Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   "Continue VuuPC Installation" - Ein Virus? (https://www.trojaner-board.de/153332-continue-vuupc-installation-virus.html)

Tatjana301 02.05.2014 07:42
"Continue VuuPC Installation" - Ein Virus?
 
Hallo zusammen,

seit einiger Zeit habe ich das Problem, dass die Verknüpfung "Continue VuuPC Installation" auf dem Desktop erscheint. Alle Veresuche diese mit z.B. Malwarebytes zu löschen, sind bis jetzt gescheitert. Spätestens nach ein Paar Stunden ist diese wieder da.

Wie werde ich diesen Virus wieder los? Über Hilfe hierbei würde ich mich freuen :)

Viele Grüße
Tatjana301

schrauber 02.05.2014 08:16
hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)


Tatjana301 03.05.2014 16:18
Hier ist die FRST.txt
FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-05-2014
Ran by Anna (administrator) on ANNA-PC on 03-05-2014 17:12:45
Running from C:\Users\Anna\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: Downloading Farbar Recovery Scan Tool
Download link for 64-Bit Version: Downloading Farbar Recovery Scan Tool
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\System32\atiesrxx.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
() C:\OEM\USBDECTION\USBS3S4Detection.exe
() C:\Users\Anna\AppData\Roaming\VOPackage\VOsrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Logitech Inc.) C:\Program Files (x86)\Logitech\Vid HD\Vid.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
() C:\Program Files (x86)\Packard Bell\Hotkey Utility\HotkeyUtility.exe
(shbox.de) C:\Program Files (x86)\FreePDF_XP\fpassist.exe
(Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
() C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
() C:\Program Files (x86)\Common Files\logishrd\LQCVFX\COCIManager.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
() C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [IAAnotif] => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-10-13] (Intel Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Hotkey Utility] => C:\Program Files (x86)\Packard Bell\Hotkey Utility\HotkeyUtility.exe [611872 2010-08-04] ()
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-01-13] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [FreePDF Assistant] => C:\Program Files (x86)\FreePDF_XP\fpassist.exe [370176 2010-06-17] (shbox.de)
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [190808 2011-03-01] (Logitech Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-20] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [mobilegeni daemon] => C:\Program Files (x86)\Mobogenie\DaemonProcess.exe [748736 2014-04-17] ()
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2691480 2014-03-21] (Adobe Systems Incorporated)
HKU\S-1-5-21-3536708093-2688288980-3666440286-1000\...\Run: [Global Registration] => "C:\Program Files (x86)\Packard Bell\Registration\GREG.exe" /boot
HKU\S-1-5-21-3536708093-2688288980-3666440286-1000\...\Run: [Logitech Vid] => C:\Program Files (x86)\Logitech\Vid HD\Vid.exe [6129496 2011-01-13] (Logitech Inc.)
HKU\S-1-5-21-3536708093-2688288980-3666440286-1000\...\MountPoints2: {c24d3bbe-cb5b-11e2-9a08-d027881769da} - J:\Startme.exe
HKU\S-1-5-21-3536708093-2688288980-3666440286-1000\...\MountPoints2: {dee0fcbf-b42f-11e3-a7e8-d027881769da} - J:\Startme.exe
AppInit_DLLs-x32: C:\PROGRA~2\Citrix\ICACLI~1\RSHook.dll => C:\Program Files (x86)\Citrix\ICA Client\RSHook.dll [257208 2012-07-27] (Citrix Systems, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = MSN Deutschland: Aktuelle Nachrichten, Outlook.com Email und Skype Login.
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN Deutschland: Aktuelle Nachrichten, Outlook.com Email und Skype Login.
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Upgrade to Google Chrome
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Upgrade to Google Chrome
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN Deutschland: Aktuelle Nachrichten, Outlook.com Email und Skype Login.
URLSearchHook: HKLM-x32 - Default Value = {855F3B16-6D32-4fe6-8A56-BBB695989046}
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {0A1ED960-4D49-45C7-9477-2D710592B658} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=386496&p={searchTerms}
SearchScopes: HKCU - {16E9CF08-52AE-422B-90B4-FA4C7303C0C5} URL = hxxp://search.softonic.com/MON00015/tb_v1?q={searchTerms}&SearchSource=4&cc=
SearchScopes: HKCU - {4EFD4B31-56CE-4028-9FC4-48069D294C08} URL = hxxp://websearch.ask.com/custom/java/redirect?client=ie&tb=ORJ&o=100000026&src=crm&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000
SearchScopes: HKCU - {6A1806CD-94D4-4689 URL = hxxp://search.chatzum.com/?q={searchTerms}
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
SearchScopes: HKCU - {A897A806-DB8B-47C5-BB31-E674E7484DE6} URL = hxxp://start.funmoods.com/results.php?f=4&a=drive&q={searchTerms}
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll No File
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll No File
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll No File
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll No File
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll No File
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll No File
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll No File
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll No File
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll No File
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll No File
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll No File
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll No File
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll No File
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll No File
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll No File
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll No File
Tcpip\..\Interfaces\{8F1F1139-F24B-4778-821F-71319443B5F6}: [NameServer]62.220.18.8 89.246.64.8

FireFox:
========
FF ProfilePath: C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\bu3hi8sj.default
FF user.js: detected! => C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\bu3hi8sj.default\user.js
FF DefaultSearchEngine: Bing
FF SearchEngineOrder.3: Bing
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.google.de/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_206.dll ()
FF Plugin: @java.com/DTPlugin,version=10.10.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect_x86_64 - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_206.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Citrix.com/npican - C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll No File
FF Plugin-x32: @java.com/DTPlugin,version=10.10.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.10.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=1.1.9 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Anna\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101721.dll (Amazon.com, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\bu3hi8sj.default\searchplugins\bingp.xml
FF SearchPlugin: C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\bu3hi8sj.default\searchplugins\icq-search.xml
FF SearchPlugin: C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\bu3hi8sj.default\searchplugins\search-results.xml
FF SearchPlugin: C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\bu3hi8sj.default\searchplugins\searchplugins-backup
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
FF Extension: Feedback - C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\bu3hi8sj.default\Extensions\testpilot@labs.mozilla.com.xpi [2012-10-29]
FF Extension: Adblock Plus - C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\bu3hi8sj.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-04-20]

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 USBS3S4Detection; C:\OEM\USBDECTION\USBS3S4Detection.exe [76320 2009-12-09] ()
R2 VOsrv; C:\Users\Anna\AppData\Roaming\VOPackage\VOsrv.exe [353792 2014-02-25] ()

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2014-01-07] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2014-01-07] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-12-16] (Avira Operations GmbH & Co. KG)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-05-01] (Malwarebytes Corporation)
R1 {59981518-8b2b-431e-90db-17dacc8cfa86}w64; C:\Windows\System32\drivers\{59981518-8b2b-431e-90db-17dacc8cfa86}w64.sys [61112 2014-04-24] (StdLib)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-03 17:12 - 2014-05-03 17:13 - 00016720 _____ () C:\Users\Anna\Desktop\FRST.txt
2014-05-03 17:12 - 2014-05-03 17:12 - 02062336 _____ (Farbar) C:\Users\Anna\Desktop\FRST64.exe
2014-05-03 17:12 - 2014-05-03 17:12 - 00000000 ____D () C:\FRST
2014-05-02 12:11 - 2014-05-02 19:00 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-05-02 11:37 - 2014-05-02 11:37 - 00001062 _____ () C:\Users\Anna\Desktop\Continue VuuPC Installation.lnk
2014-05-01 21:22 - 2014-05-01 21:35 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-01 01:08 - 2014-05-01 01:08 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-04-30 08:24 - 2014-04-14 04:24 - 00465408 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-04-30 08:24 - 2014-04-14 04:19 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-04-26 17:40 - 2014-04-26 17:40 - 00003152 _____ () C:\Windows\System32\Tasks\{48537833-5B03-4D3A-A1B7-A9B1072DC491}
2014-04-26 17:37 - 2014-04-26 17:37 - 00000000 ____D () C:\ProgramData\regid.1986-12.com.adobe
2014-04-25 17:11 - 2014-04-25 17:11 - 00001200 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Dreamweaver CC.lnk
2014-04-25 16:59 - 2014-04-25 16:59 - 00001285 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk
2014-04-25 16:58 - 2014-04-25 16:59 - 00000000 ____D () C:\ProgramData\Package Cache
2014-04-25 16:45 - 2014-04-24 12:23 - 00061112 _____ (StdLib) C:\Windows\system32\Drivers\{59981518-8b2b-431e-90db-17dacc8cfa86}w64.sys
2014-04-09 14:43 - 2014-04-09 14:43 - 00001021 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\WinZip.lnk
2014-04-09 14:43 - 2014-04-09 14:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
2014-04-09 14:42 - 2014-04-09 14:42 - 00000000 ____D () C:\Program Files (x86)\WinZip
2014-04-09 10:24 - 2014-03-04 11:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-04-09 10:24 - 2014-03-04 11:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2014-04-09 10:24 - 2014-03-04 11:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2014-04-09 10:24 - 2014-03-04 11:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2014-04-09 10:24 - 2014-03-04 11:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2014-04-09 10:24 - 2014-03-04 11:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2014-04-09 10:24 - 2014-03-04 11:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-04-09 10:24 - 2014-03-04 11:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2014-04-09 10:24 - 2014-03-04 11:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2014-04-09 10:24 - 2014-03-04 10:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2014-04-09 10:24 - 2014-03-04 10:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2014-04-09 10:24 - 2014-02-04 04:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2014-04-09 10:24 - 2014-02-04 04:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-04-09 10:24 - 2014-02-04 04:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2014-04-09 10:24 - 2014-02-04 04:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
2014-04-09 10:24 - 2014-02-04 04:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll
2014-04-09 10:24 - 2014-01-24 04:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-04-06 12:00 - 2014-04-06 12:00 - 00061112 _____ (StdLib) C:\Windows\system32\Drivers\wStLibG64.sys
2014-04-06 10:34 - 2013-07-20 12:33 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2014-04-06 10:34 - 2013-07-20 12:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2014-04-06 10:30 - 2014-04-06 10:30 - 00000000 ____D () C:\Users\Anna\AppData\Local\Spoon
2014-04-06 10:28 - 2014-05-01 21:32 - 00000000 ____D () C:\ProgramData\Systweak
2014-04-06 10:28 - 2014-04-07 20:33 - 00003120 _____ () C:\Windows\System32\Tasks\Advanced System Protector_startup
2014-04-06 10:28 - 2014-04-06 10:28 - 00000000 ____D () C:\Windows\SysWOW64\XPSViewer
2014-04-06 10:28 - 2014-04-06 10:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced System Protector
2014-04-06 10:28 - 2014-04-06 10:28 - 00000000 ____D () C:\Program Files\Reference Assemblies
2014-04-06 10:28 - 2014-04-06 10:28 - 00000000 ____D () C:\Program Files\MSBuild
2014-04-06 10:28 - 2014-04-06 10:28 - 00000000 ____D () C:\Program Files (x86)\Reference Assemblies
2014-04-06 10:28 - 2014-04-06 10:28 - 00000000 ____D () C:\Program Files (x86)\MSBuild
2014-04-06 10:28 - 2012-07-25 12:03 - 00016896 _____ () C:\Windows\system32\sasnative64.exe
2014-04-06 10:27 - 2014-04-26 17:51 - 00000000 ____D () C:\Program Files (x86)\Jotzey
2014-04-06 10:27 - 2014-04-17 11:11 - 00000000 ____D () C:\Users\Anna\AppData\Local\cache
2014-04-06 10:27 - 2014-04-06 10:32 - 00000000 ____D () C:\Users\Anna\AppData\Local\Mobogenie
2014-04-06 10:27 - 2014-04-06 10:27 - 00000000 ____D () C:\Users\Anna\AppData\Roaming\VOPackage
2014-04-06 10:27 - 2014-04-06 10:27 - 00000000 ____D () C:\Users\Anna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mobogenie
2014-04-06 10:27 - 2014-04-06 10:27 - 00000000 ____D () C:\Users\Anna\AppData\Roaming\Free Picture Solutions
2014-04-06 10:27 - 2014-04-06 10:27 - 00000000 ____D () C:\Users\Anna\.android
2014-04-06 10:27 - 2014-04-06 10:27 - 00000000 _____ () C:\Users\Anna\daemonprocess.txt
2014-04-06 10:26 - 2014-05-01 21:32 - 00000000 ____D () C:\Users\Anna\AppData\Roaming\Systweak
2014-04-06 10:26 - 2014-04-17 11:12 - 00000000 ____D () C:\Program Files (x86)\Mobogenie
2014-04-06 10:26 - 2014-04-06 10:28 - 00131072 _____ () C:\Windows\ocsetup_install_NetFx3.etl
2014-04-06 10:26 - 2014-04-06 10:28 - 00057157 _____ () C:\Windows\ocsetup_cbs_install_NetFx3.txt
2014-04-06 10:24 - 2014-04-06 10:24 - 00930952 _____ (CNET Download.com) C:\Users\Anna\cbsidlm-cbsi183-Free_XPS_Viewer-ORG-75999367.exe

==================== One Month Modified Files and Folders =======

2014-05-03 17:13 - 2014-05-03 17:12 - 00016720 _____ () C:\Users\Anna\Desktop\FRST.txt
2014-05-03 17:13 - 2010-10-15 16:52 - 01267531 _____ () C:\Windows\WindowsUpdate.log
2014-05-03 17:12 - 2014-05-03 17:12 - 02062336 _____ (Farbar) C:\Users\Anna\Desktop\FRST64.exe
2014-05-03 17:12 - 2014-05-03 17:12 - 00000000 ____D () C:\FRST
2014-05-03 17:10 - 2011-05-11 10:17 - 00000000 ____D () C:\Users\Anna\AppData\Local\Adobe
2014-05-03 17:09 - 2013-01-20 12:00 - 00116027 _____ () C:\Windows\setupact.log
2014-05-03 17:09 - 2012-10-27 14:49 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-05-03 17:09 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-03 01:42 - 2011-05-11 12:05 - 00000000 ____D () C:\Users\Anna\AppData\Roaming\Skype
2014-05-03 01:09 - 2012-11-04 20:18 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-02 20:39 - 2010-10-11 04:00 - 00699670 _____ () C:\Windows\system32\perfh007.dat
2014-05-02 20:39 - 2010-10-11 04:00 - 00149810 _____ () C:\Windows\system32\perfc007.dat
2014-05-02 20:39 - 2009-07-14 07:13 - 01621684 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-02 19:00 - 2014-05-02 12:11 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-05-02 11:37 - 2014-05-02 11:37 - 00001062 _____ () C:\Users\Anna\Desktop\Continue VuuPC Installation.lnk
2014-05-02 11:14 - 2009-07-14 06:45 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-02 11:14 - 2009-07-14 06:45 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-01 21:35 - 2014-05-01 21:22 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-01 21:33 - 2013-01-20 11:59 - 00292120 _____ () C:\Windows\PFRO.log
2014-05-01 21:32 - 2014-04-06 10:28 - 00000000 ____D () C:\ProgramData\Systweak
2014-05-01 21:32 - 2014-04-06 10:26 - 00000000 ____D () C:\Users\Anna\AppData\Roaming\Systweak
2014-05-01 21:21 - 2012-12-25 18:39 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-01 01:08 - 2014-05-01 01:08 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-04-30 15:20 - 2014-02-20 12:12 - 00000000 ____D () C:\Users\Anna\Desktop\MASTERARBEIT
2014-04-29 19:59 - 2011-07-02 10:06 - 00000000 ____D () C:\Users\Anna\AppData\Local\FreePDF_XP
2014-04-29 13:14 - 2012-11-04 20:18 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-04-29 13:13 - 2012-11-04 20:18 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-04-29 13:13 - 2011-12-05 21:12 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-04-26 17:53 - 2011-05-11 10:03 - 00087448 _____ () C:\Users\Anna\AppData\Local\GDIPFONTCACHEV1.DAT
2014-04-26 17:52 - 2009-07-14 06:45 - 00350672 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-04-26 17:51 - 2014-04-06 10:27 - 00000000 ____D () C:\Program Files (x86)\Jotzey
2014-04-26 17:43 - 2012-10-07 21:41 - 00000000 ____D () C:\Users\Anna\AppData\Local\Google
2014-04-26 17:43 - 2012-10-07 21:41 - 00000000 ____D () C:\Program Files (x86)\Google
2014-04-26 17:42 - 2013-01-04 19:04 - 00000000 ____D () C:\ProgramData\B+P Heyer
2014-04-26 17:41 - 2011-05-11 10:04 - 00000000 ___RD () C:\Users\Anna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-04-26 17:40 - 2014-04-26 17:40 - 00003152 _____ () C:\Windows\System32\Tasks\{48537833-5B03-4D3A-A1B7-A9B1072DC491}
2014-04-26 17:37 - 2014-04-26 17:37 - 00000000 ____D () C:\ProgramData\regid.1986-12.com.adobe
2014-04-26 17:37 - 2013-01-19 20:21 - 00000000 ____D () C:\Program Files\CCleaner
2014-04-26 17:37 - 2011-05-11 10:17 - 00000000 ____D () C:\Users\Anna\AppData\Roaming\Adobe
2014-04-26 17:30 - 2009-07-14 04:34 - 00000505 _____ () C:\Windows\win.ini
2014-04-25 17:16 - 2010-08-25 13:58 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-04-25 17:12 - 2010-08-25 13:58 - 00000000 ____D () C:\ProgramData\Adobe
2014-04-25 17:11 - 2014-04-25 17:11 - 00001200 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Dreamweaver CC.lnk
2014-04-25 16:59 - 2014-04-25 16:59 - 00001285 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk
2014-04-25 16:59 - 2014-04-25 16:58 - 00000000 ____D () C:\ProgramData\Package Cache
2014-04-25 16:45 - 2014-04-01 16:38 - 00000000 ____D () C:\ik
2014-04-24 15:36 - 2011-05-11 12:12 - 00000000 ____D () C:\Users\Anna\Desktop\Fotos
2014-04-24 15:35 - 2014-02-25 19:37 - 00000000 ____D () C:\Users\Anna\Desktop\BESTELLUNG
2014-04-24 12:23 - 2014-04-25 16:45 - 00061112 _____ (StdLib) C:\Windows\system32\Drivers\{59981518-8b2b-431e-90db-17dacc8cfa86}w64.sys
2014-04-22 01:05 - 2014-03-06 22:09 - 00000000 ____D () C:\Users\Anna\Desktop\Барахло 2
2014-04-17 11:12 - 2014-04-06 10:26 - 00000000 ____D () C:\Program Files (x86)\Mobogenie
2014-04-17 11:11 - 2014-04-06 10:27 - 00000000 ____D () C:\Users\Anna\AppData\Local\cache
2014-04-14 04:24 - 2014-04-30 08:24 - 00465408 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-04-14 04:19 - 2014-04-30 08:24 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-04-09 22:38 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-04-09 15:24 - 2009-07-14 05:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
2014-04-09 14:43 - 2014-04-09 14:43 - 00001021 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\WinZip.lnk
2014-04-09 14:43 - 2014-04-09 14:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
2014-04-09 14:42 - 2014-04-09 14:42 - 00000000 ____D () C:\Program Files (x86)\WinZip
2014-04-09 10:28 - 2013-07-14 22:48 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-09 10:28 - 2011-05-11 10:29 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-04-09 10:27 - 2013-01-02 15:27 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-04-07 20:47 - 2012-10-29 20:06 - 00000000 ____D () C:\Program Files (x86)\Citrix
2014-04-07 20:33 - 2014-04-06 10:28 - 00003120 _____ () C:\Windows\System32\Tasks\Advanced System Protector_startup
2014-04-06 12:00 - 2014-04-06 12:00 - 00061112 _____ (StdLib) C:\Windows\system32\Drivers\wStLibG64.sys
2014-04-06 11:47 - 2011-05-11 12:15 - 00000000 ____D () C:\Users\Anna\Desktop\Oni
2014-04-06 10:32 - 2014-04-06 10:27 - 00000000 ____D () C:\Users\Anna\AppData\Local\Mobogenie
2014-04-06 10:30 - 2014-04-06 10:30 - 00000000 ____D () C:\Users\Anna\AppData\Local\Spoon
2014-04-06 10:28 - 2014-04-06 10:28 - 00000000 ____D () C:\Windows\SysWOW64\XPSViewer
2014-04-06 10:28 - 2014-04-06 10:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced System Protector
2014-04-06 10:28 - 2014-04-06 10:28 - 00000000 ____D () C:\Program Files\Reference Assemblies
2014-04-06 10:28 - 2014-04-06 10:28 - 00000000 ____D () C:\Program Files\MSBuild
2014-04-06 10:28 - 2014-04-06 10:28 - 00000000 ____D () C:\Program Files (x86)\Reference Assemblies
2014-04-06 10:28 - 2014-04-06 10:28 - 00000000 ____D () C:\Program Files (x86)\MSBuild
2014-04-06 10:28 - 2014-04-06 10:26 - 00131072 _____ () C:\Windows\ocsetup_install_NetFx3.etl
2014-04-06 10:28 - 2014-04-06 10:26 - 00057157 _____ () C:\Windows\ocsetup_cbs_install_NetFx3.txt
2014-04-06 10:27 - 2014-04-06 10:27 - 00000000 ____D () C:\Users\Anna\AppData\Roaming\VOPackage
2014-04-06 10:27 - 2014-04-06 10:27 - 00000000 ____D () C:\Users\Anna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mobogenie
2014-04-06 10:27 - 2014-04-06 10:27 - 00000000 ____D () C:\Users\Anna\AppData\Roaming\Free Picture Solutions
2014-04-06 10:27 - 2014-04-06 10:27 - 00000000 ____D () C:\Users\Anna\.android
2014-04-06 10:27 - 2014-04-06 10:27 - 00000000 _____ () C:\Users\Anna\daemonprocess.txt
2014-04-06 10:27 - 2011-05-11 10:03 - 00000000 ____D () C:\Users\Anna
2014-04-06 10:24 - 2014-04-06 10:24 - 00930952 _____ (CNET Download.com) C:\Users\Anna\cbsidlm-cbsi183-Free_XPS_Viewer-ORG-75999367.exe
2014-04-04 09:35 - 2009-07-14 07:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT

Files to move or delete:
====================
C:\Users\Anna\ALDI NORD Bestellsoftware Setup.exe
C:\Users\Anna\AmazonMP3DownloaderInstall.exe
C:\Users\Anna\cbsidlm-cbsi183-Free_XPS_Viewer-ORG-75999367.exe
C:\Users\Anna\CitrixReceiverWeb.exe


Some content of TEMP:
====================
C:\Users\Anna\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-04-29 19:37

==================== End Of Log ============================
--- --- ---

--- --- ---


Und hier ist die Addition.txtFRST Additions Logfile:
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-05-2014
Ran by Anna at 2014-05-03 17:13:53
Running from C:\Users\Anna\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Avira Desktop (Enabled - Out of date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Out of date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe AIR (x32 Version: 1.5.0.7220 - Adobe Systems Inc.) Hidden
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 2.5.0.367 - Adobe Systems Incorporated)
Adobe Dreamweaver CC (HKLM-x32\...\{00E094E1-A852-11E2-803D-ACEA632352B4}) (Version: 13 - Adobe Systems Incorporated)
Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.206 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.206 - Adobe Systems Incorporated)
Adobe Photoshop Elements 8.0 (HKLM-x32\...\Adobe Photoshop Elements 8.0) (Version: 8.0 - Adobe Systems Incorporated)
Adobe Photoshop Elements 8.0 (x32 Version: 8.0 - Adobe Systems Incorporated) Hidden
Adobe Reader XI (11.0.06) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
Advanced System Protector (HKLM-x32\...\00212D92-C5D8-4ff4-AE50-B20F0F85C40A_Systweak_Ad~B9F029BF_is1) (Version: 2.1.1000.12594 - Systweak Software) <==== ATTENTION
Advertising Center (x32 Version: 0.0.0.2 - Nero AG) Hidden
ALDI NORD Bestellsoftware 4.11.0 (HKLM-x32\...\ALDI NORD Bestellsoftware) (Version: 4.11.0 - ORWO Net)
Amazon MP3-Downloader 1.0.17 (HKLM-x32\...\Amazon MP3-Downloader) (Version: 1.0.17 - Amazon Services LLC)
AMD DnD V1.0.19 (x32 Version: 1.0.19 - AMD) Hidden
AMR to MP3 Converter 1.4 (HKLM-x32\...\{C615B4A6-DDE8-4325-BCF8-E53E913D95E9}_is1) (Version:  - amrtomp3converter.com)
Apple Application Support (HKLM-x32\...\{853A4763-6643-4604-8D64-28BDD8925F4C}) (Version: 1.5.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{8F473675-D702-45F9-8EBC-342B40C17BF5}) (Version: 3.4.0.25 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{C41300B9-185D-475E-BFEC-39EF732F19B1}) (Version: 2.1.2.120 - Apple Inc.)
ATI AVIVO64 Codecs (Version: 10.12.0.00113 - ATI Technologies Inc.) Hidden
ATI Catalyst Install Manager (HKLM\...\{C42B7876-FA88-4F4A-9A5F-E175AD143F2A}) (Version: 3.0.762.0 - ATI Technologies, Inc.)
Audacity 1.3.12 (HKLM-x32\...\Audacity 1.3 Beta_is1) (Version:  - Audacity Team)
Audible Download Manager (HKLM-x32\...\AudibleDownloadManager) (Version: 6.6.0.15 - Audible, Inc.)
Audiograbber 1.83 SE  (HKLM-x32\...\Audiograbber) (Version: 1.83 SE  - Audiograbber)
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.3.350 - Avira)
Black & White® 2 (HKLM-x32\...\{D9E52CD1-9DF1-4A8A-9BDC-1E5E53982F2B}) (Version: 1.00.0000 - Lionhead Studios)
Bonjour (HKLM\...\{0E543634-7E25-4B8F-8D5B-97880E5E5088}) (Version: 2.0.5.0 - Apple Inc.)
CameraHelperMsi (x32 Version: 13.20.1182.0 - Logitech) Hidden
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Core Implementation (x32 Version: 2010.0113.2208.39662 - ATI) Hidden
Catalyst Control Center Graphics Full Existing (x32 Version: 2010.0113.2208.39662 - ATI) Hidden
Catalyst Control Center Graphics Full New (x32 Version: 2010.0113.2208.39662 - ATI) Hidden
Catalyst Control Center Graphics Light (x32 Version: 2010.0113.2208.39662 - ATI) Hidden
Catalyst Control Center Graphics Previews Vista (x32 Version: 2010.0113.2208.39662 - ATI) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2010.0113.2208.39662 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2010.0113.2208.39662 - ATI) Hidden
CCC Help Chinese Standard (x32 Version: 2010.0113.2207.39662 - ATI) Hidden
CCC Help Chinese Traditional (x32 Version: 2010.0113.2207.39662 - ATI) Hidden
CCC Help Czech (x32 Version: 2010.0113.2207.39662 - ATI) Hidden
CCC Help Danish (x32 Version: 2010.0113.2207.39662 - ATI) Hidden
CCC Help Dutch (x32 Version: 2010.0113.2207.39662 - ATI) Hidden
CCC Help English (x32 Version: 2010.0113.2207.39662 - ATI) Hidden
CCC Help Finnish (x32 Version: 2010.0113.2207.39662 - ATI) Hidden
CCC Help French (x32 Version: 2010.0113.2207.39662 - ATI) Hidden
CCC Help German (x32 Version: 2010.0113.2207.39662 - ATI) Hidden
CCC Help Greek (x32 Version: 2010.0113.2207.39662 - ATI) Hidden
CCC Help Hungarian (x32 Version: 2010.0113.2207.39662 - ATI) Hidden
CCC Help Italian (x32 Version: 2010.0113.2207.39662 - ATI) Hidden
CCC Help Japanese (x32 Version: 2010.0113.2207.39662 - ATI) Hidden
CCC Help Korean (x32 Version: 2010.0113.2207.39662 - ATI) Hidden
CCC Help Norwegian (x32 Version: 2010.0113.2207.39662 - ATI) Hidden
CCC Help Polish (x32 Version: 2010.0113.2207.39662 - ATI) Hidden
CCC Help Portuguese (x32 Version: 2010.0113.2207.39662 - ATI) Hidden
CCC Help Russian (x32 Version: 2010.0113.2207.39662 - ATI) Hidden
CCC Help Spanish (x32 Version: 2010.0113.2207.39662 - ATI) Hidden
CCC Help Swedish (x32 Version: 2010.0113.2207.39662 - ATI) Hidden
CCC Help Thai (x32 Version: 2010.0113.2207.39662 - ATI) Hidden
CCC Help Turkish (x32 Version: 2010.0113.2207.39662 - ATI) Hidden
ccc-core-static (x32 Version: 2010.0113.2208.39662 - Ihr Firmenname) Hidden
ccc-utility64 (Version: 2010.0113.2208.39662 - ATI) Hidden
Citrix Receiver (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 13.3.0.55 - Citrix Systems, Inc.)
Citrix Receiver (USB) (x32 Version: 13.3.0.55 - Citrix Systems, Inc.) Hidden
Citrix Receiver Inside (x32 Version: 3.3.0.17208 - Citrix Systems, Inc.) Hidden
Citrix Receiver Updater (x32 Version: 3.3.0.17207 - Citrix Systems, Inc.) Hidden
EPSON Copy Utility 3 (HKLM-x32\...\{67EDD823-135A-4D59-87BD-950616D6E857}) (Version: 3.3.0.0 - )
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - )
EPSON-Drucker-Software (HKLM\...\EPSON Printer and Utilities) (Version:  - SEIKO EPSON Corporation)
erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
Free Video to MP3 Converter version 5.0.4.1228 (HKLM-x32\...\Free Video to MP3 Converter_is1) (Version:  - DVDVideoSoft Ltd.)
Free WMA to MP3 Converter 1.16 (HKLM-x32\...\Free WMA to MP3 Converter_is1) (Version:  - Jodix Technologies Ltd.)
FreePDF (Remove only) (HKLM-x32\...\FreePDF_XP) (Version:  - )
GPL Ghostscript 9.00 (HKLM-x32\...\GPL Ghostscript 9.00) (Version:  - )
Hotkey Utility (HKLM-x32\...\Hotkey Utility) (Version: 2.05.3009 - Packard Bell)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3003 - Packard Bell)
ImagXpress (x32 Version: 7.0.74.0 - Nero AG) Hidden
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
iTunes (HKLM\...\{18155797-EF2E-4699-9A16-FE787C4C10DB}) (Version: 10.2.2.14 - Apple Inc.)
Java 7 Update 10 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217010FF}) (Version: 7.0.100 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.0 - Sun Microsystems, Inc.) Hidden
Junk Mail filter update (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
LAME v3.98.3 for Audacity (HKLM-x32\...\LAME for Audacity_is1) (Version:  - )
Little Fighter 2 version 2.0a (HKLM-x32\...\Little Fighter 2) (Version: version 2.0a - )
Logitech Vid HD (HKLM-x32\...\Logitech Vid) (Version: 7.2 (7248) - Logitech Inc..)
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.0 - Logitech Inc.)
LWS Facebook (x32 Version: 13.20.1166.0 - Logitech) Hidden
LWS Gallery (x32 Version: 13.20.1166.0 - Logitech) Hidden
LWS Help_main (x32 Version: 13.20.1182.0 - Logitech) Hidden
LWS Launcher (x32 Version: 13.20.1166.0 - Logitech) Hidden
LWS Motion Detection (x32 Version: 13.20.1176.0 - Logitech) Hidden
LWS Pictures And Video (x32 Version: 13.20.1182.0 - Logitech) Hidden
LWS Twitter (x32 Version: 13.20.1166.0 - Logitech) Hidden
LWS Video Mask Maker (x32 Version: 13.10.1216.0 - Logitech) Hidden
LWS VideoEffects (Version: 13.20.1182.0 - Logitech) Hidden
LWS Webcam Software (x32 Version: 13.20.1168.0 - Logitech) Hidden
LWS WLM Plugin (x32 Version: 1.20.1166.0 - Logitech) Hidden
LWS YouTube Plugin (x32 Version: 13.20.1166.0 - Logitech) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Choice Guard (x32 Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Access MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Groove MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Publisher MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (x32 Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (x32 Version: 11.0.61030 - Microsoft Corporation) Hidden
Mobogenie (HKLM-x32\...\Mobogenie) (Version:  - Mobogenie.com) <==== ATTENTION
Mozilla Firefox 17.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 17.0 (x86 de)) (Version: 17.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 24.5.0 - Mozilla)
Mozilla Thunderbird 24.5.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 24.5.0 (x86 de)) (Version: 24.5.0 - Mozilla)
MSVCRT (x32 Version: 14.0.1468.721 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero 9 Essentials (HKLM-x32\...\{abec8e45-298a-4b96-b714-36d6a68f2e2a}) (Version:  - Nero AG)
Nero ControlCenter (x32 Version: 9.0.0.1 - Nero AG) Hidden
Nero DiscSpeed (x32 Version: 5.4.13.100 - Nero AG) Hidden
Nero DiscSpeed Help (x32 Version: 5.4.4.100 - Nero AG) Hidden
Nero DriveSpeed (x32 Version: 4.4.12.100 - Nero AG) Hidden
Nero DriveSpeed Help (x32 Version: 4.4.4.100 - Nero AG) Hidden
Nero Express Help (x32 Version: 9.4.37.100 - Nero AG) Hidden
Nero InfoTool (x32 Version: 6.4.12.100 - Nero AG) Hidden
Nero InfoTool Help (x32 Version: 6.4.4.100 - Nero AG) Hidden
Nero Installer (x32 Version: 4.4.9.0 - Nero AG) Hidden
Nero Online Upgrade (x32 Version: 1.3.0.0 - Nero AG) Hidden
Nero StartSmart (x32 Version: 9.4.37.100 - Nero AG) Hidden
Nero StartSmart Help (x32 Version: 9.4.27.100 - Nero AG) Hidden
Nero StartSmart OEM (x32 Version: 9.4.10.100 - Nero AG) Hidden
NeroExpress (x32 Version: 9.4.37.100 - Nero AG) Hidden
neroxml (x32 Version: 1.0.0 - Nero AG) Hidden
Online Plug-in (x32 Version: 13.3.0.55 - Citrix Systems, Inc.) Hidden
Packard Bell Recovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3013 - Packard Bell)
QuickTime (HKLM-x32\...\{57752979-A1C9-4C02-856B-FBB27AC4E02C}) (Version: 7.69.80.9 - Apple Inc.)
Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.17.304.2010 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6045 - Realtek Semiconductor Corp.)
RedMon - Redirection Port Monitor (HKLM\...\Redirection Port Monitor) (Version:  - )
Santa Claus in Trouble (HKLM-x32\...\Santa Claus in Trouble) (Version:  - )
Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
Sony Ericsson Update Engine (HKLM-x32\...\Update Engine) (Version: 2.13.6.201305161305 - Sony Ericsson Communications AB)
Sony PC Companion 2.10.188 (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.188 - Sony)
Unity Web Player (HKCU\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6FAA03BD-2B51-4029-9AD9-64A3B8E3C84C}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{EA54F104-79D2-48CC-9ABC-91A63C43D353}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2878297) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{9B1DEEA3-B4ED-49F0-9EF7-4A820EEEA7F1}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
VLC media player 1.1.9 (HKLM-x32\...\VLC media player) (Version: 1.1.9 - VideoLAN)
VO Package (HKLM-x32\...\VOPackage) (Version: 1.0.0.0 - ) <==== ATTENTION
Welcome Center (HKLM-x32\...\Packard Bell Welcome Center) (Version: 1.02.3004 - Packard Bell)
Winamp (HKLM-x32\...\Winamp) (Version: 5.61  - Nullsoft, Inc)
Windows Live Anmelde-Assistent (HKLM-x32\...\{52B97218-98CB-4B8B-9283-D213C85E1AA4}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Call (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM-x32\...\{586509F0-350D-48B5-B763-9CC2F8D96C4C}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Live Writer (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live-Uploadtool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinZip (HKLM-x32\...\WinZip) (Version:  9.0 SR-1 (6224g) - WinZip Computing, Inc. und H.C. Top Systems B.V.)

==================== Restore Points  =========================


==================== Hosts content: ==========================

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {34E9EE02-FD18-4AE3-B10C-59E443B1F751} - System32\Tasks\Advanced System Protector_startup => C:\Program Files (x86)\Advanced System Protector\AdvancedSystemProtector.exe <==== ATTENTION
Task: {943CB55C-F5DD-4F77-8239-53863A63E509} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-04-29] (Adobe Systems Incorporated)
Task: {BEF76178-AA3A-42DB-A920-4D610065FCF0} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files (x86)\Ask.com\UpdateTask.exe <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2011-05-11 10:43 - 2010-06-17 21:56 - 00087040 _____ () C:\Windows\System32\redmonnt.dll
2014-03-20 11:24 - 2014-03-20 11:24 - 00667808 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll
2010-08-25 14:27 - 2009-12-09 11:24 - 00076320 _____ () C:\OEM\USBDECTION\USBS3S4Detection.exe
2014-02-25 08:29 - 2014-02-25 08:29 - 00353792 _____ () C:\Users\Anna\AppData\Roaming\VOPackage\VOsrv.exe
2010-08-04 14:40 - 2010-08-04 14:40 - 00611872 _____ () C:\Program Files (x86)\Packard Bell\Hotkey Utility\HotkeyUtility.exe
2011-03-01 23:13 - 2011-03-01 23:13 - 00203096 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
2011-03-10 18:05 - 2011-03-10 18:05 - 00687448 _____ () C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
2014-04-06 10:27 - 2014-04-17 11:10 - 00748736 _____ () C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
2009-08-14 10:55 - 2009-08-14 10:55 - 00016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2010-10-15 16:50 - 2010-10-15 16:50 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2013-01-19 20:31 - 2012-09-19 19:17 - 00397088 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2009-04-10 01:04 - 2009-04-10 01:04 - 02141008 _____ () C:\Program Files (x86)\Logitech\Vid HD\QtCore4.dll
2009-03-04 00:17 - 2009-03-04 00:17 - 07704400 _____ () C:\Program Files (x86)\Logitech\Vid HD\QtGui4.dll
2009-04-22 23:53 - 2009-04-22 23:53 - 00969040 _____ () C:\Program Files (x86)\Logitech\Vid HD\QtNetwork4.dll
2009-03-04 00:17 - 2009-03-04 00:17 - 00475472 _____ () C:\Program Files (x86)\Logitech\Vid HD\QtOpenGL4.dll
2009-03-04 00:17 - 2009-03-04 00:17 - 00363856 _____ () C:\Program Files (x86)\Logitech\Vid HD\QtXml4.dll
2009-03-04 00:17 - 2009-03-04 00:17 - 00200016 _____ () C:\Program Files (x86)\Logitech\Vid HD\QtSql4.dll
2011-01-13 03:55 - 2011-01-13 03:55 - 00027472 _____ () C:\Program Files (x86)\Logitech\Vid HD\SDL.dll
2009-03-04 00:17 - 2009-03-04 00:17 - 11311952 _____ () C:\Program Files (x86)\Logitech\Vid HD\QtWebKit4.dll
2009-03-04 00:17 - 2009-03-04 00:17 - 00291664 _____ () C:\Program Files (x86)\Logitech\Vid HD\phonon4.dll
2011-01-13 03:57 - 2011-01-13 03:57 - 00751616 _____ () C:\Program Files (x86)\Logitech\Vid HD\vpxmd.dll
2009-03-04 00:18 - 2009-03-04 00:18 - 00029008 _____ () C:\Program Files (x86)\Logitech\Vid HD\plugins\imageformats\qgif4.dll
2009-03-04 00:18 - 2009-03-04 00:18 - 00035152 _____ () C:\Program Files (x86)\Logitech\Vid HD\plugins\imageformats\qico4.dll
2009-03-04 00:18 - 2009-03-04 00:18 - 00138064 _____ () C:\Program Files (x86)\Logitech\Vid HD\plugins\imageformats\qjpeg4.dll
2011-03-04 03:26 - 2011-03-04 03:26 - 00181592 _____ () C:\Program Files (x86)\Common Files\logishrd\SharedBin\LVAPI11.dll
2010-08-04 11:47 - 2010-08-04 11:47 - 00144896 _____ () C:\Program Files (x86)\Packard Bell\Hotkey Utility\HotkeyHook.dll
2011-03-01 23:14 - 2011-03-01 23:14 - 02143576 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtCore4.dll
2011-03-01 23:14 - 2011-03-01 23:14 - 07954776 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtGui4.dll
2011-03-01 23:15 - 2011-03-01 23:15 - 00340824 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtXml4.dll
2011-03-01 23:15 - 2011-03-01 23:15 - 00027480 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QGif4.dll
2011-03-01 23:15 - 2011-03-01 23:15 - 00126808 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll
2011-03-10 18:03 - 2011-03-10 18:03 - 00331608 _____ () C:\Program Files (x86)\Common Files\logishrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll
2014-04-06 10:27 - 2014-04-17 11:10 - 00065728 _____ () C:\Program Files (x86)\Mobogenie\Device.dll
2014-04-06 10:27 - 2014-04-17 11:10 - 00474816 _____ () C:\Program Files (x86)\Mobogenie\DCR.dll
2011-05-11 10:36 - 2012-10-24 01:11 - 02406368 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Disabled items from MSCONFIG ==============

MSCONFIG\startupreg: CitrixReceiver => "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk"
MSCONFIG\startupreg: ConnectionCenter => "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: SearchSettings => "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe"
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

==================== Faulty Device Manager Devices =============

Name: Microsoft PS/2-Maus
Description: Microsoft PS/2-Maus
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (05/03/2014 05:11:18 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (05/02/2014 07:04:21 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (05/02/2014 00:49:03 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1". Fehler in Manifest- oder Richtliniendatei "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" in Zeile  WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein.
Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition: WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose.

Error: (05/02/2014 00:48:06 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (05/02/2014 00:47:57 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig.

Error: (05/01/2014 10:44:53 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (05/01/2014 09:34:25 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (05/01/2014 09:33:12 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (05/01/2014 01:52:39 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (04/30/2014 01:04:26 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1". Fehler in Manifest- oder Richtliniendatei "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" in Zeile  WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein.
Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition: WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose.


System errors:
=============
Error: (04/26/2014 05:41:29 PM) (Source: Service Control Manager) (User: )
Description: Dienst "Computer Backup (MyPC Backup)" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (04/26/2014 05:39:28 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Update Jotzey" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 5000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (04/26/2014 05:39:22 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Util Jotzey" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 5000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (04/17/2014 11:10:59 AM) (Source: Service Control Manager) (User: )
Description: Dienst "MgAssist Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (04/06/2014 11:12:22 AM) (Source: DCOM) (User: )
Description: {D085A4AB-CAB1-4729-9DF8-FCEEDDBD19E4}

Error: (04/06/2014 10:43:24 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "UPnP-Gerätehost" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1069

Error: (04/06/2014 10:43:24 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "upnphost" konnte sich nicht als "NT AUTHORITY\LocalService" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:
%%50

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (04/06/2014 10:43:24 AM) (Source: DCOM) (User: )
Description: 1069upnphost{204810B9-73B2-11D4-BF42-00B0D0118B56}

Error: (04/06/2014 10:29:51 AM) (Source: DCOM) (User: )
Description: {D085A4AB-CAB1-4729-9DF8-FCEEDDBD19E4}

Error: (04/06/2014 10:27:14 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "MgAssist Service" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.


Microsoft Office Sessions:
=========================
Error: (04/20/2014 02:20:55 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6695.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 157 seconds with 60 seconds of active time.  This session ended with a crash.

Error: (04/20/2014 02:18:11 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6695.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 91 seconds with 60 seconds of active time.  This session ended with a crash.

Error: (04/20/2014 02:16:33 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6695.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 64 seconds with 60 seconds of active time.  This session ended with a crash.

Error: (04/20/2014 02:14:12 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6695.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 0 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (04/20/2014 02:13:50 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6695.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 150 seconds with 120 seconds of active time.  This session ended with a crash.

Error: (04/01/2014 02:29:04 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6690.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 2329 seconds with 540 seconds of active time.  This session ended with a crash.

Error: (01/10/2014 07:36:33 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 39 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (01/10/2014 07:35:20 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 2269 seconds with 900 seconds of active time.  This session ended with a crash.

Error: (01/06/2014 10:46:19 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 33 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (01/04/2014 11:56:45 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 2201 seconds with 2100 seconds of active time.  This session ended with a crash.


==================== Memory info ===========================

Percentage of memory in use: 46%
Total physical RAM: 4023.11 MB
Available physical RAM: 2151.73 MB
Total Pagefile: 8044.4 MB
Available Pagefile: 5526.01 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (Packard Bell) (Fixed) (Total:290.45 GB) (Free:222.72 GB) NTFS
Drive d: (DATA) (Fixed) (Total:290.62 GB) (Free:275.27 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596 GB) (Disk ID: 5158B79F)
Partition 1: (Not Active) - (Size=15 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=290 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=291 GB) - (Type=07 NTFS)

==================== End Of Log ============================
--- --- ---

schrauber 04.05.2014 07:50
Revo Uninstaller - Download - Filepony
Damit alles deinstallieren was Du in der Additional.txt findest mit dem Zusatz <== ATTENTION

Mit Revo auch Moderat die Reste entfernen lassen.




Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.

Tatjana301 04.05.2014 16:09
mbam.txt

Malwarebytes Anti-Malware
Malwarebytes | Free Anti-Malware & Internet Security Software

Suchlauf Datum: 04.05.2014
Suchlauf-Zeit: 16:43:51
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.1.1004
Malware Datenbank: v2014.05.04.05
Rootkit Datenbank: v2014.03.27.01
Lizenz: Testversion
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Chameleon: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Anna

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 270194
Verstrichene Zeit: 22 Min, 7 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Shuriken: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 0
(No malicious items detected)

Registrierungswerte: 0
(No malicious items detected)

Registrierungsdaten: 0
(No malicious items detected)

Ordner: 0
(No malicious items detected)

Dateien: 12
PUP.Optional.InstallCore.A, C:\Users\Anna\AppData\Local\Temp\ICReinstall_nslD6B1.tmp, In Quarantäne, [d52bf50b68983dc3e1bdc2ac1fe233cd],
PUP.Optional.InstallCore.A, C:\Users\Anna\AppData\Local\Temp\ICReinstall_nsqD9DC.tmp, In Quarantäne, [f40c000088789f61eeb0e5893dc40000],
PUP.Optional.InstallCore.A, C:\Users\Anna\AppData\Local\Temp\ICReinstall_nswD56A.tmp, In Quarantäne, [3ac62ad6bf41be42811d5915877aa65a],
PUP.Optional.InstallCore.A, C:\Users\Anna\AppData\Local\Temp\ICReinstall_nswDC6C.tmp, In Quarantäne, [39c7827e4fb1fb051f7fd29cdb26a957],
PUP.Optional.InstallCore.A, C:\Users\Anna\AppData\Local\Temp\nslD6B1.tmp, In Quarantäne, [c838946c68981ce49fff234b956c7a86],
PUP.Optional.InstallCore.A, C:\Users\Anna\AppData\Local\Temp\nsqD9DC.tmp, In Quarantäne, [8c74c937b9472bd58816d29c8180669a],
PUP.Optional.InstallCore.A, C:\Users\Anna\AppData\Local\Temp\nswD56A.tmp, In Quarantäne, [c73941bfe61a2fd1ecb2f07e53ae758b],
PUP.Optional.InstallCore.A, C:\Users\Anna\AppData\Local\Temp\nswDC6C.tmp, In Quarantäne, [a65aec14e61a5fa16836a3cb44bd936d],
PUP.FunMoods, C:\Users\Anna\Desktop\Oni\Sonstiges\agsetup183se.exe, In Quarantäne, [5ea2aa5610f07b85669ab25ea25f5fa1],
PUP.Optional.Softonic.A, C:\Users\Anna\Desktop\Oni\Sonstiges\SoftonicDownloader_fuer_audacity.exe, In Quarantäne, [ac54de2267990ef2d380bd60728f8d73],
PUP.Optional.Softonic.A, C:\Users\Anna\Desktop\Oni\Sonstiges\SoftonicDownloader_fuer_free-rar-extract-frog.exe, In Quarantäne, [6c949f61fa063dc378db081503fee020],
PUP.Optional.SoftonicTB.A, C:\Users\Anna\Desktop\Oni\Sonstiges\Softonic_ggl_1.5.21.0.exe, In Quarantäne, [659b33cdaf51867abdc85024ac557090],

Physische Sektoren: 0
(No malicious items detected)


(end)

AdwCleaner Logfile:
Code:
# AdwCleaner v3.206 - Bericht erstellt am 04/05/2014 um 16:56:46
# Aktualisiert 04/05/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Anna - ANNA-PC
# Gestartet von : C:\Users\Anna\Desktop\adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\Systweak
Ordner Gelöscht : C:\Program Files (x86)\Common Files\DVDVideoSoft\TB
Ordner Gelöscht : C:\Users\Anna\.android
Ordner Gelöscht : C:\Users\Anna\AppData\Local\Mobogenie
Ordner Gelöscht : C:\Users\Anna\AppData\Roaming\Systweak
Ordner Gelöscht : D:\EigeneDateien\Documents\Mobogenie
Ordner Gelöscht : C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\bu3hi8sj.default\ICQToolbarData
Datei Gelöscht : C:\Users\Anna\daemonprocess.txt
Datei Gelöscht : C:\Users\Anna\Desktop\Continue VuuPC Installation.lnk
Datei Gelöscht : C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\bu3hi8sj.default\searchplugins\bingp.xml
Datei Gelöscht : C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\bu3hi8sj.default\user.js
Datei Gelöscht : C:\Windows\System32\Tasks\Advanced System Protector_startup
Datei Gelöscht : C:\Windows\System32\Tasks\Scheduled Update for Ask Toolbar

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\ICQ\ICQToolBar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\WLXQuickTimeShellExt.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\FreeRIP3_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\FreeRIP3_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Mobogenie_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Mobogenie_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SearchProtectINT_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SearchProtectINT_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\softonic_ggl_1_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\softonic_ggl_1_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\systweakasp_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\systweakasp_rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_audacity_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_audacity_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_free-rar-extract-frog_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_free-rar-extract-frog_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_picasa_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_picasa_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Schlüssel Gelöscht : HKCU\Software\ICQ\ICQToolbar
Schlüssel Gelöscht : HKCU\Software\MGShareware
Schlüssel Gelöscht : HKCU\Software\systweak
Schlüssel Gelöscht : HKLM\Software\ICQ\ICQToolbar
Schlüssel Gelöscht : HKLM\Software\MGShareware
Schlüssel Gelöscht : HKLM\Software\systweak

***** [ Browser ] *****

-\\ Internet Explorer v0.0.0.0


-\\ Mozilla Firefox v17.0 (de)

[ Datei : C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\bu3hi8sj.default\prefs.js ]

Zeile gelöscht : user_pref("icqtoolbar.allowSendURL", false);
Zeile gelöscht : user_pref("icqtoolbar.defSearchChange", true);
Zeile gelöscht : user_pref("icqtoolbar.engineVerified", true);
Zeile gelöscht : user_pref("icqtoolbar.geolastmodified", 1347972452);
Zeile gelöscht : user_pref("icqtoolbar.hiddenElements", "itb_options");
Zeile gelöscht : user_pref("icqtoolbar.history", "prophezeihen||%D0%BA%D0%B0%D1%80%D1%82%D0%B0%20%D1%83%D0%BA%D1%80%D0%B0%D0%B8%D0%BD%D1%8B||indoorpark||cache%3AlqWFmHI6QwEJ%3Awww.potrebitel.net.ua%2Fnode%2F1255%20%D0[...]
Zeile gelöscht : user_pref("icqtoolbar.hpChange", true);
Zeile gelöscht : user_pref("icqtoolbar.icqgeo", 49);
Zeile gelöscht : user_pref("icqtoolbar.installTime", "1313778350");
Zeile gelöscht : user_pref("icqtoolbar.newtab_state", "1");
Zeile gelöscht : user_pref("icqtoolbar.numberOfSearches", 0);
Zeile gelöscht : user_pref("icqtoolbar.previousFFVersion", "6.0.1");
Zeile gelöscht : user_pref("icqtoolbar.skip_default_search", "no");
Zeile gelöscht : user_pref("icqtoolbar.suggestions", false);
Zeile gelöscht : user_pref("icqtoolbar.uniqueID", "130510310813051031081305109060535");
Zeile gelöscht : user_pref("icqtoolbar.usageStatstTimestamp", 1348427033);
Zeile gelöscht : user_pref("icqtoolbar.userEngineApproved", true);
Zeile gelöscht : user_pref("icqtoolbar.userHpApproved", true);
Zeile gelöscht : user_pref("icqtoolbar.version", "1.3.1");
Zeile gelöscht : user_pref("icqtoolbar.voucherHideClicks", 0);
Zeile gelöscht : user_pref("icqtoolbar.voucherMoreLinkClicks", 0);
Zeile gelöscht : user_pref("icqtoolbar.voucherRedeemClicks", 0);
Zeile gelöscht : user_pref("icqtoolbar.voucherWasShown", 0);
Zeile gelöscht : user_pref("icqtoolbar.xmlEnableHomePageDsGuard", false);
Zeile gelöscht : user_pref("icqtoolbar.xmlEnableSuggestions", false);
Zeile gelöscht : user_pref("icqtoolbar.xmlLanguage", "de");

*************************

AdwCleaner[R0].txt - [7272 octets] - [04/05/2014 16:51:15]
AdwCleaner[R1].txt - [7332 octets] - [04/05/2014 16:54:28]
AdwCleaner[S0].txt - [7083 octets] - [04/05/2014 16:56:46]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [7143 octets] ##########
--- --- ---JRT Logfile:
Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by Anna on 04.05.2014 at 17:01:39,40
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\apnstub_RASDLG
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{16E9CF08-52AE-422B-90B4-FA4C7303C0C5}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{4EFD4B31-56CE-4028-9FC4-48069D294C08}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{A897A806-DB8B-47C5-BB31-E674E7484DE6}



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\Anna\AppData\Roaming\mozilla\firefox\profiles\bu3hi8sj.default\minidumps [558 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 04.05.2014 at 17:06:09,75
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
--- --- ---



FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-05-2014
Ran by Anna (administrator) on ANNA-PC on 04-05-2014 17:07:51
Running from C:\Users\Anna\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: Downloading Farbar Recovery Scan Tool
Download link for 64-Bit Version: Downloading Farbar Recovery Scan Tool
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\System32\atiesrxx.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
() C:\OEM\USBDECTION\USBS3S4Detection.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Logitech Inc.) C:\Program Files (x86)\Logitech\Vid HD\Vid.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
() C:\Program Files (x86)\Packard Bell\Hotkey Utility\HotkeyUtility.exe
(shbox.de) C:\Program Files (x86)\FreePDF_XP\fpassist.exe
(Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
() C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
() C:\Program Files (x86)\Common Files\logishrd\LQCVFX\COCIManager.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [IAAnotif] => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-10-13] (Intel Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Hotkey Utility] => C:\Program Files (x86)\Packard Bell\Hotkey Utility\HotkeyUtility.exe [611872 2010-08-04] ()
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-01-13] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [FreePDF Assistant] => C:\Program Files (x86)\FreePDF_XP\fpassist.exe [370176 2010-06-17] (shbox.de)
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [190808 2011-03-01] (Logitech Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-20] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2691480 2014-03-21] (Adobe Systems Incorporated)
HKU\S-1-5-21-3536708093-2688288980-3666440286-1000\...\Run: [Global Registration] => "C:\Program Files (x86)\Packard Bell\Registration\GREG.exe" /boot
HKU\S-1-5-21-3536708093-2688288980-3666440286-1000\...\Run: [Logitech Vid] => C:\Program Files (x86)\Logitech\Vid HD\Vid.exe [6129496 2011-01-13] (Logitech Inc.)
HKU\S-1-5-21-3536708093-2688288980-3666440286-1000\...\MountPoints2: {c24d3bbe-cb5b-11e2-9a08-d027881769da} - J:\Startme.exe
HKU\S-1-5-21-3536708093-2688288980-3666440286-1000\...\MountPoints2: {dee0fcbf-b42f-11e3-a7e8-d027881769da} - J:\Startme.exe
AppInit_DLLs-x32: C:\PROGRA~2\Citrix\ICACLI~1\RSHook.dll => C:\Program Files (x86)\Citrix\ICA Client\RSHook.dll [257208 2012-07-27] (Citrix Systems, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = MSN Deutschland: Aktuelle Nachrichten, Outlook.com Email und Skype Login.
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN Deutschland: Aktuelle Nachrichten, Outlook.com Email und Skype Login.
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Upgrade to Google Chrome
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Upgrade to Google Chrome
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN Deutschland: Aktuelle Nachrichten, Outlook.com Email und Skype Login.
URLSearchHook: HKLM-x32 - Default Value = {855F3B16-6D32-4fe6-8A56-BBB695989046}
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {0A1ED960-4D49-45C7-9477-2D710592B658} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=386496&p={searchTerms}
SearchScopes: HKCU - {6A1806CD-94D4-4689 URL = hxxp://search.chatzum.com/?q={searchTerms}
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll No File
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll No File
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll No File
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll No File
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll No File
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll No File
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll No File
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll No File
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll No File
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll No File
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll No File
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll No File
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll No File
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll No File
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll No File
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll No File
Tcpip\..\Interfaces\{8F1F1139-F24B-4778-821F-71319443B5F6}: [NameServer]62.220.18.8 89.246.64.8

FireFox:
========
FF ProfilePath: C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\bu3hi8sj.default
FF DefaultSearchEngine: Bing
FF SearchEngineOrder.3: Bing
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.google.de/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_206.dll ()
FF Plugin: @java.com/DTPlugin,version=10.10.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect_x86_64 - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_206.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Citrix.com/npican - C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll No File
FF Plugin-x32: @java.com/DTPlugin,version=10.10.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.10.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=1.1.9 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Anna\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101721.dll (Amazon.com, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\bu3hi8sj.default\searchplugins\icq-search.xml
FF SearchPlugin: C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\bu3hi8sj.default\searchplugins\search-results.xml
FF SearchPlugin: C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\bu3hi8sj.default\searchplugins\searchplugins-backup
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
FF Extension: Feedback - C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\bu3hi8sj.default\Extensions\testpilot@labs.mozilla.com.xpi [2012-10-29]
FF Extension: Adblock Plus - C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\bu3hi8sj.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-04-20]

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation)
R2 USBS3S4Detection; C:\OEM\USBDECTION\USBS3S4Detection.exe [76320 2009-12-09] ()

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2014-01-07] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2014-01-07] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-12-16] (Avira Operations GmbH & Co. KG)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-04-03] (Malwarebytes Corporation)
R1 {59981518-8b2b-431e-90db-17dacc8cfa86}w64; C:\Windows\System32\drivers\{59981518-8b2b-431e-90db-17dacc8cfa86}w64.sys [61112 2014-04-24] (StdLib)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-04 17:06 - 2014-05-04 17:06 - 00001438 _____ () C:\Users\Anna\Desktop\JRT.txt
2014-05-04 17:01 - 2014-05-04 17:01 - 01016261 _____ (Thisisu) C:\Users\Anna\Desktop\JRT.exe
2014-05-04 17:01 - 2014-05-04 17:01 - 00000000 ____D () C:\Windows\ERUNT
2014-05-04 16:51 - 2014-05-04 16:56 - 00000000 ____D () C:\AdwCleaner
2014-05-04 16:50 - 2014-05-04 16:50 - 01313617 _____ () C:\Users\Anna\Desktop\adwcleaner.exe
2014-05-04 16:48 - 2014-05-04 16:48 - 00002760 _____ () C:\Users\Anna\Desktop\mbam.txt
2014-05-04 16:19 - 2014-05-04 16:19 - 00001078 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-04 16:19 - 2014-05-04 16:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-04 16:19 - 2014-05-04 16:19 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-04 16:19 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-04 16:19 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-04 16:19 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-04 16:18 - 2014-05-04 16:19 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Anna\Desktop\mbam-setup-2.0.1.1004.exe
2014-05-04 16:10 - 2014-05-04 16:10 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Anna\Desktop\revosetup95.exe
2014-05-04 16:10 - 2014-05-04 16:10 - 00001240 _____ () C:\Users\Anna\Desktop\Revo Uninstaller.lnk
2014-05-04 16:10 - 2014-05-04 16:10 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-05-03 17:13 - 2014-05-03 17:15 - 00043868 _____ () C:\Users\Anna\Desktop\Addition.txt
2014-05-03 17:12 - 2014-05-04 17:07 - 00015858 _____ () C:\Users\Anna\Desktop\FRST.txt
2014-05-03 17:12 - 2014-05-04 17:07 - 00000000 ____D () C:\FRST
2014-05-03 17:12 - 2014-05-03 17:12 - 02062336 _____ (Farbar) C:\Users\Anna\Desktop\FRST64.exe
2014-05-02 12:11 - 2014-05-02 19:00 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-05-01 21:22 - 2014-05-04 16:59 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-01 01:08 - 2014-05-01 01:08 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-04-30 08:24 - 2014-04-14 04:24 - 00465408 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-04-30 08:24 - 2014-04-14 04:19 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-04-26 17:40 - 2014-04-26 17:40 - 00003152 _____ () C:\Windows\System32\Tasks\{48537833-5B03-4D3A-A1B7-A9B1072DC491}
2014-04-26 17:37 - 2014-04-26 17:37 - 00000000 ____D () C:\ProgramData\regid.1986-12.com.adobe
2014-04-25 17:11 - 2014-04-25 17:11 - 00001200 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Dreamweaver CC.lnk
2014-04-25 16:59 - 2014-04-25 16:59 - 00001285 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk
2014-04-25 16:58 - 2014-04-25 16:59 - 00000000 ____D () C:\ProgramData\Package Cache
2014-04-25 16:45 - 2014-04-24 12:23 - 00061112 _____ (StdLib) C:\Windows\system32\Drivers\{59981518-8b2b-431e-90db-17dacc8cfa86}w64.sys
2014-04-09 14:43 - 2014-04-09 14:43 - 00001021 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\WinZip.lnk
2014-04-09 14:43 - 2014-04-09 14:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
2014-04-09 14:42 - 2014-04-09 14:42 - 00000000 ____D () C:\Program Files (x86)\WinZip
2014-04-09 10:24 - 2014-03-04 11:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-04-09 10:24 - 2014-03-04 11:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2014-04-09 10:24 - 2014-03-04 11:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2014-04-09 10:24 - 2014-03-04 11:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2014-04-09 10:24 - 2014-03-04 11:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2014-04-09 10:24 - 2014-03-04 11:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2014-04-09 10:24 - 2014-03-04 11:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-04-09 10:24 - 2014-03-04 11:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2014-04-09 10:24 - 2014-03-04 11:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2014-04-09 10:24 - 2014-03-04 10:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2014-04-09 10:24 - 2014-03-04 10:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2014-04-09 10:24 - 2014-02-04 04:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2014-04-09 10:24 - 2014-02-04 04:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-04-09 10:24 - 2014-02-04 04:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2014-04-09 10:24 - 2014-02-04 04:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
2014-04-09 10:24 - 2014-02-04 04:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll
2014-04-09 10:24 - 2014-01-24 04:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-04-06 12:00 - 2014-04-06 12:00 - 00061112 _____ (StdLib) C:\Windows\system32\Drivers\wStLibG64.sys
2014-04-06 10:34 - 2013-07-20 12:33 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2014-04-06 10:34 - 2013-07-20 12:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2014-04-06 10:30 - 2014-04-06 10:30 - 00000000 ____D () C:\Users\Anna\AppData\Local\Spoon
2014-04-06 10:28 - 2014-04-06 10:28 - 00000000 ____D () C:\Windows\SysWOW64\XPSViewer
2014-04-06 10:28 - 2014-04-06 10:28 - 00000000 ____D () C:\Program Files\Reference Assemblies
2014-04-06 10:28 - 2014-04-06 10:28 - 00000000 ____D () C:\Program Files\MSBuild
2014-04-06 10:28 - 2014-04-06 10:28 - 00000000 ____D () C:\Program Files (x86)\Reference Assemblies
2014-04-06 10:28 - 2014-04-06 10:28 - 00000000 ____D () C:\Program Files (x86)\MSBuild
2014-04-06 10:28 - 2012-07-25 12:03 - 00016896 _____ () C:\Windows\system32\sasnative64.exe
2014-04-06 10:27 - 2014-04-26 17:51 - 00000000 ____D () C:\Program Files (x86)\Jotzey
2014-04-06 10:27 - 2014-04-17 11:11 - 00000000 ____D () C:\Users\Anna\AppData\Local\cache
2014-04-06 10:27 - 2014-04-06 10:27 - 00000000 ____D () C:\Users\Anna\AppData\Roaming\Free Picture Solutions
2014-04-06 10:26 - 2014-04-06 10:28 - 00131072 _____ () C:\Windows\ocsetup_install_NetFx3.etl
2014-04-06 10:26 - 2014-04-06 10:28 - 00057157 _____ () C:\Windows\ocsetup_cbs_install_NetFx3.txt
2014-04-06 10:24 - 2014-04-06 10:24 - 00930952 _____ (CNET Download.com) C:\Users\Anna\cbsidlm-cbsi183-Free_XPS_Viewer-ORG-75999367.exe

==================== One Month Modified Files and Folders =======

2014-05-04 17:08 - 2014-05-03 17:12 - 00015858 _____ () C:\Users\Anna\Desktop\FRST.txt
2014-05-04 17:07 - 2014-05-03 17:12 - 00000000 ____D () C:\FRST
2014-05-04 17:06 - 2014-05-04 17:06 - 00001438 _____ () C:\Users\Anna\Desktop\JRT.txt
2014-05-04 17:05 - 2009-07-14 06:45 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-04 17:05 - 2009-07-14 06:45 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-04 17:02 - 2010-10-11 04:00 - 00699670 _____ () C:\Windows\system32\perfh007.dat
2014-05-04 17:02 - 2010-10-11 04:00 - 00149810 _____ () C:\Windows\system32\perfc007.dat
2014-05-04 17:02 - 2009-07-14 07:13 - 01621684 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-04 17:01 - 2014-05-04 17:01 - 01016261 _____ (Thisisu) C:\Users\Anna\Desktop\JRT.exe
2014-05-04 17:01 - 2014-05-04 17:01 - 00000000 ____D () C:\Windows\ERUNT
2014-05-04 16:59 - 2014-05-01 21:22 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-04 16:58 - 2011-05-11 10:17 - 00000000 ____D () C:\Users\Anna\AppData\Local\Adobe
2014-05-04 16:57 - 2013-01-20 12:00 - 00116363 _____ () C:\Windows\setupact.log
2014-05-04 16:57 - 2013-01-20 11:59 - 00295748 _____ () C:\Windows\PFRO.log
2014-05-04 16:57 - 2010-10-15 16:52 - 01317897 _____ () C:\Windows\WindowsUpdate.log
2014-05-04 16:57 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-04 16:56 - 2014-05-04 16:51 - 00000000 ____D () C:\AdwCleaner
2014-05-04 16:56 - 2011-05-11 10:03 - 00000000 ____D () C:\Users\Anna
2014-05-04 16:50 - 2014-05-04 16:50 - 01313617 _____ () C:\Users\Anna\Desktop\adwcleaner.exe
2014-05-04 16:48 - 2014-05-04 16:48 - 00002760 _____ () C:\Users\Anna\Desktop\mbam.txt
2014-05-04 16:19 - 2014-05-04 16:19 - 00001078 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-04 16:19 - 2014-05-04 16:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-04 16:19 - 2014-05-04 16:19 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-04 16:19 - 2014-05-04 16:18 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Anna\Desktop\mbam-setup-2.0.1.1004.exe
2014-05-04 16:10 - 2014-05-04 16:10 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Anna\Desktop\revosetup95.exe
2014-05-04 16:10 - 2014-05-04 16:10 - 00001240 _____ () C:\Users\Anna\Desktop\Revo Uninstaller.lnk
2014-05-04 16:10 - 2014-05-04 16:10 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-05-04 16:09 - 2012-11-04 20:18 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-04 15:09 - 2014-02-20 12:12 - 00000000 ____D () C:\Users\Anna\Desktop\MASTERARBEIT
2014-05-03 17:15 - 2014-05-03 17:13 - 00043868 _____ () C:\Users\Anna\Desktop\Addition.txt
2014-05-03 17:12 - 2014-05-03 17:12 - 02062336 _____ (Farbar) C:\Users\Anna\Desktop\FRST64.exe
2014-05-03 17:09 - 2012-10-27 14:49 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-05-03 01:42 - 2011-05-11 12:05 - 00000000 ____D () C:\Users\Anna\AppData\Roaming\Skype
2014-05-02 19:00 - 2014-05-02 12:11 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-05-01 21:21 - 2012-12-25 18:39 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-01 01:08 - 2014-05-01 01:08 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-04-29 19:59 - 2011-07-02 10:06 - 00000000 ____D () C:\Users\Anna\AppData\Local\FreePDF_XP
2014-04-29 13:14 - 2012-11-04 20:18 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-04-29 13:13 - 2012-11-04 20:18 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-04-29 13:13 - 2011-12-05 21:12 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-04-26 17:53 - 2011-05-11 10:03 - 00087448 _____ () C:\Users\Anna\AppData\Local\GDIPFONTCACHEV1.DAT
2014-04-26 17:52 - 2009-07-14 06:45 - 00350672 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-04-26 17:51 - 2014-04-06 10:27 - 00000000 ____D () C:\Program Files (x86)\Jotzey
2014-04-26 17:43 - 2012-10-07 21:41 - 00000000 ____D () C:\Users\Anna\AppData\Local\Google
2014-04-26 17:43 - 2012-10-07 21:41 - 00000000 ____D () C:\Program Files (x86)\Google
2014-04-26 17:42 - 2013-01-04 19:04 - 00000000 ____D () C:\ProgramData\B+P Heyer
2014-04-26 17:41 - 2011-05-11 10:04 - 00000000 ___RD () C:\Users\Anna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-04-26 17:40 - 2014-04-26 17:40 - 00003152 _____ () C:\Windows\System32\Tasks\{48537833-5B03-4D3A-A1B7-A9B1072DC491}
2014-04-26 17:37 - 2014-04-26 17:37 - 00000000 ____D () C:\ProgramData\regid.1986-12.com.adobe
2014-04-26 17:37 - 2013-01-19 20:21 - 00000000 ____D () C:\Program Files\CCleaner
2014-04-26 17:37 - 2011-05-11 10:17 - 00000000 ____D () C:\Users\Anna\AppData\Roaming\Adobe
2014-04-26 17:30 - 2009-07-14 04:34 - 00000505 _____ () C:\Windows\win.ini
2014-04-25 17:16 - 2010-08-25 13:58 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-04-25 17:12 - 2010-08-25 13:58 - 00000000 ____D () C:\ProgramData\Adobe
2014-04-25 17:11 - 2014-04-25 17:11 - 00001200 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Dreamweaver CC.lnk
2014-04-25 16:59 - 2014-04-25 16:59 - 00001285 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk
2014-04-25 16:59 - 2014-04-25 16:58 - 00000000 ____D () C:\ProgramData\Package Cache
2014-04-25 16:45 - 2014-04-01 16:38 - 00000000 ____D () C:\ik
2014-04-24 15:36 - 2011-05-11 12:12 - 00000000 ____D () C:\Users\Anna\Desktop\Fotos
2014-04-24 15:35 - 2014-02-25 19:37 - 00000000 ____D () C:\Users\Anna\Desktop\BESTELLUNG
2014-04-24 12:23 - 2014-04-25 16:45 - 00061112 _____ (StdLib) C:\Windows\system32\Drivers\{59981518-8b2b-431e-90db-17dacc8cfa86}w64.sys
2014-04-22 01:05 - 2014-03-06 22:09 - 00000000 ____D () C:\Users\Anna\Desktop\Барахло 2
2014-04-17 11:11 - 2014-04-06 10:27 - 00000000 ____D () C:\Users\Anna\AppData\Local\cache
2014-04-14 04:24 - 2014-04-30 08:24 - 00465408 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-04-14 04:19 - 2014-04-30 08:24 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-04-09 22:38 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-04-09 15:24 - 2009-07-14 05:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
2014-04-09 14:43 - 2014-04-09 14:43 - 00001021 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\WinZip.lnk
2014-04-09 14:43 - 2014-04-09 14:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
2014-04-09 14:42 - 2014-04-09 14:42 - 00000000 ____D () C:\Program Files (x86)\WinZip
2014-04-09 10:28 - 2013-07-14 22:48 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-09 10:28 - 2011-05-11 10:29 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-04-09 10:27 - 2013-01-02 15:27 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-04-07 20:47 - 2012-10-29 20:06 - 00000000 ____D () C:\Program Files (x86)\Citrix
2014-04-06 12:00 - 2014-04-06 12:00 - 00061112 _____ (StdLib) C:\Windows\system32\Drivers\wStLibG64.sys
2014-04-06 11:47 - 2011-05-11 12:15 - 00000000 ____D () C:\Users\Anna\Desktop\Oni
2014-04-06 10:30 - 2014-04-06 10:30 - 00000000 ____D () C:\Users\Anna\AppData\Local\Spoon
2014-04-06 10:28 - 2014-04-06 10:28 - 00000000 ____D () C:\Windows\SysWOW64\XPSViewer
2014-04-06 10:28 - 2014-04-06 10:28 - 00000000 ____D () C:\Program Files\Reference Assemblies
2014-04-06 10:28 - 2014-04-06 10:28 - 00000000 ____D () C:\Program Files\MSBuild
2014-04-06 10:28 - 2014-04-06 10:28 - 00000000 ____D () C:\Program Files (x86)\Reference Assemblies
2014-04-06 10:28 - 2014-04-06 10:28 - 00000000 ____D () C:\Program Files (x86)\MSBuild
2014-04-06 10:28 - 2014-04-06 10:26 - 00131072 _____ () C:\Windows\ocsetup_install_NetFx3.etl
2014-04-06 10:28 - 2014-04-06 10:26 - 00057157 _____ () C:\Windows\ocsetup_cbs_install_NetFx3.txt
2014-04-06 10:27 - 2014-04-06 10:27 - 00000000 ____D () C:\Users\Anna\AppData\Roaming\Free Picture Solutions
2014-04-06 10:24 - 2014-04-06 10:24 - 00930952 _____ (CNET Download.com) C:\Users\Anna\cbsidlm-cbsi183-Free_XPS_Viewer-ORG-75999367.exe
2014-04-04 09:35 - 2009-07-14 07:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT

Files to move or delete:
====================
C:\Users\Anna\ALDI NORD Bestellsoftware Setup.exe
C:\Users\Anna\AmazonMP3DownloaderInstall.exe
C:\Users\Anna\cbsidlm-cbsi183-Free_XPS_Viewer-ORG-75999367.exe
C:\Users\Anna\CitrixReceiverWeb.exe


Some content of TEMP:
====================
C:\Users\Anna\AppData\Local\Temp\avgnt.exe
C:\Users\Anna\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-04-29 19:37

==================== End Of Log ============================
--- --- ---

--- --- ---

schrauber 05.05.2014 11:57

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)

Tatjana301 05.05.2014 20:33
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=d8377b33eac99346a1282dde14a2f879
# engine=18144
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-05-05 07:25:27
# local_time=2014-05-05 09:25:27 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 96 479227 264741217 520187 0
# compatibility_mode=5893 16776574 100 94 25831886 150947777 0 0
# scanned=229583
# found=0
# cleaned=0
# scan_time=3131

Results of screen317's Security Check version 0.99.82
Windows 7 Service Pack 1 x64 (UAC is enabled)
``````````````Antivirus/Firewall Check:``````````````
Avira Desktop
Antivirus out of date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
Java 7 Update 10
Java version out of Date!
Adobe Flash Player 13.0.0.206
Adobe Reader XI
Mozilla Firefox 17.0 Firefox out of Date!
Mozilla Thunderbird (24.5.0)
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbam.exe
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````


FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-05-2014 02
Ran by Anna (administrator) on ANNA-PC on 05-05-2014 21:32:51
Running from C:\Users\Anna\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: Downloading Farbar Recovery Scan Tool
Download link for 64-Bit Version: Downloading Farbar Recovery Scan Tool
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\System32\atiesrxx.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
() C:\OEM\USBDECTION\USBS3S4Detection.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Logitech Inc.) C:\Program Files (x86)\Logitech\Vid HD\Vid.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
() C:\Program Files (x86)\Packard Bell\Hotkey Utility\HotkeyUtility.exe
(shbox.de) C:\Program Files (x86)\FreePDF_XP\fpassist.exe
(Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
() C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
() C:\Program Files (x86)\Common Files\logishrd\LQCVFX\COCIManager.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [IAAnotif] => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-10-13] (Intel Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Hotkey Utility] => C:\Program Files (x86)\Packard Bell\Hotkey Utility\HotkeyUtility.exe [611872 2010-08-04] ()
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-01-13] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [FreePDF Assistant] => C:\Program Files (x86)\FreePDF_XP\fpassist.exe [370176 2010-06-17] (shbox.de)
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [190808 2011-03-01] (Logitech Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-20] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2691480 2014-03-21] (Adobe Systems Incorporated)
HKU\S-1-5-21-3536708093-2688288980-3666440286-1000\...\Run: [Global Registration] => "C:\Program Files (x86)\Packard Bell\Registration\GREG.exe" /boot
HKU\S-1-5-21-3536708093-2688288980-3666440286-1000\...\Run: [Logitech Vid] => C:\Program Files (x86)\Logitech\Vid HD\Vid.exe [6129496 2011-01-13] (Logitech Inc.)
HKU\S-1-5-21-3536708093-2688288980-3666440286-1000\...\MountPoints2: {c24d3bbe-cb5b-11e2-9a08-d027881769da} - J:\Startme.exe
HKU\S-1-5-21-3536708093-2688288980-3666440286-1000\...\MountPoints2: {dee0fcbf-b42f-11e3-a7e8-d027881769da} - J:\Startme.exe
HKU\S-1-5-21-3536708093-2688288980-3666440286-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Global Registration] => "C:\Program Files (x86)\Packard Bell\Registration\GREG.exe" /boot
HKU\S-1-5-21-3536708093-2688288980-3666440286-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Logitech Vid] => C:\Program Files (x86)\Logitech\Vid HD\Vid.exe [6129496 2011-01-13] (Logitech Inc.)
HKU\S-1-5-21-3536708093-2688288980-3666440286-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {c24d3bbe-cb5b-11e2-9a08-d027881769da} - J:\Startme.exe
HKU\S-1-5-21-3536708093-2688288980-3666440286-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {dee0fcbf-b42f-11e3-a7e8-d027881769da} - J:\Startme.exe
AppInit_DLLs-x32: C:\PROGRA~2\Citrix\ICACLI~1\RSHook.dll => C:\Program Files (x86)\Citrix\ICA Client\RSHook.dll [257208 2012-07-27] (Citrix Systems, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = MSN Deutschland: Aktuelle Nachrichten, Outlook.com Email und Skype Login.
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN Deutschland: Aktuelle Nachrichten, Outlook.com Email und Skype Login.
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Upgrade to Google Chrome
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Upgrade to Google Chrome
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN Deutschland: Aktuelle Nachrichten, Outlook.com Email und Skype Login.
URLSearchHook: HKLM-x32 - Default Value = {855F3B16-6D32-4fe6-8A56-BBB695989046}
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {0A1ED960-4D49-45C7-9477-2D710592B658} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=386496&p={searchTerms}
SearchScopes: HKCU - {6A1806CD-94D4-4689 URL = hxxp://search.chatzum.com/?q={searchTerms}
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll No File
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll No File
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll No File
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll No File
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll No File
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll No File
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll No File
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll No File
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll No File
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll No File
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll No File
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll No File
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll No File
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll No File
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll No File
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll No File
Tcpip\..\Interfaces\{8F1F1139-F24B-4778-821F-71319443B5F6}: [NameServer]62.220.18.8 89.246.64.8

FireFox:
========
FF ProfilePath: C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\bu3hi8sj.default
FF DefaultSearchEngine: Bing
FF SearchEngineOrder.3: Bing
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.google.de/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_206.dll ()
FF Plugin: @java.com/DTPlugin,version=10.10.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect_x86_64 - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_206.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Citrix.com/npican - C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll No File
FF Plugin-x32: @java.com/DTPlugin,version=10.10.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.10.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=1.1.9 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Anna\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101721.dll (Amazon.com, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\bu3hi8sj.default\searchplugins\icq-search.xml
FF SearchPlugin: C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\bu3hi8sj.default\searchplugins\search-results.xml
FF SearchPlugin: C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\bu3hi8sj.default\searchplugins\searchplugins-backup
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
FF Extension: Feedback - C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\bu3hi8sj.default\Extensions\testpilot@labs.mozilla.com.xpi [2012-10-29]
FF Extension: Adblock Plus - C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\bu3hi8sj.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-04-20]

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation)
R2 USBS3S4Detection; C:\OEM\USBDECTION\USBS3S4Detection.exe [76320 2009-12-09] ()

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2014-01-07] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2014-01-07] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-12-16] (Avira Operations GmbH & Co. KG)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-04-03] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-05-05] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63192 2014-04-03] (Malwarebytes Corporation)
R1 {59981518-8b2b-431e-90db-17dacc8cfa86}w64; C:\Windows\System32\drivers\{59981518-8b2b-431e-90db-17dacc8cfa86}w64.sys [61112 2014-04-24] (StdLib)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-05 21:32 - 2014-05-05 21:32 - 00017087 _____ () C:\Users\Anna\Desktop\FRST.txt
2014-05-05 21:30 - 2014-05-05 21:30 - 00855379 _____ () C:\Users\Anna\Desktop\SecurityCheck.exe
2014-05-05 20:30 - 2014-05-05 20:30 - 02347384 _____ (ESET) C:\Users\Anna\Desktop\esetsmartinstaller_deu.exe
2014-05-04 17:09 - 2014-05-05 21:32 - 00000000 ____D () C:\Users\Anna\Desktop\Virus-Entfernung
2014-05-04 17:01 - 2014-05-04 17:01 - 00000000 ____D () C:\Windows\ERUNT
2014-05-04 16:51 - 2014-05-04 16:56 - 00000000 ____D () C:\AdwCleaner
2014-05-04 16:19 - 2014-05-04 16:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-04 16:19 - 2014-05-04 16:19 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-04 16:19 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-04 16:19 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-04 16:19 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-04 16:10 - 2014-05-04 16:10 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-05-03 17:12 - 2014-05-05 21:32 - 02063872 _____ (Farbar) C:\Users\Anna\Desktop\FRST64.exe
2014-05-03 17:12 - 2014-05-05 21:32 - 00000000 ____D () C:\FRST
2014-05-02 12:11 - 2014-05-02 19:00 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-05-01 21:22 - 2014-05-05 19:59 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-01 01:08 - 2014-05-01 01:08 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-04-30 08:24 - 2014-04-14 04:24 - 00465408 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-04-30 08:24 - 2014-04-14 04:19 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-04-26 17:40 - 2014-04-26 17:40 - 00003152 _____ () C:\Windows\System32\Tasks\{48537833-5B03-4D3A-A1B7-A9B1072DC491}
2014-04-26 17:37 - 2014-04-26 17:37 - 00000000 ____D () C:\ProgramData\regid.1986-12.com.adobe
2014-04-25 17:11 - 2014-04-25 17:11 - 00001200 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Dreamweaver CC.lnk
2014-04-25 16:59 - 2014-04-25 16:59 - 00001285 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk
2014-04-25 16:58 - 2014-04-25 16:59 - 00000000 ____D () C:\ProgramData\Package Cache
2014-04-25 16:45 - 2014-04-24 12:23 - 00061112 _____ (StdLib) C:\Windows\system32\Drivers\{59981518-8b2b-431e-90db-17dacc8cfa86}w64.sys
2014-04-09 14:43 - 2014-04-09 14:43 - 00001021 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\WinZip.lnk
2014-04-09 14:43 - 2014-04-09 14:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
2014-04-09 14:42 - 2014-04-09 14:42 - 00000000 ____D () C:\Program Files (x86)\WinZip
2014-04-09 10:24 - 2014-03-04 11:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-04-09 10:24 - 2014-03-04 11:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2014-04-09 10:24 - 2014-03-04 11:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2014-04-09 10:24 - 2014-03-04 11:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2014-04-09 10:24 - 2014-03-04 11:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2014-04-09 10:24 - 2014-03-04 11:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2014-04-09 10:24 - 2014-03-04 11:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-04-09 10:24 - 2014-03-04 11:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2014-04-09 10:24 - 2014-03-04 11:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2014-04-09 10:24 - 2014-03-04 10:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2014-04-09 10:24 - 2014-03-04 10:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2014-04-09 10:24 - 2014-02-04 04:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2014-04-09 10:24 - 2014-02-04 04:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-04-09 10:24 - 2014-02-04 04:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2014-04-09 10:24 - 2014-02-04 04:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
2014-04-09 10:24 - 2014-02-04 04:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll
2014-04-09 10:24 - 2014-01-24 04:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-04-06 12:00 - 2014-04-06 12:00 - 00061112 _____ (StdLib) C:\Windows\system32\Drivers\wStLibG64.sys
2014-04-06 10:34 - 2013-07-20 12:33 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2014-04-06 10:34 - 2013-07-20 12:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2014-04-06 10:30 - 2014-04-06 10:30 - 00000000 ____D () C:\Users\Anna\AppData\Local\Spoon
2014-04-06 10:28 - 2014-04-06 10:28 - 00000000 ____D () C:\Windows\SysWOW64\XPSViewer
2014-04-06 10:28 - 2014-04-06 10:28 - 00000000 ____D () C:\Program Files\Reference Assemblies
2014-04-06 10:28 - 2014-04-06 10:28 - 00000000 ____D () C:\Program Files\MSBuild
2014-04-06 10:28 - 2014-04-06 10:28 - 00000000 ____D () C:\Program Files (x86)\Reference Assemblies
2014-04-06 10:28 - 2014-04-06 10:28 - 00000000 ____D () C:\Program Files (x86)\MSBuild
2014-04-06 10:28 - 2012-07-25 12:03 - 00016896 _____ () C:\Windows\system32\sasnative64.exe
2014-04-06 10:27 - 2014-04-26 17:51 - 00000000 ____D () C:\Program Files (x86)\Jotzey
2014-04-06 10:27 - 2014-04-17 11:11 - 00000000 ____D () C:\Users\Anna\AppData\Local\cache
2014-04-06 10:27 - 2014-04-06 10:27 - 00000000 ____D () C:\Users\Anna\AppData\Roaming\Free Picture Solutions
2014-04-06 10:26 - 2014-04-06 10:28 - 00131072 _____ () C:\Windows\ocsetup_install_NetFx3.etl
2014-04-06 10:26 - 2014-04-06 10:28 - 00057157 _____ () C:\Windows\ocsetup_cbs_install_NetFx3.txt
2014-04-06 10:24 - 2014-04-06 10:24 - 00930952 _____ (CNET Download.com) C:\Users\Anna\cbsidlm-cbsi183-Free_XPS_Viewer-ORG-75999367.exe

==================== One Month Modified Files and Folders =======

2014-05-05 21:33 - 2014-05-05 21:32 - 00017087 _____ () C:\Users\Anna\Desktop\FRST.txt
2014-05-05 21:32 - 2014-05-04 17:09 - 00000000 ____D () C:\Users\Anna\Desktop\Virus-Entfernung
2014-05-05 21:32 - 2014-05-03 17:12 - 02063872 _____ (Farbar) C:\Users\Anna\Desktop\FRST64.exe
2014-05-05 21:32 - 2014-05-03 17:12 - 00000000 ____D () C:\FRST
2014-05-05 21:30 - 2014-05-05 21:30 - 00855379 _____ () C:\Users\Anna\Desktop\SecurityCheck.exe
2014-05-05 21:09 - 2012-11-04 20:18 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-05 20:32 - 2010-10-15 16:52 - 01336051 _____ () C:\Windows\WindowsUpdate.log
2014-05-05 20:30 - 2014-05-05 20:30 - 02347384 _____ (ESET) C:\Users\Anna\Desktop\esetsmartinstaller_deu.exe
2014-05-05 20:27 - 2010-10-11 04:00 - 00699670 _____ () C:\Windows\system32\perfh007.dat
2014-05-05 20:27 - 2010-10-11 04:00 - 00149810 _____ () C:\Windows\system32\perfc007.dat
2014-05-05 20:27 - 2009-07-14 07:13 - 01621684 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-05 19:59 - 2014-05-01 21:22 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-05 14:15 - 2009-07-14 06:45 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-05 14:15 - 2009-07-14 06:45 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-05 14:07 - 2013-01-20 12:00 - 00116587 _____ () C:\Windows\setupact.log
2014-05-05 14:07 - 2011-05-11 10:17 - 00000000 ____D () C:\Users\Anna\AppData\Local\Adobe
2014-05-05 14:07 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-05 00:59 - 2011-05-11 12:05 - 00000000 ____D () C:\Users\Anna\AppData\Roaming\Skype
2014-05-04 17:01 - 2014-05-04 17:01 - 00000000 ____D () C:\Windows\ERUNT
2014-05-04 16:57 - 2013-01-20 11:59 - 00295748 _____ () C:\Windows\PFRO.log
2014-05-04 16:56 - 2014-05-04 16:51 - 00000000 ____D () C:\AdwCleaner
2014-05-04 16:56 - 2011-05-11 10:03 - 00000000 ____D () C:\Users\Anna
2014-05-04 16:19 - 2014-05-04 16:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-04 16:19 - 2014-05-04 16:19 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-04 16:10 - 2014-05-04 16:10 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-05-04 15:09 - 2014-02-20 12:12 - 00000000 ____D () C:\Users\Anna\Desktop\MASTERARBEIT
2014-05-03 17:09 - 2012-10-27 14:49 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-05-02 19:00 - 2014-05-02 12:11 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-05-01 21:21 - 2012-12-25 18:39 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-01 01:08 - 2014-05-01 01:08 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-04-29 19:59 - 2011-07-02 10:06 - 00000000 ____D () C:\Users\Anna\AppData\Local\FreePDF_XP
2014-04-29 13:14 - 2012-11-04 20:18 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-04-29 13:13 - 2012-11-04 20:18 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-04-29 13:13 - 2011-12-05 21:12 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-04-26 17:53 - 2011-05-11 10:03 - 00087448 _____ () C:\Users\Anna\AppData\Local\GDIPFONTCACHEV1.DAT
2014-04-26 17:52 - 2009-07-14 06:45 - 00350672 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-04-26 17:51 - 2014-04-06 10:27 - 00000000 ____D () C:\Program Files (x86)\Jotzey
2014-04-26 17:43 - 2012-10-07 21:41 - 00000000 ____D () C:\Users\Anna\AppData\Local\Google
2014-04-26 17:43 - 2012-10-07 21:41 - 00000000 ____D () C:\Program Files (x86)\Google
2014-04-26 17:42 - 2013-01-04 19:04 - 00000000 ____D () C:\ProgramData\B+P Heyer
2014-04-26 17:41 - 2011-05-11 10:04 - 00000000 ___RD () C:\Users\Anna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-04-26 17:40 - 2014-04-26 17:40 - 00003152 _____ () C:\Windows\System32\Tasks\{48537833-5B03-4D3A-A1B7-A9B1072DC491}
2014-04-26 17:37 - 2014-04-26 17:37 - 00000000 ____D () C:\ProgramData\regid.1986-12.com.adobe
2014-04-26 17:37 - 2013-01-19 20:21 - 00000000 ____D () C:\Program Files\CCleaner
2014-04-26 17:37 - 2011-05-11 10:17 - 00000000 ____D () C:\Users\Anna\AppData\Roaming\Adobe
2014-04-26 17:30 - 2009-07-14 04:34 - 00000505 _____ () C:\Windows\win.ini
2014-04-25 17:16 - 2010-08-25 13:58 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-04-25 17:12 - 2010-08-25 13:58 - 00000000 ____D () C:\ProgramData\Adobe
2014-04-25 17:11 - 2014-04-25 17:11 - 00001200 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Dreamweaver CC.lnk
2014-04-25 16:59 - 2014-04-25 16:59 - 00001285 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk
2014-04-25 16:59 - 2014-04-25 16:58 - 00000000 ____D () C:\ProgramData\Package Cache
2014-04-25 16:45 - 2014-04-01 16:38 - 00000000 ____D () C:\ik
2014-04-24 15:36 - 2011-05-11 12:12 - 00000000 ____D () C:\Users\Anna\Desktop\Fotos
2014-04-24 15:35 - 2014-02-25 19:37 - 00000000 ____D () C:\Users\Anna\Desktop\BESTELLUNG
2014-04-24 12:23 - 2014-04-25 16:45 - 00061112 _____ (StdLib) C:\Windows\system32\Drivers\{59981518-8b2b-431e-90db-17dacc8cfa86}w64.sys
2014-04-22 01:05 - 2014-03-06 22:09 - 00000000 ____D () C:\Users\Anna\Desktop\Барахло 2
2014-04-17 11:11 - 2014-04-06 10:27 - 00000000 ____D () C:\Users\Anna\AppData\Local\cache
2014-04-14 04:24 - 2014-04-30 08:24 - 00465408 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-04-14 04:19 - 2014-04-30 08:24 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-04-09 22:38 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-04-09 15:24 - 2009-07-14 05:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
2014-04-09 14:43 - 2014-04-09 14:43 - 00001021 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\WinZip.lnk
2014-04-09 14:43 - 2014-04-09 14:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
2014-04-09 14:42 - 2014-04-09 14:42 - 00000000 ____D () C:\Program Files (x86)\WinZip
2014-04-09 10:28 - 2013-07-14 22:48 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-09 10:28 - 2011-05-11 10:29 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-04-09 10:27 - 2013-01-02 15:27 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-04-07 20:47 - 2012-10-29 20:06 - 00000000 ____D () C:\Program Files (x86)\Citrix
2014-04-06 12:00 - 2014-04-06 12:00 - 00061112 _____ (StdLib) C:\Windows\system32\Drivers\wStLibG64.sys
2014-04-06 11:47 - 2011-05-11 12:15 - 00000000 ____D () C:\Users\Anna\Desktop\Oni
2014-04-06 10:30 - 2014-04-06 10:30 - 00000000 ____D () C:\Users\Anna\AppData\Local\Spoon
2014-04-06 10:28 - 2014-04-06 10:28 - 00000000 ____D () C:\Windows\SysWOW64\XPSViewer
2014-04-06 10:28 - 2014-04-06 10:28 - 00000000 ____D () C:\Program Files\Reference Assemblies
2014-04-06 10:28 - 2014-04-06 10:28 - 00000000 ____D () C:\Program Files\MSBuild
2014-04-06 10:28 - 2014-04-06 10:28 - 00000000 ____D () C:\Program Files (x86)\Reference Assemblies
2014-04-06 10:28 - 2014-04-06 10:28 - 00000000 ____D () C:\Program Files (x86)\MSBuild
2014-04-06 10:28 - 2014-04-06 10:26 - 00131072 _____ () C:\Windows\ocsetup_install_NetFx3.etl
2014-04-06 10:28 - 2014-04-06 10:26 - 00057157 _____ () C:\Windows\ocsetup_cbs_install_NetFx3.txt
2014-04-06 10:27 - 2014-04-06 10:27 - 00000000 ____D () C:\Users\Anna\AppData\Roaming\Free Picture Solutions
2014-04-06 10:24 - 2014-04-06 10:24 - 00930952 _____ (CNET Download.com) C:\Users\Anna\cbsidlm-cbsi183-Free_XPS_Viewer-ORG-75999367.exe

Files to move or delete:
====================
C:\Users\Anna\ALDI NORD Bestellsoftware Setup.exe
C:\Users\Anna\AmazonMP3DownloaderInstall.exe
C:\Users\Anna\cbsidlm-cbsi183-Free_XPS_Viewer-ORG-75999367.exe
C:\Users\Anna\CitrixReceiverWeb.exe


Some content of TEMP:
====================
C:\Users\Anna\AppData\Local\Temp\avgnt.exe
C:\Users\Anna\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-04-29 19:37

==================== End Of Log ============================
--- --- ---

--- --- ---

schrauber 06.05.2014 16:28
Java und Firefox updaten.

Fertig :)

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.



Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun :)

Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.

Tatjana301 10.05.2014 19:50
Habe alles erledigt. Herzlichen Dank für die super Hilfe!

Eine Frage hätte ich noch: Welches Programm kann man am besten verwenden, um USB-Sticks auf mögliche Viren zu überprüfen bzw. die Übertragung der Viren auf den PC zu verhindern, so dass man beim Anschlißen des Sticks direkt gewarnt wird?

schrauber 11.05.2014 16:24
Macht jedes AV Programm :)


Alle Zeitangaben in WEZ +1. Es ist jetzt 19:31 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131