVE\CHIPDRIVE MyKey\MyKey\MyKey.exe [3757000 2012-12-03] (Identive GmbH)
HKLM\...\Run: [] - [x]
HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [684600 2013-12-17] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [SMB60StarMoneyRunEntry] - C:\Program Files\StarMoney Business 6.0\app\OflAgent.exe [48272 2013-12-18] (Star Finanz-Software Entwicklung und Vertriebs GmbH)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKLM\...\Run: [LWS] - C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe [205336 2011-08-12] (Logitech Inc.)
HKLM\...\Run: [mobilegeni daemon] - C:\Program Files\Mobogenie\DaemonProcess.exe
Winlogon\Notify\ScCertProp: wlnotify.dll [X]
HKCU\...\Run: [NokiaOviSuite2] - C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe [385928 2010-02-24] (Nokia)
HKCU\...\Run: [MobileDocuments] - C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
HKCU\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
MountPoints2: E - E:\Autorun.exe
MountPoints2: {18373fcc-693c-11df-b49f-e0cb4ebaaccd} - F:\AutoRun.exe
MountPoints2: {18374017-693c-11df-b49f-e0cb4ebaaccd} - F:\AutoRun.exe
MountPoints2: {87e467cb-690d-11df-bacc-e0cb4ebaaccd} - F:\AutoRun.exe
MountPoints2: {87e467e0-690d-11df-bacc-e0cb4ebaaccd} - F:\AutoRun.exe
MountPoints2: {87e467f2-690d-11df-bacc-e0cb4ebaaccd} - F:\AutoRun.exe
MountPoints2: {ae225e03-6939-11df-bb57-e0cb4ebaaccd} - F:\AutoRun.exe
MountPoints2: {ae225e08-6939-11df-bb57-e0cb4ebaaccd} - F:\AutoRun.exe
MountPoints2: {ae225e1b-6939-11df-bb57-e0cb4ebaaccd} - F:\AutoRun.exe
MountPoints2: {e657174e-09d6-11e1-a738-e0cb4ebaaccd} - F:\DTVP_Launcher.exe
Startup: C:\Users\dsh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\dsh\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\dsh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\t@x aktuell.lnk
ShortcutTarget: t@x aktuell.lnk -> C:\Program Files\Buhl finance\tax Steuersoftware 2012\taxaktuell.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x35247450D287CA01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
URLSearchHook: HKLM - (No Name) - {e44a1809-4d10-4ab8-b343-3326b64c7cdd} -  No File
SearchScopes: HKLM - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=74ee28fd-5a12-4256-aa75-e5b8dbfefbbc&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=25/03/2013&type=hp1000
SearchScopes: HKLM - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=74ee28fd-5a12-4256-aa75-e5b8dbfefbbc&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=25/03/2013&type=hp1000
SearchScopes: HKCU - DefaultScope {F409D843-4F29-44D4-BC98-B55CEB1FC26D} URL = hxxp://www.google.com/search?q={searchTerms}&rlz=1I7SKPT_deDE421
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {F409D843-4F29-44D4-BC98-B55CEB1FC26D} URL = hxxp://www.google.com/search?q={searchTerms}&rlz=1I7SKPT_deDE421
BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
BHO: GamesBar (W) - {2e94b700-eafb-4c9e-a696-77200aa3f89b} - C:\Program Files\gamesagogo_w3i\encyclopediabritannicagamesbarX.dll ()
BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Show-Password - {96304e6d-bcec-4bca-b49b-ae3b4d54afec} - C:\Program Files\Show-Password\150.dll ()
BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\7.3.124.0\BingExt.dll (Microsoft Corporation.)
BHO: Avira SearchFree Toolbar plus Web Protection - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
BHO: NetAssistant - {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - C:\Program Files\Freeze.com\NetAssistant\NetAssistant.dll (W3i, LLC)
BHO: No Name - {e44a1809-4d10-4ab8-b343-3326b64c7cdd} -  No File
BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
Toolbar: HKLM - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
Toolbar: HKLM - Avira SearchFree Toolbar plus Web Protection - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
Toolbar: HKLM - GamesBar (W) - {2e94b700-eafb-4c9e-a696-77200aa3f89b} - C:\Program Files\gamesagogo_w3i\encyclopediabritannicagamesbarX.dll ()
Toolbar: HKLM - Yahoo Community Smartbar (by Linkury) - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.3.124.0\BingExt.dll (Microsoft Corporation.)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Winsock: Catalog9 01 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 02 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 03 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 04 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 05 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 06 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 07 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 08 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 37 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

Chrome:
=======
CHR DefaultSearchURL: hxxp://www.google.de/search?q={searchTerms}&rlz=1I7SKPT_deDE421
CHR DefaultNewTabURL:
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\31.0.1650.63\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (CANON iMAGE GATEWAY Album Plugin Utility) - C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
CHR Plugin: (Picasa) - D:\Programme\Picasa3\npPicasa3.dll No File
CHR Extension: (Adblock Plus) - C:\Users\dsh\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.7.2_0
CHR Extension: (Google Wallet) - C:\Users\dsh\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0
CHR HKLM\...\Chrome\Extension: [aaaaabfjnbeinlpljodiajipidiompfl] - C:\Users\dsh\AppData\Local\APN\GoogleCRXs\aaaaabfjnbeinlpljodiajipidiompfl_7.15.10.0.crx
CHR HKLM\...\Chrome\Extension: [jpmbfleldcgkldadpdinhjjopdfpjfjp] - C:\Users\dsh\AppData\Local\Wajam\Chrome\wajam.crx
CHR HKLM\...\Chrome\Extension: [logekkkdbdidmmcgkonmmonclldogceg] - C:\Program Files\Show-Password\150.crx

========================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [440376 2013-12-17] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440376 2013-11-19] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [1011768 2013-12-17] (Avira Operations GmbH & Co. KG)
R2 lmhosts; C:\Windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
R2 NlaSvc; C:\Windows\System32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
R2 nsi; C:\Windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
R2 StarMoney Business 4.0 OnlineUpdate; C:\Program Files\StarMoney Business 4.0\ouservice\StarMoneyOnlineUpdate.exe [554160 2011-11-08] (Star Finanz - Software Entwicklung und Vertriebs GmbH)
R2 StarMoney Business 5.0 OnlineUpdate; C:\Program Files\StarMoney Business 5.0\ouservice\StarMoneyOnlineUpdate.exe [699680 2012-12-21] (Star Finanz - Software Entwicklung und Vertriebs GmbH)
R2 StarMoney Business 6.0 OnlineUpdate; C:\Program Files\StarMoney Business 6.0\ouservice\StarMoneyOnlineUpdate.exe [663184 2013-10-11] (Star Finanz-Software Entwicklung und Vertriebs GmbH)
R2 UMVPFSrv; C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [450848 2011-08-19] (Logitech Inc.)
R2 WDBtnMgrSvc.exe; C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe [102400 2008-05-16] (WDC)
S2 NMSAccessU; D:\Programme\CDBurnerXP\NMSAccessU.exe [x]

==================== Drivers (Whitelisted) ====================

S3 ALCXWDM; C:\Windows\System32\drivers\RTKVAC.SYS [4172832 2009-06-18] (Realtek Semiconductor Corp.)
R1 AsIO; C:\Windows\System32\drivers\AsIO.sys [12400 2007-12-17] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [90400 2013-12-17] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135648 2013-12-17] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-10-07] (Avira Operations GmbH & Co. KG)
S3 ctxS51; C:\Windows\System32\DRIVERS\ctxS51.sys [1903646 2006-05-01] (Intel Corporation)
S3 FTDIBUS; C:\Windows\System32\drivers\ftdibus.sys [24209 2005-12-12] (FTDI Ltd.)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [13216 2009-07-16] ()
S3 Ph3xIB32; C:\Windows\System32\DRIVERS\Ph3xIB32.sys [1311232 2009-07-13] (NXP Semiconductors)
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [15688 2013-09-30] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [10320 2013-09-30] ()
S3 SCR3XX2K; C:\Windows\System32\DRIVERS\SCR3XX2K.sys [59520 2011-06-16] (SCM Microsystems Inc.)
S3 SISNIC; C:\Windows\System32\DRIVERS\sisnic.sys [40840 2006-07-13] (SiS Corporation)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2012-08-27] (Avira GmbH)
S3 StarOpen; C:\Windows\System32\Drivers\StarOpen.sys [7168 2009-11-12] ()
R3 VIAHdAudAddService; C:\Windows\System32\drivers\viahduaa.sys [1077760 2009-08-17] (VIA Technologies, Inc.)
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-01-05 09:28 - 2014-01-05 09:29 - 00018154 _____ C:\Users\dsh\Desktop\FRST.txt
2014-01-05 09:28 - 2014-01-05 09:28 - 01064761 _____ (Farbar) C:\Users\dsh\Desktop\FRST.exe
2014-01-05 09:28 - 2014-01-05 09:28 - 00000000 ____D C:\FRST
2014-01-05 01:44 - 2014-01-05 01:44 - 00019298 _____ C:\Users\dsh\Desktop\dds.txt
2014-01-05 01:44 - 2014-01-05 01:44 - 00011399 _____ C:\Users\dsh\Desktop\attach.txt
2014-01-05 01:40 - 2014-01-05 01:40 - 00688992 ____R (Swearware) C:\Users\dsh\Desktop\dds.exe
2014-01-05 01:38 - 2014-01-05 01:38 - 00006030 _____ C:\Users\dsh\Desktop\AdwCleaner[S].txt
2014-01-05 01:29 - 2014-01-05 01:33 - 00000000 ____D C:\AdwCleaner
2014-01-05 01:29 - 2014-01-05 01:29 - 01233962 _____ C:\Users\dsh\Desktop\adwcleaner.exe
2014-01-05 01:16 - 2014-01-05 01:16 - 00000929 _____ C:\Users\Public\Desktop\UltraISO.lnk
2014-01-05 01:16 - 2014-01-05 01:16 - 00000000 ____D C:\Program Files\UltraISO
2014-01-05 01:16 - 2014-01-05 01:16 - 00000000 ____D C:\Program Files\Common Files\EZB Systems
2014-01-04 17:09 - 2014-01-04 17:09 - 00000000 ____D C:\Program Files\Common Files\DESIGNER
2013-12-31 14:09 - 2013-12-31 14:09 - 00000000 ____D C:\Users\dsh\aktuell
2013-12-30 13:41 - 2013-12-30 13:48 - 340465664 _____ C:\Users\dsh\Downloads\kav_rescue_1032.iso
2013-12-29 08:49 - 2013-12-29 08:49 - 00000000 ____D C:\Program Files\Enigma Software Group
2013-12-29 08:48 - 2013-12-29 10:18 - 00000000 ____D C:\Windows\220FB0354744483A9A0B41DF77061583.TMP
2013-12-29 08:48 - 2013-12-29 08:48 - 00001028 _____ C:\Users\Public\Desktop\Picasa 3.lnk
2013-12-29 08:48 - 2013-12-29 08:48 - 00000000 ____D C:\Program Files\Common Files\Wise Installation Wizard
2013-12-29 02:05 - 2013-12-29 02:05 - 00000000 ____D C:\Users\dsh\AppData\Roaming\Malwarebytes
2013-12-28 20:05 - 2013-12-28 20:05 - 00001912 _____ C:\Windows\PWCMDLST.BAK
2013-12-28 17:22 - 2013-12-28 17:22 - 00001171 _____ C:\Users\Public\Desktop\MiniTool Partition Wizard Home Edition.lnk
2013-12-28 17:22 - 2013-12-28 17:22 - 00000000 ____D C:\Program Files\MiniTool Partition Wizard Home Edition 8.1.1
2013-12-28 17:22 - 2013-09-30 16:26 - 02881848 _____ C:\Windows\system32\pwNative.exe
2013-12-28 17:22 - 2013-09-30 16:26 - 00015688 ____N C:\Windows\system32\pwdrvio.sys
2013-12-28 17:22 - 2013-09-30 16:26 - 00010320 ____N C:\Windows\system32\pwdspio.sys
2013-12-28 17:16 - 2013-12-28 17:16 - 00000000 ____D C:\Users\admin\AppData\Roaming\Malwarebytes
2013-12-28 17:16 - 2013-12-28 17:16 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-12-28 17:14 - 2014-01-04 13:23 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Exploit
2013-12-28 17:14 - 2013-07-16 04:41 - 01498960 _____ (Microsoft Corporation) C:\Windows\system32\msvcr100d.dll
2013-12-28 17:14 - 2013-07-16 04:41 - 00743248 _____ (Microsoft Corporation) C:\Windows\system32\msvcp100d.dll
2013-12-26 12:59 - 2014-01-05 09:21 - 00000380 _____ C:\Windows\Tasks\Show-Password Update.job
2013-12-26 12:59 - 2013-12-26 13:00 - 00000000 ____D C:\Program Files\Mobogenie
2013-12-26 12:59 - 2013-12-26 12:59 - 00000000 ____D C:\Program Files\Show-Password
2013-12-26 12:59 - 2013-12-26 12:59 - 00000000 _____ C:\Users\admin\daemonprocess.txt
2013-12-26 12:58 - 2013-12-26 13:00 - 00000000 ____D C:\Program Files\Free M4a to MP3 Converter
2013-12-23 20:32 - 2013-12-23 20:32 - 04558848 _____ (Google Inc.) C:\Windows\system32\GPhotos.scr
2013-12-23 17:41 - 2013-12-23 17:41 - 00000000 ____D C:\Program Files\Simons & Voss
2013-12-23 17:41 - 2005-02-14 09:30 - 00822272 _____ (Langner Communication AG) C:\Windows\system32\LUCA.DLL
2013-12-23 17:41 - 1998-02-06 22:35 - 00304128 _____ (InstallShield Corporation, Inc.) C:\Windows\unin0407.exe
2013-12-23 17:36 - 2005-12-12 09:50 - 00057404 _____ (FTDI Ltd.) C:\Windows\system32\Drivers\ftser2k.sys
2013-12-23 17:36 - 2005-12-12 09:50 - 00051821 _____ (FTDI Ltd.) C:\Windows\system32\ftserui2.dll
2013-12-23 17:36 - 2005-12-12 09:50 - 00036864 _____ (FTDI) C:\Windows\system32\FTLang.dll
2013-12-23 17:35 - 2005-12-12 09:50 - 00414208 _____ (FTDI Ltd.) C:\Windows\system32\ftdiunin.exe
2013-12-23 17:35 - 2005-12-12 09:50 - 00024209 _____ (FTDI Ltd.) C:\Windows\system32\Drivers\ftdibus.sys
2013-12-23 17:35 - 2005-12-12 09:50 - 00000092 _____ C:\Windows\system32\ftdiun2k.ini
2013-12-11 18:34 - 2013-11-26 11:11 - 17112576 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-12-11 18:34 - 2013-11-26 10:23 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-12-11 18:34 - 2013-11-26 10:22 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-12-11 18:34 - 2013-11-26 09:53 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-12-11 18:34 - 2013-11-26 09:52 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-12-11 18:34 - 2013-11-26 09:38 - 02166784 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-12-11 18:34 - 2013-11-26 09:38 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-12-11 18:34 - 2013-11-26 09:36 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-12-11 18:34 - 2013-11-26 09:32 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-12-11 18:34 - 2013-11-26 09:29 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-12-11 18:34 - 2013-11-26 09:29 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-12-11 18:34 - 2013-11-26 09:28 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-12-11 18:34 - 2013-11-26 09:16 - 04243968 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-12-11 18:34 - 2013-11-26 09:13 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-12-11 18:34 - 2013-11-26 08:32 - 01928192 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-12-11 18:34 - 2013-11-26 08:26 - 11221504 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-12-11 18:34 - 2013-11-26 07:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-12-11 18:34 - 2013-11-26 07:33 - 01820160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-12-11 18:34 - 2013-11-26 07:27 - 01157632 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-12-11 18:26 - 2013-05-10 05:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2013-12-11 18:26 - 2013-05-10 05:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2013-12-11 09:29 - 2013-11-23 19:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2013-12-11 09:29 - 2013-11-12 03:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-12-11 09:29 - 2013-10-30 03:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2013-12-11 09:29 - 2013-10-30 02:27 - 02349056 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-12-11 09:29 - 2013-10-19 02:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2013-12-11 09:29 - 2013-10-12 03:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2013-12-11 09:29 - 2013-10-12 03:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2013-12-11 09:29 - 2013-10-12 02:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2013-12-11 09:29 - 2013-10-12 02:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2013-12-11 09:29 - 2013-10-04 02:49 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2013-12-11 09:29 - 2013-10-04 02:17 - 00177152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys

==================== One Month Modified Files and Folders =======

2014-01-05 09:29 - 2014-01-05 09:28 - 00018154 _____ C:\Users\dsh\Desktop\FRST.txt
2014-01-05 09:28 - 2014-01-05 09:28 - 01064761 _____ (Farbar) C:\Users\dsh\Desktop\FRST.exe
2014-01-05 09:28 - 2014-01-05 09:28 - 00000000 ____D C:\FRST
2014-01-05 09:28 - 2009-07-14 05:39 - 04975469 _____ C:\Windows\setupact.log
2014-01-05 09:26 - 2009-12-28 15:48 - 01753277 _____ C:\Windows\WindowsUpdate.log
2014-01-05 09:22 - 2011-05-24 09:34 - 00000000 ___RD C:\Users\dsh\Desktop\Dropbox
2014-01-05 09:22 - 2011-05-24 09:31 - 00000000 ____D C:\Users\dsh\AppData\Roaming\Dropbox
2014-01-05 09:21 - 2013-12-26 12:59 - 00000380 _____ C:\Windows\Tasks\Show-Password Update.job
2014-01-05 09:21 - 2011-12-13 14:56 - 00000382 _____ C:\Windows\Tasks\Final Media Player Update Checker.job
2014-01-05 09:21 - 2009-12-28 21:07 - 00001088 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-05 09:20 - 2010-06-04 16:05 - 00000000 ____D C:\ProgramData\NVIDIA
2014-01-05 09:20 - 2009-12-29 19:16 - 00000000 _____ C:\Windows\system32\Drivers\lvuvc.hs
2014-01-05 09:20 - 2009-07-14 05:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-05 01:44 - 2014-01-05 01:44 - 00019298 _____ C:\Users\dsh\Desktop\dds.txt
2014-01-05 01:44 - 2014-01-05 01:44 - 00011399 _____ C:\Users\dsh\Desktop\attach.txt
2014-01-05 01:44 - 2009-07-14 05:34 - 00016528 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-05 01:44 - 2009-07-14 05:34 - 00016528 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-05 01:40 - 2014-01-05 01:40 - 00688992 ____R (Swearware) C:\Users\dsh\Desktop\dds.exe
2014-01-05 01:38 - 2014-01-05 01:38 - 00006030 _____ C:\Users\dsh\Desktop\AdwCleaner[S].txt
2014-01-05 01:33 - 2014-01-05 01:29 - 00000000 ____D C:\AdwCleaner
2014-01-05 01:29 - 2014-01-05 01:29 - 01233962 _____ C:\Users\dsh\Desktop\adwcleaner.exe
2014-01-05 01:16 - 2014-01-05 01:16 - 00000929 _____ C:\Users\Public\Desktop\UltraISO.lnk
2014-01-05 01:16 - 2014-01-05 01:16 - 00000000 ____D C:\Program Files\UltraISO
2014-01-05 01:16 - 2014-01-05 01:16 - 00000000 ____D C:\Program Files\Common Files\EZB Systems
2014-01-05 01:12 - 2012-05-28 18:22 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-05 01:07 - 2009-12-28 21:07 - 00001092 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-04 17:13 - 2009-12-28 19:30 - 00069480 _____ C:\Users\dsh\AppData\Local\GDIPFONTCACHEV1.DAT
2014-01-04 17:13 - 2009-07-14 05:33 - 00307440 _____ C:\Windows\system32\FNTCACHE.DAT
2014-01-04 17:11 - 2009-12-28 20:04 - 00656100 _____ C:\Windows\PFRO.log
2014-01-04 17:09 - 2014-01-04 17:09 - 00000000 ____D C:\Program Files\Common Files\DESIGNER
2014-01-04 17:09 - 2009-12-28 20:01 - 00000000 ____D C:\Program Files\Microsoft Works
2014-01-04 17:09 - 2009-12-28 17:29 - 00000000 ____D C:\ProgramData\Microsoft Help
2014-01-04 17:09 - 2009-07-14 03:37 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2014-01-04 17:07 - 2009-07-14 09:57 - 00000000 ____D C:\Windows\ShellNew
2014-01-04 13:23 - 2013-12-28 17:14 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Exploit
2014-01-02 17:35 - 2013-10-30 09:33 - 00000000 ____D C:\Program Files\StarMoney Business 6.0
2014-01-02 17:23 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\system32\NDF
2014-01-02 17:21 - 2012-03-08 12:01 - 00000000 ____D C:\Program Files\StarMoney Business 5.0
2014-01-01 19:53 - 2013-09-08 17:48 - 00000000 ____D C:\Users\admin\AppData\Roaming\Skype
2013-12-31 14:09 - 2013-12-31 14:09 - 00000000 ____D C:\Users\dsh\aktuell
2013-12-31 14:09 - 2009-12-28 16:21 - 00000000 ____D C:\Users\dsh
2013-12-31 11:43 - 2009-07-14 05:53 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-12-30 13:48 - 2013-12-30 13:41 - 340465664 _____ C:\Users\dsh\Downloads\kav_rescue_1032.iso
2013-12-30 13:39 - 2009-12-29 09:42 - 00000706 _____ C:\Users\dsh\Desktop\Eigenen Dateien.lnk
2013-12-30 13:24 - 2009-12-28 21:34 - 00002020 _____ C:\Users\Public\Desktop\Herrnhuter Losungen.lnk
2013-12-29 10:18 - 2013-12-29 08:48 - 00000000 ____D C:\Windows\220FB0354744483A9A0B41DF77061583.TMP
2013-12-29 08:49 - 2013-12-29 08:49 - 00000000 ____D C:\Program Files\Enigma Software Group
2013-12-29 08:48 - 2013-12-29 08:48 - 00001028 _____ C:\Users\Public\Desktop\Picasa 3.lnk
2013-12-29 08:48 - 2013-12-29 08:48 - 00000000 ____D C:\Program Files\Common Files\Wise Installation Wizard
2013-12-29 08:47 - 2009-12-28 21:05 - 00000000 ____D C:\Program Files\Google
2013-12-29 02:05 - 2013-12-29 02:05 - 00000000 ____D C:\Users\dsh\AppData\Roaming\Malwarebytes
2013-12-28 20:05 - 2013-12-28 20:05 - 00001912 _____ C:\Windows\PWCMDLST.BAK
2013-12-28 17:44 - 2009-12-28 21:05 - 00000000 ____D C:\Users\dsh\AppData\Local\Google
2013-12-28 17:22 - 2013-12-28 17:22 - 00001171 _____ C:\Users\Public\Desktop\MiniTool Partition Wizard Home Edition.lnk
2013-12-28 17:22 - 2013-12-28 17:22 - 00000000 ____D C:\Program Files\MiniTool Partition Wizard Home Edition 8.1.1
2013-12-28 17:16 - 2013-12-28 17:16 - 00000000 ____D C:\Users\admin\AppData\Roaming\Malwarebytes
2013-12-28 17:16 - 2013-12-28 17:16 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-12-26 13:08 - 2011-07-23 11:49 - 00000000 ____D C:\Users\dsh\AppData\Roaming\Apple Computer
2013-12-26 13:06 - 2012-11-24 16:37 - 00000000 ____D C:\Users\admin\AppData\Roaming\Apple Computer
2013-12-26 13:00 - 2013-12-26 12:59 - 00000000 ____D C:\Program Files\Mobogenie
2013-12-26 13:00 - 2013-12-26 12:58 - 00000000 ____D C:\Program Files\Free M4a to MP3 Converter
2013-12-26 12:59 - 2013-12-26 12:59 - 00000000 ____D C:\Program Files\Show-Password
2013-12-26 12:59 - 2013-12-26 12:59 - 00000000 _____ C:\Users\admin\daemonprocess.txt
2013-12-26 12:59 - 2012-11-24 16:37 - 00000000 ____D C:\Users\admin
2013-12-23 20:32 - 2013-12-23 20:32 - 04558848 _____ (Google Inc.) C:\Windows\system32\GPhotos.scr
2013-12-23 17:41 - 2013-12-23 17:41 - 00000000 ____D C:\Program Files\Simons & Voss
2013-12-19 18:35 - 2010-03-01 04:59 - 00000000 ____D C:\Windows\Minidump
2013-12-18 09:45 - 2009-12-28 21:01 - 00000000 ___RD C:\Program Files\Skype
2013-12-18 09:45 - 2009-12-28 21:01 - 00000000 ____D C:\ProgramData\Skype
2013-12-17 15:30 - 2013-05-06 11:16 - 00069240 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-12-17 15:30 - 2012-10-29 10:44 - 00135648 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-12-17 15:30 - 2012-10-29 10:44 - 00090400 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-12-16 11:18 - 2009-12-28 16:26 - 01507342 _____ C:\Windows\system32\PerfStringBackup.INI
2013-12-16 09:09 - 2011-11-19 12:58 - 00002130 _____ C:\Users\Public\Desktop\Google Earth.lnk
2013-12-11 19:49 - 2013-11-15 12:52 - 00000000 ____D C:\Windows\rescache
2013-12-11 18:55 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\system32\de-DE
2013-12-11 18:32 - 2013-08-15 02:06 - 00000000 ____D C:\Windows\system32\MRT
2013-12-11 18:26 - 2009-12-29 08:46 - 88123800 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-12-10 19:23 - 2012-05-28 18:22 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-12-10 19:23 - 2012-05-28 18:22 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-12-09 18:38 - 2009-07-14 05:52 - 00000000 ____D C:\Windows\system32\FxsTmp

Some content of TEMP:
====================
C:\Users\dsh\AppData\Local\Temp\AtiCimUn.exe
C:\Users\dsh\AppData\Local\Temp\avgnt.exe
C:\Users\dsh\AppData\Local\Temp\DataCard_Setup.exe
C:\Users\dsh\AppData\Local\Temp\FlashPlayerUpdate.exe
C:\Users\dsh\AppData\Local\Temp\GoogleToolbarInstaller.exe
C:\Users\dsh\AppData\Local\Temp\gtalkwmp1.dll
C:\Users\dsh\AppData\Local\Temp\install_reader11_de_gtba_chra_dy_aaa_aih.exe
C:\Users\dsh\AppData\Local\Temp\JiveXViewerStart1298277105.exe
C:\Users\dsh\AppData\Local\Temp\mkupdate.exe
C:\Users\dsh\AppData\Local\Temp\MSETUP4.EXE
C:\Users\dsh\AppData\Local\Temp\NEventMessages.dll
C:\Users\dsh\AppData\Local\Temp\NOSEventMessages.dll
C:\Users\dsh\AppData\Local\Temp\ose00000.exe
C:\Users\dsh\AppData\Local\Temp\ose00001.exe
C:\Users\dsh\AppData\Local\Temp\PicasaCD.exe
C:\Users\dsh\AppData\Local\Temp\PicasaUpdater_4702.exe
C:\Users\dsh\AppData\Local\Temp\Quarantine.exe
C:\Users\dsh\AppData\Local\Temp\ResetDevice.exe
C:\Users\dsh\AppData\Local\Temp\SIMEEIInstaller.exe
C:\Users\dsh\AppData\Local\Temp\SkypeSetup.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================
--- --- ---



Code:
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 04-01-2014
Ran by dsh at 2014-01-05 09:52:49
Running from C:\Users\dsh\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Avira Desktop (Enabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AS: Avira Desktop (Enabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

 Update for Microsoft Office 2007 (KB2508958) (Version:  - Microsoft)
Adobe AIR (Version: 3.6.0.6090 - Adobe Systems Incorporated)
Adobe AIR (Version: 3.6.0.6090 - Adobe Systems Incorporated) Hidden
Adobe Download Assistant (Version: 1.2.5 - Adobe Systems Incorporated)
Adobe Download Assistant (Version: 1.2.5 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 10 Plugin (Version: 10.0.42.34 - Adobe Systems Incorporated)
Adobe Flash Player 11 ActiveX (Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Reader X (10.1.8) - Deutsch (Version: 10.1.8 - Adobe Systems Incorporated)
Apple Application Support (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (Version: 2.1.3.127 - Apple Inc.)
Architektur Designer 2010 1.1.0.5 (Version: 1.1.0.5 - Creative Amadeo GmbH)
Ask Toolbar (Version: 1.15.10.0 - Ask.com) <==== ATTENTION
ATI AVIVO Codecs (Version: 10.10.0.40925 - ATI Technologies Inc.) Hidden
Avira Free Antivirus (Version: 14.0.2.286 - Avira)
Bing Bar (Version: 7.3.124.0 - Microsoft Corporation)
BMW M3 Challenge (Version: BMW M3 Challenge v1.0.0.0 - 10TACLE STUDIOS AG)
Bonjour (Version: 3.0.0.10 - Apple Inc.)
CameraHelperMsi (Version: 13.30.1395.0 - Logitech) Hidden
Canon Easy-PhotoPrint EX (Version:  - )
Canon Easy-WebPrint EX (Version: 1.3.5.0 - Canon Inc.)
Canon MG5200 series Benutzerregistrierung (Version:  - )
Canon MG5200 series MP Drivers (Version:  - )
Canon MP Navigator EX 4.0 (Version:  - )
Canon My Printer (Version:  - )
Canon Solution Menu EX (Version:  - )
Catalyst Control Center - Branding (Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Core Implementation (Version: 2009.0925.1707.28889 - ATI) Hidden
Catalyst Control Center Graphics Full Existing (Version: 2009.0925.1707.28889 - ATI) Hidden
Catalyst Control Center Graphics Full New (Version: 2009.0925.1707.28889 - ATI) Hidden
Catalyst Control Center Graphics Light (Version: 2009.0925.1707.28889 - ATI) Hidden
Catalyst Control Center Graphics Previews Common (Version: 2009.0925.1707.28889 - ATI) Hidden
Catalyst Control Center Graphics Previews Vista (Version: 2009.0925.1707.28889 - ATI) Hidden
Catalyst Control Center HydraVision Full (Version: 2009.0925.1707.28889 - ATI) Hidden
Catalyst Control Center InstallProxy (Version: 2010.0504.2152.37420 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (Version: 2009.0925.1707.28889 - ATI) Hidden
CCC Help Chinese Standard (Version: 2009.0925.1706.28889 - ATI) Hidden
CCC Help Chinese Traditional (Version: 2009.0925.1706.28889 - ATI) Hidden
CCC Help Czech (Version: 2009.0925.1706.28889 - ATI) Hidden
CCC Help Danish (Version: 2009.0925.1706.28889 - ATI) Hidden
CCC Help Dutch (Version: 2009.0925.1706.28889 - ATI) Hidden
CCC Help English (Version: 2009.0925.1706.28889 - ATI) Hidden
CCC Help Finnish (Version: 2009.0925.1706.28889 - ATI) Hidden
CCC Help French (Version: 2009.0925.1706.28889 - ATI) Hidden
CCC Help German (Version: 2009.0925.1706.28889 - ATI) Hidden
CCC Help Greek (Version: 2009.0925.1706.28889 - ATI) Hidden
CCC Help Hungarian (Version: 2009.0925.1706.28889 - ATI) Hidden
CCC Help Italian (Version: 2009.0925.1706.28889 - ATI) Hidden
CCC Help Japanese (Version: 2009.0925.1706.28889 - ATI) Hidden
CCC Help Korean (Version: 2009.0925.1706.28889 - ATI) Hidden
CCC Help Norwegian (Version: 2009.0925.1706.28889 - ATI) Hidden
CCC Help Polish (Version: 2009.0925.1706.28889 - ATI) Hidden
CCC Help Portuguese (Version: 2009.0925.1706.28889 - ATI) Hidden
CCC Help Russian (Version: 2009.0925.1706.28889 - ATI) Hidden
CCC Help Spanish (Version: 2009.0925.1706.28889 - ATI) Hidden
CCC Help Swedish (Version: 2009.0925.1706.28889 - ATI) Hidden
CCC Help Thai (Version: 2009.0925.1706.28889 - ATI) Hidden
CCC Help Turkish (Version: 2009.0925.1706.28889 - ATI) Hidden
ccc-core-static (Version: 2009.0925.1707.28889 - Ihr Firmenname) Hidden
ccc-utility (Version: 2009.0925.1707.28889 - ATI) Hidden
CDBurnerXP (Version: 4.3.0.1991 - CDBurnerXP)
CD-LabelPrint (Version:  - )
CHIPDRIVE MyKey (Version:  - Identive GmbH)
Creatix V.9X DSP Data Fax Modem (Version:  - )
CrystalDiskInfo 5.4.2 (Version: 5.4.2 - Crystal Dew World)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Dell System Detect Bootstrapper (Version: 1.1.0.15 - Dell)
DirectX for Managed Code Update (Summer 2004) (Version: 9.02.2904 - Microsoft) Hidden
Dropbox (Version: 2.0.22 - Dropbox, Inc.)
entrusted Toolbar (Version: 6.11.2.6 - entrusted) <==== ATTENTION
EPU-4 Engine (Version: 1.00.33 - )
erLT (Version: 1.20.138.34 - Logitech, Inc.) Hidden
File Type Assistant (Version: 2012.11.9.0 - ) <==== ATTENTION
Final Media Player 2012 (Version: 2012.10.9.0 - Bitberry Software)
FTDI USB Serial Converter Drivers (Version:  - )
GamesBar (W) (Version: 3.2.0.36 - Visicom Media inc.)
Google Chrome (Version: 31.0.1650.63 - Google Inc.)
Google Earth (Version: 7.1.2.2041 - Google)
Google Talk (remove only) (Version:  - )
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.22.3 - Google Inc.) Hidden
Google+ Auto Backup (Version: 1.0.19.76 - Google)
Herrnhuter Losungen (Version: 3.3.0 - Evang. Brüderunität Herrnhut)
HydraVision (Version: 4.2.114.0 - ATI Technologies Inc.) Hidden
iCloud (Version: 3.1.0.40 - Apple Inc.)
InstallIQ Updater (Version: 1.4.3.0 - W3i, LLC)
iTunes (Version: 11.1.3.8 - Apple Inc.)
Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Logitech Webcam Software-Treiberpaket (Version: 12.10.1110 - Logitech Inc.)
Logitech Webcam-Software (Version: 2.30 - Logitech Inc.)
LWS Facebook (Version: 13.30.1346.0 - Logitech) Hidden
LWS Gallery (Version: 13.30.1379.0 - Logitech) Hidden
LWS Help_main (Version: 13.30.1396.0 - Logitech) Hidden
LWS Launcher (Version: 13.30.1379.0 - Logitech) Hidden
LWS Motion Detection (Version: 13.30.1395.0 - Logitech) Hidden
LWS Pictures And Video (Version: 13.30.1395.0 - Logitech) Hidden
LWS Twitter (Version: 13.30.1346.0 - Logitech) Hidden
LWS Video Mask Maker (Version: 13.30.1379.0 - Logitech) Hidden
LWS VideoEffects (Version: 13.30.1379.0 - Logitech) Hidden
LWS Webcam Software (Version: 13.30.1379.0 - Logitech) Hidden
LWS WLM Plugin (Version: 1.30.1201.0 - Logitech) Hidden
LWS YouTube Plugin (Version: 13.30.1346.0 - Logitech) Hidden
Mesh Runtime (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Micrografx Designer 9.0 (Version: 9.0 - Micrografx, Inc.)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Excel MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Live Add-in 1.5 (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office OneNote MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook 2007 (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Outlook 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook Connector (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Outlook MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Shared MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works 4 Converter (Version: 9.8.0000 - Microsoft Corporation)
MiniTool Partition Wizard Home Edition 8.1.1 (Version:  - MiniTool Solution Ltd.)
MobileMe Control Panel (Version: 3.1.8.0 - Apple Inc.)
MSVC80_x86_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x86 (Version: 1.0.1.2 - Nokia) Hidden
MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0 - Microsoft Corporation)
NAVIGON Fresh 3.4.1 (Version: 3.4.1 - NAVIGON)
NetAssistant (Version: 3.8.3 - Freeze.com) Hidden
Nokia Connectivity Cable Driver (Version: 7.1.28.1 - Nokia)
Nokia Ovi Suite (Version: 2.1.1.1 - Nokia)
Nokia Ovi Suite (Version: 2.1.1.1 - Nokia) Hidden
Nokia Ovi Suite Software Updater (Version: 02.04.004.41370 - Nokia Corporation)
Nokia Software Updater (Version: 02.04.008.41976 - Nokia Corporation)
NVIDIA 3D Vision Treiber 311.06 (Version: 311.06 - NVIDIA Corporation)
NVIDIA Display Control Panel (Version: 6.14.11.9745 - NVIDIA Corporation)
NVIDIA Grafiktreiber 311.06 (Version: 311.06 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.108.688 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (Version: 7.17.13.1106 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 311.06 (Version: 311.06 - NVIDIA Corporation) Hidden
NVIDIA Update 1.11.3 (Version: 1.11.3 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.11.3 - NVIDIA Corporation) Hidden
Ovi Desktop Sync Engine (Version: 1.2.269.0 - Nokia) Hidden
OviMPlatform (Version: 2.6.86.0 - Nokia) Hidden
PC Connectivity Solution (Version: 10.12.0.0 - Nokia)
Picasa 3 (Version: 3.9 - Google, Inc.)
PL-2303 Vista Driver Installer (Version: 3.0.1.0 - Prolific)
Platform (Version: 1.34 - VIA Technologies, Inc.) Hidden
PrintKey2000 (Version:  - )
PVSonyDll (Version: 1.00.0001 - NVIDIA Corporation) Hidden
QuickTime (Version: 7.74.80.86 - Apple Inc.)
Realtek 8136 8168 8169 Ethernet Driver (Version: 1.00.0005 - Realtek)
Realtek AC'97 Audio (Version:  - )
RegistryReviver (Version: 1.3.26 - SPAMfighter ApS) Hidden
Safari (Version: 5.34.57.2 - Apple Inc.)
SCR3xxx Smart Card Reader (Version: 8.44 - SCM Microsystems)
Search Protect by conduit (Version: 1.4.1.12 - Conduit) <==== ATTENTION
Show-Password (Version:  - Show-Password LTD)
Skype™ 6.11 (Version: 6.11.102 - Skype Technologies S.A.)
Spelling Dictionaries Support For Adobe Reader 9 (Version: 9.0.0 - Adobe Systems Incorporated)
StarMoney (Version: 2.0 - StarFinanz) Hidden
StarMoney (Version: 3.0.3.21 - StarFinanz) Hidden
StarMoney (Version: 4.0.2.34 - StarFinanz) Hidden
StarMoney Business 4.0  (Version: 4.0 - Star Finanz GmbH)
StarMoney Business 5.0  (Version: 5.0 - Star Finanz GmbH)
StarMoney Business 6.0  (Version: 6.0 - Star Finanz GmbH)
Surf & E-Mail-Stick (Version: 11.301.08.00.35 - Huawei Technologies Co.,Ltd)
System 3060 (Version:  - )
System Requirements Lab (Version:  - )
t@x 2011 (Version: 18.00.6928 - Buhl Data Service GmbH)
t@x 2012 (Version: 19.10.7954 - Buhl Data Service GmbH)
t@x 2013 (Version: 20.08.8317 - Buhl Data Service GmbH)
TeamViewer 8 (Version: 8.0.22298 - TeamViewer)
UltraISO Premium V9.6 (Version:  - )
Update for 2007 Microsoft Office System (KB967642) (Version:  - Microsoft)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (Version: 3 - Microsoft Corporation)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2850085) 32-Bit Edition (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (Version:  - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (Version:  - Microsoft)
VIA Plattform-Geräte-Manager (Version: 1.34 - VIA Technologies, Inc.)
WD Drive Manager (x86) (Version: 2.103 - Western Digital)
Windows Live Communications Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Family Safety (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mail (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX control for remote connections (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Messenger Companion Core (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0) (Version: 08/22/2008 7.0.0.0 - Nokia)
Yahoo Community Smartbar (Version: 1.6.1.900 - Linkury Inc.) <==== ATTENTION
Yahoo! Software Update (Version:  - )
Yahoo! Toolbar (Version:  - )

==================== Restore Points  =========================

Could not list Restore Points. Check WMI.


==================== Hosts content: ==========================

2009-07-14 03:04 - 2009-06-10 22:39 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => ?
Task: C:\Windows\Tasks\Final Media Player Update Checker.job => ?
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => ?
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => ?
Task: C:\Windows\Tasks\Show-Password Update.job => ?

==================== Loaded Modules (whitelisted) =============

2010-05-26 22:25 - 2009-01-15 13:55 - 00565248 _____ () C:\Program Files\ASUS\EPU-4 Engine\pngio.dll
2010-05-26 22:25 - 2006-01-10 09:50 - 00024576 ____R () C:\Windows\system32\AsIo.dll
2010-05-26 22:25 - 2009-03-25 15:53 - 00053248 _____ () C:\Program Files\ASUS\EPU-4 Engine\AsSpindownTimeout.dll
2010-05-26 22:25 - 2009-05-07 09:50 - 00073728 ____R () C:\Program Files\VIA\VIAudioi\VDeck\QsApoApi.dll
2010-05-26 22:25 - 2009-05-07 09:53 - 00106496 ____R () C:\Program Files\VIA\VIAudioi\VDeck\Dts2ApoApi.dll
2010-05-26 22:25 - 2008-02-14 06:57 - 00094208 ____R () C:\Program Files\VIA\VIAudioi\VDeck\VMicApi.dll
2010-05-26 22:25 - 2009-08-28 04:31 - 47628288 ____R () C:\Program Files\VIA\VIAudioi\VDeck\Skin.dll
2011-06-24 21:56 - 2011-06-24 21:56 - 00087328 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2011-06-24 21:56 - 2011-06-24 21:56 - 01241888 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2011-08-12 12:18 - 2011-08-12 12:18 - 02145304 _____ () C:\Program Files\Logitech\LWS\Webcam Software\QtCore4.dll
2011-08-12 12:18 - 2011-08-12 12:18 - 07956504 _____ () C:\Program Files\Logitech\LWS\Webcam Software\QtGui4.dll
2011-08-12 12:18 - 2011-08-12 12:18 - 00342552 _____ () C:\Program Files\Logitech\LWS\Webcam Software\QtXml4.dll
2011-08-12 12:18 - 2011-08-12 12:18 - 00029208 _____ () C:\Program Files\Logitech\LWS\Webcam Software\imageformats\QGif4.dll
2011-08-12 12:18 - 2011-08-12 12:18 - 00128536 _____ () C:\Program Files\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll
2009-02-26 08:14 - 2009-02-26 08:14 - 07497216 _____ () C:\Program Files\Nokia\Nokia Ovi Suite\QtGui4.dll
2009-03-30 14:46 - 2009-03-30 14:46 - 02070016 _____ () C:\Program Files\Nokia\Nokia Ovi Suite\QtCore4.dll
2009-02-26 08:05 - 2009-02-26 08:05 - 00872960 _____ () C:\Program Files\Nokia\Nokia Ovi Suite\QtNetwork4.dll
2009-02-26 08:04 - 2009-02-26 08:04 - 00319488 _____ () C:\Program Files\Nokia\Nokia Ovi Suite\QtXml4.dll
2009-02-26 09:17 - 2009-02-26 09:17 - 00022016 _____ () C:\Program Files\Nokia\Nokia Ovi Suite\imageformats\qgif4.dll
2009-01-20 12:02 - 2009-01-20 12:02 - 00131072 _____ () C:\Program Files\Nokia\Nokia Ovi Suite\imageformats\qjpeg1.dll
2009-01-20 12:02 - 2009-01-20 12:02 - 00013824 _____ () C:\Program Files\Nokia\Nokia Ovi Suite\imageformats\qsvg1.dll
2009-02-26 08:23 - 2009-02-26 08:23 - 00246784 _____ () C:\Program Files\Nokia\Nokia Ovi Suite\QtSvg4.dll
2010-02-24 20:13 - 2010-02-24 20:13 - 00570368 _____ () C:\Program Files\Nokia\Nokia Ovi Suite\Maps Service API.dll
2010-02-24 20:13 - 2010-02-24 20:13 - 00934912 _____ () C:\Program Files\Nokia\Nokia Ovi Suite\curllibRD.dll
2010-02-24 20:13 - 2010-02-24 20:13 - 00734720 _____ () C:\Program Files\Nokia\Nokia Ovi Suite\ZipArchive.dll
2009-12-17 10:24 - 2009-12-17 10:24 - 00147264 _____ () C:\Program Files\Nokia\Nokia Ovi Suite\noaipcclient.dll
2009-06-09 15:17 - 2009-06-09 15:17 - 00019968 _____ () C:\Program Files\Nokia\Nokia Ovi Suite\wrtserviceipcclient.dll
2010-02-03 11:23 - 2010-02-03 11:23 - 00245040 _____ () C:\Program Files\Nokia\Nokia Ovi Suite\OviShareLib.dll
2005-07-20 09:48 - 2005-07-20 09:48 - 00059904 _____ () C:\Program Files\Nokia\Nokia Ovi Suite\zlib1.dll
2013-03-13 21:48 - 2013-03-13 21:48 - 24978944 _____ () C:\Users\dsh\AppData\Roaming\Dropbox\bin\libcef.dll
2011-08-22 15:47 - 2011-08-22 15:47 - 00336408 _____ () C:\Program Files\Common Files\logishrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll
2009-08-31 10:33 - 2009-08-31 10:33 - 00016384 _____ () C:\Program Files\Common Files\Nokia\NoA\qtsecurestorage.dll
2009-08-31 10:33 - 2009-08-31 10:33 - 00013824 _____ () C:\Program Files\Common Files\Nokia\NoA\qtsecurestorageserver.dll
2009-08-31 10:33 - 2009-08-31 10:33 - 00014336 _____ () C:\Program Files\Common Files\Nokia\NoA\cryptodll.dll
2009-08-24 10:29 - 2009-08-24 10:29 - 02013184 _____ () C:\Program Files\Common Files\Nokia\NoA\QtCore4.dll
2009-08-31 10:11 - 2009-08-31 10:11 - 00025088 _____ () C:\Program Files\Common Files\Nokia\NoA\wrtserviceipcserver.dll
2009-06-20 10:10 - 2009-06-20 10:10 - 00875520 _____ () C:\Program Files\Common Files\Nokia\NoA\QtNetwork4.dll
2009-06-20 10:09 - 2009-06-20 10:09 - 00337408 _____ () C:\Program Files\Common Files\Nokia\NoA\QtXml4.dll
2009-06-20 10:21 - 2009-06-20 10:21 - 07464448 _____ () C:\Program Files\Common Files\Nokia\NoA\QtGui4.dll
2013-12-05 15:05 - 2013-12-04 03:47 - 00702416 _____ () C:\Program Files\Google\Chrome\Application\31.0.1650.63\libglesv2.dll
2013-12-05 15:05 - 2013-12-04 03:47 - 00099792 _____ () C:\Program Files\Google\Chrome\Application\31.0.1650.63\libegl.dll
2013-12-05 15:05 - 2013-12-04 03:48 - 04055504 _____ () C:\Program Files\Google\Chrome\Application\31.0.1650.63\pdf.dll
2013-12-05 15:05 - 2013-12-04 03:48 - 00399312 _____ () C:\Program Files\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll
2013-12-05 15:05 - 2013-12-04 03:47 - 01619408 _____ () C:\Program Files\Google\Chrome\Application\31.0.1650.63\ffmpegsumo.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/04/2014 05:04:32 PM) (Source: VSS) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.


Vorgang:
  Generatordaten werden gesammelt

Kontext:
  Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
  Generatorname: System Writer
  Generatorinstanz-ID: {57614906-0955-480c-ab3d-c27e3e8255f8}

Error: (01/01/2014 06:28:41 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 12013

Error: (01/01/2014 06:28:41 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 12013

Error: (01/01/2014 06:28:41 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (01/01/2014 06:28:40 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 10999

Error: (01/01/2014 06:28:40 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 10999

Error: (01/01/2014 06:28:40 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (01/01/2014 06:28:39 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 10000

Error: (01/01/2014 06:28:39 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 10000

Error: (01/01/2014 06:28:39 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


System errors:
=============
Error: (01/05/2014 09:23:37 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1069

Error: (01/05/2014 09:23:37 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:
%%1330

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (01/05/2014 09:20:59 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NMSAccessU" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error: (01/05/2014 01:37:57 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1069

Error: (01/05/2014 01:37:57 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:
%%1330

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (01/05/2014 01:34:47 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NMSAccessU" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error: (01/04/2014 11:59:51 PM) (Source: SCardSvr) (User: )
Description: Das Gerät wurde entfernt.SCM Microsystems Inc. SCR35xx USB Smart Card Reader 0GET_STATEXX XX XX XX

Error: (01/04/2014 07:57:32 PM) (Source: SCardSvr) (User: )
Description: Ein an das System angeschlossenes Gerät funktioniert nicht.SCM Microsystems Inc. SCR35xx USB Smart Card Reader 00x3136b012 XX XX XX

Error: (01/04/2014 07:57:32 PM) (Source: SCardSvr) (User: )
Description: Die Anforderung wird nicht unterstützt.SCM Microsystems Inc. SCR35xx USB Smart Card Reader 0GET_ATTRIBUTE03 01 01 00

Error: (01/04/2014 05:15:51 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1069


Microsoft Office Sessions:
=========================
Error: (01/02/2012 00:08:52 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 4373 seconds with 3000 seconds of active time.  This session ended with a crash.

Error: (11/14/2011 07:24:09 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 27 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (08/09/2011 03:25:44 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 28 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (06/27/2011 10:11:00 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 7535 seconds with 540 seconds of active time.  This session ended with a crash.

Error: (11/04/2010 04:32:18 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6539.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (07/05/2010 09:47:21 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 40 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (05/08/2010 05:12:37 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 4 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (05/08/2010 00:12:11 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1240 seconds with 1200 seconds of active time.  This session ended with a crash.

Error: (05/05/2010 07:11:43 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 101 seconds with 60 seconds of active time.  This session ended with a crash.

Error: (05/05/2010 06:29:10 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3 seconds with 0 seconds of active time.  This session ended with a crash.


==================== Memory info ===========================

Percentage of memory in use: 48%
Total physical RAM: 3327.18 MB
Available physical RAM: 1712.23 MB
Total Pagefile: 6652.64 MB
Available Pagefile: 4470.61 MB
Total Virtual: 2047.88 MB
Available Virtual: 1873.46 MB

==================== Drives ================================

Drive a: (Volume) (Fixed) (Total:465.76 GB) (Free:399 GB) NTFS
Drive c: () (Fixed) (Total:143.57 GB) (Free:61.41 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (D) (Fixed) (Total:5.48 GB) (Free:5.35 GB) NTFS
Drive m: (My Book) (Fixed) (Total:465.65 GB) (Free:50.51 GB) FAT32

==================== MBR & Partition Table ==================

==================== End Of Log ============================

aharonov 05.01.2014 13:08
Hallo,

wie ist die Situation nach diesem Fix und einem Neustart?


Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
HKLM\...\Run: [mobilegeni daemon] - C:\Program Files\Mobogenie\DaemonProcess.exe
SearchScopes: HKLM - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=74ee28fd-5a12-4256-aa75-e5b8dbfefbbc&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=25/03/2013&type=hp1000
SearchScopes: HKLM - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=74ee28fd-5a12-4256-aa75-e5b8dbfefbbc&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=25/03/2013&type=hp1000
BHO: GamesBar (W) - {2e94b700-eafb-4c9e-a696-77200aa3f89b} - C:\Program Files\gamesagogo_w3i\encyclopediabritannicagamesbarX.dll ()
BHO: Show-Password - {96304e6d-bcec-4bca-b49b-ae3b4d54afec} - C:\Program Files\Show-Password\150.dll ()
BHO: NetAssistant - {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - C:\Program Files\Freeze.com\NetAssistant\NetAssistant.dll (W3i, LLC)
BHO: No Name - {e44a1809-4d10-4ab8-b343-3326b64c7cdd} -  No File
Toolbar: HKLM - GamesBar (W) - {2e94b700-eafb-4c9e-a696-77200aa3f89b} - C:\Program Files\gamesagogo_w3i\encyclopediabritannicagamesbarX.dll ()
CHR HKLM\...\Chrome\Extension: [jpmbfleldcgkldadpdinhjjopdfpjfjp] - C:\Users\dsh\AppData\Local\Wajam\Chrome\wajam.crx
CHR HKLM\...\Chrome\Extension: [logekkkdbdidmmcgkonmmonclldogceg] - C:\Program Files\Show-Password\150.crx
2013-12-26 12:59 - 2014-01-05 09:21 - 00000380 _____ C:\Windows\Tasks\Show-Password Update.job
2013-12-26 12:59 - 2013-12-26 13:00 - 00000000 ____D C:\Program Files\Mobogenie
2013-12-26 12:59 - 2013-12-26 12:59 - 00000000 ____D C:\Program Files\Show-Password
2013-12-26 12:59 - 2013-12-26 12:59 - 00000000 _____ C:\Users\admin\daemonprocess.txt
C:\Users\dsh\AppData\Local\Temp\*.exe

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.


dshbb 05.01.2014 13:38
Liste der Anhänge anzeigen (Anzahl: 1)
Hallo Leo!
Vielen Dank für deine Hilfe, ich habe den Fix ausgeführt und neu gestartet. Leider ist die Situation scheinbar unverändert. Ich hänge mal ein Screenshot eines Popups an, so sehen quasi auch alle absichtlich aufgerufenen Seiten aus. "showpassword" (klingt schon mal nicht gut)scheint mit Schuld zu sein - ist aber wohl immer noch da;(. Noch Ideen?;) DANKE!

Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 04-01-2014
Ran by dsh at 2014-01-05 13:28:02 Run:1
Running from C:\Users\dsh\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
HKLM\...\Run: [mobilegeni daemon] - C:\Program Files\Mobogenie\DaemonProcess.exe
SearchScopes: HKLM - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=74ee28fd-5a12-4256-aa75-e5b8dbfefbbc&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=25/03/2013&type=hp1000
SearchScopes: HKLM - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=74ee28fd-5a12-4256-aa75-e5b8dbfefbbc&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=25/03/2013&type=hp1000
BHO: GamesBar (W) - {2e94b700-eafb-4c9e-a696-77200aa3f89b} - C:\Program Files\gamesagogo_w3i\encyclopediabritannicagamesbarX.dll ()
BHO: Show-Password - {96304e6d-bcec-4bca-b49b-ae3b4d54afec} - C:\Program Files\Show-Password\150.dll ()
BHO: NetAssistant - {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - C:\Program Files\Freeze.com\NetAssistant\NetAssistant.dll (W3i, LLC)
BHO: No Name - {e44a1809-4d10-4ab8-b343-3326b64c7cdd} -  No File
Toolbar: HKLM - GamesBar (W) - {2e94b700-eafb-4c9e-a696-77200aa3f89b} - C:\Program Files\gamesagogo_w3i\encyclopediabritannicagamesbarX.dll ()
CHR HKLM\...\Chrome\Extension: [jpmbfleldcgkldadpdinhjjopdfpjfjp] - C:\Users\dsh\AppData\Local\Wajam\Chrome\wajam.crx
CHR HKLM\...\Chrome\Extension: [logekkkdbdidmmcgkonmmonclldogceg] - C:\Program Files\Show-Password\150.crx
2013-12-26 12:59 - 2014-01-05 09:21 - 00000380 _____ C:\Windows\Tasks\Show-Password Update.job
2013-12-26 12:59 - 2013-12-26 13:00 - 00000000 ____D C:\Program Files\Mobogenie
2013-12-26 12:59 - 2013-12-26 12:59 - 00000000 ____D C:\Program Files\Show-Password
2013-12-26 12:59 - 2013-12-26 12:59 - 00000000 _____ C:\Users\admin\daemonprocess.txt
C:\Users\dsh\AppData\Local\Temp\*.exe
       
*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\mobilegeni daemon => Value not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Error setting value.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5} => Key not found.
HKCR\Wow6432Node\CLSID\{006ee092-9658-4fd6-bd8e-a21a348e59f5} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2e94b700-eafb-4c9e-a696-77200aa3f89b} => Key not found.
HKCR\CLSID\{2e94b700-eafb-4c9e-a696-77200aa3f89b} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{96304e6d-bcec-4bca-b49b-ae3b4d54afec} => Key not found.
HKCR\CLSID\{96304e6d-bcec-4bca-b49b-ae3b4d54afec} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E38FA08E-F56A-4169-ABF5-5C71E3C153A1} => Key not found.
HKCR\CLSID\{E38FA08E-F56A-4169-ABF5-5C71E3C153A1} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e44a1809-4d10-4ab8-b343-3326b64c7cdd} => Key not found.
HKCR\CLSID\{e44a1809-4d10-4ab8-b343-3326b64c7cdd} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{2e94b700-eafb-4c9e-a696-77200aa3f89b} => Value not found.
HKCR\CLSID\{2e94b700-eafb-4c9e-a696-77200aa3f89b} => Key not found.
HKLM\SOFTWARE\Google\Chrome\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp => Key not found.
"C:\Users\dsh\AppData\Local\Wajam\Chrome\wajam.crx" => File/Directory not found.
HKLM\SOFTWARE\Google\Chrome\Extensions\logekkkdbdidmmcgkonmmonclldogceg => Key not found.
Could not move "C:\Program Files\Show-Password\150.crx" => Scheduled to move on reboot.
Could not move "C:\Windows\Tasks\Show-Password Update.job" => Scheduled to move on reboot.

"C:\Program Files\Mobogenie" directory move:

Could not move "C:\Program Files\Mobogenie\AndroidClient.apk" => Scheduled to move on reboot.
Could not move "C:\Program Files\Mobogenie\mobogenie.apk" => Scheduled to move on reboot.
Could not move "C:\Program Files\Mobogenie\ok.htm" => Scheduled to move on reboot.
Could not move "C:\Program Files\Mobogenie" directory. => Scheduled to move on reboot.


"C:\Program Files\Show-Password" directory move:

Could not move "C:\Program Files\Show-Password\01.db" => Scheduled to move on reboot.
Could not move "C:\Program Files\Show-Password\150.crx" => Scheduled to move on reboot.
Could not move "C:\Program Files\Show-Password\150.dat" => Scheduled to move on reboot.
Could not move "C:\Program Files\Show-Password\150.dll" => Scheduled to move on reboot.
Could not move "C:\Program Files\Show-Password\150.xpi" => Scheduled to move on reboot.
Could not move "C:\Program Files\Show-Password\Show_Password.exe" => Scheduled to move on reboot.
Could not move "C:\Program Files\Show-Password\Sqlite3.dll" => Scheduled to move on reboot.
Could not move "C:\Program Files\Show-Password\Uninstall.exe" => Scheduled to move on reboot.
Could not move "C:\Program Files\Show-Password" directory. => Scheduled to move on reboot.

Could not move "C:\Users\admin\daemonprocess.txt" => Scheduled to move on reboot.
C:\Users\dsh\AppData\Local\Temp\*.exe => Moved successfully.

=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-01-05 13:31:24)<=

==> ATTENTION: System is not rebooted.
"C:\Program Files\Show-Password\150.crx" => File could not move.
"C:\Windows\Tasks\Show-Password Update.job" => File could not move.
"C:\Program Files\Mobogenie\AndroidClient.apk" => File could not move.
"C:\Program Files\Mobogenie\mobogenie.apk" => File could not move.
"C:\Program Files\Mobogenie\ok.htm" => File could not move.
"C:\Program Files\Mobogenie" => Directory could not move.
"C:\Program Files\Show-Password\01.db" => File could not move.
"C:\Program Files\Show-Password\150.crx" => File could not move.
"C:\Program Files\Show-Password\150.dat" => File could not move.
"C:\Program Files\Show-Password\150.dll" => File could not move.
"C:\Program Files\Show-Password\150.xpi" => File could not move.
"C:\Program Files\Show-Password\Show_Password.exe" => File could not move.
"C:\Program Files\Show-Password\Sqlite3.dll" => File could not move.
"C:\Program Files\Show-Password\Uninstall.exe" => File could not move.
"C:\Program Files\Show-Password" => Directory could not move.
"C:\Users\admin\daemonprocess.txt" => File could not move.

==== End of Fixlog ====

aharonov 05.01.2014 13:41
Ah, der Fix hat nicht geklappt, weil du nicht als Administrator arbeitest.

Also: Wir brauchen zuerst einen frischen Scan, indem du FRST mit Rechtsklick -> Als Administrator ausführen startest:


Starte noch einmal FRST.
  • Ändere keine der Voreinstellungen und drücke auf Scan.
  • Wenn der Scan abgeschlossen ist, werden ein neues Logfile FRST.txt erstellt und auf dem Desktop gespeichert.
  • Poste den Inhalt dieses Logfiles bitte hier in deinen Thread.

dshbb 05.01.2014 17:40
Hey Leo,
ah, ja das kann sein. Also jetzt noch mal als Admin. Hier die Log Datei:


FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 04-01-2014
Ran by admin (administrator) on DSH-PC on 05-01-2014 14:51:08
Running from A:\Eigenen Dateien\Fix_Admin\Fix
Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Logitech Inc.) C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(AMD) C:\Windows\System32\atieclxx.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Star Finanz - Software Entwicklung und Vertriebs GmbH) C:\Program Files\StarMoney Business 4.0\ouservice\StarMoneyOnlineUpdate.exe
(Star Finanz - Software Entwicklung und Vertriebs GmbH) C:\Program Files\StarMoney Business 5.0\ouservice\StarMoneyOnlineUpdate.exe
(Star Finanz-Software Entwicklung und Vertriebs GmbH) C:\Program Files\StarMoney Business 6.0\ouservice\StarMoneyOnlineUpdate.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
(WDC) C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Yahoo! Inc.) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe
(ASUSTeK Computer Inc.) C:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe
(Realtek Semiconductor Corp.) C:\Windows\SOUNDMAN.EXE
(WDC) C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
(Nokia) C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
(VIA) C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(CANON INC.) C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE
(Identive GmbH) C:\Program Files\CHIPDRIVE\CHIPDRIVE MyKey\MyKey\MyKey.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Logitech Inc.) C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Nokia) C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe
(Star Finanz-Software Entwicklung und Vertriebs GmbH) C:\Program Files\StarMoney Business 6.0\offlagent7\offlagent.exe
() C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
(SCM Microsystems) C:\Program Files\CHIPDRIVE\CHIPDRIVE MyKey\MyKey\SCMSOK.exe
() C:\Program Files\Buhl finance\tax Steuersoftware 2012\taxaktuell.exe
() C:\Program Files\Common Files\logishrd\LQCVFX\COCIManager.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
() C:\Program Files\Common Files\Nokia\NoA\nokiaaserver.exe
(Nokia) C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
(Microsoft Corporation.) C:\Program Files\Microsoft\BingBar\7.3.124.0\SeaPort.EXE
(Microsoft Corporation) C:\Windows\System32\audiodg.exe
(AMD) C:\Windows\System32\atieclxx.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Bitberry Software) C:\Program Files\FinalMediaPlayer\FMPCheckForUpdates.exe
(Realtek Semiconductor Corp.) C:\Windows\SOUNDMAN.EXE
(WDC) C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
(Nokia) C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
(VIA) C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(CANON INC.) C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE
(Identive GmbH) C:\Program Files\CHIPDRIVE\CHIPDRIVE MyKey\MyKey\MyKey.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Logitech Inc.) C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
() C:\Program Files\Buhl finance\tax Steuersoftware 2013\taxaktuell.exe
(Star Finanz-Software Entwicklung und Vertriebs GmbH) C:\Program Files\StarMoney Business 6.0\offlagent7\offlagent.exe
() C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
(SCM Microsystems) C:\Program Files\CHIPDRIVE\CHIPDRIVE MyKey\MyKey\SCMSOK.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Nokia) C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
(Nokia) C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
() C:\Program Files\Common Files\logishrd\LQCVFX\COCIManager.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SoundMan] - C:\Windows\SOUNDMAN.EXE [604704 2009-04-14] (Realtek Semiconductor Corp.)
HKLM\...\Run: [WD Drive Manager] - C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe [430080 2008-05-16] (WDC)
HKLM\...\Run: [StarMoneyRunEntry] - C:\Program Files\StarMoney Business 4.0\app\OflAgent.exe [57864 2011-09-22] (Star Finanz - Software Entwicklung und Vertriebs GmbH)
HKLM\...\Run: [NokiaMServer] - C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup
HKLM\...\Run: [HDAudDeck] - C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe [1486848 2009-08-28] (VIA)
HKLM\...\Run: [StartCCC] - "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
HKLM\...\Run: [CanonMyPrinter] - C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE [2516296 2010-03-24] (CANON INC.)
HKLM\...\Run: [CanonSolutionMenuEx] - C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE [1185112 2010-04-02] (CANON INC.)
HKLM\...\Run: [SMB50StarMoneyRunEntry] - C:\Program Files\StarMoney Business 5.0\app\OflAgent.exe [56976 2013-12-18] (Star Finanz - Software Entwicklung und Vertriebs GmbH)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [MyKey] - C:\Program Files\CHIPDRIVE\CHIPDRIVE MyKey\MyKey\MyKey.exe [3757000 2012-12-03] (Identive GmbH)
HKLM\...\Run: [] - [x]
HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [684600 2013-12-17] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [SMB60StarMoneyRunEntry] - C:\Program Files\StarMoney Business 6.0\app\OflAgent.exe [48272 2013-12-18] (Star Finanz-Software Entwicklung und Vertriebs GmbH)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKLM\...\Run: [LWS] - C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe [205336 2011-08-12] (Logitech Inc.)
HKLM\...\Run: [mobilegeni daemon] - C:\Program Files\Mobogenie\DaemonProcess.exe
Winlogon\Notify\ScCertProp: wlnotify.dll [X]
HKCU\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)
Startup: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk
ShortcutTarget: Logitech . Produktregistrierung.lnk -> C:\Program Files\Logitech\Ereg\eReg.exe (Leader Technologies/Logitech)
Startup: C:\Users\dsh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\dsh\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\dsh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\t@x aktuell.lnk
ShortcutTarget: t@x aktuell.lnk -> C:\Program Files\Buhl finance\tax Steuersoftware 2012\taxaktuell.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xF1D192D14CE4CD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
URLSearchHook: HKLM - (No Name) - {e44a1809-4d10-4ab8-b343-3326b64c7cdd} -  No File
SearchScopes: HKLM - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=74ee28fd-5a12-4256-aa75-e5b8dbfefbbc&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=25/03/2013&type=hp1000
SearchScopes: HKLM - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=74ee28fd-5a12-4256-aa75-e5b8dbfefbbc&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=25/03/2013&type=hp1000
SearchScopes: HKCU - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=74ee28fd-5a12-4256-aa75-e5b8dbfefbbc&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=25/03/2013&type=hp1000
SearchScopes: HKCU - CCA05AEE30334B6E802108EBAC8E0EDE URL = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=74ee28fd-5a12-4256-aa75-e5b8dbfefbbc&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=25/03/2013&type=hp1000
SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=74ee28fd-5a12-4256-aa75-e5b8dbfefbbc&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=25/03/2013&type=hp1000
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
BHO: GamesBar (W) - {2e94b700-eafb-4c9e-a696-77200aa3f89b} - C:\Program Files\gamesagogo_w3i\encyclopediabritannicagamesbarX.dll ()
BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Show-Password - {96304e6d-bcec-4bca-b49b-ae3b4d54afec} - C:\Program Files\Show-Password\150.dll ()
BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\7.3.124.0\BingExt.dll (Microsoft Corporation.)
BHO: Avira SearchFree Toolbar plus Web Protection - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
BHO: NetAssistant - {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - C:\Program Files\Freeze.com\NetAssistant\NetAssistant.dll (W3i, LLC)
BHO: No Name - {e44a1809-4d10-4ab8-b343-3326b64c7cdd} -  No File
BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
Toolbar: HKLM - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
Toolbar: HKLM - Avira SearchFree Toolbar plus Web Protection - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
Toolbar: HKLM - GamesBar (W) - {2e94b700-eafb-4c9e-a696-77200aa3f89b} - C:\Program Files\gamesagogo_w3i\encyclopediabritannicagamesbarX.dll ()
Toolbar: HKLM - Yahoo Community Smartbar (by Linkury) - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.3.124.0\BingExt.dll (Microsoft Corporation.)
Toolbar: HKCU - Avira SearchFree Toolbar plus Web Protection - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
Toolbar: HKCU - No Name - {E44A1809-4D10-4AB8-B343-3326B64C7CDD} -  No File
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Winsock: Catalog9 01 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 02 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 03 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 04 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 05 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 06 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 07 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 08 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 37 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

Chrome:
=======
CHR HomePage: hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=74ee28fd-5a12-4256-aa75-e5b8dbfefbbc&searchtype=hp&fr=linkury-tb&installDate=25/03/2013&type=hp1000
CHR RestoreOnStartup: "hxxp://google.de/", "hxxp://www.searchnu.com/406?appid=495", "hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=74ee28fd-5a12-4256-aa75-e5b8dbfefbbc&searchtype=hp&fr=linkury-tb&installDate=25/03/2013&type=hp1000"
CHR DefaultSearchURL: hxxp://www.google.de/search?q={searchTerms}&rlz=1I7SKPT_deDE421
CHR DefaultNewTabURL:
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\31.0.1650.63\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (CANON iMAGE GATEWAY Album Plugin Utility) - C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
CHR Plugin: (Picasa) - D:\Programme\Picasa3\npPicasa3.dll No File
CHR Extension: (Avira Toolbar) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabfjnbeinlpljodiajipidiompfl\7.15.10.0_0
CHR Extension: (Google Docs) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Adblock Plus) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.7.2_0
CHR Extension: (Google Search) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Wajam) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.32_0
CHR Extension: (Show-Password) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\logekkkdbdidmmcgkonmmonclldogceg\1.150_0
CHR Extension: (Google Wallet) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0
CHR Extension: (Gmail) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM\...\Chrome\Extension: [aaaaabfjnbeinlpljodiajipidiompfl] - C:\Users\dsh\AppData\Local\APN\GoogleCRXs\aaaaabfjnbeinlpljodiajipidiompfl_7.15.10.0.crx
CHR HKLM\...\Chrome\Extension: [jpmbfleldcgkldadpdinhjjopdfpjfjp] - C:\Users\dsh\AppData\Local\Wajam\Chrome\wajam.crx
CHR HKLM\...\Chrome\Extension: [logekkkdbdidmmcgkonmmonclldogceg] - C:\Program Files\Show-Password\150.crx

========================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [440376 2013-12-17] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440376 2013-11-19] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [1011768 2013-12-17] (Avira Operations GmbH & Co. KG)
R2 StarMoney Business 4.0 OnlineUpdate; C:\Program Files\StarMoney Business 4.0\ouservice\StarMoneyOnlineUpdate.exe [554160 2011-11-08] (Star Finanz - Software Entwicklung und Vertriebs GmbH)
R2 StarMoney Business 5.0 OnlineUpdate; C:\Program Files\StarMoney Business 5.0\ouservice\StarMoneyOnlineUpdate.exe [699680 2012-12-21] (Star Finanz - Software Entwicklung und Vertriebs GmbH)
R2 StarMoney Business 6.0 OnlineUpdate; C:\Program Files\StarMoney Business 6.0\ouservice\StarMoneyOnlineUpdate.exe [663184 2013-10-11] (Star Finanz-Software Entwicklung und Vertriebs GmbH)
R2 UMVPFSrv; C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [450848 2011-08-19] (Logitech Inc.)
R2 WDBtnMgrSvc.exe; C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe [102400 2008-05-16] (WDC)
S2 NMSAccessU; D:\Programme\CDBurnerXP\NMSAccessU.exe [x]

==================== Drivers (Whitelisted) ====================

S3 ALCXWDM; C:\Windows\System32\drivers\RTKVAC.SYS [4172832 2009-06-18] (Realtek Semiconductor Corp.)
R1 AsIO; C:\Windows\System32\drivers\AsIO.sys [12400 2007-12-17] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [90400 2013-12-17] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135648 2013-12-17] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-10-07] (Avira Operations GmbH & Co. KG)
S3 ctxS51; C:\Windows\System32\DRIVERS\ctxS51.sys [1903646 2006-05-01] (Intel Corporation)
S3 FTDIBUS; C:\Windows\System32\drivers\ftdibus.sys [24209 2005-12-12] (FTDI Ltd.)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [13216 2009-07-16] ()
S3 Ph3xIB32; C:\Windows\System32\DRIVERS\Ph3xIB32.sys [1311232 2009-07-13] (NXP Semiconductors)
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [15688 2013-09-30] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [10320 2013-09-30] ()
S3 SCR3XX2K; C:\Windows\System32\DRIVERS\SCR3XX2K.sys [59520 2011-06-16] (SCM Microsystems Inc.)
S3 SISNIC; C:\Windows\System32\DRIVERS\sisnic.sys [40840 2006-07-13] (SiS Corporation)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2012-08-27] (Avira GmbH)
S3 StarOpen; C:\Windows\System32\Drivers\StarOpen.sys [7168 2009-11-12] ()
R3 VIAHdAudAddService; C:\Windows\System32\drivers\viahduaa.sys [1077760 2009-08-17] (VIA Technologies, Inc.)
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-01-05 13:38 - 2014-01-05 13:39 - 00000000 ____D C:\Users\dsh\Desktop\Fix
2014-01-05 09:28 - 2014-01-05 13:31 - 00000000 ____D C:\FRST
2014-01-05 01:29 - 2014-01-05 01:33 - 00000000 ____D C:\AdwCleaner
2014-01-05 01:16 - 2014-01-05 01:16 - 00000929 _____ C:\Users\Public\Desktop\UltraISO.lnk
2014-01-05 01:16 - 2014-01-05 01:16 - 00000000 ____D C:\Users\admin\Documents\My ISO Files
2014-01-05 01:16 - 2014-01-05 01:16 - 00000000 ____D C:\Program Files\UltraISO
2014-01-05 01:16 - 2014-01-05 01:16 - 00000000 ____D C:\Program Files\Common Files\EZB Systems
2014-01-04 17:09 - 2014-01-04 17:09 - 00000000 ____D C:\Program Files\Common Files\DESIGNER
2013-12-31 14:09 - 2013-12-31 14:09 - 00000000 ____D C:\Users\dsh\aktuell
2013-12-30 13:41 - 2013-12-30 13:48 - 340465664 _____ C:\Users\dsh\Downloads\kav_rescue_1032.iso
2013-12-30 13:22 - 2013-12-30 13:22 - 09099179 _____ C:\Users\admin\Downloads\Herrnhuter_Losungen_2013_2014_Version3_3_0.exe
2013-12-29 14:38 - 2013-12-29 14:40 - 127944880 _____ C:\Users\admin\Downloads\avira_free_antivirus_de.exe
2013-12-29 14:34 - 2013-12-29 14:34 - 00470056 _____ C:\Users\admin\Downloads\Java.exe
2013-12-29 08:49 - 2013-12-29 08:49 - 00000000 ____D C:\Program Files\Enigma Software Group
2013-12-29 08:48 - 2013-12-29 10:18 - 00000000 ____D C:\Windows\220FB0354744483A9A0B41DF77061583.TMP
2013-12-29 08:48 - 2013-12-29 08:48 - 00001028 _____ C:\Users\Public\Desktop\Picasa 3.lnk
2013-12-29 08:48 - 2013-12-29 08:48 - 00000000 ____D C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google+ Auto Backup
2013-12-29 08:48 - 2013-12-29 08:48 - 00000000 ____D C:\Program Files\Common Files\Wise Installation Wizard
2013-12-29 02:05 - 2013-12-29 02:05 - 00000000 ____D C:\Users\dsh\AppData\Roaming\Malwarebytes
2013-12-28 20:05 - 2013-12-28 20:05 - 00001912 _____ C:\Windows\PWCMDLST.BAK
2013-12-28 17:22 - 2013-12-28 17:22 - 00001171 _____ C:\Users\Public\Desktop\MiniTool Partition Wizard Home Edition.lnk
2013-12-28 17:22 - 2013-12-28 17:22 - 00000000 ____D C:\Program Files\MiniTool Partition Wizard Home Edition 8.1.1
2013-12-28 17:22 - 2013-09-30 16:26 - 02881848 _____ C:\Windows\system32\pwNative.exe
2013-12-28 17:22 - 2013-09-30 16:26 - 00015688 ____N C:\Windows\system32\pwdrvio.sys
2013-12-28 17:22 - 2013-09-30 16:26 - 00010320 ____N C:\Windows\system32\pwdspio.sys
2013-12-28 17:21 - 2013-12-28 17:21 - 20772800 _____ (MiniTool Solution Ltd.                                      ) C:\Users\admin\Downloads\pwhe8.exe
2013-12-28 17:16 - 2013-12-28 17:16 - 00000000 ____D C:\Users\admin\AppData\Roaming\Malwarebytes
2013-12-28 17:16 - 2013-12-28 17:16 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-12-28 17:14 - 2014-01-04 13:23 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Exploit
2013-12-28 17:14 - 2013-07-16 04:41 - 01498960 _____ (Microsoft Corporation) C:\Windows\system32\msvcr100d.dll
2013-12-28 17:14 - 2013-07-16 04:41 - 00743248 _____ (Microsoft Corporation) C:\Windows\system32\msvcp100d.dll
2013-12-26 12:59 - 2014-01-05 14:48 - 00000380 _____ C:\Windows\Tasks\Show-Password Update.job
2013-12-26 12:59 - 2013-12-26 13:00 - 00000000 ____D C:\Program Files\Mobogenie
2013-12-26 12:59 - 2013-12-26 12:59 - 00000000 ____D C:\Users\admin\Documents\Mobogenie
2013-12-26 12:59 - 2013-12-26 12:59 - 00000000 ____D C:\Users\admin\AppData\Local\Mobogenie
2013-12-26 12:59 - 2013-12-26 12:59 - 00000000 ____D C:\Users\admin\AppData\Local\cache
2013-12-26 12:59 - 2013-12-26 12:59 - 00000000 ____D C:\Program Files\Show-Password
2013-12-26 12:59 - 2013-12-26 12:59 - 00000000 _____ C:\Users\admin\daemonprocess.txt
2013-12-26 12:58 - 2013-12-26 13:00 - 00000000 ____D C:\Program Files\Free M4a to MP3 Converter
2013-12-23 20:32 - 2013-12-23 20:32 - 04558848 _____ (Google Inc.) C:\Windows\system32\GPhotos.scr
2013-12-23 17:50 - 2013-12-24 09:26 - 00000000 ____D C:\Users\admin\Desktop\FEG Schließanlage DB
2013-12-23 17:42 - 2013-12-23 17:42 - 00001532 _____ C:\Users\admin\Desktop\Ldb - Verknüpfung.lnk
2013-12-23 17:41 - 2013-12-23 17:41 - 00000000 ____D C:\Program Files\Simons & Voss
2013-12-23 17:41 - 2005-02-14 09:30 - 00822272 _____ (Langner Communication AG) C:\Windows\system32\LUCA.DLL
2013-12-23 17:41 - 1998-02-06 22:35 - 00304128 _____ (InstallShield Corporation, Inc.) C:\Windows\unin0407.exe
2013-12-23 17:36 - 2005-12-12 09:50 - 00057404 _____ (FTDI Ltd.) C:\Windows\system32\Drivers\ftser2k.sys
2013-12-23 17:36 - 2005-12-12 09:50 - 00051821 _____ (FTDI Ltd.) C:\Windows\system32\ftserui2.dll
2013-12-23 17:36 - 2005-12-12 09:50 - 00036864 _____ (FTDI) C:\Windows\system32\FTLang.dll
2013-12-23 17:35 - 2005-12-12 09:50 - 00414208 _____ (FTDI Ltd.) C:\Windows\system32\ftdiunin.exe
2013-12-23 17:35 - 2005-12-12 09:50 - 00024209 _____ (FTDI Ltd.) C:\Windows\system32\Drivers\ftdibus.sys
2013-12-23 17:35 - 2005-12-12 09:50 - 00000092 _____ C:\Windows\system32\ftdiun2k.ini
2013-12-19 18:35 - 2013-12-19 18:35 - 00806528 _____ C:\Windows\Minidump\121913-51698-01.dmp
2013-12-11 18:34 - 2013-11-26 11:11 - 17112576 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-12-11 18:34 - 2013-11-26 10:23 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-12-11 18:34 - 2013-11-26 10:22 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-12-11 18:34 - 2013-11-26 09:53 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-12-11 18:34 - 2013-11-26 09:52 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-12-11 18:34 - 2013-11-26 09:38 - 02166784 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-12-11 18:34 - 2013-11-26 09:38 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-12-11 18:34 - 2013-11-26 09:36 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-12-11 18:34 - 2013-11-26 09:32 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-12-11 18:34 - 2013-11-26 09:29 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-12-11 18:34 - 2013-11-26 09:29 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-12-11 18:34 - 2013-11-26 09:28 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-12-11 18:34 - 2013-11-26 09:16 - 04243968 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-12-11 18:34 - 2013-11-26 09:13 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-12-11 18:34 - 2013-11-26 08:32 - 01928192 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-12-11 18:34 - 2013-11-26 08:26 - 11221504 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-12-11 18:34 - 2013-11-26 07:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-12-11 18:34 - 2013-11-26 07:33 - 01820160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-12-11 18:34 - 2013-11-26 07:27 - 01157632 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-12-11 18:26 - 2013-05-10 05:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2013-12-11 18:26 - 2013-05-10 05:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2013-12-11 09:29 - 2013-11-23 19:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2013-12-11 09:29 - 2013-11-12 03:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-12-11 09:29 - 2013-10-30 03:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2013-12-11 09:29 - 2013-10-30 02:27 - 02349056 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-12-11 09:29 - 2013-10-19 02:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2013-12-11 09:29 - 2013-10-12 03:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2013-12-11 09:29 - 2013-10-12 03:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2013-12-11 09:29 - 2013-10-12 02:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2013-12-11 09:29 - 2013-10-12 02:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2013-12-11 09:29 - 2013-10-04 02:49 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2013-12-11 09:29 - 2013-10-04 02:17 - 00177152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys

==================== One Month Modified Files and Folders =======

2014-01-05 14:49 - 2009-07-14 05:39 - 04978549 _____ C:\Windows\setupact.log
2014-01-05 14:48 - 2013-12-26 12:59 - 00000380 _____ C:\Windows\Tasks\Show-Password Update.job
2014-01-05 14:48 - 2011-12-13 14:56 - 00000382 _____ C:\Windows\Tasks\Final Media Player Update Checker.job
2014-01-05 14:48 - 2009-12-28 21:07 - 00001088 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-05 14:12 - 2012-05-28 18:22 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-05 14:07 - 2009-12-28 21:07 - 00001092 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-05 13:39 - 2014-01-05 13:38 - 00000000 ____D C:\Users\dsh\Desktop\Fix
2014-01-05 13:37 - 2009-07-14 05:34 - 00016528 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-05 13:37 - 2009-07-14 05:34 - 00016528 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-05 13:31 - 2014-01-05 09:28 - 00000000 ____D C:\FRST
2014-01-05 13:29 - 2010-06-04 16:05 - 00000000 ____D C:\ProgramData\NVIDIA
2014-01-05 13:29 - 2009-12-29 19:16 - 00000000 _____ C:\Windows\system32\Drivers\lvuvc.hs
2014-01-05 13:29 - 2009-07-14 05:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-05 13:28 - 2009-12-28 15:48 - 01775149 _____ C:\Windows\WindowsUpdate.log
2014-01-05 09:22 - 2011-05-24 09:34 - 00000000 ___RD C:\Users\dsh\Desktop\Dropbox
2014-01-05 09:22 - 2011-05-24 09:31 - 00000000 ____D C:\Users\dsh\AppData\Roaming\Dropbox
2014-01-05 01:33 - 2014-01-05 01:29 - 00000000 ____D C:\AdwCleaner
2014-01-05 01:16 - 2014-01-05 01:16 - 00000929 _____ C:\Users\Public\Desktop\UltraISO.lnk
2014-01-05 01:16 - 2014-01-05 01:16 - 00000000 ____D C:\Users\admin\Documents\My ISO Files
2014-01-05 01:16 - 2014-01-05 01:16 - 00000000 ____D C:\Program Files\UltraISO
2014-01-05 01:16 - 2014-01-05 01:16 - 00000000 ____D C:\Program Files\Common Files\EZB Systems
2014-01-05 01:15 - 2012-11-24 16:37 - 00069480 _____ C:\Users\admin\AppData\Local\GDIPFONTCACHEV1.DAT
2014-01-04 17:13 - 2009-12-28 19:30 - 00069480 _____ C:\Users\dsh\AppData\Local\GDIPFONTCACHEV1.DAT
2014-01-04 17:13 - 2009-07-14 05:33 - 00307440 _____ C:\Windows\system32\FNTCACHE.DAT
2014-01-04 17:11 - 2009-12-28 20:04 - 00656100 _____ C:\Windows\PFRO.log
2014-01-04 17:09 - 2014-01-04 17:09 - 00000000 ____D C:\Program Files\Common Files\DESIGNER
2014-01-04 17:09 - 2009-12-28 20:01 - 00000000 ____D C:\Program Files\Microsoft Works
2014-01-04 17:09 - 2009-12-28 17:29 - 00000000 ____D C:\ProgramData\Microsoft Help
2014-01-04 17:09 - 2009-07-14 03:37 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2014-01-04 17:07 - 2009-07-14 09:57 - 00000000 ____D C:\Windows\ShellNew
2014-01-04 13:23 - 2013-12-28 17:14 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Exploit
2014-01-02 17:35 - 2013-10-30 09:33 - 00000000 ____D C:\Program Files\StarMoney Business 6.0
2014-01-02 17:23 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\system32\NDF
2014-01-02 17:21 - 2012-03-08 12:01 - 00000000 ____D C:\Program Files\StarMoney Business 5.0
2014-01-01 19:53 - 2013-09-08 17:48 - 00000000 ____D C:\Users\admin\AppData\Roaming\Skype
2013-12-31 14:09 - 2013-12-31 14:09 - 00000000 ____D C:\Users\dsh\aktuell
2013-12-31 14:09 - 2009-12-28 16:21 - 00000000 ____D C:\Users\dsh
2013-12-31 11:43 - 2009-07-14 05:53 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-12-30 13:48 - 2013-12-30 13:41 - 340465664 _____ C:\Users\dsh\Downloads\kav_rescue_1032.iso
2013-12-30 13:39 - 2009-12-29 09:42 - 00000706 _____ C:\Users\dsh\Desktop\Eigenen Dateien.lnk
2013-12-30 13:24 - 2009-12-28 21:34 - 00002020 _____ C:\Users\Public\Desktop\Herrnhuter Losungen.lnk
2013-12-30 13:22 - 2013-12-30 13:22 - 09099179 _____ C:\Users\admin\Downloads\Herrnhuter_Losungen_2013_2014_Version3_3_0.exe
2013-12-29 14:40 - 2013-12-29 14:38 - 127944880 _____ C:\Users\admin\Downloads\avira_free_antivirus_de.exe
2013-12-29 14:34 - 2013-12-29 14:34 - 00470056 _____ C:\Users\admin\Downloads\Java.exe
2013-12-29 10:18 - 2013-12-29 08:48 - 00000000 ____D C:\Windows\220FB0354744483A9A0B41DF77061583.TMP
2013-12-29 08:49 - 2013-12-29 08:49 - 00000000 ____D C:\Program Files\Enigma Software Group
2013-12-29 08:48 - 2013-12-29 08:48 - 00001028 _____ C:\Users\Public\Desktop\Picasa 3.lnk
2013-12-29 08:48 - 2013-12-29 08:48 - 00000000 ____D C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google+ Auto Backup
2013-12-29 08:48 - 2013-12-29 08:48 - 00000000 ____D C:\Program Files\Common Files\Wise Installation Wizard
2013-12-29 08:47 - 2009-12-28 21:05 - 00000000 ____D C:\Program Files\Google
2013-12-29 02:05 - 2013-12-29 02:05 - 00000000 ____D C:\Users\dsh\AppData\Roaming\Malwarebytes
2013-12-28 20:05 - 2013-12-28 20:05 - 00001912 _____ C:\Windows\PWCMDLST.BAK
2013-12-28 17:44 - 2012-11-24 16:37 - 00000000 ____D C:\Users\admin\AppData\Local\Google
2013-12-28 17:44 - 2009-12-28 21:05 - 00000000 ____D C:\Users\dsh\AppData\Local\Google
2013-12-28 17:22 - 2013-12-28 17:22 - 00001171 _____ C:\Users\Public\Desktop\MiniTool Partition Wizard Home Edition.lnk
2013-12-28 17:22 - 2013-12-28 17:22 - 00000000 ____D C:\Program Files\MiniTool Partition Wizard Home Edition 8.1.1
2013-12-28 17:21 - 2013-12-28 17:21 - 20772800 _____ (MiniTool Solution Ltd.                                      ) C:\Users\admin\Downloads\pwhe8.exe
2013-12-28 17:16 - 2013-12-28 17:16 - 00000000 ____D C:\Users\admin\AppData\Roaming\Malwarebytes
2013-12-28 17:16 - 2013-12-28 17:16 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-12-26 13:08 - 2011-07-23 11:49 - 00000000 ____D C:\Users\dsh\AppData\Roaming\Apple Computer
2013-12-26 13:06 - 2012-11-24 16:37 - 00000000 ____D C:\Users\admin\AppData\Roaming\Apple Computer
2013-12-26 13:00 - 2013-12-26 12:59 - 00000000 ____D C:\Program Files\Mobogenie
2013-12-26 13:00 - 2013-12-26 12:58 - 00000000 ____D C:\Program Files\Free M4a to MP3 Converter
2013-12-26 12:59 - 2013-12-26 12:59 - 00000000 ____D C:\Users\admin\Documents\Mobogenie
2013-12-26 12:59 - 2013-12-26 12:59 - 00000000 ____D C:\Users\admin\AppData\Local\Mobogenie
2013-12-26 12:59 - 2013-12-26 12:59 - 00000000 ____D C:\Users\admin\AppData\Local\cache
2013-12-26 12:59 - 2013-12-26 12:59 - 00000000 ____D C:\Program Files\Show-Password
2013-12-26 12:59 - 2013-12-26 12:59 - 00000000 _____ C:\Users\admin\daemonprocess.txt
2013-12-26 12:59 - 2012-11-24 16:37 - 00000000 ____D C:\Users\admin
2013-12-24 09:26 - 2013-12-23 17:50 - 00000000 ____D C:\Users\admin\Desktop\FEG Schließanlage DB
2013-12-23 20:32 - 2013-12-23 20:32 - 04558848 _____ (Google Inc.) C:\Windows\system32\GPhotos.scr
2013-12-23 17:42 - 2013-12-23 17:42 - 00001532 _____ C:\Users\admin\Desktop\Ldb - Verknüpfung.lnk
2013-12-23 17:41 - 2013-12-23 17:41 - 00000000 ____D C:\Program Files\Simons & Voss
2013-12-19 18:35 - 2013-12-19 18:35 - 00806528 _____ C:\Windows\Minidump\121913-51698-01.dmp
2013-12-19 18:35 - 2010-03-01 04:59 - 00000000 ____D C:\Windows\Minidump
2013-12-18 09:45 - 2009-12-28 21:01 - 00000000 ___RD C:\Program Files\Skype
2013-12-18 09:45 - 2009-12-28 21:01 - 00000000 ____D C:\ProgramData\Skype
2013-12-17 15:30 - 2013-05-06 11:16 - 00069240 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-12-17 15:30 - 2012-10-29 10:44 - 00135648 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-12-17 15:30 - 2012-10-29 10:44 - 00090400 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-12-16 11:18 - 2009-12-28 16:26 - 01507342 _____ C:\Windows\system32\PerfStringBackup.INI
2013-12-16 09:09 - 2011-11-19 12:58 - 00002130 _____ C:\Users\Public\Desktop\Google Earth.lnk
2013-12-11 19:49 - 2013-11-15 12:52 - 00000000 ____D C:\Windows\rescache
2013-12-11 18:55 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\system32\de-DE
2013-12-11 18:32 - 2013-08-15 02:06 - 00000000 ____D C:\Windows\system32\MRT
2013-12-11 18:26 - 2009-12-29 08:46 - 88123800 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-12-10 19:23 - 2012-05-28 18:22 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-12-10 19:23 - 2012-05-28 18:22 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-12-09 18:38 - 2009-07-14 05:52 - 00000000 ____D C:\Windows\system32\FxsTmp

Some content of TEMP:
====================
C:\Users\admin\AppData\Local\Temp\avgnt.exe
C:\Users\admin\AppData\Local\Temp\lws_lws.exe
C:\Users\admin\AppData\Local\Temp\mkupdate.exe
C:\Users\admin\AppData\Local\Temp\Mobogenie_Setup_2.1.23_515.exe
C:\Users\admin\AppData\Local\Temp\NEventMessages.dll
C:\Users\admin\AppData\Local\Temp\Show-Password_1030-8101.exe
C:\Users\admin\AppData\Local\Temp\SHSetup.exe
C:\Users\admin\AppData\Local\Temp\SkypeSetup.exe
C:\Users\dsh\AppData\Local\Temp\avgnt.exe
C:\Users\dsh\AppData\Local\Temp\gtalkwmp1.dll
C:\Users\dsh\AppData\Local\Temp\NEventMessages.dll
C:\Users\dsh\AppData\Local\Temp\NOSEventMessages.dll


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-12-30 08:11

==================== End Of Log ============================
--- --- ---

aharonov 05.01.2014 18:06
So, jetzt nochmals: FRST wieder als Administrator starten!


Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
HKLM\...\Run: [mobilegeni daemon] - C:\Program Files\Mobogenie\DaemonProcess.exe
SearchScopes: HKLM - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=74ee28fd-5a12-4256-aa75-e5b8dbfefbbc&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=25/03/2013&type=hp1000
SearchScopes: HKLM - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=74ee28fd-5a12-4256-aa75-e5b8dbfefbbc&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=25/03/2013&type=hp1000
SearchScopes: HKCU - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=74ee28fd-5a12-4256-aa75-e5b8dbfefbbc&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=25/03/2013&type=hp1000
SearchScopes: HKCU - CCA05AEE30334B6E802108EBAC8E0EDE URL = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=74ee28fd-5a12-4256-aa75-e5b8dbfefbbc&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=25/03/2013&type=hp1000
SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=74ee28fd-5a12-4256-aa75-e5b8dbfefbbc&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=25/03/2013&type=hp1000
BHO: GamesBar (W) - {2e94b700-eafb-4c9e-a696-77200aa3f89b} - C:\Program Files\gamesagogo_w3i\encyclopediabritannicagamesbarX.dll ()
BHO: Show-Password - {96304e6d-bcec-4bca-b49b-ae3b4d54afec} - C:\Program Files\Show-Password\150.dll ()
BHO: NetAssistant - {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - C:\Program Files\Freeze.com\NetAssistant\NetAssistant.dll (W3i, LLC)
BHO: No Name - {e44a1809-4d10-4ab8-b343-3326b64c7cdd} -  No File
Toolbar: HKLM - GamesBar (W) - {2e94b700-eafb-4c9e-a696-77200aa3f89b} - C:\Program Files\gamesagogo_w3i\encyclopediabritannicagamesbarX.dll ()
Toolbar: HKCU - No Name - {E44A1809-4D10-4AB8-B343-3326B64C7CDD} -  No File
CHR Extension: (Wajam) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.32_0
CHR Extension: (Show-Password) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\logekkkdbdidmmcgkonmmonclldogceg\1.150_0
CHR HKLM\...\Chrome\Extension: [jpmbfleldcgkldadpdinhjjopdfpjfjp] - C:\Users\dsh\AppData\Local\Wajam\Chrome\wajam.crx
CHR HKLM\...\Chrome\Extension: [logekkkdbdidmmcgkonmmonclldogceg] - C:\Program Files\Show-Password\150.crx
2013-12-26 12:59 - 2014-01-05 14:48 - 00000380 _____ C:\Windows\Tasks\Show-Password Update.job
2013-12-26 12:59 - 2013-12-26 13:00 - 00000000 ____D C:\Program Files\Mobogenie
2013-12-26 12:59 - 2013-12-26 12:59 - 00000000 ____D C:\Users\admin\Documents\Mobogenie
2013-12-26 12:59 - 2013-12-26 12:59 - 00000000 ____D C:\Users\admin\AppData\Local\Mobogenie
2013-12-26 12:59 - 2013-12-26 12:59 - 00000000 ____D C:\Users\admin\AppData\Local\cache
2013-12-26 12:59 - 2013-12-26 12:59 - 00000000 ____D C:\Program Files\Show-Password
2013-12-26 12:59 - 2013-12-26 12:59 - 00000000 _____ C:\Users\admin\daemonprocess.txt
C:\Users\admin\AppData\Local\Temp\*.exe
C:\Users\dsh\AppData\Local\Temp\*.exe

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.


dshbb 05.01.2014 18:44
Ok, da steht jetzt schon mal deutlich öfter sucessful;). Man, vielen Dank für deine Zeit und Mühe! Es sieht jetzt bei einem ersten Test deutlich besser aus. Keine komischen Links und auch keine Popups oder Werbeanzeigen! War es das wohl? Wenn ja habe ich ja mal wieder eine Menge gelernt und bin froh nicht neu installieren zu müssen. Oder sollte ich noch weitere Scans irgendeiner Art machen?

Vielen lieben Dank auf jeden Fall nochmal. Was täten wir Laien ohne die Profis?;)

Viele Grüße

Heiner

Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 04-01-2014
Ran by admin at 2014-01-05 18:31:41 Run:2
Running from A:\Eigenen Dateien\Fix_Admin\Fix
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
HKLM\...\Run: [mobilegeni daemon] - C:\Program Files\Mobogenie\DaemonProcess.exe
SearchScopes: HKLM - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=74ee28fd-5a12-4256-aa75-e5b8dbfefbbc&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=25/03/2013&type=hp1000
SearchScopes: HKLM - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=74ee28fd-5a12-4256-aa75-e5b8dbfefbbc&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=25/03/2013&type=hp1000
SearchScopes: HKCU - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=74ee28fd-5a12-4256-aa75-e5b8dbfefbbc&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=25/03/2013&type=hp1000
SearchScopes: HKCU - CCA05AEE30334B6E802108EBAC8E0EDE URL = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=74ee28fd-5a12-4256-aa75-e5b8dbfefbbc&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=25/03/2013&type=hp1000
SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=74ee28fd-5a12-4256-aa75-e5b8dbfefbbc&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=25/03/2013&type=hp1000
BHO: GamesBar (W) - {2e94b700-eafb-4c9e-a696-77200aa3f89b} - C:\Program Files\gamesagogo_w3i\encyclopediabritannicagamesbarX.dll ()
BHO: Show-Password - {96304e6d-bcec-4bca-b49b-ae3b4d54afec} - C:\Program Files\Show-Password\150.dll ()
BHO: NetAssistant - {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - C:\Program Files\Freeze.com\NetAssistant\NetAssistant.dll (W3i, LLC)
BHO: No Name - {e44a1809-4d10-4ab8-b343-3326b64c7cdd} -  No File
Toolbar: HKLM - GamesBar (W) - {2e94b700-eafb-4c9e-a696-77200aa3f89b} - C:\Program Files\gamesagogo_w3i\encyclopediabritannicagamesbarX.dll ()
Toolbar: HKCU - No Name - {E44A1809-4D10-4AB8-B343-3326B64C7CDD} -  No File
CHR Extension: (Wajam) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.32_0
CHR Extension: (Show-Password) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\logekkkdbdidmmcgkonmmonclldogceg\1.150_0
CHR HKLM\...\Chrome\Extension: [jpmbfleldcgkldadpdinhjjopdfpjfjp] - C:\Users\dsh\AppData\Local\Wajam\Chrome\wajam.crx
CHR HKLM\...\Chrome\Extension: [logekkkdbdidmmcgkonmmonclldogceg] - C:\Program Files\Show-Password\150.crx
2013-12-26 12:59 - 2014-01-05 14:48 - 00000380 _____ C:\Windows\Tasks\Show-Password Update.job
2013-12-26 12:59 - 2013-12-26 13:00 - 00000000 ____D C:\Program Files\Mobogenie
2013-12-26 12:59 - 2013-12-26 12:59 - 00000000 ____D C:\Users\admin\Documents\Mobogenie
2013-12-26 12:59 - 2013-12-26 12:59 - 00000000 ____D C:\Users\admin\AppData\Local\Mobogenie
2013-12-26 12:59 - 2013-12-26 12:59 - 00000000 ____D C:\Users\admin\AppData\Local\cache
2013-12-26 12:59 - 2013-12-26 12:59 - 00000000 ____D C:\Program Files\Show-Password
2013-12-26 12:59 - 2013-12-26 12:59 - 00000000 _____ C:\Users\admin\daemonprocess.txt
C:\Users\admin\AppData\Local\Temp\*.exe
C:\Users\dsh\AppData\Local\Temp\*.exe
       
*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\mobilegeni daemon => Value deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{006ee092-9658-4fd6-bd8e-a21a348e59f5} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\CCA05AEE30334B6E802108EBAC8E0EDE => Key deleted successfully.
HKCR\Wow6432Node\CLSID\CCA05AEE30334B6E802108EBAC8E0EDE => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{006ee092-9658-4fd6-bd8e-a21a348e59f5} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2e94b700-eafb-4c9e-a696-77200aa3f89b} => Key deleted successfully.
HKCR\CLSID\{2e94b700-eafb-4c9e-a696-77200aa3f89b} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{96304e6d-bcec-4bca-b49b-ae3b4d54afec} => Key deleted successfully.
HKCR\CLSID\{96304e6d-bcec-4bca-b49b-ae3b4d54afec} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E38FA08E-F56A-4169-ABF5-5C71E3C153A1} => Key deleted successfully.
HKCR\CLSID\{E38FA08E-F56A-4169-ABF5-5C71E3C153A1} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e44a1809-4d10-4ab8-b343-3326b64c7cdd} => Key deleted successfully.
HKCR\CLSID\{e44a1809-4d10-4ab8-b343-3326b64c7cdd} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{2e94b700-eafb-4c9e-a696-77200aa3f89b} => Value deleted successfully.
HKCR\CLSID\{2e94b700-eafb-4c9e-a696-77200aa3f89b} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E44A1809-4D10-4AB8-B343-3326B64C7CDD} => Value deleted successfully.
HKCR\CLSID\{E44A1809-4D10-4AB8-B343-3326B64C7CDD} => Key not found.
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp directory not found.
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\logekkkdbdidmmcgkonmmonclldogceg => Moved successfully.
HKLM\SOFTWARE\Google\Chrome\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp => Key deleted successfully.
"C:\Users\dsh\AppData\Local\Wajam\Chrome\wajam.crx" => File/Directory not found.
HKLM\SOFTWARE\Google\Chrome\Extensions\logekkkdbdidmmcgkonmmonclldogceg => Key deleted successfully.
C:\Program Files\Show-Password\150.crx => Moved successfully.
C:\Windows\Tasks\Show-Password Update.job => Moved successfully.
C:\Program Files\Mobogenie => Moved successfully.
C:\Users\admin\Documents\Mobogenie => Moved successfully.
C:\Users\admin\AppData\Local\Mobogenie => Moved successfully.
C:\Users\admin\AppData\Local\cache => Moved successfully.
C:\Program Files\Show-Password => Moved successfully.
C:\Users\admin\daemonprocess.txt => Moved successfully.

"C:\Users\admin\AppData\Local\Temp\*.exe" directory move:

Could not move "C:\Users\admin\AppData\Local\Temp\*.exe" directory. => Scheduled to move on reboot.


"C:\Users\dsh\AppData\Local\Temp\*.exe" directory move:

Could not move "C:\Users\dsh\AppData\Local\Temp\*.exe" directory. => Scheduled to move on reboot.


=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-01-05 18:33:25)<=

"C:\Users\admin\AppData\Local\Temp\*.exe" => Directory could not move.
"C:\Users\dsh\AppData\Local\Temp\*.exe" => Directory could not move.

==== End of Fixlog ====

aharonov 05.01.2014 19:00
Zitat:
Ok, da steht jetzt schon mal deutlich öfter sucessful
Ja, so gefällt mir das Fixlog besser.. ;)

Machen wir noch eine abschliessende Kontrolle:


Schritt 1


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset




Schritt 2

Starte noch einmal FRST.
  • Ändere keine der Voreinstellungen und drücke auf Scan.
  • Wenn der Scan abgeschlossen ist, werden ein neues Logfile FRST.txt erstellt und auf dem Desktop gespeichert.
  • Poste den Inhalt dieses Logfiles bitte hier in deinen Thread.

dshbb 06.01.2014 17:40
Hallo Leo,
ja, es funtkioniert wirklich besser und ich habe den abschließenden Test noch einmal angehängt. Zwei Fragen hätte ich noch: 1. Hast du eine Vermutung wo ich mir den Mist eingefangen haben könnte? Und 2.: Was kann ich tun um mich vor Spyware und Co in Zukunft zu schützen? Der Viren-Scanner scheint da ja nicht zu helfen...


Wäre super wenn du da noch heiße Tipps hättest.

Vielen lieben Dank auf jeden Fall für Alles,

Heiner


FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 05-01-2014
Ran by admin (administrator) on DSH-PC on 06-01-2014 15:39:15
Running from A:\Eigenen Dateien\Fix_Admin\Fix
Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Logitech Inc.) C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(Microsoft Corporation) C:\Windows\System32\audiodg.exe
(AMD) C:\Windows\System32\atieclxx.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation.) C:\Program Files\Microsoft\BingBar\7.3.124.0\BBSvc.EXE
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Star Finanz - Software Entwicklung und Vertriebs GmbH) C:\Program Files\StarMoney Business 4.0\ouservice\StarMoneyOnlineUpdate.exe
(Star Finanz - Software Entwicklung und Vertriebs GmbH) C:\Program Files\StarMoney Business 5.0\ouservice\StarMoneyOnlineUpdate.exe
(Star Finanz-Software Entwicklung und Vertriebs GmbH) C:\Program Files\StarMoney Business 6.0\ouservice\StarMoneyOnlineUpdate.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
(WDC) C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Yahoo! Inc.) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe
(ASUSTeK Computer Inc.) C:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe
(Realtek Semiconductor Corp.) C:\Windows\SOUNDMAN.EXE
(WDC) C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
(Nokia) C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
(VIA) C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(CANON INC.) C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE
(Identive GmbH) C:\Program Files\CHIPDRIVE\CHIPDRIVE MyKey\MyKey\MyKey.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Star Finanz-Software Entwicklung und Vertriebs GmbH) C:\Program Files\StarMoney Business 6.0\offlagent7\offlagent.exe
(SCM Microsystems) C:\Program Files\CHIPDRIVE\CHIPDRIVE MyKey\MyKey\SCMSOK.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Logitech Inc.) C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
() C:\Program Files\Buhl finance\tax Steuersoftware 2013\taxaktuell.exe
() C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
() C:\Program Files\Common Files\logishrd\LQCVFX\COCIManager.exe
(Microsoft Corporation.) C:\Program Files\Microsoft\BingBar\7.3.124.0\SeaPort.EXE


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SoundMan] - C:\Windows\SOUNDMAN.EXE [604704 2009-04-14] (Realtek Semiconductor Corp.)
HKLM\...\Run: [WD Drive Manager] - C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe [430080 2008-05-16] (WDC)
HKLM\...\Run: [StarMoneyRunEntry] - C:\Program Files\StarMoney Business 4.0\app\OflAgent.exe [57864 2011-09-22] (Star Finanz - Software Entwicklung und Vertriebs GmbH)
HKLM\...\Run: [NokiaMServer] - C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup
HKLM\...\Run: [HDAudDeck] - C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe [1486848 2009-08-28] (VIA)
HKLM\...\Run: [StartCCC] - "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
HKLM\...\Run: [CanonMyPrinter] - C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE [2516296 2010-03-24] (CANON INC.)
HKLM\...\Run: [CanonSolutionMenuEx] - C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE [1185112 2010-04-02] (CANON INC.)
HKLM\...\Run: [SMB50StarMoneyRunEntry] - C:\Program Files\StarMoney Business 5.0\app\OflAgent.exe [56976 2013-12-18] (Star Finanz - Software Entwicklung und Vertriebs GmbH)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [MyKey] - C:\Program Files\CHIPDRIVE\CHIPDRIVE MyKey\MyKey\MyKey.exe [3757000 2012-12-03] (Identive GmbH)
HKLM\...\Run: [] - [x]
HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [684600 2013-12-17] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [SMB60StarMoneyRunEntry] - C:\Program Files\StarMoney Business 6.0\app\OflAgent.exe [48272 2013-12-18] (Star Finanz-Software Entwicklung und Vertriebs GmbH)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKLM\...\Run: [LWS] - C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe [205336 2011-08-12] (Logitech Inc.)
Winlogon\Notify\ScCertProp: wlnotify.dll [X]
HKCU\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)
HKU\dsh\...\Run: [NokiaOviSuite2] - C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe [ 2010-02-24] (Nokia)
HKU\dsh\...\Run: [MobileDocuments] - C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
HKU\dsh\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [ 2013-05-01] (Apple Inc.)
Startup: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk
ShortcutTarget: Logitech . Produktregistrierung.lnk -> C:\Program Files\Logitech\Ereg\eReg.exe (Leader Technologies/Logitech)
Startup: C:\Users\dsh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\dsh\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\dsh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\t@x aktuell.lnk
ShortcutTarget: t@x aktuell.lnk -> C:\Program Files\Buhl finance\tax Steuersoftware 2012\taxaktuell.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xF1D192D14CE4CD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
URLSearchHook: HKLM - (No Name) - {e44a1809-4d10-4ab8-b343-3326b64c7cdd} -  No File
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\7.3.124.0\BingExt.dll (Microsoft Corporation.)
BHO: Avira SearchFree Toolbar plus Web Protection - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
Toolbar: HKLM - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
Toolbar: HKLM - Avira SearchFree Toolbar plus Web Protection - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
Toolbar: HKLM - Yahoo Community Smartbar (by Linkury) - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.3.124.0\BingExt.dll (Microsoft Corporation.)
Toolbar: HKCU - Avira SearchFree Toolbar plus Web Protection - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Winsock: Catalog9 01 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 02 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 03 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 04 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 05 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 06 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 07 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 08 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 37 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

Chrome:
=======
CHR HomePage: hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=74ee28fd-5a12-4256-aa75-e5b8dbfefbbc&searchtype=hp&fr=linkury-tb&installDate=25/03/2013&type=hp1000
CHR RestoreOnStartup: "hxxp://google.de/", "hxxp://www.searchnu.com/406?appid=495", "hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=74ee28fd-5a12-4256-aa75-e5b8dbfefbbc&searchtype=hp&fr=linkury-tb&installDate=25/03/2013&type=hp1000"
CHR DefaultSearchURL: hxxp://www.google.de/search?q={searchTerms}&rlz=1I7SKPT_deDE421
CHR DefaultNewTabURL:
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\31.0.1650.63\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (CANON iMAGE GATEWAY Album Plugin Utility) - C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
CHR Plugin: (Picasa) - D:\Programme\Picasa3\npPicasa3.dll No File
CHR Extension: (Avira Toolbar) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabfjnbeinlpljodiajipidiompfl\7.15.10.0_0
CHR Extension: (Google Docs) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Adblock Plus) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.7.2_0
CHR Extension: (Google Search) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Google Wallet) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0
CHR Extension: (Gmail) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM\...\Chrome\Extension: [aaaaabfjnbeinlpljodiajipidiompfl] - C:\Users\dsh\AppData\Local\APN\GoogleCRXs\aaaaabfjnbeinlpljodiajipidiompfl_7.15.10.0.crx

========================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [440376 2013-12-17] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440376 2013-11-19] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [1011768 2013-12-17] (Avira Operations GmbH & Co. KG)
R2 StarMoney Business 4.0 OnlineUpdate; C:\Program Files\StarMoney Business 4.0\ouservice\StarMoneyOnlineUpdate.exe [554160 2011-11-08] (Star Finanz - Software Entwicklung und Vertriebs GmbH)
R2 StarMoney Business 5.0 OnlineUpdate; C:\Program Files\StarMoney Business 5.0\ouservice\StarMoneyOnlineUpdate.exe [699680 2012-12-21] (Star Finanz - Software Entwicklung und Vertriebs GmbH)
R2 StarMoney Business 6.0 OnlineUpdate; C:\Program Files\StarMoney Business 6.0\ouservice\StarMoneyOnlineUpdate.exe [663184 2013-10-11] (Star Finanz-Software Entwicklung und Vertriebs GmbH)
R2 UMVPFSrv; C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [450848 2011-08-19] (Logitech Inc.)
R2 WDBtnMgrSvc.exe; C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe [102400 2008-05-16] (WDC)
S2 NMSAccessU; D:\Programme\CDBurnerXP\NMSAccessU.exe [x]

==================== Drivers (Whitelisted) ====================

S3 ALCXWDM; C:\Windows\System32\drivers\RTKVAC.SYS [4172832 2009-06-18] (Realtek Semiconductor Corp.)
R1 AsIO; C:\Windows\System32\drivers\AsIO.sys [12400 2007-12-17] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [90400 2013-12-17] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135648 2013-12-17] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-10-07] (Avira Operations GmbH & Co. KG)
S3 ctxS51; C:\Windows\System32\DRIVERS\ctxS51.sys [1903646 2006-05-01] (Intel Corporation)
S3 FTDIBUS; C:\Windows\System32\drivers\ftdibus.sys [24209 2005-12-12] (FTDI Ltd.)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [13216 2009-07-16] ()
S3 Ph3xIB32; C:\Windows\System32\DRIVERS\Ph3xIB32.sys [1311232 2009-07-13] (NXP Semiconductors)
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [15688 2013-09-30] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [10320 2013-09-30] ()
S3 SCR3XX2K; C:\Windows\System32\DRIVERS\SCR3XX2K.sys [59520 2011-06-16] (SCM Microsystems Inc.)
S3 SISNIC; C:\Windows\System32\DRIVERS\sisnic.sys [40840 2006-07-13] (SiS Corporation)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2012-08-27] (Avira GmbH)
S3 StarOpen; C:\Windows\System32\Drivers\StarOpen.sys [7168 2009-11-12] ()
R3 VIAHdAudAddService; C:\Windows\System32\drivers\viahduaa.sys [1077760 2009-08-17] (VIA Technologies, Inc.)
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-01-06 15:17 - 2014-01-06 15:17 - 00000000 ____D C:\Users\admin\AppData\Roaming\Buhl Data Service
2014-01-06 15:17 - 2014-01-06 15:17 - 00000000 ____D C:\Users\admin\AppData\Local\Buhl Data Service
2014-01-05 13:38 - 2014-01-05 13:39 - 00000000 ____D C:\Users\dsh\Desktop\Fix
2014-01-05 09:28 - 2014-01-06 15:39 - 00000000 ____D C:\FRST
2014-01-05 01:29 - 2014-01-05 01:33 - 00000000 ____D C:\AdwCleaner
2014-01-05 01:16 - 2014-01-05 01:16 - 00000929 _____ C:\Users\Public\Desktop\UltraISO.lnk
2014-01-05 01:16 - 2014-01-05 01:16 - 00000000 ____D C:\Users\admin\Documents\My ISO Files
2014-01-05 01:16 - 2014-01-05 01:16 - 00000000 ____D C:\Program Files\UltraISO
2014-01-05 01:16 - 2014-01-05 01:16 - 00000000 ____D C:\Program Files\Common Files\EZB Systems
2014-01-04 17:09 - 2014-01-04 17:09 - 00000000 ____D C:\Program Files\Common Files\DESIGNER
2013-12-31 14:09 - 2013-12-31 14:09 - 00000000 ____D C:\Users\dsh\aktuell
2013-12-30 13:41 - 2013-12-30 13:48 - 340465664 _____ C:\Users\dsh\Downloads\kav_rescue_1032.iso
2013-12-30 13:22 - 2013-12-30 13:22 - 09099179 _____ C:\Users\admin\Downloads\Herrnhuter_Losungen_2013_2014_Version3_3_0.exe
2013-12-29 14:38 - 2013-12-29 14:40 - 127944880 _____ C:\Users\admin\Downloads\avira_free_antivirus_de.exe
2013-12-29 14:34 - 2013-12-29 14:34 - 00470056 _____ C:\Users\admin\Downloads\Java.exe
2013-12-29 08:49 - 2013-12-29 08:49 - 00000000 ____D C:\Program Files\Enigma Software Group
2013-12-29 08:48 - 2013-12-29 10:18 - 00000000 ____D C:\Windows\220FB0354744483A9A0B41DF77061583.TMP
2013-12-29 08:48 - 2013-12-29 08:48 - 00001028 _____ C:\Users\Public\Desktop\Picasa 3.lnk
2013-12-29 08:48 - 2013-12-29 08:48 - 00000000 ____D C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google+ Auto Backup
2013-12-29 08:48 - 2013-12-29 08:48 - 00000000 ____D C:\Program Files\Common Files\Wise Installation Wizard
2013-12-29 02:05 - 2013-12-29 02:05 - 00000000 ____D C:\Users\dsh\AppData\Roaming\Malwarebytes
2013-12-28 20:05 - 2013-12-28 20:05 - 00001912 _____ C:\Windows\PWCMDLST.BAK
2013-12-28 17:22 - 2013-12-28 17:22 - 00001171 _____ C:\Users\Public\Desktop\MiniTool Partition Wizard Home Edition.lnk
2013-12-28 17:22 - 2013-12-28 17:22 - 00000000 ____D C:\Program Files\MiniTool Partition Wizard Home Edition 8.1.1
2013-12-28 17:22 - 2013-09-30 16:26 - 02881848 _____ C:\Windows\system32\pwNative.exe
2013-12-28 17:22 - 2013-09-30 16:26 - 00015688 ____N C:\Windows\system32\pwdrvio.sys
2013-12-28 17:22 - 2013-09-30 16:26 - 00010320 ____N C:\Windows\system32\pwdspio.sys
2013-12-28 17:21 - 2013-12-28 17:21 - 20772800 _____ (MiniTool Solution Ltd.                                      ) C:\Users\admin\Downloads\pwhe8.exe
2013-12-28 17:16 - 2013-12-28 17:16 - 00000000 ____D C:\Users\admin\AppData\Roaming\Malwarebytes
2013-12-28 17:16 - 2013-12-28 17:16 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-12-28 17:14 - 2014-01-04 13:23 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Exploit
2013-12-28 17:14 - 2013-07-16 04:41 - 01498960 _____ (Microsoft Corporation) C:\Windows\system32\msvcr100d.dll
2013-12-28 17:14 - 2013-07-16 04:41 - 00743248 _____ (Microsoft Corporation) C:\Windows\system32\msvcp100d.dll
2013-12-26 12:58 - 2013-12-26 13:00 - 00000000 ____D C:\Program Files\Free M4a to MP3 Converter
2013-12-23 20:32 - 2013-12-23 20:32 - 04558848 _____ (Google Inc.) C:\Windows\system32\GPhotos.scr
2013-12-23 17:50 - 2013-12-24 09:26 - 00000000 ____D C:\Users\admin\Desktop\FEG Schließanlage DB
2013-12-23 17:42 - 2013-12-23 17:42 - 00001532 _____ C:\Users\admin\Desktop\Ldb - Verknüpfung.lnk
2013-12-23 17:41 - 2013-12-23 17:41 - 00000000 ____D C:\Program Files\Simons & Voss
2013-12-23 17:41 - 2005-02-14 09:30 - 00822272 _____ (Langner Communication AG) C:\Windows\system32\LUCA.DLL
2013-12-23 17:41 - 1998-02-06 22:35 - 00304128 _____ (InstallShield Corporation, Inc.) C:\Windows\unin0407.exe
2013-12-23 17:36 - 2005-12-12 09:50 - 00057404 _____ (FTDI Ltd.) C:\Windows\system32\Drivers\ftser2k.sys
2013-12-23 17:36 - 2005-12-12 09:50 - 00051821 _____ (FTDI Ltd.) C:\Windows\system32\ftserui2.dll
2013-12-23 17:36 - 2005-12-12 09:50 - 00036864 _____ (FTDI) C:\Windows\system32\FTLang.dll
2013-12-23 17:35 - 2005-12-12 09:50 - 00414208 _____ (FTDI Ltd.) C:\Windows\system32\ftdiunin.exe
2013-12-23 17:35 - 2005-12-12 09:50 - 00024209 _____ (FTDI Ltd.) C:\Windows\system32\Drivers\ftdibus.sys
2013-12-23 17:35 - 2005-12-12 09:50 - 00000092 _____ C:\Windows\system32\ftdiun2k.ini
2013-12-19 18:35 - 2013-12-19 18:35 - 00806528 _____ C:\Windows\Minidump\121913-51698-01.dmp
2013-12-11 18:34 - 2013-11-26 11:11 - 17112576 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-12-11 18:34 - 2013-11-26 10:23 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-12-11 18:34 - 2013-11-26 10:22 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-12-11 18:34 - 2013-11-26 09:53 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-12-11 18:34 - 2013-11-26 09:52 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-12-11 18:34 - 2013-11-26 09:38 - 02166784 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-12-11 18:34 - 2013-11-26 09:38 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-12-11 18:34 - 2013-11-26 09:36 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-12-11 18:34 - 2013-11-26 09:32 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-12-11 18:34 - 2013-11-26 09:29 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-12-11 18:34 - 2013-11-26 09:29 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-12-11 18:34 - 2013-11-26 09:28 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-12-11 18:34 - 2013-11-26 09:16 - 04243968 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-12-11 18:34 - 2013-11-26 09:13 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-12-11 18:34 - 2013-11-26 08:32 - 01928192 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-12-11 18:34 - 2013-11-26 08:26 - 11221504 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-12-11 18:34 - 2013-11-26 07:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-12-11 18:34 - 2013-11-26 07:33 - 01820160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-12-11 18:34 - 2013-11-26 07:27 - 01157632 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-12-11 18:26 - 2013-05-10 05:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2013-12-11 18:26 - 2013-05-10 05:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2013-12-11 09:29 - 2013-11-23 19:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2013-12-11 09:29 - 2013-11-12 03:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-12-11 09:29 - 2013-10-30 03:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2013-12-11 09:29 - 2013-10-30 02:27 - 02349056 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-12-11 09:29 - 2013-10-19 02:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2013-12-11 09:29 - 2013-10-12 03:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2013-12-11 09:29 - 2013-10-12 03:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2013-12-11 09:29 - 2013-10-12 02:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2013-12-11 09:29 - 2013-10-12 02:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2013-12-11 09:29 - 2013-10-04 02:49 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2013-12-11 09:29 - 2013-10-04 02:17 - 00177152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys

==================== One Month Modified Files and Folders =======

2014-01-06 15:39 - 2014-01-05 09:28 - 00000000 ____D C:\FRST
2014-01-06 15:36 - 2013-10-30 09:33 - 00000000 ____D C:\Program Files\StarMoney Business 6.0
2014-01-06 15:29 - 2009-07-14 05:34 - 00016528 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-06 15:29 - 2009-07-14 05:34 - 00016528 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-06 15:23 - 2009-07-14 05:39 - 04986165 _____ C:\Windows\setupact.log
2014-01-06 15:22 - 2011-12-13 14:56 - 00000382 _____ C:\Windows\Tasks\Final Media Player Update Checker.job
2014-01-06 15:22 - 2010-01-01 18:07 - 00000913 _____ C:\Windows\wiso.ini
2014-01-06 15:22 - 2009-12-28 21:07 - 00001088 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-06 15:21 - 2010-06-04 16:05 - 00000000 ____D C:\ProgramData\NVIDIA
2014-01-06 15:21 - 2009-12-29 19:16 - 00000000 _____ C:\Windows\system32\Drivers\lvuvc.hs
2014-01-06 15:21 - 2009-12-28 20:04 - 00656738 _____ C:\Windows\PFRO.log
2014-01-06 15:21 - 2009-07-14 05:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-06 15:20 - 2009-12-28 15:48 - 01827301 _____ C:\Windows\WindowsUpdate.log
2014-01-06 15:17 - 2014-01-06 15:17 - 00000000 ____D C:\Users\admin\AppData\Roaming\Buhl Data Service
2014-01-06 15:17 - 2014-01-06 15:17 - 00000000 ____D C:\Users\admin\AppData\Local\Buhl Data Service
2014-01-06 15:12 - 2012-05-28 18:22 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-06 15:07 - 2009-12-28 21:07 - 00001092 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-06 08:35 - 2011-05-24 09:34 - 00000000 ___RD C:\Users\dsh\Desktop\Dropbox
2014-01-06 08:35 - 2011-05-24 09:31 - 00000000 ____D C:\Users\dsh\AppData\Roaming\Dropbox
2014-01-05 18:31 - 2012-11-24 16:37 - 00000000 ____D C:\Users\admin
2014-01-05 13:39 - 2014-01-05 13:38 - 00000000 ____D C:\Users\dsh\Desktop\Fix
2014-01-05 01:33 - 2014-01-05 01:29 - 00000000 ____D C:\AdwCleaner
2014-01-05 01:16 - 2014-01-05 01:16 - 00000929 _____ C:\Users\Public\Desktop\UltraISO.lnk
2014-01-05 01:16 - 2014-01-05 01:16 - 00000000 ____D C:\Users\admin\Documents\My ISO Files
2014-01-05 01:16 - 2014-01-05 01:16 - 00000000 ____D C:\Program Files\UltraISO
2014-01-05 01:16 - 2014-01-05 01:16 - 00000000 ____D C:\Program Files\Common Files\EZB Systems
2014-01-05 01:15 - 2012-11-24 16:37 - 00069480 _____ C:\Users\admin\AppData\Local\GDIPFONTCACHEV1.DAT
2014-01-04 17:13 - 2009-12-28 19:30 - 00069480 _____ C:\Users\dsh\AppData\Local\GDIPFONTCACHEV1.DAT
2014-01-04 17:13 - 2009-07-14 05:33 - 00307440 _____ C:\Windows\system32\FNTCACHE.DAT
2014-01-04 17:09 - 2014-01-04 17:09 - 00000000 ____D C:\Program Files\Common Files\DESIGNER
2014-01-04 17:09 - 2009-12-28 20:01 - 00000000 ____D C:\Program Files\Microsoft Works
2014-01-04 17:09 - 2009-12-28 17:29 - 00000000 ____D C:\ProgramData\Microsoft Help
2014-01-04 17:09 - 2009-07-14 03:37 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2014-01-04 17:07 - 2009-07-14 09:57 - 00000000 ____D C:\Windows\ShellNew
2014-01-04 13:23 - 2013-12-28 17:14 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Exploit
2014-01-02 17:23 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\system32\NDF
2014-01-02 17:21 - 2012-03-08 12:01 - 00000000 ____D C:\Program Files\StarMoney Business 5.0
2014-01-01 19:53 - 2013-09-08 17:48 - 00000000 ____D C:\Users\admin\AppData\Roaming\Skype
2013-12-31 14:09 - 2013-12-31 14:09 - 00000000 ____D C:\Users\dsh\aktuell
2013-12-31 14:09 - 2009-12-28 16:21 - 00000000 ____D C:\Users\dsh
2013-12-31 11:43 - 2009-07-14 05:53 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-12-30 13:48 - 2013-12-30 13:41 - 340465664 _____ C:\Users\dsh\Downloads\kav_rescue_1032.iso
2013-12-30 13:39 - 2009-12-29 09:42 - 00000706 _____ C:\Users\dsh\Desktop\Eigenen Dateien.lnk
2013-12-30 13:24 - 2009-12-28 21:34 - 00002020 _____ C:\Users\Public\Desktop\Herrnhuter Losungen.lnk
2013-12-30 13:22 - 2013-12-30 13:22 - 09099179 _____ C:\Users\admin\Downloads\Herrnhuter_Losungen_2013_2014_Version3_3_0.exe
2013-12-29 14:40 - 2013-12-29 14:38 - 127944880 _____ C:\Users\admin\Downloads\avira_free_antivirus_de.exe
2013-12-29 14:34 - 2013-12-29 14:34 - 00470056 _____ C:\Users\admin\Downloads\Java.exe
2013-12-29 10:18 - 2013-12-29 08:48 - 00000000 ____D C:\Windows\220FB0354744483A9A0B41DF77061583.TMP
2013-12-29 08:49 - 2013-12-29 08:49 - 00000000 ____D C:\Program Files\Enigma Software Group
2013-12-29 08:48 - 2013-12-29 08:48 - 00001028 _____ C:\Users\Public\Desktop\Picasa 3.lnk
2013-12-29 08:48 - 2013-12-29 08:48 - 00000000 ____D C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google+ Auto Backup
2013-12-29 08:48 - 2013-12-29 08:48 - 00000000 ____D C:\Program Files\Common Files\Wise Installation Wizard
2013-12-29 08:47 - 2009-12-28 21:05 - 00000000 ____D C:\Program Files\Google
2013-12-29 02:05 - 2013-12-29 02:05 - 00000000 ____D C:\Users\dsh\AppData\Roaming\Malwarebytes
2013-12-28 20:05 - 2013-12-28 20:05 - 00001912 _____ C:\Windows\PWCMDLST.BAK
2013-12-28 17:44 - 2012-11-24 16:37 - 00000000 ____D C:\Users\admin\AppData\Local\Google
2013-12-28 17:44 - 2009-12-28 21:05 - 00000000 ____D C:\Users\dsh\AppData\Local\Google
2013-12-28 17:22 - 2013-12-28 17:22 - 00001171 _____ C:\Users\Public\Desktop\MiniTool Partition Wizard Home Edition.lnk
2013-12-28 17:22 - 2013-12-28 17:22 - 00000000 ____D C:\Program Files\MiniTool Partition Wizard Home Edition 8.1.1
2013-12-28 17:21 - 2013-12-28 17:21 - 20772800 _____ (MiniTool Solution Ltd.                                      ) C:\Users\admin\Downloads\pwhe8.exe
2013-12-28 17:16 - 2013-12-28 17:16 - 00000000 ____D C:\Users\admin\AppData\Roaming\Malwarebytes
2013-12-28 17:16 - 2013-12-28 17:16 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-12-26 13:08 - 2011-07-23 11:49 - 00000000 ____D C:\Users\dsh\AppData\Roaming\Apple Computer
2013-12-26 13:06 - 2012-11-24 16:37 - 00000000 ____D C:\Users\admin\AppData\Roaming\Apple Computer
2013-12-26 13:00 - 2013-12-26 12:58 - 00000000 ____D C:\Program Files\Free M4a to MP3 Converter
2013-12-24 09:26 - 2013-12-23 17:50 - 00000000 ____D C:\Users\admin\Desktop\FEG Schließanlage DB
2013-12-23 20:32 - 2013-12-23 20:32 - 04558848 _____ (Google Inc.) C:\Windows\system32\GPhotos.scr
2013-12-23 17:42 - 2013-12-23 17:42 - 00001532 _____ C:\Users\admin\Desktop\Ldb - Verknüpfung.lnk
2013-12-23 17:41 - 2013-12-23 17:41 - 00000000 ____D C:\Program Files\Simons & Voss
2013-12-19 18:35 - 2013-12-19 18:35 - 00806528 _____ C:\Windows\Minidump\121913-51698-01.dmp
2013-12-19 18:35 - 2010-03-01 04:59 - 00000000 ____D C:\Windows\Minidump
2013-12-18 09:45 - 2009-12-28 21:01 - 00000000 ___RD C:\Program Files\Skype
2013-12-18 09:45 - 2009-12-28 21:01 - 00000000 ____D C:\ProgramData\Skype
2013-12-17 15:30 - 2013-05-06 11:16 - 00069240 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-12-17 15:30 - 2012-10-29 10:44 - 00135648 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-12-17 15:30 - 2012-10-29 10:44 - 00090400 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-12-16 11:18 - 2009-12-28 16:26 - 01507342 _____ C:\Windows\system32\PerfStringBackup.INI
2013-12-16 09:09 - 2011-11-19 12:58 - 00002130 _____ C:\Users\Public\Desktop\Google Earth.lnk
2013-12-11 19:49 - 2013-11-15 12:52 - 00000000 ____D C:\Windows\rescache
2013-12-11 18:55 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\system32\de-DE
2013-12-11 18:32 - 2013-08-15 02:06 - 00000000 ____D C:\Windows\system32\MRT
2013-12-11 18:26 - 2009-12-29 08:46 - 88123800 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-12-10 19:23 - 2012-05-28 18:22 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-12-10 19:23 - 2012-05-28 18:22 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-12-09 18:38 - 2009-07-14 05:52 - 00000000 ____D C:\Windows\system32\FxsTmp

Some content of TEMP:
====================
C:\Users\admin\AppData\Local\Temp\avgnt.exe
C:\Users\admin\AppData\Local\Temp\lws_lws.exe
C:\Users\admin\AppData\Local\Temp\mkupdate.exe
C:\Users\admin\AppData\Local\Temp\Mobogenie_Setup_2.1.23_515.exe
C:\Users\admin\AppData\Local\Temp\NEventMessages.dll
C:\Users\admin\AppData\Local\Temp\Show-Password_1030-8101.exe
C:\Users\admin\AppData\Local\Temp\SHSetup.exe
C:\Users\admin\AppData\Local\Temp\SkypeSetup.exe
C:\Users\dsh\AppData\Local\Temp\avgnt.exe
C:\Users\dsh\AppData\Local\Temp\gtalkwmp1.dll
C:\Users\dsh\AppData\Local\Temp\NEventMessages.dll
C:\Users\dsh\AppData\Local\Temp\NOSEventMessages.dll


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-12-30 08:11

==================== End Of Log ============================
--- --- ---

aharonov 06.01.2014 20:13
Hast du auch noch das ESET-Log?

Zitat:
1. Hast du eine Vermutung wo ich mir den Mist eingefangen haben könnte?
Bei der Installation von dem hier: C:\Program Files\Free M4a to MP3 Converter

Zitat:
2.: Was kann ich tun um mich vor Spyware und Co in Zukunft zu schützen? Der Viren-Scanner scheint da ja nicht zu helfen...
Liste mit Tipps kommt am Schluss.


Alle Zeitangaben in WEZ +1. Es ist jetzt 01:33 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131