Trojaner-Board - Erweiterung "Download Protect 2.2.0" im Firefox läßt sich nicht entfernen

Trojaner-Board (https://www.trojaner-board.de/)

- Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)

- - Erweiterung "Download Protect 2.2.0" im Firefox läßt sich nicht entfernen (https://www.trojaner-board.de/152188-erweiterung-download-protect-2-2-0-firefox-laesst-entfernen.html)

Erweiterung "Download Protect 2.2.0" im Firefox läßt sich nicht entfernen

Hallo Trojaner Board Team,

habe das Problem, daß in meinem Firefox die Erweiterung Download Protect 2.2.0 sich nicht entfernen läßt und zusätzliuch der ABP immer wieder verschwindet.
Könnt ihr mir da helfen?

Vielen Dank schonmal für euren tollen Service!

Code:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014 (ATTENTION: ====> FRST version is 26 days old and could be outdated)

Ran by DKay (administrator) on DKAY-1 on 08-04-2014 09:07:38

Running from C:\Users\DKay\Desktop

Windows 7 Enterprise Service Pack 1 (X64) OS Language: German Standard

Internet Explorer Version 11

Boot Mode: Normal
 

The only official download link for FRST:

Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ 

Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ 

Download link from any site other than Bleeping Computer is unpermitted or outdated.

See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 

==================== Processes (Whitelisted) =================
 

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

() C:\Windows\system32\wtdchngr.exe

() C:\Windows\System32\GFilterSvc.exe

(Aladdin Knowledge Systems Ltd.) C:\Windows\system32\hasplms.exe

(hMailServer) C:\Program Files (x86)\hMailServer\Bin\hMailServer.exe

(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe

(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe

(Protexis Inc.) c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe

() C:\Program Files\CyberLink\Shared files\RichVideo64.exe

(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe

(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe

(Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe

(Intel Corporation) C:\Windows\System32\igfxtray.exe

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe

(Dropbox, Inc.) C:\Users\DKay\AppData\Roaming\Dropbox\bin\Dropbox.exe

(shbox.de) C:\Program Files (x86)\FreePDF_XP\fpassist.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe

(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe

(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe

(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe

(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe

(TeamViewer GmbH) c:\program files (x86)\teamviewer\version9\TeamViewer_Desktop.exe

(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
 
 

==================== Registry (Whitelisted) ==================
 

HKLM\...\Run: [LogMeIn GUI] - C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe [57928 2011-09-16] (LogMeIn, Inc.)

HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472992 2013-03-21] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [NBAgent] - C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe [1234216 2010-04-03] (Nero AG)

HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)

HKLM-x32\...\Run: [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [FreePDF Assistant] - C:\Program Files (x86)\FreePDF_XP\fpassist.exe [371200 2011-02-23] (shbox.de)

HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-20] (Avira Operations GmbH & Co. KG)

HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)

HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-09-17] (Apple Inc.)

HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)

Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

HKU\S-1-5-21-4429514-2100052734-335998099-1000\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3672384 2012-04-11] (DT Soft Ltd)

HKU\S-1-5-21-4429514-2100052734-335998099-1000\...\Run: [AdobeBridge] - [X]

Startup: C:\Users\DKay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

ShortcutTarget: Dropbox.lnk -> C:\Users\DKay\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
 

==================== Internet (Whitelisted) ====================
 

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www1.delta-search.com/?babsrc=HP_ss&mntrId=8C7550E549B64969&affID=119828&tsp=4956

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xB771045ECC6ACE01

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE

SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.google.de/search?q={searchTerms}&hl=de&gl=de&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}

SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.google.de/search?q={searchTerms}&hl=de&gl=de&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}

SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.google.de/search?q={searchTerms}&hl=de&gl=de&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}

SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.google.de/search?q={searchTerms}&hl=de&gl=de&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}

BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

DPF: HKLM {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://javadl-esd.oracle.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab

DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab

Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} -  No File

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
 

FireFox:

========

FF ProfilePath: C:\Users\DKay\AppData\Roaming\Mozilla\Firefox\Profiles\8yexz7jt.default

FF user.js: detected! => C:\Users\DKay\AppData\Roaming\Mozilla\Firefox\Profiles\8yexz7jt.default\user.js

FF DefaultSearchEngine: Google

FF NetworkProxy: "http", "200.129.0.162"

FF NetworkProxy: "http_port", 3128

FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()

FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)

FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()

FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @videolan.org/vlc,version=2.1.0 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml

FF HKLM-x32\...\Firefox\Extensions: [{EE5C60B4-3A12-4A24-A7A1-44C5DCCF538A}] - C:\Windows\Installer\{EE1E355C-ACA8-4480-B802-708549F6984B}\{EE5C60B4-3A12-4A24-A7A1-44C5DCCF538A}.xpi

FF Extension: Download Protect - C:\Windows\Installer\{EE1E355C-ACA8-4480-B802-708549F6984B}\{EE5C60B4-3A12-4A24-A7A1-44C5DCCF538A}.xpi [2014-04-08]

FF HKCU\...\Firefox\Extensions: [{0ce6ac61-48e9-426f-9268-6f1e8ece06da}] - C:\Program Files (x86)\LyricsSeeker\131.xpi
 

==================== Services (Whitelisted) =================
 

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)

R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)

R2 dxdiag32; C:\Windows\system32\wtdchngr.exe [117760 2013-07-28] ()

R2 GFilterSvc; C:\Windows\System32\GFilterSvc.exe [121856 2013-07-27] ()

R2 hMailServer; C:\Program Files (x86)\hMailServer\Bin\hMailServer.exe [6069760 2013-06-02] (hMailServer)

R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [376144 2014-01-23] (LogMeIn, Inc.)

R2 LMIMaint; C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe [226640 2014-01-23] (LogMeIn, Inc.)

R2 LogMeIn; C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe [407424 2011-09-16] (LogMeIn, Inc.)

R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390672 2012-12-21] ()

R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
 

==================== Drivers (Whitelisted) ====================
 

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-12] (Avira Operations GmbH & Co. KG)

R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-12] (Avira Operations GmbH & Co. KG)

R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-25] (Avira Operations GmbH & Co. KG)

R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-04-13] (DT Soft Ltd)

R2 Hardlock; C:\Windows\SysWOW64\drivers\hardlock.sys [676864 2004-07-14] (Aladdin Knowledge Systems)

R2 LMIInfo; C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [16056 2013-05-31] (LogMeIn, Inc.)

S4 LMIRfsClientNP; No ImagePath

S3 tapoas; C:\Windows\System32\DRIVERS\tapoas.sys [30720 2011-08-19] (The OpenVPN Project)

S3 gdrv; \??\C:\Windows\gdrv.sys [X]

S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 

==================== NetSvcs (Whitelisted) ===================
 
 

==================== One Month Created Files and Folders ========
 

2014-04-08 09:07 - 2014-04-08 09:07 - 00012827 _____ () C:\Users\DKay\Desktop\FRST.txt

2014-04-08 09:07 - 2014-04-08 09:07 - 00000000 ____D () C:\FRST

2014-04-08 09:03 - 2014-04-08 09:03 - 02157056 _____ (Farbar) C:\Users\DKay\Desktop\FRST64.exe

2014-03-30 18:03 - 2014-03-30 18:03 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

2014-03-29 00:11 - 2014-03-29 00:11 - 00018176 _____ () C:\Users\DKay\Documents\cc_20140328_231115.reg

2014-03-29 00:01 - 2014-03-29 00:05 - 00000000 ____D () C:\AdwCleaner

2014-03-29 00:01 - 2014-03-29 00:01 - 01950720 _____ () C:\Users\DKay\Downloads\adwcleaner.exe

2014-03-28 23:50 - 2014-03-28 23:50 - 00613200 _____ (Chip Digital GmbH) C:\Users\DKay\Downloads\CCleaner - CHIP-Downloader.exe

2014-03-27 07:14 - 2014-04-08 06:21 - 00000728 __RSH () C:\ProgramData\ntuser.pol

2014-03-19 07:20 - 2014-03-19 08:42 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird

2014-03-12 06:52 - 2014-03-01 08:05 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-03-12 06:52 - 2014-03-01 07:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-03-12 06:52 - 2014-03-01 07:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll

2014-03-12 06:52 - 2014-03-01 06:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2014-03-12 06:52 - 2014-03-01 06:52 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2014-03-12 06:52 - 2014-03-01 06:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll

2014-03-12 06:52 - 2014-03-01 06:42 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2014-03-12 06:52 - 2014-03-01 06:40 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2014-03-12 06:52 - 2014-03-01 06:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2014-03-12 06:52 - 2014-03-01 06:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2014-03-12 06:52 - 2014-03-01 06:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe

2014-03-12 06:52 - 2014-03-01 06:32 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll

2014-03-12 06:52 - 2014-03-01 06:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2014-03-12 06:52 - 2014-03-01 06:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe

2014-03-12 06:52 - 2014-03-01 06:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2014-03-12 06:52 - 2014-03-01 06:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2014-03-12 06:52 - 2014-03-01 06:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2014-03-12 06:52 - 2014-03-01 05:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2014-03-12 06:52 - 2014-03-01 05:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2014-03-12 06:52 - 2014-03-01 05:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll

2014-03-12 06:52 - 2014-03-01 05:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2014-03-12 06:52 - 2014-03-01 05:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2014-03-12 06:52 - 2014-03-01 05:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2014-03-12 06:52 - 2014-03-01 05:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2014-03-12 06:52 - 2014-03-01 05:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2014-03-12 06:52 - 2014-03-01 05:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2014-03-12 06:52 - 2014-03-01 05:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll

2014-03-12 06:52 - 2014-03-01 05:35 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2014-03-12 06:52 - 2014-03-01 05:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2014-03-12 06:52 - 2014-03-01 05:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

2014-03-12 06:52 - 2014-03-01 05:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2014-03-12 06:52 - 2014-03-01 05:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2014-03-12 06:52 - 2014-03-01 05:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2014-03-12 06:52 - 2014-03-01 05:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2014-03-12 06:52 - 2014-03-01 04:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2014-03-12 06:52 - 2014-03-01 04:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2014-03-12 06:52 - 2014-03-01 04:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2014-03-12 06:52 - 2014-03-01 04:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2014-03-12 06:52 - 2014-03-01 04:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2014-03-12 06:52 - 2014-03-01 04:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

2014-03-12 06:52 - 2014-02-07 03:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2014-03-12 06:52 - 2014-01-29 04:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll

2014-03-12 06:52 - 2014-01-29 04:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll

2014-03-12 06:52 - 2014-01-28 04:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll

2014-03-12 06:51 - 2014-02-04 04:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll

2014-03-12 06:51 - 2014-02-04 04:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll

2014-03-12 06:51 - 2014-02-04 04:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll

2014-03-12 06:51 - 2014-02-04 04:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
 

==================== One Month Modified Files and Folders =======
 

2014-04-08 09:07 - 2014-04-08 09:07 - 00012827 _____ () C:\Users\DKay\Desktop\FRST.txt

2014-04-08 09:07 - 2014-04-08 09:07 - 00000000 ____D () C:\FRST

2014-04-08 09:07 - 2009-07-14 06:45 - 00028944 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-04-08 09:07 - 2009-07-14 06:45 - 00028944 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-04-08 09:03 - 2014-04-08 09:03 - 02157056 _____ (Farbar) C:\Users\DKay\Desktop\FRST64.exe

2014-04-08 06:23 - 2010-11-21 08:22 - 00699432 _____ () C:\Windows\system32\perfh007.dat

2014-04-08 06:23 - 2010-11-21 08:22 - 00149572 _____ () C:\Windows\system32\perfc007.dat

2014-04-08 06:23 - 2009-07-14 07:13 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-04-08 06:21 - 2014-03-27 07:14 - 00000728 __RSH () C:\ProgramData\ntuser.pol

2014-04-08 06:21 - 2011-10-19 20:04 - 01881496 _____ () C:\Windows\WindowsUpdate.log

2014-04-08 06:19 - 2012-11-13 13:20 - 00000000 ___RD () C:\Users\DKay\Dropbox

2014-04-08 06:19 - 2012-11-13 12:38 - 00000000 ____D () C:\Users\DKay\AppData\Roaming\Dropbox

2014-04-08 06:19 - 2011-10-19 20:36 - 00000000 ____D () C:\ProgramData\LogMeIn

2014-04-08 06:19 - 2009-07-14 06:51 - 00077227 _____ () C:\Windows\setupact.log

2014-04-07 09:45 - 2011-10-28 08:36 - 00000000 ____D () C:\Users\DKay\AppData\Roaming\vlc

2014-04-01 11:46 - 2012-10-16 08:30 - 00000000 ____D () C:\Users\DKay\AppData\Local\FreePDF_XP

2014-03-31 06:21 - 2012-05-06 01:56 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service

2014-03-30 18:03 - 2014-03-30 18:03 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

2014-03-29 00:11 - 2014-03-29 00:11 - 00018176 _____ () C:\Users\DKay\Documents\cc_20140328_231115.reg

2014-03-29 00:05 - 2014-03-29 00:01 - 00000000 ____D () C:\AdwCleaner

2014-03-29 00:01 - 2014-03-29 00:01 - 01950720 _____ () C:\Users\DKay\Downloads\adwcleaner.exe

2014-03-28 23:51 - 2013-09-27 10:31 - 00000000 ____D () C:\Program Files\CCleaner

2014-03-28 23:50 - 2014-03-28 23:50 - 00613200 _____ (Chip Digital GmbH) C:\Users\DKay\Downloads\CCleaner - CHIP-Downloader.exe

2014-03-27 07:14 - 2009-07-14 05:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy

2014-03-19 08:42 - 2014-03-19 07:20 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird

2014-03-18 22:38 - 2013-08-16 06:23 - 00000000 ____D () C:\Windows\system32\MRT

2014-03-18 22:37 - 2011-10-29 15:09 - 90015360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2014-03-18 20:32 - 2013-09-27 10:10 - 00000000 ____D () C:\Program Files (x86)\JDownloader

2014-03-13 04:16 - 2009-07-14 06:45 - 05010928 _____ () C:\Windows\system32\FNTCACHE.DAT

2014-03-12 06:49 - 2012-04-06 09:21 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2014-03-12 06:49 - 2012-04-06 09:21 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2014-03-12 06:49 - 2011-10-20 07:54 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
 

Some content of TEMP:

====================

C:\Users\DKay\AppData\Local\Temp\avgnt.exe
 
 

==================== Bamital & volsnap Check =================
 

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\rpcss.dll => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 

LastRegBack: 2013-09-01 00:30
 

==================== End Of Log ============================

Code:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014

Ran by DKay at 2014-04-08 09:07:51

Running from C:\Users\DKay\Desktop

Boot Mode: Normal

==========================================================
 
 

==================== Security Center ========================
 

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}

AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 

==================== Installed Programs ======================
 

64 Bit HP CIO Components Installer (Version: 13.2.1 - Hewlett-Packard) Hidden

ACDSee Pro 3 (HKLM-x32\...\{1B280FAF-AE10-4E31-A41A-DB3917D651DC}) (Version: 3.0.475 - ACD Systems International Inc.)

Adobe After Effects CC (HKLM-x32\...\{317243C1-6580-4F43-AED7-37D4438C3DD5}) (Version: 12 - Adobe Systems Incorporated)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.3.9120 - Adobe Systems Inc.)

Adobe AIR (x32 Version: 1.5.3.9120 - Adobe Systems Inc.) Hidden

Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.0.0.400 - Adobe Systems Incorporated)

Adobe Community Help (x32 Version: 3.0.0 - Adobe Systems Incorporated) Hidden

Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.8.800.94 - Adobe Systems Incorporated)

Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)

Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated)

Adobe Media Player (x32 Version: 1.8 - Adobe Systems Incorporated) Hidden

Adobe Photoshop CS5 (HKLM-x32\...\{15FEDA5F-141C-4127-8D7E-B962D1742728}) (Version: 12.0 - Adobe Systems Incorporated)

Adobe Photoshop Lightroom 5.3 64-bit (HKLM\...\{2DD71ACB-552D-402C-9529-7906ACB95C30}) (Version: 5.3.1 - Adobe Systems Incorporated)

Adobe Reader X (10.1.9) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)

Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)

Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)

Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)

Arduino (HKLM-x32\...\Arduino) (Version: 1.0.5 - Arduino LLC)

Artisteer 4 (HKLM-x32\...\Artisteer 4) (Version: 4.1 - Extensoft)

Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.3.350 - Avira)

Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)

Canon MG5200 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5200_series) (Version:  - )

CCleaner (HKLM\...\CCleaner) (Version: 4.12 - Piriform)

CD-LabelPrint (HKLM-x32\...\MediaNavigation.CDLabelPrint) (Version:  - )

Corel Graphics - Windows Shell Extension (HKLM-x32\...\_{B6BFCD02-BA0E-41A9-9C9C-6624C4BB475F}) (Version: 15.2.0.686 - Corel Corporation)

Corel Graphics - Windows Shell Extension (x32 Version: 15.2.686 - Corel Corporation) Hidden

Corel Graphics - Windows Shell Extension 64 Bit (Version: 15.2.686 - Corel Corporation) Hidden

CorelDRAW Graphics Suite X5 - Capture (x32 Version: 15.3 - Corel Corporation) Hidden

CorelDRAW Graphics Suite X5 - Common (x32 Version: 15.3 - Corel Corporation) Hidden

CorelDRAW Graphics Suite X5 - Connect (x32 Version: 15.3 - Corel Corporation) Hidden

CorelDRAW Graphics Suite X5 - Custom Data (x32 Version: 15.3 - Corel Corporation) Hidden

CorelDRAW Graphics Suite X5 - DE (x32 Version: 15.3 - Corel Corporation) Hidden

CorelDRAW Graphics Suite X5 - Draw (x32 Version: 15.3 - Corel Corporation) Hidden

CorelDRAW Graphics Suite X5 - Filters (x32 Version: 15.3 - Corel Corporation) Hidden

CorelDRAW Graphics Suite X5 - FontNav (x32 Version: 15.3 - Corel Corporation) Hidden

CorelDRAW Graphics Suite X5 - IPM (x32 Version: 15.3 - Corel Corporation) Hidden

CorelDRAW Graphics Suite X5 - PHOTO-PAINT (x32 Version: 15.3 - Corel Corporation) Hidden

CorelDRAW Graphics Suite X5 - Photozoom Plugin (x32 Version: 15.3 - Corel Corporation) Hidden

CorelDRAW Graphics Suite X5 - Redist (x32 Version: 15.3 - Corel Corporation) Hidden

CorelDRAW Graphics Suite X5 - Setup Files (x32 Version: 15.3 - Corel Corporation) Hidden

CorelDRAW Graphics Suite X5 - VBA (x32 Version: 15.3 - Corel Corporation) Hidden

CorelDRAW Graphics Suite X5 - VideoBrowser (x32 Version: 15.3 - Corel Corporation) Hidden

CorelDRAW Graphics Suite X5 - VSTA (x32 Version: 15.3 - Corel Corporation) Hidden

CorelDRAW Graphics Suite X5 - WT (x32 Version: 15.3 -  Corel Corporation) Hidden

CorelDRAW Graphics Suite X5 (x32 Version: 15.3 - Corel Corporation) Hidden

CorelDRAW(R) Graphics Suite X5 (HKLM-x32\...\_{CE54DCE1-E00A-4D91-ACB9-A2D916C24051}) (Version: 15.2.0.686 - Corel Corporation)

CyberLink PowerDirector 11 (HKLM-x32\...\InstallShield_{551F492A-01B0-4DC4-866F-875EC4EDC0A8}) (Version: 11.0.0.2812 - CyberLink Corp.)

CyberLink PowerDirector 11 (Version: 11.0.0.2812 - Ihr Firmenname) Hidden

CyberLink PowerDirector 11 Content Pack Essential (HKLM-x32\...\InstallShield_{03AD770A-1530-437E-967F-ADD4E5B23164}) (Version: 11 - CyberLink Corp.)

CyberLink PowerDirector 11 Content Pack Essential (x32 Version: 11 - CyberLink Corp.) Hidden

CyberLink PowerDirector 11 Content Pack Premium (HKLM-x32\...\InstallShield_{37672760-7930-4911-9685-227E29AE2C55}) (Version: 11 - CyberLink Corp.)

CyberLink PowerDirector 11 Content Pack Premium (x32 Version: 11 - CyberLink Corp.) Hidden

CyberLink WaveEditor 2 (HKLM-x32\...\InstallShield_{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}) (Version: 2.0.3206 - CyberLink Corp.)

CyberLink WaveEditor 2 (x32 Version: 2.0.3206 - CyberLink Corp.) Hidden

DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.45.4.0314 - DT Soft Ltd)

Dropbox (HKCU\...\Dropbox) (Version: 2.4.11 - Dropbox, Inc.)

Etron USB3.0 Host Controller (HKLM-x32\...\InstallShield_{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}) (Version: 0.101 - Etron Technology)

Etron USB3.0 Host Controller (x32 Version: 0.101 - Etron Technology) Hidden

FixFoto 3.00 (HKLM-x32\...\FixFoto_is1) (Version:  - Joachim Koopmann Software)

FreePDF (Remove only) (HKLM-x32\...\FreePDF_XP) (Version:  - )

G-Filter (HKCU\...\{206a7328-437f-4bd9-b53e-12bfee24d588}) (Version:  - G-Filter)

GoPro Studio 2.0.0 (HKLM-x32\...\GoPro Studio) (Version: 2.0.0 - WoodmanLabs Inc. d.b.a. GoPro)

GPL Ghostscript (HKLM\...\GPL Ghostscript 9.04) (Version: 9.04 - Artifex Software Inc.)

HASP SRM Run-time (HKLM-x32\...\{2A414CBE-CDF3-48C6-A91B-D3D4522F8EB5}) (Version: 3.50.1.8213 - Aladdin Knowledge Systems Ltd. ® 1985-2008.)

High-Definition Video Playback 10 (x32 Version: 7.0.11400.29.0 - Nero AG) Hidden

HitFilm 2 Express (HKLM\...\{A6E81EFB-2A19-4B5B-8C48-D4E5DB3AD547}) (Version: 2.0.2522.46168 - FXhome)

hMailServer 5.4-B1950 (HKLM-x32\...\hMailServer_is1) (Version:  - )

Hotfix für Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789) (HKLM-x32\...\{8E87B944-4815-3C5E-947F-5035C9F64362}.KB947789) (Version: 1 - Microsoft Corporation)

iCloud (HKLM\...\{704C0303-D20C-45AF-BD2B-556EAF31BE09}) (Version: 2.1.2.8 - Apple Inc.)

iTunes (HKLM\...\{F73A118B-8271-47E2-8790-0C636B2539C5}) (Version: 11.1.0.126 - Apple Inc.)

J2SE Runtime Environment 5.0 (HKLM-x32\...\{3248F0A8-6813-11D6-A77B-00B0D0150000}) (Version: 1.5.0 - Sun Microsystems, Inc.)

Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.510 - Oracle)

Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden

Java(TM) 6 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216031FF}) (Version: 6.0.310 - Oracle)

JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)

JDownloader 0.9 (HKLM-x32\...\5513-1208-7298-9440) (Version: 0.9 - AppWork GmbH)

Juniper Networks, Inc. Setup Client (HKCU\...\Juniper_Setup_Client) (Version: 7.1.7.18795 - Juniper Networks, Inc.)

Juniper Networks, Inc. Setup Client Activex Control (HKLM-x32\...\Juniper_Setup_Client Activex Control) (Version: 2.1.1.1 - Juniper Networks, Inc.)

Kolor Autopano Giga 2.5 (HKLM\...\AutopanoGiga2.5) (Version: V2.5.2 - Kolor)

LightScribe System Software (HKLM-x32\...\{82EF29B1-9B60-4142-A155-0599216DD053}) (Version: 1.18.6.1 - LightScribe)

LogMeIn (HKLM-x32\...\{E217A3D4-2FF9-4D5F-9C20-1386E0FF9864}) (Version: 4.1.1890 - LogMeIn, Inc.)

Medieval CUE Splitter (HKLM-x32\...\{B96D2269-568B-4CBF-9332-12FAE8B158F7}) (Version: 1.2.0 - Medieval Software)

Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden

Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)

Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)

Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden

Microsoft Office Professional Edition 2003 (HKLM-x32\...\{90110407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.5614.0 - Microsoft Corporation)

Microsoft Primary Interoperability Assemblies 2005 (HKLM-x32\...\{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}) (Version: 8.0.50727.42 - Microsoft Corporation)

Microsoft SQL Server Compact 3.5 ENU (HKLM-x32\...\{BCC899FE-2DAA-460C-A5FB-60291E73D9C3}) (Version: 3.5.5386.0 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual Studio Tools for Applications 2.0 - ENU (HKLM-x32\...\{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual Studio Tools for Applications 2.0 Language Pack - DEU (HKLM-x32\...\{8E87B944-4815-3C5E-947F-5035C9F64362}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual Studio Tools for Applications 2.0 Runtime (HKLM-x32\...\{299C0434-4F4E-341F-A916-4E07AEB35E79}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual Studio Tools for Applications 2.0 Runtime Language Pack - DEU (HKLM-x32\...\{76DAEC83-AF7B-333C-8A53-83D7C7D39199}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft_VC80_ATL_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden

Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden

Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden

Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden

Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden

Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden

Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden

Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053 - Adobe) Hidden

Microsoft_VC90_ATL_x86 (x32 Version: 1.00.0000 - Adobe) Hidden

Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000 - Adobe) Hidden

Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden

Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000 - Adobe) Hidden

Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden

Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000 - Adobe) Hidden

Mozilla Firefox 28.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 28.0 (x86 de)) (Version: 28.0 - Mozilla)

Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)

Mozilla Thunderbird 24.4.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 24.4.0 (x86 de)) (Version: 24.4.0 - Mozilla)

MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)

MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)

Nero 10 Menu TemplatePack Basic (x32 Version: 10.0.10600.6.0 - Nero AG) Hidden

Nero 10 Movie ThemePack Basic (x32 Version: 10.0.10600.6.0 - Nero AG) Hidden

Nero BackItUp 10 (HKLM-x32\...\{68AB6930-5BFF-4FF6-923B-516A91984FE6}) (Version: 5.4.11800.21.100 - Nero AG)

Nero BackItUp 10 Help (CHM) (x32 Version: 1.0.10700 - Nero AG) Hidden

Nero Burning ROM 10 (HKLM-x32\...\{7A5D731D-B4B3-490E-B339-75685712BAAB}) (Version: 10.0.11100.10.100 - Nero AG)

Nero BurningROM 10 Help (CHM) (x32 Version: 1.0.10700 - Nero AG) Hidden

Nero BurnRights 10 (HKLM-x32\...\{943CFD7D-5336-47AF-9418-E02473A5A517}) (Version: 4.0.11000.12.100 - Nero AG)

Nero BurnRights 10 Help (CHM) (x32 Version: 1.0.10600 - Nero AG) Hidden

Nero Control Center 10 (x32 Version: 10.0.12000.1.4 - Nero AG) Hidden

Nero ControlCenter 10 Help (CHM) (x32 Version: 1.0.10700 - Nero AG) Hidden

Nero Core Components 10 (x32 Version: 2.0.13700.0.1 - Nero AG) Hidden

Nero CoverDesigner 10 (HKLM-x32\...\{FCF00A6E-FB58-477A-ABE9-232907105521}) (Version: 5.0.10900.11.100 - Nero AG)

Nero CoverDesigner 10 Help (CHM) (x32 Version: 1.0.10600 - Nero AG) Hidden

Nero DiscSpeed 10 (HKLM-x32\...\{34490F4E-48D0-492E-8249-B48BECF0537C}) (Version: 6.0.10800.7.100 - Nero AG)

Nero DiscSpeed 10 Help (CHM) (x32 Version: 1.0.10600 - Nero AG) Hidden

Nero Dolby Files 10 (x32 Version: 2.0.11000.0.10 - Nero AG) Hidden

Nero Express 10 (HKLM-x32\...\{70550193-1C22-445C-8FA4-564E155DB1A7}) (Version: 10.0.11000.10.100 - Nero AG)

Nero Express 10 Help (CHM) (x32 Version: 1.0.10700 - Nero AG) Hidden

Nero InfoTool 10 (HKLM-x32\...\{F412B4AF-388C-4FF5-9B2F-33DB1C536953}) (Version: 7.0.10800.8.100 - Nero AG)

Nero InfoTool 10 Help (CHM) (x32 Version: 1.0.10600 - Nero AG) Hidden

Nero MediaHub 10 (HKLM-x32\...\{1F7FB68F-52F6-46A3-B42F-38CE46295AE5}) (Version: 1.0.13400.11.100 - Nero AG)

Nero MediaHub 10 Help (CHM) (x32 Version: 1.0.10700 - Nero AG) Hidden

Nero Multimedia Suite 10 (HKLM-x32\...\{277C1559-4CF7-44FF-8D07-98AA9C13AABD}) (Version: 10.0.13200 - Nero AG)

Nero Recode 10 (HKLM-x32\...\{8ECEC853-5C3D-4B10-B5C7-FF11FF724807}) (Version: 4.6.10900.4.100 - Nero AG)

Nero Recode 10 Help (CHM) (x32 Version: 1.0.10600 - Nero AG) Hidden

Nero RescueAgent 10 (HKLM-x32\...\{E337E787-CF61-4B7B-B84F-509202A54023}) (Version: 3.0.10900.9.100 - Nero AG)

Nero RescueAgent 10 Help (CHM) (x32 Version: 1.0.10700 - Nero AG) Hidden

Nero SoundTrax 10 (HKLM-x32\...\{E1EE5339-5D32-458F-BAAB-B19F6301BCE2}) (Version: 4.6.10600.2.100 - Nero AG)

Nero SoundTrax 10 Help (CHM) (x32 Version: 1.0.10600 - Nero AG) Hidden

Nero StartSmart 10 (HKLM-x32\...\{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}) (Version: 10.0.11200.12.100 - Nero AG)

Nero StartSmart 10 Help (CHM) (x32 Version: 1.0.10700 - Nero AG) Hidden

Nero Update (HKLM-x32\...\{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}) (Version: 1.0.0017 - Nero AG)

Nero Vision 10 (HKLM-x32\...\{9A4297F3-2A51-4ED9-92CA-4BCB8380947E}) (Version: 7.0.11100.8.100 - Nero AG)

Nero Vision 10 Help (CHM) (x32 Version: 1.0.10600 - Nero AG) Hidden

Nero WaveEditor 10 (HKLM-x32\...\{EDCDFAD5-DF80-4600-A493-E9DAD6810230}) (Version: 5.6.10600.2.100 - Nero AG)

Nero WaveEditor 10 Help (CHM) (x32 Version: 1.0.10600 - Nero AG) Hidden

Newblue Art Effects for PowerDirector (HKLM\...\NewBlue Art Effects for PowerDirector) (Version: 2.0 - NewBlue)

PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden

PIXO RESCUE Version 1.0 (HKLM-x32\...\PIXO RESCUE_is1) (Version:  - TS COMPUTER GMBH)

QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)

Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.45.516.2011 - Realtek)

Recuva (HKLM\...\Recuva) (Version: 1.44 - Piriform)

RedMon - Redirection Port Monitor (HKLM\...\Redirection Port Monitor) (Version:  - )

Resolume Avenue 3.3.2 (HKLM-x32\...\Resolume Avenue 3.3.2_is1) (Version: 3.3.2 - Resolume)

SmartSound Quicktracks 5 (HKLM-x32\...\InstallShield_{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}) (Version: 5.1.8 - SmartSound Software Inc.)

SmartSound Quicktracks 5 (x32 Version: 5.1.8 - SmartSound Software Inc.) Hidden

Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)

TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.27339 - TeamViewer)

Visual Basic for Applications (R) Core - English (x32 Version: 6.4.99.69 - Microsoft Corporation) Hidden

Visual Basic for Applications (R) Core - German (x32 Version: 6.4.99.69 - Microsoft Corporation) Hidden

Visual Basic for Applications (R) Core (x32 Version: 6.4.99.69 - Microsoft Corporation) Hidden

VLC media player 2.1.0 (HKLM-x32\...\VLC media player) (Version: 2.1.0 - VideoLAN)

waterMark V2 (HKLM-x32\...\waterMark V2) (Version:  - )

WebPaperCreator-V1-PROF  1.5 (HKLM-x32\...\{0594CB92-3BBA-468B-9008-12B196D413E1}) (Version:  - One Step To Web)

Windows Driver Package - GoPro (WinUSB) Universal Serial Bus devices  (03/07/2012 ) (HKLM\...\0B624A43DD66DBF5CF3EDFA9741A364E688062A4) (Version: 03/07/2012  - GoPro)

WinRAR 4.01 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.01.0 - win.rar GmbH)
 

==================== Restore Points  =========================
 
 

==================== Hosts content: ==========================
 

2009-07-14 04:34 - 2014-01-01 21:35 - 00003628 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 217.89.105.139

127.0.0.1 192.150.8.60

127.0.0.1 192.150.18.108

127.0.0.1 199.7.52.190

127.0.0.1 192.150.8.60

127.0.0.1 192.150.8.200

127.0.0.1 217.89.105.136

127.0.0.1 217.89.105.139

127.0.0.1 192.168.112.2O7.net
 

There are 57 more lines.
 
 

==================== Scheduled Tasks (whitelisted) =============
 

Task: {70D1969D-C209-45C5-86B3-D5DCBFA187D5} - System32\Tasks\Lyrics Seeker Update => C:\Program Files (x86)\LyricsSeeker\Lupdate.exe <==== ATTENTION

Task: {ABB9F1BB-A0D6-4B93-8FC3-96867C2B18FD} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-12] (Adobe Systems Incorporated)

Task: {EEECB03D-4FC4-4D1C-995A-F79ED8FC6C17} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\Windows\Tasks\Lyrics Seeker Update.job => C:\Program Files (x86)\LyricsSeeker\Lupdate.exe <==== ATTENTION
 

==================== Loaded Modules (whitelisted) =============
 

2012-10-16 08:28 - 2010-06-17 21:56 - 00087040 _____ () C:\Windows\System32\redmonnt.dll

2013-07-27 23:10 - 2013-07-28 23:22 - 00117760 _____ () C:\Windows\system32\wtdchngr.exe

2013-07-27 23:10 - 2013-07-27 23:10 - 00121856 _____ () C:\Windows\System32\GFilterSvc.exe

2011-10-20 14:00 - 2012-12-21 10:42 - 00390672 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe

2011-08-31 19:13 - 2011-08-31 19:13 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll

2013-04-24 06:33 - 2013-04-24 06:26 - 00397704 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll

2011-06-24 22:56 - 2011-06-24 22:56 - 00087328 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

2011-06-24 22:56 - 2011-06-24 22:56 - 01241888 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

2013-10-19 01:55 - 2013-10-19 01:55 - 25100288 _____ () C:\Users\DKay\AppData\Roaming\Dropbox\bin\libcef.dll

2014-03-19 07:20 - 2014-03-19 07:21 - 03018864 _____ () C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll

2014-03-19 07:20 - 2014-03-19 07:21 - 00158832 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAP32V60.dll

2014-03-19 07:20 - 2014-03-19 07:21 - 00023152 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAPPR32V60.dll
 

==================== Alternate Data Streams (whitelisted) =========
 

AlternateDataStreams: C:\ProgramData\TEMP:A5B56640
 

==================== Safe Mode (whitelisted) ===================
 
 

==================== Disabled items from MSCONFIG ==============
 

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^CineForm Status.lnk => C:\Windows\pss\CineForm Status.lnk.CommonStartup

MSCONFIG\startupreg: AdobeCS5ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin

MSCONFIG\startupreg: LightScribe Control Panel => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
 

==================== Faulty Device Manager Devices =============
 
 

==================== Event log errors: =========================
 

Application errors:

==================

Error: (04/08/2014 06:19:31 AM) (Source: WinMgmt) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (04/07/2014 09:15:35 AM) (Source: SideBySide) (User: )

Description: Fehler beim Generieren des Aktivierungskontextes für "sfFavorites,language="&#x2a;",processorArchitecture="x86",type="win32",version="1.0.0.0"1".

Die abhängige Assemblierung "sfFavorites,language="&#x2a;",processorArchitecture="x86",type="win32",version="1.0.0.0"" konnte nicht gefunden werden.

Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
 

Error: (04/07/2014 09:15:35 AM) (Source: SideBySide) (User: )

Description: Fehler beim Generieren des Aktivierungskontextes für "sfFTPLib,language="&#x2a;",processorArchitecture="x86",type="win32",version="2.0.0.0"1".

Die abhängige Assemblierung "sfFTPLib,language="&#x2a;",processorArchitecture="x86",type="win32",version="2.0.0.0"" konnte nicht gefunden werden.

Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
 

Error: (04/07/2014 09:15:34 AM) (Source: SideBySide) (User: )

Description: Fehler beim Generieren des Aktivierungskontextes für "libeay32,language="&#x2a;",processorArchitecture="x86",type="win32",version="1.0.0.0"1".

Die abhängige Assemblierung "libeay32,language="&#x2a;",processorArchitecture="x86",type="win32",version="1.0.0.0"" konnte nicht gefunden werden.

Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
 

Error: (04/07/2014 09:15:34 AM) (Source: SideBySide) (User: )

Description: Fehler beim Generieren des Aktivierungskontextes für "sfFTPLib,language="&#x2a;",processorArchitecture="x86",type="win32",version="2.0.0.0"1".

Die abhängige Assemblierung "sfFTPLib,language="&#x2a;",processorArchitecture="x86",type="win32",version="2.0.0.0"" konnte nicht gefunden werden.

Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
 

Error: (04/07/2014 09:15:34 AM) (Source: SideBySide) (User: )

Description: Fehler beim Generieren des Aktivierungskontextes für "sfFTPLib,language="&#x2a;",processorArchitecture="x86",type="win32",version="2.0.0.0"1".

Die abhängige Assemblierung "sfFTPLib,language="&#x2a;",processorArchitecture="x86",type="win32",version="2.0.0.0"" konnte nicht gefunden werden.

Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
 

Error: (04/07/2014 09:15:34 AM) (Source: SideBySide) (User: )

Description: Fehler beim Generieren des Aktivierungskontextes für "sfFTPLib,language="&#x2a;",processorArchitecture="x86",type="win32",version="2.0.0.0"1".

Die abhängige Assemblierung "sfFTPLib,language="&#x2a;",processorArchitecture="x86",type="win32",version="2.0.0.0"" konnte nicht gefunden werden.

Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
 

Error: (04/07/2014 09:15:34 AM) (Source: SideBySide) (User: )

Description: Fehler beim Generieren des Aktivierungskontextes für "sfFTPLib,language="&#x2a;",processorArchitecture="x86",type="win32",version="2.0.0.0"1".

Die abhängige Assemblierung "sfFTPLib,language="&#x2a;",processorArchitecture="x86",type="win32",version="2.0.0.0"" konnte nicht gefunden werden.

Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
 

Error: (04/07/2014 08:39:02 AM) (Source: WinMgmt) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (04/07/2014 06:18:31 AM) (Source: WinMgmt) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 

System errors:

=============

Error: (04/08/2014 08:28:24 AM) (Source: Service Control Manager) (User: )

Description: Der Dienst "Update WebConnect" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 5000 Millisekunden durchgeführt: Neustart des Diensts.
 

Error: (04/04/2014 07:35:11 PM) (Source: EventLog) (User: )

Description: Das System wurde zuvor am ‎04.‎04.‎2014 um 11:37:43 unerwartet heruntergefahren.
 

Error: (03/20/2014 06:25:20 PM) (Source: Disk) (User: )

Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk4\DR4 gefunden.
 

Error: (03/20/2014 06:25:19 PM) (Source: Disk) (User: )

Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk4\DR4 gefunden.
 

Error: (03/20/2014 06:25:18 PM) (Source: Disk) (User: )

Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk4\DR4 gefunden.
 

Error: (03/08/2014 01:34:47 AM) (Source: Disk) (User: )

Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk4\DR4 gefunden.
 

Error: (03/08/2014 01:34:46 AM) (Source: Disk) (User: )

Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk4\DR4 gefunden.
 

Error: (03/08/2014 01:34:45 AM) (Source: Disk) (User: )

Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk4\DR4 gefunden.
 

Error: (03/01/2014 06:29:49 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT-AUTORITÄT)

Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070643 fehlgeschlagen: Definition Update for Windows Defender - KB915597 (Definition 1.167.838.0)
 

Error: (02/25/2014 06:36:38 PM) (Source: EventLog) (User: )

Description: Das System wurde zuvor am ‎25.‎02.‎2014 um 11:07:23 unerwartet heruntergefahren.
 
 

Microsoft Office Sessions:

=========================

Error: (04/08/2014 06:19:31 AM) (Source: WinMgmt)(User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (04/07/2014 09:15:35 AM) (Source: SideBySide)(User: )

Description: sfFavorites,language="&#x2a;",processorArchitecture="x86",type="win32",version="1.0.0.0"C:\Program Files (x86)\SmartFTP Client Ultimate 4.0.1174\SmartFTP Client Ultimate 4.0.1174\SKEL\2892-18.manifest
 

Error: (04/07/2014 09:15:35 AM) (Source: SideBySide)(User: )

Description: sfFTPLib,language="&#x2a;",processorArchitecture="x86",type="win32",version="2.0.0.0"C:\Program Files (x86)\SmartFTP Client Ultimate 4.0.1174\SmartFTP Client Ultimate 4.0.1174\SKEL\2892-17.manifest
 

Error: (04/07/2014 09:15:34 AM) (Source: SideBySide)(User: )

Description: libeay32,language="&#x2a;",processorArchitecture="x86",type="win32",version="1.0.0.0"C:\Program Files (x86)\SmartFTP Client Ultimate 4.0.1174\SmartFTP Client Ultimate 4.0.1174\SKEL\2892-14.manifest
 

Error: (04/07/2014 09:15:34 AM) (Source: SideBySide)(User: )

Description: sfFTPLib,language="&#x2a;",processorArchitecture="x86",type="win32",version="2.0.0.0"C:\Program Files (x86)\SmartFTP Client Ultimate 4.0.1174\SmartFTP Client Ultimate 4.0.1174\SKEL\2892-11.manifest
 

Error: (04/07/2014 09:15:34 AM) (Source: SideBySide)(User: )

Description: sfFTPLib,language="&#x2a;",processorArchitecture="x86",type="win32",version="2.0.0.0"C:\Program Files (x86)\SmartFTP Client Ultimate 4.0.1174\SmartFTP Client Ultimate 4.0.1174\SKEL\2892-9.manifest
 

Error: (04/07/2014 09:15:34 AM) (Source: SideBySide)(User: )

Description: sfFTPLib,language="&#x2a;",processorArchitecture="x86",type="win32",version="2.0.0.0"C:\Program Files (x86)\SmartFTP Client Ultimate 4.0.1174\SmartFTP Client Ultimate 4.0.1174\SKEL\2892-4.manifest
 

Error: (04/07/2014 09:15:34 AM) (Source: SideBySide)(User: )

Description: sfFTPLib,language="&#x2a;",processorArchitecture="x86",type="win32",version="2.0.0.0"C:\Program Files (x86)\SmartFTP Client Ultimate 4.0.1174\SmartFTP Client Ultimate 4.0.1174\SKEL\2892-1.manifest
 

Error: (04/07/2014 08:39:02 AM) (Source: WinMgmt)(User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (04/07/2014 06:18:31 AM) (Source: WinMgmt)(User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 

==================== Memory info =========================== 
 

Percentage of memory in use: 27%

Total physical RAM: 8109.12 MB

Available physical RAM: 5919.36 MB

Total Pagefile: 16216.41 MB

Available Pagefile: 14093.46 MB

Total Virtual: 8192 MB

Available Virtual: 8191.82 MB
 

==================== Drives ================================
 

Drive c: () (Fixed) (Total:111.69 GB) (Free:33.2 GB) NTFS

Drive e: (Volume) (Fixed) (Total:698.63 GB) (Free:301.26 GB) NTFS

Drive f: () (Removable) (Total:29.49 GB) (Free:17.39 GB) FAT32

Drive g: (EOS_DIGITAL) (Removable) (Total:7.45 GB) (Free:6.52 GB) FAT32

Drive z: (Volume) (Fixed) (Total:698.63 GB) (Free:255.93 GB) NTFS
 

==================== MBR & Partition Table ==================
 

========================================================

Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 699 GB) (Disk ID: BAADC0B0)
 

Partition: GPT Partition Type.
 

========================================================

Disk: 1 (MBR Code: Windows 7 or Vista) (Size: 699 GB) (Disk ID: EC7DEC7D)
 

Partition: GPT Partition Type.
 

========================================================

Disk: 2 (MBR Code: Windows 7 or 8) (Size: 112 GB) (Disk ID: 44C867D2)

Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=112 GB) - (Type=07 NTFS)
 

========================================================

Disk: 3 (Size: 29 GB) (Disk ID: 00000000)
 

Partition: GPT Partition Type.
 

========================================================

Disk: 4 (Size: 7 GB) (Disk ID: 00000000)
 

Partition: GPT Partition Type.
 

==================== End Of Log ============================

hi,

Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

und ein frisches FRST log bitte.

Hier die Logfiles. Das Download Protect 2.2.0 ist aber immer noch da.

mbam.txt

Code:

Malwarebytes Anti-Malware

www.malwarebytes.org
 

Suchlauf Datum: 08.04.2014

Suchlauf-Zeit: 10:18:22

Logdatei: mbam.txt

Administrator: Ja
 

Version: 2.00.1.1004

Malware Datenbank: v2014.04.08.01

Rootkit Datenbank: v2014.03.27.01

Lizenz: Testversion

Malware Schutz: Aktiviert

Bösartiger Webseiten Schutz: Aktiviert

Chameleon: Deaktiviert
 

Betriebssystem: Windows 7 Service Pack 1

CPU: x64

Dateisystem: NTFS

Benutzer: DKay
 

Suchlauf-Art: Bedrohungs-Suchlauf

Ergebnis: Abgeschlossen

Durchsuchte Objekte: 259600

Verstrichene Zeit: 19 Min, 23 Sek
 

Speicher: Aktiviert

Autostart: Aktiviert

Dateisystem: Aktiviert

Archive: Aktiviert

Rootkits: Aktiviert

Tiefer Rootkit-Suchlauf: Aktiviert

Shuriken: Aktiviert

PUP: Aktiviert

PUM: Aktiviert
 

Prozesse: 0

(No malicious items detected)
 

Module: 0

(No malicious items detected)
 

Registrierungsschlüssel: 8

PUP.Optional.Delta.A, HKLM\SOFTWARE\CLASSES\APPID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}, In Quarantäne, [2ad6de22c937ca36117bfa49a062ae52], 

PUP.Optional.Delta.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}, In Quarantäne, [2ad6de22c937ca36117bfa49a062ae52], 

PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{68B81CCD-A80C-4060-8947-5AE69ED01199}, In Quarantäne, [6997a45c44bcc53b29a9f0536d95fb05], 

PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{E6B969FB-6D33-48d2-9061-8BBD4899EB08}, In Quarantäne, [20e0fc048878c13f0ec562e1689a52ae], 

PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\Iminent, In Quarantäne, [8b757090f0100af65d5e90e1d42eca36], 

PUP.Optional.Iminent.A, HKU\S-1-5-21-4429514-2100052734-335998099-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Iminent, Löschen bei Neustart, [b8489e6221df55ab5963fd74f40ef60a], 

PUP.Optional.InstallCore.A, HKU\S-1-5-21-4429514-2100052734-335998099-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE\1I1T1Q1S, Löschen bei Neustart, [ad53c739847c1be52b974030986a9f61], 

PUP.Optional.InstallCore.A, HKU\S-1-5-21-4429514-2100052734-335998099-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE, Löschen bei Neustart, [0cf4996742be0ff1d12eee98dc271de3], 
 

Registrierungswerte: 1

PUP.Optional.InstallCore.A, HKU\S-1-5-21-4429514-2100052734-335998099-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE|tb, 0X2O1C0R2R1R, Löschen bei Neustart, [0cf4996742be0ff1d12eee98dc271de3]
 

Registrierungsdaten: 1

PUP.Optional.StartPage, HKU\S-1-5-21-4429514-2100052734-335998099-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://www1.delta-search.com/?babsrc=HP_ss&mntrId=8C7550E549B64969&affID=119828&tsp=4956, Gut: (hxxp://www.google.com), Schlecht: (hxxp://www1.delta-search.com/?babsrc=HP_ss&mntrId=8C7550E549B64969&affID=119828&tsp=4956),Löschen bei Neustart,[ad5352aead53dc24a90524f3f70d23dd]
 

Ordner: 3

PUP.Optional.Delta.A, C:\Users\DKay\AppData\Local\Temp\mt_ffx\Delta, In Quarantäne, [4eb2827ef709df218acc21350200cb35], 

PUP.Optional.Delta.A, C:\Users\DKay\AppData\Local\Temp\mt_ffx\Delta\delta, In Quarantäne, [4eb2827ef709df218acc21350200cb35], 

PUP.Optional.Delta.A, C:\Users\DKay\AppData\Local\Temp\mt_ffx\Delta\delta\1.8.22.0, In Quarantäne, [4eb2827ef709df218acc21350200cb35], 
 

Dateien: 25

PUP.Optional.PCPerformer.A, C:\Windows\System32\roboot64.exe, In Quarantäne, [28d8f50b3ec2827e0971402a837f53ad], 

PUP.Optional.Lyrics.A, C:\Windows\Tasks\Lyrics Seeker Update.job, In Quarantäne, [a55b659bf60aae52e0e44943b94a50b0], 

PUP.Optional.Delta.A, C:\Users\DKay\AppData\Roaming\Mozilla\Firefox\Profiles\8yexz7jt.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.admin", false);), Ersetzt,[de2201ff758ba25e5d5d241ee71d4db3]

PUP.Optional.Delta.A, C:\Users\DKay\AppData\Roaming\Mozilla\Firefox\Profiles\8yexz7jt.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.aflt", "babsst");), Ersetzt,[b848fa06c33de818e5d560e219ebc23e]

PUP.Optional.Delta.A, C:\Users\DKay\AppData\Roaming\Mozilla\Firefox\Profiles\8yexz7jt.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");), Ersetzt,[58a846baf20edb25dbdfe55da163f30d]

PUP.Optional.Delta.A, C:\Users\DKay\AppData\Roaming\Mozilla\Firefox\Profiles\8yexz7jt.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.autoRvrt", "false");), Ersetzt,[f30d649c02fe36ca4575b29011f37987]

PUP.Optional.Delta.A, C:\Users\DKay\AppData\Roaming\Mozilla\Firefox\Profiles\8yexz7jt.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.dfltLng", "de");), Ersetzt,[8779dc24b94789770ab0b78bab59a759]

PUP.Optional.Delta.A, C:\Users\DKay\AppData\Roaming\Mozilla\Firefox\Profiles\8yexz7jt.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.excTlbr", false);), Ersetzt,[956b6e92ba46d92714a6f34f59ab9868]

PUP.Optional.Delta.A, C:\Users\DKay\AppData\Roaming\Mozilla\Firefox\Profiles\8yexz7jt.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.ffxUnstlRst", true);), Ersetzt,[fd03956bfb05d7294773f151947009f7]

PUP.Optional.Delta.A, C:\Users\DKay\AppData\Roaming\Mozilla\Firefox\Profiles\8yexz7jt.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.id", "8c75b84700000000000050e549b64969");), Ersetzt,[59a7db25619f18e85c5e3909679d9070]

PUP.Optional.Delta.A, C:\Users\DKay\AppData\Roaming\Mozilla\Firefox\Profiles\8yexz7jt.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.instlDay", "15913");), Ersetzt,[db256997d12f43bd447664dee123ab55]

PUP.Optional.Delta.A, C:\Users\DKay\AppData\Roaming\Mozilla\Firefox\Profiles\8yexz7jt.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.instlRef", "sst");), Ersetzt,[7e82778940c0679903b7172b41c3b14f]

PUP.Optional.Delta.A, C:\Users\DKay\AppData\Roaming\Mozilla\Firefox\Profiles\8yexz7jt.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.newTab", false);), Ersetzt,[718f1de3f01032ce45756dd5e51fe719]

PUP.Optional.Delta.A, C:\Users\DKay\AppData\Roaming\Mozilla\Firefox\Profiles\8yexz7jt.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.prdct", "delta");), Ersetzt,[42be08f8ca36976915a5192926deee12]

PUP.Optional.Delta.A, C:\Users\DKay\AppData\Roaming\Mozilla\Firefox\Profiles\8yexz7jt.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.prtnrId", "delta");), Ersetzt,[867a41bffe02f808714966dc46beae52]

PUP.Optional.Delta.A, C:\Users\DKay\AppData\Roaming\Mozilla\Firefox\Profiles\8yexz7jt.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.rvrt", "false");), Ersetzt,[ea16738d3fc190703c7eef5339cb7f81]

PUP.Optional.Delta.A, C:\Users\DKay\AppData\Roaming\Mozilla\Firefox\Profiles\8yexz7jt.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.smplGrp", "none");), Ersetzt,[16eaf50b768afd03a1198ab84cb8cb35]

PUP.Optional.Delta.A, C:\Users\DKay\AppData\Roaming\Mozilla\Firefox\Profiles\8yexz7jt.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.tlbrId", "base");), Ersetzt,[7f81629eaa5620e0d8e274ce45bfcc34]

PUP.Optional.Delta.A, C:\Users\DKay\AppData\Roaming\Mozilla\Firefox\Profiles\8yexz7jt.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.tlbrSrchUrl", "");), Ersetzt,[15ebef1114ec07f9d1e9340eb64e9070]

PUP.Optional.Delta.A, C:\Users\DKay\AppData\Roaming\Mozilla\Firefox\Profiles\8yexz7jt.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.vrsn", "1.8.22.0");), Ersetzt,[40c06e9235cb17e9b4061032ae567090]

PUP.Optional.Delta.A, C:\Users\DKay\AppData\Roaming\Mozilla\Firefox\Profiles\8yexz7jt.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.vrsnTs", "1.8.22.023:10:42");), Ersetzt,[49b7dc24c43cc838596184bead5757a9]

PUP.Optional.Delta.A, C:\Users\DKay\AppData\Roaming\Mozilla\Firefox\Profiles\8yexz7jt.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.vrsni", "1.8.22.0");), Ersetzt,[48b86a96a55b5ea2a61472d05fa5de22]

PUP.Optional.Delta.A, C:\Users\DKay\AppData\Roaming\Mozilla\Firefox\Profiles\8yexz7jt.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta_i.babExt", "");), Ersetzt,[4db328d85aa6eb15a119cd753aca42be]

PUP.Optional.Delta.A, C:\Users\DKay\AppData\Roaming\Mozilla\Firefox\Profiles\8yexz7jt.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta_i.babTrack", "affID=119828&tsp=4956");), Ersetzt,[768a9e6202fe20e0bffbd46e9d675fa1]

PUP.Optional.Delta.A, C:\Users\DKay\AppData\Roaming\Mozilla\Firefox\Profiles\8yexz7jt.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta_i.srcExt", "ss");), Ersetzt,[788823dd37c9a957e7d386bcfb0923dd]
 

Physische Sektoren: 0

(No malicious items detected)
 
 

(end)

AdwCleaner.txt

Code:

# AdwCleaner v3.023 - Bericht erstellt am 08/04/2014 um 10:30:30

# Aktualisiert 01/04/2014 von Xplode

# Betriebssystem : Windows 7 Enterprise Service Pack 1 (64 bits)

# Benutzername : DKay - DKAY-1

# Gestartet von : C:\Users\DKay\Downloads\adwcleaner(1).exe

# Option : Suchen
 

***** [ Dienste ] *****
 

Dienst Gefunden : GFilterSvc
 

***** [ Dateien / Ordner ] *****
 

Datei Gefunden : C:\Users\DKay\AppData\Roaming\Mozilla\Firefox\Profiles\8yexz7jt.default\invalidprefs.js

Datei Gefunden : C:\Users\DKay\AppData\Roaming\Mozilla\Firefox\Profiles\8yexz7jt.default\user.js

Datei Gefunden : C:\Windows\System32\GFilterSvc.exe

Datei Gefunden : C:\Windows\System32\Tasks\Lyrics Seeker Update

Ordner Gefunden C:\Users\DKay\AppData\Local\Temp\OCS

Ordner Gefunden C:\Users\DKay\AppData\Roaming\DesktopIconForAmazon

Ordner Gefunden C:\Users\DKay\AppData\Roaming\Mozilla\Firefox\Profiles\8yexz7jt.default\ICQToolbarData

Ordner Gefunden C:\Users\DKay\AppData\Roaming\OCS

Ordner Gefunden C:\Users\DKay\AppData\Roaming\Systweak
 

***** [ Verknüpfungen ] *****
 
 

***** [ Registrierungsdatenbank ] *****
 

Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\lyrixeeker

Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{206a7328-437f-4bd9-b53e-12bfee24d588}

Schlüssel Gefunden : HKCU\Software\OCS

Schlüssel Gefunden : HKCU\Software\Softonic

Schlüssel Gefunden : [x64] HKCU\Software\OCS

Schlüssel Gefunden : [x64] HKCU\Software\Softonic

Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}

Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}

Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}

Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}

Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}

Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}

Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}

Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}

Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}

Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}

Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}

Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}

Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}

Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}

Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}

Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}

Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}

Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}

Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}

Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}

Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}

Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}

Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}

Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}

Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}

Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}

Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}

Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}

Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}

Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}

Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}

Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}

Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}

Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}

Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}

Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}

Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}

Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}

Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}

Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}

Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}

Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}

Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}

Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}

Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}

Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Prod.cap

Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}

Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}

Schlüssel Gefunden : HKLM\SOFTWARE\Google\Chrome\Extensions\lgoiojnjnacbjngolldkokokgpcjbgjj

Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32

Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS

Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32

Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS

Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\updateWebConnect_RASAPI32

Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\updateWebConnect_RASMANCS

Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP

Schlüssel Gefunden : HKLM\Software\systweak

Schlüssel Gefunden : HKLM\Software\WebConnect

Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}

Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}

Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}

Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}

Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}

Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}

Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}

Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}

Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}

Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}

Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}

Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}

Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}

Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}

Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}

Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}

Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}

Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}

Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}

Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}

Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}

Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}

Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}

Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}

Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}

Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}

Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}

Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}

Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}

Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}

Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}

Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}

Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}

Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}

Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}

Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}

Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}

Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}

Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}

Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}

Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}

Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}

Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}

Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Speedchecker Limited
 

***** [ Browser ] *****
 

-\\ Internet Explorer v11.0.9600.16521
 
 

-\\ Mozilla Firefox v28.0 (de)
 

[ Datei : C:\Users\DKay\AppData\Roaming\Mozilla\Firefox\Profiles\8yexz7jt.default\prefs.js ]
 

Zeile gefunden : user_pref("extensions.delta.admin", false);

Zeile gefunden : user_pref("extensions.delta.aflt", "babsst");

Zeile gefunden : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");

Zeile gefunden : user_pref("extensions.delta.autoRvrt", "false");

Zeile gefunden : user_pref("extensions.delta.dfltLng", "de");

Zeile gefunden : user_pref("extensions.delta.excTlbr", false);

Zeile gefunden : user_pref("extensions.delta.ffxUnstlRst", true);

Zeile gefunden : user_pref("extensions.delta.id", "8c75b84700000000000050e549b64969");

Zeile gefunden : user_pref("extensions.delta.instlDay", "15913");

Zeile gefunden : user_pref("extensions.delta.instlRef", "sst");

Zeile gefunden : user_pref("extensions.delta.newTab", false);

Zeile gefunden : user_pref("extensions.delta.prdct", "delta");

Zeile gefunden : user_pref("extensions.delta.prtnrId", "delta");

Zeile gefunden : user_pref("extensions.delta.rvrt", "false");

Zeile gefunden : user_pref("extensions.delta.smplGrp", "none");

Zeile gefunden : user_pref("extensions.delta.tlbrId", "base");

Zeile gefunden : user_pref("extensions.delta.tlbrSrchUrl", "");

Zeile gefunden : user_pref("extensions.delta.vrsn", "1.8.22.0");

Zeile gefunden : user_pref("extensions.delta.vrsnTs", "1.8.22.023:10:42");

Zeile gefunden : user_pref("extensions.delta.vrsni", "1.8.22.0");

Zeile gefunden : user_pref("extensions.delta_i.babExt", "");

Zeile gefunden : user_pref("extensions.delta_i.babTrack", "affID=119828&tsp=4956");

Zeile gefunden : user_pref("extensions.delta_i.srcExt", "ss");

Zeile gefunden : user_pref("icqtoolbar.allowSendURL", false);

Zeile gefunden : user_pref("icqtoolbar.engineVerified", false);

Zeile gefunden : user_pref("icqtoolbar.geolastmodified", 1299827275);

Zeile gefunden : user_pref("icqtoolbar.hiddenElements", "itb_options");

Zeile gefunden : user_pref("icqtoolbar.history", "firefoxicq%20suche%20entfernen");

Zeile gefunden : user_pref("icqtoolbar.icqgeo", 49);

Zeile gefunden : user_pref("icqtoolbar.installTime", "1299827275");

Zeile gefunden : user_pref("icqtoolbar.newtab_state", "1");

Zeile gefunden : user_pref("icqtoolbar.numberOfSearches", 0);

Zeile gefunden : user_pref("icqtoolbar.previousFFVersion", "3.6.15");

Zeile gefunden : user_pref("icqtoolbar.skip_default_search", "no");

Zeile gefunden : user_pref("icqtoolbar.suggestions", false);

Zeile gefunden : user_pref("icqtoolbar.uninstStatSent", true);

Zeile gefunden : user_pref("icqtoolbar.uniqueID", "129974051312997402141299827275521");

Zeile gefunden : user_pref("icqtoolbar.usageStatstTimestamp", 1299827277);

Zeile gefunden : user_pref("icqtoolbar.xmlEnableSuggestions", false);

Zeile gefunden : user_pref("icqtoolbar.xmlLanguage", "de");
 

*************************
 

AdwCleaner[R0].txt - [15302 octets] - [29/03/2014 00:01:54]

AdwCleaner[R1].txt - [13790 octets] - [08/04/2014 10:30:30]

AdwCleaner[S0].txt - [309 octets] - [29/03/2014 00:05:47]
 

########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [13910 octets] ##########

JRT.txt

Code:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.1.4 (04.06.2014:1)

OS: Windows 7 Enterprise x64

Ran by DKay on 08.04.2014 at 10:46:20,43

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 

~~~ Services
 

Successfully stopped: [Service] gfiltersvc 

Successfully deleted: [Service] gfiltersvc 
 
 
 

~~~ Registry Values
 
 
 

~~~ Registry Keys
 

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\softonic

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\lyrixeeker

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-4429514-2100052734-335998099-1000\Software\sweetim

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\systweak

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\prod.cap

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasapi32

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasmancs

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\iminent_rasapi32

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\iminent_rasmancs

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\searchthewebarp
 
 
 

~~~ Files
 
 
 

~~~ Folders
 

Successfully deleted: [Folder] "C:\Users\DKay\AppData\Roaming\systweak"
 
 
 

~~~ FireFox
 

Successfully deleted: [File] C:\Users\DKay\AppData\Roaming\mozilla\firefox\profiles\8yexz7jt.default\user.js

Successfully deleted: [File] C:\Users\DKay\AppData\Roaming\mozilla\firefox\profiles\8yexz7jt.default\invalidprefs.js

Successfully deleted the following from C:\Users\DKay\AppData\Roaming\mozilla\firefox\profiles\8yexz7jt.default\prefs.js
 

user_pref("extensions.delta.admin", false);

user_pref("extensions.delta.aflt", "babsst");

user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");

user_pref("extensions.delta.autoRvrt", "false");

user_pref("extensions.delta.dfltLng", "de");

user_pref("extensions.delta.excTlbr", false);

user_pref("extensions.delta.ffxUnstlRst", true);

user_pref("extensions.delta.id", "8c75b84700000000000050e549b64969");

user_pref("extensions.delta.instlDay", "15913");

user_pref("extensions.delta.instlRef", "sst");

user_pref("extensions.delta.newTab", false);

user_pref("extensions.delta.prdct", "delta");

user_pref("extensions.delta.prtnrId", "delta");

user_pref("extensions.delta.rvrt", "false");

user_pref("extensions.delta.smplGrp", "none");

user_pref("extensions.delta.tlbrId", "base");

user_pref("extensions.delta.tlbrSrchUrl", "");

user_pref("extensions.delta.vrsn", "1.8.22.0");

user_pref("extensions.delta.vrsnTs", "1.8.22.023:10:42");

user_pref("extensions.delta.vrsni", "1.8.22.0");

user_pref("extensions.delta_i.babExt", "");

user_pref("extensions.delta_i.babTrack", "affID=119828&tsp=4956");

user_pref("extensions.delta_i.srcExt", "ss");

Emptied folder: C:\Users\DKay\AppData\Roaming\mozilla\firefox\profiles\8yexz7jt.default\minidumps [21 files]
 
 
 

~~~ Event Viewer Logs were cleared
 
 
 
 
 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on 08.04.2014 at 10:50:00,97

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

FRST

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014 (ATTENTION: ====> FRST version is 26 days old and could be outdated)

Ran by DKay (administrator) on DKAY-1 on 08-04-2014 10:54:36

Running from C:\Users\DKay\Desktop

Windows 7 Enterprise Service Pack 1 (X64) OS Language: German Standard

Internet Explorer Version 11

Boot Mode: Normal
 
 

==================== Processes (Whitelisted) =================
 

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

() C:\Windows\system32\wtdchngr.exe

(Aladdin Knowledge Systems Ltd.) C:\Windows\system32\hasplms.exe

(hMailServer) C:\Program Files (x86)\hMailServer\Bin\hMailServer.exe

(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe

(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe

(Protexis Inc.) c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe

() C:\Program Files\CyberLink\Shared files\RichVideo64.exe

(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe

(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe

(Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe

(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe

(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe

(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe

(TeamViewer GmbH) c:\program files (x86)\teamviewer\version9\TeamViewer_Desktop.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
 
 

==================== Registry (Whitelisted) ==================
 

HKLM\...\Run: [LogMeIn GUI] - C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe [57928 2011-09-16] (LogMeIn, Inc.)

HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472992 2013-03-21] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [NBAgent] - C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe [1234216 2010-04-03] (Nero AG)

HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)

HKLM-x32\...\Run: [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [FreePDF Assistant] - C:\Program Files (x86)\FreePDF_XP\fpassist.exe [371200 2011-02-23] (shbox.de)

HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-20] (Avira Operations GmbH & Co. KG)

HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)

HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-09-17] (Apple Inc.)

HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)

Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

HKU\S-1-5-21-4429514-2100052734-335998099-1000\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3672384 2012-04-11] (DT Soft Ltd)

HKU\S-1-5-21-4429514-2100052734-335998099-1000\...\Run: [AdobeBridge] - [X]

Startup: C:\Users\DKay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

ShortcutTarget: Dropbox.lnk -> C:\Users\DKay\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
 

==================== Internet (Whitelisted) ====================
 

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xB771045ECC6ACE01

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE

SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.google.de/search?q={searchTerms}&hl=de&gl=de&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}

SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.google.de/search?q={searchTerms}&hl=de&gl=de&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}

SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.google.de/search?q={searchTerms}&hl=de&gl=de&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}

SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.google.de/search?q={searchTerms}&hl=de&gl=de&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}

BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

DPF: HKLM {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://javadl-esd.oracle.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab

DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab

Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} -  No File

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
 

FireFox:

========

FF ProfilePath: C:\Users\DKay\AppData\Roaming\Mozilla\Firefox\Profiles\8yexz7jt.default

FF DefaultSearchEngine: Google

FF NetworkProxy: "http", "200.129.0.162"

FF NetworkProxy: "http_port", 3128

FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()

FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)

FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()

FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @videolan.org/vlc,version=2.1.0 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml

FF HKLM-x32\...\Firefox\Extensions: [{EE5C60B4-3A12-4A24-A7A1-44C5DCCF538A}] - C:\Windows\Installer\{EE1E355C-ACA8-4480-B802-708549F6984B}\{EE5C60B4-3A12-4A24-A7A1-44C5DCCF538A}.xpi

FF Extension: Download Protect - C:\Windows\Installer\{EE1E355C-ACA8-4480-B802-708549F6984B}\{EE5C60B4-3A12-4A24-A7A1-44C5DCCF538A}.xpi [2014-04-08]

FF HKCU\...\Firefox\Extensions: [{0ce6ac61-48e9-426f-9268-6f1e8ece06da}] - C:\Program Files (x86)\LyricsSeeker\131.xpi
 

==================== Services (Whitelisted) =================
 

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)

R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)

R2 dxdiag32; C:\Windows\system32\wtdchngr.exe [117760 2013-07-28] ()

R2 hMailServer; C:\Program Files (x86)\hMailServer\Bin\hMailServer.exe [6069760 2013-06-02] (hMailServer)

R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [376144 2014-01-23] (LogMeIn, Inc.)

R2 LMIMaint; C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe [226640 2014-01-23] (LogMeIn, Inc.)

R2 LogMeIn; C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe [407424 2011-09-16] (LogMeIn, Inc.)

R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation)

R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation)

R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390672 2012-12-21] ()

R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
 

==================== Drivers (Whitelisted) ====================
 

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-12] (Avira Operations GmbH & Co. KG)

R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-12] (Avira Operations GmbH & Co. KG)

R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-25] (Avira Operations GmbH & Co. KG)

R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-04-13] (DT Soft Ltd)

R2 Hardlock; C:\Windows\SysWOW64\drivers\hardlock.sys [676864 2004-07-14] (Aladdin Knowledge Systems)

R2 LMIInfo; C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [16056 2013-05-31] (LogMeIn, Inc.)

S4 LMIRfsClientNP; No ImagePath

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-04-03] (Malwarebytes Corporation)

R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [119512 2014-04-08] (Malwarebytes Corporation)

S3 tapoas; C:\Windows\System32\DRIVERS\tapoas.sys [30720 2011-08-19] (The OpenVPN Project)

S3 gdrv; \??\C:\Windows\gdrv.sys [X]

S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 

==================== NetSvcs (Whitelisted) ===================
 
 

==================== One Month Created Files and Folders ========
 

2014-04-08 10:54 - 2014-04-08 10:54 - 00012670 _____ () C:\Users\DKay\Desktop\FRST.txt

2014-04-08 10:50 - 2014-04-08 10:50 - 00003599 _____ () C:\Users\DKay\Desktop\JRT.txt

2014-04-08 10:46 - 2014-04-08 10:46 - 00000000 ____D () C:\Windows\ERUNT

2014-04-08 10:45 - 2014-04-08 10:45 - 01016261 _____ (Thisisu) C:\Users\DKay\Downloads\JRT.exe

2014-04-08 10:42 - 2014-04-08 10:30 - 00014175 _____ () C:\Users\DKay\Desktop\AdwCleaner[R1].txt

2014-04-08 10:27 - 2014-04-08 10:27 - 01426178 _____ () C:\Users\DKay\Downloads\adwcleaner(2).exe

2014-04-08 10:26 - 2014-04-08 10:26 - 01426178 _____ () C:\Users\DKay\Downloads\adwcleaner(1).exe

2014-04-08 10:24 - 2014-04-08 10:24 - 00008777 _____ () C:\Users\DKay\Desktop\mbam.txt

2014-04-08 09:56 - 2014-04-08 10:44 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-04-08 09:56 - 2014-04-08 09:56 - 00001098 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-04-08 09:56 - 2014-04-08 09:56 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-04-08 09:56 - 2014-04-08 09:56 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-04-08 09:56 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2014-04-08 09:56 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2014-04-08 09:56 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2014-04-08 09:55 - 2014-04-08 09:55 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\DKay\Downloads\mbam-setup-2.0.1.1004.exe

2014-04-08 09:07 - 2014-04-08 10:54 - 00000000 ____D () C:\FRST

2014-04-08 09:03 - 2014-04-08 09:03 - 02157056 _____ (Farbar) C:\Users\DKay\Desktop\FRST64.exe

2014-03-30 18:03 - 2014-03-30 18:03 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

2014-03-29 00:11 - 2014-03-29 00:11 - 00018176 _____ () C:\Users\DKay\Documents\cc_20140328_231115.reg

2014-03-29 00:01 - 2014-04-08 10:30 - 00000000 ____D () C:\AdwCleaner

2014-03-28 23:50 - 2014-03-28 23:50 - 00613200 _____ (Chip Digital GmbH) C:\Users\DKay\Downloads\CCleaner - CHIP-Downloader.exe

2014-03-27 07:14 - 2014-04-08 06:21 - 00000728 __RSH () C:\ProgramData\ntuser.pol

2014-03-19 07:20 - 2014-03-19 08:42 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird

2014-03-12 06:52 - 2014-03-01 08:05 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-03-12 06:52 - 2014-03-01 07:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-03-12 06:52 - 2014-03-01 07:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll

2014-03-12 06:52 - 2014-03-01 06:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2014-03-12 06:52 - 2014-03-01 06:52 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2014-03-12 06:52 - 2014-03-01 06:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll

2014-03-12 06:52 - 2014-03-01 06:42 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2014-03-12 06:52 - 2014-03-01 06:40 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2014-03-12 06:52 - 2014-03-01 06:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2014-03-12 06:52 - 2014-03-01 06:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2014-03-12 06:52 - 2014-03-01 06:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe

2014-03-12 06:52 - 2014-03-01 06:32 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll

2014-03-12 06:52 - 2014-03-01 06:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2014-03-12 06:52 - 2014-03-01 06:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe

2014-03-12 06:52 - 2014-03-01 06:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2014-03-12 06:52 - 2014-03-01 06:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2014-03-12 06:52 - 2014-03-01 06:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2014-03-12 06:52 - 2014-03-01 05:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2014-03-12 06:52 - 2014-03-01 05:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2014-03-12 06:52 - 2014-03-01 05:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll

2014-03-12 06:52 - 2014-03-01 05:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2014-03-12 06:52 - 2014-03-01 05:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2014-03-12 06:52 - 2014-03-01 05:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2014-03-12 06:52 - 2014-03-01 05:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2014-03-12 06:52 - 2014-03-01 05:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2014-03-12 06:52 - 2014-03-01 05:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2014-03-12 06:52 - 2014-03-01 05:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll

2014-03-12 06:52 - 2014-03-01 05:35 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2014-03-12 06:52 - 2014-03-01 05:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2014-03-12 06:52 - 2014-03-01 05:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

2014-03-12 06:52 - 2014-03-01 05:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2014-03-12 06:52 - 2014-03-01 05:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2014-03-12 06:52 - 2014-03-01 05:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2014-03-12 06:52 - 2014-03-01 05:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2014-03-12 06:52 - 2014-03-01 04:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2014-03-12 06:52 - 2014-03-01 04:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2014-03-12 06:52 - 2014-03-01 04:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2014-03-12 06:52 - 2014-03-01 04:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2014-03-12 06:52 - 2014-03-01 04:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2014-03-12 06:52 - 2014-03-01 04:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

2014-03-12 06:52 - 2014-02-07 03:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2014-03-12 06:52 - 2014-01-29 04:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll

2014-03-12 06:52 - 2014-01-29 04:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll

2014-03-12 06:52 - 2014-01-28 04:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll

2014-03-12 06:51 - 2014-02-04 04:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll

2014-03-12 06:51 - 2014-02-04 04:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll

2014-03-12 06:51 - 2014-02-04 04:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll

2014-03-12 06:51 - 2014-02-04 04:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
 

==================== One Month Modified Files and Folders =======
 

2014-04-08 10:54 - 2014-04-08 10:54 - 00012670 _____ () C:\Users\DKay\Desktop\FRST.txt

2014-04-08 10:54 - 2014-04-08 09:07 - 00000000 ____D () C:\FRST

2014-04-08 10:50 - 2014-04-08 10:50 - 00003599 _____ () C:\Users\DKay\Desktop\JRT.txt

2014-04-08 10:46 - 2014-04-08 10:46 - 00000000 ____D () C:\Windows\ERUNT

2014-04-08 10:45 - 2014-04-08 10:45 - 01016261 _____ (Thisisu) C:\Users\DKay\Downloads\JRT.exe

2014-04-08 10:44 - 2014-04-08 09:56 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-04-08 10:30 - 2014-04-08 10:42 - 00014175 _____ () C:\Users\DKay\Desktop\AdwCleaner[R1].txt

2014-04-08 10:30 - 2014-03-29 00:01 - 00000000 ____D () C:\AdwCleaner

2014-04-08 10:28 - 2009-07-14 06:45 - 00028944 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-04-08 10:28 - 2009-07-14 06:45 - 00028944 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-04-08 10:27 - 2014-04-08 10:27 - 01426178 _____ () C:\Users\DKay\Downloads\adwcleaner(2).exe

2014-04-08 10:27 - 2010-11-21 08:22 - 00699432 _____ () C:\Windows\system32\perfh007.dat

2014-04-08 10:27 - 2010-11-21 08:22 - 00149572 _____ () C:\Windows\system32\perfc007.dat

2014-04-08 10:27 - 2009-07-14 07:13 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-04-08 10:26 - 2014-04-08 10:26 - 01426178 _____ () C:\Users\DKay\Downloads\adwcleaner(1).exe

2014-04-08 10:24 - 2014-04-08 10:24 - 00008777 _____ () C:\Users\DKay\Desktop\mbam.txt

2014-04-08 10:22 - 2013-09-06 20:38 - 00000000 ____D () C:\Users\DKay\AppData\Roaming\TeamViewer

2014-04-08 10:22 - 2012-11-13 13:20 - 00000000 ___RD () C:\Users\DKay\Dropbox

2014-04-08 10:22 - 2012-11-13 12:38 - 00000000 ____D () C:\Users\DKay\AppData\Roaming\Dropbox

2014-04-08 10:20 - 2011-10-19 20:04 - 01906549 _____ () C:\Windows\WindowsUpdate.log

2014-04-08 10:20 - 2010-11-21 08:28 - 00000000 __SHD () C:\Windows\BitLockerDiscoveryVolumeContents

2014-04-08 10:20 - 2010-11-21 05:47 - 00215270 _____ () C:\Windows\PFRO.log

2014-04-08 10:20 - 2009-07-14 06:51 - 00077283 _____ () C:\Windows\setupact.log

2014-04-08 09:56 - 2014-04-08 09:56 - 00001098 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-04-08 09:56 - 2014-04-08 09:56 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-04-08 09:56 - 2014-04-08 09:56 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-04-08 09:55 - 2014-04-08 09:55 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\DKay\Downloads\mbam-setup-2.0.1.1004.exe

2014-04-08 09:03 - 2014-04-08 09:03 - 02157056 _____ (Farbar) C:\Users\DKay\Desktop\FRST64.exe

2014-04-08 06:21 - 2014-03-27 07:14 - 00000728 __RSH () C:\ProgramData\ntuser.pol

2014-04-08 06:19 - 2011-10-19 20:36 - 00000000 ____D () C:\ProgramData\LogMeIn

2014-04-07 09:45 - 2011-10-28 08:36 - 00000000 ____D () C:\Users\DKay\AppData\Roaming\vlc

2014-04-03 09:51 - 2014-04-08 09:56 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2014-04-03 09:51 - 2014-04-08 09:56 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2014-04-03 09:50 - 2014-04-08 09:56 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2014-04-01 11:46 - 2012-10-16 08:30 - 00000000 ____D () C:\Users\DKay\AppData\Local\FreePDF_XP

2014-03-31 06:21 - 2012-05-06 01:56 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service

2014-03-30 18:03 - 2014-03-30 18:03 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

2014-03-29 00:11 - 2014-03-29 00:11 - 00018176 _____ () C:\Users\DKay\Documents\cc_20140328_231115.reg

2014-03-28 23:51 - 2013-09-27 10:31 - 00000000 ____D () C:\Program Files\CCleaner

2014-03-28 23:50 - 2014-03-28 23:50 - 00613200 _____ (Chip Digital GmbH) C:\Users\DKay\Downloads\CCleaner - CHIP-Downloader.exe

2014-03-27 07:14 - 2009-07-14 05:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy

2014-03-19 08:42 - 2014-03-19 07:20 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird

2014-03-18 22:38 - 2013-08-16 06:23 - 00000000 ____D () C:\Windows\system32\MRT

2014-03-18 22:37 - 2011-10-29 15:09 - 90015360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2014-03-18 20:32 - 2013-09-27 10:10 - 00000000 ____D () C:\Program Files (x86)\JDownloader

2014-03-13 04:16 - 2009-07-14 06:45 - 05010928 _____ () C:\Windows\system32\FNTCACHE.DAT

2014-03-12 06:49 - 2012-04-06 09:21 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2014-03-12 06:49 - 2012-04-06 09:21 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2014-03-12 06:49 - 2011-10-20 07:54 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
 

Some content of TEMP:

====================

C:\Users\DKay\AppData\Local\Temp\avgnt.exe

C:\Users\DKay\AppData\Local\Temp\Quarantine.exe
 
 

==================== Bamital & volsnap Check =================
 

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\rpcss.dll => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 

LastRegBack: 2013-09-01 00:30
 

==================== End Of Log ============================

--- --- ---

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

FF Extension: Download Protect - C:\Windows\Installer\{EE1E355C-ACA8-4480-B802-708549F6984B}\{EE5C60B4-3A12-4A24-A7A1-44C5DCCF538A}.xpi [2014-04-08]

FF HKCU\...\Firefox\Extensions: [{0ce6ac61-48e9-426f-9268-6f1e8ece06da}] - C:\Program Files (x86)\LyricsSeeker\131.xpi

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)

Fixlog.txt

Code:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-03-2014

Ran by DKay at 2014-04-09 20:54:34 Run:1

Running from C:\Users\DKay\Desktop

Boot Mode: Normal

==============================================
 

Content of fixlist:

*****************

GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

FF Extension: Download Protect - C:\Windows\Installer\{EE1E355C-ACA8-4480-B802-708549F6984B}\{EE5C60B4-3A12-4A24-A7A1-44C5DCCF538A}.xpi [2014-04-08]

FF HKCU\...\Firefox\Extensions: [{0ce6ac61-48e9-426f-9268-6f1e8ece06da}] - C:\Program Files (x86)\LyricsSeeker\131.xpi

*****************
 

C:\Windows\system32\GroupPolicy\Machine => Moved successfully.

C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.

C:\Windows\Installer\{EE1E355C-ACA8-4480-B802-708549F6984B}\{EE5C60B4-3A12-4A24-A7A1-44C5DCCF538A}.xpi not found.

HKCU\Software\Mozilla\Firefox\Extensions\\{0ce6ac61-48e9-426f-9268-6f1e8ece06da} => Value deleted successfully.
 
 

The system needed a reboot. 
 

==== End of Fixlog ====

log.txt

Code:

ESETSmartInstaller@High as downloader log:

all ok

# version=8

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6920

# api_version=3.0.2

# EOSSerial=ee30f639231ef142b3a6bfab2ea167fc

# engine=17823

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=false

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2014-04-09 08:27:06

# local_time=2014-04-09 10:27:06 (+0100, Mitteleuropäische Sommerzeit)

# country="Germany"

# lang=1033

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode=1799 16775165 100 96 14579 167746531 7363 0

# compatibility_mode=5893 16776573 100 94 5514 148705076 0 0

# scanned=353141

# found=1

# cleaned=0

# scan_time=4769

sh=11815B689BF2751428B5BC0A68461ACAC163AC74 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\Users\DKay\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\5cf4e581-1c1f590a"

checkup.txt

Code:

 Results of screen317's Security Check version 0.99.81  

 Windows 7 Service Pack 1 x64 (UAC is enabled)  

 Internet Explorer 11  
 ``````````````Antivirus/Firewall Check:`````````````` 

Avira Desktop   

 Antivirus up to date!  (On Access scanning disabled!) 
 `````````Anti-malware/Other Utilities Check:````````` 

 Spybot - Search & Destroy 

 JavaFX 2.1.1    

 Java(TM) 6 Update 31  

 Java 7 Update 51  

 Adobe Flash Player 12.0.0.77  

 Adobe Reader 10.1.9 Adobe Reader out of Date!  

 Mozilla Firefox (28.0) 

 Mozilla Thunderbird (24.4.0) 
 ````````Process Check: objlist.exe by Laurent````````  

 Avira Antivir avgnt.exe 

 Avira Antivir avguard.exe 
 `````````````````System Health check````````````````` 

 Total Fragmentation on Drive C:  
 ````````````````````End of Log``````````````````````

Frst.txt

FRST Logfile:

FRST Logfile:

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014 (ATTENTION: ====> FRST version is 28 days old and could be outdated)

Ran by DKay (administrator) on DKAY-1 on 10-04-2014 07:44:44

Running from C:\Users\DKay\Desktop

Windows 7 Enterprise Service Pack 1 (X64) OS Language: German Standard

Internet Explorer Version 11

Boot Mode: Normal
 
 

==================== Processes (Whitelisted) =================
 

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

() C:\Windows\system32\wtdchngr.exe

(Aladdin Knowledge Systems Ltd.) C:\Windows\system32\hasplms.exe

(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

(Protexis Inc.) c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe

() C:\Program Files\CyberLink\Shared files\RichVideo64.exe

(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe

(Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe

(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe

(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe

(Intel Corporation) C:\Windows\System32\igfxtray.exe

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

(Dropbox, Inc.) C:\Users\DKay\AppData\Roaming\Dropbox\bin\Dropbox.exe

(shbox.de) C:\Program Files (x86)\FreePDF_XP\fpassist.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe

(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe

(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

(TeamViewer GmbH) c:\program files (x86)\teamviewer\version9\TeamViewer_Desktop.exe
 
 

==================== Registry (Whitelisted) ==================
 

HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472992 2013-03-21] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [NBAgent] - C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe [1234216 2010-04-03] (Nero AG)

HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)

HKLM-x32\...\Run: [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [FreePDF Assistant] - C:\Program Files (x86)\FreePDF_XP\fpassist.exe [371200 2011-02-23] (shbox.de)

HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-20] (Avira Operations GmbH & Co. KG)

HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)

HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-09-17] (Apple Inc.)

HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)

Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

HKU\S-1-5-21-4429514-2100052734-335998099-1000\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3672384 2012-04-11] (DT Soft Ltd)

HKU\S-1-5-21-4429514-2100052734-335998099-1000\...\Run: [AdobeBridge] - [X]

Startup: C:\Users\DKay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

ShortcutTarget: Dropbox.lnk -> C:\Users\DKay\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
 

==================== Internet (Whitelisted) ====================
 

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xB771045ECC6ACE01

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE

SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.google.de/search?q={searchTerms}&hl=de&gl=de&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}

SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.google.de/search?q={searchTerms}&hl=de&gl=de&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}

SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.google.de/search?q={searchTerms}&hl=de&gl=de&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}

SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.google.de/search?q={searchTerms}&hl=de&gl=de&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}

BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

DPF: HKLM {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://javadl-esd.oracle.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab

DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab

Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} -  No File

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
 

FireFox:

========

FF ProfilePath: C:\Users\DKay\AppData\Roaming\Mozilla\Firefox\Profiles\8yexz7jt.default

FF DefaultSearchEngine: Google

FF NetworkProxy: "http", "200.129.0.162"

FF NetworkProxy: "http_port", 3128

FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()

FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)

FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()

FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @videolan.org/vlc,version=2.1.0 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml

FF HKLM-x32\...\Firefox\Extensions: [{197F404A-8BBA-491F-9F85-5A6BABFAD8BE}] - C:\Windows\Installer\{98109266-84B9-494B-89A3-7D63F3608399}\{197F404A-8BBA-491F-9F85-5A6BABFAD8BE}.xpi

FF Extension: Download Protect - C:\Windows\Installer\{98109266-84B9-494B-89A3-7D63F3608399}\{197F404A-8BBA-491F-9F85-5A6BABFAD8BE}.xpi [2014-04-10]
 

==================== Services (Whitelisted) =================
 

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)

R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)

R2 dxdiag32; C:\Windows\system32\wtdchngr.exe [117760 2013-07-28] ()

S4 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation)

S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation)

R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390672 2012-12-21] ()

R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
 

==================== Drivers (Whitelisted) ====================
 

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-12] (Avira Operations GmbH & Co. KG)

R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-12] (Avira Operations GmbH & Co. KG)

R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-25] (Avira Operations GmbH & Co. KG)

R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-04-13] (DT Soft Ltd)

R2 Hardlock; C:\Windows\SysWOW64\drivers\hardlock.sys [676864 2004-07-14] (Aladdin Knowledge Systems)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-04-03] (Malwarebytes Corporation)

S3 tapoas; C:\Windows\System32\DRIVERS\tapoas.sys [30720 2011-08-19] (The OpenVPN Project)

S3 gdrv; \??\C:\Windows\gdrv.sys [X]

S3 lmimirr; system32\DRIVERS\lmimirr.sys [X]

S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 

==================== NetSvcs (Whitelisted) ===================
 
 

==================== One Month Created Files and Folders ========
 

2014-04-10 07:40 - 2014-04-10 07:40 - 00987448 _____ () C:\Users\DKay\Desktop\SecurityCheck.exe

2014-04-09 21:02 - 2014-04-09 21:02 - 02347384 _____ (ESET) C:\Users\DKay\Downloads\esetsmartinstaller_enu.exe

2014-04-09 08:27 - 2014-03-31 03:16 - 23134208 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-04-09 08:27 - 2014-03-31 03:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-04-09 08:27 - 2014-03-31 02:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2014-04-09 08:27 - 2014-03-31 01:57 - 17073152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2014-04-09 08:27 - 2014-03-04 11:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll

2014-04-09 08:27 - 2014-03-04 11:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll

2014-04-09 08:27 - 2014-03-04 11:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll

2014-04-09 08:27 - 2014-03-04 11:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll

2014-04-09 08:27 - 2014-03-04 11:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll

2014-04-09 08:27 - 2014-03-04 11:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll

2014-04-09 08:27 - 2014-03-04 11:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll

2014-04-09 08:27 - 2014-03-04 11:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe

2014-04-09 08:27 - 2014-03-04 11:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll

2014-04-09 08:27 - 2014-03-04 10:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe

2014-04-09 08:27 - 2014-03-04 10:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe

2014-04-09 08:27 - 2014-02-04 04:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys

2014-04-09 08:27 - 2014-02-04 04:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys

2014-04-09 08:27 - 2014-02-04 04:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys

2014-04-09 08:27 - 2014-02-04 04:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll

2014-04-09 08:27 - 2014-02-04 04:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll

2014-04-09 08:27 - 2014-01-24 04:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys

2014-04-08 10:54 - 2014-04-10 07:44 - 00011744 _____ () C:\Users\DKay\Desktop\FRST.txt

2014-04-08 10:50 - 2014-04-08 10:50 - 00003599 _____ () C:\Users\DKay\Desktop\JRT.txt

2014-04-08 10:46 - 2014-04-08 10:46 - 00000000 ____D () C:\Windows\ERUNT

2014-04-08 10:45 - 2014-04-08 10:45 - 01016261 _____ (Thisisu) C:\Users\DKay\Downloads\JRT.exe

2014-04-08 10:42 - 2014-04-08 10:30 - 00014175 _____ () C:\Users\DKay\Desktop\AdwCleaner[R1].txt

2014-04-08 10:27 - 2014-04-08 10:27 - 01426178 _____ () C:\Users\DKay\Downloads\adwcleaner(2).exe

2014-04-08 10:26 - 2014-04-08 10:26 - 01426178 _____ () C:\Users\DKay\Downloads\adwcleaner(1).exe

2014-04-08 10:24 - 2014-04-08 10:24 - 00008777 _____ () C:\Users\DKay\Desktop\mbam.txt

2014-04-08 09:56 - 2014-04-08 19:50 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-04-08 09:56 - 2014-04-08 09:56 - 00001098 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-04-08 09:56 - 2014-04-08 09:56 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-04-08 09:56 - 2014-04-08 09:56 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-04-08 09:56 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2014-04-08 09:56 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2014-04-08 09:56 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2014-04-08 09:55 - 2014-04-08 09:55 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\DKay\Downloads\mbam-setup-2.0.1.1004.exe

2014-04-08 09:07 - 2014-04-10 07:44 - 00000000 ____D () C:\FRST

2014-04-08 09:03 - 2014-04-08 09:03 - 02157056 _____ (Farbar) C:\Users\DKay\Desktop\FRST64.exe

2014-03-30 18:03 - 2014-03-30 18:03 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

2014-03-29 00:11 - 2014-03-29 00:11 - 00018176 _____ () C:\Users\DKay\Documents\cc_20140328_231115.reg

2014-03-29 00:01 - 2014-04-08 10:30 - 00000000 ____D () C:\AdwCleaner

2014-03-28 23:50 - 2014-03-28 23:50 - 00613200 _____ (Chip Digital GmbH) C:\Users\DKay\Downloads\CCleaner - CHIP-Downloader.exe

2014-03-27 07:14 - 2014-04-10 03:18 - 00000728 __RSH () C:\ProgramData\ntuser.pol

2014-03-19 07:20 - 2014-03-19 08:42 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird

2014-03-12 06:52 - 2014-03-01 07:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll

2014-03-12 06:52 - 2014-03-01 06:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2014-03-12 06:52 - 2014-03-01 06:52 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2014-03-12 06:52 - 2014-03-01 06:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll

2014-03-12 06:52 - 2014-03-01 06:42 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2014-03-12 06:52 - 2014-03-01 06:40 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2014-03-12 06:52 - 2014-03-01 06:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2014-03-12 06:52 - 2014-03-01 06:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2014-03-12 06:52 - 2014-03-01 06:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe

2014-03-12 06:52 - 2014-03-01 06:32 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll

2014-03-12 06:52 - 2014-03-01 06:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe

2014-03-12 06:52 - 2014-03-01 06:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2014-03-12 06:52 - 2014-03-01 06:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2014-03-12 06:52 - 2014-03-01 05:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2014-03-12 06:52 - 2014-03-01 05:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2014-03-12 06:52 - 2014-03-01 05:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll

2014-03-12 06:52 - 2014-03-01 05:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2014-03-12 06:52 - 2014-03-01 05:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2014-03-12 06:52 - 2014-03-01 05:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2014-03-12 06:52 - 2014-03-01 05:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2014-03-12 06:52 - 2014-03-01 05:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2014-03-12 06:52 - 2014-03-01 05:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2014-03-12 06:52 - 2014-03-01 05:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll

2014-03-12 06:52 - 2014-03-01 05:35 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2014-03-12 06:52 - 2014-03-01 05:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2014-03-12 06:52 - 2014-03-01 05:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

2014-03-12 06:52 - 2014-03-01 05:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2014-03-12 06:52 - 2014-03-01 05:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2014-03-12 06:52 - 2014-03-01 05:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2014-03-12 06:52 - 2014-03-01 05:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2014-03-12 06:52 - 2014-03-01 04:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2014-03-12 06:52 - 2014-03-01 04:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2014-03-12 06:52 - 2014-03-01 04:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2014-03-12 06:52 - 2014-03-01 04:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2014-03-12 06:52 - 2014-03-01 04:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2014-03-12 06:52 - 2014-03-01 04:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

2014-03-12 06:52 - 2014-02-07 03:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2014-03-12 06:52 - 2014-01-29 04:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll

2014-03-12 06:52 - 2014-01-29 04:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll

2014-03-12 06:52 - 2014-01-28 04:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll

2014-03-12 06:51 - 2014-02-04 04:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll

2014-03-12 06:51 - 2014-02-04 04:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll

2014-03-12 06:51 - 2014-02-04 04:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll

2014-03-12 06:51 - 2014-02-04 04:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
 

==================== One Month Modified Files and Folders =======
 

2014-04-10 07:44 - 2014-04-08 10:54 - 00011744 _____ () C:\Users\DKay\Desktop\FRST.txt

2014-04-10 07:44 - 2014-04-08 09:07 - 00000000 ____D () C:\FRST

2014-04-10 07:40 - 2014-04-10 07:40 - 00987448 _____ () C:\Users\DKay\Desktop\SecurityCheck.exe

2014-04-10 06:19 - 2012-11-13 13:20 - 00000000 ___RD () C:\Users\DKay\Dropbox

2014-04-10 06:19 - 2012-11-13 12:38 - 00000000 ____D () C:\Users\DKay\AppData\Roaming\Dropbox

2014-04-10 03:24 - 2009-07-14 06:45 - 00028944 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-04-10 03:24 - 2009-07-14 06:45 - 00028944 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-04-10 03:21 - 2010-11-21 08:22 - 00699432 _____ () C:\Windows\system32\perfh007.dat

2014-04-10 03:21 - 2010-11-21 08:22 - 00149572 _____ () C:\Windows\system32\perfc007.dat

2014-04-10 03:21 - 2009-07-14 07:13 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-04-10 03:18 - 2014-03-27 07:14 - 00000728 __RSH () C:\ProgramData\ntuser.pol

2014-04-10 03:16 - 2011-10-19 20:04 - 01090475 _____ () C:\Windows\WindowsUpdate.log

2014-04-10 03:16 - 2009-07-14 06:51 - 00078302 _____ () C:\Windows\setupact.log

2014-04-10 03:01 - 2013-08-16 06:23 - 00000000 ____D () C:\Windows\system32\MRT

2014-04-10 03:00 - 2011-10-29 15:09 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2014-04-09 21:02 - 2014-04-09 21:02 - 02347384 _____ (ESET) C:\Users\DKay\Downloads\esetsmartinstaller_enu.exe

2014-04-09 20:57 - 2009-07-14 05:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy

2014-04-09 08:40 - 2011-11-14 15:36 - 00037376 _____ () C:\Users\DKay\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

2014-04-08 22:11 - 2010-11-21 05:47 - 00215592 _____ () C:\Windows\PFRO.log

2014-04-08 19:50 - 2014-04-08 09:56 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-04-08 15:25 - 2012-01-02 12:44 - 00000600 _____ () C:\Users\DKay\AppData\Local\PUTTY.RND

2014-04-08 15:10 - 2011-10-20 12:29 - 00000000 ____D () C:\Program Files (x86)\SmartFTP Client Ultimate 4.0.1174

2014-04-08 11:05 - 2013-07-11 15:32 - 00000000 ____D () C:\Program Files (x86)\hMailServer

2014-04-08 11:05 - 2011-10-19 20:36 - 00000000 ____D () C:\ProgramData\LogMeIn

2014-04-08 10:50 - 2014-04-08 10:50 - 00003599 _____ () C:\Users\DKay\Desktop\JRT.txt

2014-04-08 10:46 - 2014-04-08 10:46 - 00000000 ____D () C:\Windows\ERUNT

2014-04-08 10:45 - 2014-04-08 10:45 - 01016261 _____ (Thisisu) C:\Users\DKay\Downloads\JRT.exe

2014-04-08 10:30 - 2014-04-08 10:42 - 00014175 _____ () C:\Users\DKay\Desktop\AdwCleaner[R1].txt

2014-04-08 10:30 - 2014-03-29 00:01 - 00000000 ____D () C:\AdwCleaner

2014-04-08 10:27 - 2014-04-08 10:27 - 01426178 _____ () C:\Users\DKay\Downloads\adwcleaner(2).exe

2014-04-08 10:26 - 2014-04-08 10:26 - 01426178 _____ () C:\Users\DKay\Downloads\adwcleaner(1).exe

2014-04-08 10:24 - 2014-04-08 10:24 - 00008777 _____ () C:\Users\DKay\Desktop\mbam.txt

2014-04-08 10:22 - 2013-09-06 20:38 - 00000000 ____D () C:\Users\DKay\AppData\Roaming\TeamViewer

2014-04-08 10:20 - 2010-11-21 08:28 - 00000000 __SHD () C:\Windows\BitLockerDiscoveryVolumeContents

2014-04-08 09:56 - 2014-04-08 09:56 - 00001098 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-04-08 09:56 - 2014-04-08 09:56 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-04-08 09:56 - 2014-04-08 09:56 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-04-08 09:55 - 2014-04-08 09:55 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\DKay\Downloads\mbam-setup-2.0.1.1004.exe

2014-04-08 09:03 - 2014-04-08 09:03 - 02157056 _____ (Farbar) C:\Users\DKay\Desktop\FRST64.exe

2014-04-07 09:45 - 2011-10-28 08:36 - 00000000 ____D () C:\Users\DKay\AppData\Roaming\vlc

2014-04-03 09:51 - 2014-04-08 09:56 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2014-04-03 09:51 - 2014-04-08 09:56 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2014-04-03 09:50 - 2014-04-08 09:56 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2014-04-01 11:46 - 2012-10-16 08:30 - 00000000 ____D () C:\Users\DKay\AppData\Local\FreePDF_XP

2014-03-31 06:21 - 2012-05-06 01:56 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service

2014-03-31 03:16 - 2014-04-09 08:27 - 23134208 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-03-31 03:13 - 2014-04-09 08:27 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-03-31 02:13 - 2014-04-09 08:27 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2014-03-31 01:57 - 2014-04-09 08:27 - 17073152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2014-03-30 18:03 - 2014-03-30 18:03 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

2014-03-29 00:11 - 2014-03-29 00:11 - 00018176 _____ () C:\Users\DKay\Documents\cc_20140328_231115.reg

2014-03-28 23:51 - 2013-09-27 10:31 - 00000000 ____D () C:\Program Files\CCleaner

2014-03-28 23:50 - 2014-03-28 23:50 - 00613200 _____ (Chip Digital GmbH) C:\Users\DKay\Downloads\CCleaner - CHIP-Downloader.exe

2014-03-19 08:42 - 2014-03-19 07:20 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird

2014-03-18 20:32 - 2013-09-27 10:10 - 00000000 ____D () C:\Program Files (x86)\JDownloader

2014-03-13 04:16 - 2009-07-14 06:45 - 05010928 _____ () C:\Windows\system32\FNTCACHE.DAT

2014-03-12 06:49 - 2012-04-06 09:21 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2014-03-12 06:49 - 2012-04-06 09:21 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2014-03-12 06:49 - 2011-10-20 07:54 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
 

Some content of TEMP:

====================

C:\Users\DKay\AppData\Local\Temp\avgnt.exe

C:\Users\DKay\AppData\Local\Temp\Quarantine.exe
 
 

==================== Bamital & volsnap Check =================
 

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\rpcss.dll => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 

LastRegBack: 2013-09-01 00:30
 

==================== End Of Log ============================

--- --- ---

--- --- ---

--- --- ---

Alles wie beschrieben durchgeführt. Allerdings ist "Download Protect 2.2.0" unter den Firefox erweiterungen immer noch da.

Adobe updaten.

Downloade Dir bitte TFC ( von Oldtimer ) und speichere die Datei auf dem Desktop.
Schließe nun alle offenen Programme und trenne Dich von dem Internet.
Doppelklick auf die TFC.exe und drücke auf Start.
Sollte TFC nicht alle Dateien löschen können wird es einen Neustart verlangen. Dies bitte zulassen.

Revo Uninstaller - Download - Filepony
damit Firefox deinstallieren, keine Daten behalten, Reste entfernen lassen, neu installieren.

Dann:
https://support.mozilla.org/de/kb/fi...einfach-loesen

Revo Uninstaller - Download - Filepony
damit Chrome deinstallieren, keine Daten behalten, Reste entfernen lassen, neu installieren.

Dann:
https://support.google.com/chrome/answer/3296214?hl=de

Frisches FRST log bitte.

Der Adobe Reader sagt er sei aktuell.
Scheint jetzt weg zu sein!

Vielen Dank!!!

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014 (ATTENTION: ====> FRST version is 30 days old and could be outdated)

Ran by DKay (administrator) on DKAY-1 on 12-04-2014 03:40:14

Running from C:\Users\DKay\Desktop

Windows 7 Enterprise Service Pack 1 (X64) OS Language: German Standard

Internet Explorer Version 11

Boot Mode: Normal
 
 

==================== Processes (Whitelisted) =================
 

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

() C:\Windows\system32\wtdchngr.exe

(Aladdin Knowledge Systems Ltd.) C:\Windows\system32\hasplms.exe

(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

(Protexis Inc.) c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe

() C:\Program Files\CyberLink\Shared files\RichVideo64.exe

(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe

(Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe

(Intel Corporation) C:\Windows\System32\igfxtray.exe

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

(Dropbox, Inc.) C:\Users\DKay\AppData\Roaming\Dropbox\bin\Dropbox.exe

(shbox.de) C:\Program Files (x86)\FreePDF_XP\fpassist.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe

(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe

(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe

(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe

(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe

(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
 
 

==================== Registry (Whitelisted) ==================
 

HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472992 2013-03-21] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [NBAgent] - C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe [1234216 2010-04-03] (Nero AG)

HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)

HKLM-x32\...\Run: [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [FreePDF Assistant] - C:\Program Files (x86)\FreePDF_XP\fpassist.exe [371200 2011-02-23] (shbox.de)

HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-20] (Avira Operations GmbH & Co. KG)

HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)

HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-09-17] (Apple Inc.)

HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)

Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

HKU\S-1-5-21-4429514-2100052734-335998099-1000\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3672384 2012-04-11] (DT Soft Ltd)

HKU\S-1-5-21-4429514-2100052734-335998099-1000\...\Run: [AdobeBridge] - [X]

Startup: C:\Users\DKay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

ShortcutTarget: Dropbox.lnk -> C:\Users\DKay\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
 

==================== Internet (Whitelisted) ====================
 

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xB771045ECC6ACE01

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE

SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.google.de/search?q={searchTerms}&hl=de&gl=de&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}

SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.google.de/search?q={searchTerms}&hl=de&gl=de&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}

SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.google.de/search?q={searchTerms}&hl=de&gl=de&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}

SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.google.de/search?q={searchTerms}&hl=de&gl=de&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}

BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

DPF: HKLM {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://javadl-esd.oracle.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab

DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab

Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} -  No File

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
 

FireFox:

========

FF ProfilePath: C:\Users\DKay\AppData\Roaming\Mozilla\Firefox\Profiles\w74sj54y.default-1397266756425

FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_182.dll ()

FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)

FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_182.dll ()

FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @videolan.org/vlc,version=2.1.0 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
 

==================== Services (Whitelisted) =================
 

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)

R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)

R2 dxdiag32; C:\Windows\system32\wtdchngr.exe [117760 2013-07-28] ()

S4 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation)

S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation)

R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390672 2012-12-21] ()

R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
 

==================== Drivers (Whitelisted) ====================
 

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-12] (Avira Operations GmbH & Co. KG)

R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-12] (Avira Operations GmbH & Co. KG)

R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-25] (Avira Operations GmbH & Co. KG)

R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-04-13] (DT Soft Ltd)

R2 Hardlock; C:\Windows\SysWOW64\drivers\hardlock.sys [676864 2004-07-14] (Aladdin Knowledge Systems)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-04-03] (Malwarebytes Corporation)

S3 tapoas; C:\Windows\System32\DRIVERS\tapoas.sys [30720 2011-08-19] (The OpenVPN Project)

S3 gdrv; \??\C:\Windows\gdrv.sys [X]

S3 lmimirr; system32\DRIVERS\lmimirr.sys [X]

S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 

==================== NetSvcs (Whitelisted) ===================
 
 

==================== One Month Created Files and Folders ========
 

2014-04-12 03:39 - 2014-04-12 03:39 - 00000000 ____D () C:\Users\DKay\Desktop\Alte Firefox-Daten

2014-04-12 03:38 - 2014-04-12 03:38 - 00001143 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk

2014-04-12 03:38 - 2014-04-12 03:38 - 00000000 ____D () C:\Users\DKay\AppData\Roaming\Mozilla

2014-04-12 03:38 - 2014-04-12 03:38 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

2014-04-12 03:28 - 2014-04-12 03:28 - 00001260 _____ () C:\Users\DKay\Desktop\Revo Uninstaller.lnk

2014-04-12 03:28 - 2014-04-12 03:28 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group

2014-04-12 03:27 - 2014-04-12 03:27 - 00000870 _____ () C:\Users\DKay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Temp File Cleaner.lnk

2014-04-12 03:27 - 2014-04-12 03:27 - 00000840 _____ () C:\Users\DKay\Desktop\Temp File Cleaner.lnk

2014-04-12 03:27 - 2014-04-12 03:27 - 00000000 ____D () C:\Users\DKay\AppData\Roaming\addpcs

2014-04-12 03:27 - 2014-04-12 03:27 - 00000000 ____D () C:\Program Files\Temp File Cleaner

2014-04-12 03:18 - 2014-04-12 03:18 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\DKay\Downloads\revosetup95.exe

2014-04-12 03:17 - 2014-04-12 03:17 - 00077544 _____ () C:\Users\DKay\Documents\bookmarks-2014-04-12.json

2014-04-12 02:13 - 2014-04-12 02:19 - 00000000 ____D () C:\Users\DKay\AppData\Roaming\FileZilla

2014-04-12 02:13 - 2014-04-12 02:13 - 07386124 _____ () C:\Users\DKay\Downloads\FileZilla_3.8.0_win32.zip

2014-04-12 02:13 - 2014-04-12 02:13 - 00000000 ____D () C:\Users\DKay\Downloads\FileZilla_3.8.0_win32

2014-04-10 07:40 - 2014-04-10 07:40 - 00987448 _____ () C:\Users\DKay\Desktop\SecurityCheck.exe

2014-04-09 21:02 - 2014-04-09 21:02 - 02347384 _____ (ESET) C:\Users\DKay\Downloads\esetsmartinstaller_enu.exe

2014-04-09 08:27 - 2014-03-31 03:16 - 23134208 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-04-09 08:27 - 2014-03-31 03:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-04-09 08:27 - 2014-03-31 02:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2014-04-09 08:27 - 2014-03-31 01:57 - 17073152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2014-04-09 08:27 - 2014-03-04 11:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll

2014-04-09 08:27 - 2014-03-04 11:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll

2014-04-09 08:27 - 2014-03-04 11:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll

2014-04-09 08:27 - 2014-03-04 11:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll

2014-04-09 08:27 - 2014-03-04 11:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll

2014-04-09 08:27 - 2014-03-04 11:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll

2014-04-09 08:27 - 2014-03-04 11:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll

2014-04-09 08:27 - 2014-03-04 11:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe

2014-04-09 08:27 - 2014-03-04 11:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll

2014-04-09 08:27 - 2014-03-04 10:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe

2014-04-09 08:27 - 2014-03-04 10:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe

2014-04-09 08:27 - 2014-02-04 04:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys

2014-04-09 08:27 - 2014-02-04 04:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys

2014-04-09 08:27 - 2014-02-04 04:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys

2014-04-09 08:27 - 2014-02-04 04:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll

2014-04-09 08:27 - 2014-02-04 04:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll

2014-04-09 08:27 - 2014-01-24 04:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys

2014-04-08 10:54 - 2014-04-12 03:40 - 00011308 _____ () C:\Users\DKay\Desktop\FRST.txt

2014-04-08 10:50 - 2014-04-08 10:50 - 00003599 _____ () C:\Users\DKay\Desktop\JRT.txt

2014-04-08 10:46 - 2014-04-08 10:46 - 00000000 ____D () C:\Windows\ERUNT

2014-04-08 10:45 - 2014-04-08 10:45 - 01016261 _____ (Thisisu) C:\Users\DKay\Downloads\JRT.exe

2014-04-08 10:42 - 2014-04-08 10:30 - 00014175 _____ () C:\Users\DKay\Desktop\AdwCleaner[R1].txt

2014-04-08 10:27 - 2014-04-08 10:27 - 01426178 _____ () C:\Users\DKay\Downloads\adwcleaner(2).exe

2014-04-08 10:26 - 2014-04-08 10:26 - 01426178 _____ () C:\Users\DKay\Downloads\adwcleaner(1).exe

2014-04-08 10:24 - 2014-04-08 10:24 - 00008777 _____ () C:\Users\DKay\Desktop\mbam.txt

2014-04-08 09:56 - 2014-04-08 19:50 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-04-08 09:56 - 2014-04-08 09:56 - 00001098 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-04-08 09:56 - 2014-04-08 09:56 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-04-08 09:56 - 2014-04-08 09:56 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-04-08 09:56 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2014-04-08 09:56 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2014-04-08 09:56 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2014-04-08 09:55 - 2014-04-08 09:55 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\DKay\Downloads\mbam-setup-2.0.1.1004.exe

2014-04-08 09:07 - 2014-04-12 03:40 - 00000000 ____D () C:\FRST

2014-04-08 09:03 - 2014-04-08 09:03 - 02157056 _____ (Farbar) C:\Users\DKay\Desktop\FRST64.exe

2014-03-29 00:11 - 2014-03-29 00:11 - 00018176 _____ () C:\Users\DKay\Documents\cc_20140328_231115.reg

2014-03-29 00:01 - 2014-04-08 10:30 - 00000000 ____D () C:\AdwCleaner

2014-03-28 23:50 - 2014-03-28 23:50 - 00613200 _____ (Chip Digital GmbH) C:\Users\DKay\Downloads\CCleaner - CHIP-Downloader.exe

2014-03-27 07:14 - 2014-04-10 15:57 - 00000728 __RSH () C:\ProgramData\ntuser.pol

2014-03-19 07:20 - 2014-03-19 08:42 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
 

==================== One Month Modified Files and Folders =======
 

2014-04-12 03:40 - 2014-04-08 10:54 - 00011308 _____ () C:\Users\DKay\Desktop\FRST.txt

2014-04-12 03:40 - 2014-04-08 09:07 - 00000000 ____D () C:\FRST

2014-04-12 03:39 - 2014-04-12 03:39 - 00000000 ____D () C:\Users\DKay\Desktop\Alte Firefox-Daten

2014-04-12 03:38 - 2014-04-12 03:38 - 00001143 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk

2014-04-12 03:38 - 2014-04-12 03:38 - 00000000 ____D () C:\Users\DKay\AppData\Roaming\Mozilla

2014-04-12 03:38 - 2014-04-12 03:38 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

2014-04-12 03:38 - 2012-05-06 01:56 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service

2014-04-12 03:28 - 2014-04-12 03:28 - 00001260 _____ () C:\Users\DKay\Desktop\Revo Uninstaller.lnk

2014-04-12 03:28 - 2014-04-12 03:28 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group

2014-04-12 03:27 - 2014-04-12 03:27 - 00000870 _____ () C:\Users\DKay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Temp File Cleaner.lnk

2014-04-12 03:27 - 2014-04-12 03:27 - 00000840 _____ () C:\Users\DKay\Desktop\Temp File Cleaner.lnk

2014-04-12 03:27 - 2014-04-12 03:27 - 00000000 ____D () C:\Users\DKay\AppData\Roaming\addpcs

2014-04-12 03:27 - 2014-04-12 03:27 - 00000000 ____D () C:\Program Files\Temp File Cleaner

2014-04-12 03:26 - 2011-10-19 20:04 - 01209836 _____ () C:\Windows\WindowsUpdate.log

2014-04-12 03:18 - 2014-04-12 03:18 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\DKay\Downloads\revosetup95.exe

2014-04-12 03:17 - 2014-04-12 03:17 - 00077544 _____ () C:\Users\DKay\Documents\bookmarks-2014-04-12.json

2014-04-12 02:19 - 2014-04-12 02:13 - 00000000 ____D () C:\Users\DKay\AppData\Roaming\FileZilla

2014-04-12 02:13 - 2014-04-12 02:13 - 07386124 _____ () C:\Users\DKay\Downloads\FileZilla_3.8.0_win32.zip

2014-04-12 02:13 - 2014-04-12 02:13 - 00000000 ____D () C:\Users\DKay\Downloads\FileZilla_3.8.0_win32

2014-04-11 06:24 - 2009-07-14 06:45 - 00028944 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-04-11 06:24 - 2009-07-14 06:45 - 00028944 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-04-11 06:21 - 2010-11-21 08:22 - 00699432 _____ () C:\Windows\system32\perfh007.dat

2014-04-11 06:21 - 2010-11-21 08:22 - 00149572 _____ () C:\Windows\system32\perfc007.dat

2014-04-11 06:21 - 2009-07-14 07:13 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-04-11 06:17 - 2012-11-13 13:20 - 00000000 ___RD () C:\Users\DKay\Dropbox

2014-04-11 06:17 - 2012-11-13 12:38 - 00000000 ____D () C:\Users\DKay\AppData\Roaming\Dropbox

2014-04-10 17:59 - 2011-10-28 08:36 - 00000000 ____D () C:\Users\DKay\AppData\Roaming\vlc

2014-04-10 17:56 - 2011-10-22 18:23 - 00000000 ____D () C:\Users\DKay\AppData\Local\Adobe

2014-04-10 15:57 - 2014-03-27 07:14 - 00000728 __RSH () C:\ProgramData\ntuser.pol

2014-04-10 15:57 - 2012-04-06 09:21 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2014-04-10 15:57 - 2012-04-06 09:21 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2014-04-10 15:57 - 2011-10-20 07:54 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2014-04-10 07:40 - 2014-04-10 07:40 - 00987448 _____ () C:\Users\DKay\Desktop\SecurityCheck.exe

2014-04-10 03:01 - 2013-08-16 06:23 - 00000000 ____D () C:\Windows\system32\MRT

2014-04-10 03:00 - 2011-10-29 15:09 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2014-04-09 21:02 - 2014-04-09 21:02 - 02347384 _____ (ESET) C:\Users\DKay\Downloads\esetsmartinstaller_enu.exe

2014-04-09 20:57 - 2009-07-14 05:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy

2014-04-09 08:40 - 2011-11-14 15:36 - 00037376 _____ () C:\Users\DKay\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

2014-04-08 19:50 - 2014-04-08 09:56 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-04-08 15:25 - 2012-01-02 12:44 - 00000600 _____ () C:\Users\DKay\AppData\Local\PUTTY.RND

2014-04-08 15:10 - 2011-10-20 12:29 - 00000000 ____D () C:\Program Files (x86)\SmartFTP Client Ultimate 4.0.1174

2014-04-08 11:05 - 2013-07-11 15:32 - 00000000 ____D () C:\Program Files (x86)\hMailServer

2014-04-08 11:05 - 2011-10-19 20:36 - 00000000 ____D () C:\ProgramData\LogMeIn

2014-04-08 10:50 - 2014-04-08 10:50 - 00003599 _____ () C:\Users\DKay\Desktop\JRT.txt

2014-04-08 10:46 - 2014-04-08 10:46 - 00000000 ____D () C:\Windows\ERUNT

2014-04-08 10:45 - 2014-04-08 10:45 - 01016261 _____ (Thisisu) C:\Users\DKay\Downloads\JRT.exe

2014-04-08 10:30 - 2014-04-08 10:42 - 00014175 _____ () C:\Users\DKay\Desktop\AdwCleaner[R1].txt

2014-04-08 10:30 - 2014-03-29 00:01 - 00000000 ____D () C:\AdwCleaner

2014-04-08 10:27 - 2014-04-08 10:27 - 01426178 _____ () C:\Users\DKay\Downloads\adwcleaner(2).exe

2014-04-08 10:26 - 2014-04-08 10:26 - 01426178 _____ () C:\Users\DKay\Downloads\adwcleaner(1).exe

2014-04-08 10:24 - 2014-04-08 10:24 - 00008777 _____ () C:\Users\DKay\Desktop\mbam.txt

2014-04-08 10:22 - 2013-09-06 20:38 - 00000000 ____D () C:\Users\DKay\AppData\Roaming\TeamViewer

2014-04-08 10:20 - 2010-11-21 08:28 - 00000000 __SHD () C:\Windows\BitLockerDiscoveryVolumeContents

2014-04-08 09:56 - 2014-04-08 09:56 - 00001098 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-04-08 09:56 - 2014-04-08 09:56 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-04-08 09:56 - 2014-04-08 09:56 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-04-08 09:55 - 2014-04-08 09:55 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\DKay\Downloads\mbam-setup-2.0.1.1004.exe

2014-04-08 09:03 - 2014-04-08 09:03 - 02157056 _____ (Farbar) C:\Users\DKay\Desktop\FRST64.exe

2014-04-03 09:51 - 2014-04-08 09:56 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2014-04-03 09:51 - 2014-04-08 09:56 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2014-04-03 09:50 - 2014-04-08 09:56 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2014-04-01 11:46 - 2012-10-16 08:30 - 00000000 ____D () C:\Users\DKay\AppData\Local\FreePDF_XP

2014-03-31 03:16 - 2014-04-09 08:27 - 23134208 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-03-31 03:13 - 2014-04-09 08:27 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-03-31 02:13 - 2014-04-09 08:27 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2014-03-31 01:57 - 2014-04-09 08:27 - 17073152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2014-03-29 00:11 - 2014-03-29 00:11 - 00018176 _____ () C:\Users\DKay\Documents\cc_20140328_231115.reg

2014-03-28 23:51 - 2013-09-27 10:31 - 00000000 ____D () C:\Program Files\CCleaner

2014-03-28 23:50 - 2014-03-28 23:50 - 00613200 _____ (Chip Digital GmbH) C:\Users\DKay\Downloads\CCleaner - CHIP-Downloader.exe

2014-03-19 08:42 - 2014-03-19 07:20 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird

2014-03-18 20:32 - 2013-09-27 10:10 - 00000000 ____D () C:\Program Files (x86)\JDownloader

2014-03-13 04:16 - 2009-07-14 06:45 - 05010928 _____ () C:\Windows\system32\FNTCACHE.DAT
 

Some content of TEMP:

====================

C:\Users\DKay\AppData\Local\Temp\avgnt.exe
 
 

==================== Bamital & volsnap Check =================
 

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\rpcss.dll => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 

LastRegBack: 2013-09-01 00:30
 

==================== End Of Log ============================

--- --- ---

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Fertig :)

Die Reihenfolge ist hier entscheidend.

Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
- Windowstaste + R > Combofix /Uninstall (eingeben) > OK
- Alternative: Combofix.exe in uninstall.exe umbenennen und starten
- Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
Downloade Dir bitte auf jeden Fall DelFix auf deinen Desktop:
- Schließe alle offenen Programme.
- Starte die delfix.exe mit einem Doppelklick.
- Setze vor jede Funktion ein Häkchen.
- Klicke auf Start.
- Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
- Starte deinen Rechner abschließend neu.
Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.

Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun :)

Hier noch ein paar Tipps zur Absicherung deines Systems.

Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.

Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
Windows Updates
- Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
- Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
Gehe sicher das die automatischen Updates aktiviert sind.
Software Updates
Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.

Anti- Viren Software

Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.

Zusätzlicher Schutz

MalwareBytes Anti Malware
Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
Ein Tutorial zur Verwendung findest Du hier.
WinPatrol
Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.

Sicheres Browsen

SpywareBlaster
Eine kurze Einführung findest du Hier
MVPs hosts file
Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
WOT (Web of trust)
Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.

Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.

Opera
Mozilla Firefox.
- Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
- NoScript
  Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
- AdblockPlus
  Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
  Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )

Don'ts

Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe

Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.