Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Trojan.Gen.2 auf dem Rechner (https://www.trojaner-board.de/152699-trojan-gen-2-rechner.html)

Stoffl33 18.04.2014 12:52
Trojan.Gen.2 auf dem Rechner
 
Hallo,

gestern hat mein Virenscaner (Symantec) den Trojaner "Trojan.Gen.2" auf meinem Rechner entdeckt und isoliert.

Ansonsten ist nichts Auffälliges zu beobachten.

Welche Sicherheitsvorkehrungen, bzw. detaillierte Schritte sind empfehlenswert?

Bin (leider) ein absoluter Laie. Bitte seht es mir nach, wenn ich manches nicht sofort verstehe, bzw. "dumm" nachfrage.

Im voraus herzlichen Dank für eure Unterstützung!!!
Stoffl

schrauber 18.04.2014 14:20
hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)


Stoffl33 18.04.2014 15:35
Hi,

sorry, hat etwas gedauert. Folgend die beiden Files.

Schon mal vielen Dank im voraus!!!

Stoffl33 18.04.2014 15:38
Äh, vielleicht ist es so besser.

#
FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-04-2014 01
Ran by Bleicher (administrator) on BLEICHER-PC on 18-04-2014 16:29:11
Running from C:\Users\Bleicher\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Symantec Corporation) C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
(ASUSTeK Computer Inc.) C:\Windows\system32\FBAgent.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(ASUS) C:\Program Files\P4G\BatteryLife.exe
() C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUS) C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Nero AG) C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe
(PC Tools) C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe
(Prolific Technology Inc.) C:\Windows\SysWOW64\IoctlSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(ASUS) C:\Windows\AsScrPro.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
() C:\Users\Bleicher\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
(Intel® Corporation) C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
(Symantec Corporation) C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe
(PC Tools) C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\TiMiniService.exe
() C:\Program Files (x86)\Tor\tor.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\TiResumeSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel(R) Corporation) C:\Program Files\Intel\TurboBoost\TurboBoost.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [VizorHtmlDialog.exe] => C:\Program Files\Trend Micro\Titanium\UIFramework\VizorHtmlDialog.exe [1123664 2010-10-08] (Trend Micro Inc.)
HKLM\...\Run: [Trend Micro Client Framework] => C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe [192520 2010-10-12] (Trend Micro Inc.)
HKLM\...\Run: [Trend Micro Titanium] => C:\Program Files\Trend Micro\Titanium\VizorShortCut.exe [322384 2010-09-17] (Trend Micro Inc.)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2587944 2010-12-31] (ELAN Microelectronics Corp.)
HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
HKLM\...\Run: [Setwallpaper] => c:\programdata\SetWallpaper.cmd
HKLM\...\Run: [MRT] => C:\Windows\system32\MRT.exe [90655440 2014-03-31] (Microsoft Corporation)
HKLM-x32\...\Run: [Nuance PDF Reader-reminder] => C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe [328992 2008-11-03] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [UpdateLBPShortCut] => C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GoShortCut] => C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)
HKLM-x32\...\Run: [ccApp] => C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe [115560 2010-01-25] (Symantec Corporation)
HKLM-x32\...\Run: [SSDMonitor] => C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe [103896 2012-01-04] (PC Tools)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-525802556-1916836350-3712072045-1000\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-06] (Acresso Corporation)
HKU\S-1-5-21-525802556-1916836350-3712072045-1001\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-06] (Acresso Corporation)
HKU\S-1-5-21-525802556-1916836350-3712072045-1001\...\Run: [Amazon Cloud Player] => C:\Users\Bleicher\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe [3140608 2014-01-14] ()
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [226920 2011-04-28] (NVIDIA Corporation)
Startup: C:\Users\Bleicher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Intel(R) Turbo Boost Technology Monitor 2.0.lnk
ShortcutTarget: Intel(R) Turbo Boost Technology Monitor 2.0.lnk -> C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe (Intel® Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com
SearchScopes: HKLM - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL =
SearchScopes: HKLM - {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dsites&cd=2XzuyEtN2Y1L1Qzu0DtD0D0Fzy0AzzyDtAzy0DtBtA0AyEyDtN0D0Tzu0SyBzyyCtN1L2XzutBtFtCyBtFtDtFtBtN1L1CzutDtBtCtC1V1RtN1L1G1B1V1N2Y1L1Qzu2SyD0Bzz0Dzy0EzzzytGtB0F0A0EtG0AzzzzyDtG0FtA0CzytGtD0BtDzyyEyEyBtDyE0B0Fzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAyDtDtDtDyE0F0FtGyD0FtC0FtGzztCtAtAtGzyzy0B0BtGyB0FtDzyyBzztCyEzytAzz0C2Q&cr=2025049647&ir=
SearchScopes: HKLM-x32 - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT
SearchScopes: HKCU - DefaultScope {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dsites&cd=2XzuyEtN2Y1L1Qzu0DtD0D0Fzy0AzzyDtAzy0DtBtA0AyEyDtN0D0Tzu0SyBzyyCtN1L2XzutBtFtCyBtFtDtFtBtN1L1CzutDtBtCtC1V1RtN1L1G1B1V1N2Y1L1Qzu2SyD0Bzz0Dzy0EzzzytGtB0F0A0EtG0AzzzzyDtG0FtA0CzytGtD0BtDzyyEyEyBtDyE0B0Fzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAyDtDtDtDyE0F0FtGyD0FtC0FtGzztCtAtAtGzyzy0B0BtGyB0FtDzyyBzztCyEzytAzz0C2Q&cr=2025049647&ir=
SearchScopes: HKCU - {09BE385C-C2BD-4B30-8B1C-96BF0C3693C6} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=^U3&apn_dtid=^OSJ000^YY^DE&apn_uid=E3E265D0-9979-4A3B-B912-E8B14CAB0609&apn_sauid=F6C09B50-0172-4B2D-9696-3DD72F317403
SearchScopes: HKCU - {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dsites&cd=2XzuyEtN2Y1L1Qzu0DtD0D0Fzy0AzzyDtAzy0DtBtA0AyEyDtN0D0Tzu0SyBzyyCtN1L2XzutBtFtCyBtFtDtFtBtN1L1CzutDtBtCtC1V1RtN1L1G1B1V1N2Y1L1Qzu2SyD0Bzz0Dzy0EzzzytGtB0F0A0EtG0AzzzzyDtG0FtA0CzytGtD0BtDzyyEyEyBtDyE0B0Fzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAyDtDtDtDyE0F0FtGyD0FtC0FtGzztCtAtAtGzyzy0B0BtGyB0FtDzyyBzztCyEzytAzz0C2Q&cr=2025049647&ir=
BHO: TmIEPlugInBHO Class - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg.dll (Trend Micro Inc.)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll (Google Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: TmBpIeBHO Class - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe64.dll (Trend Micro Inc.)
BHO-x32: TmIEPlugInBHO Class - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg32.dll (Trend Micro Inc.)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: TmBpIeBHO Class - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe32.dll (Trend Micro Inc.)
BHO-x32: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe64.dll (Trend Micro Inc.)
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg.dll (Trend Micro Inc.)
Handler-x32: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe32.dll (Trend Micro Inc.)
Handler-x32: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg32.dll (Trend Micro Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Bleicher\AppData\Roaming\Mozilla\Firefox\Profiles\wmrcdugc.default
FF user.js: detected! => C:\Users\Bleicher\AppData\Roaming\Mozilla\Firefox\Profiles\wmrcdugc.default\user.js
FF DefaultSearchEngine: Mysearchdial
FF SearchEngineOrder.1: Mysearchdial
FF SelectedSearchEngine: Mysearchdial
FF Homepage: about:home
FF Keyword.URL: user_pref("keyword.URL", "");
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.13.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.13.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: ZEON/PDF,version=2.0 - C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Users\Bleicher\Downloads\npAmazonMP3DownloaderPlugin101721.dll (Amazon.com, Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF HKLM-x32\...\Firefox\Extensions: [{22C7F6C6-8D67-4534-92B5-529A0EC09405}] - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\firefoxextension\
FF Extension: Trend Micro NSC Firefox Extension - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\firefoxextension\ []
FF HKLM-x32\...\Firefox\Extensions: [{20d1f7b3-7721-4da0-b6f3-78bb4d7248f4}] - C:\Program Files (x86)\Browser Guard\browserguard.xpi
FF Extension: Browser Guard - C:\Program Files (x86)\Browser Guard\browserguard.xpi [2014-02-24]

Chrome:
=======
CHR Extension: (Google Wallet) - C:\Users\Bleicher\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-11]

==================== Services (Whitelisted) =================

R2 Atheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [138400 2011-03-13] (Atheros)
R2 ccEvtMgr; C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe [108392 2010-01-25] (Symantec Corporation)
R2 ccSetMgr; C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe [108392 2010-01-25] (Symantec Corporation)
S2 CLKMSVC10_38F51D56; C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [241648 2010-11-13] (CyberLink)
R2 HPSLPSVC; C:\Users\Bleicher\AppData\Local\Temp\7zS03CE\hpslpsvc64.dll [1039360 2013-02-06] (Hewlett-Packard Co.)
S3 LiveUpdate; C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_3.EXE [3093880 2010-02-17] (Symantec Corporation)
R2 Nero BackItUp Scheduler 3; C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe [877864 2008-02-18] (Nero AG)
S3 NMIndexingService; C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe [529704 2008-02-28] (Nero AG)
R2 PCToolsSSDMonitorSvc; C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [793048 2012-01-04] (PC Tools)
R2 PLFlash DeviceIoControl Service; C:\Windows\SysWOW64\IoctlSvc.exe [81920 2006-12-19] (Prolific Technology Inc.)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)
S2 SmcService; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe [3218880 2010-04-16] (Symantec Corporation)
S4 SNAC; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE [419656 2010-04-01] (Symantec Corporation)
R2 Symantec AntiVirus; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe [1831024 2010-04-23] (Symantec Corporation)
R2 TiMiniService; C:\Program Files\Trend Micro\Titanium\TiMiniService.exe [241488 2010-09-17] (Trend Micro Inc.)
R2 tor; C:\Program Files (x86)\Tor\tor.exe [3233806 2013-09-11] ()
S3 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000 [X]

==================== Drivers (Whitelisted) ====================

R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-12-05] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2013-12-05] (Symantec Corporation)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
R3 NAVENG; C:\ProgramData\Symantec\Definitions\VirusDefs\20140416.004\ENG64.SYS [126040 2013-08-22] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Symantec\Definitions\VirusDefs\20140416.004\EX64.SYS [2099288 2013-08-22] (Symantec Corporation)
R1 SRTSP; C:\Windows\System32\Drivers\SRTSP64.SYS [447536 2010-03-08] (Symantec Corporation)
R1 SRTSP; C:\Windows\SysWOW64\Drivers\SRTSP64.SYS [447536 2010-03-08] (Symantec Corporation)
S3 SRTSPL; C:\Windows\System32\Drivers\SRTSPL64.SYS [482352 2010-03-08] (Symantec Corporation)
S3 SRTSPL; C:\Windows\SysWOW64\Drivers\SRTSPL64.SYS [482352 2010-03-08] (Symantec Corporation)
R1 SRTSPX; C:\Windows\System32\Drivers\SRTSPX64.SYS [32304 2010-03-08] (Symantec Corporation)
R1 SRTSPX; C:\Windows\SysWOW64\Drivers\SRTSPX64.SYS [32304 2010-03-08] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [172592 2011-12-28] (Symantec Corporation)
R3 Teefer2; C:\Windows\System32\DRIVERS\teefer2.sys [64048 2009-12-28] (Symantec Corporation)
R2 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [90704 2010-09-17] (Trend Micro Inc.)
R2 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [144464 2010-09-17] (Trend Micro Inc.)
R2 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [67664 2010-09-17] (Trend Micro Inc.)
R1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [105552 2010-09-17] (Trend Micro Inc.)
R1 WPS; C:\Windows\system32\drivers\wpsdrvnt.sys [52784 2010-04-16] (Symantec Corporation)
S3 WpsHelper; C:\Windows\system32\drivers\WpsHelper.sys [233120 2012-11-14] (Symantec Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-18 16:29 - 2014-04-18 16:29 - 00023489 _____ () C:\Users\Bleicher\Desktop\FRST.txt
2014-04-18 16:29 - 2014-04-18 16:29 - 00000000 ____D () C:\FRST
2014-04-18 16:27 - 2014-04-18 16:27 - 02158592 _____ (Farbar) C:\Users\Bleicher\Desktop\FRST64.exe
2014-04-16 13:40 - 2014-03-31 03:51 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-04-09 13:55 - 2014-03-31 03:16 - 23134208 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-09 13:55 - 2014-03-31 03:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-09 13:55 - 2014-03-31 02:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-04-09 13:55 - 2014-03-31 01:57 - 17073152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-04-09 13:54 - 2014-03-04 11:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-04-09 13:54 - 2014-03-04 11:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2014-04-09 13:54 - 2014-03-04 11:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2014-04-09 13:54 - 2014-03-04 11:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2014-04-09 13:54 - 2014-03-04 11:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2014-04-09 13:54 - 2014-03-04 11:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2014-04-09 13:54 - 2014-03-04 11:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-04-09 13:54 - 2014-03-04 11:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2014-04-09 13:54 - 2014-03-04 11:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2014-04-09 13:54 - 2014-03-04 10:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2014-04-09 13:54 - 2014-03-04 10:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2014-04-09 13:54 - 2014-02-04 04:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2014-04-09 13:54 - 2014-02-04 04:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-04-09 13:54 - 2014-02-04 04:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2014-04-09 13:54 - 2014-02-04 04:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
2014-04-09 13:54 - 2014-02-04 04:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll
2014-04-09 13:54 - 2014-01-24 04:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-04-04 19:08 - 2014-04-04 19:08 - 00001785 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-04-04 19:08 - 2014-04-04 19:08 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-04-04 19:08 - 2014-04-04 19:08 - 00000000 ____D () C:\Program Files\iTunes
2014-04-04 19:08 - 2014-04-04 19:08 - 00000000 ____D () C:\Program Files\iPod
2014-04-04 19:08 - 2014-04-04 19:08 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-03-31 18:44 - 2014-03-31 18:45 - 00000000 ____D () C:\Users\Bleicher\AppData\Local\{152A8B1C-ADED-4B60-ABA9-3DB8156E855B}
2014-03-30 21:55 - 2014-03-30 21:55 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-03-30 21:54 - 2014-03-30 21:54 - 00001104 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-03-30 21:54 - 2014-03-30 21:54 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-03-30 21:54 - 2014-03-05 09:26 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-03-30 21:54 - 2014-03-05 09:26 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-03-30 21:54 - 2014-03-05 09:26 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-03-30 21:53 - 2014-03-30 21:54 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\Bleicher\Downloads\mbam-setup-2.0.0.1000.exe
2014-03-30 00:03 - 2014-03-30 00:03 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

==================== One Month Modified Files and Folders =======

2014-04-18 16:29 - 2014-04-18 16:29 - 00023489 _____ () C:\Users\Bleicher\Desktop\FRST.txt
2014-04-18 16:29 - 2014-04-18 16:29 - 00000000 ____D () C:\FRST
2014-04-18 16:27 - 2014-04-18 16:27 - 02158592 _____ (Farbar) C:\Users\Bleicher\Desktop\FRST64.exe
2014-04-18 16:06 - 2011-04-13 04:33 - 00001124 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-18 15:53 - 2014-03-06 22:53 - 00000304 _____ () C:\Windows\Tasks\Digital Sites.job
2014-04-18 15:46 - 2014-03-06 22:53 - 00000304 _____ () C:\Windows\Tasks\MySearchDial.job
2014-04-18 15:44 - 2011-08-18 23:56 - 01138091 _____ () C:\Windows\WindowsUpdate.log
2014-04-18 15:06 - 2009-07-14 06:51 - 00171294 _____ () C:\Windows\setupact.log
2014-04-18 14:06 - 2011-04-13 04:33 - 00001120 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-18 12:03 - 2009-07-14 06:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-18 12:03 - 2009-07-14 06:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-18 11:55 - 2011-08-19 00:21 - 00045056 _____ () C:\Windows\system32\acovcnt.exe
2014-04-18 11:55 - 2011-08-19 00:03 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-04-18 11:55 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-16 19:00 - 2012-01-06 20:00 - 00000412 _____ () C:\Windows\SysWOW64\AppLog.log
2014-04-16 19:00 - 2012-01-06 16:31 - 00000292 _____ () C:\Windows\Tasks\RMSchedule.job
2014-04-16 13:42 - 2013-08-11 17:22 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-15 22:17 - 2013-12-19 23:28 - 00000000 ____D () C:\Users\Bleicher\AppData\Local\Amazon Cloud Player
2014-04-10 19:11 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-04-10 14:11 - 2011-12-27 13:09 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-04-09 14:08 - 2012-06-12 19:05 - 00002177 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-04-04 19:08 - 2014-04-04 19:08 - 00001785 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-04-04 19:08 - 2014-04-04 19:08 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-04-04 19:08 - 2014-04-04 19:08 - 00000000 ____D () C:\Program Files\iTunes
2014-04-04 19:08 - 2014-04-04 19:08 - 00000000 ____D () C:\Program Files\iPod
2014-04-04 19:08 - 2014-04-04 19:08 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-04-04 19:05 - 2012-01-03 22:55 - 00000000 ____D () C:\ProgramData\Apple
2014-04-04 14:01 - 2011-04-13 04:33 - 00004120 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-04-04 14:01 - 2011-04-13 04:33 - 00003868 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-03-31 18:45 - 2014-03-31 18:44 - 00000000 ____D () C:\Users\Bleicher\AppData\Local\{152A8B1C-ADED-4B60-ABA9-3DB8156E855B}
2014-03-31 18:35 - 2011-02-19 06:24 - 00710754 _____ () C:\Windows\system32\perfh007.dat
2014-03-31 18:35 - 2011-02-19 06:24 - 00153202 _____ () C:\Windows\system32\perfc007.dat
2014-03-31 18:35 - 2009-07-14 07:13 - 01650248 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-31 13:53 - 2011-04-13 03:39 - 00328096 _____ () C:\Windows\PFRO.log
2014-03-31 03:51 - 2014-04-16 13:40 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-03-31 03:16 - 2014-04-09 13:55 - 23134208 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-31 03:13 - 2014-04-09 13:55 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-31 02:13 - 2014-04-09 13:55 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-31 01:57 - 2014-04-09 13:55 - 17073152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-30 22:04 - 2014-03-06 22:53 - 00000000 ____D () C:\Users\Bleicher\AppData\Roaming\DigitalSites
2014-03-30 21:55 - 2014-03-30 21:55 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-03-30 21:54 - 2014-03-30 21:54 - 00001104 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-03-30 21:54 - 2014-03-30 21:54 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-03-30 21:54 - 2014-03-30 21:53 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\Bleicher\Downloads\mbam-setup-2.0.0.1000.exe
2014-03-30 21:54 - 2013-12-06 21:59 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-30 21:23 - 2014-03-06 22:53 - 00000100 _____ () C:\Users\Bleicher\AppData\Roaming\WB.CFG
2014-03-30 20:17 - 2012-05-12 15:18 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-03-30 00:03 - 2014-03-30 00:03 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-27 22:28 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-03-22 19:53 - 2012-12-30 19:39 - 00000000 ____D () C:\Users\Bleicher\Kontoauszüge
2014-03-22 19:53 - 2011-12-26 16:21 - 00000000 ____D () C:\Users\Bleicher
2014-03-19 20:02 - 2012-01-04 21:07 - 00000000 ____D () C:\Users\Bleicher\AppData\Local\CrashDumps

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-04-09 15:53

==================== End Of Log ============================
--- --- ---

--- --- ---


#FRST Additions Logfile:
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-04-2014 01
Ran by Bleicher at 2014-04-18 16:29:38
Running from C:\Users\Bleicher\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Trend Micro Titanium Internet Security (Disabled - Up to date) {68F968AC-2AA0-091D-848C-803E83E35902}
AV: Symantec Endpoint Protection (Enabled - Up to date) {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
AS: Trend Micro Titanium Internet Security (Disabled - Up to date) {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: Symantec Endpoint Protection (Enabled - Up to date) {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
FW: Symantec Endpoint Protection (Disabled) {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}

==================== Installed Programs ======================

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.5.1.17730 - Adobe Systems Inc.)
Adobe AIR (x32 Version: 2.5.1.17730 - Adobe Systems Inc.) Hidden
Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.7.700.224 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.7.700.224 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.3.633 - Adobe Systems, Inc.)
Amazon Cloud Player (HKCU\...\Amazon Amazon Cloud Player) (Version: 2.3.0.422 - Amazon Services LLC)
Amazon MP3-Downloader 1.0.17 (HKLM-x32\...\Amazon MP3-Downloader) (Version: 1.0.17 - Amazon Services LLC)
Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASUS AI Recovery (HKLM-x32\...\{D39F0676-163E-4595-A917-E28F99BBD4D2}) (Version: 1.0.14 - ASUS)
ASUS FancyStart (HKLM-x32\...\{2B81872B-A054-48DA-BE3B-FA5C164C303A}) (Version: 1.1.0 - ASUSTeK Computer Inc.)
ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.0.22 - ASUS)
ASUS Live Update (HKLM-x32\...\{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}) (Version: 2.5.9 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{33B98264-A889-4913-A0CA-C364A75032B3}) (Version: 1.1.45 - ASUS)
ASUS SmartLogon (HKLM-x32\...\{64452561-169F-4A36-A2FF-B5E118EC65F5}) (Version: 1.0.0011 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.02.0031 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{AECA3622-E634-4A55-A696-70A511CBE06E}) (Version: 2.0.0 - AsusTek Computer Inc.)
ASUS Virtual Camera (HKLM-x32\...\{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}) (Version: 1.0.21 - asus)
ASUS WebStorage (HKLM-x32\...\ASUS WebStorage) (Version: 3.0.84.161 - eCareme Technologies, Inc.)
AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.4.617 - ASUSTEK)
Atheros Client Installation Program (HKLM-x32\...\{D3694B69-6F8C-42D3-8A0A-EB2AB528C02C}) (Version: 7.0 - Atheros)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0010 - ASUS)
Bluetooth Win7 Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.2.0.65 - Atheros Communications)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Bookworm Deluxe (HKLM-x32\...\Bookworm Deluxe) (Version:  - Oberon Media Inc.)
Browser Guard (HKLM-x32\...\Browser Guard) (Version:  - )
Civilization III (HKLM-x32\...\{0AD84416-63A4-4CF3-BDDF-8FA866711FB0}) (Version:  - )
Civilization III: Conquests (HKLM-x32\...\{F31BC49F-AB7B-4A53-A399-EB7331B585BC}) (Version:  - )
Control ActiveX de Windows Live Mesh para conexiones remotas (HKLM-x32\...\{04668DF2-D32F-4555-9C7E-35523DCD6544}) (Version: 15.4.5722.2 - Microsoft Corporation)
Contrôle ActiveX Windows Live Mesh pour connexions à distance (HKLM-x32\...\{55D003F4-9599-44BF-BA9E-95D060730DD3}) (Version: 15.4.5722.2 - Microsoft Corporation)
Controlo ActiveX do Windows Live Mesh para Ligações Remotas (HKLM-x32\...\{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}) (Version: 15.4.5722.2 - Microsoft Corporation)
Cooking Dash (HKLM-x32\...\Cooking Dash) (Version:  - Oberon Media Inc.)
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1908 - CyberLink Corp.)
CyberLink LabelPrint (x32 Version: 2.5.1908 - CyberLink Corp.) Hidden
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.3602c - CyberLink Corp.)
CyberLink Power2Go (x32 Version: 6.1.3602c - CyberLink Corp.) Hidden
CyberLink PowerDVD 10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.2312.52 - CyberLink Corp.)
CyberLink PowerDVD 10 (x32 Version: 10.0.2312.52 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{5971CA1F-6BDE-498F-952C-9F2BF94070A4}) (Version:  - Microsoft)
ETDWare PS/2-X64 8.0.5.1_WHQL (HKLM\...\Elantech) (Version: 8.0.5.1 - ELAN Microelectronic Corp.)
Fast Boot (HKLM\...\{13F4A7F3-EABC-4261-AF6B-1317777F0755}) (Version: 1.0.9 - ASUS)
FoxTab PDF Creator (HKCU\...\FoxTab PDF Creator) (Version:  - ) <==== ATTENTION
FunPhotor 6.1 (HKLM-x32\...\FunPhotor_is1) (Version:  - ZeallSoft, Inc.)
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Game Park Console (HKLM-x32\...\{E71E60C1-533E-45A5-8D80-E475E88D2B17}_is1) (Version: 6.2.1.1 - Oberon Media, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 34.0.1847.116 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version:  - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.23.9 - Google Inc.) Hidden
Governor of Poker (HKLM-x32\...\Governor of Poker) (Version:  - Oberon Media Inc.)
Hotel Dash Suite Success (HKLM-x32\...\Hotel Dash Suite Success) (Version:  - Oberon Media Inc.)
HP Deskjet 1050 J410 series - Grundlegende Software für das Gerät (HKLM\...\{C3F12DD0-54B1-4B2B-A82B-FA43502BC550}) (Version: 28.0.1313.0 - Hewlett-Packard Co.)
HP Deskjet 1050 J410 series Hilfe (HKLM-x32\...\{5C90D8CF-F12A-41C6-9007-3B651A1F0D78}) (Version: 140.0.66.66 - Hewlett Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.3781 - HP Photo Creations Powered by RocketLife)
HP Update (HKLM-x32\...\{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}) (Version: 5.003.003.001 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2345 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.2.1004 - Intel Corporation)
Intel(R) Turbo Boost Technology Monitor 2.0 (HKLM\...\{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}) (Version: 2.1.23.0 - Intel)
iTunes (HKLM\...\{B8BA155B-1E75-405F-9CB4-8A99615D09DC}) (Version: 11.1.5.5 - Apple Inc.)
Java 7 Update 13 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217013FF}) (Version: 7.0.130 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.0 - Sun Microsystems, Inc.) Hidden
Jewel Quest 3 (HKLM-x32\...\Jewel Quest 3) (Version:  - Oberon Media Inc.)
Juniper Networks Host Checker (HKCU\...\Neoteris_Host_Checker) (Version: 7.1.0.19243 - Juniper Networks)
Juniper Networks, Inc. Setup Client (HKCU\...\Juniper_Setup_Client) (Version: 7.1.4.13103 - Juniper Networks, Inc.)
Juniper Networks, Inc. Setup Client Activex Control (HKLM-x32\...\Juniper_Setup_Client Activex Control) (Version: 2.1.1.1 - Juniper Networks, Inc.)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Konz 2012 (HKLM-x32\...\InstallShield_{1D33BCF7-B5B6-4148-B888-9CC2EC208556}) (Version: 1.00.0000 - USM)
Konz 2012 (x32 Version: 1.00.0000 - USM) Hidden
Konz 2013 (HKLM-x32\...\InstallShield_{76651FD7-2B71-4B61-9F3A-E82F52F08D92}) (Version: 1.00.0000 - USM)
Konz 2013 (x32 Version: 1.00.0000 - USM) Hidden
LiveUpdate 3.3 (Symantec Corporation) (HKLM-x32\...\LiveUpdate) (Version: 3.3.0.96 - Symantec Corporation)
LOGO!Soft Comfort V7.0 (Demo) (HKLM\...\LOGO!Soft Comfort V7.0 (Demo)) (Version: 7.0.0.0 - Siemens AG)
Luxor 3 (HKLM-x32\...\Luxor 3) (Version:  - Oberon Media Inc.)
Mahjongg dimensions (HKLM-x32\...\Mahjongg dimensions) (Version:  - Oberon Media Inc.)
Malwarebytes Anti-Malware Version 2.00.0.1000 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.00.0.1000 - Malwarebytes Corporation)
McDonald's Dragons (HKLM-x32\...\McDonald's Dragons ) (Version:  - Name of your company)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 28.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 28.0 (x86 de)) (Version: 28.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NAVIGON Fresh 3.5.1 (HKLM-x32\...\NAVIGON Fresh) (Version: 3.5.1 - NAVIGON)
Nero 8 Essentials (HKLM-x32\...\{E64404F1-98DC-4CC8-A1A7-EF36E4E21031}) (Version: 8.3.99 - Nero AG)
neroxml (x32 Version: 1.0.0 - Nero AG) Hidden
NetSchafkopf (HKLM-x32\...\{A617C55E-08F5-4AD0-B644-1A7939A77A45}) (Version: 1.1.1 - CuteSoft)
netWatten (HKCU\...\netWatten) (Version:  - netWatten.com)
Nuance PDF Reader (HKLM-x32\...\{B480904D-F73F-4673-B034-8A5F492C9184}) (Version: 6.00.0041 - Nuance Communications, Inc.)
NVIDIA 3D Vision Driver 268.39 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 268.39 - NVIDIA Corporation)
NVIDIA Control Panel 268.39 (Version: 268.39 - NVIDIA Corporation) Hidden
NVIDIA Graphics Driver 268.39 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 268.39 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.2.22.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.2.22.1 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.265.41.0 - NVIDIA Corporation) Hidden
NVIDIA Optimus 1.0.21 (Version: 1.0.21 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.12.6839 - NVIDIA Corporation) Hidden
NVIDIA Update Components (Version: 1.0.21 - NVIDIA Corporation) Hidden
PC Tools Registry Mechanic 11.0 (HKLM-x32\...\Registry Mechanic_is1) (Version: 11.0 - PC Tools)
Pixum Fotobuch (HKLM-x32\...\Pixum Fotobuch) (Version: 5.0.1 - CEWE COLOR AG u Co. OHG)
Plants vs Zombies (HKLM-x32\...\Plants vs Zombies) (Version:  - Oberon Media Inc.)
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Ravensburger tiptoi (HKLM-x32\...\Ravensburger tiptoi) (Version:  - )
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.41.216.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6370 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Reader Driver (HKLM-x32\...\{62BBB2F0-E220-4821-A564-730807D2C34D}) (Version: 6.1.7600.10008 - Realtek Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.34.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.34.0 - Renesas Electronics Corporation) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version:  - Microsoft) Hidden
Sonic Focus (HKLM-x32\...\{09BCB9CE-964B-4BDA-AE46-B5A0ABEF1D3F}) (Version: 1.0.0.4 - Synopsys )
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.2.25 - Safer-Networking Ltd.)
Steuer 2011 (HKLM-x32\...\{4785CED6-73B3-45FA-AFE6-EDEDFDE67842}) (Version: 19.00.7304 - Buhl Data Service GmbH)
Steuer 2012 (HKLM-x32\...\{01159E8A-44F7-4885-A7F9-872CE4D74063}) (Version: 20.00.8137 - Buhl Data Service GmbH)
Studie zur Verbesserung von HP Deskjet 1050 J410 series Produkten (HKLM\...\{B099E941-4789-46A1-9B14-01CFD04E03B3}) (Version: 28.0.1313.0 - Hewlett-Packard Co.)
Sudoku Deluxe 4 Kids (HKLM-x32\...\Sudoku Deluxe 4 Kids_is1) (Version:  - cerasus.media)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Symantec Endpoint Protection (HKLM\...\{0A2163CB-4F47-44AA-A219-36133260CF17}) (Version: 11.0.6005.562 - *Symantec Corporation)
syncables desktop SE (HKLM-x32\...\{341697D8-9923-445E-B42A-529E5A99CB7A}) (Version: 5.5.746.11492 - syncables)
Trend Micro Titanium Internet Security (HKLM\...\{ABBD4BA8-6703-40D2-AB1E-5BB1F7DB49A4}) (Version: 3.0 - Trend Micro Inc.)
Trend Micro Titanium Internet Security (Version: 3.00 - Trend Micro Inc.) Hidden
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2837594) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{D3C85176-ACCC-4AF0-817D-1BC803303B74}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2837594) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{D3C85176-ACCC-4AF0-817D-1BC803303B74}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{39767ECA-1731-45DB-AB5B-6BF40E151D66}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{BA610006-2C39-4419-9834-CF61AB24810A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{C70D2038-A2C4-4A99-87DE-5272BB44F0CE}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{82F87E28-B18E-46D6-A399-E2F19CF5949B}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2863818) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{83B1B530-7D9E-4C6A-907F-E979CEE9C295}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{EFF5EBA3-40AD-4859-85E7-3C1CF4F297EB}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{A0657506-69DC-44AE-8DC1-58E7C6F5B1C9}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{40EC8FB1-5202-469D-9232-C28FB1C6FC64}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft Visio 2010 (KB2553444) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{799005D3-9B70-4219-AFE0-BC479614CC4D}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{8C55AA83-54C2-4236-A622-78440A411DC5}) (Version:  - Microsoft)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen (HKLM-x32\...\{C32CE55C-12BA-4951-8797-0967FDEF556F}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Корпорация Майкрософт) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 影像中心 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 程式集 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.31.1 - ASUS)
WinZip 17.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240D9}) (Version: 17.0.10381 - WinZip Computing, S.L. )
Wireless Console 3 (HKLM-x32\...\{8150221C-8F7E-4997-AD4E-AFDEE7F4B410}) (Version: 3.0.21 - ASUS)
World of Goo (HKLM-x32\...\World of Goo) (Version:  - Oberon Media Inc.)
Zahlenbuch 2 (HKLM-x32\...\Zahlenbuch 2) (Version:  - )
Zip Extractor Packages (HKCU\...\Zip Extractor Packages) (Version:  - ) <==== ATTENTION
Στοιχείο ελέγχου ActiveX του Windows Live Mesh για απομακρυσμένες συνδέσεις (HKLM-x32\...\{F665F3B8-01B4-46A9-8E47-FF8DC2208C9F}) (Version: 15.4.5722.2 - Microsoft Corporation)
Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Основные компоненты Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Почта Windows Live (x32 Version: 15.4.3502.0922 - Корпорация Майкрософт) Hidden
Фотоальбом Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Элемент управления Windows Live Mesh ActiveX для удаленных подключений (HKLM-x32\...\{BCB0D6F7-7EAB-4009-A6F2-8E0E7F317773}) (Version: 15.4.5722.2 - Microsoft Corporation)
גלריית התמונות של Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
פקד ActiveX של Windows Live Mesh עבור חיבורים מרוחקים (HKLM-x32\...\{9D4C7DFA-CBBB-4F06-BDAC-94D831406DF0}) (Version: 15.4.5722.2 - Microsoft Corporation)
بريد Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
عنصر تحكم ActiveX الخاص بـ Windows Live Mesh للاتصالات البعيدة (HKLM-x32\...\{E18B30AA-6E2D-480C-B918-AF61009F4010}) (Version: 15.4.5722.2 - Microsoft Corporation)
معرض صور Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
適用遠端連線的 Windows Live Mesh ActiveX 控制項 (HKLM-x32\...\{622DE1BE-9EDE-49D3-B349-29D64760342A}) (Version: 15.4.5722.2 - Microsoft Corporation)

==================== Restore Points  =========================

13-03-2014 21:27:16 Windows Update
18-03-2014 19:51:20 Windows Update
26-03-2014 14:52:21 Geplanter Prüfpunkt
05-04-2014 20:14:19 Geplanter Prüfpunkt
10-04-2014 12:06:04 Windows Update
16-04-2014 11:40:30 Windows Update

==================== Hosts content: ==========================

2009-07-14 04:34 - 2014-03-17 19:13 - 00450709 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1        www.007guard.com
127.0.0.1        007guard.com
127.0.0.1        008i.com
127.0.0.1        www.008k.com
127.0.0.1        008k.com
127.0.0.1        www.00hq.com
127.0.0.1        00hq.com
127.0.0.1        010402.com
127.0.0.1        www.032439.com
127.0.0.1        032439.com
127.0.0.1        www.0scan.com
127.0.0.1        0scan.com
127.0.0.1        1000gratisproben.com
127.0.0.1        www.1000gratisproben.com
127.0.0.1        1001namen.com
127.0.0.1        www.1001namen.com
127.0.0.1        100888290cs.com
127.0.0.1        www.100888290cs.com
127.0.0.1        www.100sexlinks.com
127.0.0.1        100sexlinks.com
127.0.0.1        10sek.com
127.0.0.1        www.10sek.com
127.0.0.1        www.1-2005-search.com
127.0.0.1        1-2005-search.com
127.0.0.1        123fporn.info
127.0.0.1        www.123fporn.info
127.0.0.1        123haustiereundmehr.com
127.0.0.1        www.123haustiereundmehr.com
127.0.0.1        123moviedownload.com

There are 1000 more lines.


==================== Scheduled Tasks (whitelisted) =============

Task: {09E8C366-90BC-4C44-90E8-6EC25B787EE7} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe [2007-11-30] ()
Task: {0F688D4E-7DE0-4EBC-B0F5-D1F599365003} - System32\Tasks\ASUS P4G => C:\Program Files\P4G\BatteryLife.exe [2011-06-01] (ASUS)
Task: {1D66CDFD-B660-429C-9F2C-DCD7398EA952} - System32\Tasks\RMSmartUpdate => C:\Program Files (x86)\PC Tools Registry Mechanic\update.exe [2012-01-04] (PC Tools)
Task: {2A031A29-128C-416B-BB48-D759452E93C5} - System32\Tasks\RMSchedule => C:\Program Files (x86)\PC Tools Registry Mechanic\RegMech.exe [2012-01-04] (PC Tools)
Task: {2CD6B115-556A-4BED-9092-3C70E8F175D5} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDScan.exe
Task: {31769423-7528-4A6A-9A72-7DEA0E6E35CD} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDImmunize.exe
Task: {4599A43F-1B0F-4E65-BDC0-E50DBAC79208} - System32\Tasks\HPCustParticipation HP Deskjet 1050 J410 series => C:\Program Files\HP\HP Deskjet 1050 J410 series\Bin\HPCustPartic.exe [2012-10-02] (Hewlett-Packard Co.)
Task: {53F6718F-03F8-44D5-8C42-7E08AEF09B17} - System32\Tasks\MySearchDial => C:\Users\Bleicher\AppData\Roaming\MYSEAR~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {5F24787F-E7C4-4958-B662-311873036BCF} - System32\Tasks\ATKOSD2 => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [2010-08-17] (ASUS)
Task: {60F398C6-F009-4FEB-B4EF-955537F134F2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-04-13] (Google Inc.)
Task: {6D01AAEE-4E12-4945-859B-70DF673D933B} - System32\Tasks\HpWebReg.exe => C:\Program Files\HP\HP Deskjet 1050 J410 series\Bin\HpWebReg.exe
Task: {7D450A38-827E-48FA-BFFB-52CD0092749E} - System32\Tasks\Digital Sites => C:\Users\Bleicher\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {81E5BBE6-E70E-4AE4-9ED9-BDC1ED40BE53} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDUpdate.exe
Task: {84A77F86-B445-48DE-B57F-B89B693CD5C2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-04-13] (Google Inc.)
Task: {88B08C30-6E1B-4A02-A1DF-75993B46CE4D} - \AdobeFlashPlayerUpdate 2 ATTENTION ====> No Task File
Task: {9721A1D1-A166-4253-B566-19BE97550D92} - \AdobeFlashPlayerUpdate ATTENTION ====> No Task File
Task: {9B795544-62AB-4C35-A187-526EB3E3B666} - System32\Tasks\ASUS SmartLogon Console Sensor => C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe [2010-11-15] (ASUS)
Task: {AF35A640-026F-4A4F-A614-7AC0643E77FC} - System32\Tasks\ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2010-08-02] (ASUS)
Task: {D510E29A-1C26-44D8-ADBA-E439C9AA0492} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: C:\Windows\Tasks\Digital Sites.job => C:\Users\Bleicher\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\MySearchDial.job => C:\Users\Bleicher\AppData\Roaming\MYSEAR~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\RMSchedule.job => C:\Program Files (x86)\PC Tools Registry Mechanic\RegMech.exe

==================== Loaded Modules (whitelisted) =============

2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-07-15 01:11 - 2010-07-15 01:11 - 00031360 _____ () C:\Program Files\P4G\DevMng.dll
2011-08-19 00:19 - 2007-11-30 20:20 - 00051768 _____ () C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
2010-04-03 04:21 - 2008-10-01 08:08 - 00011264 _____ () C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll
2011-06-20 16:01 - 2011-03-26 09:29 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-12-19 23:28 - 2014-01-14 21:46 - 03140608 _____ () C:\Users\Bleicher\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
2010-11-30 00:04 - 2010-11-30 00:04 - 00403968 _____ () C:\Program Files\Intel\TurboBoost\de\SignalIslandUi.resources.dll
2013-09-01 12:30 - 2013-09-11 08:44 - 03233806 _____ () C:\Program Files (x86)\Tor\tor.exe
2011-04-13 04:51 - 2010-09-17 10:52 - 00047104 _____ () C:\Program Files\Trend Micro\AMSP\boost_thread-vc80-mt-1_36.dll
2011-04-13 04:51 - 2010-09-17 10:52 - 00042496 _____ () C:\Program Files\Trend Micro\AMSP\boost_date_time-vc80-mt-1_36.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-03-07 22:37 - 2012-08-23 11:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2014-03-07 22:37 - 2013-05-16 11:55 - 00113496 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-03-07 22:37 - 2013-05-16 11:55 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2014-03-07 22:37 - 2013-05-16 11:55 - 00161112 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-03-07 22:37 - 2012-04-03 18:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2014-02-14 21:28 - 2014-02-14 21:28 - 00169472 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\3e27ac2000641918e7215d97c63e957d\IsdiInterop.ni.dll
2011-08-18 23:59 - 2011-01-13 02:56 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf
2014-03-30 00:03 - 2014-03-30 00:03 - 03642480 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2011-04-28 15:03 - 2011-04-28 15:03 - 00235112 _____ () C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\Temp:3E7393FC
AlternateDataStreams: C:\ProgramData\Temp:D1B5B4F1
AlternateDataStreams: C:\ProgramData\Temp:D20FFA63

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antvirus => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ccEvtMgr => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ccSetMgr => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SmcService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Symantec Antivirus => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Symantec Antvirus => ""="Service"

==================== Disabled items from MSCONFIG ==============

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^AsusVibeLauncher.lnk => C:\Windows\pss\AsusVibeLauncher.lnkCommon Startup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^FancyStart daemon.lnk => C:\Windows\pss\FancyStart daemon.lnkCommon Startup
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: ASUS Screen Saver Protector => C:\Windows\AsScrPro.exe
MSCONFIG\startupreg: ASUSPRP => "C:\Program Files (x86)\ASUS\APRP\APRP.EXE"
MSCONFIG\startupreg: ASUSWebStorage => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe /S
MSCONFIG\startupreg: AthBtTray => "C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe"
MSCONFIG\startupreg: AtherosBtStack => "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
MSCONFIG\startupreg: ATKMEDIA => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
MSCONFIG\startupreg: ATKOSD2 => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
MSCONFIG\startupreg: BCSSync => "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: BDRegion => C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
MSCONFIG\startupreg: CLMLServer => "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: IAStorIcon => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
MSCONFIG\startupreg: IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} => "C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
MSCONFIG\startupreg: ISUSPM => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: NBKeyScan => "C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
MSCONFIG\startupreg: NUSB3MON => "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
MSCONFIG\startupreg: RemoteControl10 => "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
MSCONFIG\startupreg: RtHDVBg => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /SF3
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
MSCONFIG\startupreg: SonicMasterTray => C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: Syncables => C:\Program Files (x86)\syncables\syncables desktop\Syncables.exe
MSCONFIG\startupreg: USBChargerPlusTray => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
MSCONFIG\startupreg: Wireless Console 3 => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/17/2014 02:35:19 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2777

Error: (04/17/2014 02:35:19 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2777

Error: (04/17/2014 02:35:19 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (04/17/2014 00:44:31 AM) (Source: Symantec AntiVirus) (User: )
Description: Sicherheitsrisiko gefunden!Trojan.Gen.2 in Datei: C:\Users\Bleicher\AppData\Local\Temp\DWHEDBB.tmp von: Auto-Protect-Scan.  Aktion: Isolieren erfolgreich : Zugriff verweigert.  Beschreibung der Aktion: Die Datei wurde erfolgreich isoliert.

Error: (04/10/2014 07:04:19 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (04/10/2014 07:04:04 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Das Stammelement der Manifestdatei muss assembliert sein.

Error: (04/09/2014 03:54:07 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (04/09/2014 03:53:45 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Das Stammelement der Manifestdatei muss assembliert sein.

Error: (04/08/2014 02:10:50 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (04/08/2014 02:10:36 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Das Stammelement der Manifestdatei muss assembliert sein.


System errors:
=============
Error: (04/14/2014 00:08:15 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Spybot-S&D 2 Updating Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053

Error: (04/14/2014 00:08:15 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Spybot-S&D 2 Updating Service erreicht.

Error: (04/14/2014 00:07:44 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Spybot-S&D 2 Scanner Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053

Error: (04/14/2014 00:07:44 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Spybot-S&D 2 Scanner Service erreicht.

Error: (04/08/2014 01:47:04 PM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am ‎07.‎04.‎2014 um 20:04:50 unerwartet heruntergefahren.

Error: (03/19/2014 08:02:35 PM) (Source: DCOM) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}

Error: (03/16/2014 05:20:22 PM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am ‎16.‎03.‎2014 um 16:17:32 unerwartet heruntergefahren.

Error: (03/05/2014 10:18:05 AM) (Source: Microsoft-Windows-LanguagePackSetup) (User: NT-AUTORITÄT)
Description: Fehler bei der CBS-Clientinitialisierung. Letzter Fehler: 0x8007041d

Error: (03/05/2014 10:18:05 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Modules Installer" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053

Error: (03/05/2014 10:18:05 AM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Windows Modules Installer erreicht.


Microsoft Office Sessions:
=========================
Error: (04/17/2014 02:35:19 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2777

Error: (04/17/2014 02:35:19 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2777

Error: (04/17/2014 02:35:19 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (04/17/2014 00:44:31 AM) (Source: Symantec AntiVirus)(User: )
Description: Sicherheitsrisiko gefunden!Trojan.Gen.2 in Datei: C:\Users\Bleicher\AppData\Local\Temp\DWHEDBB.tmp von: Auto-Protect-Scan.  Aktion: Isolieren erfolgreich : Zugriff verweigert.  Beschreibung der Aktion: Die Datei wurde erfolgreich isoliert.

Error: (04/10/2014 07:04:19 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\Nero\Nero8\Nero Toolkit\DiscSpeed.exe

Error: (04/10/2014 07:04:04 PM) (Source: SideBySide)(User: )
Description: C:\Program Files\WinZip\adxloader.dll.ManifestC:\Program Files\WinZip\adxloader.dll.Manifest2

Error: (04/09/2014 03:54:07 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\Nero\Nero8\Nero Toolkit\DiscSpeed.exe

Error: (04/09/2014 03:53:45 PM) (Source: SideBySide)(User: )
Description: C:\Program Files\WinZip\adxloader.dll.ManifestC:\Program Files\WinZip\adxloader.dll.Manifest2

Error: (04/08/2014 02:10:50 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\Nero\Nero8\Nero Toolkit\DiscSpeed.exe

Error: (04/08/2014 02:10:36 PM) (Source: SideBySide)(User: )
Description: C:\Program Files\WinZip\adxloader.dll.ManifestC:\Program Files\WinZip\adxloader.dll.Manifest2


==================== Memory info ===========================

Percentage of memory in use: 31%
Total physical RAM: 8100.97 MB
Available physical RAM: 5529.96 MB
Total Pagefile: 16200.13 MB
Available Pagefile: 13410.28 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:400.55 GB) (Free:256.85 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (DATA) (Fixed) (Total:505.96 GB) (Free:505.75 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 0CD9B3F5)
Partition 1: (Not Active) - (Size=25 GB) - (Type=1C)
Partition 2: (Active) - (Size=401 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=506 GB) - (Type=OF Extended)

==================== End Of Log ============================
--- --- ---
#

schrauber 19.04.2014 10:14
Revo Uninstaller - Download - Filepony
Damit alles deinstallieren was Du in der Additional.txt findest mit dem Zusatz <== ATTENTION

Mit Revo auch Moderat die Reste entfernen lassen.



Deinstalliere auch alle AV Software und entscheide dich für eine.


Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.

Stoffl33 21.04.2014 19:00
Hi,

sorry, hat lange gedauert.

Revo installiert und alle "Attention" entfernen lassen die ich fand.

Hab mich für Symantec entschieden. Gute Entscheidung?

MBAM installiert hier das File (Läßt sich trotz Nummernzeichen nicht in ein eigenes Fenster schieben!! Sorry, ich bekomms nicht hin!!!)

#

Malwarebytes | Free Anti-Malware & Internet Security Software

Scan Date: 21.04.2014
Scan Time: 18:02:11
Logfile: mbam-log-2014-04-21 (18-00-53).txt
Administrator: Yes

Version: 2.00.1.1004
Malware Database: v2014.04.21.05
Rootkit Database: v2014.03.27.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Chameleon: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Bleicher

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 292854
Time Elapsed: 18 min, 54 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Shuriken: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 33
PUP.Optional.MySearchDial.A, C:\Users\Bleicher\AppData\Roaming\Mozilla\Firefox\Profiles\wmrcdugc.default\prefs.js, Good: (), Bad: (user_pref("extensions.mysearchdial.AL", 2), ,[a4555bd188f3053168c4fb5a9371b34d]
PUP.Optional.MySearchDial.A, C:\Users\Bleicher\AppData\Roaming\Mozilla\Firefox\Profiles\wmrcdugc.default\prefs.js, Good: (), Bad: (user_pref("extensions.mysearchdial.aflt", "dsites");), ,[03f61319bcbf87afe14bdd7814f025db]
PUP.Optional.MySearchDial.A, C:\Users\Bleicher\AppData\Roaming\Mozilla\Firefox\Profiles\wmrcdugc.default\prefs.js, Good: (), Bad: (user_pref("extensions.mysearchdial.appId", "{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}"), ,[07f274b83a41d5612a02ee6761a38a76]
PUP.Optional.MySearchDial.A, C:\Users\Bleicher\AppData\Roaming\Mozilla\Firefox\Profiles\wmrcdugc.default\prefs.js, Good: (), Bad: (user_pref("extensions.mysearchdial.cd", "2XzuyEtN2Y1L1Qzu0DtD0D0Fzy0AzzyDtAzy0DtBtA0AyEyDtN0D0Tzu0SyBzyyCtN1L2XzutBtFtCyBtFtDtFtBtN1L1CzutDtBtCtC1V1RtN1L1G1B1V1N2Y1L1Qzu2SyD0Bzz0Dzy0EzzzytGt B0F0A0EtG0AzzzzyDtG0FtA0CzytGtD0BtDzyyEyEyBtDyE0B0Fzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAyDtDtDtDyE0F0FtGyD0FtC0FtGzztCtAtAtGzyzy0B0BtGyB0FtDzyyBzztCyEzytAzz0 C2Q"), ,[7d7c04288bf02a0cd05c9eb7ec1840c0]
PUP.Optional.MySearchDial.A, C:\Users\Bleicher\AppData\Roaming\Mozilla\Firefox\Profiles\wmrcdugc.default\prefs.js, Good: (), Bad: (user_pref("extensions.mysearchdial.cntry", "DE");), ,[39c04ededd9eca6c200ca4b12fd58d73]
PUP.Optional.MySearchDial.A, C:\Users\Bleicher\AppData\Roaming\Mozilla\Firefox\Profiles\wmrcdugc.default\prefs.js, Good: (), Bad: (user_pref("extensions.mysearchdial.cr", "2025049647");), ,[5f9a8e9e97e48fa70725f65f4aba4cb4]
PUP.Optional.MySearchDial.A, C:\Users\Bleicher\AppData\Roaming\Mozilla\Firefox\Profiles\wmrcdugc.default\prefs.js, Good: (), Bad: (user_pref("extensions.mysearchdial.dfltLng", "");), ,[cb2ecb61d7a458de9e8ef362b54fbc44]
PUP.Optional.MySearchDial.A, C:\Users\Bleicher\AppData\Roaming\Mozilla\Firefox\Profiles\wmrcdugc.default\prefs.js, Good: (), Bad: (user_pref("extensions.mysearchdial.dfltSrch", true);), ,[cc2d25072c4f9f9763c9aca9ab59d42c]
PUP.Optional.MySearchDial.A, C:\Users\Bleicher\AppData\Roaming\Mozilla\Firefox\Profiles\wmrcdugc.default\prefs.js, Good: (), Bad: (user_pref("extensions.mysearchdial.dnsErr", true);), ,[44b50428433854e2e04c1a3bd62e5da3]
PUP.Optional.MySearchDial.A, C:\Users\Bleicher\AppData\Roaming\Mozilla\Firefox\Profiles\wmrcdugc.default\prefs.js, Good: (), Bad: (user_pref("extensions.mysearchdial.dpkLst", "3654782829,1334533236,1121012847,231756876,1895130307,603719297,4288797614,3754950497,426401714,3046281807,752626116,1657571787,3224935090,2597085128 ,1828564131,3396905322,2787570089,1850357963,3855095921,1516386922,3836221436,2015489896,270173904,3729539987,424611005,965674394,609003582,2041931190 ,3874294282,2774755777,931959409,398575749,3999997753,1104451911,1233863968,4280856088,1554076246,1949401179,1770772786,3253391265,3778438159,16494787 50,2848156272,2476712966,3103989719,475488147,1715867073,3594694113,3774606882,4036647035,1593922001,4110151693,2941033654,3206511613");), ,[f00965c792e9a88ef23a045133d1d12f]
PUP.Optional.MySearchDial.A, C:\Users\Bleicher\AppData\Roaming\Mozilla\Firefox\Profiles\wmrcdugc.default\prefs.js, Good: (), Bad: (user_pref("extensions.mysearchdial.excTlbr", false);), ,[2ccda4883e3d44f2062682d39c686a96]
PUP.Optional.MySearchDial.A, C:\Users\Bleicher\AppData\Roaming\Mozilla\Firefox\Profiles\wmrcdugc.default\prefs.js, Good: (), Bad: (user_pref("extensions.mysearchdial.hdrMd5", "503A4E192907DBAE93F426EC2D8533C5");), ,[12e7a38984f74de9012b1243768e8878]
PUP.Optional.MySearchDial.A, C:\Users\Bleicher\AppData\Roaming\Mozilla\Firefox\Profiles\wmrcdugc.default\prefs.js, Good: (), Bad: (user_pref("extensions.mysearchdial.hmpg", true);), ,[42b76ac2314ae74fb6769fb67d87b050]
PUP.Optional.MySearchDial.A, C:\Users\Bleicher\AppData\Roaming\Mozilla\Firefox\Profiles\wmrcdugc.default\prefs.js, Good: (), Bad: (user_pref("extensions.mysearchdial.hmpgUrl", "hxxp://start.mysearchdial.com/?f=1&a=dsites&cd=2XzuyEtN2Y1L1Qzu0DtD0D0Fzy0AzzyDtAzy0DtBtA0AyEyDtN0D0Tzu0SyBzyyCtN1L2XzutBtFtCyBtFtDtFtBtN1L1CzutDtBtCtC1V1RtN1L1G1B1V1N2Y1L1Qzu2SyD0 Bzz0Dzy0EzzzytGtB0F0A0EtG0AzzzzyDtG0FtA0CzytGtD0BtDzyyEyEyBtDyE0B0Fzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAyDtDtDtDyE0F0FtGyD0FtC0FtGzztCtAtAtGzyzy0B0BtGyB0FtDz yyBzztCyEzytAzz0C2Q&cr=2025049647&ir="), ,[5c9d3def1a6112248ca02f26f70dde22]
PUP.Optional.MySearchDial.A, C:\Users\Bleicher\AppData\Roaming\Mozilla\Firefox\Profiles\wmrcdugc.default\prefs.js, Good: (), Bad: (user_pref("extensions.mysearchdial.id", "D0DF9A8539D23A45"), ,[d029be6ed3a8c96d51db4015d82c5da3]
PUP.Optional.MySearchDial.A, C:\Users\Bleicher\AppData\Roaming\Mozilla\Firefox\Profiles\wmrcdugc.default\prefs.js, Good: (), Bad: (user_pref("extensions.mysearchdial.instlDay", "16135");), ,[7683ba727cffd561df4d98bdea1a718f]
PUP.Optional.MySearchDial.A, C:\Users\Bleicher\AppData\Roaming\Mozilla\Firefox\Profiles\wmrcdugc.default\prefs.js, Good: (), Bad: (user_pref("extensions.mysearchdial.instlRef", "0211_c");), ,[42b72705205ba294042876df679dbb45]
PUP.Optional.MySearchDial.A, C:\Users\Bleicher\AppData\Roaming\Mozilla\Firefox\Profiles\wmrcdugc.default\prefs.js, Good: (), Bad: (user_pref("extensions.mysearchdial.lastB", "hxxp://start.mysearchdial.com/?f=1&a=dsites&cd=2XzuyEtN2Y1L1Qzu0DtD0D0Fzy0AzzyDtAzy0DtBtA0AyEyDtN0D0Tzu0SyBzyyCtN1L2XzutBtFtCyBtFtDtFtBtN1L1CzutDtBtCtC1V1RtN1L1G1B1V1N2Y1L1Qzu2SyD0 Bzz0Dzy0EzzzytGtB0F0A0EtG0AzzzzyDtG0FtA0CzytGtD0BtDzyyEyEyBtDyE0B0Fzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAyDtDtDtDyE0F0FtGyD0FtC0FtGzztCtAtAtGzyzy0B0BtGyB0FtDz yyBzztCyEzytAzz0C2Q&cr=2025049647&ir=");), ,[17e2a389accf181e62cab4a1fb09629e]
PUP.Optional.MySearchDial.A, C:\Users\Bleicher\AppData\Roaming\Mozilla\Firefox\Profiles\wmrcdugc.default\prefs.js, Good: (), Bad: (user_pref("extensions.mysearchdial.lastVrsnTs", "1.8.29.021:53:3"), ,[53a6d9534437171fe14bdf76a36154ac]
PUP.Optional.MySearchDial.A, C:\Users\Bleicher\AppData\Roaming\Mozilla\Firefox\Profiles\wmrcdugc.default\prefs.js, Good: (), Bad: (user_pref("extensions.mysearchdial.newTabUrl", "hxxp://start.mysearchdial.com/?f=2&a=dsites&cd=2XzuyEtN2Y1L1Qzu0DtD0D0Fzy0AzzyDtAzy0DtBtA0AyEyDtN0D0Tzu0SyBzyyCtN1L2XzutBtFtCyBtFtDtFtBtN1L1CzutDtBtCtC1V1RtN1L1G1B1V1N2Y1L1Qzu2SyD0 Bzz0Dzy0EzzzytGtB0F0A0EtG0AzzzzyDtG0FtA0CzytGtD0BtDzyyEyEyBtDyE0B0Fzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAyDtDtDtDyE0F0FtGyD0FtC0FtGzztCtAtAtGzyzy0B0BtGyB0FtDz yyBzztCyEzytAzz0C2Q&cr=2025049647&ir=");), ,[d425ff2dfe7d37ff40eca8ad31d30ff1]
PUP.Optional.MySearchDial.A, C:\Users\Bleicher\AppData\Roaming\Mozilla\Firefox\Profiles\wmrcdugc.default\prefs.js, Good: (), Bad: (user_pref("extensions.mysearchdial.pnu_base", "{\"newVrsn\":\"90\",\"lastVrsn\":\"90\",\"vrsnLoad\":\"\",\"showMsg\":\"false\",\"showSilent\":\"false\",\"msgTs\":0,\"lstMsgTs\":\"0\"}");), ,[52a72b01196289ad68c45203de26f60a]
PUP.Optional.MySearchDial.A, C:\Users\Bleicher\AppData\Roaming\Mozilla\Firefox\Profiles\wmrcdugc.default\prefs.js, Good: (), Bad: (user_pref("extensions.mysearchdial.prdct", "mysearchdial");), ,[9069c46806757db9b775bf96d03428d8]
PUP.Optional.MySearchDial.A, C:\Users\Bleicher\AppData\Roaming\Mozilla\Firefox\Profiles\wmrcdugc.default\prefs.js, Good: (), Bad: (user_pref("extensions.mysearchdial.prtnrId", "mysearchdial");), ,[4aafca621a613ff7c26ac0953bc958a8]
PUP.Optional.MySearchDial.A, C:\Users\Bleicher\AppData\Roaming\Mozilla\Firefox\Profiles\wmrcdugc.default\prefs.js, Good: (), Bad: (user_pref("extensions.mysearchdial.sg", "none");), ,[877257d591ea092ddb515afb6d9707f9]
PUP.Optional.MySearchDial.A, C:\Users\Bleicher\AppData\Roaming\Mozilla\Firefox\Profiles\wmrcdugc.default\prefs.js, Good: (), Bad: (user_pref("extensions.mysearchdial.srchPrvdr", "Mysearchdial"), ,[26d3c5674c2f270f5dcfdb7af60e4cb4]
PUP.Optional.MySearchDial.A, C:\Users\Bleicher\AppData\Roaming\Mozilla\Firefox\Profiles\wmrcdugc.default\prefs.js, Good: (), Bad: (user_pref("extensions.mysearchdial.tlbrId", "base");), ,[56a385a7b7c47abc3defe66f64a05da3]
PUP.Optional.MySearchDial.A, C:\Users\Bleicher\AppData\Roaming\Mozilla\Firefox\Profiles\wmrcdugc.default\prefs.js, Good: (), Bad: (user_pref("extensions.mysearchdial.tlbrSrchUrl", "hxxp://start.mysearchdial.com/?f=3&a=dsites&cd=2XzuyEtN2Y1L1Qzu0DtD0D0Fzy0AzzyDtAzy0DtBtA0AyEyDtN0D0Tzu0SyBzyyCtN1L2XzutBtFtCyBtFtDtFtBtN1L1CzutDtBtCtC1V1RtN1L1G1B1V1N2Y1L1Qzu2SyD0 Bzz0Dzy0EzzzytGtB0F0A0EtG0AzzzzyDtG0FtA0CzytGtD0BtDzyyEyEyBtDyE0B0Fzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAyDtDtDtDyE0F0FtGyD0FtC0FtGzztCtAtAtGzyzy0B0BtGyB0FtDz yyBzztCyEzytAzz0C2Q&cr=2025049647&ir=&q=");), ,[e811db514e2dff37dd4fb69f50b4926e]
PUP.Optional.MySearchDial.A, C:\Users\Bleicher\AppData\Roaming\Mozilla\Firefox\Profiles\wmrcdugc.default\prefs.js, Good: (), Bad: (user_pref("extensions.mysearchdial.vrsn", "1.8.29.0");), ,[8673fd2fe8930036fd2fef66a064837d]
PUP.Optional.MySearchDial.A, C:\Users\Bleicher\AppData\Roaming\Mozilla\Firefox\Profiles\wmrcdugc.default\prefs.js, Good: (), Bad: (user_pref("extensions.mysearchdial.vrsni", "1.8.29.0");), ,[ea0f49e39cdfda5c60cc83d20301a759]
PUP.Optional.MySearchDial.A, C:\Users\Bleicher\AppData\Roaming\Mozilla\Firefox\Profiles\wmrcdugc.default\prefs.js, Good: (), Bad: (user_pref("extensions.mysearchdial_i.hmpg", true);), ,[faff57d533484cea0a2262f37a8ab749]
PUP.Optional.MySearchDial.A, C:\Users\Bleicher\AppData\Roaming\Mozilla\Firefox\Profiles\wmrcdugc.default\prefs.js, Good: (), Bad: (user_pref("extensions.mysearchdial_i.newTab", false), ,[51a8d458e29943f33eeeba9bc440b24e]
PUP.Optional.MySearchDial.A, C:\Users\Bleicher\AppData\Roaming\Mozilla\Firefox\Profiles\wmrcdugc.default\prefs.js, Good: (), Bad: (user_pref("extensions.mysearchdial_i.smplGrp", "none"), ,[de1b1c10e79486b02dffe86d05ff0cf4]
PUP.Optional.MySearchDial.A, C:\Users\Bleicher\AppData\Roaming\Mozilla\Firefox\Profiles\wmrcdugc.default\prefs.js, Good: (), Bad: (user_pref("extensions.mysearchdial_i.vrsnTs", "1.8.29.021:53:3");), ,[f3061715314aee482705ba9b51b3b44c]

Physical Sectors: 0
(No malicious items detected)


(end)
--- --- ---


Musste einige Smilies löschen, um das File posten zu können, hoffe das ist kein Problem.

AdwCleaner installiert, hier das File

#AdwCleaner Logfile:
Code:
# AdwCleaner v3.102 - Bericht erstellt am 21/04/2014 um 18:23:59
# Aktualisiert 21/04/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Bleicher - BLEICHER-PC
# Gestartet von : C:\Users\Bleicher\Downloads\AdwCleaner.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\Program Files (x86)\Browser Guard
Ordner Gelöscht : C:\Users\Bleicher\AppData\Local\Temp\OCS
Ordner Gelöscht : C:\Users\Bleicher\AppData\Roaming\0D0S1L2Z1P1B
Ordner Gelöscht : C:\Users\Bleicher\AppData\Roaming\DigitalSites
Datei Gelöscht : C:\Users\Bleicher\AppData\Roaming\Mozilla\Firefox\Profiles\wmrcdugc.default\user.js
Datei Gelöscht : C:\Windows\Tasks\Digital Sites.job
Datei Gelöscht : C:\Windows\System32\Tasks\Digital Sites
Datei Gelöscht : C:\Windows\Tasks\MySearchDial.job
Datei Gelöscht : C:\Windows\System32\Tasks\MySearchDial

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\avg-secure-search-installer_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\avg-secure-search-installer_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Wert Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Schlüssel Gelöscht : HKCU\Software\dsiteproducts
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gelöscht : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gelöscht : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Schlüssel Gelöscht : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Schlüssel Gelöscht : HKLM\Software\InstallCore

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.16521


-\\ Mozilla Firefox v28.0 (de)

[ Datei : C:\Users\Bleicher\AppData\Roaming\Mozilla\Firefox\Profiles\wmrcdugc.default\prefs.js ]

Zeile gelöscht : user_pref("browser.search.defaultenginename", "Mysearchdial");
Zeile gelöscht : user_pref("browser.search.order.1", "Mysearchdial");
Zeile gelöscht : user_pref("browser.search.selectedEngine", "Mysearchdial");
Zeile gelöscht : user_pref("extensions.mysearchdial.AL", 2);
Zeile gelöscht : user_pref("extensions.mysearchdial.aflt", "dsites");
Zeile gelöscht : user_pref("extensions.mysearchdial.appId", "{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}");
Zeile gelöscht : user_pref("extensions.mysearchdial.cd", "2XzuyEtN2Y1L1Qzu0DtD0D0Fzy0AzzyDtAzy0DtBtA0AyEyDtN0D0Tzu0SyBzyyCtN1L2XzutBtFtCyBtFtDtFtBtN1L1CzutDtBtCtC1V1RtN1L1G1B1V1N2Y1L1Qzu2SyD0Bzz0Dzy0EzzzytGtB0F0A0EtG0[...]
Zeile gelöscht : user_pref("extensions.mysearchdial.cntry", "DE");
Zeile gelöscht : user_pref("extensions.mysearchdial.cr", "2025049647");
Zeile gelöscht : user_pref("extensions.mysearchdial.dfltLng", "");
Zeile gelöscht : user_pref("extensions.mysearchdial.dfltSrch", true);
Zeile gelöscht : user_pref("extensions.mysearchdial.dnsErr", true);
Zeile gelöscht : user_pref("extensions.mysearchdial.dpkLst", "3654782829,1334533236,1121012847,231756876,1895130307,603719297,4288797614,3754950497,426401714,3046281807,752626116,1657571787,3224935090,2597085128,18285[...]
Zeile gelöscht : user_pref("extensions.mysearchdial.excTlbr", false);
Zeile gelöscht : user_pref("extensions.mysearchdial.hdrMd5", "503A4E192907DBAE93F426EC2D8533C5");
Zeile gelöscht : user_pref("extensions.mysearchdial.hmpg", true);
Zeile gelöscht : user_pref("extensions.mysearchdial.hmpgUrl", "hxxp://start.mysearchdial.com/?f=1&a=dsites&cd=2XzuyEtN2Y1L1Qzu0DtD0D0Fzy0AzzyDtAzy0DtBtA0AyEyDtN0D0Tzu0SyBzyyCtN1L2XzutBtFtCyBtFtDtFtBtN1L1CzutDtBtCtC1V1[...]
Zeile gelöscht : user_pref("extensions.mysearchdial.id", "D0DF9A8539D23A45");
Zeile gelöscht : user_pref("extensions.mysearchdial.instlDay", "16135");
Zeile gelöscht : user_pref("extensions.mysearchdial.instlRef", "0211_c");
Zeile gelöscht : user_pref("extensions.mysearchdial.lastB", "hxxp://start.mysearchdial.com/?f=1&a=dsites&cd=2XzuyEtN2Y1L1Qzu0DtD0D0Fzy0AzzyDtAzy0DtBtA0AyEyDtN0D0Tzu0SyBzyyCtN1L2XzutBtFtCyBtFtDtFtBtN1L1CzutDtBtCtC1V1Rt[...]
Zeile gelöscht : user_pref("extensions.mysearchdial.lastVrsnTs", "1.8.29.021:53:3");
Zeile gelöscht : user_pref("extensions.mysearchdial.newTabUrl", "hxxp://start.mysearchdial.com/?f=2&a=dsites&cd=2XzuyEtN2Y1L1Qzu0DtD0D0Fzy0AzzyDtAzy0DtBtA0AyEyDtN0D0Tzu0SyBzyyCtN1L2XzutBtFtCyBtFtDtFtBtN1L1CzutDtBtCtC1[...]
Zeile gelöscht : user_pref("extensions.mysearchdial.pnu_base", "{\"newVrsn\":\"90\",\"lastVrsn\":\"90\",\"vrsnLoad\":\"\",\"showMsg\":\"false\",\"showSilent\":\"false\",\"msgTs\":0,\"lstMsgTs\":\"0\"}");
Zeile gelöscht : user_pref("extensions.mysearchdial.prdct", "mysearchdial");
Zeile gelöscht : user_pref("extensions.mysearchdial.prtnrId", "mysearchdial");
Zeile gelöscht : user_pref("extensions.mysearchdial.sg", "none");
Zeile gelöscht : user_pref("extensions.mysearchdial.srchPrvdr", "Mysearchdial");
Zeile gelöscht : user_pref("extensions.mysearchdial.tlbrId", "base");
Zeile gelöscht : user_pref("extensions.mysearchdial.tlbrSrchUrl", "hxxp://start.mysearchdial.com/?f=3&a=dsites&cd=2XzuyEtN2Y1L1Qzu0DtD0D0Fzy0AzzyDtAzy0DtBtA0AyEyDtN0D0Tzu0SyBzyyCtN1L2XzutBtFtCyBtFtDtFtBtN1L1CzutDtBtCt[...]
Zeile gelöscht : user_pref("extensions.mysearchdial.vrsn", "1.8.29.0");
Zeile gelöscht : user_pref("extensions.mysearchdial.vrsni", "1.8.29.0");
Zeile gelöscht : user_pref("extensions.mysearchdial_i.hmpg", true);
Zeile gelöscht : user_pref("extensions.mysearchdial_i.newTab", false);
Zeile gelöscht : user_pref("extensions.mysearchdial_i.smplGrp", "none");
Zeile gelöscht : user_pref("extensions.mysearchdial_i.vrsnTs", "1.8.29.021:53:3");

-\\ Google Chrome v34.0.1847.116

[ Datei : C:\Users\Bleicher\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [8288 octets] - [21/04/2014 18:22:34]
AdwCleaner[S0].txt - [7977 octets] - [21/04/2014 18:23:59]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [8037 octets] ##########
--- --- ---


Windows-Firewall deaktiviert, für Symantec war ich leider zu b....
Junkware Removal Tool installiert, hier das File

#JRT Logfile:
Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by Bleicher on 21.04.2014 at 19:34:42,74
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-525802556-1916836350-3712072045-1001\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011501160}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011501160}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{09BE385C-C2BD-4B30-8B1C-96BF0C3693C6}



~~~ Files

Successfully deleted: [File] C:\Windows\Tasks\rmschedule.job



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\datamngr"
Successfully deleted: [Empty Folder] C:\Users\Bleicher\appdata\local\{0680D384-7E8C-4240-80F5-8B1BC0606A4D}
Successfully deleted: [Empty Folder] C:\Users\Bleicher\appdata\local\{152A8B1C-ADED-4B60-ABA9-3DB8156E855B}
Successfully deleted: [Empty Folder] C:\Users\Bleicher\appdata\local\{F5478A52-7649-4847-8B8F-6023A65917E8}



~~~ FireFox

Emptied folder: C:\Users\Bleicher\AppData\Roaming\mozilla\firefox\profiles\wmrcdugc.default\minidumps [323 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 21.04.2014 at 19:43:02,54
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
--- --- ---

Im voraus nochmals herzlichen Dank!!!

schrauber 22.04.2014 13:39

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)

Stoffl33 22.04.2014 20:32
Hi,

hab die Firewall deaktiviert. Selbst nach längerer Recherche bin ich nicht in der Lage den Virenscanner (Symantec) zu deaktivieren. Entweder es geht einfach nicht, oder ich bin zu doof! Sorry!

Hab ESET laufen lassen, hier das log-file:

#

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=1cab3187737af642a180b91cce586419
# engine=17979
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-04-22 07:12:51
# local_time=2014-04-22 09:12:51 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776638 100 94 15608 149823821 0 0
# scanned=235404
# found=0
# cleaned=0
# scan_time=9595


Security Check und FRST folgen.

Hi,

hier das Log-file des Security-Checks

# Results of screen317's Security Check version 0.99.82
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Symantec Endpoint Protection
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
MVPS Hosts File
Java 7 Update 13
Java version out of Date!
Adobe Flash Player 11.7.700.224 Flash Player out of Date!
Mozilla Firefox (28.0)
Google Chrome 33.0.1750.154
Google Chrome 34.0.1847.116
````````Process Check: objlist.exe by Laurent````````
Norton ccSvcHst.exe
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbam.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````

... und das FRST-log-File

#
FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-04-2014
Ran by Bleicher (administrator) on BLEICHER-PC on 22-04-2014 21:30:44
Running from C:\Users\Bleicher\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: Downloading Farbar Recovery Scan Tool
Download link for 64-Bit Version: Downloading Farbar Recovery Scan Tool
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Symantec Corporation) C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
(ASUSTeK Computer Inc.) C:\Windows\system32\FBAgent.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Microsoft Corporation) C:\Windows\System32\lpksetup.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(ASUS) C:\Program Files\P4G\BatteryLife.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
() C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUS) C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
(ASUS) C:\Windows\AsScrPro.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(Nero AG) C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe
(PC Tools) C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe
(Prolific Technology Inc.) C:\Windows\SysWOW64\IoctlSvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
() C:\Program Files (x86)\Tor\tor.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
() C:\Users\Bleicher\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
(Intel® Corporation) C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
(PC Tools) C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Intel(R) Corporation) C:\Program Files\Intel\TurboBoost\TurboBoost.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(ASUS) C:\Program Files (x86)\ASUS\SmartLogon\smartlogon.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2587944 2010-12-31] (ELAN Microelectronics Corp.)
HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
HKLM\...\Run: [Setwallpaper] => c:\programdata\SetWallpaper.cmd
HKLM\...\Run: [MRT] => C:\Windows\system32\MRT.exe [90655440 2014-03-31] (Microsoft Corporation)
HKLM-x32\...\Run: [Nuance PDF Reader-reminder] => C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe [328992 2008-11-03] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [UpdateLBPShortCut] => C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GoShortCut] => C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)
HKLM-x32\...\Run: [ccApp] => C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe [115560 2010-01-25] (Symantec Corporation)
HKLM-x32\...\Run: [SSDMonitor] => C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe [103896 2012-01-04] (PC Tools)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-525802556-1916836350-3712072045-1000\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-06] (Acresso Corporation)
HKU\S-1-5-21-525802556-1916836350-3712072045-1001\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-06] (Acresso Corporation)
HKU\S-1-5-21-525802556-1916836350-3712072045-1001\...\Run: [Amazon Cloud Player] => C:\Users\Bleicher\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe [3140608 2014-01-14] ()
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [226920 2011-04-28] (NVIDIA Corporation)
Startup: C:\Users\Bleicher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Intel(R) Turbo Boost Technology Monitor 2.0.lnk
ShortcutTarget: Intel(R) Turbo Boost Technology Monitor 2.0.lnk -> C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe (Intel® Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN Deutschland: Aktuelle Nachrichten, Outlook.com Email und Skype Login.
SearchScopes: HKLM - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL =
SearchScopes: HKLM-x32 - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll (Google Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Bleicher\AppData\Roaming\Mozilla\Firefox\Profiles\wmrcdugc.default
FF Homepage: about:home
FF Keyword.URL: user_pref("keyword.URL", "");
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.13.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.13.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: ZEON/PDF,version=2.0 - C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Users\Bleicher\Downloads\npAmazonMP3DownloaderPlugin101721.dll (Amazon.com, Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF HKLM-x32\...\Firefox\Extensions: [{20d1f7b3-7721-4da0-b6f3-78bb4d7248f4}] - C:\Program Files (x86)\Browser Guard\browserguard.xpi

Chrome:
=======
CHR Extension: (Google Wallet) - C:\Users\Bleicher\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-11]

==================== Services (Whitelisted) =================

R2 Atheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [138400 2011-03-13] (Atheros)
R2 ccEvtMgr; C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe [108392 2010-01-25] (Symantec Corporation)
R2 ccSetMgr; C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe [108392 2010-01-25] (Symantec Corporation)
S2 CLKMSVC10_38F51D56; C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [241648 2010-11-13] (CyberLink)
R2 HPSLPSVC; C:\Users\Bleicher\AppData\Local\Temp\7zS03CE\hpslpsvc64.dll [1039360 2013-02-06] (Hewlett-Packard Co.)
S3 LiveUpdate; C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_3.EXE [3093880 2010-02-17] (Symantec Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation)
R2 Nero BackItUp Scheduler 3; C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe [877864 2008-02-18] (Nero AG)
S3 NMIndexingService; C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe [529704 2008-02-28] (Nero AG)
R2 PCToolsSSDMonitorSvc; C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [793048 2012-01-04] (PC Tools)
R2 PLFlash DeviceIoControl Service; C:\Windows\SysWOW64\IoctlSvc.exe [81920 2006-12-19] (Prolific Technology Inc.)
S2 SmcService; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe [3218880 2010-04-16] (Symantec Corporation)
S4 SNAC; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE [419656 2010-04-01] (Symantec Corporation)
R2 Symantec AntiVirus; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe [1831024 2010-04-23] (Symantec Corporation)
R2 tor; C:\Program Files (x86)\Tor\tor.exe [3233806 2013-09-11] ()

==================== Drivers (Whitelisted) ====================

R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-12-05] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2013-12-05] (Symantec Corporation)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-04-03] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-04-22] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63192 2014-04-03] (Malwarebytes Corporation)
R3 NAVENG; C:\ProgramData\Symantec\Definitions\VirusDefs\20140416.004\ENG64.SYS [126040 2013-08-22] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Symantec\Definitions\VirusDefs\20140416.004\EX64.SYS [2099288 2013-08-22] (Symantec Corporation)
R1 SRTSP; C:\Windows\System32\Drivers\SRTSP64.SYS [447536 2010-03-08] (Symantec Corporation)
R1 SRTSP; C:\Windows\SysWOW64\Drivers\SRTSP64.SYS [447536 2010-03-08] (Symantec Corporation)
S3 SRTSPL; C:\Windows\System32\Drivers\SRTSPL64.SYS [482352 2010-03-08] (Symantec Corporation)
S3 SRTSPL; C:\Windows\SysWOW64\Drivers\SRTSPL64.SYS [482352 2010-03-08] (Symantec Corporation)
R1 SRTSPX; C:\Windows\System32\Drivers\SRTSPX64.SYS [32304 2010-03-08] (Symantec Corporation)
R1 SRTSPX; C:\Windows\SysWOW64\Drivers\SRTSPX64.SYS [32304 2010-03-08] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [172592 2014-04-22] (Symantec Corporation)
R3 Teefer2; C:\Windows\System32\DRIVERS\teefer2.sys [64048 2009-12-28] (Symantec Corporation)
R1 WPS; C:\Windows\system32\drivers\wpsdrvnt.sys [52784 2010-04-16] (Symantec Corporation)
S3 WpsHelper; C:\Windows\system32\drivers\WpsHelper.sys [233120 2012-11-14] (Symantec Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-22 21:30 - 2014-04-22 21:30 - 00000000 ____D () C:\Users\Bleicher\Desktop\FRST-OlderVersion
2014-04-22 21:28 - 2014-04-22 21:28 - 00001021 _____ () C:\Users\Bleicher\Desktop\checkup Security check.txt
2014-04-22 21:26 - 2014-04-22 21:26 - 00855379 _____ () C:\Users\Bleicher\Desktop\SecurityCheck.exe
2014-04-22 18:30 - 2014-04-22 18:30 - 02347384 _____ (ESET) C:\Users\Bleicher\Downloads\esetsmartinstaller_enu.exe
2014-04-22 18:04 - 2014-04-22 18:04 - 00002768 _____ () C:\ProgramData\LUUnInstall.LiveUpdate
2014-04-21 19:43 - 2014-04-21 19:43 - 00001863 _____ () C:\Users\Bleicher\Desktop\JRT.txt
2014-04-21 19:34 - 2014-04-21 19:34 - 00000000 ____D () C:\Windows\ERUNT
2014-04-21 19:33 - 2014-04-21 19:33 - 01016261 _____ (Thisisu) C:\Users\Bleicher\Desktop\JRT(1).exe
2014-04-21 18:34 - 2014-04-21 18:34 - 00000000 ___RD () C:\Users\Bleicher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2014-04-21 18:27 - 2014-04-21 18:27 - 00008133 _____ () C:\Users\Bleicher\Desktop\AdwCleaner[S0].txt
2014-04-21 18:22 - 2014-04-21 18:24 - 00000000 ____D () C:\AdwCleaner
2014-04-21 18:18 - 2014-04-21 18:18 - 01322687 _____ () C:\Users\Bleicher\Downloads\AdwCleaner.exe
2014-04-21 18:17 - 2014-04-21 18:17 - 00001149 _____ () C:\Users\Bleicher\Desktop\mbam.txt
2014-04-21 18:04 - 2014-04-21 18:04 - 00011466 _____ () C:\Users\Bleicher\Desktop\mbam-suchlaufprtokoll-2014-04-21 (18-00-53).txt
2014-04-21 17:42 - 2014-04-21 17:42 - 00001104 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-21 17:42 - 2014-04-21 17:42 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-21 17:42 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-21 17:42 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-21 17:42 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-21 17:41 - 2014-04-21 17:41 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Bleicher\Downloads\mbam-setup-2.0.1.1004.exe
2014-04-21 17:41 - 2014-03-31 09:35 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-04-19 13:31 - 2014-04-19 13:31 - 00000085 _____ () C:\Windows\wininit.ini
2014-04-19 13:29 - 2014-04-21 17:36 - 00002872 _____ () C:\Windows\system32\TmInstall.log
2014-04-19 13:29 - 2014-04-19 13:29 - 00004280 _____ () C:\Windows\SysWOW64\TmInstall.log
2014-04-19 12:39 - 2014-04-19 12:39 - 00001266 _____ () C:\Users\Bleicher\Desktop\Revo Uninstaller.lnk
2014-04-19 12:39 - 2014-04-19 12:39 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-04-19 12:35 - 2014-04-19 12:37 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Bleicher\Downloads\revosetup95.exe
2014-04-18 16:29 - 2014-04-22 21:30 - 00018102 _____ () C:\Users\Bleicher\Desktop\FRST.txt
2014-04-18 16:29 - 2014-04-22 21:30 - 00000000 ____D () C:\FRST
2014-04-18 16:29 - 2014-04-18 16:31 - 00052199 _____ () C:\Users\Bleicher\Desktop\Addition.txt
2014-04-18 16:27 - 2014-04-22 21:30 - 02061312 _____ (Farbar) C:\Users\Bleicher\Desktop\FRST64.exe
2014-04-16 13:40 - 2014-03-31 03:51 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-04-09 13:55 - 2014-03-31 03:16 - 23134208 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-09 13:55 - 2014-03-31 03:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-09 13:55 - 2014-03-31 02:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-04-09 13:55 - 2014-03-31 01:57 - 17073152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-04-09 13:54 - 2014-03-04 11:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-04-09 13:54 - 2014-03-04 11:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2014-04-09 13:54 - 2014-03-04 11:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2014-04-09 13:54 - 2014-03-04 11:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2014-04-09 13:54 - 2014-03-04 11:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2014-04-09 13:54 - 2014-03-04 11:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2014-04-09 13:54 - 2014-03-04 11:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-04-09 13:54 - 2014-03-04 11:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2014-04-09 13:54 - 2014-03-04 11:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2014-04-09 13:54 - 2014-03-04 10:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2014-04-09 13:54 - 2014-03-04 10:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2014-04-09 13:54 - 2014-02-04 04:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2014-04-09 13:54 - 2014-02-04 04:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-04-09 13:54 - 2014-02-04 04:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2014-04-09 13:54 - 2014-02-04 04:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
2014-04-09 13:54 - 2014-02-04 04:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll
2014-04-09 13:54 - 2014-01-24 04:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-04-04 19:08 - 2014-04-04 19:08 - 00001785 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-04-04 19:08 - 2014-04-04 19:08 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-04-04 19:08 - 2014-04-04 19:08 - 00000000 ____D () C:\Program Files\iTunes
2014-04-04 19:08 - 2014-04-04 19:08 - 00000000 ____D () C:\Program Files\iPod
2014-04-04 19:08 - 2014-04-04 19:08 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-03-30 21:55 - 2014-04-22 18:43 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-03-30 21:53 - 2014-03-30 21:54 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\Bleicher\Downloads\mbam-setup-2.0.0.1000.exe
2014-03-30 00:03 - 2014-03-30 00:03 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

==================== One Month Modified Files and Folders =======

2014-04-22 21:30 - 2014-04-22 21:30 - 00000000 ____D () C:\Users\Bleicher\Desktop\FRST-OlderVersion
2014-04-22 21:30 - 2014-04-18 16:29 - 00018102 _____ () C:\Users\Bleicher\Desktop\FRST.txt
2014-04-22 21:30 - 2014-04-18 16:29 - 00000000 ____D () C:\FRST
2014-04-22 21:30 - 2014-04-18 16:27 - 02061312 _____ (Farbar) C:\Users\Bleicher\Desktop\FRST64.exe
2014-04-22 21:28 - 2014-04-22 21:28 - 00001021 _____ () C:\Users\Bleicher\Desktop\checkup Security check.txt
2014-04-22 21:26 - 2014-04-22 21:26 - 00855379 _____ () C:\Users\Bleicher\Desktop\SecurityCheck.exe
2014-04-22 21:06 - 2011-04-13 04:33 - 00001124 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-22 19:29 - 2011-08-18 23:56 - 01373613 _____ () C:\Windows\WindowsUpdate.log
2014-04-22 19:21 - 2011-08-19 00:21 - 00045056 _____ () C:\Windows\system32\acovcnt.exe
2014-04-22 18:43 - 2014-03-30 21:55 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-22 18:30 - 2014-04-22 18:30 - 02347384 _____ (ESET) C:\Users\Bleicher\Downloads\esetsmartinstaller_enu.exe
2014-04-22 18:05 - 2011-12-28 19:15 - 00172592 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
2014-04-22 18:05 - 2011-12-28 19:15 - 00007440 _____ () C:\Windows\system32\Drivers\SYMEVENT64x86.CAT
2014-04-22 18:05 - 2011-12-28 19:15 - 00000000 ____D () C:\Program Files\Symantec
2014-04-22 18:04 - 2014-04-22 18:04 - 00002768 _____ () C:\ProgramData\LUUnInstall.LiveUpdate
2014-04-22 17:24 - 2009-07-14 06:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-22 17:24 - 2009-07-14 06:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-22 17:16 - 2011-08-19 00:03 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-04-22 17:16 - 2011-04-13 04:33 - 00001120 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-22 17:16 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-22 17:16 - 2009-07-14 06:51 - 00171630 _____ () C:\Windows\setupact.log
2014-04-21 22:22 - 2011-12-27 13:21 - 00000000 ____D () C:\Users\Bleicher\Documents\Outlook-Dateien
2014-04-21 21:48 - 2014-02-28 23:01 - 01679214 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-04-21 21:48 - 2011-02-19 06:24 - 00714302 _____ () C:\Windows\system32\perfh007.dat
2014-04-21 21:48 - 2011-02-19 06:24 - 00154250 _____ () C:\Windows\system32\perfc007.dat
2014-04-21 19:43 - 2014-04-21 19:43 - 00001863 _____ () C:\Users\Bleicher\Desktop\JRT.txt
2014-04-21 19:34 - 2014-04-21 19:34 - 00000000 ____D () C:\Windows\ERUNT
2014-04-21 19:33 - 2014-04-21 19:33 - 01016261 _____ (Thisisu) C:\Users\Bleicher\Desktop\JRT(1).exe
2014-04-21 19:00 - 2012-01-06 20:00 - 00000414 _____ () C:\Windows\SysWOW64\AppLog.log
2014-04-21 18:43 - 2012-06-06 12:33 - 00000000 ____D () C:\Users\Bleicher\Digitalcamera Bilder
2014-04-21 18:34 - 2014-04-21 18:34 - 00000000 ___RD () C:\Users\Bleicher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2014-04-21 18:27 - 2014-04-21 18:27 - 00008133 _____ () C:\Users\Bleicher\Desktop\AdwCleaner[S0].txt
2014-04-21 18:24 - 2014-04-21 18:22 - 00000000 ____D () C:\AdwCleaner
2014-04-21 18:18 - 2014-04-21 18:18 - 01322687 _____ () C:\Users\Bleicher\Downloads\AdwCleaner.exe
2014-04-21 18:17 - 2014-04-21 18:17 - 00001149 _____ () C:\Users\Bleicher\Desktop\mbam.txt
2014-04-21 18:04 - 2014-04-21 18:04 - 00011466 _____ () C:\Users\Bleicher\Desktop\mbam-suchlaufprtokoll-2014-04-21 (18-00-53).txt
2014-04-21 17:42 - 2014-04-21 17:42 - 00001104 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-21 17:42 - 2014-04-21 17:42 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-21 17:41 - 2014-04-21 17:41 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Bleicher\Downloads\mbam-setup-2.0.1.1004.exe
2014-04-21 17:36 - 2014-04-19 13:29 - 00002872 _____ () C:\Windows\system32\TmInstall.log
2014-04-21 17:35 - 2014-03-07 22:37 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-04-21 17:35 - 2011-04-13 03:39 - 00536268 _____ () C:\Windows\PFRO.log
2014-04-19 13:31 - 2014-04-19 13:31 - 00000085 _____ () C:\Windows\wininit.ini
2014-04-19 13:31 - 2014-03-07 22:37 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-04-19 13:29 - 2014-04-19 13:29 - 00004280 _____ () C:\Windows\SysWOW64\TmInstall.log
2014-04-19 13:29 - 2011-04-13 04:51 - 00000000 ____D () C:\ProgramData\Trend Micro
2014-04-19 12:39 - 2014-04-19 12:39 - 00001266 _____ () C:\Users\Bleicher\Desktop\Revo Uninstaller.lnk
2014-04-19 12:39 - 2014-04-19 12:39 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-04-19 12:37 - 2014-04-19 12:35 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Bleicher\Downloads\revosetup95.exe
2014-04-19 12:22 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-04-18 16:31 - 2014-04-18 16:29 - 00052199 _____ () C:\Users\Bleicher\Desktop\Addition.txt
2014-04-16 13:42 - 2013-08-11 17:22 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-15 22:17 - 2013-12-19 23:28 - 00000000 ____D () C:\Users\Bleicher\AppData\Local\Amazon Cloud Player
2014-04-10 19:11 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-04-10 14:11 - 2011-12-27 13:09 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-04-09 14:08 - 2012-06-12 19:05 - 00002177 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-04-04 19:08 - 2014-04-04 19:08 - 00001785 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-04-04 19:08 - 2014-04-04 19:08 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-04-04 19:08 - 2014-04-04 19:08 - 00000000 ____D () C:\Program Files\iTunes
2014-04-04 19:08 - 2014-04-04 19:08 - 00000000 ____D () C:\Program Files\iPod
2014-04-04 19:08 - 2014-04-04 19:08 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-04-04 19:05 - 2012-01-03 22:55 - 00000000 ____D () C:\ProgramData\Apple
2014-04-04 14:01 - 2011-04-13 04:33 - 00004120 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-04-04 14:01 - 2011-04-13 04:33 - 00003868 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-04-03 09:51 - 2014-04-21 17:42 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-03 09:51 - 2014-04-21 17:42 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-03 09:50 - 2014-04-21 17:42 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-03-31 18:35 - 2009-07-14 07:13 - 01650248 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-31 09:35 - 2014-04-21 17:41 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-03-31 03:51 - 2014-04-16 13:40 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-03-31 03:16 - 2014-04-09 13:55 - 23134208 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-31 03:13 - 2014-04-09 13:55 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-31 02:13 - 2014-04-09 13:55 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-31 01:57 - 2014-04-09 13:55 - 17073152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-30 21:54 - 2014-03-30 21:53 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\Bleicher\Downloads\mbam-setup-2.0.0.1000.exe
2014-03-30 21:54 - 2013-12-06 21:59 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-30 21:23 - 2014-03-06 22:53 - 00000100 _____ () C:\Users\Bleicher\AppData\Roaming\WB.CFG
2014-03-30 20:17 - 2012-05-12 15:18 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-03-30 00:03 - 2014-03-30 00:03 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

Some content of TEMP:
====================
C:\Users\Bleicher\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-04-19 13:09

==================== End Of Log ============================
--- --- ---

--- --- ---

schrauber 23.04.2014 12:38
Java und Flash updaten.


Fertig :)

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.



Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun :)

Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.

Stoffl33 23.04.2014 16:14
Hi,

alles befolgt und bestens!!!

Herzlichen Dank für deine Hilfe!!! Hätte ich alleine nie geschafft!!!


Viele Grüße
Stoffl

schrauber 24.04.2014 11:10
Gern Geschehen :)


Alle Zeitangaben in WEZ +1. Es ist jetzt 07:28 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27