Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Firefox öffnet ständig neue seiten (https://www.trojaner-board.de/151947-firefox-oeffnet-staendig-neue-seiten.html)

sweetboy200 03.04.2014 07:40
Firefox öffnet ständig neue seiten
 
Seit gestern öffnet sich am Pc meines Sohnes im Firefox Browser ohne sein Zutun neue Tabs wie diesen hier vieleicht kann mir jemand helfen seinen Pc Virenfrei zu machen

hxxp://123srv.com/ads-clicktrack/click/newjump1.do?affiliate=63640&subid=2040_4020_de&terms=trojaner-board%20trojaner-board.de&ai=WLcRJbo_TdvGcV8LUCvVJtjx6G5TBw0prR-JjsXZIce0fUFtei8hJfz7b19NJT3QfWaowDfVrrVtnmfdHkyOLXfPLssbNc_L97hMN1ZK2vzB6QpabNnlTc4ncJ3BzUGQSp_JC4kWYDMGSiJ6eLsMrl7co0PpUMjxuOeuLnMhC5bMOJZxxpb3aaV2a PcC6YPsgcU7o5fX83DV5KkUGu4fZszNIvT3nIZNm0YvFhesBOuE1eP3fLsJfxESw3oXhB6XDMpLtMpon1Y4CxSyecH0aX7WjQHNKjL-ZVexOUNVBWDxUCsWpL9wW9t2qsWDyGur8U0zP26t7RKgm2JKg5xfAbHOaqKt6jC5pXsrLe8HI3Blxovufy26X_yiqJ4Wl5E4U_WovJ2K7Iy8RVqL7GJWxQA8SiQPFcAAMsLo9O8P9lkCeuO4ln8BN8 1i1oLEy2SMwHBOhhtgkeCZdxlFDE1arQCaQzBr9v8SmJW_xq7rWQpeY4_if4vXBNfZ67PIDnm_5hjvSwQVFEoCUvnfjSkk-Q&version=1.1

schrauber 03.04.2014 08:05
hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)


sweetboy200 03.04.2014 08:35
FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by 7520 (administrator) on 7520-PC on 03-04-2014 09:31:40
Running from C:\Users\7520\Desktop
Windows 7 Ultimate Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: Downloading Farbar Recovery Scan Tool
Download link for 64-Bit Version: Downloading Farbar Recovery Scan Tool
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(AVM Berlin) C:\Program Files (x86)\FRITZ!Box-Kindersicherung\avmident.exe
() C:\Windows\SysWOW64\PSIService.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(LULU Software) C:\Program Files (x86)\Soda PDF 5\HelperService.exe
(LULU Software) C:\Program Files (x86)\Soda PDF 5\ConversionService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
(Microsoft Corporation) C:\Windows\SysWOW64\DllHost.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Opera Software) C:\Program Files (x86)\Opera\opera.exe
(Microsoft Corporation) c:\program files\windows defender\MpCmdRun.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13307496 2011-10-17] (Realtek Semiconductor)
HKLM\...\Run: [BCSSync] - C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-20] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKU\S-1-5-21-3835128264-2211656678-1279855547-1000\...\MountPoints2: {2db36a93-0ed3-11e3-a74f-001b38d7ebbe} - E:\Startme.exe
HKU\S-1-5-21-3835128264-2211656678-1279855547-1001\...\RunOnce: [WAB Migrate] - C:\Program Files\Windows Mail\wab.exe [516096 2010-11-21] (Microsoft Corporation)
HKU\S-1-5-21-3835128264-2211656678-1279855547-1001\...\RunOnce: [DPAPIKeyMig] - C:\Windows\system32\dpapimig.exe [74752 2009-07-14] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
SearchScopes: HKLM - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=irmsd1202&cd=2XzuyEtN2Y1L1QzutDtDtC0FtA0AzyyDtCtB0A0B0EzzzyzytN0D0Tzu0SyBtBtDtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=910047237&ir=
SearchScopes: HKLM - {71588120-FC17-4463-B07D-2C71FE6E057B} URL = hxxp://go.findrsearch.com/search/web?q={searchTerms}
SearchScopes: HKLM-x32 - URL hxxp://search.certified-toolbar.com?si=43169&st=bs&tid=3580&ver=4.5&ts=1377597617616.000009&tguid=43169-3580-1377597617616-1ADAEA2CC599FBA31479FEEBE268D5FF&q={searchTerms}
SearchScopes: HKLM-x32 - SuggestionsURL_JSON hxxp://api.widdit.com/suggestions/?format=ffplugin&ua=ie&src=addon&si=43169&gid=43169-3580-1377597617616-1ADAEA2CC599FBA31479FEEBE268D5FF&dbCode=1&command={searchTerms}
SearchScopes: HKLM-x32 - TopResultURLFallback hxxp://search.certified-toolbar.com?si=43169&st=bs&tid=3580&ver=4.5&ts=1377597617616.000009&tguid=43169-3580-1377597617616-1ADAEA2CC599FBA31479FEEBE268D5FF&q={searchTerms}
SearchScopes: HKCU - URL hxxp://search.certified-toolbar.com?si=43169&st=bs&tid=3580&ver=4.5&ts=1377597617616.000009&tguid=43169-3580-1377597617616-1ADAEA2CC599FBA31479FEEBE268D5FF&q={searchTerms}
SearchScopes: HKCU - SuggestionsURL_JSON hxxp://api.widdit.com/suggestions/?format=ffplugin&ua=ie&src=addon&si=43169&gid=43169-3580-1377597617616-1ADAEA2CC599FBA31479FEEBE268D5FF&dbCode=1&command={searchTerms}
SearchScopes: HKCU - TopResultURLFallback hxxp://search.certified-toolbar.com?si=43169&st=bs&tid=3580&ver=4.5&ts=1377597617616.000009&tguid=43169-3580-1377597617616-1ADAEA2CC599FBA31479FEEBE268D5FF&q={searchTerms}
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=irmsd1202&cd=2XzuyEtN2Y1L1QzutDtDtC0FtA0AzyyDtCtB0A0B0EzzzyzytN0D0Tzu0SyBtBtDtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=910047237&ir=
BHO: Plus-HD-5.5 - {11111111-1111-1111-1111-110411901160} - C:\Program Files (x86)\Plus-HD-5.5\Plus-HD-5.5-bho64.dll No File
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO-x32: Groove GFS Browser Helper - {390C7E87-153C-12DB-2EA6-0BB301EB26E9} - C:\Windows\SysWOW64\difxapii.dll ()
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Soda PDF 5 IE Helper - {C737F472-1193-4281-BF53-A00B67AB3E19} - C:\Program Files (x86)\Soda PDF 5\PDFIEHelper.dll (LULU Software)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - Soda PDF 5 IE Toolbar - {F335ABA2-FDB4-4644-92B2-5CC4B0FC91D6} - C:\Program Files (x86)\Soda PDF 5\PDFIEPlugin.dll (LULU Software)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\7520\AppData\Roaming\Mozilla\Firefox\Profiles\zxt6yqbi.default
FF Homepage: hxxp://www.google.de/
FF Keyword.URL: user_pref("keyword.URL", "");
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=16.0.0.282 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.0 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.0 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.0 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=16.0.0.282 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.0 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\7520\AppData\Roaming\Mozilla\Firefox\Profiles\zxt6yqbi.default\searchplugins\findr.xml
FF SearchPlugin: C:\Users\7520\AppData\Roaming\Mozilla\Firefox\Profiles\zxt6yqbi.default\searchplugins\searchplugins-backup
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Plus-HD-5.5 - C:\Users\7520\AppData\Roaming\Mozilla\Firefox\Profiles\zxt6yqbi.default\Extensions\e9043bba-bb1e-4491-8ff2-1ba673d54856@1d3800b4-5ed5-4f67-bf08-0d0c43a7b67b.com [2014-03-07]
FF Extension: Geolocater - C:\Users\7520\AppData\Roaming\Mozilla\Firefox\Profiles\zxt6yqbi.default\Extensions\geolocater@3liz.com [2013-04-25]
FF Extension: Tube Dimmer - C:\Users\7520\AppData\Roaming\Mozilla\Firefox\Profiles\zxt6yqbi.default\Extensions\support@tubedimmerapp.com [2013-12-25]
FF Extension: Microsoft .NET Framework Assistant - C:\Users\7520\AppData\Roaming\Mozilla\Firefox\Profiles\zxt6yqbi.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2012-12-04]
FF Extension: DownloadHelper - C:\Users\7520\AppData\Roaming\Mozilla\Firefox\Profiles\zxt6yqbi.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-03-24]
FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Users\7520\AppData\Roaming\Mozilla\Firefox\Profiles\zxt6yqbi.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi [2012-12-04]
FF HKLM-x32\...\Firefox\Extensions: [fmconverter@gmail.com] - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\
FF Extension: Freemake Video Converter Plugin - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\ []
FF HKLM-x32\...\Firefox\Extensions: [{34712C68-7391-4c47-94F3-8F88D49AD632}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ []
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-01-29]
FF HKCU\...\Firefox\Extensions: [{6398fbcf-f22b-430a-a81c-9f1ecb508bb5}] - C:\Program Files (x86)\Re-Markable\150.xpi
FF Extension: Re-Markable - C:\Program Files (x86)\Re-Markable\150.xpi [2013-12-23]

Chrome:
=======
CHR HomePage: hxxp://www.google.com
CHR DefaultSearchKeyword: mysearchdial.com
CHR DefaultSearchProvider: Mysearchdial
CHR DefaultSearchURL: hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=irmsd1202&cd=2XzuyEtN2Y1L1QzutDtDtC0FtA0AzyyDtCtB0A0B0EzzzyzytN0D0Tzu0SyBtBtDtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=910047237&ir=
CHR DefaultNewTabURL:
CHR Extension: (Plus-HD-5.5) - C:\Users\7520\AppData\Local\Google\Chrome\User Data\Default\Extensions\aoilcbjfkbdplcfglkiedhefcomondlk [2014-01-06]
CHR Extension: (YouTube) - C:\Users\7520\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-03]
CHR Extension: (Google-Suche) - C:\Users\7520\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-03]
CHR Extension: (Re-Markable) - C:\Users\7520\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejdfidgapfiokiphmcjpmmjbdndepoja [2014-03-03]
CHR Extension: (Searcch-NeewaTabb) - C:\Users\7520\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgdbfaoeajglnkkklikfhgmegmdipehm [2013-04-16]
CHR Extension: (RealDownloader) - C:\Users\7520\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2014-03-03]
CHR Extension: (Freemake Video Converter) - C:\Users\7520\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj [2014-03-03]
CHR Extension: (Plus-HD-3.7) - C:\Users\7520\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgdgpogmpcjffpmdkoedclegjohlepii [2013-12-01]
CHR Extension: (Google Wallet) - C:\Users\7520\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-03]
CHR Extension: (Barowse2sAvvee) - C:\Users\7520\AppData\Local\Google\Chrome\User Data\Default\Extensions\nncinmkgmfhkkbiecofifhocgpdhmpok [2013-04-16]
CHR Extension: (Google Mail) - C:\Users\7520\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-03]
CHR HKLM-x32\...\Chrome\Extension: [ejdfidgapfiokiphmcjpmmjbdndepoja] - C:\Program Files (x86)\Re-Markable\150.crx [2013-12-23]
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2012-11-29]
CHR HKLM-x32\...\Chrome\Extension: [jbolfgndggfhhpbnkgnpjkfhinclbigj] - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Chrome\Freemake.Plugin.Chrome.crx [2012-12-05]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 avmident; C:\Program Files (x86)\FRITZ!Box-Kindersicherung\avmident.exe [76288 2011-09-27] (AVM Berlin)
S3 NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [279848 2007-06-27] (Nero AG)
R2 ProtexisLicensing; C:\Windows\SysWOW64\PSIService.exe [177704 2007-06-05] ()
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [38608 2012-11-29] ()
R2 Soda PDF 5 Helper Service; C:\Program Files (x86)\Soda PDF 5\HelperService.exe [1069408 2013-01-29] (LULU Software)
R2 Soda PDF 5 Service; C:\Program Files (x86)\Soda PDF 5\ConversionService.exe [794464 2013-01-29] (LULU Software)

==================== Drivers (Whitelisted) ====================

R3 A310; C:\Windows\System32\DRIVERS\AVerA310USB.sys [31360 2007-06-17] (AVerMedia TECHNOLOGIES, Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-12] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-12] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-07] (Avira Operations GmbH & Co. KG)
R3 BDASwCap; C:\Windows\System32\drivers\AVerA310Cap.sys [49536 2007-06-17] (AVerMedia TECHNOLOGIES, Inc.)
S3 IT9135BDA; C:\Windows\System32\Drivers\IT9135BDA.sys [113280 2010-02-03] (ITE                      )
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-03 09:31 - 2014-04-03 09:32 - 00019621 _____ () C:\Users\7520\Desktop\FRST.txt
2014-04-03 09:31 - 2014-04-03 09:31 - 00000000 ____D () C:\FRST
2014-04-03 09:30 - 2014-04-03 09:30 - 02157056 _____ (Farbar) C:\Users\7520\Desktop\FRST64.exe
2014-04-02 13:11 - 2014-04-02 10:05 - 1674000384 _____ () C:\Users\7520\Desktop\captn america 2.avi
2014-03-31 09:46 - 2014-03-31 09:46 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-13 22:31 - 2014-03-01 08:05 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-13 22:31 - 2014-03-01 07:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-13 22:31 - 2014-03-01 07:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-13 22:31 - 2014-03-01 06:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-13 22:31 - 2014-03-01 06:52 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-13 22:31 - 2014-03-01 06:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-13 22:31 - 2014-03-01 06:42 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-13 22:31 - 2014-03-01 06:40 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-13 22:31 - 2014-03-01 06:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-13 22:31 - 2014-03-01 06:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-13 22:31 - 2014-03-01 06:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-13 22:31 - 2014-03-01 06:32 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-13 22:31 - 2014-03-01 06:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-13 22:31 - 2014-03-01 06:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-13 22:31 - 2014-03-01 06:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-13 22:31 - 2014-03-01 06:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-13 22:31 - 2014-03-01 06:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-13 22:31 - 2014-03-01 05:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-13 22:31 - 2014-03-01 05:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-13 22:31 - 2014-03-01 05:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-03-13 22:31 - 2014-03-01 05:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-13 22:31 - 2014-03-01 05:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-13 22:31 - 2014-03-01 05:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-13 22:31 - 2014-03-01 05:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-13 22:31 - 2014-03-01 05:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-13 22:31 - 2014-03-01 05:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-03-13 22:31 - 2014-03-01 05:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-03-13 22:31 - 2014-03-01 05:35 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-13 22:31 - 2014-03-01 05:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-13 22:31 - 2014-03-01 05:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-13 22:31 - 2014-03-01 05:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-13 22:31 - 2014-03-01 05:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-13 22:31 - 2014-03-01 05:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-13 22:31 - 2014-03-01 05:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-03-13 22:31 - 2014-03-01 04:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-13 22:31 - 2014-03-01 04:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-13 22:31 - 2014-03-01 04:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-13 22:31 - 2014-03-01 04:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-13 22:31 - 2014-03-01 04:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-13 22:31 - 2014-03-01 04:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-03-13 22:31 - 2014-02-07 03:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-13 22:31 - 2014-02-04 04:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-03-13 22:31 - 2014-02-04 04:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-13 22:31 - 2014-02-04 04:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-03-13 22:31 - 2014-02-04 04:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-03-13 22:31 - 2014-01-29 04:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-13 22:31 - 2014-01-29 04:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2014-03-13 22:31 - 2014-01-28 04:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-03-12 08:58 - 2014-04-03 07:37 - 00003336 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3835128264-2211656678-1279855547-1000
2014-03-11 10:46 - 2014-03-11 10:46 - 00002699 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-03-11 10:46 - 2014-03-11 10:46 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-03-11 10:46 - 2014-03-11 10:46 - 00000000 ____D () C:\Users\7520\AppData\Local\Skype

==================== One Month Modified Files and Folders =======

2014-04-03 09:32 - 2014-04-03 09:31 - 00019621 _____ () C:\Users\7520\Desktop\FRST.txt
2014-04-03 09:31 - 2014-04-03 09:31 - 00000000 ____D () C:\FRST
2014-04-03 09:30 - 2014-04-03 09:30 - 02157056 _____ (Farbar) C:\Users\7520\Desktop\FRST64.exe
2014-04-03 09:29 - 2012-12-06 10:44 - 00000000 ____D () C:\Users\7520\AppData\Roaming\Skype
2014-04-03 09:26 - 2013-12-20 20:51 - 00000408 _____ () C:\Users\7520\AppData\Roaming\CamShapes.ini
2014-04-03 09:26 - 2013-12-20 20:51 - 00000408 _____ () C:\Users\7520\AppData\Roaming\CamLayout.ini
2014-04-03 09:26 - 2013-12-20 20:51 - 00000102 _____ () C:\Users\7520\AppData\Roaming\Camdata.ini
2014-04-03 09:26 - 2013-12-20 20:09 - 00004534 _____ () C:\Users\7520\AppData\Roaming\CamStudio.cfg
2014-04-03 09:26 - 2013-10-14 13:15 - 07667200 ___SH () C:\Users\7520\Desktop\Thumbs.db
2014-04-03 09:25 - 2013-12-20 20:03 - 00000000 ____D () C:\Users\7520\Documents\My CamStudio Temp Files
2014-04-03 09:17 - 2012-12-05 13:14 - 00000000 ____D () C:\Users\7520\Documents\Outlook-Dateien
2014-04-03 09:12 - 2013-12-20 20:02 - 00000096 _____ () C:\Users\7520\AppData\Roaming\version2.xml
2014-04-03 08:51 - 2014-03-03 22:34 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-03 08:50 - 2012-12-03 23:16 - 01781285 _____ () C:\Windows\WindowsUpdate.log
2014-04-03 08:41 - 2013-12-01 09:11 - 00000392 _____ () C:\Windows\Tasks\Re-Markable Update.job
2014-04-03 07:52 - 2012-12-07 12:17 - 00010240 ____H () C:\Users\7520\Desktop\photothumb.db
2014-04-03 07:51 - 2014-03-03 22:34 - 00001102 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-03 07:46 - 2012-12-03 22:52 - 00010288 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-03 07:46 - 2012-12-03 22:52 - 00010288 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-03 07:37 - 2014-03-12 08:58 - 00003336 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3835128264-2211656678-1279855547-1000
2014-04-03 07:37 - 2014-02-26 08:57 - 00003200 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3835128264-2211656678-1279855547-1000
2014-04-03 07:36 - 2013-09-20 06:11 - 00741111 _____ () C:\Windows\setupact.log
2014-04-03 07:36 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-02 12:50 - 2012-12-05 22:24 - 00000000 ____D () C:\Program Files (x86)\JDownloader
2014-04-02 11:45 - 2012-12-04 14:16 - 00003922 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{5ABAD5A1-376E-4392-B90D-6E5A526C51B5}
2014-04-02 10:05 - 2014-04-02 13:11 - 1674000384 _____ () C:\Users\7520\Desktop\captn america 2.avi
2014-04-02 07:46 - 2014-03-03 22:34 - 00004102 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-04-02 07:46 - 2014-03-03 22:34 - 00003850 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-04-02 07:17 - 2012-12-03 23:33 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-04-01 09:09 - 2013-01-18 18:22 - 00000000 ____D () C:\Users\7520\AppData\Roaming\vlc
2014-04-01 09:08 - 2013-02-27 18:02 - 00000000 ____D () C:\output
2014-04-01 07:32 - 2013-12-23 09:51 - 00000000 ____D () C:\Program Files (x86)\Re-Markable
2014-03-31 09:46 - 2014-03-31 09:46 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-28 15:05 - 2013-10-17 19:18 - 00000069 _____ () C:\Windows\NeroDigital.ini
2014-03-27 19:40 - 2012-12-04 14:48 - 00000000 ____D () C:\Users\7520\AppData\Roaming\uTorrent
2014-03-26 09:03 - 2009-07-14 07:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-03-25 15:33 - 2014-01-23 08:52 - 00000000 ____D () C:\Users\7520\Desktop\nägel
2014-03-20 17:42 - 2012-12-04 14:47 - 00000150 _____ () C:\Users\7520\Desktop\verkleinerer.set
2014-03-19 12:07 - 2012-12-04 15:05 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-03-19 12:06 - 2013-08-14 11:02 - 00000000 ____D () C:\Windows\system32\MRT
2014-03-19 12:01 - 2012-10-11 01:16 - 90015360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-03-19 08:27 - 2012-11-14 14:38 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-19 08:27 - 2012-11-14 14:38 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-14 14:17 - 2014-02-21 12:34 - 00000000 ____D () C:\Users\7520\Desktop\musik
2014-03-14 07:46 - 2009-07-14 06:45 - 00460120 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-14 07:44 - 2013-03-29 21:57 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-14 07:44 - 2013-03-29 21:57 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-03-14 07:44 - 2010-11-21 05:47 - 00365482 _____ () C:\Windows\PFRO.log
2014-03-11 10:46 - 2014-03-11 10:46 - 00002699 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-03-11 10:46 - 2014-03-11 10:46 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-03-11 10:46 - 2014-03-11 10:46 - 00000000 ____D () C:\Users\7520\AppData\Local\Skype
2014-03-11 10:46 - 2012-12-06 10:43 - 00000000 ____D () C:\ProgramData\Skype

Files to move or delete:
====================
C:\Users\7520\AppData\Roaming\CamLayout.ini
C:\Users\7520\AppData\Roaming\CamShapes.ini


Some content of TEMP:
====================
C:\Users\7520\AppData\Local\Temp\56331uninstall.exe
C:\Users\7520\AppData\Local\Temp\adgwsukbgauoppf.exe
C:\Users\7520\AppData\Local\Temp\adks_NationZoom.exe
C:\Users\7520\AppData\Local\Temp\avgnt.exe
C:\Users\7520\AppData\Local\Temp\BackupSetup.exe
C:\Users\7520\AppData\Local\Temp\Cloud_Backup_Setup.exe
C:\Users\7520\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\7520\AppData\Local\Temp\Quarantine.exe
C:\Users\7520\AppData\Local\Temp\rmskfi98.exe
C:\Users\7520\AppData\Local\Temp\Sqlite3.dll


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-03-30 08:37

==================== End Of Log ============================
--- --- ---

--- --- ---


FRST Additions Logfile:
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014
Ran by 7520 at 2014-04-03 09:33:14
Running from C:\Users\7520\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

µTorrent (HKLM-x32\...\uTorrent) (Version: 1.6.1 - )
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.9.0.1030 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.9.0.1030 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.5.502.110 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
Atheros for Acer Driver v7.3.1.42_Foxconn Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 7.3.1.42 - Atheros)
AVerMedia A310 (MiniCard, DVB-T) 1.1.64.16 (HKLM-x32\...\AVerMedia A310 (MiniCard, DVB-T)) (Version: 1.1.64.16 - AVerMedia TECHNOLOGIES, Inc.)
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.3.350 - Avira)
AVM FRITZ!Box-Kindersicherung (HKLM-x32\...\{7497BB4F-CE23-47D4-B2CB-62548080F74F}) (Version: 4.2.3 - AVM Berlin)
Browser Updater 1.1 (HKLM-x32\...\Browser Updater_is1) (Version:  - Browser Updater)
CamStudio 2.7.2 (HKLM\...\{04B83666-3A62-452B-85D3-70F8117F2329}_is1) (Version: 2.7.2 - CamStudio Open Source)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{DC4BC0CC-A928-4C48-BA40-AC24784F46E5}) (Version:  - Microsoft)
DHTML Editing Component (HKLM-x32\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
DMUninstaller (HKLM-x32\...\DMUninstaller) (Version:  - ) <==== ATTENTION
DVD Suite (HKLM-x32\...\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 5.0.1319 - CyberLink Corporation)
FileParade Bundle (HKLM-x32\...\FileParade Bundle) (Version: 1.0.0.0 - FileParade Bundle) <==== ATTENTION
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 33.0.1750.117 - Google Inc.)
Google Update Helper (x32 Version: 1.3.23.9 - Google Inc.) Hidden
Google+ Auto Backup (HKLM-x32\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
HiDef Media Player 1.1.12 (HKLM-x32\...\HiDef Media Player) (Version: 1.1.12 - HiDefMedia)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
JDownloader 0.9 (HKLM-x32\...\5513-1208-7298-9440) (Version: 0.9 - AppWork GmbH)
Malwarebytes Anti-Malware Version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (German) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 32-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 32-bit MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 28.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 28.0 (x86 de)) (Version: 28.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero 7 Essentials (HKLM-x32\...\{45B3A3BD-F90D-48FE-A147-D74878A51031}) (Version: 7.03.0920 - Nero AG)
neroxml (x32 Version: 1.0.0 - Nero AG) Hidden
NVIDIA Grafiktreiber 285.62 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 285.62 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.46.235 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.11.0621 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.11.0621 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.11.0621 - NVIDIA Corporation)
NVIDIA Systemsteuerung 285.62 (Version: 285.62 - NVIDIA Corporation) Hidden
NVIDIA Update 1.5.20 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.5.20 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.5.20 - NVIDIA Corporation) Hidden
Opera 12.16 (HKLM-x32\...\Opera 12.16.1860) (Version: 12.16.1860 - Opera Software ASA)
PDF24 Creator 5.6.0 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
PhotoScape (HKLM-x32\...\PhotoScape) (Version:  - )
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Picasa Uploader (HKLM-x32\...\com.webkinesis.PicasaUploaderDesktop) (Version: 0.7 - UNKNOWN)
Picasa Uploader (x32 Version: 0.7 - UNKNOWN) Hidden
RealDownloader (x32 Version: 1.3.0 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM-x32\...\RealPlayer 16.0) (Version: 16.0.0 - RealNetworks)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6482 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Re-Markable (HKLM-x32\...\a2d26271-6cb1-44af-90ed-ccae2d6d9c0e) (Version:  - Re-Markable Software) <==== ATTENTION
RICOH Media Driver (HKLM-x32\...\{F5CC2EF8-20A4-4366-A681-3FE849E65809}) (Version: 2.14.00.05 - RICOH)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version:  - Microsoft) Hidden
Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
Soda PDF 5 (HKLM-x32\...\{B756A738-AC20-4C26-9EFD-80810B624642}) (Version: 5.0.133.9133 - LULU SOFTWARE LIMITED)
t@x 2013 (HKLM-x32\...\{6737F045-A91A-4177-9C8C-59460FC1C84D}) (Version: 20.00.8137 - Buhl Data Service GmbH)
Total Commander 64-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 8.01 - Ghisler Software GmbH)
Update for Microsoft Access 2010 (KB2553446) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{FEF4C57D-0975-4D3C-ACC7-DCD038C3788F}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2837594) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{99A0DB9A-71FC-4F98-BC1F-78A18195C677}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{DB0B0CDF-77EC-47B0-94E2-4738573A1E58}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817396) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{1AA82E2E-7DB7-4C70-910C-BBB657A6B3A5}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{79C725A1-3964-421C-A528-78C1C083C7C7}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{95BE5D45-A3DD-4CB1-8C35-D75DD7B4D862}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{95BE5D45-A3DD-4CB1-8C35-D75DD7B4D862}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{EBD18DE5-BC84-4B57-9A30-097044871F9A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{4AD36582-256B-433D-8593-F31773A15CA4}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{4AD36582-256B-433D-8593-F31773A15CA4}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{F216169C-2B40-429B-8370-B5BA06EC5423}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{F216169C-2B40-429B-8370-B5BA06EC5423}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{B6AD7E27-012A-4B63-82BA-AF62893E5435}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{07DC9C6C-E916-4F42-8677-716930ED0393}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{43F59F4D-7179-497E-BE99-BC6F7D1DDCBA}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 64-Bit Edition (HKLM\...\{90140000-0044-0407-1000-0000000FF1CE}_Office14.PROPLUS_{43F59F4D-7179-497E-BE99-BC6F7D1DDCBA}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 64-Bit Edition (HKLM\...\{90140000-001F-0407-1000-0000000FF1CE}_Office14.PROPLUS_{64D96F30-CF4C-4CCE-AAF2-F8909348BF35}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 64-Bit Edition (HKLM\...\{90140000-001F-040C-1000-0000000FF1CE}_Office14.PROPLUS_{9F6507AC-7D8F-46C1-B90F-59C7828E0E0D}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2863818) 64-Bit Edition (HKLM\...\{90140000-001F-0409-1000-0000000FF1CE}_Office14.PROPLUS_{A9C4BE58-07E0-473D-AE68-ECBA13FBF77E}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878225) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{8A6BDA63-4D23-4485-A466-8979E10BCF49}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878225) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{8A6BDA63-4D23-4485-A466-8979E10BCF49}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{3029C408-1DD1-4273-8E58-87CB1B638FC8}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{3029C408-1DD1-4273-8E58-87CB1B638FC8}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{DDDC32A5-9528-4771-B91A-97A8E1D7957B}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 64-Bit Edition (HKLM\...\{90140000-001A-0407-1000-0000000FF1CE}_Office14.PROPLUS_{6164E0E5-C903-488C-93AF-1B7AF7EBC331}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2553145) 64-Bit Edition (HKLM\...\{90140000-0018-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BEA3259E-14B5-4D89-87FF-ED9F1D0D81C8}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2775360) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{BE1D254A-E5CD-4E76-9BE8-7B2E5FDBA6AF}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{77374F16-2DC6-4EEF-AFAD-C59FDA2E010D}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{77374F16-2DC6-4EEF-AFAD-C59FDA2E010D}) (Version:  - Microsoft)
Update for Microsoft Visio 2010 (KB2878227) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{04DED3FB-DDB2-4C1E-A057-2A1FB97BE42D}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2810066) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{DF33B92A-5381-4F03-AB54-2D67086B357E}) (Version:  - Microsoft)
Update for Microsoft Word 2010 (KB2837593) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{A82E26EF-680E-427D-B7D0-FD7997DDC217}) (Version:  - Microsoft)
VLC media player 2.0.0 (HKLM-x32\...\VLC media player) (Version: 2.0.0 - VideoLAN)
Windows Live Communications Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Essentials (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Family Safety (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Mobile-Gerätecenter (HKLM\...\{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}) (Version: 6.1.6965.0 - Microsoft Corporation)
Windows Mobile-Gerätecenter: Treiberupdate (HKLM\...\{92DBCA36-9B41-4DD1-941A-AED149DD37F0}) (Version: 6.1.6965.0 - Microsoft Corporation)
Windows Utils (HKLM-x32\...\Windows Utils) (Version:  - )
WinRAR 4.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
WISO EÜR & Kasse 2012 (HKLM-x32\...\{BD2DA092-F254-43D0-9683-DD09840315C4}) (Version: 19.01.7317 - Buhl Data Service GmbH)
XMedia Recode Version 3.1.7.9 (HKLM-x32\...\{DDA3C325-47B2-4730-9672-BF3771C08799}_is1) (Version: 3.1.7.9 - XMedia Recode)
Xvid MPEG-4 Video Codec (HKLM-x32\...\xvid) (Version:  - Xvid Development Team)

==================== Restore Points  =========================

07-03-2014 06:48:26 Windows Update
11-03-2014 06:14:52 Windows Update
13-03-2014 21:16:37 Windows Update
19-03-2014 06:33:17 Windows Update
19-03-2014 10:00:31 Windows Update
26-03-2014 07:11:29 Windows Update
01-04-2014 05:32:08 Windows Defender Checkpoint
01-04-2014 17:49:48 Windows Update

==================== Hosts content: ==========================

2006-11-02 14:34 - 2006-09-18 23:37 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1      localhost
::1            localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {08AE0B43-502B-419E-9E8E-5320DD7A57D4} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-03-03] (Google Inc.)
Task: {0AEAFAF6-F116-4A60-AFB4-C8B755A6E975} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {1B383299-10BA-4ED2-890B-D1C51765BDE8} - System32\Tasks\Games\UpdateCheck_S-1-5-21-3835128264-2211656678-1279855547-1000
Task: {234A5F3E-C3D3-45BB-9263-DB6174C1F2F8} - \DigitalSite No Task File
Task: {26BBC53C-5313-448D-B5DC-0AAFC09E1D23} - \Plus-HD-3.7-firefoxinstaller No Task File
Task: {64E3AF20-CB1A-4970-94A6-2F87242371FF} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3835128264-2211656678-1279855547-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-11-30] (RealNetworks, Inc.)
Task: {7055F57D-5B20-4415-B9FE-E86D27018FE3} - \Express FilesUpdate No Task File
Task: {712C6861-2B14-4E72-92BA-22B6921FE2B7} - System32\Tasks\Microsoft\Windows\Wired\GatherWiredInfo => C:\Windows\system32\gatherWiredInfo.vbs
Task: {7AEC8EFC-9DB6-45F8-A10B-A73BF80155E6} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2009-07-14] (Microsoft Corporation)
Task: {833DDB7D-3690-4806-BC13-4AA81E346EFE} - \Plus-HD-3.7-updater No Task File
Task: {844A08AA-CD67-40E2-B37E-B0FB3599996B} - \Omiga Plus RunAsStdUser No Task File
Task: {9FDEFA2D-9227-4446-864E-CBD298BAFE4F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-03-03] (Google Inc.)
Task: {AB541A6A-10B4-43A7-85C7-96CD8E48BBEA} - \Plus-HD-3.7-enabler No Task File
Task: {B046ADD3-0FC4-4CEA-92B2-173964024206} - \DealPly No Task File
Task: {B8580931-B003-493D-A0EA-B4DB5236BD69} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3835128264-2211656678-1279855547-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-11-30] (RealNetworks, Inc.)
Task: {BC715979-59F4-44EF-A673-4E50C26D5259} - \QtraxPlayer No Task File
Task: {D1D50734-1166-4DDE-AD3F-430A96FC51C1} - \Plus-HD-3.7-chromeinstaller No Task File
Task: {D5B05E82-D3C3-4943-92B1-62586E53A88B} - System32\Tasks\Re-Markable Update => C:\Program Files (x86)\Re-Markable\ReMarkableup.exe [2013-12-23] ()
Task: {DDFDCC71-CE2E-48AB-92B4-575F5C4F6103} - \Desk 365 RunAsStdUser No Task File
Task: {E91D6474-70CC-42BE-80FF-8BED8AF557ED} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs
Task: {F60D09D4-EDE6-4DEE-BF74-158BAEEBCFFF} - \Plus-HD-3.7-codedownloader No Task File
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Re-Markable Update.job => C:\Program Files (x86)\Re-Markable\ReMarkableup.exe

==================== Loaded Modules (whitelisted) =============

2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2007-06-05 14:20 - 2007-06-05 14:20 - 00177704 _____ () C:\Windows\SysWOW64\PSIService.exe
2012-11-29 21:31 - 2012-11-29 21:31 - 00038608 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
2012-12-03 23:57 - 2012-09-19 19:17 - 00397088 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\TEMP:373E1720
AlternateDataStreams: C:\ProgramData\TEMP:AEC0AC81

==================== Safe Mode (whitelisted) ===================


==================== Disabled items from MSCONFIG ==============

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^t@x aktuell.lnk => C:\Windows\pss\t@x aktuell.lnk.CommonStartup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: PDFPrint => C:\Program Files (x86)\PDF24\pdf24.exe
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: TkBellExe => "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
MSCONFIG\startupreg: Windows Mobile Device Center => %windir%\WindowsMobile\wmdc.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/03/2014 07:38:25 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/02/2014 07:41:34 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".
Die abhängige Assemblierung "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (04/02/2014 07:19:49 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/01/2014 07:32:05 AM) (Source: VSS) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.


Vorgang:
  Generatordaten werden gesammelt

Kontext:
  Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
  Generatorname: System Writer
  Generatorinstanz-ID: {f6b67ca8-512c-49dd-8240-28173c419aad}

Error: (04/01/2014 00:36:01 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".
Die abhängige Assemblierung "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (03/31/2014 00:35:33 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".
Die abhängige Assemblierung "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (03/30/2014 08:42:32 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".
Die abhängige Assemblierung "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (03/30/2014 07:14:13 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/29/2014 09:59:34 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".
Die abhängige Assemblierung "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (03/29/2014 08:54:47 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (04/03/2014 07:43:10 AM) (Source: DCOM) (User: )
Description: 1053TrustedInstaller{752073A1-23F2-4396-85F0-8FDB879ED0ED}

Error: (04/03/2014 07:43:09 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Modules Installer" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053

Error: (04/03/2014 07:43:09 AM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Windows Modules Installer erreicht.

Error: (04/03/2014 07:37:46 AM) (Source: Microsoft-Windows-WHEA-Logger) (User: NT-AUTORITÄT)
Description: Schwerwiegender Hardwarefehler.

Gemeldet von Komponente: Prozessorkern
Fehlerquelle: 3
Fehlertyp: 256
Prozessor-ID: 1

Die Detailansicht dieses Eintrags beinhaltet weitere Informationen.

Error: (04/02/2014 07:19:25 AM) (Source: Microsoft-Windows-WHEA-Logger) (User: NT-AUTORITÄT)
Description: Schwerwiegender Hardwarefehler.

Gemeldet von Komponente: Prozessorkern
Fehlerquelle: 3
Fehlertyp: 256
Prozessor-ID: 1

Die Detailansicht dieses Eintrags beinhaltet weitere Informationen.

Error: (03/30/2014 07:13:37 AM) (Source: Microsoft-Windows-WHEA-Logger) (User: NT-AUTORITÄT)
Description: Schwerwiegender Hardwarefehler.

Gemeldet von Komponente: Prozessorkern
Fehlerquelle: 3
Fehlertyp: 256
Prozessor-ID: 1

Die Detailansicht dieses Eintrags beinhaltet weitere Informationen.

Error: (03/29/2014 08:54:20 AM) (Source: Microsoft-Windows-WHEA-Logger) (User: NT-AUTORITÄT)
Description: Schwerwiegender Hardwarefehler.

Gemeldet von Komponente: Prozessorkern
Fehlerquelle: 3
Fehlertyp: 256
Prozessor-ID: 1

Die Detailansicht dieses Eintrags beinhaltet weitere Informationen.

Error: (03/28/2014 10:15:04 AM) (Source: Microsoft-Windows-WHEA-Logger) (User: NT-AUTORITÄT)
Description: Schwerwiegender Hardwarefehler.

Gemeldet von Komponente: Prozessorkern
Fehlerquelle: 3
Fehlertyp: 256
Prozessor-ID: 1

Die Detailansicht dieses Eintrags beinhaltet weitere Informationen.

Error: (03/28/2014 00:03:40 AM) (Source: Microsoft-Windows-WHEA-Logger) (User: NT-AUTORITÄT)
Description: Schwerwiegender Hardwarefehler.

Gemeldet von Komponente: Prozessorkern
Fehlerquelle: 3
Fehlertyp: 10
Prozessor-ID: 1

Die Detailansicht dieses Eintrags beinhaltet weitere Informationen.

Error: (03/28/2014 00:03:40 AM) (Source: Microsoft-Windows-WHEA-Logger) (User: NT-AUTORITÄT)
Description: Schwerwiegender Hardwarefehler.

Gemeldet von Komponente: Prozessorkern
Fehlerquelle: 3
Fehlertyp: 256
Prozessor-ID: 1

Die Detailansicht dieses Eintrags beinhaltet weitere Informationen.


Microsoft Office Sessions:
=========================
Error: (04/03/2014 07:38:25 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/02/2014 07:41:34 AM) (Source: SideBySide)(User: )
Description: rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"C:\Windows\Installer\{AF7EBCA4-9FAF-4DC8-8D09-67854BB84D34}\recordingmanager.exe

Error: (04/02/2014 07:19:49 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/01/2014 07:32:05 AM) (Source: VSS)(User: )
Description: 0x80070005, Zugriff verweigert


Vorgang:
  Generatordaten werden gesammelt

Kontext:
  Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
  Generatorname: System Writer
  Generatorinstanz-ID: {f6b67ca8-512c-49dd-8240-28173c419aad}

Error: (04/01/2014 00:36:01 AM) (Source: SideBySide)(User: )
Description: rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"C:\Windows\Installer\{AF7EBCA4-9FAF-4DC8-8D09-67854BB84D34}\recordingmanager.exe

Error: (03/31/2014 00:35:33 AM) (Source: SideBySide)(User: )
Description: rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"C:\Windows\Installer\{AF7EBCA4-9FAF-4DC8-8D09-67854BB84D34}\recordingmanager.exe

Error: (03/30/2014 08:42:32 AM) (Source: SideBySide)(User: )
Description: rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"C:\Windows\Installer\{AF7EBCA4-9FAF-4DC8-8D09-67854BB84D34}\recordingmanager.exe

Error: (03/30/2014 07:14:13 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/29/2014 09:59:34 AM) (Source: SideBySide)(User: )
Description: rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"C:\Windows\Installer\{AF7EBCA4-9FAF-4DC8-8D09-67854BB84D34}\recordingmanager.exe

Error: (03/29/2014 08:54:47 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


==================== Memory info ===========================

Percentage of memory in use: 56%
Total physical RAM: 2046.93 MB
Available physical RAM: 887.13 MB
Total Pagefile: 4093.85 MB
Available Pagefile: 2555.38 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:149.05 GB) (Free:63.01 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149 GB) (Disk ID: 699B90D8)
Partition 1: (Active) - (Size=149 GB) - (Type=07 NTFS)

==================== End Of Log ============================
--- --- ---

schrauber 03.04.2014 12:21
Revo Uninstaller - Download - Filepony
Damit alles deinstallieren was Du in der Additional.txt findest mit dem Zusatz <== ATTENTION

Mit Revo auch Moderat die Reste entfernen lassen.



Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.

sweetboy200 03.04.2014 15:26
Malwarebytes Anti-Malware
Malwarebytes | Free Anti-Malware & Internet Security Software


Protection, 03.04.2014 13:39:35, SYSTEM, 7520-PC, Protection, Malware Protection, Starting,
Protection, 03.04.2014 13:39:35, SYSTEM, 7520-PC, Protection, Malware Protection, Started,
Protection, 03.04.2014 13:39:35, SYSTEM, 7520-PC, Protection, Malicious Website Protection, Starting,
Protection, 03.04.2014 13:39:37, SYSTEM, 7520-PC, Protection, Malicious Website Protection, Started,
Update, 03.04.2014 13:40:34, SYSTEM, 7520-PC, Manual, Rootkit Database, 2014.2.20.1, 2014.3.27.1,
Update, 03.04.2014 13:40:40, SYSTEM, 7520-PC, Manual, Malware Database, 2014.3.4.9, 2014.4.3.2,
Protection, 03.04.2014 13:40:41, SYSTEM, 7520-PC, Protection, Refresh, Starting,
Protection, 03.04.2014 13:40:41, SYSTEM, 7520-PC, Protection, Malicious Website Protection, Stopping,
Protection, 03.04.2014 13:40:42, SYSTEM, 7520-PC, Protection, Malicious Website Protection, Stopped,
Protection, 03.04.2014 13:40:48, SYSTEM, 7520-PC, Protection, Refresh, Success,
Protection, 03.04.2014 13:40:48, SYSTEM, 7520-PC, Protection, Malicious Website Protection, Starting,
Protection, 03.04.2014 13:40:49, SYSTEM, 7520-PC, Protection, Malicious Website Protection, Started,
Detection, 03.04.2014 13:51:42, SYSTEM, 7520-PC, Protection, Malware Protection, File, PUP.Optional.AdLyrics.A, C:\Program Files (x86)\Re-Markable\ReMarkableup.exe, Quarantine, [a34b180d2a512313dcc2aa93ba46847c]
Detection, 03.04.2014 14:00:41, 7520, 7520-PC, Protection, Malware Protection, File, PUP.Optional.AdLyrics.A, c:\program files (x86)\re-markable\remarkableup.exe, Quarantine, [a34b180d2a512313dcc2aa93ba46847c]
Protection, 03.04.2014 14:00:41, SYSTEM, 7520-PC, Protection, SDKQuarantine, 2, Failed, c:\program files (x86)\re-markable\remarkableup.exe,
Error, 03.04.2014 14:00:41, SYSTEM, 7520-PC, Protection, SDKQuarantine, 2, Failed, c:\program files (x86)\re-markable\remarkableup.exe,
Update, 03.04.2014 14:03:48, SYSTEM, 7520-PC, Scheduler, Malware Database, 2014.4.3.2, 2014.4.3.3,
Protection, 03.04.2014 14:03:49, SYSTEM, 7520-PC, Protection, Refresh, Starting,
Protection, 03.04.2014 14:03:49, SYSTEM, 7520-PC, Protection, Malicious Website Protection, Stopping,
Protection, 03.04.2014 14:03:50, SYSTEM, 7520-PC, Protection, Malicious Website Protection, Stopped,
Protection, 03.04.2014 14:03:59, SYSTEM, 7520-PC, Protection, Refresh, Success,
Protection, 03.04.2014 14:03:59, SYSTEM, 7520-PC, Protection, Malicious Website Protection, Starting,
Protection, 03.04.2014 14:04:07, SYSTEM, 7520-PC, Protection, Malicious Website Protection, Started,
Protection, 03.04.2014 14:19:25, SYSTEM, 7520-PC, Protection, Malware Protection, Starting,
Protection, 03.04.2014 14:19:26, SYSTEM, 7520-PC, Protection, Malware Protection, Started,
Protection, 03.04.2014 14:19:26, SYSTEM, 7520-PC, Protection, Malicious Website Protection, Starting,
Protection, 03.04.2014 14:21:39, SYSTEM, 7520-PC, Protection, Malicious Website Protection, Started,

(end)

AdwCleaner Logfile:
Code:
# AdwCleaner v3.016 - Bericht erstellt am 03/02/2014 um 11:43:46
# Aktualisiert 23/12/2013 von Xplode
# Betriebssystem : Windows 7 Ultimate Service Pack 1 (64 bits)
# Benutzername : 7520 - 7520-PC
# Gestartet von : C:\Users\7520\Desktop\adwcleaner-3.016.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\Users\7520\AppData\Local\Temp\OCS

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKCU\Software\OCS

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.16428


-\\ Mozilla Firefox v26.0 (de)

[ Datei : C:\Users\7520\AppData\Roaming\Mozilla\Firefox\Profiles\zxt6yqbi.default\prefs.js ]


-\\ Google Chrome v

[ Datei : C:\Users\7520\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [11247 octets] - [01/09/2013 06:12:15]
AdwCleaner[R10].txt - [21916 octets] - [06/01/2014 14:41:24]
AdwCleaner[R11].txt - [23228 octets] - [06/01/2014 14:44:43]
AdwCleaner[R12].txt - [23228 octets] - [06/01/2014 18:38:33]
AdwCleaner[R13].txt - [23228 octets] - [06/01/2014 18:47:13]
AdwCleaner[R14].txt - [23228 octets] - [06/01/2014 18:50:34]
AdwCleaner[R15].txt - [22274 octets] - [06/01/2014 18:55:43]
AdwCleaner[R16].txt - [22280 octets] - [06/01/2014 18:59:15]
AdwCleaner[R17].txt - [22280 octets] - [06/01/2014 19:00:44]
AdwCleaner[R18].txt - [7073 octets] - [06/01/2014 20:31:11]
AdwCleaner[R19].txt - [2501 octets] - [06/01/2014 21:04:09]
AdwCleaner[R1].txt - [56476 octets] - [01/12/2013 18:28:40]
AdwCleaner[R20].txt - [2762 octets] - [03/02/2014 11:40:57]
AdwCleaner[R2].txt - [1148 octets] - [02/12/2013 08:23:16]
AdwCleaner[R3].txt - [1627 octets] - [02/12/2013 08:40:28]
AdwCleaner[R4].txt - [1386 octets] - [02/12/2013 08:45:33]
AdwCleaner[R5].txt - [1506 octets] - [02/12/2013 09:20:36]
AdwCleaner[R6].txt - [1509 octets] - [02/12/2013 14:30:46]
AdwCleaner[R7].txt - [15987 octets] - [25/12/2013 18:50:53]
AdwCleaner[R8].txt - [21916 octets] - [06/01/2014 14:21:09]
AdwCleaner[R9].txt - [21916 octets] - [06/01/2014 14:26:24]
AdwCleaner[S0].txt - [7474 octets] - [01/09/2013 06:14:08]
AdwCleaner[S1].txt - [56279 octets] - [01/12/2013 18:33:10]
AdwCleaner[S2].txt - [1640 octets] - [02/12/2013 08:42:05]
AdwCleaner[S3].txt - [1447 octets] - [02/12/2013 08:46:53]
AdwCleaner[S4].txt - [1570 octets] - [02/12/2013 14:32:34]
AdwCleaner[S5].txt - [13661 octets] - [25/12/2013 18:53:11]
AdwCleaner[S6].txt - [5647 octets] - [06/01/2014 20:32:33]
AdwCleaner[S7].txt - [2561 octets] - [06/01/2014 21:05:20]
AdwCleaner[S8].txt - [2638 octets] - [03/02/2014 11:43:46]

########## EOF - C:\AdwCleaner\AdwCleaner[S8].txt - [2698 octets] ##########
--- --- ---
AdwCleaner Logfile:
Code:
# AdwCleaner v3.023 - Bericht erstellt am 03/04/2014 um 14:31:18
# Aktualisiert 01/04/2014 von Xplode
# Betriebssystem : Windows 7 Ultimate Service Pack 1 (64 bits)
# Benutzername : 7520 - 7520-PC
# Gestartet von : C:\Users\7520\Desktop\adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HiDefMedia
Ordner Gelöscht : C:\Program Files (x86)\HiDefMedia
Ordner Gelöscht : C:\Users\7520\AppData\Local\CrashRpt
Ordner Gelöscht : C:\Users\7520\AppData\Local\genienext
Ordner Gelöscht : C:\Users\7520\AppData\Local\Temp\TempDir
Ordner Gelöscht : C:\Users\7520\AppData\Roaming\DigitalSites
Ordner Gelöscht : C:\Users\7520\Documents\PC Speed Maximizer
Ordner Gelöscht : C:\Users\7520\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejdfidgapfiokiphmcjpmmjbdndepoja

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Schlüssel Gelöscht : HKCU\Software\dsiteproducts

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.16521


-\\ Mozilla Firefox v28.0 (de)

[ Datei : C:\Users\7520\AppData\Roaming\Mozilla\Firefox\Profiles\zxt6yqbi.default\prefs.js ]


-\\ Google Chrome v33.0.1750.117

[ Datei : C:\Users\7520\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Gelöscht : icon_url
Gelöscht : search_url
Gelöscht : keyword

*************************

AdwCleaner[R0].txt - [11247 octets] - [01/09/2013 07:12:15]
AdwCleaner[R10].txt - [21916 octets] - [06/01/2014 15:41:24]
AdwCleaner[R11].txt - [23228 octets] - [06/01/2014 15:44:43]
AdwCleaner[R12].txt - [23228 octets] - [06/01/2014 19:38:33]
AdwCleaner[R13].txt - [23228 octets] - [06/01/2014 19:47:13]
AdwCleaner[R14].txt - [23228 octets] - [06/01/2014 19:50:34]
AdwCleaner[R15].txt - [22274 octets] - [06/01/2014 19:55:43]
AdwCleaner[R16].txt - [22280 octets] - [06/01/2014 19:59:15]
AdwCleaner[R17].txt - [22280 octets] - [06/01/2014 20:00:44]
AdwCleaner[R18].txt - [7073 octets] - [06/01/2014 21:31:11]
AdwCleaner[R19].txt - [2501 octets] - [06/01/2014 22:04:09]
AdwCleaner[R1].txt - [56476 octets] - [01/12/2013 19:28:40]
AdwCleaner[R20].txt - [6262 octets] - [03/02/2014 12:40:57]
AdwCleaner[R21].txt - [3561 octets] - [03/04/2014 14:28:40]
AdwCleaner[R2].txt - [1148 octets] - [02/12/2013 09:23:16]
AdwCleaner[R3].txt - [1627 octets] - [02/12/2013 09:40:28]
AdwCleaner[R4].txt - [1386 octets] - [02/12/2013 09:45:33]
AdwCleaner[R5].txt - [1506 octets] - [02/12/2013 10:20:36]
AdwCleaner[R6].txt - [1509 octets] - [02/12/2013 15:30:46]
AdwCleaner[R7].txt - [15987 octets] - [25/12/2013 19:50:53]
AdwCleaner[R8].txt - [21916 octets] - [06/01/2014 15:21:09]
AdwCleaner[R9].txt - [21916 octets] - [06/01/2014 15:26:24]
AdwCleaner[S0].txt - [7474 octets] - [01/09/2013 07:14:08]
AdwCleaner[S1].txt - [56279 octets] - [01/12/2013 19:33:10]
AdwCleaner[S2].txt - [1640 octets] - [02/12/2013 09:42:05]
AdwCleaner[S3].txt - [1447 octets] - [02/12/2013 09:46:53]
AdwCleaner[S4].txt - [1570 octets] - [02/12/2013 15:32:34]
AdwCleaner[S5].txt - [13661 octets] - [25/12/2013 19:53:11]
AdwCleaner[S6].txt - [5647 octets] - [06/01/2014 21:32:33]
AdwCleaner[S7].txt - [2561 octets] - [06/01/2014 22:05:20]
AdwCleaner[S8].txt - [6153 octets] - [03/02/2014 12:43:46]

########## EOF - C:\AdwCleaner\AdwCleaner[S8].txt - [6213 octets] ##########
--- --- ---JRT Logfile:
Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.3 (03.23.2014:1)
OS: Windows 7 Ultimate x64
Ran by 7520 on 03.04.2014 at 14:39:13,66
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\\DisplayName
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\\URL



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{2830488C-079B-45C2-88B6-AFE4EAA2DF85}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{781CA792-9B6E-400B-B36F-15C097D2CA54}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\drivergenius"



~~~ FireFox

Emptied folder: C:\Users\7520\AppData\Roaming\mozilla\firefox\profiles\zxt6yqbi.default\minidumps [94 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 03.04.2014 at 14:53:10,85
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
--- --- ---



FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by 7520 (administrator) on 7520-PC on 03-04-2014 16:12:19
Running from C:\Users\7520\Desktop
Windows 7 Ultimate Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: Downloading Farbar Recovery Scan Tool
Download link for 64-Bit Version: Downloading Farbar Recovery Scan Tool
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(AVM Berlin) C:\Program Files (x86)\FRITZ!Box-Kindersicherung\avmident.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
() C:\Windows\SysWOW64\PSIService.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(LULU Software) C:\Program Files (x86)\Soda PDF 5\HelperService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(LULU Software) C:\Program Files (x86)\Soda PDF 5\ConversionService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
(Avira Operations GmbH & Co. KG) C:\program files (x86)\avira\antivir desktop\avcenter.exe
(Microsoft Corporation) C:\Windows\SysWOW64\DllHost.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Opera Software) C:\Program Files (x86)\Opera\opera.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13307496 2011-10-17] (Realtek Semiconductor)
HKLM\...\Run: [BCSSync] - C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-20] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKU\S-1-5-21-3835128264-2211656678-1279855547-1000\...\MountPoints2: {2db36a93-0ed3-11e3-a74f-001b38d7ebbe} - E:\Startme.exe
HKU\S-1-5-21-3835128264-2211656678-1279855547-1001\...\RunOnce: [WAB Migrate] - C:\Program Files\Windows Mail\wab.exe [516096 2010-11-21] (Microsoft Corporation)
HKU\S-1-5-21-3835128264-2211656678-1279855547-1001\...\RunOnce: [DPAPIKeyMig] - C:\Windows\system32\dpapimig.exe [74752 2009-07-14] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
SearchScopes: HKLM - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=irmsd1202&cd=2XzuyEtN2Y1L1QzutDtDtC0FtA0AzyyDtCtB0A0B0EzzzyzytN0D0Tzu0SyBtBtDtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=910047237&ir=
SearchScopes: HKLM - {71588120-FC17-4463-B07D-2C71FE6E057B} URL = hxxp://go.findrsearch.com/search/web?q={searchTerms}
SearchScopes: HKLM-x32 - URL hxxp://search.certified-toolbar.com?si=43169&st=bs&tid=3580&ver=4.5&ts=1377597617616.000009&tguid=43169-3580-1377597617616-1ADAEA2CC599FBA31479FEEBE268D5FF&q={searchTerms}
SearchScopes: HKLM-x32 - SuggestionsURL_JSON hxxp://api.widdit.com/suggestions/?format=ffplugin&ua=ie&src=addon&si=43169&gid=43169-3580-1377597617616-1ADAEA2CC599FBA31479FEEBE268D5FF&dbCode=1&command={searchTerms}
SearchScopes: HKLM-x32 - TopResultURLFallback hxxp://search.certified-toolbar.com?si=43169&st=bs&tid=3580&ver=4.5&ts=1377597617616.000009&tguid=43169-3580-1377597617616-1ADAEA2CC599FBA31479FEEBE268D5FF&q={searchTerms}
SearchScopes: HKCU - URL hxxp://search.certified-toolbar.com?si=43169&st=bs&tid=3580&ver=4.5&ts=1377597617616.000009&tguid=43169-3580-1377597617616-1ADAEA2CC599FBA31479FEEBE268D5FF&q={searchTerms}
SearchScopes: HKCU - SuggestionsURL_JSON hxxp://api.widdit.com/suggestions/?format=ffplugin&ua=ie&src=addon&si=43169&gid=43169-3580-1377597617616-1ADAEA2CC599FBA31479FEEBE268D5FF&dbCode=1&command={searchTerms}
SearchScopes: HKCU - TopResultURLFallback hxxp://search.certified-toolbar.com?si=43169&st=bs&tid=3580&ver=4.5&ts=1377597617616.000009&tguid=43169-3580-1377597617616-1ADAEA2CC599FBA31479FEEBE268D5FF&q={searchTerms}
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = Google
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO-x32: Groove GFS Browser Helper - {390C7E87-153C-12DB-2EA6-0BB301EB26E9} - C:\Windows\SysWOW64\difxapii.dll ()
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Soda PDF 5 IE Helper - {C737F472-1193-4281-BF53-A00B67AB3E19} - C:\Program Files (x86)\Soda PDF 5\PDFIEHelper.dll (LULU Software)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - Soda PDF 5 IE Toolbar - {F335ABA2-FDB4-4644-92B2-5CC4B0FC91D6} - C:\Program Files (x86)\Soda PDF 5\PDFIEPlugin.dll (LULU Software)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\7520\AppData\Roaming\Mozilla\Firefox\Profiles\zxt6yqbi.default
FF Homepage: hxxp://www.google.de/
FF Keyword.URL: user_pref("keyword.URL", "");
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=16.0.0.282 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.0 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.0 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.0 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=16.0.0.282 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.0 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\7520\AppData\Roaming\Mozilla\Firefox\Profiles\zxt6yqbi.default\searchplugins\findr.xml
FF SearchPlugin: C:\Users\7520\AppData\Roaming\Mozilla\Firefox\Profiles\zxt6yqbi.default\searchplugins\searchplugins-backup
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Geolocater - C:\Users\7520\AppData\Roaming\Mozilla\Firefox\Profiles\zxt6yqbi.default\Extensions\geolocater@3liz.com [2013-04-25]
FF Extension: Microsoft .NET Framework Assistant - C:\Users\7520\AppData\Roaming\Mozilla\Firefox\Profiles\zxt6yqbi.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2012-12-04]
FF Extension: DownloadHelper - C:\Users\7520\AppData\Roaming\Mozilla\Firefox\Profiles\zxt6yqbi.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-03-24]
FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Users\7520\AppData\Roaming\Mozilla\Firefox\Profiles\zxt6yqbi.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi [2012-12-04]
FF HKLM-x32\...\Firefox\Extensions: [fmconverter@gmail.com] - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\
FF Extension: Freemake Video Converter Plugin - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\ []
FF HKLM-x32\...\Firefox\Extensions: [{34712C68-7391-4c47-94F3-8F88D49AD632}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ []
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-01-29]
FF HKCU\...\Firefox\Extensions: [{6398fbcf-f22b-430a-a81c-9f1ecb508bb5}] - C:\Program Files (x86)\Re-Markable\150.xpi

Chrome:
=======
CHR HomePage: hxxp://www.google.com
CHR DefaultSearchProvider: Mysearchdial
CHR DefaultSearchURL: Google
CHR DefaultNewTabURL:
CHR Extension: (YouTube) - C:\Users\7520\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-03]
CHR Extension: (Google-Suche) - C:\Users\7520\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-03]
CHR Extension: (Re-Markable) - C:\Users\7520\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejdfidgapfiokiphmcjpmmjbdndepoja [2014-03-03]
CHR Extension: (Searcch-NeewaTabb) - C:\Users\7520\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgdbfaoeajglnkkklikfhgmegmdipehm [2013-04-16]
CHR Extension: (RealDownloader) - C:\Users\7520\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2014-03-03]
CHR Extension: (Freemake Video Converter) - C:\Users\7520\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj [2014-03-03]
CHR Extension: (Plus-HD-3.7) - C:\Users\7520\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgdgpogmpcjffpmdkoedclegjohlepii [2013-12-01]
CHR Extension: (Google Wallet) - C:\Users\7520\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-03]
CHR Extension: (Barowse2sAvvee) - C:\Users\7520\AppData\Local\Google\Chrome\User Data\Default\Extensions\nncinmkgmfhkkbiecofifhocgpdhmpok [2013-04-16]
CHR Extension: (Google Mail) - C:\Users\7520\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-03]
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2012-11-29]
CHR HKLM-x32\...\Chrome\Extension: [jbolfgndggfhhpbnkgnpjkfhinclbigj] - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Chrome\Freemake.Plugin.Chrome.crx [2012-12-05]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 avmident; C:\Program Files (x86)\FRITZ!Box-Kindersicherung\avmident.exe [76288 2011-09-27] (AVM Berlin)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-03-05] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [857912 2014-03-05] (Malwarebytes Corporation)
S3 NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [279848 2007-06-27] (Nero AG)
R2 ProtexisLicensing; C:\Windows\SysWOW64\PSIService.exe [177704 2007-06-05] ()
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [38608 2012-11-29] ()
R2 Soda PDF 5 Helper Service; C:\Program Files (x86)\Soda PDF 5\HelperService.exe [1069408 2013-01-29] (LULU Software)
R2 Soda PDF 5 Service; C:\Program Files (x86)\Soda PDF 5\ConversionService.exe [794464 2013-01-29] (LULU Software)

==================== Drivers (Whitelisted) ====================

R3 A310; C:\Windows\System32\DRIVERS\AVerA310USB.sys [31360 2007-06-17] (AVerMedia TECHNOLOGIES, Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-12] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-12] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-07] (Avira Operations GmbH & Co. KG)
R3 BDASwCap; C:\Windows\System32\drivers\AVerA310Cap.sys [49536 2007-06-17] (AVerMedia TECHNOLOGIES, Inc.)
S3 IT9135BDA; C:\Windows\System32\Drivers\IT9135BDA.sys [113280 2010-02-03] (ITE                      )
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-03-05] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-04-03] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63192 2014-03-05] (Malwarebytes Corporation)
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-03 16:12 - 2014-04-03 16:12 - 00019170 _____ () C:\Users\7520\Desktop\FRST.txt
2014-04-03 14:26 - 2014-04-03 14:27 - 01426178 _____ () C:\Users\7520\Desktop\adwcleaner.exe
2014-04-03 13:39 - 2014-04-03 14:36 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-03 13:39 - 2014-04-03 13:39 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-03 13:39 - 2014-04-03 13:39 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-03 13:39 - 2014-03-05 09:26 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-03 13:39 - 2014-03-05 09:26 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-03 13:36 - 2014-04-03 13:36 - 01038974 _____ (Thisisu) C:\Users\7520\Desktop\JRT.exe
2014-04-03 12:29 - 2014-04-03 12:30 - 00000000 ____D () C:\Users\7520\Downloads\How.I.Met.Your.Mother.S09E04.Der.gebrochene.Bro.Code.GERMAN.DUBBED.DL.1080p.WebHD.x264-TVP
2014-04-03 12:16 - 2014-04-03 12:29 - 524288000 _____ () C:\Users\7520\Downloads\marshpillow.0904.s3s4.l2.hd2-tvp.part1.rar
2014-04-03 12:16 - 2014-04-03 12:27 - 424617534 _____ () C:\Users\7520\Downloads\marshpillow.0904.s3s4.l2.hd2-tvp.part2.rar
2014-04-03 09:31 - 2014-04-03 16:12 - 00000000 ____D () C:\FRST
2014-04-03 09:30 - 2014-04-03 09:30 - 02157056 _____ (Farbar) C:\Users\7520\Desktop\FRST64.exe
2014-04-02 13:11 - 2014-04-02 10:05 - 1674000384 _____ () C:\Users\7520\Desktop\captn america 2.avi
2014-03-31 09:46 - 2014-03-31 09:46 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-13 22:31 - 2014-03-01 08:05 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-13 22:31 - 2014-03-01 07:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-13 22:31 - 2014-03-01 07:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-13 22:31 - 2014-03-01 06:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-13 22:31 - 2014-03-01 06:52 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-13 22:31 - 2014-03-01 06:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-13 22:31 - 2014-03-01 06:42 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-13 22:31 - 2014-03-01 06:40 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-13 22:31 - 2014-03-01 06:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-13 22:31 - 2014-03-01 06:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-13 22:31 - 2014-03-01 06:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-13 22:31 - 2014-03-01 06:32 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-13 22:31 - 2014-03-01 06:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-13 22:31 - 2014-03-01 06:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-13 22:31 - 2014-03-01 06:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-13 22:31 - 2014-03-01 06:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-13 22:31 - 2014-03-01 06:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-13 22:31 - 2014-03-01 05:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-13 22:31 - 2014-03-01 05:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-13 22:31 - 2014-03-01 05:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-03-13 22:31 - 2014-03-01 05:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-13 22:31 - 2014-03-01 05:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-13 22:31 - 2014-03-01 05:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-13 22:31 - 2014-03-01 05:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-13 22:31 - 2014-03-01 05:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-13 22:31 - 2014-03-01 05:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-03-13 22:31 - 2014-03-01 05:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-03-13 22:31 - 2014-03-01 05:35 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-13 22:31 - 2014-03-01 05:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-13 22:31 - 2014-03-01 05:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-13 22:31 - 2014-03-01 05:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-13 22:31 - 2014-03-01 05:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-13 22:31 - 2014-03-01 05:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-13 22:31 - 2014-03-01 05:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-03-13 22:31 - 2014-03-01 04:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-13 22:31 - 2014-03-01 04:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-13 22:31 - 2014-03-01 04:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-13 22:31 - 2014-03-01 04:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-13 22:31 - 2014-03-01 04:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-13 22:31 - 2014-03-01 04:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-03-13 22:31 - 2014-02-07 03:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-13 22:31 - 2014-02-04 04:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-03-13 22:31 - 2014-02-04 04:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-13 22:31 - 2014-02-04 04:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-03-13 22:31 - 2014-02-04 04:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-03-13 22:31 - 2014-01-29 04:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-13 22:31 - 2014-01-29 04:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2014-03-13 22:31 - 2014-01-28 04:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-03-12 08:58 - 2014-04-03 14:33 - 00003336 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3835128264-2211656678-1279855547-1000
2014-03-11 10:46 - 2014-03-11 10:46 - 00002699 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-03-11 10:46 - 2014-03-11 10:46 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-03-11 10:46 - 2014-03-11 10:46 - 00000000 ____D () C:\Users\7520\AppData\Local\Skype

==================== One Month Modified Files and Folders =======

2014-04-03 16:12 - 2014-04-03 16:12 - 00019170 _____ () C:\Users\7520\Desktop\FRST.txt
2014-04-03 16:12 - 2014-04-03 09:31 - 00000000 ____D () C:\FRST
2014-04-03 15:59 - 2012-12-05 13:14 - 00000000 ____D () C:\Users\7520\Documents\Outlook-Dateien
2014-04-03 15:51 - 2014-03-03 22:34 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-03 15:06 - 2012-12-03 23:16 - 01818391 _____ () C:\Windows\WindowsUpdate.log
2014-04-03 14:42 - 2012-12-03 22:52 - 00010288 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-03 14:42 - 2012-12-03 22:52 - 00010288 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-03 14:36 - 2014-04-03 13:39 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-03 14:33 - 2014-03-12 08:58 - 00003336 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3835128264-2211656678-1279855547-1000
2014-04-03 14:33 - 2014-03-03 22:34 - 00001102 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-03 14:33 - 2014-02-26 08:57 - 00003200 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3835128264-2211656678-1279855547-1000
2014-04-03 14:33 - 2013-09-20 06:11 - 00746431 _____ () C:\Windows\setupact.log
2014-04-03 14:33 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-03 14:32 - 2010-11-21 05:47 - 00419488 _____ () C:\Windows\PFRO.log
2014-04-03 14:31 - 2013-09-01 07:12 - 00000000 ____D () C:\AdwCleaner
2014-04-03 14:27 - 2014-04-03 14:26 - 01426178 _____ () C:\Users\7520\Desktop\adwcleaner.exe
2014-04-03 13:39 - 2014-04-03 13:39 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-03 13:39 - 2014-04-03 13:39 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-03 13:39 - 2013-12-03 08:49 - 00000000 ____D () C:\Users\7520\AppData\Roaming\Malwarebytes
2014-04-03 13:39 - 2013-12-03 08:49 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-03 13:36 - 2014-04-03 13:36 - 01038974 _____ (Thisisu) C:\Users\7520\Desktop\JRT.exe
2014-04-03 12:30 - 2014-04-03 12:29 - 00000000 ____D () C:\Users\7520\Downloads\How.I.Met.Your.Mother.S09E04.Der.gebrochene.Bro.Code.GERMAN.DUBBED.DL.1080p.WebHD.x264-TVP
2014-04-03 12:29 - 2014-04-03 12:16 - 524288000 _____ () C:\Users\7520\Downloads\marshpillow.0904.s3s4.l2.hd2-tvp.part1.rar
2014-04-03 12:27 - 2014-04-03 12:16 - 424617534 _____ () C:\Users\7520\Downloads\marshpillow.0904.s3s4.l2.hd2-tvp.part2.rar
2014-04-03 12:27 - 2012-12-04 14:16 - 00003922 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{5ABAD5A1-376E-4392-B90D-6E5A526C51B5}
2014-04-03 12:16 - 2012-12-05 22:24 - 00000000 ____D () C:\Program Files (x86)\JDownloader
2014-04-03 09:42 - 2014-02-21 12:34 - 00000000 ____D () C:\Users\7520\Desktop\musik
2014-04-03 09:30 - 2014-04-03 09:30 - 02157056 _____ (Farbar) C:\Users\7520\Desktop\FRST64.exe
2014-04-03 09:29 - 2012-12-06 10:44 - 00000000 ____D () C:\Users\7520\AppData\Roaming\Skype
2014-04-03 09:26 - 2013-12-20 20:51 - 00000408 _____ () C:\Users\7520\AppData\Roaming\CamShapes.ini
2014-04-03 09:26 - 2013-12-20 20:51 - 00000408 _____ () C:\Users\7520\AppData\Roaming\CamLayout.ini
2014-04-03 09:26 - 2013-12-20 20:51 - 00000102 _____ () C:\Users\7520\AppData\Roaming\Camdata.ini
2014-04-03 09:26 - 2013-12-20 20:09 - 00004534 _____ () C:\Users\7520\AppData\Roaming\CamStudio.cfg
2014-04-03 09:26 - 2013-10-14 13:15 - 07667200 ___SH () C:\Users\7520\Desktop\Thumbs.db
2014-04-03 09:25 - 2013-12-20 20:03 - 00000000 ____D () C:\Users\7520\Documents\My CamStudio Temp Files
2014-04-03 09:12 - 2013-12-20 20:02 - 00000096 _____ () C:\Users\7520\AppData\Roaming\version2.xml
2014-04-03 07:52 - 2012-12-07 12:17 - 00010240 ____H () C:\Users\7520\Desktop\photothumb.db
2014-04-02 10:05 - 2014-04-02 13:11 - 1674000384 _____ () C:\Users\7520\Desktop\captn america 2.avi
2014-04-02 07:46 - 2014-03-03 22:34 - 00004102 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-04-02 07:46 - 2014-03-03 22:34 - 00003850 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-04-02 07:17 - 2012-12-03 23:33 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-04-01 09:09 - 2013-01-18 18:22 - 00000000 ____D () C:\Users\7520\AppData\Roaming\vlc
2014-04-01 09:08 - 2013-02-27 18:02 - 00000000 ____D () C:\output
2014-03-31 09:46 - 2014-03-31 09:46 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-28 15:05 - 2013-10-17 19:18 - 00000069 _____ () C:\Windows\NeroDigital.ini
2014-03-27 19:40 - 2012-12-04 14:48 - 00000000 ____D () C:\Users\7520\AppData\Roaming\uTorrent
2014-03-26 09:03 - 2009-07-14 07:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-03-25 15:33 - 2014-01-23 08:52 - 00000000 ____D () C:\Users\7520\Desktop\nägel
2014-03-20 17:42 - 2012-12-04 14:47 - 00000150 _____ () C:\Users\7520\Desktop\verkleinerer.set
2014-03-19 12:07 - 2012-12-04 15:05 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-03-19 12:06 - 2013-08-14 11:02 - 00000000 ____D () C:\Windows\system32\MRT
2014-03-19 12:01 - 2012-10-11 01:16 - 90015360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-03-19 08:27 - 2012-11-14 14:38 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-19 08:27 - 2012-11-14 14:38 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-14 07:46 - 2009-07-14 06:45 - 00460120 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-14 07:44 - 2013-03-29 21:57 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-14 07:44 - 2013-03-29 21:57 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-03-11 10:46 - 2014-03-11 10:46 - 00002699 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-03-11 10:46 - 2014-03-11 10:46 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-03-11 10:46 - 2014-03-11 10:46 - 00000000 ____D () C:\Users\7520\AppData\Local\Skype
2014-03-11 10:46 - 2012-12-06 10:43 - 00000000 ____D () C:\ProgramData\Skype
2014-03-05 09:26 - 2014-04-03 13:39 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-03-05 09:26 - 2014-04-03 13:39 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-03-05 09:26 - 2013-12-03 08:49 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

Files to move or delete:
====================
C:\Users\7520\AppData\Roaming\CamLayout.ini
C:\Users\7520\AppData\Roaming\CamShapes.ini


Some content of TEMP:
====================
C:\Users\7520\AppData\Local\Temp\56331uninstall.exe
C:\Users\7520\AppData\Local\Temp\avgnt.exe
C:\Users\7520\AppData\Local\Temp\BackupSetup.exe
C:\Users\7520\AppData\Local\Temp\Cloud_Backup_Setup.exe
C:\Users\7520\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\7520\AppData\Local\Temp\Quarantine.exe
C:\Users\7520\AppData\Local\Temp\rmskfi98.exe
C:\Users\7520\AppData\Local\Temp\Sqlite3.dll


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-03-30 08:37

==================== End Of Log ============================
--- --- ---

--- --- ---

--- --- ---

--- --- ---

Revo Uninstaller zeigt bei mir nix an wenn ich suchen will , nur die ganz normale programme .wenn ich z.b Re-Markable (HKLM-x32\...\a2d26271-6cb1-44af-90ed-ccae2d6d9c0e) (Version: - Re-Markable Software) <==== ATTENTION eingebe bei suche findet er nichts darum habe ich die anderen schritte ohne das programm gemacht erstmal

schrauber 04.04.2014 11:12

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)

sweetboy200 04.04.2014 14:01
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=57ba2dfd04390246838da916d184bb34
# engine=17751
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-04-04 12:47:58
# local_time=2014-04-04 02:47:58 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 96 25533 262038968 18289 0
# compatibility_mode=5893 16776573 100 94 80448 148245528 0 0
# scanned=415480
# found=17
# cleaned=0
# scan_time=7025
sh=CAF60B3A36BADE2378FF5A5059233B9539F6E6CA ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.H application" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\Browse2Save\50c717dd73100.html.vir"
sh=78B8EC3143AD25C8B3CE842CC4409B17E663CE84 ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.H application" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\Browse2Save\jkokhemococcfgbokgkingpocilfhmcg.crx.vir"
sh=0BECDDB05027181D99EB31532852CDCAB9B819B4 ft=1 fh=78f1845980550bb1 vn="multiple threats" ac=I fn="C:\Users\7520\AppData\Local\Temp\rmskfi98.exe"
sh=5569C2C2A6DFC916CA7B841D99D9884DBC61799F ft=1 fh=c71c00111239a1be vn="a variant of Win32/TrojanDownloader.FakeNSIS.A trojan" ac=I fn="C:\Users\7520\AppData\Local\Temp\111563849.Uninstall\__Uninstall_.exe"
sh=175A8A0C7650EF29B0E1AE7137F5F48FDFCD6588 ft=1 fh=deea2a09617af006 vn="a variant of Win32/AdWare.SpeedingUpMyPC.G application" ac=I fn="C:\Users\7520\AppData\Local\Temp\is1590112554\111466186_stp\PCSpeedMaximizer_AQDE_AFD_PPI.exe"
sh=A87B7647DC34B5B6186209377786E946B677C574 ft=1 fh=c2834f18f25710d9 vn="multiple threats" ac=I fn="C:\Users\7520\AppData\Local\Temp\{6A060003-30BE-4703-8ABA-8298928C68F0}\setup.exe"
sh=ECA17BF927BAE98270F9EE42506B7CF82C8424D2 ft=1 fh=d4c71adcb24b3aa9 vn="Win32/Packed.ASProtect.AAB trojan" ac=I fn="C:\Users\7520\Documents\xbox 360 programme\X360GameHack.exe"
sh=6535EF1963B5B6CEE0990224524F94C314EA960A ft=1 fh=c71c00117cfe6f75 vn="Win32/BHO.OEY trojan" ac=I fn="C:\Windows\System32\dbbgeng.dll"
sh=6535EF1963B5B6CEE0990224524F94C314EA960A ft=1 fh=c71c00117cfe6f75 vn="Win32/BHO.OEY trojan" ac=I fn="C:\Windows\System32\difxapii.dll"
sh=6535EF1963B5B6CEE0990224524F94C314EA960A ft=1 fh=c71c00117cfe6f75 vn="Win32/BHO.OEY trojan" ac=I fn="C:\Windows\System32\dimsjobb.dll"
sh=6535EF1963B5B6CEE0990224524F94C314EA960A ft=1 fh=c71c00117cfe6f75 vn="Win32/BHO.OEY trojan" ac=I fn="C:\Windows\System32\dimsroamm.dll"
sh=6535EF1963B5B6CEE0990224524F94C314EA960A ft=1 fh=c71c00117cfe6f75 vn="Win32/BHO.OEY trojan" ac=I fn="C:\Windows\System32\dinputt.dll"
sh=6535EF1963B5B6CEE0990224524F94C314EA960A ft=1 fh=c71c00117cfe6f75 vn="Win32/BHO.OEY trojan" ac=I fn="C:\Windows\SysWOW64\dbbgeng.dll"
sh=6535EF1963B5B6CEE0990224524F94C314EA960A ft=1 fh=c71c00117cfe6f75 vn="Win32/BHO.OEY trojan" ac=I fn="C:\Windows\SysWOW64\difxapii.dll"
sh=6535EF1963B5B6CEE0990224524F94C314EA960A ft=1 fh=c71c00117cfe6f75 vn="Win32/BHO.OEY trojan" ac=I fn="C:\Windows\SysWOW64\dimsjobb.dll"
sh=6535EF1963B5B6CEE0990224524F94C314EA960A ft=1 fh=c71c00117cfe6f75 vn="Win32/BHO.OEY trojan" ac=I fn="C:\Windows\SysWOW64\dimsroamm.dll"
sh=6535EF1963B5B6CEE0990224524F94C314EA960A ft=1 fh=c71c00117cfe6f75 vn="Win32/BHO.OEY trojan" ac=I fn="C:\Windows\SysWOW64\dinputt.dll"


FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by 7520 (administrator) on 7520-PC on 04-04-2014 14:59:54
Running from C:\Users\7520\Desktop
Windows 7 Ultimate Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: Downloading Farbar Recovery Scan Tool
Download link for 64-Bit Version: Downloading Farbar Recovery Scan Tool
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(AVM Berlin) C:\Program Files (x86)\FRITZ!Box-Kindersicherung\avmident.exe
() C:\Windows\SysWOW64\PSIService.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(LULU Software) C:\Program Files (x86)\Soda PDF 5\HelperService.exe
(LULU Software) C:\Program Files (x86)\Soda PDF 5\ConversionService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
(Microsoft Corporation) C:\Windows\SysWOW64\DllHost.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Opera Software) C:\Program Files (x86)\Opera\opera.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13307496 2011-10-17] (Realtek Semiconductor)
HKLM\...\Run: [BCSSync] - C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-20] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKU\S-1-5-21-3835128264-2211656678-1279855547-1000\...\MountPoints2: {2db36a93-0ed3-11e3-a74f-001b38d7ebbe} - E:\Startme.exe
HKU\S-1-5-21-3835128264-2211656678-1279855547-1001\...\RunOnce: [WAB Migrate] - C:\Program Files\Windows Mail\wab.exe [516096 2010-11-21] (Microsoft Corporation)
HKU\S-1-5-21-3835128264-2211656678-1279855547-1001\...\RunOnce: [DPAPIKeyMig] - C:\Windows\system32\dpapimig.exe [74752 2009-07-14] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
SearchScopes: HKLM - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=irmsd1202&cd=2XzuyEtN2Y1L1QzutDtDtC0FtA0AzyyDtCtB0A0B0EzzzyzytN0D0Tzu0SyBtBtDtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=910047237&ir=
SearchScopes: HKLM - {71588120-FC17-4463-B07D-2C71FE6E057B} URL = hxxp://go.findrsearch.com/search/web?q={searchTerms}
SearchScopes: HKLM-x32 - URL hxxp://search.certified-toolbar.com?si=43169&st=bs&tid=3580&ver=4.5&ts=1377597617616.000009&tguid=43169-3580-1377597617616-1ADAEA2CC599FBA31479FEEBE268D5FF&q={searchTerms}
SearchScopes: HKLM-x32 - SuggestionsURL_JSON hxxp://api.widdit.com/suggestions/?format=ffplugin&ua=ie&src=addon&si=43169&gid=43169-3580-1377597617616-1ADAEA2CC599FBA31479FEEBE268D5FF&dbCode=1&command={searchTerms}
SearchScopes: HKLM-x32 - TopResultURLFallback hxxp://search.certified-toolbar.com?si=43169&st=bs&tid=3580&ver=4.5&ts=1377597617616.000009&tguid=43169-3580-1377597617616-1ADAEA2CC599FBA31479FEEBE268D5FF&q={searchTerms}
SearchScopes: HKCU - URL hxxp://search.certified-toolbar.com?si=43169&st=bs&tid=3580&ver=4.5&ts=1377597617616.000009&tguid=43169-3580-1377597617616-1ADAEA2CC599FBA31479FEEBE268D5FF&q={searchTerms}
SearchScopes: HKCU - SuggestionsURL_JSON hxxp://api.widdit.com/suggestions/?format=ffplugin&ua=ie&src=addon&si=43169&gid=43169-3580-1377597617616-1ADAEA2CC599FBA31479FEEBE268D5FF&dbCode=1&command={searchTerms}
SearchScopes: HKCU - TopResultURLFallback hxxp://search.certified-toolbar.com?si=43169&st=bs&tid=3580&ver=4.5&ts=1377597617616.000009&tguid=43169-3580-1377597617616-1ADAEA2CC599FBA31479FEEBE268D5FF&q={searchTerms}
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = Google
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO-x32: Groove GFS Browser Helper - {390C7E87-153C-12DB-2EA6-0BB301EB26E9} - C:\Windows\SysWOW64\difxapii.dll ()
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Soda PDF 5 IE Helper - {C737F472-1193-4281-BF53-A00B67AB3E19} - C:\Program Files (x86)\Soda PDF 5\PDFIEHelper.dll (LULU Software)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - Soda PDF 5 IE Toolbar - {F335ABA2-FDB4-4644-92B2-5CC4B0FC91D6} - C:\Program Files (x86)\Soda PDF 5\PDFIEPlugin.dll (LULU Software)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\7520\AppData\Roaming\Mozilla\Firefox\Profiles\zxt6yqbi.default
FF Homepage: hxxp://www.google.de/
FF Keyword.URL: user_pref("keyword.URL", "");
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=16.0.0.282 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.0 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.0 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.0 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=16.0.0.282 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.0 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\7520\AppData\Roaming\Mozilla\Firefox\Profiles\zxt6yqbi.default\searchplugins\findr.xml
FF SearchPlugin: C:\Users\7520\AppData\Roaming\Mozilla\Firefox\Profiles\zxt6yqbi.default\searchplugins\searchplugins-backup
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Geolocater - C:\Users\7520\AppData\Roaming\Mozilla\Firefox\Profiles\zxt6yqbi.default\Extensions\geolocater@3liz.com [2013-04-25]
FF Extension: Microsoft .NET Framework Assistant - C:\Users\7520\AppData\Roaming\Mozilla\Firefox\Profiles\zxt6yqbi.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2012-12-04]
FF Extension: DownloadHelper - C:\Users\7520\AppData\Roaming\Mozilla\Firefox\Profiles\zxt6yqbi.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-03-24]
FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Users\7520\AppData\Roaming\Mozilla\Firefox\Profiles\zxt6yqbi.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi [2012-12-04]
FF HKLM-x32\...\Firefox\Extensions: [fmconverter@gmail.com] - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\
FF Extension: Freemake Video Converter Plugin - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\ []
FF HKLM-x32\...\Firefox\Extensions: [{34712C68-7391-4c47-94F3-8F88D49AD632}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ []
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-01-29]
FF HKCU\...\Firefox\Extensions: [{6398fbcf-f22b-430a-a81c-9f1ecb508bb5}] - C:\Program Files (x86)\Re-Markable\150.xpi

Chrome:
=======
CHR HomePage: hxxp://www.google.com
CHR DefaultSearchProvider: Mysearchdial
CHR DefaultSearchURL: Google
CHR DefaultNewTabURL:
CHR Extension: (YouTube) - C:\Users\7520\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-03]
CHR Extension: (Google-Suche) - C:\Users\7520\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-03]
CHR Extension: (Re-Markable) - C:\Users\7520\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejdfidgapfiokiphmcjpmmjbdndepoja [2014-03-03]
CHR Extension: (Searcch-NeewaTabb) - C:\Users\7520\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgdbfaoeajglnkkklikfhgmegmdipehm [2013-04-16]
CHR Extension: (RealDownloader) - C:\Users\7520\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2014-03-03]
CHR Extension: (Freemake Video Converter) - C:\Users\7520\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj [2014-03-03]
CHR Extension: (Plus-HD-3.7) - C:\Users\7520\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgdgpogmpcjffpmdkoedclegjohlepii [2013-12-01]
CHR Extension: (Google Wallet) - C:\Users\7520\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-03]
CHR Extension: (Barowse2sAvvee) - C:\Users\7520\AppData\Local\Google\Chrome\User Data\Default\Extensions\nncinmkgmfhkkbiecofifhocgpdhmpok [2013-04-16]
CHR Extension: (Google Mail) - C:\Users\7520\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-03]
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2012-11-29]
CHR HKLM-x32\...\Chrome\Extension: [jbolfgndggfhhpbnkgnpjkfhinclbigj] - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Chrome\Freemake.Plugin.Chrome.crx [2012-12-05]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 avmident; C:\Program Files (x86)\FRITZ!Box-Kindersicherung\avmident.exe [76288 2011-09-27] (AVM Berlin)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-03-05] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [857912 2014-03-05] (Malwarebytes Corporation)
S3 NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [279848 2007-06-27] (Nero AG)
R2 ProtexisLicensing; C:\Windows\SysWOW64\PSIService.exe [177704 2007-06-05] ()
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [38608 2012-11-29] ()
R2 Soda PDF 5 Helper Service; C:\Program Files (x86)\Soda PDF 5\HelperService.exe [1069408 2013-01-29] (LULU Software)
R2 Soda PDF 5 Service; C:\Program Files (x86)\Soda PDF 5\ConversionService.exe [794464 2013-01-29] (LULU Software)

==================== Drivers (Whitelisted) ====================

R3 A310; C:\Windows\System32\DRIVERS\AVerA310USB.sys [31360 2007-06-17] (AVerMedia TECHNOLOGIES, Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-12] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-12] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-07] (Avira Operations GmbH & Co. KG)
R3 BDASwCap; C:\Windows\System32\drivers\AVerA310Cap.sys [49536 2007-06-17] (AVerMedia TECHNOLOGIES, Inc.)
S3 IT9135BDA; C:\Windows\System32\Drivers\IT9135BDA.sys [113280 2010-02-03] (ITE                      )
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-03-05] (Malwarebytes Corporation)
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-04 14:59 - 2014-04-04 14:59 - 00018583 _____ () C:\Users\7520\Desktop\FRST.txt
2014-04-04 12:48 - 2014-04-04 12:48 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-04-03 16:16 - 2014-04-03 16:16 - 00001268 _____ () C:\Users\7520\Desktop\Revo Uninstaller.lnk
2014-04-03 16:16 - 2014-04-03 16:16 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-04-03 14:26 - 2014-04-03 14:27 - 01426178 _____ () C:\Users\7520\Desktop\adwcleaner.exe
2014-04-03 13:39 - 2014-04-03 14:36 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-03 13:39 - 2014-04-03 13:39 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-03 13:39 - 2014-04-03 13:39 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-03 13:39 - 2014-03-05 09:26 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-03 13:39 - 2014-03-05 09:26 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-03 13:36 - 2014-04-03 13:36 - 01038974 _____ (Thisisu) C:\Users\7520\Desktop\JRT.exe
2014-04-03 09:31 - 2014-04-04 14:59 - 00000000 ____D () C:\FRST
2014-04-03 09:30 - 2014-04-03 09:30 - 02157056 _____ (Farbar) C:\Users\7520\Desktop\FRST64.exe
2014-03-31 09:46 - 2014-03-31 09:46 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-13 22:31 - 2014-03-01 08:05 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-13 22:31 - 2014-03-01 07:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-13 22:31 - 2014-03-01 07:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-13 22:31 - 2014-03-01 06:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-13 22:31 - 2014-03-01 06:52 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-13 22:31 - 2014-03-01 06:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-13 22:31 - 2014-03-01 06:42 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-13 22:31 - 2014-03-01 06:40 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-13 22:31 - 2014-03-01 06:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-13 22:31 - 2014-03-01 06:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-13 22:31 - 2014-03-01 06:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-13 22:31 - 2014-03-01 06:32 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-13 22:31 - 2014-03-01 06:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-13 22:31 - 2014-03-01 06:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-13 22:31 - 2014-03-01 06:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-13 22:31 - 2014-03-01 06:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-13 22:31 - 2014-03-01 06:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-13 22:31 - 2014-03-01 05:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-13 22:31 - 2014-03-01 05:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-13 22:31 - 2014-03-01 05:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-03-13 22:31 - 2014-03-01 05:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-13 22:31 - 2014-03-01 05:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-13 22:31 - 2014-03-01 05:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-13 22:31 - 2014-03-01 05:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-13 22:31 - 2014-03-01 05:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-13 22:31 - 2014-03-01 05:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-03-13 22:31 - 2014-03-01 05:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-03-13 22:31 - 2014-03-01 05:35 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-13 22:31 - 2014-03-01 05:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-13 22:31 - 2014-03-01 05:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-13 22:31 - 2014-03-01 05:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-13 22:31 - 2014-03-01 05:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-13 22:31 - 2014-03-01 05:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-13 22:31 - 2014-03-01 05:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-03-13 22:31 - 2014-03-01 04:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-13 22:31 - 2014-03-01 04:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-13 22:31 - 2014-03-01 04:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-13 22:31 - 2014-03-01 04:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-13 22:31 - 2014-03-01 04:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-13 22:31 - 2014-03-01 04:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-03-13 22:31 - 2014-02-07 03:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-13 22:31 - 2014-02-04 04:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-03-13 22:31 - 2014-02-04 04:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-13 22:31 - 2014-02-04 04:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-03-13 22:31 - 2014-02-04 04:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-03-13 22:31 - 2014-01-29 04:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-13 22:31 - 2014-01-29 04:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2014-03-13 22:31 - 2014-01-28 04:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-03-12 08:58 - 2014-04-03 14:33 - 00003336 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3835128264-2211656678-1279855547-1000
2014-03-11 10:46 - 2014-03-11 10:46 - 00002699 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-03-11 10:46 - 2014-03-11 10:46 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-03-11 10:46 - 2014-03-11 10:46 - 00000000 ____D () C:\Users\7520\AppData\Local\Skype

==================== One Month Modified Files and Folders =======

2014-04-04 15:00 - 2014-04-04 14:59 - 00018583 _____ () C:\Users\7520\Desktop\FRST.txt
2014-04-04 14:59 - 2014-04-03 09:31 - 00000000 ____D () C:\FRST
2014-04-04 14:51 - 2014-03-03 22:34 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-04 13:08 - 2012-12-04 14:16 - 00003922 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{5ABAD5A1-376E-4392-B90D-6E5A526C51B5}
2014-04-04 12:48 - 2014-04-04 12:48 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-04-04 11:10 - 2012-12-03 23:16 - 01837325 _____ () C:\Windows\WindowsUpdate.log
2014-04-04 10:30 - 2013-10-14 13:15 - 07706112 ___SH () C:\Users\7520\Desktop\Thumbs.db
2014-04-04 10:08 - 2012-12-06 10:44 - 00000000 ____D () C:\Users\7520\AppData\Roaming\Skype
2014-04-04 09:40 - 2012-12-05 13:14 - 00000000 ____D () C:\Users\7520\Documents\Outlook-Dateien
2014-04-04 08:03 - 2014-03-03 22:34 - 00001102 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-03 18:30 - 2013-01-18 18:22 - 00000000 ____D () C:\Users\7520\AppData\Roaming\vlc
2014-04-03 16:16 - 2014-04-03 16:16 - 00001268 _____ () C:\Users\7520\Desktop\Revo Uninstaller.lnk
2014-04-03 16:16 - 2014-04-03 16:16 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-04-03 14:42 - 2012-12-03 22:52 - 00010288 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-03 14:42 - 2012-12-03 22:52 - 00010288 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-03 14:36 - 2014-04-03 13:39 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-03 14:33 - 2014-03-12 08:58 - 00003336 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3835128264-2211656678-1279855547-1000
2014-04-03 14:33 - 2014-02-26 08:57 - 00003200 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3835128264-2211656678-1279855547-1000
2014-04-03 14:33 - 2013-09-20 06:11 - 00746431 _____ () C:\Windows\setupact.log
2014-04-03 14:33 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-03 14:32 - 2010-11-21 05:47 - 00419488 _____ () C:\Windows\PFRO.log
2014-04-03 14:31 - 2013-09-01 07:12 - 00000000 ____D () C:\AdwCleaner
2014-04-03 14:27 - 2014-04-03 14:26 - 01426178 _____ () C:\Users\7520\Desktop\adwcleaner.exe
2014-04-03 13:39 - 2014-04-03 13:39 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-03 13:39 - 2014-04-03 13:39 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-03 13:39 - 2013-12-03 08:49 - 00000000 ____D () C:\Users\7520\AppData\Roaming\Malwarebytes
2014-04-03 13:39 - 2013-12-03 08:49 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-03 13:36 - 2014-04-03 13:36 - 01038974 _____ (Thisisu) C:\Users\7520\Desktop\JRT.exe
2014-04-03 12:16 - 2012-12-05 22:24 - 00000000 ____D () C:\Program Files (x86)\JDownloader
2014-04-03 09:42 - 2014-02-21 12:34 - 00000000 ____D () C:\Users\7520\Desktop\musik
2014-04-03 09:30 - 2014-04-03 09:30 - 02157056 _____ (Farbar) C:\Users\7520\Desktop\FRST64.exe
2014-04-03 09:26 - 2013-12-20 20:51 - 00000408 _____ () C:\Users\7520\AppData\Roaming\CamShapes.ini
2014-04-03 09:26 - 2013-12-20 20:51 - 00000408 _____ () C:\Users\7520\AppData\Roaming\CamLayout.ini
2014-04-03 09:26 - 2013-12-20 20:51 - 00000102 _____ () C:\Users\7520\AppData\Roaming\Camdata.ini
2014-04-03 09:26 - 2013-12-20 20:09 - 00004534 _____ () C:\Users\7520\AppData\Roaming\CamStudio.cfg
2014-04-03 09:25 - 2013-12-20 20:03 - 00000000 ____D () C:\Users\7520\Documents\My CamStudio Temp Files
2014-04-03 09:12 - 2013-12-20 20:02 - 00000096 _____ () C:\Users\7520\AppData\Roaming\version2.xml
2014-04-03 07:52 - 2012-12-07 12:17 - 00010240 ____H () C:\Users\7520\Desktop\photothumb.db
2014-04-02 07:46 - 2014-03-03 22:34 - 00004102 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-04-02 07:46 - 2014-03-03 22:34 - 00003850 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-04-02 07:17 - 2012-12-03 23:33 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-04-01 09:08 - 2013-02-27 18:02 - 00000000 ____D () C:\output
2014-03-31 09:46 - 2014-03-31 09:46 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-28 15:05 - 2013-10-17 19:18 - 00000069 _____ () C:\Windows\NeroDigital.ini
2014-03-27 19:40 - 2012-12-04 14:48 - 00000000 ____D () C:\Users\7520\AppData\Roaming\uTorrent
2014-03-26 09:03 - 2009-07-14 07:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-03-25 15:33 - 2014-01-23 08:52 - 00000000 ____D () C:\Users\7520\Desktop\nägel
2014-03-20 17:42 - 2012-12-04 14:47 - 00000150 _____ () C:\Users\7520\Desktop\verkleinerer.set
2014-03-19 12:07 - 2012-12-04 15:05 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-03-19 12:06 - 2013-08-14 11:02 - 00000000 ____D () C:\Windows\system32\MRT
2014-03-19 12:01 - 2012-10-11 01:16 - 90015360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-03-19 08:27 - 2012-11-14 14:38 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-19 08:27 - 2012-11-14 14:38 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-14 07:46 - 2009-07-14 06:45 - 00460120 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-14 07:44 - 2013-03-29 21:57 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-14 07:44 - 2013-03-29 21:57 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-03-11 10:46 - 2014-03-11 10:46 - 00002699 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-03-11 10:46 - 2014-03-11 10:46 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-03-11 10:46 - 2014-03-11 10:46 - 00000000 ____D () C:\Users\7520\AppData\Local\Skype
2014-03-11 10:46 - 2012-12-06 10:43 - 00000000 ____D () C:\ProgramData\Skype
2014-03-05 09:26 - 2014-04-03 13:39 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-03-05 09:26 - 2014-04-03 13:39 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-03-05 09:26 - 2013-12-03 08:49 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

Files to move or delete:
====================
C:\Users\7520\AppData\Roaming\CamLayout.ini
C:\Users\7520\AppData\Roaming\CamShapes.ini


Some content of TEMP:
====================
C:\Users\7520\AppData\Local\Temp\56331uninstall.exe
C:\Users\7520\AppData\Local\Temp\avgnt.exe
C:\Users\7520\AppData\Local\Temp\BackupSetup.exe
C:\Users\7520\AppData\Local\Temp\Cloud_Backup_Setup.exe
C:\Users\7520\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\7520\AppData\Local\Temp\Quarantine.exe
C:\Users\7520\AppData\Local\Temp\rmskfi98.exe
C:\Users\7520\AppData\Local\Temp\Sqlite3.dll


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-03-30 08:37

==================== End Of Log ============================
--- --- ---

--- --- ---

schrauber 05.04.2014 10:41
Zitat:
sh=6535EF1963B5B6CEE0990224524F94C314EA960A ft=1 fh=c71c00117cfe6f75 vn="Win32/BHO.OEY trojan" ac=I fn="C:\Windows\System32\dbbgeng.dll"
sh=6535EF1963B5B6CEE0990224524F94C314EA960A ft=1 fh=c71c00117cfe6f75 vn="Win32/BHO.OEY trojan" ac=I fn="C:\Windows\System32\difxapii.dll"
sh=6535EF1963B5B6CEE0990224524F94C314EA960A ft=1 fh=c71c00117cfe6f75 vn="Win32/BHO.OEY trojan" ac=I fn="C:\Windows\System32\dimsjobb.dll"
sh=6535EF1963B5B6CEE0990224524F94C314EA960A ft=1 fh=c71c00117cfe6f75 vn="Win32/BHO.OEY trojan" ac=I fn="C:\Windows\System32\dimsroamm.dll"
sh=6535EF1963B5B6CEE0990224524F94C314EA960A ft=1 fh=c71c00117cfe6f75 vn="Win32/BHO.OEY trojan" ac=I fn="C:\Windows\System32\dinputt.dll"
sh=6535EF1963B5B6CEE0990224524F94C314EA960A ft=1 fh=c71c00117cfe6f75 vn="Win32/BHO.OEY trojan" ac=I fn="C:\Windows\SysWOW64\dbbgeng.dll"
sh=6535EF1963B5B6CEE0990224524F94C314EA960A ft=1 fh=c71c00117cfe6f75 vn="Win32/BHO.OEY trojan" ac=I fn="C:\Windows\SysWOW64\difxapii.dll"
sh=6535EF1963B5B6CEE0990224524F94C314EA960A ft=1 fh=c71c00117cfe6f75 vn="Win32/BHO.OEY trojan" ac=I fn="C:\Windows\SysWOW64\dimsjobb.dll"
sh=6535EF1963B5B6CEE0990224524F94C314EA960A ft=1 fh=c71c00117cfe6f75 vn="Win32/BHO.OEY trojan" ac=I fn="C:\Windows\SysWOW64\dimsroamm.dll"
sh=6535EF1963B5B6CEE0990224524F94C314EA960A ft=1 fh=c71c00117cfe6f75 vn="Win32/BHO.OEY trojan" ac=I fn="C:\Windows\SysWOW64\dinputt.dll"
Diese Dateien mal bitte bei www.virustotal.com scannen lassen, Link zu den Ergebnissen hier posten.

sweetboy200 05.04.2014 14:23
https://www.virustotal.com/de/file/528dd8aac5830f1e0484a3bcca4535aac84eb376a23d9c8a9957277c3d5fc9b9/analysis/1396703032/

https://www.virustotal.com/de/file/7b24e38addeedd9168d0c87275ac0936d0a4f1195810f9736118076589bc18ba/analysis/1396703154/

https://www.virustotal.com/de/file/197fee8f02de348e75771ac9ad748efb29939f1aaf02da6555181eef787fd099/analysis/1396703283/

https://www.virustotal.com/de/file/606ad1279c118dbc10088fdbf95e950f0730c37d89efd5d95c8cf4ad23b99743/analysis/1396704419/

https://www.virustotal.com/de/file/528dd8aac5830f1e0484a3bcca4535aac84eb376a23d9c8a9957277c3d5fc9b9/analysis/1396703405/

https://www.virustotal.com/de/file/e999ffc31ac55974d64cbc02871681f623975af5ff9f98ed7fb355def3ce082f/analysis/1396703530/


https://www.virustotal.com/de/file/ef7ff7cfaeb5d930eb96b5f81bd60ee23692e24a31650ca72b25164d20f2dae4/analysis/1396703736/


https://www.virustotal.com/de/file/7b24e38addeedd9168d0c87275ac0936d0a4f1195810f9736118076589bc18ba/analysis/1396703846/

https://www.virustotal.com/de/file/528dd8aac5830f1e0484a3bcca4535aac84eb376a23d9c8a9957277c3d5fc9b9/analysis/1396703961/

https://www.virustotal.com/de/file/528dd8aac5830f1e0484a3bcca4535aac84eb376a23d9c8a9957277c3d5fc9b9/analysis/1396704061/

https://www.virustotal.com/de/file/528dd8aac5830f1e0484a3bcca4535aac84eb376a23d9c8a9957277c3d5fc9b9/analysis/1396704163/

schrauber 06.04.2014 12:15
Fertig :)

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.



Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun :)

Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.


Alle Zeitangaben in WEZ +1. Es ist jetzt 13:16 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131