Trojaner-Board - USB Stick: Verknüpfungen Windows 8.0

Trojaner-Board (https://www.trojaner-board.de/)

- Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)

- - USB Stick: Verknüpfungen Windows 8.0 (https://www.trojaner-board.de/148105-usb-stick-verknuepfungen-windows-8-0-a.html)

USB Stick: Verknüpfungen Windows 8.0

Hey Trojaner-Board-Nutzer,

ich war vor 2 Stunden in einem Copy-Shop, um meine Masterarbeit probeweise ausdrucken zu lassen. Auf Papier fallen mir mehr Wortdreher und Rechtschreibfehler auf als am Bildschirm. Zu diesem Zweck habe ich dort meinen USB-Stick an einen PC angeschlossen. Habe das Dokument ausgedruckt und 3 Minuten später den USB-Stick (nicht sicher) entfernt.

Als ich zuhause wieder ankam, schloss ich den USB-Stick wieder an. Jetzt waren aber überall nicht mehr die Dateien, sondern nur noch Verknüpfungen vorzufinden!!!
Eine kurze Recherche zeigt mir, dass ich mir vermutlich einen Virus oder Trojaner eingefangen habe. Ist natürlich zum Kotzen, weil ich meine Masterarbeit am 27. Jan abgeben muss.

Den USB-Stick habe ich kurzerhand formatiert. Der ist jetzt platt. Dort sind jetzt keine Dateien mehr drauf.

Anti Malware hat jedoch nichts gefunden auf meinem Rechner!

Code:

Malwarebytes Anti-Malware 1.75.0.1300

www.malwarebytes.org
 

Datenbank Version: v2014.01.17.05
 

Windows 8 x64 NTFS

Internet Explorer 10.0.9200.16750

Seb :: SEBASTIAN [Administrator]
 

17.01.2014 16:59:11

mbam-log-2014-01-17 (16-59-11).txt
 

Art des Suchlaufs: Vollständiger Suchlauf (C:\|E:\|)

Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM

Deaktivierte Suchlaufeinstellungen: P2P

Durchsuchte Objekte: 493309

Laufzeit: 24 Minute(n), 1 Sekunde(n)
 

Infizierte Speicherprozesse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungswerte: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateiobjekte der Registrierung: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien: 0

(Keine bösartigen Objekte gefunden)
 

(Ende)

Für mich ist von Interesse: Ist mein Rechner in irgendeiner Form infiziert? Geht von dem USB-Stick trotzdem weiterhin eine Gefahr aus?

Vielen Dank schon einmal für eure Bemühungen!

Nachtrag: Hier ist noch das FRST-Log.

FRST Logfile:

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-01-2014 02

Ran by Seb (administrator) on SEBASTIAN on 17-01-2014 17:31:57

Running from C:\Users\Seb\Downloads

Windows 8 (X64) OS Language: German Standard

Internet Explorer Version 10

Boot Mode: Normal
 
 
 

==================== Processes (Whitelisted) =================
 

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

() C:\Program Files\TOSHIBA\LANDriver\TNSSVC.exe

(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe

(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe

(Microsoft Corporation) C:\Windows\System32\dasHost.exe

(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe

(Intel Corporation) C:\Windows\SysWOW64\irstrtsv.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe

(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe

(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe

() C:\Program Files (x86)\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe

(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe

(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe

(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe

(Software 2000 Limited) C:\Windows\System32\spool\drivers\x64\3\HP1006MC.EXE

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe

(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe

(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe

(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe

(Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe

(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

(Microsoft Corporation) C:\Program Files\Zune\WMZuneComm.exe

(Microsoft Corporation) C:\Windows\System32\wlanext.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

(SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe

(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\System Setting\TSleepSrv.exe

() C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe

() C:\Program Files\TOSHIBA\Hotkey\Hotkey\TCrdKBB.exe

(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoResident.exe

(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe

(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

(Intel Corporation) C:\Windows\System32\igfxtray.exe

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

(Spotify Ltd) C:\Users\Seb\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe

(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe

(Intel Corporation) C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe

(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe

(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin

(Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe

(Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe

(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe

(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe

(Microsoft Corporation) C:\Windows\System32\wscript.exe

(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

(Microsoft Corporation) C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe

(Microsoft Corporation) C:\Windows\splwow64.exe

(Farbar) C:\Users\Seb\Downloads\FRST64(1).exe
 
 

==================== Registry (Whitelisted) ==================
 

HKLM\...\Run: [] - [x]

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13197456 2012-09-28] (Realtek Semiconductor)

HKLM\...\Run: [SRS Premium Sound 3D] - C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe [2170784 2012-07-27] (SRS Labs, Inc.)

HKLM\...\Run: [TSleepSrv] - C:\Program Files (x86)\TOSHIBA\System Setting\TSleepSrv.exe [1548952 2012-08-05] (TOSHIBA Corporation)

HKLM\...\Run: [TODDMain] - C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe [213136 2012-08-05] ()

HKLM\...\Run: [TCrdMain] - C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2609064 2012-08-30] ()

HKLM\...\Run: [TOSDCR] - C:\Program Files\TOSHIBA\PasswordUtility\TOSDCR.exe [169296 2007-08-28] ()

HKLM\...\Run: [TecoResident] - C:\Program Files\TOSHIBA\Teco\TecoResident.exe [169896 2012-08-14] (TOSHIBA Corporation)

HKLM\...\Run: [TosWaitSrv] - C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [356776 2012-07-11] (TOSHIBA Corporation)

HKLM\...\Run: [Acronis Scheduler2 Service] - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [140568 2007-08-31] (Acronis)

HKLM\...\Run: [Zune Launcher] - C:\Program Files\Zune\ZuneLauncher.exe [163552 2011-08-05] (Microsoft Corporation)

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2916152 2012-08-16] (Synaptics Incorporated)

HKLM\...\Run: [Ocs_SM] - C:\Users\Seb\AppData\Roaming\OCS\SM\SearchAnonymizer.exe

HKLM-x32\...\Run: [Intel AppUp(SM) center] - C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-08-01] (Intel Corporation)

HKLM-x32\...\Run: [TOSDCR] - %ProgramFiles%\TOSHIBA\PasswordUtility\TOSDCR.exe

HKLM-x32\...\Run: [ATLauncher] - "C:\Program Files\McAfee\MSC\OOBE\ATLauncher.exe" /createshortcuts:1

HKLM-x32\...\Run: [TrueImageMonitor.exe] - C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [2622232 2007-08-31] (Acronis)

HKLM-x32\...\Run: [AcronisTimounterMonitor] - C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe [907040 2007-08-31] (Acronis)

HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)

HKLM-x32\...\Run: [] - [x]

HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [684600 2013-12-12] (Avira Operations GmbH & Co. KG)

HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-10-23] (Apple Inc.)

HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)

HKLM-x32\...\Run: [LogMeIn Hamachi Ui] - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3806544 2013-11-29] (LogMeIn Inc.)

Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

HKCU\...\Run: [Spotify Web Helper] - C:\Users\Seb\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171968 2014-01-13] (Spotify Ltd)

HKCU\...\Run: [Spotify] - C:\Users\Seb\AppData\Roaming\Spotify\spotify.exe [6118400 2014-01-13] (Spotify Ltd)

HKCU\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3673728 2012-11-06] (DT Soft Ltd)

HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [18642024 2013-02-28] (Skype Technologies S.A.)

HKCU\...\Run: [jSugLyCC] - C:\Users\Seb\AppData\Local\Temp\jSugLyCC.vbs [137593 2013-10-11] () <===== ATTENTION

MountPoints2: {0f0074c4-8e4a-11e2-be83-c8f733913623} - "D:\autorun.exe" 

Lsa: [Authentication Packages] msv1_0 relog_ap

Startup: C:\Users\Seb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\jSugLyCC.vbs ()

Startup: C:\Users\Seb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk

ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
 

==================== Internet (Whitelisted) ====================
 

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com

URLSearchHook: HKCU - UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll No File

SearchScopes: HKLM - DefaultScope {09A69234-BD08-4395-99EF-968D786EBEF5} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MATMJS

SearchScopes: HKLM - {09A69234-BD08-4395-99EF-968D786EBEF5} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MATMJS

SearchScopes: HKLM-x32 - {09A69234-BD08-4395-99EF-968D786EBEF5} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MATMJS

SearchScopes: HKCU - DefaultScope {09A69234-BD08-4395-99EF-968D786EBEF5} URL = 

SearchScopes: HKCU - {09A69234-BD08-4395-99EF-968D786EBEF5} URL = 

SearchScopes: HKCU - {0D0A5AAB-0496-4E6D-A8B4-23E3C7F2BE76} URL = hxxp://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=482246c3-5a70-4c9b-a7f3-e95a31257b7e&pid=winsoftware&mode=bounce&k=0

SearchScopes: HKCU - {11A60F73-1755-4F6F-ADCE-055B281B28EF} URL = hxxp://de.wikipedia.org.anonymize-me.de/?to=64652E77696B6970656469612E6F7267&st={searchTerms}&clid=482246c3-5a70-4c9b-a7f3-e95a31257b7e&pid=winsoftware&mode=bounce&k=0

SearchScopes: HKCU - {6D21CB17-F094-4684-91C8-E11FF35FBC07} URL = hxxp://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=482246c3-5a70-4c9b-a7f3-e95a31257b7e&pid=winsoftware&mode=bounce&k=0

SearchScopes: HKCU - {A6E5E866-A470-4A80-AF5C-B1804687A57D} URL = hxxp://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=482246c3-5a70-4c9b-a7f3-e95a31257b7e&pid=winsoftware&mode=bounce&k=0

SearchScopes: HKCU - {C5C3BA41-2C8B-4EED-BC30-51719505E02B} URL = hxxp://search.ebay.de.anonymize-me.de/?to=656261792E6465&st={searchTerms}&clid=482246c3-5a70-4c9b-a7f3-e95a31257b7e&pid=winsoftware&mode=bounce&k=0

SearchScopes: HKCU - {D972F157-658E-4511-8466-9F666F06C8A4} URL = hxxp://www.amazon.de.anonymize-me.de/?to=616D617A6F6E2E6465&st={searchTerms}&clid=482246c3-5a70-4c9b-a7f3-e95a31257b7e&pid=winsoftware&mode=bounce&k=0

BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)

BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

DPF: HKLM-x32 {538793D5-659C-4639-A56C-A179AD87ED44} https://vpngate.uni-koeln.de/CACHE/stc/3/binaries/vpnweb.cab

Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
 

FireFox:

========

FF ProfilePath: C:\Users\Seb\AppData\Roaming\Mozilla\Firefox\Profiles\2xnekie7.default

FF SearchEngineOrder.1: Ask.com

FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()

FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()

FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\windows\SysWOW64\Adobe\Director\np32dsw_1207148.dll (Adobe Systems, Inc.)

FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)

FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)

FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin-x32: @Nero.com/KM - C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)

FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()

FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF SearchPlugin: C:\Users\Seb\AppData\Roaming\Mozilla\Firefox\Profiles\2xnekie7.default\searchplugins\youtube-videosuche.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml

FF Extension: Preispilot - C:\Users\Seb\AppData\Roaming\Mozilla\Firefox\Profiles\2xnekie7.default\Extensions\extension@preispilot.com.xpi [2013-12-16]

FF Extension: Adblock Plus - C:\Users\Seb\AppData\Roaming\Mozilla\Firefox\Profiles\2xnekie7.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-09-27]

FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK

FF HKCU\...\Firefox\Extensions: [extension@preispilot.com] - C:\Users\Seb\AppData\Roaming\Mozilla\Firefox\Profiles\2xnekie7.default\extensions\extension@preispilot.com
 

==================== Services (Whitelisted) =================
 

U2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376 2013-12-12] (Avira Operations GmbH & Co. KG)

U2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376 2013-11-14] (Avira Operations GmbH & Co. KG)

U2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1011768 2013-12-12] (Avira Operations GmbH & Co. KG)

U2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)

U2 irstrtsv; C:\windows\SysWOW64\irstrtsv.exe [193576 2012-07-20] (Intel Corporation)

U2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)

U2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [377104 2013-10-11] (LogMeIn, Inc.)

U3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [288776 2013-09-06] (McAfee, Inc.)

U3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-08-28] ()

U2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [201360 2012-08-31] (Realtek Semiconductor)

U3 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [116088 2013-07-18] (Toshiba Europe GmbH)

U2 TNSSVC; C:\Program Files\Toshiba\LANDriver\TNSSVC.exe [40944 2012-09-07] ()

U2 TryAndDecideService; C:\Program Files (x86)\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe [498872 2007-08-31] ()

U3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-07-02] (Microsoft Corporation)

U2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3378416 2013-08-28] (Intel® Corporation)

U2 McOobeSv2; "C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe" /McCoreSvc [x]

U2 McSchedulerSvc; "C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe" /McCoreSvc [x]
 

==================== Drivers (Whitelisted) ====================
 

U2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-12] (Avira Operations GmbH & Co. KG)

U1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [131576 2013-12-12] (Avira Operations GmbH & Co. KG)

U1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2013-11-14] (Avira Operations GmbH & Co. KG)

U3 CVPNDRVA; C:\windows\system32\Drivers\CVPNDRVA.sys [306536 2011-03-04] ()

U1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283200 2013-03-30] (DT Soft Ltd)

U3 e1cexpress; C:\Windows\system32\DRIVERS\e1c63x64.sys [452432 2012-08-10] (Intel Corporation)

U3 hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [46136 2013-11-29] (LogMeIn Inc.)

U3 irstrtdv; C:\Windows\System32\drivers\irstrtdv.sys [43800 2012-07-20] (Intel Corporation)

U3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3345376 2013-10-08] (Intel Corporation)

U3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [28632 2012-07-31] (Windows (R) Win 7 DDK provider)

U3 XHCIPort; C:\Windows\System32\drivers\XHCIPort.sys [188384 2012-08-10] (Windows (R) Win 7 DDK provider)

U5 AppMgmt; C:\Windows\system32\svchost.exe [29696 2012-09-20] (Microsoft Corporation)

U3 vpnva; \SystemRoot\system32\DRIVERS\vpnva64-6.sys [x]
 

==================== NetSvcs (Whitelisted) ===================
 
 

==================== One Month Created Files and Folders ========
 

2014-01-17 17:31 - 2014-01-17 17:31 - 02075648 _____ (Farbar) C:\Users\Seb\Downloads\FRST64(1).exe

2014-01-15 22:38 - 2014-01-15 22:43 - 00000000 ____D C:\Users\Seb\Documents\Bewerbung Ebner Stolz

2014-01-15 14:53 - 2014-01-15 14:53 - 00005402 _____ C:\windows\SysWOW64\jupdate-1.7.0_51-b13.log

2014-01-12 18:50 - 2014-01-12 20:00 - 00000000 ____D C:\Users\Seb\Documents\Hannah Arendt

2014-01-10 22:57 - 2014-01-10 22:57 - 00000000 ____D C:\Users\Seb\Desktop\Ivan Musik

2014-01-04 22:37 - 2014-01-04 22:37 - 00000000 ____D C:\windows\SysWOW64\Adobe

2013-12-23 18:48 - 2013-12-23 18:49 - 00000000 ___DC C:\Users\Seb\AppData\Local\MigWiz

2013-12-21 19:43 - 2013-12-21 19:43 - 00002064 _____ C:\Users\Public\Desktop\Counter-Strike 1.6 DigitalZone.lnk

2013-12-21 19:43 - 2013-12-21 19:43 - 00002035 _____ C:\Users\Public\Desktop\Half-Life DigitalZone.lnk

2013-12-21 19:42 - 2013-12-21 19:43 - 00000000 ____D C:\Program Files (x86)\Counter-Strike 1.6 V40

2013-12-20 01:24 - 2013-12-20 01:25 - 00000000 ____D C:\Users\Seb\Documents\Internationales Steuerrecht

2013-12-19 21:44 - 2013-12-19 21:44 - 00001648 _____ C:\Users\Public\Desktop\Empire Earth.lnk

2013-12-19 20:54 - 2013-12-19 20:54 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi
 

==================== One Month Modified Files and Folders =======
 

2014-01-17 17:31 - 2014-01-17 17:31 - 02075648 _____ (Farbar) C:\Users\Seb\Downloads\FRST64(1).exe

2014-01-17 17:31 - 2013-12-06 15:33 - 00020260 _____ C:\Users\Seb\Downloads\FRST.txt

2014-01-17 17:24 - 2013-07-03 17:03 - 00001124 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-01-17 17:00 - 2012-07-26 09:12 - 00000000 ____D C:\windows\system32\sru

2014-01-17 16:51 - 2013-03-16 16:53 - 00000884 _____ C:\windows\Tasks\Adobe Flash Player Updater.job

2014-01-17 16:26 - 2012-08-01 17:38 - 00753134 _____ C:\windows\system32\perfh007.dat

2014-01-17 16:26 - 2012-08-01 17:38 - 00155826 _____ C:\windows\system32\perfc007.dat

2014-01-17 16:26 - 2012-07-26 08:28 - 01745416 _____ C:\windows\system32\PerfStringBackup.INI

2014-01-17 15:46 - 2013-03-17 05:11 - 01170079 _____ C:\windows\WindowsUpdate.log

2014-01-17 15:44 - 2013-03-17 05:11 - 00000000 ___RD C:\Users\Seb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

2014-01-17 15:43 - 2013-09-05 10:06 - 00000000 ____D C:\Users\Seb\Documents\MASTERARBEIT

2014-01-17 15:26 - 2013-07-03 17:03 - 00001120 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-01-17 13:17 - 2013-03-16 17:24 - 00000000 ____D C:\Users\Seb\AppData\Roaming\Spotify

2014-01-16 02:45 - 2013-03-16 13:01 - 00000000 ____D C:\Users\Seb\Documents\Seminararbeit

2014-01-15 23:56 - 2013-07-15 20:37 - 00000000 ____D C:\windows\system32\MRT

2014-01-15 23:54 - 2013-03-18 22:28 - 86054176 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe

2014-01-15 22:43 - 2014-01-15 22:38 - 00000000 ____D C:\Users\Seb\Documents\Bewerbung Ebner Stolz

2014-01-15 22:20 - 2013-12-06 00:14 - 00001412 _____ C:\Users\Seb\Desktop\ComboFix - Verknüpfung.lnk

2014-01-15 21:43 - 2013-09-07 13:54 - 00000000 ____D C:\Users\Seb\Documents\KKH Allianz

2014-01-15 14:53 - 2014-01-15 14:53 - 00005402 _____ C:\windows\SysWOW64\jupdate-1.7.0_51-b13.log

2014-01-15 14:53 - 2013-11-23 16:04 - 00000000 ____D C:\ProgramData\Oracle

2014-01-15 14:53 - 2013-11-23 16:04 - 00000000 ____D C:\Program Files (x86)\Java

2014-01-14 22:21 - 2013-03-16 17:24 - 00000000 ____D C:\Users\Seb\AppData\Local\Spotify

2014-01-14 15:10 - 2013-03-21 23:39 - 00000000 ____D C:\ProgramData\Microsoft Help

2014-01-12 20:00 - 2014-01-12 18:50 - 00000000 ____D C:\Users\Seb\Documents\Hannah Arendt

2014-01-10 22:57 - 2014-01-10 22:57 - 00000000 ____D C:\Users\Seb\Desktop\Ivan Musik

2014-01-10 17:38 - 2012-07-26 09:12 - 00000000 ____D C:\windows\AUInstallAgent

2014-01-09 09:02 - 2013-12-12 23:48 - 00694240 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe

2014-01-09 09:02 - 2013-12-12 23:48 - 00078296 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl

2014-01-04 22:37 - 2014-01-04 22:37 - 00000000 ____D C:\windows\SysWOW64\Adobe

2013-12-27 14:13 - 2013-03-16 12:27 - 00000000 ____D C:\Users\Seb\Documents\Bachelor Arbeit

2013-12-23 18:49 - 2013-12-23 18:48 - 00000000 ___DC C:\Users\Seb\AppData\Local\MigWiz

2013-12-21 19:45 - 2012-07-26 08:22 - 00000006 ____H C:\windows\Tasks\SA.DAT

2013-12-21 19:44 - 2012-07-26 06:26 - 00262144 ___SH C:\windows\system32\config\BBI

2013-12-21 19:43 - 2013-12-21 19:43 - 00002064 _____ C:\Users\Public\Desktop\Counter-Strike 1.6 DigitalZone.lnk

2013-12-21 19:43 - 2013-12-21 19:43 - 00002035 _____ C:\Users\Public\Desktop\Half-Life DigitalZone.lnk

2013-12-21 19:43 - 2013-12-21 19:42 - 00000000 ____D C:\Program Files (x86)\Counter-Strike 1.6 V40

2013-12-21 19:29 - 2013-03-31 13:48 - 00000000 ____D C:\Users\Seb\Desktop\Spiele

2013-12-20 20:18 - 2013-03-30 21:03 - 00000000 ____D C:\Users\Seb\Documents\Command and Conquer Generals Data

2013-12-20 01:25 - 2013-12-20 01:24 - 00000000 ____D C:\Users\Seb\Documents\Internationales Steuerrecht

2013-12-19 21:47 - 2013-03-16 21:54 - 00021840 ____T C:\windows\SysWOW64\SIntfNT.dll

2013-12-19 21:47 - 2013-03-16 21:54 - 00017212 ____T C:\windows\SysWOW64\SIntf32.dll

2013-12-19 21:47 - 2013-03-16 21:54 - 00012067 ____T C:\windows\SysWOW64\SIntf16.dll

2013-12-19 21:44 - 2013-12-19 21:44 - 00001648 _____ C:\Users\Public\Desktop\Empire Earth.lnk

2013-12-19 21:44 - 2013-03-16 21:52 - 00026392 _____ C:\windows\Directx.log

2013-12-19 21:44 - 2013-03-16 21:48 - 00000224 _____ C:\windows\SIERRA.INI

2013-12-19 21:44 - 2012-11-08 23:50 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information

2013-12-19 20:55 - 2013-03-16 22:56 - 00000000 ____D C:\Users\Seb\AppData\Local\LogMeIn Hamachi

2013-12-19 20:54 - 2013-12-19 20:54 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi

2013-12-19 20:53 - 2013-01-15 01:41 - 00000000 ____D C:\Program Files\Common Files\Intel

2013-12-19 01:36 - 2013-12-02 02:54 - 00010622 _____ C:\Users\Seb\Downloads\Pokemon Gold (D)7.sgm

2013-12-19 01:36 - 2013-11-26 22:56 - 00032812 _____ C:\Users\Seb\Downloads\Pokemon Gold (D).sav

2013-12-18 21:09 - 2013-11-23 16:04 - 00096168 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll

2013-12-18 21:04 - 2013-11-23 16:04 - 00264616 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe

2013-12-18 21:04 - 2013-11-23 16:04 - 00175016 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe

2013-12-18 21:03 - 2013-11-23 16:04 - 00174504 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe
 

Files to move or delete:

====================

C:\Users\Seb\AppData\Local\Temp\jSugLyCC.vbs
 
 

Some content of TEMP:

====================

C:\Users\ADMINI~1\AppData\Local\Temp\PresentationCore.dll

C:\Users\ADMINI~1\AppData\Local\Temp\PresentationFramework.dll

C:\Users\ADMINI~1\AppData\Local\Temp\ReachFramework.dll

C:\Users\ADMINI~1\AppData\Local\Temp\UIAutomationProvider.dll

C:\Users\ADMINI~1\AppData\Local\Temp\UIAutomationTypes.dll

C:\Users\ADMINI~1\AppData\Local\Temp\WindowsBase.dll

C:\Users\ADMINI~1\AppData\Local\Temp\WindowsFormsIntegration.dll

C:\Users\Seb\AppData\Local\Temp\20131210084202172jniverify.dll

C:\Users\Seb\AppData\Local\Temp\20131210084853375jniverify.dll

C:\Users\Seb\AppData\Local\Temp\avgnt.exe

C:\Users\Seb\AppData\Local\Temp\drm_dyndata_7380009.dll

C:\Users\Seb\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe

C:\Users\Seb\AppData\Local\Temp\Quarantine.exe

C:\Users\Seb\AppData\Local\Temp\vpnclient_setup.exe
 
 

==================== Bamital & volsnap Check =================
 

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\rpcss.dll => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 

LastRegBack: 2014-01-17 12:57
 

==================== End Of Log ============================

--- --- ---

--- --- ---

Sticks anklemmen, nicht mehr abmachen.

Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel

Link 1

WICHTIG - Speichere Combofix auf deinem Desktop

Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

starte den Rechner einfach neu. Dies sollte das Problem beheben.

Code:

ComboFix 14-01-16.03 - Seb 17.01.2014  19:50:08.3.4 - x64

Microsoft Windows 8  6.2.9200.0.1252.49.1031.18.3990.1699 [GMT 1:00]

ausgeführt von:: c:\users\Seb\Downloads\ComboFix.exe

AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}

AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\vpngui.exe.lnk

c:\windows\Installer\{5FDC06BF-3D3D-4367-8FFB-4FAFCB61972D}\Icon09DB8A851.exe

.

.

(((((((((((((((((((((((   Dateien erstellt von 2013-12-17 bis 2014-01-17  ))))))))))))))))))))))))))))))

.

.

2014-01-17 18:53 . 2014-01-17 18:53        --------        d-----w-        c:\users\Default\AppData\Local\temp

2014-01-17 18:53 . 2014-01-17 18:53        --------        d-----w-        c:\users\ADMINI~1\AppData\Local\temp

2014-01-17 14:44 . 2013-10-11 11:18        137593        --sha-w-        c:\users\Seb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\jSugLyCC.vbs

2014-01-04 21:37 . 2014-01-04 21:37        --------        d-----w-        c:\windows\SysWow64\Adobe

2013-12-28 18:54 . 2013-12-28 18:54        236208        ----a-w-        c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10229.bin

2013-12-23 17:48 . 2013-12-23 17:49        --------        dc----w-        c:\users\Seb\AppData\Local\MigWiz

2013-12-21 18:42 . 2013-12-21 18:43        --------        d-----w-        c:\program files (x86)\Counter-Strike 1.6 V40

2013-12-19 19:54 . 2013-12-19 19:54        --------        d-----w-        c:\program files (x86)\LogMeIn Hamachi

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2014-01-15 22:54 . 2013-03-18 21:28        86054176        ----a-w-        c:\windows\system32\MRT.exe

2014-01-09 08:02 . 2013-12-12 22:48        78296        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2014-01-09 08:02 . 2013-12-12 22:48        694240        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe

2013-12-19 20:47 . 2013-03-16 20:54        21840        ----atw-        c:\windows\SysWow64\SIntfNT.dll

2013-12-19 20:47 . 2013-03-16 20:54        17212        ----atw-        c:\windows\SysWow64\SIntf32.dll

2013-12-19 20:47 . 2013-03-16 20:54        12067        ----atw-        c:\windows\SysWow64\SIntf16.dll

2013-12-18 20:09 . 2013-11-23 15:04        96168        ----a-w-        c:\windows\SysWow64\WindowsAccessBridge-32.dll

2013-12-12 12:23 . 2013-05-08 09:50        84720        ----a-w-        c:\windows\system32\drivers\avnetflt.sys

2013-12-12 12:23 . 2013-04-01 10:26        131576        ----a-w-        c:\windows\system32\drivers\avipbb.sys

2013-12-12 12:23 . 2013-04-01 10:26        108440        ----a-w-        c:\windows\system32\drivers\avgntflt.sys

2013-12-06 11:29 . 2013-12-06 11:29        91352        ----a-w-        c:\windows\system32\drivers\mbamchameleon.sys

2013-11-29 15:19 . 2013-11-29 15:19        46136        ---ha-w-        c:\windows\system32\drivers\Hamdrv.sys

2013-11-23 15:01 . 2013-10-24 21:39        73216        ----a-w-        c:\windows\system32\drivers\silabser.sys

2013-11-23 15:01 . 2013-10-24 21:39        27336        ----a-w-        c:\windows\system32\drivers\silabenm.sys

2013-11-23 06:43 . 2013-12-12 12:39        420864        ----a-w-        c:\windows\system32\WMPhoto.dll

2013-11-23 05:05 . 2013-12-12 12:39        368640        ----a-w-        c:\windows\SysWow64\WMPhoto.dll

2013-11-14 12:57 . 2013-04-01 10:26        28600        ----a-w-        c:\windows\system32\drivers\avkmgr.sys

2013-11-06 23:18 . 2013-12-11 22:26        4036608        ----a-w-        c:\windows\system32\win32k.sys

2013-11-01 05:38 . 2013-12-12 12:39        312320        ----a-w-        c:\windows\system32\msieftp.dll

2013-11-01 03:49 . 2013-12-12 12:39        273408        ----a-w-        c:\windows\SysWow64\msieftp.dll

2013-11-01 02:22 . 2013-11-01 02:22        27032        ----a-w-        c:\windows\system32\drivers\tosrfec.sys

2013-10-25 06:19 . 2013-12-11 22:26        51712        ----a-w-        c:\windows\system32\ie4uinit.exe

2013-10-25 06:19 . 2013-12-11 22:26        2241536        ----a-w-        c:\windows\system32\wininet.dll

2013-10-25 06:19 . 2013-12-11 22:26        915968        ----a-w-        c:\windows\system32\uxtheme.dll

2013-10-25 06:19 . 2013-12-11 22:26        1365504        ----a-w-        c:\windows\system32\urlmon.dll

2013-10-25 06:18 . 2013-12-11 22:26        19271168        ----a-w-        c:\windows\system32\mshtml.dll

2013-10-25 06:18 . 2013-12-11 22:26        603136        ----a-w-        c:\windows\system32\msfeeds.dll

2013-10-25 06:17 . 2013-12-11 22:26        855552        ----a-w-        c:\windows\system32\jscript.dll

2013-10-25 06:17 . 2013-12-11 22:26        3959808        ----a-w-        c:\windows\system32\jscript9.dll

2013-10-25 06:17 . 2013-12-11 22:26        2648576        ----a-w-        c:\windows\system32\iertutil.dll

2013-10-25 06:17 . 2013-12-11 22:26        15404032        ----a-w-        c:\windows\system32\ieframe.dll

2013-10-25 04:45 . 2013-12-11 22:26        1767936        ----a-w-        c:\windows\SysWow64\wininet.dll

2013-10-25 04:43 . 2013-12-11 22:26        2877952        ----a-w-        c:\windows\SysWow64\jscript9.dll

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Spotify Web Helper"="c:\users\Seb\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2014-01-13 1171968]

"Spotify"="c:\users\Seb\AppData\Roaming\Spotify\spotify.exe" [2014-01-13 6118400]

"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-11-06 3673728]

"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-02-28 18642024]

"jSugLyCC"="wscript.exe" [2012-07-26 131584]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"Intel AppUp(SM) center"="c:\program files (x86)\Intel\IntelAppStore\bin\ismagent.exe" [2012-08-01 155488]

"TrueImageMonitor.exe"="c:\program files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" [2007-08-31 2622232]

"AcronisTimounterMonitor"="c:\program files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe" [2007-08-31 907040]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]

"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-12-12 684600]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-10-23 152392]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]

"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2013-11-29 3806544]

.

c:\users\Seb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

jSugLyCC.vbs [2013-10-11 137593]

OpenOffice.org 3.4.1.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2012-8-13 1199104]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\StartUp\

McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.8.130\SSScheduler.exe [2013-9-6 324320]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"EnableUIADesktopToggle"= 0 (0x0)

"EnableCursorSuppression"= 1 (0x1)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLinkedConnections"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]

"Userinit"="userinit.exe"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc]

@=""

.

R2 McOobeSv2;McAfee OOBE Service2;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x]

R2 McSchedulerSvc;McAfee PC Task Scheduler Service;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]

R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]

R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys;c:\windows\SYSNATIVE\drivers\intelaud.sys [x]

R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.8.130\McCHSvc.exe;c:\program files\McAfee Security Scan\3.8.130\McCHSvc.exe [x]

R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]

R3 silabenm;Silicon Labs CP210x USB to UART Bridge Serial Port Enumerator Driver;c:\windows\system32\DRIVERS\silabenm.sys;c:\windows\SYSNATIVE\DRIVERS\silabenm.sys [x]

R3 silabser;Silicon Labs CP210x USB to UART Bridge Driver;c:\windows\system32\DRIVERS\silabser.sys;c:\windows\SYSNATIVE\DRIVERS\silabser.sys [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\System32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]

R3 WSDScan;WSD-Scanunterstützung;c:\windows\System32\drivers\WSDScan.sys;c:\windows\SYSNATIVE\drivers\WSDScan.sys [x]

R3 XHCIPort;USB-IF xHCI USB Host Controller;c:\windows\System32\drivers\XHCIPort.sys;c:\windows\SYSNATIVE\drivers\XHCIPort.sys [x]

S0 iaStorA;iaStorA;c:\windows\System32\drivers\iaStorA.sys;c:\windows\SYSNATIVE\drivers\iaStorA.sys [x]

S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]

S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\System32\drivers\dtsoftbus01.sys;c:\windows\SYSNATIVE\drivers\dtsoftbus01.sys [x]

S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]

S2 AntiVirWebService;Avira Browser-Schutz;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [x]

S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [x]

S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]

S2 Intel(R) ME Service;Intel(R) ME Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [x]

S2 irstrtsv;Intel(R) Rapid Start Technology Service;c:\windows\SysWOW64\irstrtsv.exe;c:\windows\SysWOW64\irstrtsv.exe [x]

S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]

S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [x]

S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x]

S2 RtkAudioService;Realtek Audio Service;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe [x]

S2 TNSSVC;TOSHIBA Network Service;c:\program files\Toshiba\LANDriver\TNSSVC.exe;c:\program files\Toshiba\LANDriver\TNSSVC.exe [x]

S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\Teco\TecoService.exe;c:\program files\TOSHIBA\Teco\TecoService.exe [x]

S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys;c:\windows\SYSNATIVE\DRIVERS\TVALZFL.sys [x]

S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]

S2 ZeroConfigService;Intel(R) PROSet/Wireless Zero Configuration Service;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe [x]

S3 dc3d;Microsoft-Hardware – Geräteerkennungstreiber;c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]

S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]

S3 irstrtdv;Intel(R) Rapid Start Technology Driver;c:\windows\System32\drivers\irstrtdv.sys;c:\windows\SYSNATIVE\drivers\irstrtdv.sys [x]

S3 iwdbus;IWD Bus Enumerator;c:\windows\System32\drivers\iwdbus.sys;c:\windows\SYSNATIVE\drivers\iwdbus.sys [x]

S3 NETwNe64;Intel(R) Wireless WiFi Link der Serie 5000 Adaptertreiber für Windows 8 64-Bit;c:\windows\system32\DRIVERS\NETwew00.sys;c:\windows\SYSNATIVE\DRIVERS\NETwew00.sys [x]

S3 risdxc;risdxc;c:\windows\System32\drivers\risdxc64.sys;c:\windows\SYSNATIVE\drivers\risdxc64.sys [x]

S3 TemproMonitoringService;TEMPRO Service;c:\program files (x86)\Toshiba TEMPRO\TemproSvc.exe;c:\program files (x86)\Toshiba TEMPRO\TemproSvc.exe [x]

S3 TMachInfo;TMachInfo;c:\program files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe;c:\program files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [x]

S3 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\System32\drivers\tos_sps64.sys;c:\windows\SYSNATIVE\drivers\tos_sps64.sys [x]

S3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [x]

S3 WUDFWpdMtp;WUDFWpdMtp;c:\windows\system32\DRIVERS\WUDFRd.sys;c:\windows\SYSNATIVE\DRIVERS\WUDFRd.sys [x]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{A6EADE66-0000-0000-484E-7E8A45000000}]

2013-09-05 14:04        215416        ----a-w-        c:\program files (x86)\Adobe\Reader 11.0\Esl\AiodLite.dll

.

Inhalt des "geplante Tasks" Ordners

.

2014-01-17 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-03-16 18:51]

.

2014-01-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-07-03 16:03]

.

2014-01-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-07-03 16:03]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-09-28 13197456]

"SRS Premium Sound 3D"="c:\program files\SRS Labs\SRS Control Panel\SRSPanel_64.exe" [2012-07-27 2170784]

"TSleepSrv"="c:\program files (x86)\TOSHIBA\System Setting\TSleepSrv.exe" [2012-08-04 1548952]

"TODDMain"="c:\program files (x86)\TOSHIBA\System Setting\TODDMain.exe" [2012-08-04 213136]

"TecoResident"="c:\program files\TOSHIBA\Teco\TecoResident.exe" [2012-08-14 169896]

"Acronis Scheduler2 Service"="c:\program files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" [2007-08-31 140568]

"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2011-08-05 163552]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2013-03-06 171992]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2013-03-06 399832]

"Persistence"="c:\windows\system32\igfxpers.exe" [2013-03-06 442328]

.

------- Zusätzlicher Suchlauf -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.google.com

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: An OneNote s&enden - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105

IE: Free YouTube Download - c:\program files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm

IE: Free YouTube to MP3 Converter - c:\program files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm

IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.178.1

TCP: Interfaces\{29B6E8FC-F9C8-4E13-8AAB-3F5F5C4C4EAF}\354525543554D414E4E4: NameServer = 192.168.178.1

TCP: Interfaces\{29B6E8FC-F9C8-4E13-8AAB-3F5F5C4C4EAF}\75C414E4D2339364331373: NameServer = 192.168.178.1

DPF: {538793D5-659C-4639-A56C-A179AD87ED44} - hxxps://vpngate.uni-koeln.de/CACHE/stc/3/binaries/vpnweb.cab

FF - ProfilePath - c:\users\Seb\AppData\Roaming\Mozilla\Firefox\Profiles\2xnekie7.default\

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -

.

URLSearchHooks-{00000000-6E41-4FD3-8538-502F5495E5FC} - c:\program files (x86)\Ask.com\GenericAskToolbar.dll

Toolbar-Locked - (no file)

Wow6432Node-HKLM-Run-TOSDCR - c:\program files (x86)\TOSHIBA\PasswordUtility\TOSDCR.exe

Wow6432Node-HKLM-Run-ATLauncher - c:\program files\McAfee\MSC\OOBE\ATLauncher.exe

Wow6432Node-HKLM-Run-<NO NAME> - (no file)

Toolbar-Locked - (no file)

HKLM-Run-TCrdMain - c:\program files (x86)\TOSHIBA\Hotkey\TCrdMain_Win8.exe

HKLM-Run-TOSDCR - c:\program files (x86)\TOSHIBA\PasswordUtility\TOSDCR.exe

HKLM-Run-TosWaitSrv - c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe

HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe

HKLM-Run-Ocs_SM - c:\users\Seb\AppData\Roaming\OCS\SM\SearchAnonymizer.exe

.

.

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_USERS\S-1-5-21-737478861-1433762466-2432789249-1001CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\SecuROM\License information*]

"datasecu"=hex:bd,92,f8,f8,a6,c9,fd,7f,a1,a8,99,9a,ba,1a,63,ee,21,9b,db,fd,35,

   61,a8,e8,50,75,90,ea,37,e5,f8,e4,a5,7f,65,62,43,3c,e4,95,64,d1,11,14,2e,eb,\

"rkeysecu"=hex:cc,75,1f,5e,5e,d7,f3,3a,00,8f,33,7f,62,1a,ba,ac

.

[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]

"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

@SACL=(02 0000)

.

Zeit der Fertigstellung: 2014-01-17  19:55:01

ComboFix-quarantined-files.txt  2014-01-17 18:55

.

Vor Suchlauf: 13 Verzeichnis(se), 91.570.094.080 Bytes frei

Nach Suchlauf: 17 Verzeichnis(se), 91.732.393.984 Bytes frei

.

- - End Of File - - 6EBC2CD7393B8F2EA372CF6E80FE19FD

Wichtiges Update! Habe gerade versucht einige Daten auf einen anderen USB Stick zu sichern! Ergebnis ist, dass da jetzt auch nur noch Verknüpfungen drauf sind. Die Verknüpfungen verweisen auf: C:\windows\system32\cmd.exe /c start jSugLyCC.vbs&start vestill001_pdf.pdf&exit

Dazu muss man wissen, dass vestill001_pdf.pdf der eigentliche Dateiname ist.

Jetzt weiß ich auch, dass mein System in irgendeiner Form verseucht ist. Wie sollen wir jetzt weiter vorgehen? Und was heißt das?

Alle Sticks dran machen, nix mehr abmachen, nix mehr kopieren!

Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

und ein frisches FRST log bitte.

Hey Schrauber,

danke für die schnelle Antwort :) Ich muss dazu sagen, dass ein Stick 2 Partitionen hat. Die betroffene Partition habe ich formatiert. Den ersten Stick habe ich auch gestern bereits formatiert. Mich wundert, dass Malwarebytes nichts findet!

Code:

Malwarebytes Anti-Malware 1.75.0.1300

www.malwarebytes.org
 

Datenbank Version: v2014.01.17.09
 

Windows 8 x64 NTFS

Internet Explorer 10.0.9200.16750

Seb :: SEBASTIAN [Administrator]
 

18.01.2014 11:21:15

mbam-log-2014-01-18 (11-21-15).txt
 

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|G:\|)

Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM

Deaktivierte Suchlaufeinstellungen: P2P

Durchsuchte Objekte: 487891

Laufzeit: 24 Minute(n), 17 Sekunde(n)
 

Infizierte Speicherprozesse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungswerte: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateiobjekte der Registrierung: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien: 0

(Keine bösartigen Objekte gefunden)
 

(Ende)

Code:

# AdwCleaner v3.017 - Bericht erstellt am 18/01/2014 um 11:50:02

# Aktualisiert 12/01/2014 von Xplode

# Betriebssystem : Windows 8  (64 bits)

# Benutzername : Seb - SEBASTIAN

# Gestartet von : C:\Users\Seb\Downloads\adwcleaner_3.017.exe

# Option : Löschen
 

***** [ Dienste ] *****
 
 

***** [ Dateien / Ordner ] *****
 
 

***** [ Verknüpfungen ] *****
 
 

***** [ Registrierungsdatenbank ] *****
 
 

***** [ Browser ] *****
 

-\\ Internet Explorer v10.0.9200.16537
 
 

-\\ Mozilla Firefox v26.0 (de)
 

[ Datei : C:\Users\Seb\AppData\Roaming\Mozilla\Firefox\Profiles\2xnekie7.default\prefs.js ]
 
 

*************************
 

AdwCleaner[R0].txt - [7924 octets] - [27/10/2013 22:53:06]

AdwCleaner[R1].txt - [888 octets] - [27/10/2013 22:56:15]

AdwCleaner[R2].txt - [952 octets] - [06/12/2013 02:38:57]

AdwCleaner[R3].txt - [2685 octets] - [16/12/2013 01:23:04]

AdwCleaner[R4].txt - [1198 octets] - [18/01/2014 11:48:52]

AdwCleaner[S0].txt - [7884 octets] - [27/10/2013 22:54:12]

AdwCleaner[S1].txt - [1012 octets] - [06/12/2013 02:42:04]

AdwCleaner[S2].txt - [2560 octets] - [16/12/2013 01:24:51]

AdwCleaner[S3].txt - [1120 octets] - [18/01/2014 11:50:02]
 

########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [1180 octets] ##########

Code:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.1.0 (01.07.2014:1)

OS: Windows 8 x64

Ran by Seb on 18.01.2014 at 11:54:08,83

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 

~~~ Services
 
 
 

~~~ Registry Values
 
 
 

~~~ Registry Keys
 

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9
 
 
 

~~~ Files
 
 
 

~~~ Folders
 
 
 

~~~ FireFox
 

Emptied folder: C:\Users\Seb\AppData\Roaming\mozilla\firefox\profiles\2xnekie7.default\minidumps [5 files]
 
 
 

~~~ Event Viewer Logs were cleared
 
 
 
 
 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on 18.01.2014 at 11:57:32,97

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-01-2014 03

Ran by Seb (administrator) on SEBASTIAN on 18-01-2014 12:00:00

Running from C:\Users\Seb\Downloads

Windows 8 (X64) OS Language: German Standard

Internet Explorer Version 10

Boot Mode: Normal
 
 
 

==================== Processes (Whitelisted) =================
 

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

(Microsoft Corporation) C:\Windows\System32\wlanext.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

() C:\Program Files\TOSHIBA\LANDriver\TNSSVC.exe

(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe

(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe

(Microsoft Corporation) C:\Windows\System32\dasHost.exe

(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe

(Intel Corporation) C:\Windows\SysWOW64\irstrtsv.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe

(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe

(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe

() C:\Program Files (x86)\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe

(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe

(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe

(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

(SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe

(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\System Setting\TSleepSrv.exe

() C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe

(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoResident.exe

() C:\Program Files\TOSHIBA\Hotkey\Hotkey\TCrdKBB.exe

(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

(Intel Corporation) C:\Windows\System32\igfxtray.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

(Spotify Ltd) C:\Users\Seb\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe

(Microsoft Corporation) C:\Windows\System32\wscript.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe

(Intel Corporation) C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe

(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe

(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin

(Microsoft Corporation) C:\Program Files\Windows NT\Accessories\wordpad.exe

(Software 2000 Limited) C:\Windows\System32\spool\drivers\x64\3\HP1006MC.EXE

(Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe

(Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe

(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe

(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe

(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe

(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe

(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe

(Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\Toshiba.Tempro.UI.CommonNotifier.exe

(Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe

(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
 
 

==================== Registry (Whitelisted) ==================
 

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13197456 2012-09-28] (Realtek Semiconductor)

HKLM\...\Run: [SRS Premium Sound 3D] - C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe [2170784 2012-07-27] (SRS Labs, Inc.)

HKLM\...\Run: [TSleepSrv] - C:\Program Files (x86)\TOSHIBA\System Setting\TSleepSrv.exe [1548952 2012-08-05] (TOSHIBA Corporation)

HKLM\...\Run: [TODDMain] - C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe [213136 2012-08-05] ()

HKLM\...\Run: [TCrdMain] - C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2609064 2012-08-30] ()

HKLM\...\Run: [TOSDCR] - C:\Program Files\TOSHIBA\PasswordUtility\TOSDCR.exe [169296 2007-08-28] ()

HKLM\...\Run: [TecoResident] - C:\Program Files\TOSHIBA\Teco\TecoResident.exe [169896 2012-08-14] (TOSHIBA Corporation)

HKLM\...\Run: [TosWaitSrv] - C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [356776 2012-07-11] (TOSHIBA Corporation)

HKLM\...\Run: [Acronis Scheduler2 Service] - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [140568 2007-08-31] (Acronis)

HKLM\...\Run: [Zune Launcher] - C:\Program Files\Zune\ZuneLauncher.exe [163552 2011-08-05] (Microsoft Corporation)

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2916152 2012-08-16] (Synaptics Incorporated)

HKLM\...\Run: [Ocs_SM] - C:\Users\Seb\AppData\Roaming\OCS\SM\SearchAnonymizer.exe

HKLM-x32\...\Run: [Intel AppUp(SM) center] - C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-08-01] (Intel Corporation)

HKLM-x32\...\Run: [TrueImageMonitor.exe] - C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [2622232 2007-08-31] (Acronis)

HKLM-x32\...\Run: [AcronisTimounterMonitor] - C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe [907040 2007-08-31] (Acronis)

HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)

HKLM-x32\...\Run: [] - [x]

HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [684600 2013-12-12] (Avira Operations GmbH & Co. KG)

HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-10-23] (Apple Inc.)

HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)

HKLM-x32\...\Run: [LogMeIn Hamachi Ui] - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3806544 2013-11-29] (LogMeIn Inc.)

Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

HKCU\...\Run: [Spotify Web Helper] - C:\Users\Seb\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171968 2014-01-13] (Spotify Ltd)

HKCU\...\Run: [Spotify] - C:\Users\Seb\AppData\Roaming\Spotify\spotify.exe [6118400 2014-01-13] (Spotify Ltd)

HKCU\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3673728 2012-11-06] (DT Soft Ltd)

HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [18642024 2013-02-28] (Skype Technologies S.A.)

HKCU\...\Run: [jSugLyCC] - C:\Users\Seb\AppData\Local\Temp\jSugLyCC.vbs [137593 2013-10-11] () <===== ATTENTION

Lsa: [Authentication Packages] msv1_0 relog_ap

Startup: C:\Users\Seb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\jSugLyCC.vbs ()

Startup: C:\Users\Seb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk

ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
 

==================== Internet (Whitelisted) ====================
 

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe

SearchScopes: HKLM - DefaultScope {09A69234-BD08-4395-99EF-968D786EBEF5} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MATMJS

SearchScopes: HKLM - {09A69234-BD08-4395-99EF-968D786EBEF5} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MATMJS

SearchScopes: HKLM-x32 - {09A69234-BD08-4395-99EF-968D786EBEF5} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MATMJS

SearchScopes: HKCU - {09A69234-BD08-4395-99EF-968D786EBEF5} URL = 

SearchScopes: HKCU - {0D0A5AAB-0496-4E6D-A8B4-23E3C7F2BE76} URL = hxxp://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=482246c3-5a70-4c9b-a7f3-e95a31257b7e&pid=winsoftware&mode=bounce&k=0

SearchScopes: HKCU - {11A60F73-1755-4F6F-ADCE-055B281B28EF} URL = hxxp://de.wikipedia.org.anonymize-me.de/?to=64652E77696B6970656469612E6F7267&st={searchTerms}&clid=482246c3-5a70-4c9b-a7f3-e95a31257b7e&pid=winsoftware&mode=bounce&k=0

SearchScopes: HKCU - {6D21CB17-F094-4684-91C8-E11FF35FBC07} URL = hxxp://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=482246c3-5a70-4c9b-a7f3-e95a31257b7e&pid=winsoftware&mode=bounce&k=0

SearchScopes: HKCU - {A6E5E866-A470-4A80-AF5C-B1804687A57D} URL = hxxp://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=482246c3-5a70-4c9b-a7f3-e95a31257b7e&pid=winsoftware&mode=bounce&k=0

SearchScopes: HKCU - {C5C3BA41-2C8B-4EED-BC30-51719505E02B} URL = hxxp://search.ebay.de.anonymize-me.de/?to=656261792E6465&st={searchTerms}&clid=482246c3-5a70-4c9b-a7f3-e95a31257b7e&pid=winsoftware&mode=bounce&k=0

SearchScopes: HKCU - {D972F157-658E-4511-8466-9F666F06C8A4} URL = hxxp://www.amazon.de.anonymize-me.de/?to=616D617A6F6E2E6465&st={searchTerms}&clid=482246c3-5a70-4c9b-a7f3-e95a31257b7e&pid=winsoftware&mode=bounce&k=0

BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)

BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

DPF: HKLM-x32 {538793D5-659C-4639-A56C-A179AD87ED44} https://vpngate.uni-koeln.de/CACHE/stc/3/binaries/vpnweb.cab

Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
 

FireFox:

========

FF ProfilePath: C:\Users\Seb\AppData\Roaming\Mozilla\Firefox\Profiles\2xnekie7.default

FF SearchEngineOrder.1: Ask.com

FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()

FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()

FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\windows\SysWOW64\Adobe\Director\np32dsw_1207148.dll (Adobe Systems, Inc.)

FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)

FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)

FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin-x32: @Nero.com/KM - C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)

FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()

FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF SearchPlugin: C:\Users\Seb\AppData\Roaming\Mozilla\Firefox\Profiles\2xnekie7.default\searchplugins\youtube-videosuche.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml

FF Extension: Preispilot - C:\Users\Seb\AppData\Roaming\Mozilla\Firefox\Profiles\2xnekie7.default\Extensions\extension@preispilot.com.xpi [2013-12-16]

FF Extension: Adblock Plus - C:\Users\Seb\AppData\Roaming\Mozilla\Firefox\Profiles\2xnekie7.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-09-27]

FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK

FF HKCU\...\Firefox\Extensions: [extension@preispilot.com] - C:\Users\Seb\AppData\Roaming\Mozilla\Firefox\Profiles\2xnekie7.default\extensions\extension@preispilot.com
 

==================== Services (Whitelisted) =================
 

U2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376 2013-12-12] (Avira Operations GmbH & Co. KG)

U2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376 2013-11-14] (Avira Operations GmbH & Co. KG)

U2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1011768 2013-12-12] (Avira Operations GmbH & Co. KG)

U2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)

U2 irstrtsv; C:\windows\SysWOW64\irstrtsv.exe [193576 2012-07-20] (Intel Corporation)

U2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)

U2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [377104 2013-10-11] (LogMeIn, Inc.)

U3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [288776 2013-09-06] (McAfee, Inc.)

U3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-08-28] ()

U2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [201360 2012-08-31] (Realtek Semiconductor)

U3 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [116088 2013-07-18] (Toshiba Europe GmbH)

U2 TNSSVC; C:\Program Files\Toshiba\LANDriver\TNSSVC.exe [40944 2012-09-07] ()

U2 TryAndDecideService; C:\Program Files (x86)\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe [498872 2007-08-31] ()

U3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-07-02] (Microsoft Corporation)

U2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3378416 2013-08-28] (Intel® Corporation)

U2 McOobeSv2; "C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe" /McCoreSvc [x]

U2 McSchedulerSvc; "C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe" /McCoreSvc [x]
 

==================== Drivers (Whitelisted) ====================
 

U2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-12] (Avira Operations GmbH & Co. KG)

U1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [131576 2013-12-12] (Avira Operations GmbH & Co. KG)

U1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2013-11-14] (Avira Operations GmbH & Co. KG)

U3 CVPNDRVA; C:\windows\system32\Drivers\CVPNDRVA.sys [306536 2011-03-04] ()

U1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283200 2013-03-30] (DT Soft Ltd)

U3 e1cexpress; C:\Windows\system32\DRIVERS\e1c63x64.sys [452432 2012-08-10] (Intel Corporation)

U3 hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [46136 2013-11-29] (LogMeIn Inc.)

U3 irstrtdv; C:\Windows\System32\drivers\irstrtdv.sys [43800 2012-07-20] (Intel Corporation)

U3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3345376 2013-10-08] (Intel Corporation)

U3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [28632 2012-07-31] (Windows (R) Win 7 DDK provider)

U3 XHCIPort; C:\Windows\System32\drivers\XHCIPort.sys [188384 2012-08-10] (Windows (R) Win 7 DDK provider)

U5 AppMgmt; C:\Windows\system32\svchost.exe [29696 2012-09-20] (Microsoft Corporation)

U3 catchme; \??\C:\ComboFix\catchme.sys [x]

U3 vpnva; \SystemRoot\system32\DRIVERS\vpnva64-6.sys [x]
 

==================== NetSvcs (Whitelisted) ===================
 
 

==================== One Month Created Files and Folders ========
 

2014-01-18 11:59 - 2014-01-18 11:59 - 00000000 ____D C:\Users\Seb\Downloads\FRST-OlderVersion

2014-01-18 11:57 - 2014-01-18 11:57 - 00000867 _____ C:\Users\Seb\Desktop\JRT.txt

2014-01-18 11:53 - 2014-01-18 11:53 - 01037068 _____ (Thisisu) C:\Users\Seb\Downloads\JRT(1).exe

2014-01-18 11:47 - 2014-01-18 11:47 - 01236282 _____ C:\Users\Seb\Downloads\adwcleaner_3.017.exe

2014-01-18 11:17 - 2014-01-18 11:18 - 00000085 _____ C:\windows\wininit.ini

2014-01-18 11:13 - 2014-01-18 11:13 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Seb\Downloads\mbam-setup-1.75.0.1300(1).exe

2014-01-18 03:33 - 2014-01-18 11:18 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2

2014-01-18 03:33 - 2014-01-18 11:17 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy

2014-01-18 03:33 - 2014-01-18 03:33 - 00000000 ____D C:\windows\System32\Tasks\Safer-Networking

2014-01-18 03:32 - 2014-01-18 03:32 - 40658208 _____ (Safer-Networking Ltd.                                       ) C:\Users\Seb\Downloads\spybot-2.2.25.exe

2014-01-18 03:27 - 2014-01-18 03:28 - 01273071 _____ C:\Users\Seb\Downloads\tc6_install.exe

2014-01-17 20:08 - 2014-01-17 20:08 - 00018926 _____ C:\Users\Seb\Desktop\Combo Fix Scan.txt

2014-01-17 20:07 - 2014-01-17 20:07 - 00000000 ___SD C:\ComboFix

2014-01-17 20:06 - 2014-01-17 20:05 - 05167985 ____R (Swearware) C:\Users\Seb\Desktop\ComboFix.exe

2014-01-17 20:05 - 2014-01-17 20:05 - 05167985 _____ (Swearware) C:\Users\Seb\Downloads\ComboFix(1).exe

2014-01-15 22:38 - 2014-01-15 22:43 - 00000000 ____D C:\Users\Seb\Documents\Bewerbung Ebner Stolz

2014-01-15 15:48 - 2013-12-07 07:37 - 00688640 _____ (Microsoft Corporation) C:\windows\system32\WSShared.dll

2014-01-15 15:48 - 2013-12-07 07:37 - 00163840 _____ (Microsoft Corporation) C:\windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll

2014-01-15 15:48 - 2013-12-07 06:15 - 00562688 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSShared.dll

2014-01-15 15:48 - 2013-12-07 06:15 - 00124928 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll

2014-01-15 15:48 - 2013-10-31 06:56 - 00915968 _____ (Microsoft Corporation) C:\windows\system32\MPSSVC.dll

2014-01-15 15:48 - 2013-10-31 06:56 - 00758784 _____ (Microsoft Corporation) C:\windows\system32\FirewallAPI.dll

2014-01-15 15:48 - 2013-10-31 05:01 - 00550400 _____ (Microsoft Corporation) C:\windows\SysWOW64\FirewallAPI.dll

2014-01-15 15:48 - 2013-10-31 04:42 - 00074752 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mpsdrv.sys

2014-01-15 15:48 - 2013-10-28 06:50 - 00588288 _____ (Microsoft Corporation) C:\windows\system32\SHCore.dll

2014-01-15 15:48 - 2013-10-28 05:05 - 00452608 _____ (Microsoft Corporation) C:\windows\SysWOW64\SHCore.dll

2014-01-15 15:48 - 2013-10-13 21:49 - 00100696 _____ (Microsoft Corporation) C:\windows\system32\Drivers\disk.sys

2014-01-15 15:48 - 2013-08-27 06:21 - 00227840 _____ (Microsoft Corporation) C:\windows\system32\WebClnt.dll

2014-01-15 15:48 - 2013-08-27 06:19 - 00104448 _____ (Microsoft Corporation) C:\windows\system32\davclnt.dll

2014-01-15 15:48 - 2013-08-26 23:29 - 00199168 _____ (Microsoft Corporation) C:\windows\SysWOW64\WebClnt.dll

2014-01-15 15:48 - 2013-08-26 23:28 - 00086016 _____ (Microsoft Corporation) C:\windows\SysWOW64\davclnt.dll

2014-01-15 14:53 - 2014-01-15 14:53 - 00005402 _____ C:\windows\SysWOW64\jupdate-1.7.0_51-b13.log

2014-01-12 18:50 - 2014-01-12 20:00 - 00000000 ____D C:\Users\Seb\Documents\Hannah Arendt

2014-01-10 22:57 - 2014-01-10 22:57 - 00000000 ____D C:\Users\Seb\Desktop\Ivan Musik

2014-01-04 22:37 - 2014-01-04 22:37 - 00000000 ____D C:\windows\SysWOW64\Adobe

2013-12-23 18:48 - 2013-12-23 18:49 - 00000000 ___DC C:\Users\Seb\AppData\Local\MigWiz

2013-12-21 19:43 - 2013-12-21 19:43 - 00002064 _____ C:\Users\Public\Desktop\Counter-Strike 1.6 DigitalZone.lnk

2013-12-21 19:43 - 2013-12-21 19:43 - 00002035 _____ C:\Users\Public\Desktop\Half-Life DigitalZone.lnk

2013-12-21 19:42 - 2013-12-21 19:43 - 00000000 ____D C:\Program Files (x86)\Counter-Strike 1.6 V40

2013-12-20 01:24 - 2013-12-20 01:25 - 00000000 ____D C:\Users\Seb\Documents\Internationales Steuerrecht

2013-12-19 21:44 - 2013-12-19 21:44 - 00001648 _____ C:\Users\Public\Desktop\Empire Earth.lnk

2013-12-19 20:54 - 2013-12-19 20:54 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi
 

==================== One Month Modified Files and Folders =======
 

2014-01-18 12:00 - 2013-12-06 15:33 - 00019428 _____ C:\Users\Seb\Downloads\FRST.txt

2014-01-18 12:00 - 2012-07-26 09:12 - 00000000 ____D C:\windows\system32\sru

2014-01-18 11:59 - 2014-01-18 11:59 - 00000000 ____D C:\Users\Seb\Downloads\FRST-OlderVersion

2014-01-18 11:59 - 2013-12-06 15:32 - 00000000 ____D C:\FRST

2014-01-18 11:59 - 2013-12-06 15:31 - 02076160 _____ (Farbar) C:\Users\Seb\Downloads\FRST64.exe

2014-01-18 11:57 - 2014-01-18 11:57 - 00000867 _____ C:\Users\Seb\Desktop\JRT.txt

2014-01-18 11:57 - 2012-08-01 17:38 - 00753134 _____ C:\windows\system32\perfh007.dat

2014-01-18 11:57 - 2012-08-01 17:38 - 00155826 _____ C:\windows\system32\perfc007.dat

2014-01-18 11:57 - 2012-07-26 08:28 - 01745416 _____ C:\windows\system32\PerfStringBackup.INI

2014-01-18 11:53 - 2014-01-18 11:53 - 01037068 _____ (Thisisu) C:\Users\Seb\Downloads\JRT(1).exe

2014-01-18 11:51 - 2013-03-16 16:53 - 00000884 _____ C:\windows\Tasks\Adobe Flash Player Updater.job

2014-01-18 11:50 - 2013-10-27 22:52 - 00000000 ____D C:\AdwCleaner

2014-01-18 11:50 - 2013-07-03 17:03 - 00001120 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-01-18 11:50 - 2012-07-26 08:22 - 00000006 ____H C:\windows\Tasks\SA.DAT

2014-01-18 11:47 - 2014-01-18 11:47 - 01236282 _____ C:\Users\Seb\Downloads\adwcleaner_3.017.exe

2014-01-18 11:25 - 2013-07-03 17:03 - 00001124 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-01-18 11:18 - 2014-01-18 11:17 - 00000085 _____ C:\windows\wininit.ini

2014-01-18 11:18 - 2014-01-18 03:33 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2

2014-01-18 11:18 - 2013-03-17 05:11 - 01395317 _____ C:\windows\WindowsUpdate.log

2014-01-18 11:18 - 2012-11-09 08:11 - 00131576 _____ C:\windows\PFRO.log

2014-01-18 11:18 - 2012-07-26 06:26 - 00262144 ___SH C:\windows\system32\config\BBI

2014-01-18 11:17 - 2014-01-18 03:33 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy

2014-01-18 11:16 - 2013-03-16 12:17 - 00003596 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-737478861-1433762466-2432789249-1001

2014-01-18 11:13 - 2014-01-18 11:13 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Seb\Downloads\mbam-setup-1.75.0.1300(1).exe

2014-01-18 03:33 - 2014-01-18 03:33 - 00000000 ____D C:\windows\System32\Tasks\Safer-Networking

2014-01-18 03:32 - 2014-01-18 03:32 - 40658208 _____ (Safer-Networking Ltd.                                       ) C:\Users\Seb\Downloads\spybot-2.2.25.exe

2014-01-18 03:28 - 2014-01-18 03:27 - 01273071 _____ C:\Users\Seb\Downloads\tc6_install.exe

2014-01-17 20:54 - 2013-09-05 10:06 - 00000000 ____D C:\Users\Seb\Documents\MASTERARBEIT

2014-01-17 20:10 - 2012-07-26 09:12 - 00000000 ____D C:\windows\WinStore

2014-01-17 20:10 - 2012-07-26 09:12 - 00000000 ____D C:\windows\system32\NDF

2014-01-17 20:08 - 2014-01-17 20:08 - 00018926 _____ C:\Users\Seb\Desktop\Combo Fix Scan.txt

2014-01-17 20:07 - 2014-01-17 20:07 - 00000000 ___SD C:\ComboFix

2014-01-17 20:07 - 2013-12-06 00:13 - 00000000 ____D C:\Qoobox

2014-01-17 20:05 - 2014-01-17 20:06 - 05167985 ____R (Swearware) C:\Users\Seb\Desktop\ComboFix.exe

2014-01-17 20:05 - 2014-01-17 20:05 - 05167985 _____ (Swearware) C:\Users\Seb\Downloads\ComboFix(1).exe

2014-01-17 19:55 - 2012-07-26 06:37 - 00000000 __RHD C:\Users\Default

2014-01-17 19:53 - 2013-12-06 00:12 - 00000000 ____D C:\windows\erdnt

2014-01-17 19:53 - 2012-07-26 06:26 - 00000215 _____ C:\windows\system.ini

2014-01-17 19:46 - 2013-12-06 00:12 - 05167985 ____R (Swearware) C:\Users\Seb\Downloads\ComboFix.exe

2014-01-17 15:44 - 2013-03-17 05:11 - 00000000 ___RD C:\Users\Seb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

2014-01-17 13:17 - 2013-03-16 17:24 - 00000000 ____D C:\Users\Seb\AppData\Roaming\Spotify

2014-01-16 02:45 - 2013-03-16 13:01 - 00000000 ____D C:\Users\Seb\Documents\Seminararbeit

2014-01-15 23:56 - 2013-07-15 20:37 - 00000000 ____D C:\windows\system32\MRT

2014-01-15 23:54 - 2013-03-18 22:28 - 86054176 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe

2014-01-15 22:43 - 2014-01-15 22:38 - 00000000 ____D C:\Users\Seb\Documents\Bewerbung Ebner Stolz

2014-01-15 21:43 - 2013-09-07 13:54 - 00000000 ____D C:\Users\Seb\Documents\KKH Allianz

2014-01-15 14:53 - 2014-01-15 14:53 - 00005402 _____ C:\windows\SysWOW64\jupdate-1.7.0_51-b13.log

2014-01-15 14:53 - 2013-11-23 16:04 - 00000000 ____D C:\ProgramData\Oracle

2014-01-15 14:53 - 2013-11-23 16:04 - 00000000 ____D C:\Program Files (x86)\Java

2014-01-14 22:21 - 2013-03-16 17:24 - 00000000 ____D C:\Users\Seb\AppData\Local\Spotify

2014-01-14 15:10 - 2013-03-21 23:39 - 00000000 ____D C:\ProgramData\Microsoft Help

2014-01-12 20:00 - 2014-01-12 18:50 - 00000000 ____D C:\Users\Seb\Documents\Hannah Arendt

2014-01-10 22:57 - 2014-01-10 22:57 - 00000000 ____D C:\Users\Seb\Desktop\Ivan Musik

2014-01-10 17:38 - 2012-07-26 09:12 - 00000000 ____D C:\windows\AUInstallAgent

2014-01-09 09:02 - 2013-12-12 23:48 - 00694240 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe

2014-01-09 09:02 - 2013-12-12 23:48 - 00078296 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl

2014-01-04 22:37 - 2014-01-04 22:37 - 00000000 ____D C:\windows\SysWOW64\Adobe

2013-12-27 14:13 - 2013-03-16 12:27 - 00000000 ____D C:\Users\Seb\Documents\Bachelor Arbeit

2013-12-23 18:49 - 2013-12-23 18:48 - 00000000 ___DC C:\Users\Seb\AppData\Local\MigWiz

2013-12-21 19:43 - 2013-12-21 19:43 - 00002064 _____ C:\Users\Public\Desktop\Counter-Strike 1.6 DigitalZone.lnk

2013-12-21 19:43 - 2013-12-21 19:43 - 00002035 _____ C:\Users\Public\Desktop\Half-Life DigitalZone.lnk

2013-12-21 19:43 - 2013-12-21 19:42 - 00000000 ____D C:\Program Files (x86)\Counter-Strike 1.6 V40

2013-12-21 19:29 - 2013-03-31 13:48 - 00000000 ____D C:\Users\Seb\Desktop\Spiele

2013-12-20 20:18 - 2013-03-30 21:03 - 00000000 ____D C:\Users\Seb\Documents\Command and Conquer Generals Data

2013-12-20 01:25 - 2013-12-20 01:24 - 00000000 ____D C:\Users\Seb\Documents\Internationales Steuerrecht

2013-12-19 21:47 - 2013-03-16 21:54 - 00021840 ____T C:\windows\SysWOW64\SIntfNT.dll

2013-12-19 21:47 - 2013-03-16 21:54 - 00017212 ____T C:\windows\SysWOW64\SIntf32.dll

2013-12-19 21:47 - 2013-03-16 21:54 - 00012067 ____T C:\windows\SysWOW64\SIntf16.dll

2013-12-19 21:44 - 2013-12-19 21:44 - 00001648 _____ C:\Users\Public\Desktop\Empire Earth.lnk

2013-12-19 21:44 - 2013-03-16 21:52 - 00026392 _____ C:\windows\Directx.log

2013-12-19 21:44 - 2013-03-16 21:48 - 00000224 _____ C:\windows\SIERRA.INI

2013-12-19 21:44 - 2012-11-08 23:50 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information

2013-12-19 20:55 - 2013-03-16 22:56 - 00000000 ____D C:\Users\Seb\AppData\Local\LogMeIn Hamachi

2013-12-19 20:54 - 2013-12-19 20:54 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi

2013-12-19 20:53 - 2013-01-15 01:41 - 00000000 ____D C:\Program Files\Common Files\Intel

2013-12-19 01:36 - 2013-12-02 02:54 - 00010622 _____ C:\Users\Seb\Downloads\Pokemon Gold (D)7.sgm

2013-12-19 01:36 - 2013-11-26 22:56 - 00032812 _____ C:\Users\Seb\Downloads\Pokemon Gold (D).sav
 

Files to move or delete:

====================

C:\Users\Seb\AppData\Local\Temp\jSugLyCC.vbs
 
 

Some content of TEMP:

====================

C:\Users\Seb\AppData\Local\Temp\avgnt.exe

C:\Users\Seb\AppData\Local\Temp\Quarantine.exe
 
 

==================== Bamital & volsnap Check =================
 

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\rpcss.dll => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 

LastRegBack: 2014-01-17 12:57
 

==================== End Of Log ============================

--- --- ---

Code:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-01-2014 03

Ran by Seb at 2014-01-18 12:00:20

Running from C:\Users\Seb\Downloads

Boot Mode: Normal

==========================================================
 
 

==================== Security Center ========================
 

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AV: Avira Desktop (Disabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}

AS: Avira Desktop (Disabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 

==================== Installed Programs ======================
 

Acronis*True*Image*Home (x32 Version: 11.0.8010 - Acronis)

Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.170 - Adobe Systems Incorporated)

Adobe Reader XI (11.0.06) - Deutsch (x32 Version: 11.0.06 - Adobe Systems Incorporated)

Adobe Shockwave Player 12.0 (x32 Version: 12.0.7.148 - Adobe Systems, Inc.)

Aloha TriPeaks (x32 Version: 2.2.0.98 - WildTangent) Hidden

ANNO 1503 (x32 Version:  - )

Apple Application Support (x32 Version: 2.3.6 - Apple Inc.)

Apple Mobile Device Support (Version: 7.0.0.117 - Apple Inc.)

Apple Software Update (x32 Version: 2.1.3.127 - Apple Inc.)

Avira Free Antivirus (x32 Version: 14.0.2.286 - Avira)

Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden

Bitcoin (HKCU Version: 0.8.5 - Bitcoin project)

Bonjour (Version: 3.0.0.10 - Apple Inc.)

Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden

Cisco Systems VPN Client 5.0.07.0440 (Version: 5.0.7 - Cisco Systems, Inc.)

Command & Conquer Generals (x32 Version: 0.50.0000 - Electronic Arts)

Command & Conquer Generals (x32 Version: 0.50.0000 - Electronic Arts) Hidden

Counter-Strike 1.6 V40 (x32 Version:  - )

Counter-Strike Source 1.9.1 (x32 Version:  - Valve Corporation)

DAEMON Tools Lite (x32 Version: 4.46.1.0327 - DT Soft Ltd)

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32 Version:  - Microsoft)

doPDF 7.3 printer (Version:  - Softland)

Empire Earth (x32 Version:  - )

Empress of the Deep - The Darkest Secret (x32 Version: 2.2.0.98 - WildTangent) Hidden

Free PDF to Word Doc Converter v1.1 (x32 Version: 1.1 - www.hellopdf.com)

Free YouTube to MP3 Converter version 3.12.0.128 (x32 Version: 3.12.0.128 - DVDVideoSoft Ltd.)

FUSSBALL MANAGER 09 (x32 Version:  - Electronic Arts)

Google Earth Plug-in (x32 Version: 7.1.2.2041 - Google)

Google Update Helper (x32 Version: 1.3.22.3 - Google Inc.) Hidden

Grand Theft Auto Vice City (x32 Version: 1.00.000 - )

HP LaserJet P1000 series (x32 Version:  - )

HPSSupply (x32 Version: 2.1.1.0000 - Ihr Firmenname)

Intel AppUp(SM) center (x32 Version: 3.6.1.33268.15 - Intel)

Intel(R) Management Engine Components (x32 Version: 8.1.0.1252 - Intel Corporation)

Intel(R) Network Connections Drivers (Version: 17.3 - Intel)

Intel(R) PRO/Wireless Driver (Version: 16.01.5000.0577 - Intel Corporation) Hidden

Intel(R) Processor Graphics (x32 Version: 9.17.10.3040 - Intel Corporation)

Intel(R) Rapid Start Technology (x32 Version: 2.1.0.1002 - Intel Corporation)

Intel(R) Rapid Storage Technology (x32 Version: 11.5.2.1001 - Intel Corporation)

Intel(R) SDK for OpenCL - CPU Only Runtime Package (x32 Version: 2.0.0.37149 - Intel Corporation)

Intel(R) WiDi (Version: 3.5.34.0 - Intel Corporation)

Intel® PROSet/Wireless Software (x32 Version: 16.1.5 - Intel Corporation)

Intel® PROSet/Wireless WiFi Software (Version: 16.01.5000.0269 - Intel Corporation) Hidden

Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden

Island Tribe (x32 Version: 2.2.0.98 - WildTangent) Hidden

iTunes (Version: 11.1.2.32 - Apple Inc.)

Java 7 Update 51 (x32 Version: 7.0.510 - Oracle)

Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden

Jewel Quest Solitaire 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden

LogMeIn Hamachi (x32 Version: 2.2.0.109 - LogMeIn, Inc.)

LogMeIn Hamachi (x32 Version: 2.2.0.109 - LogMeIn, Inc.) Hidden

Magic Academy (x32 Version: 2.2.0.98 - WildTangent) Hidden

Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300 - Malwarebytes Corporation)

McAfee Security Scan Plus (Version: 3.8.130.10 - McAfee, Inc.)

Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden

Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Home and Student 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation)

Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Single Image 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation)

Mozilla Firefox 26.0 (x86 de) (x32 Version: 26.0 - Mozilla)

Mozilla Maintenance Service (x32 Version: 26.0 - Mozilla)

Mozilla Thunderbird 24.2.0 (x86 de) (x32 Version: 24.2.0 - Mozilla)

MrvlUsgTracking (x32 Version: 1.0.7 - Marvell)

MrvlUsgTracking64 (Version: 1.0.1 - Marvell Semiconductor Pvt Ltd)

Nero 12 Essentials Toshiba (x32 Version: 12.0.00600 - Nero AG)

Nero BackItUp (x32 Version: 12.0.3000 - Nero AG) Hidden

Nero BackItUp Help (CHM) (x32 Version: 12.0.3000 - Nero AG) Hidden

Nero Blu-ray Player (x32 Version: 12.0.17500 - Nero AG) Hidden

Nero Blu-ray Player Help (CHM) (x32 Version: 12.0.4000 - Nero AG) Hidden

Nero BurnRights (x32 Version: 12.0.5000 - Nero AG) Hidden

Nero BurnRights Help (CHM) (x32 Version: 12.0.5000 - Nero AG) Hidden

Nero ControlCenter (x32 Version: 11.0.15300 - Nero AG) Hidden

Nero ControlCenter Help (CHM) (x32 Version: 12.0.5000 - Nero AG) Hidden

Nero Core Components (x32 Version: 11.0.18200 - Nero AG) Hidden

Nero Express (x32 Version: 12.0.20000 - Nero AG) Hidden

Nero Express Help (CHM) (x32 Version: 12.0.5000 - Nero AG) Hidden

Nero Kwik Media (x32 Version: 1.18.18900 - Nero AG) Hidden

Nero Kwik Media Help (CHM) (x32 Version: 12.0.4000 - Nero AG) Hidden

Nero Kwik Themes Basic (x32 Version: 12.0.11500 - Nero AG) Hidden

Nero Launcher (x32 Version: 12.2.6000 - Nero AG) Hidden

Nero RescueAgent (x32 Version: 12.0.9000 - Nero AG) Hidden

Nero RescueAgent Help (CHM) (x32 Version: 12.0.3000 - Nero AG) Hidden

Nero SharedVideoCodecs (x32 Version: 1.0.12100.2.0 - Nero AG) Hidden

Nero Update (x32 Version: 11.0.11800.31.0 - Nero AG) Hidden

OpenOffice.org 3.4.1 (x32 Version: 3.41.9593 - Apache Software Foundation)

Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden

Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden

Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden

Preispilot für Firefox (x32 Version: 2.0 - Preispilot)

Prerequisite installer (x32 Version: 12.0.0002 - Nero AG) Hidden

Realtek High Definition Audio Driver (x32 Version: 6.0.1.6748 - Realtek Semiconductor Corp.)

RICOH Media Driver v2.22.17.01 (x32 Version: 2.22.17.01 - RICOH)

Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version:  - Microsoft) Hidden

Shared C Run-time for x64 (Version: 10.0.0 - McAfee)

Sid Meier's Civilization 4 (x32 Version: 1.61 - Firaxis Games) Hidden

Skype™ 6.3 (x32 Version: 6.3.105 - Skype Technologies S.A.)

Spotify (HKCU Version: 0.9.7.16.g4b197456 - Spotify AB)

SRS Premium Sound Control Panel (Version: 1.12.4600 - SRS Labs, Inc.)

swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden

Synaptics Pointing Device Driver (Version: 16.2.10.5 - Synaptics Incorporated)

TOSHIBA Desktop Assist (Version: 1.00.0007.00002 - Toshiba Corporation)

TOSHIBA eco Utility (Version: 2.0.0.6415 - Toshiba Corporation)

TOSHIBA Function Key (Version: 1.00.6625.6402 - Toshiba Corporation)

TOSHIBA Manuals (x32 Version: 10.10 - TOSHIBA)

TOSHIBA Password Utility (Version: 3.00.0002.64003 - Toshiba Corporation)

TOSHIBA PC Health Monitor (Version: 1.8.17.640104 - Toshiba Corporation)

TOSHIBA Recovery Media Creator (x32 Version: 2.2.1.54043006 - Toshiba Corporation)

TOSHIBA Resolution+ Plug-in for Windows Media Player (x32 Version: 1.2.2.00 - TOSHIBA Corporation)

TOSHIBA Service Station (Version: 2.4.6 - TOSHIBA)

TOSHIBA System Driver (x32 Version: 1.00.0012 - Toshiba Corporation)

TOSHIBA System Settings (x32 Version: 1.00.0002.32002 - Toshiba Corporation)

Toshiba TEMPRO (x32 Version: 4.5.0 - Toshiba Europe GmbH)

Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (x32 Version:  - Microsoft)

Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (x32 Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (x32 Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (x32 Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (x32 Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (x32 Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (x32 Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32 Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (x32 Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition (x32 Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (x32 Version:  - Microsoft)

Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition (x32 Version:  - Microsoft)

Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (x32 Version:  - Microsoft)

Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (x32 Version:  - Microsoft)

Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition (x32 Version:  - Microsoft)

Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden

Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.98 - WildTangent) Hidden

Welcome App (Start-up experience) (x32 Version: 12.0.14000 - Nero AG) Hidden

WildTangent Games (x32 Version: 1.0.3.0 - WildTangent)

WildTangent Games App (Toshiba Games) (x32 Version: 4.0.9.7 - WildTangent) Hidden

Windows Mobile Device Updater Component (Version: 04.08.2345.00 - Microsoft Corporation) Hidden

Windows-Treiberpaket - Silicon Laboratories (silabenm) Ports  (10/18/2013 6.6.1.0) (Version: 10/18/2013 6.6.1.0 - Silicon Laboratories)

Xfire (remove only) (x32 Version:  - )

Zune (Version: 04.08.2345.00 - Microsoft Corporation)

Zune (Version: 04.08.2345.00 - Microsoft Corporation) Hidden

Zune Language Pack (CHS) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden

Zune Language Pack (CHT) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden

Zune Language Pack (CSY) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden

Zune Language Pack (DAN) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden

Zune Language Pack (DEU) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden

Zune Language Pack (ELL) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden

Zune Language Pack (ESP) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden

Zune Language Pack (FIN) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden

Zune Language Pack (FRA) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden

Zune Language Pack (HUN) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden

Zune Language Pack (IND) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden

Zune Language Pack (ITA) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden

Zune Language Pack (JPN) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden

Zune Language Pack (KOR) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden

Zune Language Pack (MSL) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden

Zune Language Pack (NLD) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden

Zune Language Pack (NOR) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden

Zune Language Pack (PLK) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden

Zune Language Pack (PTB) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden

Zune Language Pack (PTG) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden

Zune Language Pack (RUS) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden

Zune Language Pack (SVE) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
 

==================== Restore Points  =========================
 

17-01-2014 18:42:40 Avira EU-Cleaner - 17.01.2014 19:42
 

==================== Hosts content: ==========================
 

2012-07-26 06:26 - 2014-01-17 19:53 - 00000027 ____A C:\windows\system32\Drivers\etc\hosts

127.0.0.1       localhost
 

==================== Scheduled Tasks (whitelisted) =============
 

Task: {14A6BD4C-A6E2-4F35-B652-641AEAE236B9} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [2012-08-23] (TOSHIBA Corporation)

Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask

Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList

Task: {25EFD721-B249-4586-928F-FEF77859D5E3} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-10] (Adobe Systems Incorporated)

Task: {481D3FF4-B738-4C1C-8353-C382A59F1880} - System32\Tasks\Microsoft\Windows\Setup\Windows Upgrade Notification Task => C:\windows\system32\NotificationUI.exe [2013-08-16] (Microsoft Corporation)

Task: {56646ECA-B8DF-412F-ABDA-99F992CF7BA2} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\system32\NotificationUI.exe [2013-08-16] (Microsoft Corporation)

Task: {74CA6B9C-6BB8-4DA6-85E0-3E0EA7BB6753} - \Scheduled Update for Ask Toolbar No Task File

Task: {89A3EF59-80D8-4277-AAA7-84286EE6F95E} - System32\Tasks\Toshiba\CommonNotifier => C:\Program Files (x86)\Toshiba TEMPRO\Toshiba.Tempro.UI.CommonNotifier.exe [2013-07-18] (Toshiba Europe GmbH)

Task: {9A17AAAE-86BA-4B7A-806C-086C4AAA3365} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-03] (Google Inc.)

Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing

Task: {C406893B-1034-4290-8512-5AAAE1476259} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-03] (Google Inc.)

Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState

Task: {E6DF1243-744B-4D1A-8467-47FB61413B1C} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)

Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask

Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 

==================== Loaded Modules (whitelisted) =============
 

2012-07-19 03:38 - 2012-07-19 03:38 - 00049064 _____ () C:\Program Files\TOSHIBA\Hotkey\Hotkey\FnZ.dll

2012-07-19 03:38 - 2012-07-19 03:38 - 00020904 _____ () C:\Program Files\TOSHIBA\Hotkey\SmoothView.dll

2010-03-03 23:15 - 2010-03-03 23:15 - 00019256 _____ () C:\Program Files\TOSHIBA\Hotkey\Hotkey\FnF10.dll

2010-03-03 23:15 - 2010-03-03 23:15 - 00019256 _____ () C:\Program Files\TOSHIBA\Hotkey\Hotkey\FnF11.dll

2012-08-14 04:13 - 2012-08-14 04:13 - 00018344 _____ () C:\Program Files\TOSHIBA\Teco\TecoMUI.dll

2012-08-06 06:36 - 2012-08-06 06:36 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll

2013-03-16 23:49 - 2012-12-18 09:31 - 00397704 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll

2013-01-28 13:08 - 2013-01-28 13:08 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

2013-01-28 13:08 - 2013-01-28 13:08 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

2011-03-04 12:49 - 2011-03-04 12:49 - 00202752 _____ () C:\Program Files (x86)\Cisco Systems\VPN Client\vpnapi.dll

2012-11-08 23:57 - 2012-08-01 23:01 - 00891392 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\QtNetwork4.dll

2012-11-08 23:57 - 2012-08-01 23:01 - 02281984 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\QtCore4.dll

2012-11-08 23:57 - 2012-08-01 23:01 - 00016896 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\featureController.dll

2012-11-08 23:57 - 2012-08-01 23:01 - 00062976 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\osEvents.dll

2012-11-08 23:57 - 2012-08-01 23:01 - 00322048 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\log4cplus.dll

2012-11-08 23:57 - 2012-08-01 23:01 - 00339456 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\QtXml4.dll

2012-11-08 23:57 - 2012-08-01 23:01 - 00400384 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\sqlite3.dll

2012-11-08 23:57 - 2012-08-01 23:01 - 00195584 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\libgsoap.dll

2012-11-08 23:57 - 2012-08-01 23:01 - 00062464 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\zlib1.dll

2012-11-08 23:57 - 2012-08-01 23:01 - 00446976 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\deviceProfile.dll

2012-11-08 23:57 - 2012-08-01 23:01 - 00019456 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\eventsSender.dll

2012-11-08 23:57 - 2012-08-01 23:01 - 00062976 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\serviceManagerStarter.dll

2012-08-10 16:51 - 2012-08-10 16:51 - 00985088 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll

2007-08-31 17:13 - 2007-08-31 17:13 - 01336600 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\fox.dll

2013-01-15 01:39 - 2012-06-25 19:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll

2013-12-11 14:24 - 2013-12-11 14:24 - 03559024 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
 

==================== Alternate Data Streams (whitelisted) =========
 
 

==================== Safe Mode (whitelisted) ===================
 

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"
 

==================== Faulty Device Manager Devices =============
 

Name: Cisco Systems VPN Adapter for 64-bit Windows

Description: Cisco Systems VPN Adapter for 64-bit Windows

Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}

Manufacturer: Cisco Systems

Service: CVirtA

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 

==================== Event log errors: =========================
 

Could not start eventlog service, could not read events.
 

Der angeforderte Dienst wurde bereits gestartet.
 

Sie erhalten weitere Hilfe, wenn Sie NET HELPMSG 2182 eingeben.
 
 

==================== Memory info =========================== 
 

Percentage of memory in use: 37%

Total physical RAM: 3990.14 MB

Available physical RAM: 2486.6 MB

Total Pagefile: 10390.14 MB

Available Pagefile: 8656.68 MB

Total Virtual: 8192 MB

Available Virtual: 8191.8 MB
 

==================== Drives ================================
 

Drive c: (TI31016900A) (Fixed) (Total:219.49 GB) (Free:86.58 GB) NTFS

Drive d: (INTENSO) (Removable) (Total:3.76 GB) (Free:3.76 GB) FAT32

Drive f: (USB DISK) (Removable) (Total:0.03 GB) (Free:0 GB) FAT

Drive g: (USB DISK) (Removable) (Total:0.9 GB) (Free:0.9 GB) FAT
 

==================== MBR & Partition Table ==================
 

========================================================

Disk: 0 (Size: 238 GB) (Disk ID: 728F6589)
 

Partition: GPT Partition Type

========================================================

Disk: 1 (Size: 4 GB) (Disk ID: 0DFF7265)

No partition Table on disk 1.
 

========================================================

Disk: 2 (MBR Code: Windows XP) (Size: 35 MB) (Disk ID: C3072E18)

Partition 1: (Active) - (Size=35 MB) - (Type=06)
 

========================================================

Disk: 3 (MBR Code: Windows XP) (Size: 920 MB) (Disk ID: 1CAC3930)

Partition 1: (Active) - (Size=920 MB) - (Type=06)
 

==================== End Of Log ============================

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)

Mahlzeit Schrauber! Danke für die flotte Antwort!

ESET hat zwei Würmer gefunden!

Code:

ESETSmartInstaller@High as downloader log:

all ok

# version=8

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6920

# api_version=3.0.2

# EOSSerial=e7ac58e37d77e04ab8cfa957befa3212

# engine=16709

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=false

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2014-01-19 12:30:51

# local_time=2014-01-19 01:30:51 (+0100, Mitteleuropäische Zeit)

# country="Germany"

# lang=1033

# osver=6.2.9200 NT 

# compatibility_mode=1799 16775165 100 96 0 255557941 91222 0

# compatibility_mode=5893 16776574 100 94 13186272 24569082 0 0

# scanned=281367

# found=2

# cleaned=0

# scan_time=3179

sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="VBS/Agent.NDH worm" ac=I fn="C:\Users\Seb\AppData\Local\Temp\jSugLyCC.vbs"

sh=C781EE275E586569D00AED1AC4BB070DF719CE51 ft=0 fh=0000000000000000 vn="VBS/Agent.NDH worm" ac=I fn="C:\Users\Seb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\jSugLyCC.vbs"

Security Check

Code:

 Results of screen317's Security Check version 0.99.79  

   x64 (UAC is enabled)  

 Internet Explorer 10 Out of date! 
 ``````````````Antivirus/Firewall Check:`````````````` 

Windows Defender   

Avira Desktop      

 Antivirus up to date!  (On Access scanning disabled!) 
 `````````Anti-malware/Other Utilities Check:````````` 

 Malwarebytes Anti-Malware Version 1.75.0.1300  

 Java 7 Update 51  

 Adobe Flash Player         11.9.900.170  

 Adobe Reader XI  

 Mozilla Firefox (Firefox.) 

 Mozilla Thunderbird (24.2.0) 
 ````````Process Check: objlist.exe by Laurent````````  

 Avira Antivir avgnt.exe 

 Avira Antivir avguard.exe 
 `````````````````System Health check````````````````` 

 Total Fragmentation on Drive C:  % 
 ````````````````````End of Log``````````````````````

FRST

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-01-2014

Ran by Seb (administrator) on SEBASTIAN on 19-01-2014 13:36:03

Running from C:\Users\Seb\Downloads\FRST-OlderVersion

Windows 8 (X64) OS Language: German Standard

Internet Explorer Version 10

Boot Mode: Normal
 
 
 

==================== Processes (Whitelisted) =================
 

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

(Microsoft Corporation) C:\Windows\System32\wlanext.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

() C:\Program Files\TOSHIBA\LANDriver\TNSSVC.exe

(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe

(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe

(Microsoft Corporation) C:\Windows\System32\dasHost.exe

(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe

(Intel Corporation) C:\Windows\SysWOW64\irstrtsv.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe

(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe

(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe

() C:\Program Files (x86)\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe

(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe

(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe

(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe

(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

(SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe

(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\System Setting\TSleepSrv.exe

() C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe

() C:\Program Files\TOSHIBA\Hotkey\Hotkey\TCrdKBB.exe

(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoResident.exe

(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

(Intel Corporation) C:\Windows\System32\igfxtray.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

(Spotify Ltd) C:\Users\Seb\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe

(Microsoft Corporation) C:\Windows\System32\wscript.exe

(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe

(Intel Corporation) C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe

(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe

(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin

(Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe

(Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe

(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe

(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe

(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe

(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe

(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe

(Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\Toshiba.Tempro.UI.CommonNotifier.exe

(Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe

(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

(Microsoft Corporation) C:\Windows\SysWOW64\WWAHost.exe

(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
 
 

==================== Registry (Whitelisted) ==================
 

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13197456 2012-09-28] (Realtek Semiconductor)

HKLM\...\Run: [SRS Premium Sound 3D] - C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe [2170784 2012-07-27] (SRS Labs, Inc.)

HKLM\...\Run: [TSleepSrv] - C:\Program Files (x86)\TOSHIBA\System Setting\TSleepSrv.exe [1548952 2012-08-05] (TOSHIBA Corporation)

HKLM\...\Run: [TODDMain] - C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe [213136 2012-08-05] ()

HKLM\...\Run: [TCrdMain] - C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2609064 2012-08-30] ()

HKLM\...\Run: [TOSDCR] - C:\Program Files\TOSHIBA\PasswordUtility\TOSDCR.exe [169296 2007-08-28] ()

HKLM\...\Run: [TecoResident] - C:\Program Files\TOSHIBA\Teco\TecoResident.exe [169896 2012-08-14] (TOSHIBA Corporation)

HKLM\...\Run: [TosWaitSrv] - C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [356776 2012-07-11] (TOSHIBA Corporation)

HKLM\...\Run: [Acronis Scheduler2 Service] - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [140568 2007-08-31] (Acronis)

HKLM\...\Run: [Zune Launcher] - C:\Program Files\Zune\ZuneLauncher.exe [163552 2011-08-05] (Microsoft Corporation)

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2916152 2012-08-16] (Synaptics Incorporated)

HKLM\...\Run: [Ocs_SM] - C:\Users\Seb\AppData\Roaming\OCS\SM\SearchAnonymizer.exe

HKLM-x32\...\Run: [Intel AppUp(SM) center] - C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-08-01] (Intel Corporation)

HKLM-x32\...\Run: [TrueImageMonitor.exe] - C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [2622232 2007-08-31] (Acronis)

HKLM-x32\...\Run: [AcronisTimounterMonitor] - C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe [907040 2007-08-31] (Acronis)

HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)

HKLM-x32\...\Run: [] - [x]

HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [684600 2013-12-12] (Avira Operations GmbH & Co. KG)

HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-10-23] (Apple Inc.)

HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)

HKLM-x32\...\Run: [LogMeIn Hamachi Ui] - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3806544 2013-11-29] (LogMeIn Inc.)

Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)

HKCU\...\Run: [Spotify Web Helper] - C:\Users\Seb\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171968 2014-01-13] (Spotify Ltd)

HKCU\...\Run: [Spotify] - C:\Users\Seb\AppData\Roaming\Spotify\spotify.exe [6118400 2014-01-13] (Spotify Ltd)

HKCU\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3673728 2012-11-06] (DT Soft Ltd)

HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [18642024 2013-02-28] (Skype Technologies S.A.)

HKCU\...\Run: [jSugLyCC] - C:\Users\Seb\AppData\Local\Temp\jSugLyCC.vbs [137593 2013-10-11] () <===== ATTENTION

HKCU\...\RunOnce: [FlashPlayerUpdate] - C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_9_900_170_Plugin.exe -update plugin [839560 2013-12-10] (Adobe Systems Incorporated)

Lsa: [Authentication Packages] msv1_0 relog_ap

Startup: C:\Users\Seb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\jSugLyCC.vbs ()

Startup: C:\Users\Seb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk

ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
 

==================== Internet (Whitelisted) ====================
 

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe

SearchScopes: HKLM - DefaultScope {09A69234-BD08-4395-99EF-968D786EBEF5} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MATMJS

SearchScopes: HKLM - {09A69234-BD08-4395-99EF-968D786EBEF5} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MATMJS

SearchScopes: HKLM-x32 - {09A69234-BD08-4395-99EF-968D786EBEF5} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MATMJS

SearchScopes: HKCU - {09A69234-BD08-4395-99EF-968D786EBEF5} URL = 

SearchScopes: HKCU - {0D0A5AAB-0496-4E6D-A8B4-23E3C7F2BE76} URL = hxxp://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=482246c3-5a70-4c9b-a7f3-e95a31257b7e&pid=winsoftware&mode=bounce&k=0

SearchScopes: HKCU - {11A60F73-1755-4F6F-ADCE-055B281B28EF} URL = hxxp://de.wikipedia.org.anonymize-me.de/?to=64652E77696B6970656469612E6F7267&st={searchTerms}&clid=482246c3-5a70-4c9b-a7f3-e95a31257b7e&pid=winsoftware&mode=bounce&k=0

SearchScopes: HKCU - {6D21CB17-F094-4684-91C8-E11FF35FBC07} URL = hxxp://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=482246c3-5a70-4c9b-a7f3-e95a31257b7e&pid=winsoftware&mode=bounce&k=0

SearchScopes: HKCU - {A6E5E866-A470-4A80-AF5C-B1804687A57D} URL = hxxp://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=482246c3-5a70-4c9b-a7f3-e95a31257b7e&pid=winsoftware&mode=bounce&k=0

SearchScopes: HKCU - {C5C3BA41-2C8B-4EED-BC30-51719505E02B} URL = hxxp://search.ebay.de.anonymize-me.de/?to=656261792E6465&st={searchTerms}&clid=482246c3-5a70-4c9b-a7f3-e95a31257b7e&pid=winsoftware&mode=bounce&k=0

SearchScopes: HKCU - {D972F157-658E-4511-8466-9F666F06C8A4} URL = hxxp://www.amazon.de.anonymize-me.de/?to=616D617A6F6E2E6465&st={searchTerms}&clid=482246c3-5a70-4c9b-a7f3-e95a31257b7e&pid=winsoftware&mode=bounce&k=0

BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)

BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

DPF: HKLM-x32 {538793D5-659C-4639-A56C-A179AD87ED44} https://vpngate.uni-koeln.de/CACHE/stc/3/binaries/vpnweb.cab

Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
 

FireFox:

========

FF ProfilePath: C:\Users\Seb\AppData\Roaming\Mozilla\Firefox\Profiles\2xnekie7.default

FF SearchEngineOrder.1: Ask.com

FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()

FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()

FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\windows\SysWOW64\Adobe\Director\np32dsw_1207148.dll (Adobe Systems, Inc.)

FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)

FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)

FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin-x32: @Nero.com/KM - C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)

FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()

FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF SearchPlugin: C:\Users\Seb\AppData\Roaming\Mozilla\Firefox\Profiles\2xnekie7.default\searchplugins\youtube-videosuche.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml

FF Extension: Preispilot - C:\Users\Seb\AppData\Roaming\Mozilla\Firefox\Profiles\2xnekie7.default\Extensions\extension@preispilot.com.xpi [2013-12-16]

FF Extension: Adblock Plus - C:\Users\Seb\AppData\Roaming\Mozilla\Firefox\Profiles\2xnekie7.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-09-27]

FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK

FF HKCU\...\Firefox\Extensions: [extension@preispilot.com] - C:\Users\Seb\AppData\Roaming\Mozilla\Firefox\Profiles\2xnekie7.default\extensions\extension@preispilot.com
 

==================== Services (Whitelisted) =================
 

U2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376 2013-12-12] (Avira Operations GmbH & Co. KG)

U2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376 2013-11-14] (Avira Operations GmbH & Co. KG)

U2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1011768 2013-12-12] (Avira Operations GmbH & Co. KG)

U2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)

U2 irstrtsv; C:\windows\SysWOW64\irstrtsv.exe [193576 2012-07-20] (Intel Corporation)

U2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)

U2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [377104 2013-10-11] (LogMeIn, Inc.)

U3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [288776 2013-09-06] (McAfee, Inc.)

U3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-08-28] ()

U2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [201360 2012-08-31] (Realtek Semiconductor)

U3 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [116088 2013-07-18] (Toshiba Europe GmbH)

U2 TNSSVC; C:\Program Files\Toshiba\LANDriver\TNSSVC.exe [40944 2012-09-07] ()

U2 TryAndDecideService; C:\Program Files (x86)\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe [498872 2007-08-31] ()

U3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-07-02] (Microsoft Corporation)

U2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3378416 2013-08-28] (Intel® Corporation)

U2 McOobeSv2; "C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe" /McCoreSvc [x]

U2 McSchedulerSvc; "C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe" /McCoreSvc [x]
 

==================== Drivers (Whitelisted) ====================
 

U2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-12] (Avira Operations GmbH & Co. KG)

U1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [131576 2013-12-12] (Avira Operations GmbH & Co. KG)

U1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2013-11-14] (Avira Operations GmbH & Co. KG)

U3 CVPNDRVA; C:\windows\system32\Drivers\CVPNDRVA.sys [306536 2011-03-04] ()

U1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283200 2013-03-30] (DT Soft Ltd)

U3 e1cexpress; C:\Windows\system32\DRIVERS\e1c63x64.sys [452432 2012-08-10] (Intel Corporation)

U3 hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [46136 2013-11-29] (LogMeIn Inc.)

U3 irstrtdv; C:\Windows\System32\drivers\irstrtdv.sys [43800 2012-07-20] (Intel Corporation)

U3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3345376 2013-10-08] (Intel Corporation)

U3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [28632 2012-07-31] (Windows (R) Win 7 DDK provider)

U3 XHCIPort; C:\Windows\System32\drivers\XHCIPort.sys [188384 2012-08-10] (Windows (R) Win 7 DDK provider)

U5 AppMgmt; C:\Windows\system32\svchost.exe [29696 2012-09-20] (Microsoft Corporation)

U3 catchme; \??\C:\ComboFix\catchme.sys [x]

U3 vpnva; \SystemRoot\system32\DRIVERS\vpnva64-6.sys [x]
 

==================== NetSvcs (Whitelisted) ===================
 
 

==================== One Month Created Files and Folders ========
 

2014-01-19 13:33 - 2014-01-19 13:33 - 00987425 _____ C:\Users\Seb\Downloads\SecurityCheck.exe

2014-01-19 12:35 - 2014-01-19 12:35 - 02347384 _____ (ESET) C:\Users\Seb\Downloads\esetsmartinstaller_enu.exe

2014-01-19 12:35 - 2014-01-19 12:35 - 00000000 ____D C:\Program Files (x86)\ESET

2014-01-18 11:59 - 2014-01-19 13:36 - 00000000 ____D C:\Users\Seb\Downloads\FRST-OlderVersion

2014-01-18 11:57 - 2014-01-18 11:57 - 00000867 _____ C:\Users\Seb\Desktop\JRT.txt

2014-01-18 11:53 - 2014-01-18 11:53 - 01037068 _____ (Thisisu) C:\Users\Seb\Downloads\JRT(1).exe

2014-01-18 11:47 - 2014-01-18 11:47 - 01236282 _____ C:\Users\Seb\Downloads\adwcleaner_3.017.exe

2014-01-18 11:17 - 2014-01-18 11:18 - 00000085 _____ C:\windows\wininit.ini

2014-01-18 11:13 - 2014-01-18 11:13 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Seb\Downloads\mbam-setup-1.75.0.1300(1).exe

2014-01-18 03:33 - 2014-01-18 11:18 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2

2014-01-18 03:33 - 2014-01-18 11:17 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy

2014-01-18 03:33 - 2014-01-18 03:33 - 00000000 ____D C:\windows\System32\Tasks\Safer-Networking

2014-01-18 03:32 - 2014-01-18 03:32 - 40658208 _____ (Safer-Networking Ltd.                                       ) C:\Users\Seb\Downloads\spybot-2.2.25.exe

2014-01-18 03:27 - 2014-01-18 03:28 - 01273071 _____ C:\Users\Seb\Downloads\tc6_install.exe

2014-01-17 20:08 - 2014-01-17 20:08 - 00018926 _____ C:\Users\Seb\Desktop\Combo Fix Scan.txt

2014-01-17 20:07 - 2014-01-17 20:07 - 00000000 ___SD C:\ComboFix

2014-01-17 20:06 - 2014-01-17 20:05 - 05167985 ____R (Swearware) C:\Users\Seb\Desktop\ComboFix.exe

2014-01-17 20:05 - 2014-01-17 20:05 - 05167985 _____ (Swearware) C:\Users\Seb\Downloads\ComboFix(1).exe

2014-01-15 22:38 - 2014-01-15 22:43 - 00000000 ____D C:\Users\Seb\Documents\Bewerbung Ebner Stolz

2014-01-15 15:48 - 2013-12-07 07:37 - 00688640 _____ (Microsoft Corporation) C:\windows\system32\WSShared.dll

2014-01-15 15:48 - 2013-12-07 07:37 - 00163840 _____ (Microsoft Corporation) C:\windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll

2014-01-15 15:48 - 2013-12-07 06:15 - 00562688 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSShared.dll

2014-01-15 15:48 - 2013-12-07 06:15 - 00124928 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll

2014-01-15 15:48 - 2013-10-31 06:56 - 00915968 _____ (Microsoft Corporation) C:\windows\system32\MPSSVC.dll

2014-01-15 15:48 - 2013-10-31 06:56 - 00758784 _____ (Microsoft Corporation) C:\windows\system32\FirewallAPI.dll

2014-01-15 15:48 - 2013-10-31 05:01 - 00550400 _____ (Microsoft Corporation) C:\windows\SysWOW64\FirewallAPI.dll

2014-01-15 15:48 - 2013-10-31 04:42 - 00074752 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mpsdrv.sys

2014-01-15 15:48 - 2013-10-28 06:50 - 00588288 _____ (Microsoft Corporation) C:\windows\system32\SHCore.dll

2014-01-15 15:48 - 2013-10-28 05:05 - 00452608 _____ (Microsoft Corporation) C:\windows\SysWOW64\SHCore.dll

2014-01-15 15:48 - 2013-10-13 21:49 - 00100696 _____ (Microsoft Corporation) C:\windows\system32\Drivers\disk.sys

2014-01-15 15:48 - 2013-08-27 06:21 - 00227840 _____ (Microsoft Corporation) C:\windows\system32\WebClnt.dll

2014-01-15 15:48 - 2013-08-27 06:19 - 00104448 _____ (Microsoft Corporation) C:\windows\system32\davclnt.dll

2014-01-15 15:48 - 2013-08-26 23:29 - 00199168 _____ (Microsoft Corporation) C:\windows\SysWOW64\WebClnt.dll

2014-01-15 15:48 - 2013-08-26 23:28 - 00086016 _____ (Microsoft Corporation) C:\windows\SysWOW64\davclnt.dll

2014-01-15 14:53 - 2014-01-15 14:53 - 00005402 _____ C:\windows\SysWOW64\jupdate-1.7.0_51-b13.log

2014-01-12 18:50 - 2014-01-12 20:00 - 00000000 ____D C:\Users\Seb\Documents\Hannah Arendt

2014-01-10 22:57 - 2014-01-10 22:57 - 00000000 ____D C:\Users\Seb\Desktop\Ivan Musik

2014-01-04 22:37 - 2014-01-04 22:37 - 00000000 ____D C:\windows\SysWOW64\Adobe

2013-12-23 18:48 - 2013-12-23 18:49 - 00000000 ___DC C:\Users\Seb\AppData\Local\MigWiz

2013-12-21 19:43 - 2013-12-21 19:43 - 00002064 _____ C:\Users\Public\Desktop\Counter-Strike 1.6 DigitalZone.lnk

2013-12-21 19:43 - 2013-12-21 19:43 - 00002035 _____ C:\Users\Public\Desktop\Half-Life DigitalZone.lnk

2013-12-21 19:42 - 2013-12-21 19:43 - 00000000 ____D C:\Program Files (x86)\Counter-Strike 1.6 V40

2013-12-20 01:24 - 2013-12-20 01:25 - 00000000 ____D C:\Users\Seb\Documents\Internationales Steuerrecht
 

==================== One Month Modified Files and Folders =======
 

2014-01-19 13:36 - 2014-01-18 11:59 - 00000000 ____D C:\Users\Seb\Downloads\FRST-OlderVersion

2014-01-19 13:35 - 2013-12-06 15:32 - 00000000 ____D C:\FRST

2014-01-19 13:33 - 2014-01-19 13:33 - 00987425 _____ C:\Users\Seb\Downloads\SecurityCheck.exe

2014-01-19 13:24 - 2013-07-03 17:03 - 00001124 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-01-19 13:24 - 2013-07-03 17:03 - 00001120 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-01-19 13:02 - 2012-07-26 09:12 - 00000000 ____D C:\windows\system32\sru

2014-01-19 12:51 - 2013-03-16 16:53 - 00000884 _____ C:\windows\Tasks\Adobe Flash Player Updater.job

2014-01-19 12:37 - 2012-08-01 17:38 - 00753134 _____ C:\windows\system32\perfh007.dat

2014-01-19 12:37 - 2012-08-01 17:38 - 00155826 _____ C:\windows\system32\perfc007.dat

2014-01-19 12:37 - 2012-07-26 08:28 - 01745416 _____ C:\windows\system32\PerfStringBackup.INI

2014-01-19 12:35 - 2014-01-19 12:35 - 02347384 _____ (ESET) C:\Users\Seb\Downloads\esetsmartinstaller_enu.exe

2014-01-19 12:35 - 2014-01-19 12:35 - 00000000 ____D C:\Program Files (x86)\ESET

2014-01-19 12:32 - 2013-03-16 22:56 - 00000000 ____D C:\Users\Seb\AppData\Local\LogMeIn Hamachi

2014-01-19 12:32 - 2012-07-26 08:22 - 00000006 ____H C:\windows\Tasks\SA.DAT

2014-01-19 05:44 - 2012-07-26 06:26 - 00262144 ___SH C:\windows\system32\config\BBI

2014-01-18 14:46 - 2012-07-26 09:12 - 00000000 ____D C:\windows\rescache

2014-01-18 12:29 - 2013-03-16 12:17 - 00003598 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-737478861-1433762466-2432789249-1001

2014-01-18 12:00 - 2013-12-06 15:34 - 00023243 _____ C:\Users\Seb\Downloads\Addition.txt

2014-01-18 12:00 - 2013-12-06 15:33 - 00032243 _____ C:\Users\Seb\Downloads\FRST.txt

2014-01-18 11:59 - 2013-12-06 15:31 - 02076160 _____ (Farbar) C:\Users\Seb\Downloads\FRST64.exe

2014-01-18 11:57 - 2014-01-18 11:57 - 00000867 _____ C:\Users\Seb\Desktop\JRT.txt

2014-01-18 11:53 - 2014-01-18 11:53 - 01037068 _____ (Thisisu) C:\Users\Seb\Downloads\JRT(1).exe

2014-01-18 11:50 - 2013-10-27 22:52 - 00000000 ____D C:\AdwCleaner

2014-01-18 11:47 - 2014-01-18 11:47 - 01236282 _____ C:\Users\Seb\Downloads\adwcleaner_3.017.exe

2014-01-18 11:18 - 2014-01-18 11:17 - 00000085 _____ C:\windows\wininit.ini

2014-01-18 11:18 - 2014-01-18 03:33 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2

2014-01-18 11:18 - 2013-03-17 05:11 - 01395317 _____ C:\windows\WindowsUpdate.log

2014-01-18 11:18 - 2012-11-09 08:11 - 00131576 _____ C:\windows\PFRO.log

2014-01-18 11:17 - 2014-01-18 03:33 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy

2014-01-18 11:13 - 2014-01-18 11:13 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Seb\Downloads\mbam-setup-1.75.0.1300(1).exe

2014-01-18 03:33 - 2014-01-18 03:33 - 00000000 ____D C:\windows\System32\Tasks\Safer-Networking

2014-01-18 03:32 - 2014-01-18 03:32 - 40658208 _____ (Safer-Networking Ltd.                                       ) C:\Users\Seb\Downloads\spybot-2.2.25.exe

2014-01-18 03:28 - 2014-01-18 03:27 - 01273071 _____ C:\Users\Seb\Downloads\tc6_install.exe

2014-01-17 20:54 - 2013-09-05 10:06 - 00000000 ____D C:\Users\Seb\Documents\MASTERARBEIT

2014-01-17 20:10 - 2012-07-26 09:12 - 00000000 ____D C:\windows\WinStore

2014-01-17 20:10 - 2012-07-26 09:12 - 00000000 ____D C:\windows\system32\NDF

2014-01-17 20:08 - 2014-01-17 20:08 - 00018926 _____ C:\Users\Seb\Desktop\Combo Fix Scan.txt

2014-01-17 20:07 - 2014-01-17 20:07 - 00000000 ___SD C:\ComboFix

2014-01-17 20:07 - 2013-12-06 00:13 - 00000000 ____D C:\Qoobox

2014-01-17 20:05 - 2014-01-17 20:06 - 05167985 ____R (Swearware) C:\Users\Seb\Desktop\ComboFix.exe

2014-01-17 20:05 - 2014-01-17 20:05 - 05167985 _____ (Swearware) C:\Users\Seb\Downloads\ComboFix(1).exe

2014-01-17 19:55 - 2012-07-26 06:37 - 00000000 __RHD C:\Users\Default

2014-01-17 19:53 - 2013-12-06 00:12 - 00000000 ____D C:\windows\erdnt

2014-01-17 19:53 - 2012-07-26 06:26 - 00000215 _____ C:\windows\system.ini

2014-01-17 19:46 - 2013-12-06 00:12 - 05167985 ____R (Swearware) C:\Users\Seb\Downloads\ComboFix.exe

2014-01-17 15:44 - 2013-03-17 05:11 - 00000000 ___RD C:\Users\Seb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

2014-01-17 13:17 - 2013-03-16 17:24 - 00000000 ____D C:\Users\Seb\AppData\Roaming\Spotify

2014-01-16 02:45 - 2013-03-16 13:01 - 00000000 ____D C:\Users\Seb\Documents\Seminararbeit

2014-01-15 23:56 - 2013-07-15 20:37 - 00000000 ____D C:\windows\system32\MRT

2014-01-15 23:54 - 2013-03-18 22:28 - 86054176 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe

2014-01-15 22:43 - 2014-01-15 22:38 - 00000000 ____D C:\Users\Seb\Documents\Bewerbung Ebner Stolz

2014-01-15 21:43 - 2013-09-07 13:54 - 00000000 ____D C:\Users\Seb\Documents\KKH Allianz

2014-01-15 14:53 - 2014-01-15 14:53 - 00005402 _____ C:\windows\SysWOW64\jupdate-1.7.0_51-b13.log

2014-01-15 14:53 - 2013-11-23 16:04 - 00000000 ____D C:\ProgramData\Oracle

2014-01-15 14:53 - 2013-11-23 16:04 - 00000000 ____D C:\Program Files (x86)\Java

2014-01-14 22:21 - 2013-03-16 17:24 - 00000000 ____D C:\Users\Seb\AppData\Local\Spotify

2014-01-14 15:10 - 2013-03-21 23:39 - 00000000 ____D C:\ProgramData\Microsoft Help

2014-01-12 20:00 - 2014-01-12 18:50 - 00000000 ____D C:\Users\Seb\Documents\Hannah Arendt

2014-01-10 22:57 - 2014-01-10 22:57 - 00000000 ____D C:\Users\Seb\Desktop\Ivan Musik

2014-01-10 17:38 - 2012-07-26 09:12 - 00000000 ____D C:\windows\AUInstallAgent

2014-01-09 09:02 - 2013-12-12 23:48 - 00694240 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe

2014-01-09 09:02 - 2013-12-12 23:48 - 00078296 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl

2014-01-04 22:37 - 2014-01-04 22:37 - 00000000 ____D C:\windows\SysWOW64\Adobe

2013-12-27 14:13 - 2013-03-16 12:27 - 00000000 ____D C:\Users\Seb\Documents\Bachelor Arbeit

2013-12-23 18:49 - 2013-12-23 18:48 - 00000000 ___DC C:\Users\Seb\AppData\Local\MigWiz

2013-12-21 19:43 - 2013-12-21 19:43 - 00002064 _____ C:\Users\Public\Desktop\Counter-Strike 1.6 DigitalZone.lnk

2013-12-21 19:43 - 2013-12-21 19:43 - 00002035 _____ C:\Users\Public\Desktop\Half-Life DigitalZone.lnk

2013-12-21 19:43 - 2013-12-21 19:42 - 00000000 ____D C:\Program Files (x86)\Counter-Strike 1.6 V40

2013-12-21 19:29 - 2013-03-31 13:48 - 00000000 ____D C:\Users\Seb\Desktop\Spiele

2013-12-20 20:18 - 2013-03-30 21:03 - 00000000 ____D C:\Users\Seb\Documents\Command and Conquer Generals Data

2013-12-20 01:25 - 2013-12-20 01:24 - 00000000 ____D C:\Users\Seb\Documents\Internationales Steuerrecht
 

Files to move or delete:

====================

C:\Users\Seb\AppData\Local\Temp\jSugLyCC.vbs
 
 

Some content of TEMP:

====================

C:\Users\Seb\AppData\Local\Temp\avgnt.exe

C:\Users\Seb\AppData\Local\Temp\Quarantine.exe
 
 

==================== Bamital & volsnap Check =================
 

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\rpcss.dll => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 

LastRegBack: 2014-01-17 12:57
 

==================== End Of Log ============================

--- --- ---

Code:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-01-2014

Ran by Seb at 2014-01-19 13:36:23

Running from C:\Users\Seb\Downloads\FRST-OlderVersion

Boot Mode: Normal

==========================================================
 
 

==================== Security Center ========================
 

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AV: Avira Desktop (Disabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}

AS: Avira Desktop (Disabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 

==================== Installed Programs ======================
 

Acronis*True*Image*Home (x32 Version: 11.0.8010 - Acronis)

Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.170 - Adobe Systems Incorporated)

Adobe Reader XI (11.0.06) - Deutsch (x32 Version: 11.0.06 - Adobe Systems Incorporated)

Adobe Shockwave Player 12.0 (x32 Version: 12.0.7.148 - Adobe Systems, Inc.)

Aloha TriPeaks (x32 Version: 2.2.0.98 - WildTangent) Hidden

ANNO 1503 (x32 Version:  - )

Apple Application Support (x32 Version: 2.3.6 - Apple Inc.)

Apple Mobile Device Support (Version: 7.0.0.117 - Apple Inc.)

Apple Software Update (x32 Version: 2.1.3.127 - Apple Inc.)

Avira Free Antivirus (x32 Version: 14.0.2.286 - Avira)

Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden

Bitcoin (HKCU Version: 0.8.5 - Bitcoin project)

Bonjour (Version: 3.0.0.10 - Apple Inc.)

Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden

Cisco Systems VPN Client 5.0.07.0440 (Version: 5.0.7 - Cisco Systems, Inc.)

Command & Conquer Generals (x32 Version: 0.50.0000 - Electronic Arts)

Command & Conquer Generals (x32 Version: 0.50.0000 - Electronic Arts) Hidden

Counter-Strike 1.6 V40 (x32 Version:  - )

Counter-Strike Source 1.9.1 (x32 Version:  - Valve Corporation)

DAEMON Tools Lite (x32 Version: 4.46.1.0327 - DT Soft Ltd)

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32 Version:  - Microsoft)

doPDF 7.3 printer (Version:  - Softland)

Empire Earth (x32 Version:  - )

Empress of the Deep - The Darkest Secret (x32 Version: 2.2.0.98 - WildTangent) Hidden

ESET Online Scanner v3 (x32 Version:  - )

Free PDF to Word Doc Converter v1.1 (x32 Version: 1.1 - www.hellopdf.com)

Free YouTube to MP3 Converter version 3.12.0.128 (x32 Version: 3.12.0.128 - DVDVideoSoft Ltd.)

FUSSBALL MANAGER 09 (x32 Version:  - Electronic Arts)

Google Earth Plug-in (x32 Version: 7.1.2.2041 - Google)

Google Update Helper (x32 Version: 1.3.22.3 - Google Inc.) Hidden

Grand Theft Auto Vice City (x32 Version: 1.00.000 - )

HP LaserJet P1000 series (x32 Version:  - )

HPSSupply (x32 Version: 2.1.1.0000 - Ihr Firmenname)

Intel AppUp(SM) center (x32 Version: 3.6.1.33268.15 - Intel)

Intel(R) Management Engine Components (x32 Version: 8.1.0.1252 - Intel Corporation)

Intel(R) Network Connections Drivers (Version: 17.3 - Intel)

Intel(R) PRO/Wireless Driver (Version: 16.01.5000.0577 - Intel Corporation) Hidden

Intel(R) Processor Graphics (x32 Version: 9.17.10.3040 - Intel Corporation)

Intel(R) Rapid Start Technology (x32 Version: 2.1.0.1002 - Intel Corporation)

Intel(R) Rapid Storage Technology (x32 Version: 11.5.2.1001 - Intel Corporation)

Intel(R) SDK for OpenCL - CPU Only Runtime Package (x32 Version: 2.0.0.37149 - Intel Corporation)

Intel(R) WiDi (Version: 3.5.34.0 - Intel Corporation)

Intel® PROSet/Wireless Software (x32 Version: 16.1.5 - Intel Corporation)

Intel® PROSet/Wireless WiFi Software (Version: 16.01.5000.0269 - Intel Corporation) Hidden

Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden

Island Tribe (x32 Version: 2.2.0.98 - WildTangent) Hidden

iTunes (Version: 11.1.2.32 - Apple Inc.)

Java 7 Update 51 (x32 Version: 7.0.510 - Oracle)

Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden

Jewel Quest Solitaire 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden

LogMeIn Hamachi (x32 Version: 2.2.0.109 - LogMeIn, Inc.)

LogMeIn Hamachi (x32 Version: 2.2.0.109 - LogMeIn, Inc.) Hidden

Magic Academy (x32 Version: 2.2.0.98 - WildTangent) Hidden

Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300 - Malwarebytes Corporation)

McAfee Security Scan Plus (Version: 3.8.130.10 - McAfee, Inc.)

Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden

Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Home and Student 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation)

Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Single Image 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation)

Mozilla Firefox 26.0 (x86 de) (x32 Version: 26.0 - Mozilla)

Mozilla Maintenance Service (x32 Version: 26.0 - Mozilla)

Mozilla Thunderbird 24.2.0 (x86 de) (x32 Version: 24.2.0 - Mozilla)

MrvlUsgTracking (x32 Version: 1.0.7 - Marvell)

MrvlUsgTracking64 (Version: 1.0.1 - Marvell Semiconductor Pvt Ltd)

Nero 12 Essentials Toshiba (x32 Version: 12.0.00600 - Nero AG)

Nero BackItUp (x32 Version: 12.0.3000 - Nero AG) Hidden

Nero BackItUp Help (CHM) (x32 Version: 12.0.3000 - Nero AG) Hidden

Nero Blu-ray Player (x32 Version: 12.0.17500 - Nero AG) Hidden

Nero Blu-ray Player Help (CHM) (x32 Version: 12.0.4000 - Nero AG) Hidden

Nero BurnRights (x32 Version: 12.0.5000 - Nero AG) Hidden

Nero BurnRights Help (CHM) (x32 Version: 12.0.5000 - Nero AG) Hidden

Nero ControlCenter (x32 Version: 11.0.15300 - Nero AG) Hidden

Nero ControlCenter Help (CHM) (x32 Version: 12.0.5000 - Nero AG) Hidden

Nero Core Components (x32 Version: 11.0.18200 - Nero AG) Hidden

Nero Express (x32 Version: 12.0.20000 - Nero AG) Hidden

Nero Express Help (CHM) (x32 Version: 12.0.5000 - Nero AG) Hidden

Nero Kwik Media (x32 Version: 1.18.18900 - Nero AG) Hidden

Nero Kwik Media Help (CHM) (x32 Version: 12.0.4000 - Nero AG) Hidden

Nero Kwik Themes Basic (x32 Version: 12.0.11500 - Nero AG) Hidden

Nero Launcher (x32 Version: 12.2.6000 - Nero AG) Hidden

Nero RescueAgent (x32 Version: 12.0.9000 - Nero AG) Hidden

Nero RescueAgent Help (CHM) (x32 Version: 12.0.3000 - Nero AG) Hidden

Nero SharedVideoCodecs (x32 Version: 1.0.12100.2.0 - Nero AG) Hidden

Nero Update (x32 Version: 11.0.11800.31.0 - Nero AG) Hidden

OpenOffice.org 3.4.1 (x32 Version: 3.41.9593 - Apache Software Foundation)

Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden

Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden

Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden

Preispilot für Firefox (x32 Version: 2.0 - Preispilot)

Prerequisite installer (x32 Version: 12.0.0002 - Nero AG) Hidden

Realtek High Definition Audio Driver (x32 Version: 6.0.1.6748 - Realtek Semiconductor Corp.)

RICOH Media Driver v2.22.17.01 (x32 Version: 2.22.17.01 - RICOH)

Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version:  - Microsoft) Hidden

Shared C Run-time for x64 (Version: 10.0.0 - McAfee)

Sid Meier's Civilization 4 (x32 Version: 1.61 - Firaxis Games) Hidden

Skype™ 6.3 (x32 Version: 6.3.105 - Skype Technologies S.A.)

Spotify (HKCU Version: 0.9.7.16.g4b197456 - Spotify AB)

SRS Premium Sound Control Panel (Version: 1.12.4600 - SRS Labs, Inc.)

swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden

Synaptics Pointing Device Driver (Version: 16.2.10.5 - Synaptics Incorporated)

TOSHIBA Desktop Assist (Version: 1.00.0007.00002 - Toshiba Corporation)

TOSHIBA eco Utility (Version: 2.0.0.6415 - Toshiba Corporation)

TOSHIBA Function Key (Version: 1.00.6625.6402 - Toshiba Corporation)

TOSHIBA Manuals (x32 Version: 10.10 - TOSHIBA)

TOSHIBA Password Utility (Version: 3.00.0002.64003 - Toshiba Corporation)

TOSHIBA PC Health Monitor (Version: 1.8.17.640104 - Toshiba Corporation)

TOSHIBA Recovery Media Creator (x32 Version: 2.2.1.54043006 - Toshiba Corporation)

TOSHIBA Resolution+ Plug-in for Windows Media Player (x32 Version: 1.2.2.00 - TOSHIBA Corporation)

TOSHIBA Service Station (Version: 2.4.6 - TOSHIBA)

TOSHIBA System Driver (x32 Version: 1.00.0012 - Toshiba Corporation)

TOSHIBA System Settings (x32 Version: 1.00.0002.32002 - Toshiba Corporation)

Toshiba TEMPRO (x32 Version: 4.5.0 - Toshiba Europe GmbH)

Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (x32 Version:  - Microsoft)

Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (x32 Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (x32 Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (x32 Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (x32 Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (x32 Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (x32 Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32 Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (x32 Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition (x32 Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (x32 Version:  - Microsoft)

Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition (x32 Version:  - Microsoft)

Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (x32 Version:  - Microsoft)

Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (x32 Version:  - Microsoft)

Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition (x32 Version:  - Microsoft)

Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden

Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.98 - WildTangent) Hidden

Welcome App (Start-up experience) (x32 Version: 12.0.14000 - Nero AG) Hidden

WildTangent Games (x32 Version: 1.0.3.0 - WildTangent)

WildTangent Games App (Toshiba Games) (x32 Version: 4.0.9.7 - WildTangent) Hidden

Windows Mobile Device Updater Component (Version: 04.08.2345.00 - Microsoft Corporation) Hidden

Windows-Treiberpaket - Silicon Laboratories (silabenm) Ports  (10/18/2013 6.6.1.0) (Version: 10/18/2013 6.6.1.0 - Silicon Laboratories)

Xfire (remove only) (x32 Version:  - )

Zune (Version: 04.08.2345.00 - Microsoft Corporation)

Zune (Version: 04.08.2345.00 - Microsoft Corporation) Hidden

Zune Language Pack (CHS) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden

Zune Language Pack (CHT) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden

Zune Language Pack (CSY) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden

Zune Language Pack (DAN) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden

Zune Language Pack (DEU) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden

Zune Language Pack (ELL) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden

Zune Language Pack (ESP) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden

Zune Language Pack (FIN) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden

Zune Language Pack (FRA) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden

Zune Language Pack (HUN) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden

Zune Language Pack (IND) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden

Zune Language Pack (ITA) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden

Zune Language Pack (JPN) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden

Zune Language Pack (KOR) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden

Zune Language Pack (MSL) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden

Zune Language Pack (NLD) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden

Zune Language Pack (NOR) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden

Zune Language Pack (PLK) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden

Zune Language Pack (PTB) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden

Zune Language Pack (PTG) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden

Zune Language Pack (RUS) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden

Zune Language Pack (SVE) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
 

==================== Restore Points  =========================
 

17-01-2014 18:42:40 Avira EU-Cleaner - 17.01.2014 19:42
 

==================== Hosts content: ==========================
 

2012-07-26 06:26 - 2014-01-17 19:53 - 00000027 ____A C:\windows\system32\Drivers\etc\hosts

127.0.0.1       localhost
 

==================== Scheduled Tasks (whitelisted) =============
 

Task: {14A6BD4C-A6E2-4F35-B652-641AEAE236B9} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [2012-08-23] (TOSHIBA Corporation)

Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask

Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList

Task: {25EFD721-B249-4586-928F-FEF77859D5E3} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-10] (Adobe Systems Incorporated)

Task: {481D3FF4-B738-4C1C-8353-C382A59F1880} - System32\Tasks\Microsoft\Windows\Setup\Windows Upgrade Notification Task => C:\windows\system32\NotificationUI.exe [2013-08-16] (Microsoft Corporation)

Task: {56646ECA-B8DF-412F-ABDA-99F992CF7BA2} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\system32\NotificationUI.exe [2013-08-16] (Microsoft Corporation)

Task: {74CA6B9C-6BB8-4DA6-85E0-3E0EA7BB6753} - \Scheduled Update for Ask Toolbar No Task File

Task: {89A3EF59-80D8-4277-AAA7-84286EE6F95E} - System32\Tasks\Toshiba\CommonNotifier => C:\Program Files (x86)\Toshiba TEMPRO\Toshiba.Tempro.UI.CommonNotifier.exe [2013-07-18] (Toshiba Europe GmbH)

Task: {9A17AAAE-86BA-4B7A-806C-086C4AAA3365} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-03] (Google Inc.)

Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing

Task: {C406893B-1034-4290-8512-5AAAE1476259} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-03] (Google Inc.)

Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState

Task: {E6DF1243-744B-4D1A-8467-47FB61413B1C} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)

Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask

Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 

==================== Loaded Modules (whitelisted) =============
 

2012-07-19 03:38 - 2012-07-19 03:38 - 00020904 _____ () C:\Program Files\TOSHIBA\Hotkey\SmoothView.dll

2012-07-19 03:38 - 2012-07-19 03:38 - 00049064 _____ () C:\Program Files\TOSHIBA\Hotkey\Hotkey\FnZ.dll

2010-03-03 23:15 - 2010-03-03 23:15 - 00019256 _____ () C:\Program Files\TOSHIBA\Hotkey\Hotkey\FnF10.dll

2010-03-03 23:15 - 2010-03-03 23:15 - 00019256 _____ () C:\Program Files\TOSHIBA\Hotkey\Hotkey\FnF11.dll

2012-08-14 04:13 - 2012-08-14 04:13 - 00018344 _____ () C:\Program Files\TOSHIBA\Teco\TecoMUI.dll

2012-08-06 06:36 - 2012-08-06 06:36 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll

2013-03-16 23:49 - 2012-12-18 09:31 - 00397704 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll

2013-01-28 13:08 - 2013-01-28 13:08 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

2013-01-28 13:08 - 2013-01-28 13:08 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

2011-03-04 12:49 - 2011-03-04 12:49 - 00202752 _____ () C:\Program Files (x86)\Cisco Systems\VPN Client\vpnapi.dll

2012-11-08 23:57 - 2012-08-01 23:01 - 00891392 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\QtNetwork4.dll

2012-11-08 23:57 - 2012-08-01 23:01 - 02281984 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\QtCore4.dll

2012-11-08 23:57 - 2012-08-01 23:01 - 00016896 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\featureController.dll

2012-11-08 23:57 - 2012-08-01 23:01 - 00062976 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\osEvents.dll

2012-11-08 23:57 - 2012-08-01 23:01 - 00322048 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\log4cplus.dll

2012-11-08 23:57 - 2012-08-01 23:01 - 00339456 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\QtXml4.dll

2012-11-08 23:57 - 2012-08-01 23:01 - 00400384 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\sqlite3.dll

2012-11-08 23:57 - 2012-08-01 23:01 - 00195584 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\libgsoap.dll

2012-11-08 23:57 - 2012-08-01 23:01 - 00062464 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\zlib1.dll

2012-11-08 23:57 - 2012-08-01 23:01 - 00446976 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\deviceProfile.dll

2012-11-08 23:57 - 2012-08-01 23:01 - 00019456 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\eventsSender.dll

2012-11-08 23:57 - 2012-08-01 23:01 - 00062976 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\serviceManagerStarter.dll

2012-08-10 16:51 - 2012-08-10 16:51 - 00985088 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll

2007-08-31 17:13 - 2007-08-31 17:13 - 01336600 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\fox.dll

2013-01-15 01:39 - 2012-06-25 19:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll

2013-12-11 14:24 - 2013-12-11 14:24 - 03559024 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
 

==================== Alternate Data Streams (whitelisted) =========
 
 

==================== Safe Mode (whitelisted) ===================
 

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"
 

==================== Faulty Device Manager Devices =============
 

Name: Cisco Systems VPN Adapter for 64-bit Windows

Description: Cisco Systems VPN Adapter for 64-bit Windows

Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}

Manufacturer: Cisco Systems

Service: CVirtA

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 

==================== Event log errors: =========================
 

Could not start eventlog service, could not read events.
 

Der angeforderte Dienst wurde bereits gestartet.
 

Sie erhalten weitere Hilfe, wenn Sie NET HELPMSG 2182 eingeben.
 
 

==================== Memory info =========================== 
 

Percentage of memory in use: 44%

Total physical RAM: 3990.14 MB

Available physical RAM: 2204.51 MB

Total Pagefile: 10390.14 MB

Available Pagefile: 8399.39 MB

Total Virtual: 8192 MB

Available Virtual: 8191.81 MB
 

==================== Drives ================================
 

Drive c: (TI31016900A) (Fixed) (Total:219.49 GB) (Free:86.38 GB) NTFS

Drive d: (INTENSO) (Removable) (Total:3.76 GB) (Free:3.76 GB) FAT32

Drive f: (USB DISK) (Removable) (Total:0.03 GB) (Free:0 GB) FAT

Drive g: (USB DISK) (Removable) (Total:0.9 GB) (Free:0.9 GB) FAT
 

==================== MBR & Partition Table ==================
 

========================================================

Disk: 0 (Size: 238 GB) (Disk ID: 728F6589)
 

Partition: GPT Partition Type

========================================================

Disk: 1 (Size: 4 GB) (Disk ID: 0DFF7265)

No partition Table on disk 1.
 

========================================================

Disk: 2 (MBR Code: Windows XP) (Size: 35 MB) (Disk ID: C3072E18)

Partition 1: (Active) - (Size=35 MB) - (Type=06)
 

========================================================

Disk: 3 (MBR Code: Windows XP) (Size: 920 MB) (Disk ID: 1CAC3930)

Partition 1: (Active) - (Size=920 MB) - (Type=06)
 

==================== End Of Log ============================

Ich weiß nicht, ob ich jetzt noch Probleme habe. Meinst du ich kann es riskieren jetzt wieder was auf den Stick zu kopieren? Ich hab das gerade lieber einfach mal gelassen.

Nee noch nicht.

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

C:\Users\Seb\AppData\Local\Temp\jSugLyCC.vbs

C:\Users\Seb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\jSugLyCC.vbs

HKCU\...\Run: [jSugLyCC] - C:\Users\Seb\AppData\Local\Temp\jSugLyCC.vbs [137593 2013-10-11] () <===== ATTENTION

HKCU\...\RunOnce: [FlashPlayerUpdate] - C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_9_900_170_Plugin.exe -update plugin [839560 2013-12-10] (Adobe Systems Incorporated)

Startup: C:\Users\Seb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\jSugLyCC.vbs ()

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Code:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 19-01-2014 04

Ran by Seb at 2014-01-20 13:46:54 Run:1

Running from C:\Users\Seb\Downloads\FRST-OlderVersion\FRST-OlderVersion

Boot Mode: Normal

==============================================
 

Content of fixlist:

*****************

C:\Users\Seb\AppData\Local\Temp\jSugLyCC.vbs

C:\Users\Seb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\jSugLyCC.vbs

HKCU\...\Run: [jSugLyCC] - C:\Users\Seb\AppData\Local\Temp\jSugLyCC.vbs [137593 2013-10-11] () <===== ATTENTION

HKCU\...\RunOnce: [FlashPlayerUpdate] - C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_9_900_170_Plugin.exe -update plugin [839560 2013-12-10] (Adobe Systems Incorporated)

Startup: C:\Users\Seb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\jSugLyCC.vbs ()

*****************
 

Could not move "C:\Users\Seb\AppData\Local\Temp\jSugLyCC.vbs" => Scheduled to move on reboot.

C:\Users\Seb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\jSugLyCC.vbs => Moved successfully.

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\jSugLyCC => Value deleted successfully.

HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce\\FlashPlayerUpdate => Value not found.

C:\Users\Seb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\jSugLyCC.vbs not found.
 

=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-01-20 13:48:05)<=
 

C:\Users\Seb\AppData\Local\Temp\jSugLyCC.vbs => Is moved successfully.
 

==== End of Fixlog ====

Ok. Frisches FRST log bitte. Teste jtzt die Sticks.

Hi Schrauber! Vielen Dank schon einmal für deine tolle Hilfe!

Auf den Sticks sind jetzt keine Verknüpfungen mehr. Es bilden sich auch keine neuen Verknüpfungen, wenn ich etwas auf die Sticks kopiere!

Das sieht ja schon mal gut aus. Ist mein System damit wieder sauber oder sind iwo noch Restbestände des Programms drauf? Was war das überhaupt? Ein Trojaner oder ein Virus und was hat er vermutlich gemacht?

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-01-2014

Ran by Seb (administrator) on SEBASTIAN on 21-01-2014 12:33:05

Running from C:\Users\Seb\Downloads\FRST-OlderVersion

Windows 8 (X64) OS Language: German Standard

Internet Explorer Version 10

Boot Mode: Normal
 
 
 

==================== Processes (Whitelisted) =================
 

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

(Microsoft Corporation) C:\Windows\System32\wlanext.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

() C:\Program Files\TOSHIBA\LANDriver\TNSSVC.exe

(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe

(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe

(Microsoft Corporation) C:\Windows\System32\dasHost.exe

(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe

(Intel Corporation) C:\Windows\SysWOW64\irstrtsv.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe

(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe

(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe

() C:\Program Files (x86)\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe

(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe

(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe

(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

(SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe

(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\System Setting\TSleepSrv.exe

() C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe

() C:\Program Files\TOSHIBA\Hotkey\Hotkey\TCrdKBB.exe

(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoResident.exe

(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

(Intel Corporation) C:\Windows\System32\igfxtray.exe

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

(Spotify Ltd) C:\Users\Seb\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe

(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe

(Intel Corporation) C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe

(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe

(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin

(Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe

(Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

(Software 2000 Limited) C:\Windows\System32\spool\drivers\x64\3\HP1006MC.EXE

(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_43.exe

(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_43.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe

(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe

(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe

(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe

(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe

(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe

(Microsoft Corporation) \\?\C:\windows\system32\wbem\WMIADAP.EXE
 
 

==================== Registry (Whitelisted) ==================
 

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13197456 2012-09-28] (Realtek Semiconductor)

HKLM\...\Run: [SRS Premium Sound 3D] - C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe [2170784 2012-07-27] (SRS Labs, Inc.)

HKLM\...\Run: [TSleepSrv] - C:\Program Files (x86)\TOSHIBA\System Setting\TSleepSrv.exe [1548952 2012-08-05] (TOSHIBA Corporation)

HKLM\...\Run: [TODDMain] - C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe [213136 2012-08-05] ()

HKLM\...\Run: [TCrdMain] - C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2609064 2012-08-30] ()

HKLM\...\Run: [TOSDCR] - C:\Program Files\TOSHIBA\PasswordUtility\TOSDCR.exe [169296 2007-08-28] ()

HKLM\...\Run: [TecoResident] - C:\Program Files\TOSHIBA\Teco\TecoResident.exe [169896 2012-08-14] (TOSHIBA Corporation)

HKLM\...\Run: [TosWaitSrv] - C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [356776 2012-07-11] (TOSHIBA Corporation)

HKLM\...\Run: [Acronis Scheduler2 Service] - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [140568 2007-08-31] (Acronis)

HKLM\...\Run: [Zune Launcher] - C:\Program Files\Zune\ZuneLauncher.exe [163552 2011-08-05] (Microsoft Corporation)

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2916152 2012-08-16] (Synaptics Incorporated)

HKLM\...\Run: [Ocs_SM] - C:\Users\Seb\AppData\Roaming\OCS\SM\SearchAnonymizer.exe

HKLM-x32\...\Run: [Intel AppUp(SM) center] - C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-08-01] (Intel Corporation)

HKLM-x32\...\Run: [TrueImageMonitor.exe] - C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [2622232 2007-08-31] (Acronis)

HKLM-x32\...\Run: [AcronisTimounterMonitor] - C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe [907040 2007-08-31] (Acronis)

HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)

HKLM-x32\...\Run: [] - [x]

HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [684600 2013-12-12] (Avira Operations GmbH & Co. KG)

HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-10-23] (Apple Inc.)

HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)

HKLM-x32\...\Run: [LogMeIn Hamachi Ui] - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3806544 2013-11-29] (LogMeIn Inc.)

Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)

HKCU\...\Run: [Spotify Web Helper] - C:\Users\Seb\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171968 2014-01-13] (Spotify Ltd)

HKCU\...\Run: [Spotify] - C:\Users\Seb\AppData\Roaming\Spotify\spotify.exe [6118400 2014-01-13] (Spotify Ltd)

HKCU\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3673728 2012-11-06] (DT Soft Ltd)

HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [18642024 2013-02-28] (Skype Technologies S.A.)

Lsa: [Authentication Packages] msv1_0 relog_ap

Startup: C:\Users\Seb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk

ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
 

==================== Internet (Whitelisted) ====================
 

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe

SearchScopes: HKLM - DefaultScope {09A69234-BD08-4395-99EF-968D786EBEF5} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MATMJS

SearchScopes: HKLM - {09A69234-BD08-4395-99EF-968D786EBEF5} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MATMJS

SearchScopes: HKLM-x32 - {09A69234-BD08-4395-99EF-968D786EBEF5} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MATMJS

SearchScopes: HKCU - {09A69234-BD08-4395-99EF-968D786EBEF5} URL = 

SearchScopes: HKCU - {0D0A5AAB-0496-4E6D-A8B4-23E3C7F2BE76} URL = hxxp://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=482246c3-5a70-4c9b-a7f3-e95a31257b7e&pid=winsoftware&mode=bounce&k=0

SearchScopes: HKCU - {11A60F73-1755-4F6F-ADCE-055B281B28EF} URL = hxxp://de.wikipedia.org.anonymize-me.de/?to=64652E77696B6970656469612E6F7267&st={searchTerms}&clid=482246c3-5a70-4c9b-a7f3-e95a31257b7e&pid=winsoftware&mode=bounce&k=0

SearchScopes: HKCU - {6D21CB17-F094-4684-91C8-E11FF35FBC07} URL = hxxp://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=482246c3-5a70-4c9b-a7f3-e95a31257b7e&pid=winsoftware&mode=bounce&k=0

SearchScopes: HKCU - {A6E5E866-A470-4A80-AF5C-B1804687A57D} URL = hxxp://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=482246c3-5a70-4c9b-a7f3-e95a31257b7e&pid=winsoftware&mode=bounce&k=0

SearchScopes: HKCU - {C5C3BA41-2C8B-4EED-BC30-51719505E02B} URL = hxxp://search.ebay.de.anonymize-me.de/?to=656261792E6465&st={searchTerms}&clid=482246c3-5a70-4c9b-a7f3-e95a31257b7e&pid=winsoftware&mode=bounce&k=0

SearchScopes: HKCU - {D972F157-658E-4511-8466-9F666F06C8A4} URL = hxxp://www.amazon.de.anonymize-me.de/?to=616D617A6F6E2E6465&st={searchTerms}&clid=482246c3-5a70-4c9b-a7f3-e95a31257b7e&pid=winsoftware&mode=bounce&k=0

BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)

BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

DPF: HKLM-x32 {538793D5-659C-4639-A56C-A179AD87ED44} https://vpngate.uni-koeln.de/CACHE/stc/3/binaries/vpnweb.cab

Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
 

FireFox:

========

FF ProfilePath: C:\Users\Seb\AppData\Roaming\Mozilla\Firefox\Profiles\2xnekie7.default

FF SearchEngineOrder.1: Ask.com

FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_12_0_0_43.dll ()

FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_43.dll ()

FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\windows\SysWOW64\Adobe\Director\np32dsw_1207148.dll (Adobe Systems, Inc.)

FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)

FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)

FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin-x32: @Nero.com/KM - C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)

FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()

FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF SearchPlugin: C:\Users\Seb\AppData\Roaming\Mozilla\Firefox\Profiles\2xnekie7.default\searchplugins\youtube-videosuche.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml

FF Extension: Preispilot - C:\Users\Seb\AppData\Roaming\Mozilla\Firefox\Profiles\2xnekie7.default\Extensions\extension@preispilot.com.xpi [2013-12-16]

FF Extension: Adblock Plus - C:\Users\Seb\AppData\Roaming\Mozilla\Firefox\Profiles\2xnekie7.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-09-27]

FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK

FF HKCU\...\Firefox\Extensions: [extension@preispilot.com] - C:\Users\Seb\AppData\Roaming\Mozilla\Firefox\Profiles\2xnekie7.default\extensions\extension@preispilot.com
 

==================== Services (Whitelisted) =================
 

U2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376 2013-12-12] (Avira Operations GmbH & Co. KG)

U2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376 2013-11-14] (Avira Operations GmbH & Co. KG)

U2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1011768 2013-12-12] (Avira Operations GmbH & Co. KG)

U2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)

U2 irstrtsv; C:\windows\SysWOW64\irstrtsv.exe [193576 2012-07-20] (Intel Corporation)

U2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)

U2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [377104 2013-10-11] (LogMeIn, Inc.)

U3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [288776 2013-09-06] (McAfee, Inc.)

U3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-08-28] ()

U2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [201360 2012-08-31] (Realtek Semiconductor)

U3 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [116088 2013-07-18] (Toshiba Europe GmbH)

U2 TNSSVC; C:\Program Files\Toshiba\LANDriver\TNSSVC.exe [40944 2012-09-07] ()

U2 TryAndDecideService; C:\Program Files (x86)\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe [498872 2007-08-31] ()

U3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-07-02] (Microsoft Corporation)

U2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3378416 2013-08-28] (Intel® Corporation)

U2 McOobeSv2; "C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe" /McCoreSvc [x]

U2 McSchedulerSvc; "C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe" /McCoreSvc [x]
 

==================== Drivers (Whitelisted) ====================
 

U2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-12] (Avira Operations GmbH & Co. KG)

U1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [131576 2013-12-12] (Avira Operations GmbH & Co. KG)

U1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2013-11-14] (Avira Operations GmbH & Co. KG)

U3 CVPNDRVA; C:\windows\system32\Drivers\CVPNDRVA.sys [306536 2011-03-04] ()

U1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283200 2013-03-30] (DT Soft Ltd)

U3 e1cexpress; C:\Windows\system32\DRIVERS\e1c63x64.sys [452432 2012-08-10] (Intel Corporation)

U3 hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [46136 2013-11-29] (LogMeIn Inc.)

U3 irstrtdv; C:\Windows\System32\drivers\irstrtdv.sys [43800 2012-07-20] (Intel Corporation)

U3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3345376 2013-10-08] (Intel Corporation)

U3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [28632 2012-07-31] (Windows (R) Win 7 DDK provider)

U3 XHCIPort; C:\Windows\System32\drivers\XHCIPort.sys [188384 2012-08-10] (Windows (R) Win 7 DDK provider)

U5 AppMgmt; C:\Windows\system32\svchost.exe [29696 2012-09-20] (Microsoft Corporation)

U3 catchme; \??\C:\ComboFix\catchme.sys [x]

U3 vpnva; \SystemRoot\system32\DRIVERS\vpnva64-6.sys [x]
 

==================== NetSvcs (Whitelisted) ===================
 
 

==================== One Month Created Files and Folders ========
 

2014-01-19 13:33 - 2014-01-19 13:33 - 00987425 _____ C:\Users\Seb\Downloads\SecurityCheck.exe

2014-01-19 12:35 - 2014-01-19 12:35 - 02347384 _____ (ESET) C:\Users\Seb\Downloads\esetsmartinstaller_enu.exe

2014-01-18 11:59 - 2014-01-21 12:33 - 00000000 ____D C:\Users\Seb\Downloads\FRST-OlderVersion

2014-01-18 11:57 - 2014-01-18 11:57 - 00000867 _____ C:\Users\Seb\Desktop\JRT.txt

2014-01-18 11:53 - 2014-01-18 11:53 - 01037068 _____ (Thisisu) C:\Users\Seb\Downloads\JRT(1).exe

2014-01-18 11:47 - 2014-01-18 11:47 - 01236282 _____ C:\Users\Seb\Downloads\adwcleaner_3.017.exe

2014-01-18 11:17 - 2014-01-18 11:18 - 00000085 _____ C:\windows\wininit.ini

2014-01-18 11:13 - 2014-01-18 11:13 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Seb\Downloads\mbam-setup-1.75.0.1300(1).exe

2014-01-18 03:33 - 2014-01-18 11:18 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2

2014-01-18 03:33 - 2014-01-18 11:17 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy

2014-01-18 03:33 - 2014-01-18 03:33 - 00000000 ____D C:\windows\System32\Tasks\Safer-Networking

2014-01-18 03:32 - 2014-01-18 03:32 - 40658208 _____ (Safer-Networking Ltd.                                       ) C:\Users\Seb\Downloads\spybot-2.2.25.exe

2014-01-18 03:27 - 2014-01-18 03:28 - 01273071 _____ C:\Users\Seb\Downloads\tc6_install.exe

2014-01-17 20:08 - 2014-01-17 20:08 - 00018926 _____ C:\Users\Seb\Desktop\Combo Fix Scan.txt

2014-01-17 20:07 - 2014-01-17 20:07 - 00000000 ___SD C:\ComboFix

2014-01-17 20:06 - 2014-01-17 20:05 - 05167985 ____R (Swearware) C:\Users\Seb\Desktop\ComboFix.exe

2014-01-17 20:05 - 2014-01-17 20:05 - 05167985 _____ (Swearware) C:\Users\Seb\Downloads\ComboFix(1).exe

2014-01-15 22:38 - 2014-01-15 22:43 - 00000000 ____D C:\Users\Seb\Documents\Bewerbung Ebner Stolz

2014-01-15 15:48 - 2013-12-07 07:37 - 00688640 _____ (Microsoft Corporation) C:\windows\system32\WSShared.dll

2014-01-15 15:48 - 2013-12-07 07:37 - 00163840 _____ (Microsoft Corporation) C:\windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll

2014-01-15 15:48 - 2013-12-07 06:15 - 00562688 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSShared.dll

2014-01-15 15:48 - 2013-12-07 06:15 - 00124928 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll

2014-01-15 15:48 - 2013-10-31 06:56 - 00915968 _____ (Microsoft Corporation) C:\windows\system32\MPSSVC.dll

2014-01-15 15:48 - 2013-10-31 06:56 - 00758784 _____ (Microsoft Corporation) C:\windows\system32\FirewallAPI.dll

2014-01-15 15:48 - 2013-10-31 05:01 - 00550400 _____ (Microsoft Corporation) C:\windows\SysWOW64\FirewallAPI.dll

2014-01-15 15:48 - 2013-10-31 04:42 - 00074752 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mpsdrv.sys

2014-01-15 15:48 - 2013-10-28 06:50 - 00588288 _____ (Microsoft Corporation) C:\windows\system32\SHCore.dll

2014-01-15 15:48 - 2013-10-28 05:05 - 00452608 _____ (Microsoft Corporation) C:\windows\SysWOW64\SHCore.dll

2014-01-15 15:48 - 2013-10-13 21:49 - 00100696 _____ (Microsoft Corporation) C:\windows\system32\Drivers\disk.sys

2014-01-15 15:48 - 2013-08-27 06:21 - 00227840 _____ (Microsoft Corporation) C:\windows\system32\WebClnt.dll

2014-01-15 15:48 - 2013-08-27 06:19 - 00104448 _____ (Microsoft Corporation) C:\windows\system32\davclnt.dll

2014-01-15 15:48 - 2013-08-26 23:29 - 00199168 _____ (Microsoft Corporation) C:\windows\SysWOW64\WebClnt.dll

2014-01-15 15:48 - 2013-08-26 23:28 - 00086016 _____ (Microsoft Corporation) C:\windows\SysWOW64\davclnt.dll

2014-01-15 14:53 - 2014-01-15 14:53 - 00005402 _____ C:\windows\SysWOW64\jupdate-1.7.0_51-b13.log

2014-01-12 18:50 - 2014-01-12 20:00 - 00000000 ____D C:\Users\Seb\Documents\Hannah Arendt

2014-01-10 22:57 - 2014-01-10 22:57 - 00000000 ____D C:\Users\Seb\Desktop\Ivan Musik

2014-01-04 22:37 - 2014-01-04 22:37 - 00000000 ____D C:\windows\SysWOW64\Adobe

2013-12-23 18:48 - 2013-12-23 18:49 - 00000000 ___DC C:\Users\Seb\AppData\Local\MigWiz
 

==================== One Month Modified Files and Folders =======
 

2014-01-21 12:33 - 2014-01-18 11:59 - 00000000 ____D C:\Users\Seb\Downloads\FRST-OlderVersion

2014-01-21 12:32 - 2013-12-06 15:32 - 00000000 ____D C:\FRST

2014-01-21 12:29 - 2013-07-03 17:03 - 00001120 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-01-21 12:29 - 2012-08-01 17:38 - 00753134 _____ C:\windows\system32\perfh007.dat

2014-01-21 12:29 - 2012-08-01 17:38 - 00155826 _____ C:\windows\system32\perfc007.dat

2014-01-21 12:29 - 2012-07-26 08:28 - 01745416 _____ C:\windows\system32\PerfStringBackup.INI

2014-01-21 12:28 - 2012-07-26 08:22 - 00000006 ____H C:\windows\Tasks\SA.DAT

2014-01-21 03:16 - 2012-07-26 06:26 - 00262144 ___SH C:\windows\system32\config\BBI

2014-01-21 03:02 - 2012-07-26 09:12 - 00000000 ____D C:\windows\system32\sru

2014-01-21 02:51 - 2013-03-16 16:53 - 00000884 _____ C:\windows\Tasks\Adobe Flash Player Updater.job

2014-01-21 02:24 - 2013-07-03 17:03 - 00001124 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-01-21 00:57 - 2013-03-16 22:56 - 00000000 ____D C:\Users\Seb\AppData\Local\LogMeIn Hamachi

2014-01-20 21:54 - 2013-03-17 05:11 - 01513384 _____ C:\windows\WindowsUpdate.log

2014-01-20 21:36 - 2013-09-05 10:06 - 00000000 ____D C:\Users\Seb\Documents\MASTERARBEIT

2014-01-20 19:21 - 2012-07-26 09:12 - 00000000 ____D C:\windows\AUInstallAgent

2014-01-20 14:49 - 2013-03-16 17:24 - 00000000 ____D C:\Users\Seb\AppData\Roaming\Spotify

2014-01-20 14:08 - 2013-03-16 17:24 - 00000000 ____D C:\Users\Seb\AppData\Local\Spotify

2014-01-20 13:46 - 2013-03-17 05:11 - 00000000 ___RD C:\Users\Seb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

2014-01-19 18:21 - 2013-03-17 23:19 - 00000000 ____D C:\Users\Seb\AppData\Local\Adobe

2014-01-19 18:19 - 2013-03-16 16:53 - 00003772 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater

2014-01-19 18:14 - 2012-11-09 08:11 - 00132410 _____ C:\windows\PFRO.log

2014-01-19 13:33 - 2014-01-19 13:33 - 00987425 _____ C:\Users\Seb\Downloads\SecurityCheck.exe

2014-01-19 12:35 - 2014-01-19 12:35 - 02347384 _____ (ESET) C:\Users\Seb\Downloads\esetsmartinstaller_enu.exe

2014-01-18 14:46 - 2012-07-26 09:12 - 00000000 ____D C:\windows\rescache

2014-01-18 12:29 - 2013-03-16 12:17 - 00003598 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-737478861-1433762466-2432789249-1001

2014-01-18 12:00 - 2013-12-06 15:34 - 00023243 _____ C:\Users\Seb\Downloads\Addition.txt

2014-01-18 12:00 - 2013-12-06 15:33 - 00032243 _____ C:\Users\Seb\Downloads\FRST.txt

2014-01-18 11:59 - 2013-12-06 15:31 - 02076160 _____ (Farbar) C:\Users\Seb\Downloads\FRST64.exe

2014-01-18 11:57 - 2014-01-18 11:57 - 00000867 _____ C:\Users\Seb\Desktop\JRT.txt

2014-01-18 11:53 - 2014-01-18 11:53 - 01037068 _____ (Thisisu) C:\Users\Seb\Downloads\JRT(1).exe

2014-01-18 11:50 - 2013-10-27 22:52 - 00000000 ____D C:\AdwCleaner

2014-01-18 11:47 - 2014-01-18 11:47 - 01236282 _____ C:\Users\Seb\Downloads\adwcleaner_3.017.exe

2014-01-18 11:18 - 2014-01-18 11:17 - 00000085 _____ C:\windows\wininit.ini

2014-01-18 11:18 - 2014-01-18 03:33 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2

2014-01-18 11:17 - 2014-01-18 03:33 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy

2014-01-18 11:13 - 2014-01-18 11:13 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Seb\Downloads\mbam-setup-1.75.0.1300(1).exe

2014-01-18 03:33 - 2014-01-18 03:33 - 00000000 ____D C:\windows\System32\Tasks\Safer-Networking

2014-01-18 03:32 - 2014-01-18 03:32 - 40658208 _____ (Safer-Networking Ltd.                                       ) C:\Users\Seb\Downloads\spybot-2.2.25.exe

2014-01-18 03:28 - 2014-01-18 03:27 - 01273071 _____ C:\Users\Seb\Downloads\tc6_install.exe

2014-01-17 20:10 - 2012-07-26 09:12 - 00000000 ____D C:\windows\WinStore

2014-01-17 20:10 - 2012-07-26 09:12 - 00000000 ____D C:\windows\system32\NDF

2014-01-17 20:08 - 2014-01-17 20:08 - 00018926 _____ C:\Users\Seb\Desktop\Combo Fix Scan.txt

2014-01-17 20:07 - 2014-01-17 20:07 - 00000000 ___SD C:\ComboFix

2014-01-17 20:07 - 2013-12-06 00:13 - 00000000 ____D C:\Qoobox

2014-01-17 20:05 - 2014-01-17 20:06 - 05167985 ____R (Swearware) C:\Users\Seb\Desktop\ComboFix.exe

2014-01-17 20:05 - 2014-01-17 20:05 - 05167985 _____ (Swearware) C:\Users\Seb\Downloads\ComboFix(1).exe

2014-01-17 19:55 - 2012-07-26 06:37 - 00000000 __RHD C:\Users\Default

2014-01-17 19:53 - 2013-12-06 00:12 - 00000000 ____D C:\windows\erdnt

2014-01-17 19:53 - 2012-07-26 06:26 - 00000215 _____ C:\windows\system.ini

2014-01-17 19:46 - 2013-12-06 00:12 - 05167985 ____R (Swearware) C:\Users\Seb\Downloads\ComboFix.exe

2014-01-16 02:45 - 2013-03-16 13:01 - 00000000 ____D C:\Users\Seb\Documents\Seminararbeit

2014-01-15 23:56 - 2013-07-15 20:37 - 00000000 ____D C:\windows\system32\MRT

2014-01-15 23:54 - 2013-03-18 22:28 - 86054176 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe

2014-01-15 22:43 - 2014-01-15 22:38 - 00000000 ____D C:\Users\Seb\Documents\Bewerbung Ebner Stolz

2014-01-15 21:43 - 2013-09-07 13:54 - 00000000 ____D C:\Users\Seb\Documents\KKH Allianz

2014-01-15 14:53 - 2014-01-15 14:53 - 00005402 _____ C:\windows\SysWOW64\jupdate-1.7.0_51-b13.log

2014-01-15 14:53 - 2013-11-23 16:04 - 00000000 ____D C:\ProgramData\Oracle

2014-01-15 14:53 - 2013-11-23 16:04 - 00000000 ____D C:\Program Files (x86)\Java

2014-01-14 15:10 - 2013-03-21 23:39 - 00000000 ____D C:\ProgramData\Microsoft Help

2014-01-12 20:00 - 2014-01-12 18:50 - 00000000 ____D C:\Users\Seb\Documents\Hannah Arendt

2014-01-10 22:57 - 2014-01-10 22:57 - 00000000 ____D C:\Users\Seb\Desktop\Ivan Musik

2014-01-09 09:02 - 2013-12-12 23:48 - 00694240 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe

2014-01-09 09:02 - 2013-12-12 23:48 - 00078296 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl

2014-01-04 22:37 - 2014-01-04 22:37 - 00000000 ____D C:\windows\SysWOW64\Adobe

2013-12-27 14:13 - 2013-03-16 12:27 - 00000000 ____D C:\Users\Seb\Documents\Bachelor Arbeit

2013-12-23 18:49 - 2013-12-23 18:48 - 00000000 ___DC C:\Users\Seb\AppData\Local\MigWiz
 

Some content of TEMP:

====================

C:\Users\Seb\AppData\Local\Temp\avgnt.exe

C:\Users\Seb\AppData\Local\Temp\Quarantine.exe
 
 

==================== Bamital & volsnap Check =================
 

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\rpcss.dll => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 

LastRegBack: 2014-01-17 12:57
 

==================== End Of Log ============================

--- --- ---

Code:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-01-2014

Ran by Seb at 2014-01-21 12:33:30

Running from C:\Users\Seb\Downloads\FRST-OlderVersion

Boot Mode: Normal

==========================================================
 
 

==================== Security Center ========================
 

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AV: Avira Desktop (Enabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}

AS: Avira Desktop (Enabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 

==================== Installed Programs ======================
 

Acronis*True*Image*Home (x32 Version: 11.0.8010 - Acronis)

Adobe Flash Player 12 Plugin (x32 Version: 12.0.0.43 - Adobe Systems Incorporated)

Adobe Reader XI (11.0.06) - Deutsch (x32 Version: 11.0.06 - Adobe Systems Incorporated)

Adobe Shockwave Player 12.0 (x32 Version: 12.0.7.148 - Adobe Systems, Inc.)

Aloha TriPeaks (x32 Version: 2.2.0.98 - WildTangent) Hidden

ANNO 1503 (x32 Version:  - )

Apple Application Support (x32 Version: 2.3.6 - Apple Inc.)

Apple Mobile Device Support (Version: 7.0.0.117 - Apple Inc.)

Apple Software Update (x32 Version: 2.1.3.127 - Apple Inc.)

Avira Free Antivirus (x32 Version: 14.0.2.286 - Avira)

Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden

Bitcoin (HKCU Version: 0.8.5 - Bitcoin project)

Bonjour (Version: 3.0.0.10 - Apple Inc.)

Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden

Cisco Systems VPN Client 5.0.07.0440 (Version: 5.0.7 - Cisco Systems, Inc.)

Command & Conquer Generals (x32 Version: 0.50.0000 - Electronic Arts)

Command & Conquer Generals (x32 Version: 0.50.0000 - Electronic Arts) Hidden

Counter-Strike 1.6 V40 (x32 Version:  - )

Counter-Strike Source 1.9.1 (x32 Version:  - Valve Corporation)

DAEMON Tools Lite (x32 Version: 4.46.1.0327 - DT Soft Ltd)

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32 Version:  - Microsoft)

doPDF 7.3 printer (Version:  - Softland)

Empire Earth (x32 Version:  - )

Empress of the Deep - The Darkest Secret (x32 Version: 2.2.0.98 - WildTangent) Hidden

Free PDF to Word Doc Converter v1.1 (x32 Version: 1.1 - www.hellopdf.com)

Free YouTube to MP3 Converter version 3.12.0.128 (x32 Version: 3.12.0.128 - DVDVideoSoft Ltd.)

FUSSBALL MANAGER 09 (x32 Version:  - Electronic Arts)

Google Earth Plug-in (x32 Version: 7.1.2.2041 - Google)

Google Update Helper (x32 Version: 1.3.22.3 - Google Inc.) Hidden

Grand Theft Auto Vice City (x32 Version: 1.00.000 - )

HP LaserJet P1000 series (x32 Version:  - )

HPSSupply (x32 Version: 2.1.1.0000 - Ihr Firmenname)

Intel AppUp(SM) center (x32 Version: 3.6.1.33268.15 - Intel)

Intel(R) Management Engine Components (x32 Version: 8.1.0.1252 - Intel Corporation)

Intel(R) Network Connections Drivers (Version: 17.3 - Intel)

Intel(R) PRO/Wireless Driver (Version: 16.01.5000.0577 - Intel Corporation) Hidden

Intel(R) Processor Graphics (x32 Version: 9.17.10.3040 - Intel Corporation)

Intel(R) Rapid Start Technology (x32 Version: 2.1.0.1002 - Intel Corporation)

Intel(R) Rapid Storage Technology (x32 Version: 11.5.2.1001 - Intel Corporation)

Intel(R) SDK for OpenCL - CPU Only Runtime Package (x32 Version: 2.0.0.37149 - Intel Corporation)

Intel(R) WiDi (Version: 3.5.34.0 - Intel Corporation)

Intel® PROSet/Wireless Software (x32 Version: 16.1.5 - Intel Corporation)

Intel® PROSet/Wireless WiFi Software (Version: 16.01.5000.0269 - Intel Corporation) Hidden

Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden

Island Tribe (x32 Version: 2.2.0.98 - WildTangent) Hidden

iTunes (Version: 11.1.2.32 - Apple Inc.)

Java 7 Update 51 (x32 Version: 7.0.510 - Oracle)

Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden

Jewel Quest Solitaire 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden

LogMeIn Hamachi (x32 Version: 2.2.0.109 - LogMeIn, Inc.)

LogMeIn Hamachi (x32 Version: 2.2.0.109 - LogMeIn, Inc.) Hidden

Magic Academy (x32 Version: 2.2.0.98 - WildTangent) Hidden

Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300 - Malwarebytes Corporation)

McAfee Security Scan Plus (Version: 3.8.130.10 - McAfee, Inc.)

Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden

Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Home and Student 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation)

Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Single Image 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation)

Mozilla Firefox 26.0 (x86 de) (x32 Version: 26.0 - Mozilla)

Mozilla Maintenance Service (x32 Version: 26.0 - Mozilla)

Mozilla Thunderbird 24.2.0 (x86 de) (x32 Version: 24.2.0 - Mozilla)

MrvlUsgTracking (x32 Version: 1.0.7 - Marvell)

MrvlUsgTracking64 (Version: 1.0.1 - Marvell Semiconductor Pvt Ltd)

Nero 12 Essentials Toshiba (x32 Version: 12.0.00600 - Nero AG)

Nero BackItUp (x32 Version: 12.0.3000 - Nero AG) Hidden

Nero BackItUp Help (CHM) (x32 Version: 12.0.3000 - Nero AG) Hidden

Nero Blu-ray Player (x32 Version: 12.0.17500 - Nero AG) Hidden

Nero Blu-ray Player Help (CHM) (x32 Version: 12.0.4000 - Nero AG) Hidden

Nero BurnRights (x32 Version: 12.0.5000 - Nero AG) Hidden

Nero BurnRights Help (CHM) (x32 Version: 12.0.5000 - Nero AG) Hidden

Nero ControlCenter (x32 Version: 11.0.15300 - Nero AG) Hidden

Nero ControlCenter Help (CHM) (x32 Version: 12.0.5000 - Nero AG) Hidden

Nero Core Components (x32 Version: 11.0.18200 - Nero AG) Hidden

Nero Express (x32 Version: 12.0.20000 - Nero AG) Hidden

Nero Express Help (CHM) (x32 Version: 12.0.5000 - Nero AG) Hidden

Nero Kwik Media (x32 Version: 1.18.18900 - Nero AG) Hidden

Nero Kwik Media Help (CHM) (x32 Version: 12.0.4000 - Nero AG) Hidden

Nero Kwik Themes Basic (x32 Version: 12.0.11500 - Nero AG) Hidden

Nero Launcher (x32 Version: 12.2.6000 - Nero AG) Hidden

Nero RescueAgent (x32 Version: 12.0.9000 - Nero AG) Hidden

Nero RescueAgent Help (CHM) (x32 Version: 12.0.3000 - Nero AG) Hidden

Nero SharedVideoCodecs (x32 Version: 1.0.12100.2.0 - Nero AG) Hidden

Nero Update (x32 Version: 11.0.11800.31.0 - Nero AG) Hidden

OpenOffice.org 3.4.1 (x32 Version: 3.41.9593 - Apache Software Foundation)

Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden

Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden

Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden

Preispilot für Firefox (x32 Version: 2.0 - Preispilot)

Prerequisite installer (x32 Version: 12.0.0002 - Nero AG) Hidden

Realtek High Definition Audio Driver (x32 Version: 6.0.1.6748 - Realtek Semiconductor Corp.)

RICOH Media Driver v2.22.17.01 (x32 Version: 2.22.17.01 - RICOH)

Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version:  - Microsoft) Hidden

Shared C Run-time for x64 (Version: 10.0.0 - McAfee)

Sid Meier's Civilization 4 (x32 Version: 1.61 - Firaxis Games) Hidden

Skype™ 6.3 (x32 Version: 6.3.105 - Skype Technologies S.A.)

Spotify (HKCU Version: 0.9.7.16.g4b197456 - Spotify AB)

SRS Premium Sound Control Panel (Version: 1.12.4600 - SRS Labs, Inc.)

swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden

Synaptics Pointing Device Driver (Version: 16.2.10.5 - Synaptics Incorporated)

TOSHIBA Desktop Assist (Version: 1.00.0007.00002 - Toshiba Corporation)

TOSHIBA eco Utility (Version: 2.0.0.6415 - Toshiba Corporation)

TOSHIBA Function Key (Version: 1.00.6625.6402 - Toshiba Corporation)

TOSHIBA Manuals (x32 Version: 10.10 - TOSHIBA)

TOSHIBA Password Utility (Version: 3.00.0002.64003 - Toshiba Corporation)

TOSHIBA PC Health Monitor (Version: 1.8.17.640104 - Toshiba Corporation)

TOSHIBA Recovery Media Creator (x32 Version: 2.2.1.54043006 - Toshiba Corporation)

TOSHIBA Resolution+ Plug-in for Windows Media Player (x32 Version: 1.2.2.00 - TOSHIBA Corporation)

TOSHIBA Service Station (Version: 2.4.6 - TOSHIBA)

TOSHIBA System Driver (x32 Version: 1.00.0012 - Toshiba Corporation)

TOSHIBA System Settings (x32 Version: 1.00.0002.32002 - Toshiba Corporation)

Toshiba TEMPRO (x32 Version: 4.5.0 - Toshiba Europe GmbH)

Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (x32 Version:  - Microsoft)

Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (x32 Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (x32 Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (x32 Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (x32 Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (x32 Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (x32 Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32 Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (x32 Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition (x32 Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (x32 Version:  - Microsoft)

Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition (x32 Version:  - Microsoft)

Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (x32 Version:  - Microsoft)

Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (x32 Version:  - Microsoft)

Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition (x32 Version:  - Microsoft)

Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden

Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.98 - WildTangent) Hidden

Welcome App (Start-up experience) (x32 Version: 12.0.14000 - Nero AG) Hidden

WildTangent Games (x32 Version: 1.0.3.0 - WildTangent)

WildTangent Games App (Toshiba Games) (x32 Version: 4.0.9.7 - WildTangent) Hidden

Windows Mobile Device Updater Component (Version: 04.08.2345.00 - Microsoft Corporation) Hidden

Windows-Treiberpaket - Silicon Laboratories (silabenm) Ports  (10/18/2013 6.6.1.0) (Version: 10/18/2013 6.6.1.0 - Silicon Laboratories)

Xfire (remove only) (x32 Version:  - )

Zune (Version: 04.08.2345.00 - Microsoft Corporation)

Zune (Version: 04.08.2345.00 - Microsoft Corporation) Hidden

Zune Language Pack (CHS) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden

Zune Language Pack (CHT) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden

Zune Language Pack (CSY) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden

Zune Language Pack (DAN) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden

Zune Language Pack (DEU) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden

Zune Language Pack (ELL) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden

Zune Language Pack (ESP) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden

Zune Language Pack (FIN) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden

Zune Language Pack (FRA) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden

Zune Language Pack (HUN) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden

Zune Language Pack (IND) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden

Zune Language Pack (ITA) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden

Zune Language Pack (JPN) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden

Zune Language Pack (KOR) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden

Zune Language Pack (MSL) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden

Zune Language Pack (NLD) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden

Zune Language Pack (NOR) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden

Zune Language Pack (PLK) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden

Zune Language Pack (PTB) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden

Zune Language Pack (PTG) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden

Zune Language Pack (RUS) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden

Zune Language Pack (SVE) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
 

==================== Restore Points  =========================
 

17-01-2014 18:42:40 Avira EU-Cleaner - 17.01.2014 19:42
 

==================== Hosts content: ==========================
 

2012-07-26 06:26 - 2014-01-17 19:53 - 00000027 ____A C:\windows\system32\Drivers\etc\hosts

127.0.0.1       localhost
 

==================== Scheduled Tasks (whitelisted) =============
 

Task: {14A6BD4C-A6E2-4F35-B652-641AEAE236B9} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [2012-08-23] (TOSHIBA Corporation)

Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask

Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList

Task: {25EFD721-B249-4586-928F-FEF77859D5E3} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-01-19] (Adobe Systems Incorporated)

Task: {481D3FF4-B738-4C1C-8353-C382A59F1880} - System32\Tasks\Microsoft\Windows\Setup\Windows Upgrade Notification Task => C:\windows\system32\NotificationUI.exe [2013-08-16] (Microsoft Corporation)

Task: {56646ECA-B8DF-412F-ABDA-99F992CF7BA2} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\system32\NotificationUI.exe [2013-08-16] (Microsoft Corporation)

Task: {74CA6B9C-6BB8-4DA6-85E0-3E0EA7BB6753} - \Scheduled Update for Ask Toolbar No Task File

Task: {89A3EF59-80D8-4277-AAA7-84286EE6F95E} - System32\Tasks\Toshiba\CommonNotifier => C:\Program Files (x86)\Toshiba TEMPRO\Toshiba.Tempro.UI.CommonNotifier.exe [2013-07-18] (Toshiba Europe GmbH)

Task: {9A17AAAE-86BA-4B7A-806C-086C4AAA3365} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-03] (Google Inc.)

Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing

Task: {C406893B-1034-4290-8512-5AAAE1476259} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-03] (Google Inc.)

Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState

Task: {E6DF1243-744B-4D1A-8467-47FB61413B1C} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)

Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask

Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 

==================== Loaded Modules (whitelisted) =============
 

2012-07-19 03:38 - 2012-07-19 03:38 - 00020904 _____ () C:\Program Files\TOSHIBA\Hotkey\SmoothView.dll

2012-07-19 03:38 - 2012-07-19 03:38 - 00049064 _____ () C:\Program Files\TOSHIBA\Hotkey\Hotkey\FnZ.dll

2010-03-03 23:15 - 2010-03-03 23:15 - 00019256 _____ () C:\Program Files\TOSHIBA\Hotkey\Hotkey\FnF10.dll

2010-03-03 23:15 - 2010-03-03 23:15 - 00019256 _____ () C:\Program Files\TOSHIBA\Hotkey\Hotkey\FnF11.dll

2012-08-14 04:13 - 2012-08-14 04:13 - 00018344 _____ () C:\Program Files\TOSHIBA\Teco\TecoMUI.dll

2012-08-06 06:36 - 2012-08-06 06:36 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll

2013-03-16 23:49 - 2012-12-18 09:31 - 00397704 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll

2013-01-28 13:08 - 2013-01-28 13:08 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

2013-01-28 13:08 - 2013-01-28 13:08 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

2011-03-04 12:49 - 2011-03-04 12:49 - 00202752 _____ () C:\Program Files (x86)\Cisco Systems\VPN Client\vpnapi.dll

2012-11-08 23:57 - 2012-08-01 23:01 - 00891392 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\QtNetwork4.dll

2012-11-08 23:57 - 2012-08-01 23:01 - 02281984 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\QtCore4.dll

2012-11-08 23:57 - 2012-08-01 23:01 - 00016896 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\featureController.dll

2012-11-08 23:57 - 2012-08-01 23:01 - 00062976 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\osEvents.dll

2012-11-08 23:57 - 2012-08-01 23:01 - 00322048 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\log4cplus.dll

2012-11-08 23:57 - 2012-08-01 23:01 - 00339456 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\QtXml4.dll

2012-11-08 23:57 - 2012-08-01 23:01 - 00400384 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\sqlite3.dll

2012-11-08 23:57 - 2012-08-01 23:01 - 00195584 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\libgsoap.dll

2012-11-08 23:57 - 2012-08-01 23:01 - 00062464 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\zlib1.dll

2012-11-08 23:57 - 2012-08-01 23:01 - 00446976 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\deviceProfile.dll

2012-11-08 23:57 - 2012-08-01 23:01 - 00019456 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\eventsSender.dll

2012-11-08 23:57 - 2012-08-01 23:01 - 00062976 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\serviceManagerStarter.dll

2012-08-10 16:51 - 2012-08-10 16:51 - 00985088 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll

2007-08-31 17:13 - 2007-08-31 17:13 - 01336600 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\fox.dll

2013-12-11 14:24 - 2013-12-11 14:24 - 03559024 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

2013-01-15 01:39 - 2012-06-25 19:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
 

==================== Alternate Data Streams (whitelisted) =========
 
 

==================== Safe Mode (whitelisted) ===================
 

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"
 

==================== Faulty Device Manager Devices =============
 

Name: Cisco Systems VPN Adapter for 64-bit Windows

Description: Cisco Systems VPN Adapter for 64-bit Windows

Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}

Manufacturer: Cisco Systems

Service: CVirtA

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 

==================== Event log errors: =========================
 

Could not start eventlog service, could not read events.
 

Der angeforderte Dienst wurde bereits gestartet.
 

Sie erhalten weitere Hilfe, wenn Sie NET HELPMSG 2182 eingeben.
 
 

==================== Memory info =========================== 
 

Percentage of memory in use: 45%

Total physical RAM: 3990.14 MB

Available physical RAM: 2188.96 MB

Total Pagefile: 10390.14 MB

Available Pagefile: 8456.18 MB

Total Virtual: 8192 MB

Available Virtual: 8191.81 MB
 

==================== Drives ================================
 

Drive c: (TI31016900A) (Fixed) (Total:219.49 GB) (Free:84.84 GB) NTFS

Drive d: (INTENSO) (Removable) (Total:3.76 GB) (Free:3.76 GB) FAT32

Drive f: (USB DISK) (Removable) (Total:0.03 GB) (Free:0 GB) FAT

Drive g: (USB DISK) (Removable) (Total:0.9 GB) (Free:0.9 GB) FAT
 

==================== MBR & Partition Table ==================
 

========================================================

Disk: 0 (Size: 238 GB) (Disk ID: 728F6589)
 

Partition: GPT Partition Type

========================================================

Disk: 1 (Size: 4 GB) (Disk ID: 0DFF7265)

No partition Table on disk 1.
 

========================================================

Disk: 2 (MBR Code: Windows XP) (Size: 35 MB) (Disk ID: C3072E18)

Partition 1: (Active) - (Size=35 MB) - (Type=06)
 

========================================================

Disk: 3 (MBR Code: Windows XP) (Size: 920 MB) (Disk ID: 1CAC3930)

Partition 1: (Active) - (Size=920 MB) - (Type=06)
 

==================== End Of Log ============================

Falls noch nicht geschehen:

Panda USB Vaccine - Download - Filepony
Das laufen lassen zum Absichern des Sticks.

Das war Malware die einfach nur ddiese Verknüpfungen anlegt. passwörter ändern ist bei Befall aber immer Pflicht.

Fertig :)

Die Reihenfolge ist hier entscheidend.

Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
- Windowstaste + R > Combofix /Uninstall (eingeben) > OK
- Alternative: Combofix.exe in uninstall.exe umbenennen und starten
- Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
Downloade Dir bitte auf jeden Fall DelFix auf deinen Desktop:
- Schließe alle offenen Programme.
- Starte die delfix.exe mit einem Doppelklick.
- Setze vor jede Funktion ein Häkchen.
- Klicke auf Start.
- Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
- Starte deinen Rechner abschließend neu.
Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.

Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun :)

Hier noch ein paar Tipps zur Absicherung deines Systems.

Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.

Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
Windows Updates
- Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
- Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
Gehe sicher das die automatischen Updates aktiviert sind.
Software Updates
Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.

Anti- Viren Software

Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.

Zusätzlicher Schutz

MalwareBytes Anti Malware
Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
Ein Tutorial zur Verwendung findest Du hier.
WinPatrol
Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.

Sicheres Browsen

SpywareBlaster
Eine kurze Einführung findest du Hier
MVPs hosts file
Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
WOT (Web of trust)
Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.

Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.

Opera
Mozilla Firefox.
- Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
- NoScript
  Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
- AdblockPlus
  Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
  Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )

Don'ts

Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe

Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.

Hey Schrauber!

Tausend Dank! Funktioniert alles wieder! Super Sache!

Ist erledigt :-)