Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Merkwürdige Sicherheitsabfrage vom Thunderbird (https://www.trojaner-board.de/153402-merkwuerdige-sicherheitsabfrage-thunderbird.html)

Dramatist 03.05.2014 22:37
Merkwürdige Sicherheitsabfrage vom Thunderbird
 
Hallo Zusammen,

ich habe seit längerem das Problem, dass die Windows-Updates nicht mehr zu funktionieren scheinen. Ich hab versucht die Aktualisierung manuell durchzuführen. Aber vergebens. Immer bekomme ich die Anzeige "installiert Updates und fährt den Rechner herunter". Ich war zu faul mich damit weiter zu beschäftigen. Wahrscheinlich fahrlässig.

Gestern war ich auf der Suche nach einem bestimmten Download. Dabei bin ich auf einer Seite gelandet, die von WOT einen grünen Punkt bekommen hat und mir hat das genügt. Ich hab den Download dort erfolglos versucht. Danach hatte ich ungewünschte Add-ons für Firefox und einen Registrycleaner auf dem Rechner, der mir angeboten hat ungefähr 1000 Probleme auf meinem Rechner zu beheben. Ich habe dieses Angebot ausgeschlagen.

Heute habe ich Thunderbird gestartet und er hat mir mehrmals eine sehr merkwürdige Sicherheitsabfrage gestellt, deren wortlaut ich nicht wiedergeben kann. Hab ich noch nie gesehen und hörte sich sehr verdächtig an.

Ich bin mir ziemlich sicher, dass hier irgendwas vorgeht.

Mit Gmer hatte ich Probleme: Zwei Mal bekam ich die Meldung "Kein Datenträger im Laufwerk". Hier kam ich jeweils nur mit "weiter" weiter. Als der Scan durch war, habe ich auf "save" geklickt --> Keine Reaktion. Hab es mit Copy versucht. Er meinte ich könnte es mit Strg. V in ein Textprogramm einfügen. Hat ebenfalls nicht funktioniert. So also erst mal keine Gmer-Dateien.

Die anderen Dateien die ich bisher habe hänge ich an.

Wenn mir in dieser Angelegenheit jemand helfen kann wäre ich wirklich sehr dankbar!

schrauber 04.05.2014 06:29
Hi,

Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen.


So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
http://www.trojaner-board.de/picture...&pictureid=307

Dramatist 04.05.2014 07:02
Hi,

Sorry. Hatte ich vergessen.


FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:01-05-2014
Ran by XXXXXXX (administrator) on XXXXXXX-PC on 03-05-2014 21:53:42
Running from C:\Users\XXXXXXX\Downloads
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(AMD) C:\Windows\System32\atiesrxx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Cherished Technololgy LIMITED) C:\ProgramData\IePluginService\PluginService.exe
(Cherished Technololgy LIMITED) C:\ProgramData\WPM\wprotectmanager.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Teruten) C:\Windows\System32\FsUsbExService.Exe
(Nero AG) C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe
(Prolific Technology Inc.) C:\Windows\System32\IoctlSvc.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
() C:\Program Files\webget\updatewebget.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
() C:\Program Files\webget\bin\utilwebget.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
() C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe
(Vodafone) C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(InstallShield Software Corporation) C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Antibody Software) C:\Program Files\WizMouse\WizMouse.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jucheck.exe
(Microsoft Corporation) C:\Windows\System32\sdclt.exe
() C:\Program Files\webget\bin\webget.BrowserAdapter.exe
() C:\Program Files\webget\bin\webget.PurBrowse.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2008-08-29] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [ISUSScheduler] => C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [81920 2005-02-16] (InstallShield Software Corporation)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM\...\Run: [vProt] => "C:\Program Files\AVG Secure Search\vprot.exe"
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-20] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [mobilegeni daemon] => C:\Program Files\Mobogenie\DaemonProcess.exe
HKU\S-1-5-21-1492898777-1315905052-4281177461-1000\...\Run: [ISUSPM Startup] => C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2005-02-16] (InstallShield Software Corporation)
HKU\S-1-5-21-1492898777-1315905052-4281177461-1000\...\Run: [WizMouse] => C:\Program Files\WizMouse\WizMouse.exe [723248 2010-05-23] (Antibody Software)
HKU\S-1-5-21-1492898777-1315905052-4281177461-1004\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\autor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk
ShortcutTarget: OpenOffice.org 3.0.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe (No File)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x9E32AFFD3060CD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1398955723&from=cor&uid=395049983_1052451_CE8AA895&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.sweet-page.com/web/?type=ds&ts=1398955723&from=cor&uid=395049983_1052451_CE8AA895&q={searchTerms}
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E62696E672E636F6D2F7365617263683F713D7B7365617263685465726D737D267372633D49452D536561726368426F7826464F524D3D494538535243&st={searchTerms}&clid=5207cd4e-d476-4bdd-9ee1-9f47ac8e232e&pid=freewarede&k=0
SearchScopes: HKCU - {0181C607-A64D-4BBC-A2FA-55E2BB7554FB} URL = hxxp://de.search.yahoo.com.anonymize-me.de/?anonymto=687474703A2F2F64652E7365617263682E7961686F6F2E636F6D2F7365617263683F66723D6368722D677265656E747265655F69652665693D7574662D3826747970653D38363730333426703D7B7365617263685465726D737D&st={searchTerms}&clid=5207cd4e-d476-4bdd-9ee1-9f47ac8e232e&pid=freewarede&k=0
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E62696E672E636F6D2F7365617263683F713D7B7365617263685465726D737D267372633D49452D536561726368426F7826464F524D3D494538535243&st={searchTerms}&clid=5207cd4e-d476-4bdd-9ee1-9f47ac8e232e&pid=freewarede&k=0
SearchScopes: HKCU - {2B5032A6-E854-4E0E-9C2A-C5DCF008CB01} URL = hxxp://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=5207cd4e-d476-4bdd-9ee1-9f47ac8e232e&pid=freewarede&mode=bounce&k=0
SearchScopes: HKCU - {359F0056-0341-420C-8B2A-49ED130C72CB} URL = hxxp://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=5207cd4e-d476-4bdd-9ee1-9f47ac8e232e&pid=freewarede&mode=bounce&k=0
SearchScopes: HKCU - {870CD05D-0A80-48CC-8D17-D2F4A591BF72} URL = hxxp://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=5207cd4e-d476-4bdd-9ee1-9f47ac8e232e&pid=freewarede&mode=bounce&k=0
SearchScopes: HKCU - {DE87B9B7-B9A2-4611-A089-A0EBC29158D5} URL = hxxp://de.wikipedia.org.anonymize-me.de/?to=64652E77696B6970656469612E6F7267&st={searchTerms}&clid=5207cd4e-d476-4bdd-9ee1-9f47ac8e232e&pid=freewarede&mode=bounce&k=0
SearchScopes: HKCU - {EA9ED40B-01DC-4B88-AA21-3DAA4553C4E7} URL = hxxp://search.ebay.de.anonymize-me.de/?to=656261792E6465&st={searchTerms}&clid=5207cd4e-d476-4bdd-9ee1-9f47ac8e232e&pid=freewarede&mode=bounce&k=0
SearchScopes: HKCU - {FF56FBFE-2BB1-46A0-942A-6BD0B16DE457} URL = hxxp://www.amazon.de.anonymize-me.de/?to=616D617A6F6E2E6465&st={searchTerms}&clid=5207cd4e-d476-4bdd-9ee1-9f47ac8e232e&pid=freewarede&mode=bounce&k=0
BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
ShellExecuteHooks:  - {AEB6717E-7E19-11d0-97EE-00C04FD91972} -  No File [ ]
Winsock: Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [152864] (Apple Inc.)
Winsock: Catalog9 01 bmnet.dll File Not found ()
Winsock: Catalog9 02 bmnet.dll File Not found ()
Winsock: Catalog9 03 bmnet.dll File Not found ()
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\XXXXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\zxapfs10.default
FF user.js: detected! => C:\Users\XXXXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\zxapfs10.default\user.js
FF DefaultSearchEngine: Yahoo
FF SelectedSearchEngine: Yahoo
FF Homepage: hxxp://www.spiegel.de/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_206.dll ()
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF Plugin: @divx.com/DivX Player Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @google.com/npPicasa3,version=3.0.0 - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @videolan.org/vlc,version=2.0.0 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin HKCU: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\XXXXXXX\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npDivxPlayerPlugin.dll (DivX, Inc)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npLegitCheckPlugin.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF SearchPlugin: C:\Users\XXXXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\zxapfs10.default\searchplugins\11-suche.xml
FF SearchPlugin: C:\Users\XXXXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\zxapfs10.default\searchplugins\englische-ergebnisse.xml
FF SearchPlugin: C:\Users\XXXXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\zxapfs10.default\searchplugins\gmx-suche.xml
FF SearchPlugin: C:\Users\XXXXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\zxapfs10.default\searchplugins\lastminute.xml
FF SearchPlugin: C:\Users\XXXXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\zxapfs10.default\searchplugins\webde-suche.xml
FF SearchPlugin: C:\Users\XXXXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\zxapfs10.default\searchplugins\wot-safe-search.xml
FF SearchPlugin: C:\Users\XXXXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\zxapfs10.default\searchplugins\{2EA57602-F694-4ECB-9E4E-006AB5F53A62}.xml
FF SearchPlugin: C:\Users\XXXXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\zxapfs10.default\searchplugins\{D88E1900-B5E3-469F-8183-9232B17F07CC}.xml
FF SearchPlugin: C:\Users\XXXXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\zxapfs10.default\searchplugins\{E4CED27D-38C5-439A-92DB-24F610B847FA}.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Microsoft .NET Framework Assistant - C:\Users\XXXXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\zxapfs10.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010-06-25]
FF Extension: WOT - C:\Users\XXXXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\zxapfs10.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2013-11-26]
FF Extension: WEB.DE MailCheck - C:\Users\XXXXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\zxapfs10.default\Extensions\toolbar@web.de.xpi [2011-12-24]
FF Extension: NoScript - C:\Users\XXXXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\zxapfs10.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2012-03-19]
FF Extension: Adblock Plus - C:\Users\XXXXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\zxapfs10.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-03-19]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-03-29]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2014-03-29]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM\...\Firefox\Extensions: [ff-bmboc@bytemobile.com] - C:\Program Files\Vodafone\Vodafone Mobile Connect\Optimization Client\addon\
FF Extension: Bytemobile Optimization Client - C:\Program Files\Vodafone\Vodafone Mobile Connect\Optimization Client\addon\ []

Chrome:
=======
CHR StartupUrls: "hxxp://www.sweet-page.com/?type=hp&ts=1398955723&from=cor&uid=395049983_1052451_CE8AA895"
CHR Extension: (Google Docs) - C:\Users\XXXXXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-02-22]
CHR Extension: (Google Drive) - C:\Users\XXXXXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-02-22]
CHR Extension: (YouTube) - C:\Users\XXXXXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-02-22]
CHR Extension: (McAfee Security Scan+) - C:\Users\XXXXXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\bopakagnckmlgajfccecajhnimjiiedh [2014-02-22]
CHR Extension: (Google-Suche) - C:\Users\XXXXXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-02-22]
CHR Extension: (Google Wallet) - C:\Users\XXXXXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-22]
CHR Extension: (Google Mail) - C:\Users\XXXXXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-02-22]
CHR HKLM\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\ProgramData\AVG Secure Search\ChromeExt\14.2.0.1\avg.crx [2014-02-22]

========================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
S2 gupdate1c9de4d978f7944; C:\Program Files\Google\Update\GoogleUpdate.exe [133104 2009-05-27] (Google Inc.)
R2 IePluginService; C:\ProgramData\IePluginService\PluginService.exe [705136 2014-04-11] (Cherished Technololgy LIMITED)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe [235696 2014-01-16] (McAfee, Inc.)
R2 pgsql-8.3; C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe [65536 2008-09-19] (PostgreSQL Global Development Group)
R2 Update webget; C:\Program Files\webget\updatewebget.exe [316696 2014-05-03] ()
R2 Util webget; C:\Program Files\webget\bin\utilwebget.exe [316696 2014-05-03] ()
R2 VMCService; C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [9216 2009-09-11] (Vodafone)
R2 vToolbarUpdater14.2.0; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe [968880 2013-02-18] ()
R2 Wpm; C:\ProgramData\WPM\wprotectmanager.exe [566272 2014-05-01] (Cherished Technololgy LIMITED)

==================== Drivers (Whitelisted) ====================

S3 61883; C:\Windows\System32\DRIVERS\61883.sys [45696 2008-01-21] (Microsoft Corporation)
R0 ahcix86s; C:\Windows\System32\DRIVERS\ahcix86s.sys [183312 2008-10-03] (Advanced Micro Devices, Inc)
R0 amdide; C:\Windows\System32\DRIVERS\amdide.sys [10632 2007-10-12] (Advanced Micro Devices)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [90400 2013-12-12] (Avira Operations GmbH & Co. KG)
R1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [33112 2013-02-18] (AVG Technologies)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135648 2013-12-12] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-10-01] (Avira Operations GmbH & Co. KG)
S3 Dot4Scan; C:\Windows\System32\DRIVERS\Dot4Scan.sys [10752 2008-01-21] (Microsoft Corporation)
R3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [36608 2009-04-07] ()
R0 giveio; C:\Windows\System32\giveio.sys [5248 1996-04-03] ()
S3 hwusbfake; C:\Windows\System32\DRIVERS\ewusbfake.sys [102912 2009-06-29] (Huawei Technologies Co., Ltd.)
R0 speedfan; C:\Windows\System32\speedfan.sys [5248 2006-09-24] (Windows (R) 2000 DDK provider)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-02-24] (Avira GmbH)
R1 {9edd0ea8-2819-47c2-8320-b007d5996f8a}Gt; C:\Windows\System32\drivers\{9edd0ea8-2819-47c2-8320-b007d5996f8a}Gt.sys [55224 2014-04-28] (StdLib)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-03 21:53 - 2014-05-03 21:54 - 00021515 _____ () C:\Users\XXXXXXX\Downloads\FRST.txt
2014-05-03 21:53 - 2014-05-03 21:53 - 00000000 ____D () C:\FRST
2014-05-03 21:52 - 2014-05-03 21:52 - 01050624 _____ (Farbar) C:\Users\XXXXXXX\Downloads\FRST.exe
2014-05-03 21:51 - 2014-05-03 21:51 - 00050477 _____ () C:\Users\XXXXXXX\Downloads\Defogger(2).exe
2014-05-03 21:50 - 2014-05-03 21:50 - 00050477 _____ () C:\Users\XXXXXXX\Downloads\Defogger(1).exe
2014-05-03 00:27 - 2014-04-29 12:28 - 12347392 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-03 00:27 - 2014-04-29 12:07 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-01 18:20 - 2014-04-28 10:23 - 00055224 _____ (StdLib) C:\Windows\system32\Drivers\{9edd0ea8-2819-47c2-8320-b007d5996f8a}Gt.sys
2014-05-01 16:51 - 2014-05-01 16:51 - 00000000 ____D () C:\Users\XXXXXXX\.android
2014-05-01 16:50 - 2014-05-01 17:00 - 00000000 ____D () C:\Program Files\SupTab
2014-05-01 16:50 - 2014-05-01 16:56 - 00000000 ____D () C:\Users\XXXXXXX\AppData\Local\Mobogenie
2014-05-01 16:50 - 2014-05-01 16:51 - 00000000 ____D () C:\ProgramData\IePluginService
2014-05-01 16:50 - 2014-05-01 16:50 - 00000000 ____D () C:\Users\XXXXXXX\Documents\Mobogenie
2014-05-01 16:50 - 2014-05-01 16:50 - 00000000 ____D () C:\Users\XXXXXXX\AppData\Roaming\SupTab
2014-05-01 16:50 - 2014-05-01 16:50 - 00000000 ____D () C:\ProgramData\WPM
2014-05-01 16:50 - 2014-05-01 16:50 - 00000000 _____ () C:\Users\XXXXXXX\daemonprocess.txt
2014-05-01 16:49 - 2014-05-02 08:42 - 00000000 ____D () C:\Program Files\webget
2014-05-01 16:49 - 2014-05-01 17:00 - 00000000 ____D () C:\Users\XXXXXXX\AppData\Roaming\sweet-page
2014-05-01 16:47 - 2014-05-01 16:56 - 00000000 ____D () C:\Users\XXXXXXX\AppData\Roaming\Systweak
2014-05-01 16:47 - 2014-05-01 16:46 - 00757297 _____ () C:\Users\XXXXXXX\Downloads\PokerStove121.zip
2014-05-01 16:47 - 2014-03-19 12:12 - 00018776 _____ (Systweak Inc., (www.systweak.com)) C:\Windows\system32\roboot.exe
2014-05-01 16:46 - 2014-05-01 16:46 - 00640792 _____ ( ) C:\Users\XXXXXXX\Downloads\poker-stove.exe
2014-05-01 16:44 - 2014-05-01 16:44 - 00731933 _____ ( ) C:\Users\XXXXXXX\Downloads\pokerstovesetup124.exe
2014-05-01 13:23 - 2014-05-01 13:25 - 29403664 _____ (PokerStars) C:\Users\XXXXXXX\Downloads\PokerStarsInstallEU(2).exe
2014-05-01 10:39 - 2014-05-01 10:39 - 00347816 _____ (Microsoft Corporation) C:\Users\XXXXXXX\Downloads\MicrosoftFixit.wu.RNP.6332236432331404.2.1.Run.exe
2014-04-30 13:05 - 2014-04-30 17:35 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2014-04-18 16:30 - 2014-04-18 16:30 - 00000000 ____D () C:\ProgramData\HP
2014-04-18 16:30 - 2014-04-18 16:30 - 00000000 ____D () C:\Program Files\HP
2014-04-18 16:29 - 2014-04-18 16:29 - 06598344 _____ () C:\Users\XXXXXXX\Downloads\HPPSdr.exe
2014-04-09 14:55 - 2014-03-08 01:20 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-04-09 14:55 - 2014-03-08 01:12 - 01806848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-04-09 14:55 - 2014-03-08 01:03 - 01105408 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-04-09 14:55 - 2014-03-08 01:02 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-04-09 14:55 - 2014-03-08 01:02 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-04-09 14:55 - 2014-03-08 01:00 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-04-09 14:55 - 2014-03-08 00:59 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-04-09 14:55 - 2014-03-08 00:57 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-04-09 14:55 - 2014-03-08 00:57 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-04-09 14:55 - 2014-03-08 00:56 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-04-09 14:55 - 2014-03-08 00:54 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-04-09 14:55 - 2014-03-08 00:53 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-04-09 14:55 - 2014-03-08 00:52 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-04-09 14:55 - 2014-03-08 00:47 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-04-09 09:01 - 2014-02-06 03:56 - 00894464 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-04-07 20:21 - 2014-04-07 20:21 - 00921512 _____ (Oracle Corporation) C:\Users\XXXXXXX\Downloads\jre-7u51-windows-i586-iftw(2).exe
2014-04-07 20:20 - 2014-04-07 20:19 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-04-07 20:19 - 2014-04-07 20:19 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-04-07 20:19 - 2014-04-07 20:19 - 00174504 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-04-07 20:19 - 2014-04-07 20:19 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-04-07 20:19 - 2014-04-07 20:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-04-07 20:16 - 2014-04-07 20:16 - 29141928 _____ (Oracle Corporation) C:\Users\XXXXXXX\Downloads\jre-7u51-windows-i586.exe
2014-04-07 20:15 - 2014-04-07 20:15 - 00921512 _____ (Oracle Corporation) C:\Users\XXXXXXX\Downloads\jre-7u51-windows-i586-iftw(1).exe
2014-04-07 20:14 - 2014-04-07 20:14 - 00921512 _____ (Oracle Corporation) C:\Users\XXXXXXX\Downloads\jre-7u51-windows-i586-iftw.exe

==================== One Month Modified Files and Folders =======

2014-05-03 21:54 - 2014-05-03 21:53 - 00021515 _____ () C:\Users\XXXXXXX\Downloads\FRST.txt
2014-05-03 21:53 - 2014-05-03 21:53 - 00000000 ____D () C:\FRST
2014-05-03 21:52 - 2014-05-03 21:52 - 01050624 _____ (Farbar) C:\Users\XXXXXXX\Downloads\FRST.exe
2014-05-03 21:52 - 2013-03-17 08:29 - 00000476 _____ () C:\Users\XXXXXXX\Downloads\defogger_disable.log
2014-05-03 21:51 - 2014-05-03 21:51 - 00050477 _____ () C:\Users\XXXXXXX\Downloads\Defogger(2).exe
2014-05-03 21:50 - 2014-05-03 21:50 - 00050477 _____ () C:\Users\XXXXXXX\Downloads\Defogger(1).exe
2014-05-03 20:24 - 2008-01-21 03:35 - 01456068 _____ () C:\Windows\WindowsUpdate.log
2014-05-03 20:22 - 2009-06-30 21:32 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-03 20:22 - 2009-06-30 21:32 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-03 20:20 - 2006-11-02 15:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-03 20:20 - 2006-11-02 14:47 - 00003840 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-03 20:20 - 2006-11-02 14:47 - 00003840 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-03 16:37 - 2006-11-02 15:01 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-05-02 19:57 - 2009-04-19 11:24 - 00000000 ____D () C:\Users\XXXXXXX\AppData\Local\PokerStars.EU
2014-05-02 19:57 - 2009-04-19 10:11 - 00000000 ____D () C:\Program Files\PokerTracker 3
2014-05-02 08:42 - 2014-05-01 16:49 - 00000000 ____D () C:\Program Files\webget
2014-05-02 08:42 - 2011-03-28 14:16 - 00149650 _____ () C:\Windows\PFRO.log
2014-05-01 17:00 - 2014-05-01 16:50 - 00000000 ____D () C:\Program Files\SupTab
2014-05-01 17:00 - 2014-05-01 16:49 - 00000000 ____D () C:\Users\XXXXXXX\AppData\Roaming\sweet-page
2014-05-01 16:56 - 2014-05-01 16:50 - 00000000 ____D () C:\Users\XXXXXXX\AppData\Local\Mobogenie
2014-05-01 16:56 - 2014-05-01 16:47 - 00000000 ____D () C:\Users\XXXXXXX\AppData\Roaming\Systweak
2014-05-01 16:53 - 2010-07-01 23:44 - 00000000 ____D () C:\Users\XXXXXXX\AppData\Local\cache
2014-05-01 16:51 - 2014-05-01 16:51 - 00000000 ____D () C:\Users\XXXXXXX\.android
2014-05-01 16:51 - 2014-05-01 16:50 - 00000000 ____D () C:\ProgramData\IePluginService
2014-05-01 16:50 - 2014-05-01 16:50 - 00000000 ____D () C:\Users\XXXXXXX\Documents\Mobogenie
2014-05-01 16:50 - 2014-05-01 16:50 - 00000000 ____D () C:\Users\XXXXXXX\AppData\Roaming\SupTab
2014-05-01 16:50 - 2014-05-01 16:50 - 00000000 ____D () C:\ProgramData\WPM
2014-05-01 16:50 - 2014-05-01 16:50 - 00000000 _____ () C:\Users\XXXXXXX\daemonprocess.txt
2014-05-01 16:46 - 2014-05-01 16:47 - 00757297 _____ () C:\Users\XXXXXXX\Downloads\PokerStove121.zip
2014-05-01 16:46 - 2014-05-01 16:46 - 00640792 _____ ( ) C:\Users\XXXXXXX\Downloads\poker-stove.exe
2014-05-01 16:45 - 2009-05-22 12:06 - 00000000 ____D () C:\Users\XXXXXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PokerStove
2014-05-01 16:45 - 2009-05-22 12:06 - 00000000 ____D () C:\Program Files\PokerStove
2014-05-01 16:44 - 2014-05-01 16:44 - 00731933 _____ ( ) C:\Users\XXXXXXX\Downloads\pokerstovesetup124.exe
2014-05-01 13:27 - 2012-10-01 16:40 - 00000851 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\PokerStars.eu.lnk
2014-05-01 13:27 - 2012-10-01 16:40 - 00000000 ____D () C:\Program Files\PokerStars.EU
2014-05-01 13:25 - 2014-05-01 13:23 - 29403664 _____ (PokerStars) C:\Users\XXXXXXX\Downloads\PokerStarsInstallEU(2).exe
2014-05-01 10:39 - 2014-05-01 10:39 - 00347816 _____ (Microsoft Corporation) C:\Users\XXXXXXX\Downloads\MicrosoftFixit.wu.RNP.6332236432331404.2.1.Run.exe
2014-04-30 17:52 - 2012-05-02 21:51 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-04-30 17:35 - 2014-04-30 13:05 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2014-04-29 22:16 - 2008-01-21 09:16 - 01651918 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-29 12:42 - 2012-04-09 17:28 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-04-29 12:42 - 2011-06-15 09:21 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-04-29 12:28 - 2014-05-03 00:27 - 12347392 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-29 12:07 - 2014-05-03 00:27 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-28 10:23 - 2014-05-01 18:20 - 00055224 _____ (StdLib) C:\Windows\system32\Drivers\{9edd0ea8-2819-47c2-8320-b007d5996f8a}Gt.sys
2014-04-18 19:54 - 2011-04-07 12:25 - 00000000 ____D () C:\Users\XXXXXXX\AppData\Roaming\vlc
2014-04-18 16:30 - 2014-04-18 16:30 - 00000000 ____D () C:\ProgramData\HP
2014-04-18 16:30 - 2014-04-18 16:30 - 00000000 ____D () C:\Program Files\HP
2014-04-18 16:29 - 2014-04-18 16:29 - 06598344 _____ () C:\Users\XXXXXXX\Downloads\HPPSdr.exe
2014-04-16 17:12 - 2009-04-20 02:04 - 00191488 _____ () C:\Users\XXXXXXX\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-04-09 14:57 - 2009-06-26 20:10 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-04-09 14:54 - 2013-08-15 10:12 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-09 14:50 - 2006-11-02 12:24 - 88028728 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-04-07 20:21 - 2014-04-07 20:21 - 00921512 _____ (Oracle Corporation) C:\Users\XXXXXXX\Downloads\jre-7u51-windows-i586-iftw(2).exe
2014-04-07 20:19 - 2014-04-07 20:20 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-04-07 20:19 - 2014-04-07 20:19 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-04-07 20:19 - 2014-04-07 20:19 - 00174504 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-04-07 20:19 - 2014-04-07 20:19 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-04-07 20:19 - 2014-04-07 20:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-04-07 20:19 - 2009-12-22 01:35 - 00000000 ____D () C:\Program Files\Java
2014-04-07 20:16 - 2014-04-07 20:16 - 29141928 _____ (Oracle Corporation) C:\Users\XXXXXXX\Downloads\jre-7u51-windows-i586.exe
2014-04-07 20:15 - 2014-04-07 20:15 - 00921512 _____ (Oracle Corporation) C:\Users\XXXXXXX\Downloads\jre-7u51-windows-i586-iftw(1).exe
2014-04-07 20:14 - 2014-04-07 20:14 - 00921512 _____ (Oracle Corporation) C:\Users\XXXXXXX\Downloads\jre-7u51-windows-i586-iftw.exe

Some content of TEMP:
====================
C:\Users\XXXXXXX\AppData\Local\temp\avgnt.exe
C:\Users\XXXXXXX\AppData\Local\temp\jre-7u17-windows-i586-iftw.exe
C:\Users\XXXXXXX\AppData\Local\temp\jre-7u21-windows-i586-iftw.exe
C:\Users\XXXXXXX\AppData\Local\temp\jre-7u25-windows-i586-iftw.exe
C:\Users\XXXXXXX\AppData\Local\temp\jre-7u45-windows-i586-iftw.exe
C:\Users\XXXXXXX\AppData\Local\temp\jre-7u51-windows-i586-iftw.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-05-03 20:27

==================== End Of Log ============================
--- --- ---


Code:
Additional scan result of Farbar Recovery Scan Tool (x86) Version:01-05-2014
Ran by XXXXXXX at 2014-05-03 21:54:52
Running from C:\Users\XXXXXXX\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

 Update for Microsoft Office 2007 (KB2508958) (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version:  - Microsoft)
AAC Decoder (HKLM\...\{AEF9DC35ADDF4825B049ACBFD1C6EB37}) (Version: 7.1.0 - DivX, Inc.)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.2.0.2070 - Adobe Systems Incorporated)
Adobe AIR (Version: 3.2.0.2070 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 10 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 10.0.45.2 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 13.0.0.206 - Adobe Systems Incorporated)
Apple Application Support (HKLM\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{308B6AEA-DE50-4666-996D-0FA461719D6B}) (Version: 3.3.0.69 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ATI Catalyst Install Manager (HKLM\...\{60B8D26D-5D6D-21D5-0366-3664E5DE3471}) (Version: 3.0.728.0 - ATI Technologies, Inc.)
Audacity 1.2.6 (HKLM\...\Audacity_is1) (Version:  - )
Audiograbber 1.83 SE  (HKLM\...\Audiograbber) (Version: 1.83 SE  - Audiograbber Deutschland)
AutoUpdate (HKLM\...\{18D10072035C4515918F7E37EAFAACFC}) (Version: 1.1 - )
Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.3.350 - Avira)
Bonjour (HKLM\...\{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}) (Version: 2.0.3.0 - Apple Inc.)
Catalyst Control Center Core Implementation (Version: 2008.1201.1504.27008 - ATI) Hidden
Catalyst Control Center Graphics Full Existing (Version: 2008.1201.1504.27008 - ATI) Hidden
Catalyst Control Center Graphics Full New (Version: 2008.1201.1504.27008 - ATI) Hidden
Catalyst Control Center Graphics Light (Version: 2008.1201.1504.27008 - ATI) Hidden
Catalyst Control Center InstallProxy (Version: 2009.0520.1631.27815 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization German (Version: 2008.1201.1504.27008 - ATI) Hidden
CCC Help English (Version: 2008.1201.1503.27008 - ATI) Hidden
CCC Help German (Version: 2008.1201.1503.27008 - ATI) Hidden
ccc-core-preinstall (Version: 2008.1201.1504.27008 - ATI) Hidden
ccc-core-static (Version: 2008.1201.1504.27008 - Ihr Firmenname) Hidden
ccc-utility (Version: 2008.1201.1504.27008 - ATI) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 3.05 - Piriform)
Compatibility Pack für 2007 Office System (HKLM\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Crystal Reports Basic Runtime for Visual Studio 2008 (HKLM\...\{CE26F10F-C80F-4377-908B-1B7882AE2CE3}) (Version: 10.5.0.0 - Business Objects)
Day Organizer, ver. 2.2.1.2 (HKLM\...\{B1370260-CCF7-483A-ACA0-58C353619467}) (Version: 2.2.1102 - Patrik Tanzer)
Dia (nur entfernen) (HKLM\...\Dia) (Version:  - )
DivX Codec (HKLM\...\{7B63B2922B174135AFC0E1377DD81EC2}) (Version: 6.9.1 - DivX, Inc.)
DivX Converter (HKLM\...\{13F3917B56CD4C25848BDC69916971BB}) (Version: 7.1.0 - DivX, Inc.)
DivX Converter (HKLM\...\{B13A7C41581B411290FBC0395694E2A9}) (Version: 7.1.0 - DivX, Inc.)
DivX Player (HKLM\...\{8ADFC4160D694100B5B8A22DE9DCABD9}) (Version: 7.2.0 - DivX, Inc.)
DivX Plus DirectShow Filters (HKLM\...\DivX Plus DirectShow Filters) (Version:  - DivX, Inc.)
DivX Plus Web Player (HKLM\...\{B7050CBDB2504B34BC2A9CA0A692CC29}) (Version: 2.0.0 - DivX,Inc.)
DivX Version Checker (HKLM\...\{3FC7CBBC4C1E11DCA1A752EA55D89593}) (Version: 7.1.0.9 - DivX, Inc.)
Dragon NaturallySpeaking 10 (HKLM\...\{E7712E53-7A7F-46EB-AA13-70D5987D30F2}) (Version: 10.0.200 - Nuance Communications Inc.)
EAX Unified (HKLM\...\EAX Unified) (Version:  - )
Filmmakers Video Uploader (HKCU\...\Filmmakers Video Uploader) (Version:  - Filmmakers)
Free DVD Decrypter version 1.5.4 (HKLM\...\Free DVD Decrypter_is1) (Version:  - DVDVideoSoft Limited.)
Free DVD Video Converter version 1.5.12 (HKLM\...\Free DVD Video Converter_is1) (Version:  - DVDVideoSoft Limited.)
Free FLV Converter V 7.4.0 (HKLM\...\Free FLV Converter_is1) (Version: 7.4.0.0 - Koyote Soft)
Free Video Converter V 2.92 (HKLM\...\Free Video Converter_is1) (Version: 2.92.0.0 - Koyote Soft)
FreeMind (HKLM\...\B991B020-2968-11D8-AF23-444553540000_is1) (Version: 0.9.0 - )
Full Tilt Poker.Eu (HKLM\...\{127BEFB3-24B2-4B44-8E99-AD22C2A5A8ED}) (Version: 4.59.12.WIN.FullTilt.EU - )
Google Chrome (HKLM\...\Google Chrome) (Version: 34.0.1847.131 - Google Inc.)
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.23.9 - Google Inc.) Hidden
H.264 Decoder (HKLM\...\{A96E97134CA649888820BCDE5E300BBD}) (Version: 1.1.0 - DivX, Inc.)
iPhone-Konfigurationsprogramm (HKLM\...\{FA54AFB1-5745-4389-B8C1-9F7509672ED1}) (Version: 2.1.0.163 - Apple Inc.)
Java 7 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Malwarebytes Anti-Malware Version 1.75.0.1300 (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.141.11 - McAfee, Inc.)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 (Version: 1.1.4322 - Microsoft) Hidden
Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2742597) (HKLM\...\M2742597) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version:  - )
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Access MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office InfoPath MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Outlook MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint Viewer 2007 (German) (HKLM\...\{95120000-00AF-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2007 (HKLM\...\PROPLUS) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Publisher MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ Run Time  Lib Setup (HKLM\...\{AAF4238F-7C29-451D-9925-C753271A5728}) (Version: 1.0.0 - Microsoft)
Microsoft Works (HKLM\...\{39D0E034-1042-4905-BECB-5502909FCB7C}) (Version: 9.7.0621 - Microsoft Corporation)
MKV Splitter (HKLM\...\{AAC389499AEF40428987B3D30CFC76C9}) (Version: 1.0.1 - DivX, Inc.)
MozBackup 1.4.9 (HKLM\...\MozBackup) (Version:  - Pavel Cvrcek)
Mozilla Firefox 28.0 (x86 de) (HKLM\...\Mozilla Firefox 28.0 (x86 de)) (Version: 28.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 24.5.0 - Mozilla)
Mozilla Thunderbird 24.5.0 (x86 de) (HKLM\...\Mozilla Thunderbird 24.5.0 (x86 de)) (Version: 24.5.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero 8 Essentials (HKLM\...\{47948554-90C6-4AAC-8CFA-D23CE11C1031}) (Version: 8.3.124 - Nero AG)
neroxml (Version: 1.0.0 - Nero AG) Hidden
Neuro-Programmer 3.0.9 (HKLM\...\Neuro-Programmer 3_is1) (Version:  - Transparent Corporation)
Opera Stable 19.0.1326.63 (HKLM\...\Opera 19.0.1326.63) (Version: 19.0.1326.63 - Opera Software ASA)
PC Connectivity Solution (HKLM\...\{AC599724-5755-48C1-ABE7-ABB857652930}) (Version: 8.15.0.0 - Nokia)
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.2.2 - Frank Heindörfer, Philip Chinery)
PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.207.0 - Tracker Software Products Ltd)
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Pinnacle VideoSpin (HKLM\...\{FEB15887-0932-4D2D-BB85-6AC03FBF1AA8}) (Version: 2.0.0.669 - Pinnacle Systems)
PKR (HKLM\...\PKR) (Version:  - PKR Ltd)
PokerStars (HKLM\...\PokerStars) (Version:  - PokerStars)
PokerStars.eu (HKLM\...\PokerStars.eu) (Version:  - PokerStars.eu)
PokerStove version 1.24 (HKLM\...\{6D0C6BE4-F674-43D2-96BC-3509345108C9}_is1) (Version:  - )
PokerTracker 3 (remove only) (HKLM\...\PokerTracker3) (Version:  - )
PokerTracker 4 (remove only) (HKLM\...\PokerTracker4) (Version:  - )
PostgreSQL 8.3 (HKLM\...\{B823632F-3B72-4514-8861-B961CE263224}) (Version: 8.3 - PostgreSQL Global Development Group)
QuickTime 7 (HKLM\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0000 - Realtek)
Recuva (HKLM\...\Recuva) (Version: 1.43 - Piriform)
Revo Uninstaller 1.91 (HKLM\...\Revo Uninstaller) (Version: 1.91 - VS Revo Group)
SAMSUNG Mobile Composite Device Software (HKLM\...\SAMSUNG Mobile Composite Device) (Version:  - )
Samsung Mobile Modem Device Software (HKLM\...\Samsung Mobile Modem Device) (Version:  - )
SAMSUNG Mobile Modem Driver Set (HKLM\...\SAMSUNG Mobile Modem) (Version:  - )
Samsung Mobile phone USB driver Software (HKLM\...\Samsung Mobile phone USB driver) (Version:  - )
SAMSUNG Mobile USB Modem 1.0 Software (HKLM\...\SAMSUNG Mobile USB Modem 1.0) (Version:  - )
SAMSUNG Mobile USB Modem Software (HKLM\...\SAMSUNG Mobile USB Modem) (Version:  - )
Samsung New PC Studio (HKLM\...\InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}) (Version: 1.00.0000 - Samsung Electronics Co., Ltd.)
Samsung New PC Studio (Version: 1.00.0000 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG SYMBIAN USB Download Driver (HKLM\...\{D8CE69B0-9274-4b8c-BA49-0FF6A20A3C65}) (Version: 1.1.808.7165 - SAMSUNG Electronics CO,.LTD)
SAMSUNG USB Mobile Device Software (HKLM\...\SAMSUNG USB Mobile Device) (Version:  - )
SamsungConnectivityCableDriver (HKLM\...\{7E84FAC8-C518-40F9-9807-7455301D6D25}) (Version: 6.83.6.2.1 - Samsung)
Security Task Manager 1.8c (HKLM\...\Security Task Manager) (Version: 1.8c - Neuber Software)
Skins (Version: 2008.1201.1504.27008 - ATI) Hidden
SMPlayer 0.6.9 (HKLM\...\SMPlayer) (Version: 0.6.9 - RVM)
Speccy (HKLM\...\Speccy) (Version: 1.03 - Piriform)
SpeedFan (remove only) (HKLM\...\SpeedFan) (Version:  - )
SpywareBlaster 4.6 (HKLM\...\SpywareBlaster_is1) (Version: 4.6.0 - Javacool Software LLC)
SumatraPDF (HKLM\...\SumatraPDF) (Version: 1.5.1 - Krzysztof Kowalczyk)
TableNinja (HKLM\...\{FB3F2F5E-349B-4425-ACB4-B59D7BF81822}) (Version: 1.1.25 - ALXSoftware)
Tomb Raider: Anniversary 1.0 (HKLM\...\Tomb Raider: Anniversary) (Version:  - )
UB (HKCU\...\UB) (Version:  - )
Uninstall 1.0.0.1 (HKLM\...\Uninstall_is1) (Version:  - )
Unity Web Player (HKCU\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6FAA03BD-2B51-4029-9AD9-64A3B8E3C84C}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM\...\{90120000-001A-0407-0000-0000000FF1CE}_PROPLUS_{EA54F104-79D2-48CC-9ABC-91A63C43D353}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2878297) 32-Bit Edition (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{9B1DEEA3-B4ED-49F0-9EF7-4A820EEEA7F1}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0407-0000-0000000FF1CE}_PROPLUS_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM\...\{90120000-001A-0407-0000-0000000FF1CE}_PROPLUS_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0407-0000-0000000FF1CE}_PROPLUS_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0407-0000-0000000FF1CE}_PROPLUS_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
VC80CRTRedist - 8.0.50727.4053 (Version: 1.1.0 - DivX, Inc) Hidden
VCRedistSetup (Version: 1.0.0 - Nero AG) Hidden
Visual C++ Runtime for Dragon NaturallySpeaking (HKLM\...\{4A5A427F-BA39-4BF0-9A47-9999FBE60C9F}) (Version: 10.00.200.017 - Nuance Communications Inc.)
VLC media player 2.0.0 (HKLM\...\VLC media player) (Version: 2.0.0 - VideoLAN)
Vodafone Mobile Connect Lite (HKLM\...\{79A64F98-1796-4FA2-B5FF-C90F83D8BACD}) (Version: 9.4.3.17550 - Vodafone)
webget (HKLM\...\webget) (Version: 2014.04.30.004244 - webget)
Winamax Poker (HKLM\...\wam.04351C371E530C3762CBA45FA283ED972DCDEFB6.1) (Version: 2.0.2.1335533879 - Winamax)
Winamax Poker (Version: 2.0.2 - Winamax) Hidden
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
Windows-Treiberpaket - Nokia pccsmcfd  (10/12/2007 6.85.4.0) (HKLM\...\3A5DEFA413DDE699DBA6EBE0A63534ACA524D30F) (Version: 10/12/2007 6.85.4.0 - Nokia)
WinRAR 4.00 (32-Bit) (HKLM\...\WinRAR archiver) (Version: 4.00.0 - win.rar GmbH)
WizMouse v1.0.0.9 (HKLM\...\WizMouse_is1) (Version:  - Antibody Software)
WPM18.8.0.212 (HKLM\...\WPM) (Version: 18.8.0.212 - Cherished Technololgy LIMITED) <==== ATTENTION
WritePro Fiction (HKLM\...\WritePro Fiction) (Version:  - )
WritePro FictionMaster (HKLM\...\WritePro FictionMaster) (Version:  - )
Writer's Café 2.33 (HKLM\...\Writer's Café_is1) (Version: 2.33 - Anthemion Software Ltd.)
YOU DON'T KNOW JACK® (HKLM\...\YDKJG) (Version:  - )

==================== Restore Points  =========================

10-04-2014 09:33:22 Windows Update
10-04-2014 16:09:07 Windows Update
11-04-2014 12:07:58 Windows Update
11-04-2014 13:46:49 Windows Update
11-04-2014 20:14:51 Windows Update
12-04-2014 09:33:29 Windows Update
12-04-2014 21:34:36 Windows Update
13-04-2014 10:09:52 Geplanter Prüfpunkt
13-04-2014 13:08:58 Windows Update
13-04-2014 19:55:42 Windows Update
14-04-2014 10:01:32 Geplanter Prüfpunkt
14-04-2014 21:06:16 Windows Update
15-04-2014 12:02:29 Windows Update
15-04-2014 22:09:02 Windows Update
16-04-2014 10:33:51 Windows Update
16-04-2014 21:07:38 Windows Update
17-04-2014 11:12:03 Geplanter Prüfpunkt
17-04-2014 19:00:28 Windows Update
18-04-2014 07:54:41 Windows Update
18-04-2014 14:49:27 Windows Update
18-04-2014 19:23:54 Windows Update
18-04-2014 20:15:58 Windows Update
19-04-2014 10:11:12 Geplanter Prüfpunkt
19-04-2014 16:37:42 Windows Update
20-04-2014 00:05:52 Windows Update
20-04-2014 11:27:02 Windows Update
20-04-2014 12:55:46 Windows Update
20-04-2014 20:58:40 Windows Update
21-04-2014 09:18:49 Windows Update
21-04-2014 22:18:03 Windows Update
22-04-2014 10:49:37 Windows Update
23-04-2014 06:05:59 Windows Update
23-04-2014 06:30:27 Windows Update
23-04-2014 12:23:07 Windows Update
23-04-2014 19:21:19 Windows Update
23-04-2014 21:36:38 Windows Update
24-04-2014 05:21:20 Windows Update
24-04-2014 06:45:40 Windows Update
24-04-2014 09:47:52 Windows Update
24-04-2014 19:47:13 Windows Update
24-04-2014 21:39:40 Windows Update
25-04-2014 05:21:08 Windows Update
25-04-2014 11:17:35 Windows Update
25-04-2014 21:59:43 Windows Update
26-04-2014 09:35:46 Windows Update
26-04-2014 17:33:08 Windows Update
26-04-2014 21:38:44 Windows Update
27-04-2014 08:46:43 Windows Update
27-04-2014 12:36:28 Windows Update
27-04-2014 21:52:03 Windows Update
28-04-2014 05:26:49 Windows Update
28-04-2014 21:47:08 Windows Update
29-04-2014 16:54:16 Geplanter Prüfpunkt
29-04-2014 21:04:02 Windows Update
30-04-2014 05:32:45 Windows Update
30-04-2014 15:35:51 Windows Update
30-04-2014 20:00:02 Windows Update
01-05-2014 07:02:21 Windows Update
01-05-2014 08:44:56 Wiederherstellungspunkt vor Fehlerhafte Patchregistrierungsschlüssel
01-05-2014 08:57:04 Windows Update
01-05-2014 21:19:42 Windows Update
02-05-2014 16:23:39 Geplanter Prüfpunkt
02-05-2014 22:26:42 Windows Update
03-05-2014 13:26:39 Geplanter Prüfpunkt

==================== Hosts content: ==========================

2006-11-02 12:23 - 2013-03-21 13:14 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1      localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {1145B85B-77F4-4ADA-BEAD-D871D85DAADC} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Signature Update => c:\program files\windows defender\MpCmdRun.exe [2008-01-21] (Microsoft Corporation)
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-21] (Microsoft Corporation)
Task: {51DD63AD-FDED-4114-BE48-E38A8DDD355F} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {964195FE-AE42-4E5D-9254-CC0970A645DD} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {D47BC836-0BF3-4B93-98DF-95136B32F222} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {E1718456-93E9-43EE-B62B-3AE47DD7CDF8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2009-05-27] (Google Inc.)
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-21] ()
Task: {F1DDB829-B93F-4A21-BAD6-A462C1CAB446} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-04-29] (Adobe Systems Incorporated)
Task: {F4BC0A81-166D-409C-B9FC-EC00E1565467} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2009-05-27] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2011-08-29 14:00 - 2001-10-28 17:42 - 00116224 _____ () C:\Windows\System32\pdfcmnnt.dll
2013-02-24 13:24 - 2013-02-24 11:18 - 00397704 _____ () C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
2008-09-19 03:03 - 2008-09-19 03:03 - 00167936 _____ () C:\Program Files\PostgreSQL\8.3\bin\LIBPQ.dll
2006-11-06 18:18 - 2006-11-06 18:18 - 00963584 _____ () C:\Program Files\PostgreSQL\8.3\bin\libxml2.dll
2005-07-20 06:48 - 2005-07-20 06:48 - 00059904 _____ () C:\Program Files\PostgreSQL\8.3\bin\zlib1.dll
2008-02-04 22:43 - 2008-02-04 22:43 - 00027136 _____ () C:\Program Files\PostgreSQL\8.3\lib\plugins\plugin_debugger.dll
2014-04-30 02:52 - 2014-05-03 11:23 - 00316696 _____ () C:\Program Files\webget\updatewebget.exe
2014-05-01 17:50 - 2014-05-03 10:50 - 00316696 _____ () C:\Program Files\webget\bin\utilwebget.exe
2013-02-18 22:43 - 2013-02-18 22:43 - 00968880 _____ () C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe
2008-12-01 22:46 - 2009-05-16 05:22 - 00159744 _____ () C:\Windows\system32\atitmmxx.dll
2009-04-18 20:30 - 2009-04-18 20:30 - 00014848 _____ () C:\Windows\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll
2014-05-01 18:20 - 2014-04-28 19:23 - 00095512 _____ () C:\Program Files\webget\bin\webget.BrowserAdapter.exe
2014-05-01 18:20 - 2014-04-28 10:23 - 00239384 _____ () C:\Program Files\webget\bin\webget.PurBrowse.exe
2014-03-29 14:22 - 2014-03-29 14:22 - 03642480 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\TEMP:5C321E34

==================== Safe Mode (whitelisted) ===================


==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============

Name: Microsoft-ISATAP-Adapter #2
Description: Microsoft-ISATAP-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Microsoft-ISATAP-Adapter #3
Description: Microsoft-ISATAP-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Microsoft-ISATAP-Adapter #4
Description: Microsoft-ISATAP-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Microsoft-ISATAP-Adapter #5
Description: Microsoft-ISATAP-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (05/03/2014 08:21:11 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/03/2014 08:20:32 PM) (Source: VMCService) (User: )
Description: conflictManagerTypeValue

Error: (05/03/2014 02:23:57 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/03/2014 02:23:44 PM) (Source: VMCService) (User: )
Description: conflictManagerTypeValue

Error: (05/03/2014 10:50:05 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/03/2014 10:49:34 AM) (Source: VMCService) (User: )
Description: conflictManagerTypeValue

Error: (05/03/2014 00:29:17 AM) (Source: MsiInstaller) (User: NT-AUTORITÄT)
Description: Produkt: Microsoft .NET Framework 1.1 - Update "{C0F0DCDC-99EA-4405-BDAE-CACABD3D2DF0}" konnte nicht installiert werden. Fehlercode 1603. Weitere Informationen sind in der Protokolldatei C:\Windows\TEMP\NDP1.1sp1-KB2833941-X86\NDP1.1sp1-KB2833941-X86-msi.0.log enthalten.

Error: (05/03/2014 00:29:13 AM) (Source: MsiInstaller) (User: NT-AUTORITÄT)
Description: Produkt: Microsoft .NET Framework 1.1 -- Fehler 1706.Für das Produkt "Microsoft .NET Framework 1.1" wurde kein gültiger Quellcode gefunden.  Windows Installer kann nicht fortfahren.

Error: (05/02/2014 08:43:47 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/02/2014 08:43:13 AM) (Source: VMCService) (User: )
Description: conflictManagerTypeValue


System errors:
=============
Error: (05/03/2014 02:23:59 PM) (Source: Service Control Manager) (User: )
Description: Apple Mobile Device%%1053

Error: (05/03/2014 02:23:59 PM) (Source: Service Control Manager) (User: )
Description: 30000Apple Mobile Device

Error: (05/03/2014 00:29:19 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT-AUTORITÄT)
Description: 0x80070643Sicherheitsupdate für Microsoft .NET Framework 1.1 SP1 unter Windows XP, Windows Vista und Windows Server 2008 x86 (KB2833941){343E12E8-8772-4A72-9982-570122E959DB}203

Error: (05/01/2014 11:21:27 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT-AUTORITÄT)
Description: 0x80070643Sicherheitsupdate für Microsoft .NET Framework 1.1 SP1 unter Windows XP, Windows Vista und Windows Server 2008 x86 (KB2833941){343E12E8-8772-4A72-9982-570122E959DB}203

Error: (05/01/2014 04:53:13 PM) (Source: Service Control Manager) (User: )
Description: MgAssist Service

Error: (05/01/2014 04:52:12 PM) (Source: Service Control Manager) (User: )
Description: MgAssist Service1

Error: (05/01/2014 04:50:47 PM) (Source: Service Control Manager) (User: )
Description: MgAssist Service

Error: (05/01/2014 10:58:32 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT-AUTORITÄT)
Description: 0x80070643Sicherheitsupdate für Microsoft .NET Framework 1.1 SP1 unter Windows XP, Windows Vista und Windows Server 2008 x86 (KB2833941){343E12E8-8772-4A72-9982-570122E959DB}203

Error: (05/01/2014 09:04:15 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT-AUTORITÄT)
Description: 0x80070643Sicherheitsupdate für Microsoft .NET Framework 1.1 SP1 unter Windows XP, Windows Vista und Windows Server 2008 x86 (KB2833941){343E12E8-8772-4A72-9982-570122E959DB}203

Error: (04/30/2014 10:01:51 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT-AUTORITÄT)
Description: 0x80070643Sicherheitsupdate für Microsoft .NET Framework 1.1 SP1 unter Windows XP, Windows Vista und Windows Server 2008 x86 (KB2833941){343E12E8-8772-4A72-9982-570122E959DB}203


Microsoft Office Sessions:
=========================
Error: (11/17/2010 05:39:05 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 53 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (09/07/2009 07:57:30 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.6215.1000. This session lasted 108 seconds with 60 seconds of active time.  This session ended with a crash.


==================== Memory info ===========================

Percentage of memory in use: 44%
Total physical RAM: 3325.39 MB
Available physical RAM: 1860.02 MB
Total Pagefile: 6883.27 MB
Available Pagefile: 4535.66 MB
Total Virtual: 2047.88 MB
Available Virtual: 1888.47 MB

==================== Drives ================================

Drive c: (BOOT) (Fixed) (Total:576.17 GB) (Free:247.28 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (RECOVER) (Fixed) (Total:19.99 GB) (Free:9.86 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 596 GB) (Disk ID: 2BAB359D)
Partition 1: (Active) - (Size=576 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=20 GB) - (Type=OF Extended)

==================== End Of Log ============================
Code:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 21:52 on 03/05/2014 (XXXXXXX)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-

Was mir heute morgen noch aufgefallen ist: Die Java-Updates funktionieren auch nicht. Er updated sich wieder und wieder.

1000 Dank.

schrauber 04.05.2014 07:55
Revo Uninstaller - Download - Filepony
Damit alles deinstallieren was Du in der Additional.txt findest mit dem Zusatz <== ATTENTION

Mit Revo auch Moderat die Reste entfernen lassen.





Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Dramatist 04.05.2014 09:25
Hallo,

habe keine Fehlermeldung bekommen. Hier ist das logfile von Combofix:

Code:
ComboFix 14-04-30.01 - XXXXXXX 04.05.2014  10:06:28.6.2 - x86
Microsoft® Windows Vista™ Home Premium  6.0.6002.2.1252.49.1031.18.3325.2139 [GMT 2:00]
ausgeführt von:: c:\users\XXXXXXX\Desktop\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Desktop *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\XXXXXXX\AppData\Local\TempFullTiltPokerEuSetup.exe
.
.
(((((((((((((((((((((((  Dateien erstellt von 2014-04-04 bis 2014-05-04  ))))))))))))))))))))))))))))))
.
.
2014-05-04 08:17 . 2014-05-04 08:17        --------        d-----w-        c:\users\XXXXXXX\AppData\Local\temp
2014-05-04 08:17 . 2014-05-04 08:17        --------        d-----w-        c:\users\Public\AppData\Local\temp
2014-05-04 08:17 . 2014-05-04 08:17        --------        d-----w-        c:\users\postgres\AppData\Local\temp
2014-05-04 08:17 . 2014-05-04 08:17        --------        d-----w-        c:\users\Default\AppData\Local\temp
2014-05-04 08:17 . 2014-05-04 08:17        --------        d-----w-        c:\users\autor\AppData\Local\temp
2014-05-03 19:53 . 2014-05-03 20:01        --------        d-----w-        C:\FRST
2014-05-02 22:27 . 2014-04-29 10:07        2382848        ----a-w-        c:\windows\system32\mshtml.tlb
2014-05-02 06:54 . 2014-04-17 03:32        8050496        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{AD59C3FE-CAAA-408B-8BE9-34D1F008FAFC}\mpengine.dll
2014-05-01 16:20 . 2014-04-28 08:23        55224        ----a-w-        c:\windows\system32\drivers\{9edd0ea8-2819-47c2-8320-b007d5996f8a}Gt.sys
2014-05-01 14:51 . 2014-05-01 14:51        --------        d-----w-        c:\users\XXXXXXX\.android
2014-05-01 14:50 . 2014-05-01 14:56        --------        d-----w-        c:\users\XXXXXXX\AppData\Local\Mobogenie
2014-05-01 14:50 . 2014-05-01 14:50        --------        d-----w-        c:\users\XXXXXXX\AppData\Roaming\SupTab
2014-05-01 14:50 . 2014-05-01 15:00        --------        d-----w-        c:\program files\SupTab
2014-05-01 14:50 . 2014-05-01 14:51        --------        d-----w-        c:\programdata\IePluginService
2014-05-01 14:50 . 2014-05-04 07:35        --------        d-----w-        c:\programdata\WPM
2014-05-01 14:49 . 2014-05-02 06:42        --------        d-----w-        c:\program files\webget
2014-05-01 14:49 . 2014-05-01 15:00        --------        d-----w-        c:\users\XXXXXXX\AppData\Roaming\sweet-page
2014-05-01 14:47 . 2014-05-01 14:56        --------        d-----w-        c:\users\XXXXXXX\AppData\Roaming\Systweak
2014-05-01 14:47 . 2014-03-19 10:12        18776        ----a-w-        c:\windows\system32\roboot.exe
2014-05-01 08:44 . 2014-05-01 08:44        --------        d-----w-        c:\users\XXXXXXX\AppData\Local\ElevatedDiagnostics
2014-04-30 11:05 . 2014-04-30 15:35        --------        d-----w-        c:\program files\Mozilla Thunderbird
2014-04-18 14:30 . 2014-04-18 14:30        --------        d-----w-        c:\programdata\HP
2014-04-18 14:30 . 2014-04-18 14:30        --------        d-----w-        c:\program files\HP
2014-04-07 18:19 . 2014-04-07 18:19        94632        ----a-w-        c:\windows\system32\WindowsAccessBridge.dll
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-04-29 10:42 . 2012-04-09 15:28        692400        ----a-w-        c:\windows\system32\FlashPlayerApp.exe
2014-04-29 10:42 . 2011-06-15 07:21        70832        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl
2014-03-31 07:35 . 2009-10-03 13:46        231584        ------w-        c:\windows\system32\MpSigStub.exe
2014-02-07 10:38 . 2014-03-13 12:15        2050560        ----a-w-        c:\windows\system32\win32k.sys
2014-02-03 10:37 . 2014-03-13 12:15        505344        ----a-w-        c:\windows\system32\qedit.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2005-02-16 221184]
"WizMouse"="c:\program files\WizMouse\WizMouse.exe" [2010-05-23 723248]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-09-13 59720]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2014-02-20 689744]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2014-01-17 421888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
.
--- Andere Dienste/Treiber im Speicher ---
.
*Deregistered* - BMLoad
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation        REG_MULTI_SZ          FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-04-28 20:23        1078088        ----a-w-        c:\program files\Google\Chrome\Application\34.0.1847.131\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2014-05-04 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-09 10:42]
.
2014-05-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-26 22:01]
.
2014-05-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-26 22:01]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = about:blank
mStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: {{07BA1DA9-F501-4796-8728-74D1B91A6CD5} - c:\program files\PokerStars.EU\PokerStarsUpdate.exe
LSP: bmnet.dll
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\XXXXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\zxapfs10.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.spiegel.de/
FF - ExtSQL: !HIDDEN! 2009-06-25 03:00; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-vProt - c:\program files\AVG Secure Search\vprot.exe
HKLM-Run-mobilegeni daemon - c:\program files\Mobogenie\DaemonProcess.exe
c:\users\autor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe
.
.
.
**************************************************************************
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
  mobilegeni daemon = c:\program files\Mobogenie\DaemonProcess.exe?????????????????????????????????????????????????????????????????????????????????????
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien:
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'lsass.exe'(704)
c:\windows\system32\bmnet.dll
.
Zeit der Fertigstellung: 2014-05-04  10:20:37
ComboFix-quarantined-files.txt  2014-05-04 08:20
ComboFix2.txt  2013-03-21 11:24
ComboFix3.txt  2013-03-21 10:16
.
Vor Suchlauf: 23 Verzeichnis(se), 267.887.411.200 Bytes frei
Nach Suchlauf: 24 Verzeichnis(se), 268.049.907.712 Bytes frei
.
- - End Of File - - 362C4872262165881157C53A02217D76
5C616939100B85E558DA92B899A0FC36
Vielen Dank!

schrauber 04.05.2014 11:00
Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.

Dramatist 04.05.2014 14:27
Hallo,

da bin ich wieder. Eine Addition.txt konnte ich diesmal nach dem FRST-Scan nicht finden. Alles andere kommt jetzt:

Code:
Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 04.05.2014
Suchlauf-Zeit: 13:54:24
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.1.1004
Malware Datenbank: v2014.05.04.03
Rootkit Datenbank: v2014.03.27.01
Lizenz: Testversion
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Chameleon: Deaktiviert

Betriebssystem: Windows Vista Service Pack 2
CPU: x86
Dateisystem: NTFS
Benutzer: XXXXXXX

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 313214
Verstrichene Zeit: 47 Min, 13 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Shuriken: Aktiviert
PUP: Warnen
PUM: Aktiviert

Prozesse: 5
PUP.Optional.IePluginService.A, C:\ProgramData\IePluginService\PluginService.exe, 1616, Löschen bei Neustart, [ee12669abe420bf5e3ba80d3c53c639d]
PUP.Optional.Webget.A, C:\Program Files\webget\updatewebget.exe, 2408, Löschen bei Neustart, [19e740c049b7cf31a895e59044bdd52b]
PUP.Optional.Webget.A, C:\Program Files\webget\bin\utilwebget.exe, 2560, Löschen bei Neustart, [1be53cc425db8779211c3045867be818]
PUP.Optional.Webget.A, C:\Program Files\webget\bin\webget.BrowserAdapter.exe, 2552, Löschen bei Neustart, [10f077899c6423dd9711294d0bf78e72]
PUP.Optional.Webget.A, C:\Program Files\webget\bin\webget.PurBrowse.exe, 2236, Löschen bei Neustart, [10f077899c6423dd9711294d0bf78e72]

Module: 1
PUP.Optional.Webget.A, C:\Program Files\webget\bin\{9edd0ea8-2819-47c2-8320-b007d5996f8a}.dll, Löschen bei Neustart, [10f077899c6423dd9711294d0bf78e72],

Registrierungsschlüssel: 23
PUP.Optional.IePluginService.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\IePluginService, In Quarantäne, [ee12669abe420bf5e3ba80d3c53c639d],
PUP.Optional.Webget.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Update webget, In Quarantäne, [19e740c049b7cf31a895e59044bdd52b],
PUP.Optional.Webget.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Util webget, In Quarantäne, [1be53cc425db8779211c3045867be818],
PUP.Optional.Webget.A, HKLM\SOFTWARE\CLASSES\CLSID\{8e97f74c-a4dd-4608-aa15-3d1b1f62cfc7}, In Quarantäne, [a65a54ac01fffe029d9f591c926fb050],
PUP.Optional.Webget.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{5d198f49-cf7b-4ad7-b9b4-aba458f6d478}, In Quarantäne, [a65a54ac01fffe029d9f591c926fb050],
PUP.Optional.Webget.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{B89C9191-DEEC-41E4-8DC7-2EBF2BEA1DCB}, In Quarantäne, [a65a54ac01fffe029d9f591c926fb050],
PUP.Optional.Webget.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{8E97F74C-A4DD-4608-AA15-3D1B1F62CFC7}, In Quarantäne, [a65a54ac01fffe029d9f591c926fb050],
PUP.Optional.Webget.A, HKLM\SOFTWARE\CLASSES\CLSID\{8E97F74C-A4DD-4608-AA15-3D1B1F62CFC7}\INPROCSERVER32, In Quarantäne, [a65a54ac01fffe029d9f591c926fb050],
PUP.Optional.BrowseFox.A, HKLM\SOFTWARE\CLASSES\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}, In Quarantäne, [ce32916fea1620e0c12b64f0a062c43c],
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, In Quarantäne, [1ae69c64ba464db37b64829dfc069f61],
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, In Quarantäne, [1ae69c64ba464db37b64829dfc069f61],
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{FD8F79A0-D2E2-4FA2-AEAF-393EAC8064F7}, In Quarantäne, [ae522cd436cac937b3027adb9e648878],
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70}, In Quarantäne, [837d649c8e7235cbc4f1f85da0624ab6],
PUP.Optional.Webget.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\webget, In Quarantäne, [10f077899c6423dd9711294d0bf78e72],
PUP.Optional.Webget.A, HKLM\SOFTWARE\CLASSES\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}, In Quarantäne, [10f077899c6423dd9711294d0bf78e72],
PUP.Optional.Webget.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}, In Quarantäne, [10f077899c6423dd9711294d0bf78e72],
PUP.Optional.Webget.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}, In Quarantäne, [10f077899c6423dd9711294d0bf78e72],
PUP.Optional.Webget.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}, In Quarantäne, [10f077899c6423dd9711294d0bf78e72],
PUP.Optional.SweetPage.A, HKLM\SOFTWARE\sweet-pageSoftware, In Quarantäne, [e51b619fd729cf31f6e183344bb802fe],
PUP.Optional.Webget.A, HKLM\SOFTWARE\webget, In Quarantäne, [9b6577899c64da26a3072b4b26dcda26],
PUP.Optional.Webget.A, HKU\S-1-5-21-1492898777-1315905052-4281177461-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\webget, Löschen bei Neustart, [4eb260a027d920e081287501e220a55b],
PUP.Optional.InstallCore.A, HKU\S-1-5-21-1492898777-1315905052-4281177461-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE\1I1T1Q1S, Löschen bei Neustart, [c93715ebbf41cf310dd56b2123df1ee2],
PUP.Optional.InstallCore.A, HKU\S-1-5-21-1492898777-1315905052-4281177461-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE, Löschen bei Neustart, [46babd43db257e82f2179d0641c2c838],

Registrierungswerte: 1
PUP.Optional.InstallCore.A, HKU\S-1-5-21-1492898777-1315905052-4281177461-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE|tb, 0V1D1S1R1D0V1O, Löschen bei Neustart, [46babd43db257e82f2179d0641c2c838]

Registrierungsdaten: 0
(No malicious items detected)

Ordner: 6
PUP.Optional.Webget.A, C:\Program Files\webget, Löschen bei Neustart, [10f077899c6423dd9711294d0bf78e72],
PUP.Optional.Webget.A, C:\Program Files\webget\bin, Löschen bei Neustart, [10f077899c6423dd9711294d0bf78e72],
PUP.Optional.Webget.A, C:\Program Files\webget\bin\plugins, In Quarantäne, [10f077899c6423dd9711294d0bf78e72],
PUP.Optional.Webget.A, C:\Program Files\webget\bin\TEMP, In Quarantäne, [10f077899c6423dd9711294d0bf78e72],
PUP.Optional.IePluginService.A, C:\ProgramData\IePluginService, Löschen bei Neustart, [07f99e6217e9d42cefa60c5eaf53fb05],
PUP.Optional.IePluginService.A, C:\ProgramData\IePluginService\update, In Quarantäne, [07f99e6217e9d42cefa60c5eaf53fb05],

Dateien: 27
PUP.Optional.IePluginService.A, C:\ProgramData\IePluginService\PluginService.exe, Löschen bei Neustart, [ee12669abe420bf5e3ba80d3c53c639d],
PUP.Optional.Webget.A, C:\Program Files\webget\updatewebget.exe, Löschen bei Neustart, [19e740c049b7cf31a895e59044bdd52b],
PUP.Optional.Webget.A, C:\Program Files\webget\bin\utilwebget.exe, Löschen bei Neustart, [1be53cc425db8779211c3045867be818],
PUP.Optional.Webget.A, C:\Program Files\webget\webgetBHO.dll, In Quarantäne, [a65a54ac01fffe029d9f591c926fb050],
PUP.Optional.SupTab.A, C:\Users\XXXXXXX\AppData\Roaming\SupTab\SupTab.dll, In Quarantäne, [2cd4748ce917619f480555e042befa06],
PUP.Optional.Webget.A, C:\Program Files\webget\webget.ico, In Quarantäne, [10f077899c6423dd9711294d0bf78e72],
PUP.Optional.Webget.A, C:\Program Files\webget\7za.exe, In Quarantäne, [10f077899c6423dd9711294d0bf78e72],
PUP.Optional.Webget.A, C:\Program Files\webget\updatewebget.InstallState, In Quarantäne, [10f077899c6423dd9711294d0bf78e72],
PUP.Optional.Webget.A, C:\Program Files\webget\webgetUninstall.exe, In Quarantäne, [10f077899c6423dd9711294d0bf78e72],
PUP.Optional.Webget.A, C:\Program Files\webget\bin\7za.exe, In Quarantäne, [10f077899c6423dd9711294d0bf78e72],
PUP.Optional.Webget.A, C:\Program Files\webget\bin\BrowserAdapterS.7z, In Quarantäne, [10f077899c6423dd9711294d0bf78e72],
PUP.Optional.Webget.A, C:\Program Files\webget\bin\sqlite3.dll, In Quarantäne, [10f077899c6423dd9711294d0bf78e72],
PUP.Optional.Webget.A, C:\Program Files\webget\bin\utilwebget.InstallState, In Quarantäne, [10f077899c6423dd9711294d0bf78e72],
PUP.Optional.Webget.A, C:\Program Files\webget\bin\webget.BrowserAdapter.exe, Löschen bei Neustart, [10f077899c6423dd9711294d0bf78e72],
PUP.Optional.Webget.A, C:\Program Files\webget\bin\webget.PurBrowse.exe, Löschen bei Neustart, [10f077899c6423dd9711294d0bf78e72],
PUP.Optional.Webget.A, C:\Program Files\webget\bin\webget.PurBrowseG.zip, In Quarantäne, [10f077899c6423dd9711294d0bf78e72],
PUP.Optional.Webget.A, C:\Program Files\webget\bin\webgetBAApp.dll, In Quarantäne, [10f077899c6423dd9711294d0bf78e72],
PUP.Optional.Webget.A, C:\Program Files\webget\bin\{9edd0ea8-2819-47c2-8320-b007d5996f8a}.dll, Löschen bei Neustart, [10f077899c6423dd9711294d0bf78e72],
PUP.Optional.Webget.A, C:\Program Files\webget\bin\plugins\webget.Bromon.dll, In Quarantäne, [10f077899c6423dd9711294d0bf78e72],
PUP.Optional.Webget.A, C:\Program Files\webget\bin\plugins\webget.BrowserAdapterS.dll, In Quarantäne, [10f077899c6423dd9711294d0bf78e72],
PUP.Optional.Webget.A, C:\Program Files\webget\bin\plugins\webget.CompatibilityChecker.dll, In Quarantäne, [10f077899c6423dd9711294d0bf78e72],
PUP.Optional.Webget.A, C:\Program Files\webget\bin\plugins\webget.FFUpdate.dll, In Quarantäne, [10f077899c6423dd9711294d0bf78e72],
PUP.Optional.Webget.A, C:\Program Files\webget\bin\plugins\webget.IEUpdate.dll, In Quarantäne, [10f077899c6423dd9711294d0bf78e72],
PUP.Optional.Webget.A, C:\Program Files\webget\bin\plugins\webget.PurBrowseG.dll, In Quarantäne, [10f077899c6423dd9711294d0bf78e72],
PUP.Optional.Searchqu.A, C:\Users\XXXXXXX\AppData\Roaming\Mozilla\Extensions\{1FD91A9C-410C-4090-BBCC-55D3450EF433}, In Quarantäne, [31cf48b89a66c937591d277cf90a5ea2],
PUP.Optional.PCPerformer.A, C:\Windows\System32\roboot.exe, In Quarantäne, [d12ff20edf2133cd54ae73319370b54b],
PUP.Optional.IePluginService.A, C:\ProgramData\IePluginService\update\conf, In Quarantäne, [07f99e6217e9d42cefa60c5eaf53fb05],

Physische Sektoren: 0
(No malicious items detected)


(end)
Code:
# AdwCleaner v3.205 - Bericht erstellt am 04/05/2014 um 14:24:19
# Aktualisiert 28/04/2014 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzername : XXXXXXX - XXXXXXX-PC
# Gestartet von : C:\Users\XXXXXXX\Downloads\adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****

Dienst Gelöscht : vToolbarUpdater14.2.0

***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\Program Files\SupTab
Ordner Gelöscht : C:\Program Files\Common Files\AVG Secure Search
Ordner Gelöscht : C:\Program Files\Common Files\DVDVideoSoft\TB
Ordner Gelöscht : C:\Users\XXXXXXX\.android
Ordner Gelöscht : C:\Users\XXXXXXX\AppData\Local\Mobogenie
Ordner Gelöscht : C:\Users\XXXXXXX\AppData\Roaming\SupTab
Ordner Gelöscht : C:\Users\XXXXXXX\AppData\Roaming\sweet-page
Ordner Gelöscht : C:\Users\XXXXXXX\AppData\Roaming\Systweak
Ordner Gelöscht : C:\Users\XXXXXXX\Documents\Mobogenie
Ordner Gelöscht : C:\Users\XXXXXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\bopakagnckmlgajfccecajhnimjiiedh
Datei Gelöscht : C:\Users\XXXXXXX\daemonprocess.txt
Datei Gelöscht : C:\Users\XXXXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\zxapfs10.default\bProtector_extensions.rdf
Datei Gelöscht : C:\Users\XXXXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\zxapfs10.default\searchplugins\11-suche.xml
Datei Gelöscht : C:\Users\XXXXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\zxapfs10.default\user.js

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{00B11DA2-75ED-4364-ABA5-9A95B1F5E946}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
Schlüssel Gelöscht : HKCU\Software\Grand Virtual
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\systweak
Schlüssel Gelöscht : HKCU\Software\UpdateStar
Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar
Schlüssel Gelöscht : HKLM\Software\supTab
Schlüssel Gelöscht : HKLM\Software\supWPM
Schlüssel Gelöscht : HKLM\Software\systweak
Schlüssel Gelöscht : HKLM\Software\Wpm
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Wpm
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\CC94835868BCA58489B0D79DE655BCB1

***** [ Browser ] *****

-\\ Internet Explorer v9.0.8112.16545


-\\ Mozilla Firefox v28.0 (de)

[ Datei : C:\Users\XXXXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\zxapfs10.default\prefs.js ]


-\\ Google Chrome v34.0.1847.131

[ Datei : C:\Users\XXXXXXX\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Gelöscht [Search Provider] : hxxp://isearch.avg.com/search?cid={9536F7B5-3CC2-431B-81F2-1F4AEC0ADECB}&mid=964f157627f547d09810d16d67fda00f-274ad8d6f781619f187fdf02f3d537cae9e2cd0e&lang=en&ds=qw011&pr=sa&d=2012-08-29 17:29:39&v=14.2.0.1&pid=avg&sg=&sap=dsp&q={searchTerms}
Gelöscht [Startup_urls] : hxxp://www.sweet-page.com/?type=hp&ts=1398955723&from=cor&uid=395049983_1052451_CE8AA895
Gelöscht [Extension] : bopakagnckmlgajfccecajhnimjiiedh

*************************

AdwCleaner[R0].txt - [4007 octets] - [04/05/2014 14:21:35]
AdwCleaner[S0].txt - [3928 octets] - [04/05/2014 14:24:19]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3988 octets] ##########
Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.3 (03.23.2014:1)
OS: Windows Vista (TM) Home Premium x86
Ran by XXXXXXX on 04.05.2014 at 14:58:49,33
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1492898777-1315905052-4281177461-1000\Software\sweetim



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Program Files\free video converter"



~~~ FireFox

Emptied folder: C:\Users\XXXXXXX\AppData\Roaming\mozilla\firefox\profiles\zxapfs10.default\minidumps [320 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 04.05.2014 at 15:02:42,98
Computer was rebooted
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
[CODE]A
FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:01-05-2014
Ran by XXXXXXX (administrator) on XXXXXXX-PC on 04-05-2014 15:21:09
Running from C:\Users\XXXXXXX\Downloads
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(AMD) C:\Windows\System32\atiesrxx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Teruten) C:\Windows\System32\FsUsbExService.Exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Nero AG) C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Prolific Technology Inc.) C:\Windows\System32\IoctlSvc.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
(InstallShield Software Corporation) C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Antibody Software) C:\Program Files\WizMouse\WizMouse.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jucheck.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2008-08-29] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [ISUSScheduler] => C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [81920 2005-02-16] (InstallShield Software Corporation)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-20] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKU\S-1-5-21-1492898777-1315905052-4281177461-1000\...\Run: [ISUSPM Startup] => C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2005-02-16] (InstallShield Software Corporation)
HKU\S-1-5-21-1492898777-1315905052-4281177461-1000\...\Run: [WizMouse] => C:\Program Files\WizMouse\WizMouse.exe [723248 2010-05-23] (Antibody Software)
HKU\S-1-5-21-1492898777-1315905052-4281177461-1004\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x9E32AFFD3060CD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {0181C607-A64D-4BBC-A2FA-55E2BB7554FB} URL = hxxp://de.search.yahoo.com.anonymize-me.de/?anonymto=687474703A2F2F64652E7365617263682E7961686F6F2E636F6D2F7365617263683F66723D6368722D677265656E747265655F69652665693D7574662D3826747970653D38363730333426703D7B7365617263685465726D737D&st={searchTerms}&clid=5207cd4e-d476-4bdd-9ee1-9f47ac8e232e&pid=freewarede&k=0
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E62696E672E636F6D2F7365617263683F713D7B7365617263685465726D737D267372633D49452D536561726368426F7826464F524D3D494538535243&st={searchTerms}&clid=5207cd4e-d476-4bdd-9ee1-9f47ac8e232e&pid=freewarede&k=0
SearchScopes: HKCU - {2B5032A6-E854-4E0E-9C2A-C5DCF008CB01} URL = hxxp://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=5207cd4e-d476-4bdd-9ee1-9f47ac8e232e&pid=freewarede&mode=bounce&k=0
SearchScopes: HKCU - {359F0056-0341-420C-8B2A-49ED130C72CB} URL = hxxp://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=5207cd4e-d476-4bdd-9ee1-9f47ac8e232e&pid=freewarede&mode=bounce&k=0
SearchScopes: HKCU - {870CD05D-0A80-48CC-8D17-D2F4A591BF72} URL = hxxp://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=5207cd4e-d476-4bdd-9ee1-9f47ac8e232e&pid=freewarede&mode=bounce&k=0
SearchScopes: HKCU - {DE87B9B7-B9A2-4611-A089-A0EBC29158D5} URL = hxxp://de.wikipedia.org.anonymize-me.de/?to=64652E77696B6970656469612E6F7267&st={searchTerms}&clid=5207cd4e-d476-4bdd-9ee1-9f47ac8e232e&pid=freewarede&mode=bounce&k=0
SearchScopes: HKCU - {EA9ED40B-01DC-4B88-AA21-3DAA4553C4E7} URL = hxxp://search.ebay.de.anonymize-me.de/?to=656261792E6465&st={searchTerms}&clid=5207cd4e-d476-4bdd-9ee1-9f47ac8e232e&pid=freewarede&mode=bounce&k=0
SearchScopes: HKCU - {FF56FBFE-2BB1-46A0-942A-6BD0B16DE457} URL = hxxp://www.amazon.de.anonymize-me.de/?to=616D617A6F6E2E6465&st={searchTerms}&clid=5207cd4e-d476-4bdd-9ee1-9f47ac8e232e&pid=freewarede&mode=bounce&k=0
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
ShellExecuteHooks:  - {AEB6717E-7E19-11d0-97EE-00C04FD91972} -  No File [ ]
Winsock: Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [152864] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\XXXXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\zxapfs10.default
FF DefaultSearchEngine: Yahoo
FF SelectedSearchEngine: Yahoo
FF Homepage: hxxp://www.spiegel.de/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_206.dll ()
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF Plugin: @divx.com/DivX Player Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @google.com/npPicasa3,version=3.0.0 - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @videolan.org/vlc,version=2.0.0 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin HKCU: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\XXXXXXX\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npDivxPlayerPlugin.dll (DivX, Inc)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npLegitCheckPlugin.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF SearchPlugin: C:\Users\XXXXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\zxapfs10.default\searchplugins\englische-ergebnisse.xml
FF SearchPlugin: C:\Users\XXXXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\zxapfs10.default\searchplugins\gmx-suche.xml
FF SearchPlugin: C:\Users\XXXXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\zxapfs10.default\searchplugins\lastminute.xml
FF SearchPlugin: C:\Users\XXXXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\zxapfs10.default\searchplugins\webde-suche.xml
FF SearchPlugin: C:\Users\XXXXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\zxapfs10.default\searchplugins\wot-safe-search.xml
FF SearchPlugin: C:\Users\XXXXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\zxapfs10.default\searchplugins\{2EA57602-F694-4ECB-9E4E-006AB5F53A62}.xml
FF SearchPlugin: C:\Users\XXXXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\zxapfs10.default\searchplugins\{D88E1900-B5E3-469F-8183-9232B17F07CC}.xml
FF SearchPlugin: C:\Users\XXXXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\zxapfs10.default\searchplugins\{E4CED27D-38C5-439A-92DB-24F610B847FA}.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Microsoft .NET Framework Assistant - C:\Users\XXXXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\zxapfs10.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010-06-25]
FF Extension: WOT - C:\Users\XXXXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\zxapfs10.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2013-11-26]
FF Extension: WEB.DE MailCheck - C:\Users\XXXXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\zxapfs10.default\Extensions\toolbar@web.de.xpi [2011-12-24]
FF Extension: NoScript - C:\Users\XXXXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\zxapfs10.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2012-03-19]
FF Extension: Adblock Plus - C:\Users\XXXXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\zxapfs10.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-03-19]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-03-29]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2014-03-29]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM\...\Firefox\Extensions: [ff-bmboc@bytemobile.com] - C:\Program Files\Vodafone\Vodafone Mobile Connect\Optimization Client\addon\
FF Extension: Bytemobile Optimization Client - C:\Program Files\Vodafone\Vodafone Mobile Connect\Optimization Client\addon\ []

Chrome:
=======
CHR HomePage:
CHR Extension: (Google Docs) - C:\Users\XXXXXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-02-22]
CHR Extension: (Google Drive) - C:\Users\XXXXXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-02-22]
CHR Extension: (YouTube) - C:\Users\XXXXXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-02-22]
CHR Extension: (No Name) - C:\Users\XXXXXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\bopakagnckmlgajfccecajhnimjiiedh [2014-02-22]
CHR Extension: (Google-Suche) - C:\Users\XXXXXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-02-22]
CHR Extension: (Google Wallet) - C:\Users\XXXXXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-22]
CHR Extension: (Google Mail) - C:\Users\XXXXXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-02-22]

========================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
S2 gupdate1c9de4d978f7944; C:\Program Files\Google\Update\GoogleUpdate.exe [133104 2009-05-27] (Google Inc.)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation)
R2 pgsql-8.3; C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe [65536 2008-09-19] (PostgreSQL Global Development Group)
S2 VMCService; C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [9216 2009-09-11] (Vodafone)

==================== Drivers (Whitelisted) ====================

S3 61883; C:\Windows\System32\DRIVERS\61883.sys [45696 2008-01-21] (Microsoft Corporation)
R0 ahcix86s; C:\Windows\System32\DRIVERS\ahcix86s.sys [183312 2008-10-03] (Advanced Micro Devices, Inc)
R0 amdide; C:\Windows\System32\DRIVERS\amdide.sys [10632 2007-10-12] (Advanced Micro Devices)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [90400 2013-12-12] (Avira Operations GmbH & Co. KG)
R1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [33112 2013-02-18] (AVG Technologies)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135648 2013-12-12] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-10-01] (Avira Operations GmbH & Co. KG)
S3 Dot4Scan; C:\Windows\System32\DRIVERS\Dot4Scan.sys [10752 2008-01-21] (Microsoft Corporation)
R3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [36608 2009-04-07] ()
R0 giveio; C:\Windows\System32\giveio.sys [5248 1996-04-03] ()
S3 hwusbfake; C:\Windows\System32\DRIVERS\ewusbfake.sys [102912 2009-06-29] (Huawei Technologies Co., Ltd.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-04-03] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [107736 2014-05-04] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51416 2014-04-03] (Malwarebytes Corporation)
R0 speedfan; C:\Windows\System32\speedfan.sys [5248 2006-09-24] (Windows (R) 2000 DDK provider)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-02-24] (Avira GmbH)
R1 {9edd0ea8-2819-47c2-8320-b007d5996f8a}Gt; C:\Windows\System32\drivers\{9edd0ea8-2819-47c2-8320-b007d5996f8a}Gt.sys [55224 2014-04-28] (StdLib)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
S3 catchme; \??\C:\Users\XXXXXXX\AppData\Local\Temp\catchme.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-04 15:21 - 2014-05-04 15:21 - 00018737 _____ () C:\Users\XXXXXXX\Downloads\FRST.txt
2014-05-04 15:20 - 2014-05-04 15:20 - 01050624 _____ (Farbar) C:\Users\XXXXXXX\Downloads\FRST.exe
2014-05-04 14:48 - 2014-05-04 14:48 - 01016261 _____ (Thisisu) C:\Users\XXXXXXX\Downloads\JRT.exe
2014-05-04 14:22 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll
2014-05-04 14:21 - 2014-05-04 14:25 - 00000000 ____D () C:\AdwCleaner
2014-05-04 14:20 - 2014-05-04 14:21 - 01310621 _____ () C:\Users\XXXXXXX\Downloads\adwcleaner.exe
2014-05-04 13:05 - 2014-05-04 15:17 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-04 13:04 - 2014-05-04 13:04 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\XXXXXXX\Downloads\mbam-setup-2.0.1.1004.exe
2014-05-04 13:04 - 2014-05-04 13:04 - 00000863 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-04 13:04 - 2014-05-04 13:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-04 13:04 - 2014-05-04 13:04 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-05-04 13:04 - 2014-04-03 09:51 - 00073432 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-04 13:04 - 2014-04-03 09:51 - 00051416 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-04 10:20 - 2014-05-04 10:20 - 00009589 _____ () C:\ComboFix.txt
2014-05-04 10:04 - 2014-05-04 10:20 - 00000000 ____D () C:\ComboFix
2014-05-04 10:00 - 2014-05-04 10:00 - 05197895 _____ (Swearware) C:\Users\XXXXXXX\Downloads\ComboFix.exe
2014-05-03 22:13 - 2014-02-14 21:37 - 00000426 _____ () C:\AVScanner.ini
2014-05-03 22:09 - 2014-05-03 22:09 - 00380416 _____ () C:\Users\XXXXXXX\Downloads\Gmer-19357.exe
2014-05-03 21:53 - 2014-05-04 15:21 - 00000000 ____D () C:\FRST
2014-05-03 00:27 - 2014-04-29 12:28 - 12347392 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-03 00:27 - 2014-04-29 12:07 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-01 18:20 - 2014-04-28 10:23 - 00055224 _____ (StdLib) C:\Windows\system32\Drivers\{9edd0ea8-2819-47c2-8320-b007d5996f8a}Gt.sys
2014-05-01 16:50 - 2014-05-04 09:35 - 00000000 ____D () C:\ProgramData\WPM
2014-04-30 13:05 - 2014-04-30 17:35 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2014-04-18 16:30 - 2014-04-18 16:30 - 00000000 ____D () C:\ProgramData\HP
2014-04-18 16:30 - 2014-04-18 16:30 - 00000000 ____D () C:\Program Files\HP
2014-04-09 14:55 - 2014-03-08 01:20 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-04-09 14:55 - 2014-03-08 01:12 - 01806848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-04-09 14:55 - 2014-03-08 01:03 - 01105408 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-04-09 14:55 - 2014-03-08 01:02 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-04-09 14:55 - 2014-03-08 01:02 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-04-09 14:55 - 2014-03-08 01:00 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-04-09 14:55 - 2014-03-08 00:59 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-04-09 14:55 - 2014-03-08 00:57 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-04-09 14:55 - 2014-03-08 00:57 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-04-09 14:55 - 2014-03-08 00:56 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-04-09 14:55 - 2014-03-08 00:54 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-04-09 14:55 - 2014-03-08 00:53 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-04-09 14:55 - 2014-03-08 00:52 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-04-09 14:55 - 2014-03-08 00:47 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-04-09 09:01 - 2014-02-06 03:56 - 00894464 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-04-07 20:20 - 2014-04-07 20:19 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-04-07 20:19 - 2014-04-07 20:19 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-04-07 20:19 - 2014-04-07 20:19 - 00174504 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-04-07 20:19 - 2014-04-07 20:19 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-04-07 20:19 - 2014-04-07 20:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java

==================== One Month Modified Files and Folders =======

2014-05-04 15:21 - 2014-05-04 15:21 - 00018737 _____ () C:\Users\XXXXXXX\Downloads\FRST.txt
2014-05-04 15:21 - 2014-05-03 21:53 - 00000000 ____D () C:\FRST
2014-05-04 15:20 - 2014-05-04 15:20 - 01050624 _____ (Farbar) C:\Users\XXXXXXX\Downloads\FRST.exe
2014-05-04 15:17 - 2014-05-04 13:05 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-04 15:14 - 2009-06-30 21:32 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-04 15:13 - 2006-11-02 15:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-04 15:13 - 2006-11-02 14:47 - 00003840 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-04 15:13 - 2006-11-02 14:47 - 00003840 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-04 15:10 - 2008-01-21 03:35 - 01570148 _____ () C:\Windows\WindowsUpdate.log
2014-05-04 15:10 - 2006-11-02 15:01 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-05-04 14:48 - 2014-05-04 14:48 - 01016261 _____ (Thisisu) C:\Users\XXXXXXX\Downloads\JRT.exe
2014-05-04 14:32 - 2012-04-09 17:28 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-04 14:28 - 2011-03-28 14:16 - 00159204 _____ () C:\Windows\PFRO.log
2014-05-04 14:25 - 2014-05-04 14:21 - 00000000 ____D () C:\AdwCleaner
2014-05-04 14:24 - 2009-08-27 14:23 - 00000000 ____D () C:\Program Files\Common Files\DVDVideoSoft
2014-05-04 14:22 - 2009-06-30 21:32 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-04 14:21 - 2014-05-04 14:20 - 01310621 _____ () C:\Users\XXXXXXX\Downloads\adwcleaner.exe
2014-05-04 14:08 - 2006-11-02 12:23 - 00001460 _____ () C:\Windows\win.ini
2014-05-04 13:56 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\PLA
2014-05-04 13:04 - 2014-05-04 13:04 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\XXXXXXX\Downloads\mbam-setup-2.0.1.1004.exe
2014-05-04 13:04 - 2014-05-04 13:04 - 00000863 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-04 13:04 - 2014-05-04 13:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-04 13:04 - 2014-05-04 13:04 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-05-04 13:04 - 2011-03-24 18:08 - 00000000 ____D () C:\Users\XXXXXXX\AppData\Roaming\Malwarebytes
2014-05-04 13:04 - 2011-03-24 18:07 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-04 13:04 - 2011-03-24 18:07 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-05-04 10:20 - 2014-05-04 10:20 - 00009589 _____ () C:\ComboFix.txt
2014-05-04 10:20 - 2014-05-04 10:04 - 00000000 ____D () C:\ComboFix
2014-05-04 10:20 - 2013-03-21 12:03 - 00000000 ____D () C:\Qoobox
2014-05-04 10:17 - 2006-11-02 12:23 - 00000215 _____ () C:\Windows\system.ini
2014-05-04 10:00 - 2014-05-04 10:00 - 05197895 _____ (Swearware) C:\Users\XXXXXXX\Downloads\ComboFix.exe
2014-05-04 09:35 - 2014-05-01 16:50 - 00000000 ____D () C:\ProgramData\WPM
2014-05-04 08:36 - 2009-04-19 11:24 - 00000000 ____D () C:\Users\XXXXXXX\AppData\Local\PokerStars.EU
2014-05-03 22:09 - 2014-05-03 22:09 - 00380416 _____ () C:\Users\XXXXXXX\Downloads\Gmer-19357.exe
2014-05-02 19:57 - 2009-04-19 10:11 - 00000000 ____D () C:\Program Files\PokerTracker 3
2014-05-01 16:53 - 2010-07-01 23:44 - 00000000 ____D () C:\Users\XXXXXXX\AppData\Local\cache
2014-05-01 16:45 - 2009-05-22 12:06 - 00000000 ____D () C:\Users\XXXXXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PokerStove
2014-05-01 16:45 - 2009-05-22 12:06 - 00000000 ____D () C:\Program Files\PokerStove
2014-05-01 13:27 - 2012-10-01 16:40 - 00000851 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\PokerStars.eu.lnk
2014-05-01 13:27 - 2012-10-01 16:40 - 00000000 ____D () C:\Program Files\PokerStars.EU
2014-04-30 17:52 - 2012-05-02 21:51 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-04-30 17:35 - 2014-04-30 13:05 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2014-04-29 22:16 - 2008-01-21 09:16 - 01651918 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-29 12:42 - 2012-04-09 17:28 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-04-29 12:42 - 2011-06-15 09:21 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-04-29 12:28 - 2014-05-03 00:27 - 12347392 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-29 12:07 - 2014-05-03 00:27 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-28 10:23 - 2014-05-01 18:20 - 00055224 _____ (StdLib) C:\Windows\system32\Drivers\{9edd0ea8-2819-47c2-8320-b007d5996f8a}Gt.sys
2014-04-18 19:54 - 2011-04-07 12:25 - 00000000 ____D () C:\Users\XXXXXXX\AppData\Roaming\vlc
2014-04-18 16:30 - 2014-04-18 16:30 - 00000000 ____D () C:\ProgramData\HP
2014-04-18 16:30 - 2014-04-18 16:30 - 00000000 ____D () C:\Program Files\HP
2014-04-16 17:12 - 2009-04-20 02:04 - 00191488 _____ () C:\Users\XXXXXXX\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-04-09 14:57 - 2009-06-26 20:10 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-04-09 14:54 - 2013-08-15 10:12 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-09 14:50 - 2006-11-02 12:24 - 88028728 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-04-07 20:19 - 2014-04-07 20:20 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-04-07 20:19 - 2014-04-07 20:19 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-04-07 20:19 - 2014-04-07 20:19 - 00174504 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-04-07 20:19 - 2014-04-07 20:19 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-04-07 20:19 - 2014-04-07 20:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-04-07 20:19 - 2009-12-22 01:35 - 00000000 ____D () C:\Program Files\Java

Some content of TEMP:
====================
C:\Users\XXXXXXX\AppData\Local\temp\avgnt.exe
C:\Users\XXXXXXX\AppData\Local\temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-05-04 15:04

==================== End Of Log ============================
--- --- ---


Tausend Dank ... Wie immer!

schrauber 05.05.2014 11:52

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)

Dramatist 06.05.2014 15:09
Hallo nochmal,

das Problem mit den Updates habe ich nach wie vor: Nach dem letzten Java-Update bekam ich die Fehlermeldung: GetDefaultBrowserError: 2

Und das Windows lässt sich auch manuell nicht updaten.

So. Hier kommen die logfiles:

Code:
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=3d8683a1c87d0943a11d31f2a7d5b425
# engine=18147
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-05-06 10:21:52
# local_time=2014-05-06 12:21:52 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1799 16775165 100 97 26681 170043017 19437 0
# compatibility_mode=5892 16776574 100 100 301947 236904440 0 0
# scanned=597167
# found=0
# cleaned=0
# scan_time=12770
Code:
Results of screen317's Security Check version 0.99.82 
 Windows Vista Service Pack 2 x86 (UAC is enabled) 
 Internet Explorer 9 
 Internet Explorer 8 
``````````````Antivirus/Firewall Check:``````````````
Avira Desktop 
 Antivirus up to date! 
`````````Anti-malware/Other Utilities Check:`````````
 SpywareBlaster 4.6   
 CCleaner   
 Java 7 Update 51 
 Java version out of Date!
 Adobe Flash Player 10 Flash Player out of Date!
 Adobe Flash Player        13.0.0.206 
 Mozilla Firefox (28.0)
 Mozilla Thunderbird (24.5.0)
 Google Chrome 34.0.1847.116 
 Google Chrome 34.0.1847.131 
````````Process Check: objlist.exe by Laurent```````` 
 Malwarebytes Anti-Malware mbamservice.exe 
 Malwarebytes Anti-Malware mbam.exe 
 Avira Antivir avgnt.exe
 Avira Antivir avguard.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:  %
````````````````````End of Log``````````````````````

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:06-05-2014
Ran by XXXXXX (administrator) on XXXXXX-PC on 06-05-2014 13:41:31
Running from C:\Users\XXXXXX\Downloads
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(AMD) C:\Windows\System32\atiesrxx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Teruten) C:\Windows\System32\FsUsbExService.Exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Nero AG) C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe
(Prolific Technology Inc.) C:\Windows\System32\IoctlSvc.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
(Vodafone) C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(InstallShield Software Corporation) C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Antibody Software) C:\Program Files\WizMouse\WizMouse.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jucheck.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Microsoft Corporation) C:\Windows\System32\sdclt.exe
(Farbar) C:\Users\XXXXXX\Downloads\FRST(1).exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2008-08-29] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [ISUSScheduler] => C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [81920 2005-02-16] (InstallShield Software Corporation)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-20] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKU\S-1-5-21-1492898777-1315905052-4281177461-1000\...\Run: [ISUSPM Startup] => C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2005-02-16] (InstallShield Software Corporation)
HKU\S-1-5-21-1492898777-1315905052-4281177461-1000\...\Run: [WizMouse] => C:\Program Files\WizMouse\WizMouse.exe [723248 2010-05-23] (Antibody Software)
HKU\S-1-5-21-1492898777-1315905052-4281177461-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [ISUSPM Startup] => C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2005-02-16] (InstallShield Software Corporation)
HKU\S-1-5-21-1492898777-1315905052-4281177461-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [WizMouse] => C:\Program Files\WizMouse\WizMouse.exe [723248 2010-05-23] (Antibody Software)
HKU\S-1-5-21-1492898777-1315905052-4281177461-1004\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x9E32AFFD3060CD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {0181C607-A64D-4BBC-A2FA-55E2BB7554FB} URL = hxxp://de.search.yahoo.com.anonymize-me.de/?anonymto=687474703A2F2F64652E7365617263682E7961686F6F2E636F6D2F7365617263683F66723D6368722D677265656E747265655F69652665693D7574662D3826747970653D38363730333426703D7B7365617263685465726D737D&st={searchTerms}&clid=5207cd4e-d476-4bdd-9ee1-9f47ac8e232e&pid=freewarede&k=0
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E62696E672E636F6D2F7365617263683F713D7B7365617263685465726D737D267372633D49452D536561726368426F7826464F524D3D494538535243&st={searchTerms}&clid=5207cd4e-d476-4bdd-9ee1-9f47ac8e232e&pid=freewarede&k=0
SearchScopes: HKCU - {2B5032A6-E854-4E0E-9C2A-C5DCF008CB01} URL = hxxp://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=5207cd4e-d476-4bdd-9ee1-9f47ac8e232e&pid=freewarede&mode=bounce&k=0
SearchScopes: HKCU - {359F0056-0341-420C-8B2A-49ED130C72CB} URL = hxxp://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=5207cd4e-d476-4bdd-9ee1-9f47ac8e232e&pid=freewarede&mode=bounce&k=0
SearchScopes: HKCU - {870CD05D-0A80-48CC-8D17-D2F4A591BF72} URL = hxxp://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=5207cd4e-d476-4bdd-9ee1-9f47ac8e232e&pid=freewarede&mode=bounce&k=0
SearchScopes: HKCU - {DE87B9B7-B9A2-4611-A089-A0EBC29158D5} URL = hxxp://de.wikipedia.org.anonymize-me.de/?to=64652E77696B6970656469612E6F7267&st={searchTerms}&clid=5207cd4e-d476-4bdd-9ee1-9f47ac8e232e&pid=freewarede&mode=bounce&k=0
SearchScopes: HKCU - {EA9ED40B-01DC-4B88-AA21-3DAA4553C4E7} URL = hxxp://search.ebay.de.anonymize-me.de/?to=656261792E6465&st={searchTerms}&clid=5207cd4e-d476-4bdd-9ee1-9f47ac8e232e&pid=freewarede&mode=bounce&k=0
SearchScopes: HKCU - {FF56FBFE-2BB1-46A0-942A-6BD0B16DE457} URL = hxxp://www.amazon.de.anonymize-me.de/?to=616D617A6F6E2E6465&st={searchTerms}&clid=5207cd4e-d476-4bdd-9ee1-9f47ac8e232e&pid=freewarede&mode=bounce&k=0
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
ShellExecuteHooks:  - {AEB6717E-7E19-11d0-97EE-00C04FD91972} -  No File [ ]
Winsock: Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [152864] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\XXXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\zxapfs10.default
FF Homepage: hxxp://www.spiegel.de/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_206.dll ()
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF Plugin: @divx.com/DivX Player Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @google.com/npPicasa3,version=3.0.0 - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @videolan.org/vlc,version=2.0.0 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin HKCU: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\XXXXXX\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npDivxPlayerPlugin.dll (DivX, Inc)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npLegitCheckPlugin.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF SearchPlugin: C:\Users\XXXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\zxapfs10.default\searchplugins\englische-ergebnisse.xml
FF SearchPlugin: C:\Users\XXXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\zxapfs10.default\searchplugins\gmx-suche.xml
FF SearchPlugin: C:\Users\XXXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\zxapfs10.default\searchplugins\lastminute.xml
FF SearchPlugin: C:\Users\XXXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\zxapfs10.default\searchplugins\webde-suche.xml
FF SearchPlugin: C:\Users\XXXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\zxapfs10.default\searchplugins\wot-safe-search.xml
FF SearchPlugin: C:\Users\XXXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\zxapfs10.default\searchplugins\{2EA57602-F694-4ECB-9E4E-006AB5F53A62}.xml
FF SearchPlugin: C:\Users\XXXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\zxapfs10.default\searchplugins\{D88E1900-B5E3-469F-8183-9232B17F07CC}.xml
FF SearchPlugin: C:\Users\XXXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\zxapfs10.default\searchplugins\{E4CED27D-38C5-439A-92DB-24F610B847FA}.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Microsoft .NET Framework Assistant - C:\Users\XXXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\zxapfs10.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010-06-25]
FF Extension: WOT - C:\Users\XXXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\zxapfs10.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2013-11-26]
FF Extension: WEB.DE MailCheck - C:\Users\XXXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\zxapfs10.default\Extensions\toolbar@web.de.xpi [2011-12-24]
FF Extension: NoScript - C:\Users\XXXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\zxapfs10.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2012-03-19]
FF Extension: Adblock Plus - C:\Users\XXXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\zxapfs10.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-03-19]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-03-29]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2014-03-29]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM\...\Firefox\Extensions: [ff-bmboc@bytemobile.com] - C:\Program Files\Vodafone\Vodafone Mobile Connect\Optimization Client\addon\
FF Extension: Bytemobile Optimization Client - C:\Program Files\Vodafone\Vodafone Mobile Connect\Optimization Client\addon\ []

Chrome:
=======
CHR HomePage:
CHR Extension: (Google Docs) - C:\Users\XXXXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-02-22]
CHR Extension: (Google Drive) - C:\Users\XXXXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-02-22]
CHR Extension: (YouTube) - C:\Users\XXXXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-02-22]
CHR Extension: (No Name) - C:\Users\XXXXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\bopakagnckmlgajfccecajhnimjiiedh [2014-02-22]
CHR Extension: (Google-Suche) - C:\Users\XXXXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-02-22]
CHR Extension: (Google Wallet) - C:\Users\XXXXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-22]
CHR Extension: (Google Mail) - C:\Users\XXXXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-02-22]

========================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
S2 gupdate1c9de4d978f7944; C:\Program Files\Google\Update\GoogleUpdate.exe [133104 2009-05-27] (Google Inc.)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation)
R2 pgsql-8.3; C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe [65536 2008-09-19] (PostgreSQL Global Development Group)
R2 VMCService; C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [9216 2009-09-11] (Vodafone)

==================== Drivers (Whitelisted) ====================

S3 61883; C:\Windows\System32\DRIVERS\61883.sys [45696 2008-01-21] (Microsoft Corporation)
R0 ahcix86s; C:\Windows\System32\DRIVERS\ahcix86s.sys [183312 2008-10-03] (Advanced Micro Devices, Inc)
R0 amdide; C:\Windows\System32\DRIVERS\amdide.sys [10632 2007-10-12] (Advanced Micro Devices)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [90400 2013-12-12] (Avira Operations GmbH & Co. KG)
R1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [33112 2013-02-18] (AVG Technologies)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135648 2013-12-12] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-10-01] (Avira Operations GmbH & Co. KG)
S3 Dot4Scan; C:\Windows\System32\DRIVERS\Dot4Scan.sys [10752 2008-01-21] (Microsoft Corporation)
R3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [36608 2009-04-07] ()
R0 giveio; C:\Windows\System32\giveio.sys [5248 1996-04-03] ()
S3 hwusbfake; C:\Windows\System32\DRIVERS\ewusbfake.sys [102912 2009-06-29] (Huawei Technologies Co., Ltd.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-04-03] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [107736 2014-05-06] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51416 2014-04-03] (Malwarebytes Corporation)
R0 speedfan; C:\Windows\System32\speedfan.sys [5248 2006-09-24] (Windows (R) 2000 DDK provider)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-02-24] (Avira GmbH)
R1 {9edd0ea8-2819-47c2-8320-b007d5996f8a}Gt; C:\Windows\System32\drivers\{9edd0ea8-2819-47c2-8320-b007d5996f8a}Gt.sys [55224 2014-04-28] (StdLib)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
S3 catchme; \??\C:\Users\XXXXXX\AppData\Local\Temp\catchme.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-06 13:41 - 2014-05-06 13:41 - 01053184 _____ (Farbar) C:\Users\XXXXXX\Downloads\FRST(1).exe
2014-05-06 13:26 - 2014-05-06 13:26 - 00855379 _____ () C:\Users\XXXXXX\Downloads\SecurityCheck.exe
2014-05-06 08:46 - 2014-05-06 08:46 - 02347384 _____ (ESET) C:\Users\XXXXXX\Downloads\esetsmartinstaller_deu(1).exe
2014-05-05 20:57 - 2014-05-05 20:57 - 02347384 _____ (ESET) C:\Users\XXXXXX\Downloads\esetsmartinstaller_deu.exe
2014-05-04 15:21 - 2014-05-06 13:41 - 00019415 _____ () C:\Users\XXXXXX\Downloads\FRST.txt
2014-05-04 15:20 - 2014-05-04 15:20 - 01050624 _____ (Farbar) C:\Users\XXXXXX\Downloads\FRST.exe
2014-05-04 14:48 - 2014-05-04 14:48 - 01016261 _____ (Thisisu) C:\Users\XXXXXX\Downloads\JRT.exe
2014-05-04 14:22 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll
2014-05-04 14:21 - 2014-05-04 14:25 - 00000000 ____D () C:\AdwCleaner
2014-05-04 14:20 - 2014-05-04 14:21 - 01310621 _____ () C:\Users\XXXXXX\Downloads\adwcleaner.exe
2014-05-04 13:05 - 2014-05-06 13:13 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-04 13:04 - 2014-05-04 13:04 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\XXXXXX\Downloads\mbam-setup-2.0.1.1004.exe
2014-05-04 13:04 - 2014-05-04 13:04 - 00000863 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-04 13:04 - 2014-05-04 13:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-04 13:04 - 2014-05-04 13:04 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-05-04 13:04 - 2014-04-03 09:51 - 00073432 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-04 13:04 - 2014-04-03 09:51 - 00051416 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-04 10:20 - 2014-05-04 10:20 - 00009589 _____ () C:\ComboFix.txt
2014-05-04 10:04 - 2014-05-04 10:20 - 00000000 ____D () C:\ComboFix
2014-05-04 10:00 - 2014-05-04 10:00 - 05197895 _____ (Swearware) C:\Users\XXXXXX\Downloads\ComboFix.exe
2014-05-03 22:13 - 2014-02-14 21:37 - 00000426 _____ () C:\AVScanner.ini
2014-05-03 22:09 - 2014-05-03 22:09 - 00380416 _____ () C:\Users\XXXXXX\Downloads\Gmer-19357.exe
2014-05-03 21:53 - 2014-05-06 13:41 - 00000000 ____D () C:\FRST
2014-05-03 00:27 - 2014-04-29 12:28 - 12347392 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-03 00:27 - 2014-04-29 12:07 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-01 18:20 - 2014-04-28 10:23 - 00055224 _____ (StdLib) C:\Windows\system32\Drivers\{9edd0ea8-2819-47c2-8320-b007d5996f8a}Gt.sys
2014-05-01 16:50 - 2014-05-04 09:35 - 00000000 ____D () C:\ProgramData\WPM
2014-04-30 13:05 - 2014-04-30 17:35 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2014-04-18 16:30 - 2014-04-18 16:30 - 00000000 ____D () C:\ProgramData\HP
2014-04-18 16:30 - 2014-04-18 16:30 - 00000000 ____D () C:\Program Files\HP
2014-04-09 14:55 - 2014-03-08 01:20 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-04-09 14:55 - 2014-03-08 01:12 - 01806848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-04-09 14:55 - 2014-03-08 01:03 - 01105408 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-04-09 14:55 - 2014-03-08 01:02 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-04-09 14:55 - 2014-03-08 01:02 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-04-09 14:55 - 2014-03-08 01:00 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-04-09 14:55 - 2014-03-08 00:59 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-04-09 14:55 - 2014-03-08 00:57 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-04-09 14:55 - 2014-03-08 00:57 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-04-09 14:55 - 2014-03-08 00:56 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-04-09 14:55 - 2014-03-08 00:54 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-04-09 14:55 - 2014-03-08 00:53 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-04-09 14:55 - 2014-03-08 00:52 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-04-09 14:55 - 2014-03-08 00:47 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-04-09 09:01 - 2014-02-06 03:56 - 00894464 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-04-07 20:20 - 2014-04-07 20:19 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-04-07 20:19 - 2014-04-07 20:19 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-04-07 20:19 - 2014-04-07 20:19 - 00174504 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-04-07 20:19 - 2014-04-07 20:19 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-04-07 20:19 - 2014-04-07 20:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java

==================== One Month Modified Files and Folders =======

2014-05-06 13:41 - 2014-05-06 13:41 - 01053184 _____ (Farbar) C:\Users\XXXXXX\Downloads\FRST(1).exe
2014-05-06 13:41 - 2014-05-04 15:21 - 00019415 _____ () C:\Users\XXXXXX\Downloads\FRST.txt
2014-05-06 13:41 - 2014-05-03 21:53 - 00000000 ____D () C:\FRST
2014-05-06 13:30 - 2012-04-09 17:28 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-06 13:26 - 2014-05-06 13:26 - 00855379 _____ () C:\Users\XXXXXX\Downloads\SecurityCheck.exe
2014-05-06 13:22 - 2009-06-30 21:32 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-06 13:13 - 2014-05-04 13:05 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-06 12:37 - 2006-11-02 14:47 - 00003840 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-06 12:37 - 2006-11-02 14:47 - 00003840 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-06 08:46 - 2014-05-06 08:46 - 02347384 _____ (ESET) C:\Users\XXXXXX\Downloads\esetsmartinstaller_deu(1).exe
2014-05-06 08:44 - 2008-01-21 03:35 - 01706246 _____ () C:\Windows\WindowsUpdate.log
2014-05-06 08:40 - 2009-06-30 21:32 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-06 08:37 - 2006-11-02 15:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-06 07:19 - 2006-11-02 15:01 - 00032534 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-05-05 20:57 - 2014-05-05 20:57 - 02347384 _____ (ESET) C:\Users\XXXXXX\Downloads\esetsmartinstaller_deu.exe
2014-05-05 20:53 - 2008-01-21 09:16 - 01651918 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-05 12:52 - 2009-04-19 10:11 - 00000000 ____D () C:\Program Files\PokerTracker 3
2014-05-05 12:45 - 2009-04-19 11:24 - 00000000 ____D () C:\Users\XXXXXX\AppData\Local\PokerStars.EU
2014-05-04 15:20 - 2014-05-04 15:20 - 01050624 _____ (Farbar) C:\Users\XXXXXX\Downloads\FRST.exe
2014-05-04 14:48 - 2014-05-04 14:48 - 01016261 _____ (Thisisu) C:\Users\XXXXXX\Downloads\JRT.exe
2014-05-04 14:28 - 2011-03-28 14:16 - 00159204 _____ () C:\Windows\PFRO.log
2014-05-04 14:25 - 2014-05-04 14:21 - 00000000 ____D () C:\AdwCleaner
2014-05-04 14:24 - 2009-08-27 14:23 - 00000000 ____D () C:\Program Files\Common Files\DVDVideoSoft
2014-05-04 14:21 - 2014-05-04 14:20 - 01310621 _____ () C:\Users\XXXXXX\Downloads\adwcleaner.exe
2014-05-04 14:09 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\PLA
2014-05-04 14:08 - 2006-11-02 12:23 - 00001460 _____ () C:\Windows\win.ini
2014-05-04 13:04 - 2014-05-04 13:04 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\XXXXXX\Downloads\mbam-setup-2.0.1.1004.exe
2014-05-04 13:04 - 2014-05-04 13:04 - 00000863 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-04 13:04 - 2014-05-04 13:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-04 13:04 - 2014-05-04 13:04 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-05-04 13:04 - 2011-03-24 18:08 - 00000000 ____D () C:\Users\XXXXXX\AppData\Roaming\Malwarebytes
2014-05-04 13:04 - 2011-03-24 18:07 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-04 13:04 - 2011-03-24 18:07 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-05-04 10:20 - 2014-05-04 10:20 - 00009589 _____ () C:\ComboFix.txt
2014-05-04 10:20 - 2014-05-04 10:04 - 00000000 ____D () C:\ComboFix
2014-05-04 10:20 - 2013-03-21 12:03 - 00000000 ____D () C:\Qoobox
2014-05-04 10:17 - 2006-11-02 12:23 - 00000215 _____ () C:\Windows\system.ini
2014-05-04 10:00 - 2014-05-04 10:00 - 05197895 _____ (Swearware) C:\Users\XXXXXX\Downloads\ComboFix.exe
2014-05-04 09:35 - 2014-05-01 16:50 - 00000000 ____D () C:\ProgramData\WPM
2014-05-03 22:09 - 2014-05-03 22:09 - 00380416 _____ () C:\Users\XXXXXX\Downloads\Gmer-19357.exe
2014-05-01 16:53 - 2010-07-01 23:44 - 00000000 ____D () C:\Users\XXXXXX\AppData\Local\cache
2014-05-01 16:45 - 2009-05-22 12:06 - 00000000 ____D () C:\Users\XXXXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PokerStove
2014-05-01 16:45 - 2009-05-22 12:06 - 00000000 ____D () C:\Program Files\PokerStove
2014-05-01 13:27 - 2012-10-01 16:40 - 00000851 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\PokerStars.eu.lnk
2014-05-01 13:27 - 2012-10-01 16:40 - 00000000 ____D () C:\Program Files\PokerStars.EU
2014-04-30 17:52 - 2012-05-02 21:51 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-04-30 17:35 - 2014-04-30 13:05 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2014-04-29 12:42 - 2012-04-09 17:28 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-04-29 12:42 - 2011-06-15 09:21 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-04-29 12:28 - 2014-05-03 00:27 - 12347392 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-29 12:07 - 2014-05-03 00:27 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-28 10:23 - 2014-05-01 18:20 - 00055224 _____ (StdLib) C:\Windows\system32\Drivers\{9edd0ea8-2819-47c2-8320-b007d5996f8a}Gt.sys
2014-04-18 19:54 - 2011-04-07 12:25 - 00000000 ____D () C:\Users\XXXXXX\AppData\Roaming\vlc
2014-04-18 16:30 - 2014-04-18 16:30 - 00000000 ____D () C:\ProgramData\HP
2014-04-18 16:30 - 2014-04-18 16:30 - 00000000 ____D () C:\Program Files\HP
2014-04-16 17:12 - 2009-04-20 02:04 - 00191488 _____ () C:\Users\XXXXXX\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-04-09 14:57 - 2009-06-26 20:10 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-04-09 14:54 - 2013-08-15 10:12 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-09 14:50 - 2006-11-02 12:24 - 88028728 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-04-07 20:19 - 2014-04-07 20:20 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-04-07 20:19 - 2014-04-07 20:19 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-04-07 20:19 - 2014-04-07 20:19 - 00174504 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-04-07 20:19 - 2014-04-07 20:19 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-04-07 20:19 - 2014-04-07 20:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-04-07 20:19 - 2009-12-22 01:35 - 00000000 ____D () C:\Program Files\Java

Some content of TEMP:
====================
C:\Users\XXXXXX\AppData\Local\temp\avgnt.exe
C:\Users\XXXXXX\AppData\Local\temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-05-06 08:45

==================== End Of Log ============================
--- --- ---


:dankeschoen:

schrauber 07.05.2014 09:43
Java mal bitte mit Revo komplett deinstallieren, dann die aktuelle Version installieren.

Downloade dir bitte Farbar Service Scanner Farbar Service Scanner
  • Starte das Tool mit Doppelklick auf die FSS.exe
  • Gehe sicher, dass folgende Optionen angehakt sind.
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Klicke auf Scan.
  • Wenn das Tool fertig ist, wird es eine FSS.txt in dem Verzeichnis erstellen, wo das Tool gelaufen ist.

Poste bitte den Inhalt hier.



Dramatist 08.05.2014 08:39
Das mit dem deinstallieren von Java hab ich erst mal gelassen, weil sich ds Programm jetzt scheinbar doch eingekriegt hat. Seit den letzten drei Start hat es sich nicht mehr zum Update gemeldet.

Jetzt der Scan:

Code:
Farbar Service Scanner Version: 03-05-2014
Ran by XXXXXXX (administrator) on 08-05-2014 at 09:25:36
Running from "C:\Users\XXXXXXX\Desktop\Desktop"
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Attempt to access Google IP returned error. Google IP is unreachable
Google.com is accessible.
Attempt to access Yahoo.com returned error: Yahoo.com is unreachable


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Other Services:
==============


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\ipnathlp.dll => MD5 is legit
C:\Windows\system32\iphlpsvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****
Beste Grüße!

schrauber 09.05.2014 08:39
aktuell noch Probleme?

Dramatist 10.05.2014 13:06
Nur das Windows-Update-Problem, welches ich auch mit fix-it und mit manuellen Updates nicht in den Griff bekomme.

:dankeschoen::dankeschoen::dankeschoen:

schrauber 11.05.2014 12:18
BEschreib mal genau:

geht allgemein kein Update oder gehen nur bestimmte nit? Wenn ja welche? KB Nummer? Fehlercode?

Dramatist 12.05.2014 08:12
Wann immer ich den Rechner ausschalte, ist der Ausschaltbutten mit einem Ausrufezeichen versehen. Er muss Updates installieren steht da. Das steht da dann wieder, wenn ich den Rechner anmache. (Heute hat es ungefähr drei Minuten gedauert.)

Wenn ich auf Windows Update gehe, sagt er mir es gäbe 1 wichtiges Update und vier Optionale. Und es steht da 1 wichtiges Update ausgewählt. (15,3 MB) Wenn ich auf Update installieren klicke, probiert er das mit Vorbereitung und "Updates werden installiert" und so und am Ende sagt er dann: "Fehlgeschlagen" Code 643 Unbekannter Fehler bei Windows Update.

Er schreibt übrigens was von Sicherheitsupdate für Microsoft.NET Framework1.1


Noch was ganz anderes: Hab gestern zum ersten Mal auf der Bar entdeckt, dass mein Rechner meint er wäre mit Netzwerk 5 verbunden. Ist mir noch nie aufgefallen. Ist dat einfach die Internetverbindung?

Beste Grüße


Alle Zeitangaben in WEZ +1. Es ist jetzt 17:14 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27