Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Firefox befallen von Java Update, Box mit Ads, Videoplayer update (https://www.trojaner-board.de/153842-firefox-befallen-java-update-box-ads-videoplayer-update.html)

BuckWheat 13.05.2014 22:33
Firefox befallen von Java Update, Box mit Ads, Videoplayer update
 
Hallo zusammen,

mein Rechner ist seit einigen Tagen "befallen".

Im Firefox werden ständig
-Ad-Boxen,
-eine Seite mit einem Java update (filter.net) geöffnet und
-ich werde aufgefordert einen Video Player (lpmxbox600.com) zu installieren.

Nachdem ich den Firefox geupdated habe wird mir die Java Seite als Betrugsversuch angezeigt.

Antivirus hat auch zwischendurch mal etwas in Quarantene veschoben.

Der IE ist auch betroffen.
Z.B wird diese Webseite in einem neuem Tab geöffnet:
hxxp://hynzz.exclusiverewards.adserverweather.eu/?sov=63634301&hid=csmogsiomkoccc&noalert=1&nodl=nodl&id=XNSX.gameforge.com%2F

Was kann ich tun ?

Vielen Dank für jede Hilfe im Voraus.
Win7, 64bit

Gruss
Buck

schrauber 14.05.2014 06:10
hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)


BuckWheat 14.05.2014 18:11
Hi,

hier mal die Scans von FRT:

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-05-2014
Ran by joern (ATTENTION: The logged in user is not administrator) on JOERN-PC on 14-05-2014 18:53:58
Running from C:\Users\joern\Desktop
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(TomTom) C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(FNet Co., Ltd.) C:\Program Files (x86)\XFastUSB\XFastUsb.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(shbox.de) C:\Program Files (x86)\FreePDF_XP\fpassist.exe
(Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(Hauppauge Computer Works) D:\Programme\WinTV\Ir.exe
(hxxp://tortoisesvn.net) C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
(Hauppauge Computer Works, Inc.) D:\Programme\WinTV\WinTV7\WinTVTray.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe
(Dropbox, Inc.) C:\Users\joern\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Client Connect LTD) C:\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe
(Client Connect LTD) C:\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\updrgui.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13307496 2011-10-17] (Realtek Semiconductor)
HKLM\...\Run: [THXCfg64] => C:\Windows\system32\THXCfg64.dll [26624 2011-05-13] (Creative Technology Ltd.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-11-29] (Intel Corporation)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [133400 2012-02-07] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-01-26] (Intel Corporation)
HKLM-x32\...\Run: [XFastUSB] => C:\Program Files (x86)\XFastUSB\XFastUsb.exe [5019360 2013-01-12] (FNet Co., Ltd.)
HKLM-x32\...\Run: [THX TruStudio NB Settings] => C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe [909824 2011-05-19] (Creative Technology Ltd)
HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-22] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [946352 2012-12-18] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [FreePDF Assistant] => C:\Program Files (x86)\FreePDF_XP\fpassist.exe [373760 2013-03-14] (shbox.de)
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-13] (Logitech Inc.)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [189480 2014-02-06] (Geek Software GmbH)
HKLM\...\RunOnce: [*WerKernelReporting] - %SYSTEMROOT%\SYSTEM32\WerFault.exe -k -rq [415232 2009-07-14] (Microsoft Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1196304418-2561846535-3657677396-1000\...\Run: [ASRockXTU] => [X]
HKU\S-1-5-21-1196304418-2561846535-3657677396-1000\...\Run: [MyTomTomSA.exe] => C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe [458680 2013-08-01] (TomTom)
HKU\S-1-5-21-1196304418-2561846535-3657677396-1000\...\MountPoints2: G - "G:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-21-1196304418-2561846535-3657677396-1000\...\MountPoints2: {1eafcd0e-5c46-11e2-8641-bc5ff43d783c} - "G:\WD SmartWare.exe" autoplay=true
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll [202560 2014-05-03] (Client Connect LTD)
AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dll [171840 2014-05-03] (Client Connect LTD)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AutoStart IR.lnk
ShortcutTarget: AutoStart IR.lnk -> D:\Programme\WinTV\Ir.exe (Hauppauge Computer Works)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinTV Recording Status.lnk
ShortcutTarget: WinTV Recording Status.lnk -> D:\Programme\WinTV\WinTV7\WinTVTray.exe (Hauppauge Computer Works, Inc.)
Startup: C:\Users\joern\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\joern\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

ProxyEnable: Internet Explorer proxy is enabled.
ProxyServer: http=127.0.0.1:13828
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com/?gd=&ctid=CT3322196&octid=EB_ORIGINAL_CTID&ISID=M450BE6AF-FF72-41A4-BDA4-24FE07A633F3&SearchSource=55&CUI=&UM=5&UP=SPFACFADE7-2D05-4DF6-B089-493582693CDC&SSPV=
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.dell.com
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO-x32: 2rs3 - {10AD2C61-0898-4348-8600-14A342F22AC3} - C:\Program Files (x86)\RrSavings\2rs3.dll ()
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\joern\AppData\Roaming\Mozilla\Firefox\Profiles\f2475axk.default
FF NewTab: hxxp://search.conduit.com/?gd=&ctid=CT3322196&octid=EB_ORIGINAL_CTID&ISID=M450BE6AF-FF72-41A4-BDA4-24FE07A633F3&SearchSource=69&CUI=&SSPV=&Lay=1&UM=5&UP=SPFACFADE7-2D05-4DF6-B089-493582693CDC
FF SelectedSearchEngine: Google
FF Homepage: hxxp://search.conduit.com/?gd=&ctid=CT3322196&octid=EB_ORIGINAL_CTID&ISID=M450BE6AF-FF72-41A4-BDA4-24FE07A633F3&SearchSource=55&CUI=&UM=5&UP=SPFACFADE7-2D05-4DF6-B089-493582693CDC&SSPV=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.5 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\joern\AppData\Roaming\Mozilla\Firefox\Profiles\f2475axk.default\searchplugins\trovi-search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: RrSavings - C:\Users\joern\AppData\Roaming\Mozilla\Firefox\Profiles\f2475axk.default\Extensions\RrSavings@jetpack [2014-04-09]

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-22] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-22] (Avira Operations GmbH & Co. KG)
R2 best-markit; C:\Program Files (x86)\best-markit Corp\best-markit158.exe [142848 2014-04-09] ()
R2 bukgmhvrux64; C:\Program Files\002\bukgmhvrux64.exe [706560 2014-04-09] ()
R2 CltMngSvc; C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe [2496320 2014-05-03] (Client Connect LTD)
R2 HauppaugeTVServer; D:\Programme\WinTV\TVServer\HauppaugeTVServer.exe [577536 2013-01-25] (Hauppauge Computer Works)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128280 2012-02-07] ()
R2 ISCTAgent; C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [133632 2012-02-09] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-02-07] (Intel Corporation)
R2 KjsUpdateService2; C:\Program Files (x86)\Common Files\AppLifeUpdateService2\kjsausvc.exe [12800 2011-08-02] (Kinetic Jump Software, LLC)
R2 lmhosts; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 NlaSvc; C:\Windows\System32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 nsi; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

R0 asahci64; C:\Windows\System32\DRIVERS\asahci64.sys [49760 2011-09-21] (Asmedia Technology)
R0 AsrRamDisk; C:\Windows\System32\DRIVERS\AsrRamDisk.sys [31016 2012-01-13] (ASRock Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-25] (Avira Operations GmbH & Co. KG)
S3 FNETTBOH_305; C:\Windows\System32\drivers\FNETTBOH_305.SYS [32320 2014-04-10] (FNet Co., Ltd.)
R1 FNETURPX; C:\Windows\System32\drivers\FNETURPX.SYS [15936 2013-01-12] (FNet Co., Ltd.)
R3 ikbevent; C:\Windows\System32\DRIVERS\ikbevent.sys [25536 2012-02-09] ()
R3 imsevent; C:\Windows\System32\DRIVERS\imsevent.sys [25536 2012-02-09] ()
R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [44992 2012-02-09] ()
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [59904 2009-07-14] (Microsoft Corporation)
R3 WPRO_41_2001; C:\Windows\System32\drivers\WPRO_41_2001.sys [34752 2014-05-14] ()

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-14 18:53 - 2014-05-14 18:54 - 00013490 _____ () C:\Users\joern\Desktop\FRST.txt
2014-05-14 18:53 - 2014-05-14 18:53 - 00000000 ____D () C:\FRST
2014-05-14 18:52 - 2014-05-14 18:52 - 02066944 _____ (Farbar) C:\Users\joern\Desktop\FRST64.exe
2014-05-14 18:50 - 2014-05-14 18:50 - 00000000 ____D () C:\Users\joern\AppData\Roaming\DropboxMaster
2014-05-13 20:48 - 2014-05-13 20:48 - 00283144 _____ (Mozilla) C:\Users\joern\Downloads\Firefox Setup Stub 29.0.1.exe
2014-05-08 21:15 - 2014-05-14 18:48 - 00094656 _____ (CACE Technologies) C:\Windows\system32\WPRO_41_2001woem.tmp

==================== One Month Modified Files and Folders =======

2014-05-14 18:54 - 2014-05-14 18:53 - 00013490 _____ () C:\Users\joern\Desktop\FRST.txt
2014-05-14 18:53 - 2014-05-14 18:53 - 00000000 ____D () C:\FRST
2014-05-14 18:53 - 2013-01-08 22:10 - 01161869 _____ () C:\Windows\WindowsUpdate.log
2014-05-14 18:52 - 2014-05-14 18:52 - 02066944 _____ (Farbar) C:\Users\joern\Desktop\FRST64.exe
2014-05-14 18:51 - 2014-02-06 12:30 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-14 18:51 - 2013-02-23 01:10 - 00000000 ___RD () C:\Users\joern\Dropbox
2014-05-14 18:51 - 2013-02-23 01:05 - 00000000 ____D () C:\Users\joern\AppData\Roaming\Dropbox
2014-05-14 18:50 - 2014-05-14 18:50 - 00000000 ____D () C:\Users\joern\AppData\Roaming\DropboxMaster
2014-05-14 18:50 - 2013-02-23 01:10 - 00000979 _____ () C:\Users\joern\Desktop\Dropbox.lnk
2014-05-14 18:50 - 2013-02-23 01:07 - 00000000 ____D () C:\Users\joern\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-05-14 18:50 - 2013-01-08 22:10 - 00000000 ___RD () C:\Users\joern\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-14 18:48 - 2014-05-08 21:15 - 00094656 _____ (CACE Technologies) C:\Windows\system32\WPRO_41_2001woem.tmp
2014-05-14 18:48 - 2014-04-09 21:26 - 00000402 _____ () C:\Windows\Tasks\best-markit_wd.job
2014-05-14 18:48 - 2014-04-09 21:26 - 00000400 _____ () C:\Windows\Tasks\best-markit Update.job
2014-05-14 18:48 - 2014-03-30 10:20 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-14 18:48 - 2013-09-09 21:14 - 00000000 ____D () C:\Users\joern\AppData\Local\FreePDF_XP
2014-05-14 18:48 - 2013-02-23 01:02 - 00000000 ____D () C:\Users\joern\AppData\Local\TSVNCache
2014-05-14 18:48 - 2013-01-12 00:47 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-05-14 18:48 - 2013-01-12 00:17 - 00034752 _____ () C:\Windows\system32\Drivers\WPRO_41_2001.sys
2014-05-14 18:48 - 2013-01-12 00:12 - 00000828 _____ () C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
2014-05-14 18:48 - 2010-11-21 05:47 - 00224418 _____ () C:\Windows\PFRO.log
2014-05-14 18:48 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-14 18:48 - 2009-07-14 06:51 - 00062155 _____ () C:\Windows\setupact.log
2014-05-13 21:51 - 2013-01-12 00:48 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-13 21:51 - 2013-01-12 00:48 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-13 20:50 - 2013-01-12 00:47 - 00001163 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-05-13 20:50 - 2013-01-12 00:47 - 00001151 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-05-13 20:48 - 2014-05-13 20:48 - 00283144 _____ (Mozilla) C:\Users\joern\Downloads\Firefox Setup Stub 29.0.1.exe
2014-05-13 20:16 - 2009-07-14 06:45 - 00026720 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-13 20:16 - 2009-07-14 06:45 - 00026720 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-13 20:13 - 2013-01-09 07:02 - 00696132 _____ () C:\Windows\system32\perfh007.dat
2014-05-13 20:13 - 2013-01-09 07:02 - 00147428 _____ () C:\Windows\system32\perfc007.dat
2014-05-13 20:13 - 2009-07-14 07:13 - 01611160 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-13 08:42 - 2009-07-14 07:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-05-12 20:52 - 2014-04-09 21:24 - 00000000 ____D () C:\Program Files (x86)\SearchProtect
2014-05-07 22:44 - 2013-02-03 16:43 - 00000000 ____D () C:\Users\joern\AppData\Roaming\Skype

Some content of TEMP:
====================
C:\Users\joern\AppData\Local\Temp\avgnt.exe
C:\Users\joern\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpgk15li.dll
C:\Users\joern\AppData\Local\Temp\SkypeSetup.exe
C:\Users\joern\AppData\Local\Temp\SPSetup.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================
--- --- ---

--- --- ---


Nach dem ersten Scan die Addition:
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-05-2014
Ran by joern at 2014-05-14 18:55:01
Running from C:\Users\joern\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

Acrobat.com (x32 Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.01) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.01 - Adobe Systems Incorporated)
AppLifeSetup (x32 Version: 1.0.0 - Microsoft) Hidden
Asmedia ASM106x SATA Host Controller Driver (HKLM-x32\...\{61942EF5-2CD8-47D4-869C-2E9A8BB085F1}) (Version: 1.3.1.000 - Asmedia Technology)
ASRock App Charger v1.0.5 (HKLM\...\ASRock App Charger_is1) (Version:  - ASRock Inc.)
ASRock eXtreme Tuner v0.1.190 (HKLM-x32\...\ASRock eXtreme Tuner_is1) (Version:  - )
ASRock XFast RAM v2.0.9 (HKLM\...\ASRock XFast RAM_is1) (Version:  - ASRock Inc.)
Audiograbber 1.83 SE  (HKLM-x32\...\Audiograbber) (Version: 1.83 SE  - Audiograbber)
Audiograbber MP3-Plugin (HKLM-x32\...\Audiograbber-Lame) (Version: 1.0 - AG)
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.3.350 - Avira)
AVRStudio4 (HKLM-x32\...\{D5D88F8F-FDA4-4CF4-9F3E-3F40118C2120}) (Version: 4.12.460 - Atmel)
best-markit (HKLM-x32\...\cec73dbc-cc47-471c-a2e7-288ad572cb41) (Version:  - best-markit Software)
CameraHelperMsi (x32 Version: 13.51.815.0 - Logitech) Hidden
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.3.4643 - CDBurnerXP)
Command & Conquer Die ersten 10 Jahre (HKLM-x32\...\{66D6F3BD-CA23-41A4-9FA3-96B26B32528D}) (Version: 1.00.0000 - Electronic Arts)
Dropbox (HKCU\...\Dropbox) (Version: 2.6.33 - Dropbox, Inc.)
ElsterFormular (HKLM-x32\...\ElsterFormular) (Version: 15.0.20140212 - Landesfinanzdirektion Thüringen)
erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
FreePDF (Remove only) (HKLM-x32\...\FreePDF_XP) (Version:  - )
GPL Ghostscript (HKLM\...\GPL Ghostscript 9.10) (Version: 9.10 - Artifex Software Inc.)
Hauppauge WinTV 7 (HKLM-x32\...\Hauppauge WinTV 7) (Version: v7.0.31050 (CD 2.7) - Hauppauge Computer Works)
Hudl Mercury (HKLM-x32\...\{BB93E1B1-1149-4303-9504-45993A2489CB}_is1) (Version: 1.4.1 - Agile Sports Technologies, Inc.)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{A6C48A9F-694A-4234-B3AA-62590B668927}) (Version: 1.0.0.35342 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.2.1410 - Intel Corporation)
Intel(R) OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version:  - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2669 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.0.0.1032 - Intel Corporation)
Intel(R) Smart Connect Technology 2.0 x64 (HKLM\...\{54F8B6C7-9B25-4E85-A1E0-26CFB80DE787}) (Version: 2.0.1083.0 - Intel)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.3.214 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{09536BA1-E498-4CC3-B834-D884A67D7E34}) (Version: 1.23.605.1 - Intel Corporation)
Logitech Webcam-Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.51 - Logitech Inc.)
LWS Facebook (x32 Version: 13.50.854.0 - Logitech) Hidden
LWS Gallery (x32 Version: 13.51.827.0 - Logitech) Hidden
LWS Help_main (x32 Version: 13.51.828.0 - Logitech) Hidden
LWS Launcher (x32 Version: 13.51.828.0 - Logitech) Hidden
LWS Motion Detection (x32 Version: 13.51.815.0 - Logitech) Hidden
LWS Pictures And Video (x32 Version: 13.51.815.0 - Logitech) Hidden
LWS Twitter (x32 Version: 13.30.1346.0 - Logitech) Hidden
LWS Webcam Software (x32 Version: 13.51.815.0 - Logitech) Hidden
LWS WLM Plugin (x32 Version: 1.30.1201.0 - Logitech) Hidden
LWS YouTube Plugin (x32 Version: 13.31.1038.0 - Logitech) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Extended DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Office Professional Edition 2003 (HKLM-x32\...\{90110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.5614.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 29.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 29.0.1 (x86 de)) (Version: 29.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Mozilla Thunderbird 17.0.3 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 17.0.3 (x86 de)) (Version: 17.0.3 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyTomTom 3.2.0.1220 (HKLM-x32\...\MyTomTom) (Version: 3.2.0.1220 - TomTom)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.5.1 - Notepad++ Team)
PDF24 Creator 6.3.2 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
PL-2303 USB-to-Serial (HKLM-x32\...\{A9111573-EF12-4D80-A5B9-55F620D5BCA1}) (Version: 1.00.000 - Prolific Technology INC)
Protegere (HKLM-x32\...\Protegere) (Version:  - )
Python 2.7.6 (HKLM-x32\...\{C3CC4DF5-39A5-4027-B136-2B3E1F5AB6E2}) (Version: 2.7.6150 - Python Software Foundation)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.48.823.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6482 - Realtek Semiconductor Corp.)
RedMon - Redirection Port Monitor (HKLM\...\Redirection Port Monitor) (Version:  - )
rrsavings (HKLM\...\rrsavings) (Version: 2.0.1 - rrsavings) <==== ATTENTION
RrSavings (x32 Version: 1.0.0.0 - RrSavings) Hidden <==== ATTENTION
Search Protect (HKLM-x32\...\SearchProtect) (Version: 2.13.1.47 - Client Connect LTD) <==== ATTENTION
Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
THX TruStudio (HKLM-x32\...\{AFB907F5-C0E6-4753-8284-DE955EF86AC2}) (Version: 1.00.01 - Creative Technology Limited)
TortoiseSVN 1.7.11.23600 (64 bit) (HKLM\...\{6B13A3F1-F66A-42FB-9E62-98952D582187}) (Version: 1.7.23600 - TortoiseSVN)
Total Commander 64-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 8.01 - Ghisler Software GmbH)
Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
VLC media player 2.0.5 (HKLM\...\VLC media player) (Version: 2.0.5 - VideoLAN)
WinAVR 20100110 (remove only) (HKLM-x32\...\WinAVR-20100110) (Version: 20100110 - )
World of Tanks (HKLM-x32\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812EU}_is1) (Version:  - Wargaming.net)
XFastUSB (HKLM-x32\...\XFastUSB) (Version: 3.02.30 - ASRock Inc.)

==================== Restore Points  =========================

Could not list Restore Points. Check "winmgmt" service or repair WMI.


==================== Hosts content: ==========================

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => ?
Task: C:\Windows\Tasks\best-markit Update.job => ?
Task: C:\Windows\Tasks\best-markit_wd.job => ?
Task: C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job => ?
Task: C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job => ?

==================== Loaded Modules (whitelisted) =============

2012-12-12 22:37 - 2012-12-12 22:37 - 00088968 _____ () C:\Program Files\TortoiseSVN\bin\libsasl.dll
2013-01-12 00:07 - 2012-02-27 18:07 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-01-12 00:20 - 2011-05-19 10:58 - 00246784 _____ () C:\Windows\SYSTEM32\APOMgr64.DLL

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== EXE Association (whitelisted) =============


==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (05/14/2014 06:50:12 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/14/2014 06:48:35 PM) (Source: ISCT Agent) (EventID: 1003) (User: )
Description: CAgentState::DoPeriodicSuspendResume    ****Error in initialize NetDetect, status = 0x2

Error: (05/13/2014 08:10:35 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/13/2014 08:08:58 PM) (Source: ISCT Agent) (EventID: 1003) (User: )
Description: CAgentState::DoPeriodicSuspendResume    ****Error in initialize NetDetect, status = 0x2

Error: (05/13/2014 08:44:28 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/13/2014 08:42:52 AM) (Source: ISCT Agent) (EventID: 1003) (User: )
Description: CAgentState::DoPeriodicSuspendResume    ****Error in initialize NetDetect, status = 0x2

Error: (05/12/2014 08:47:29 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/12/2014 08:45:50 PM) (Source: ISCT Agent) (EventID: 1003) (User: )
Description: CAgentState::DoPeriodicSuspendResume    ****Error in initialize NetDetect, status = 0x2

Error: (05/11/2014 10:42:26 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/11/2014 10:40:47 PM) (Source: ISCT Agent) (EventID: 1003) (User: )
Description: CAgentState::DoPeriodicSuspendResume    ****Error in initialize NetDetect, status = 0x2


System errors:
=============
Error: (05/14/2014 06:51:31 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {80C25488-192B-4DE2-8150-5B2D2A2F835E}

Error: (05/07/2014 10:44:09 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "BUP Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (04/10/2014 05:00:42 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR53 gefunden.

Error: (04/10/2014 05:00:36 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR52 gefunden.

Error: (04/10/2014 04:54:02 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR45 gefunden.

Error: (04/10/2014 04:53:57 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR44 gefunden.

Error: (04/10/2014 04:49:12 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR39 gefunden.

Error: (04/10/2014 04:49:06 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR38 gefunden.

Error: (04/10/2014 04:39:57 PM) (Source: VDS Basic Provider) (EventID: 1) (User: )
Description: Unerwarteter Fehler. Fehlercode: D@01010004

Error: (04/10/2014 04:39:57 PM) (Source: VDS Basic Provider) (EventID: 1) (User: )
Description: Unerwarteter Fehler. Fehlercode: D@01010004


Microsoft Office Sessions:
=========================
Error: (05/14/2014 06:50:12 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/14/2014 06:48:35 PM) (Source: ISCT Agent) (EventID: 1003) (User: )
Description: CAgentState::DoPeriodicSuspendResume    ****Error in initialize NetDetect, status = 0x2

Error: (05/13/2014 08:10:35 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/13/2014 08:08:58 PM) (Source: ISCT Agent) (EventID: 1003) (User: )
Description: CAgentState::DoPeriodicSuspendResume    ****Error in initialize NetDetect, status = 0x2

Error: (05/13/2014 08:44:28 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/13/2014 08:42:52 AM) (Source: ISCT Agent) (EventID: 1003) (User: )
Description: CAgentState::DoPeriodicSuspendResume    ****Error in initialize NetDetect, status = 0x2

Error: (05/12/2014 08:47:29 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/12/2014 08:45:50 PM) (Source: ISCT Agent) (EventID: 1003) (User: )
Description: CAgentState::DoPeriodicSuspendResume    ****Error in initialize NetDetect, status = 0x2

Error: (05/11/2014 10:42:26 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/11/2014 10:40:47 PM) (Source: ISCT Agent) (EventID: 1003) (User: )
Description: CAgentState::DoPeriodicSuspendResume    ****Error in initialize NetDetect, status = 0x2


==================== Memory info ===========================

Percentage of memory in use: 61%
Total physical RAM: 3782.71 MB
Available physical RAM: 1464.93 MB
Total Pagefile: 7563.6 MB
Available Pagefile: 5064.63 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:195.21 GB) (Free:139.81 GB) NTFS
Drive d: (Volume) (Fixed) (Total:736.2 GB) (Free:466.18 GB) NTFS

==================== MBR & Partition Table ==================

==================== End Of Log ============================

Zweiter Scan Addition:
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-05-2014
Ran by joern at 2014-05-14 19:07:32
Running from C:\Users\joern\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

Acrobat.com (x32 Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.01) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.01 - Adobe Systems Incorporated)
AppLifeSetup (x32 Version: 1.0.0 - Microsoft) Hidden
Asmedia ASM106x SATA Host Controller Driver (HKLM-x32\...\{61942EF5-2CD8-47D4-869C-2E9A8BB085F1}) (Version: 1.3.1.000 - Asmedia Technology)
ASRock App Charger v1.0.5 (HKLM\...\ASRock App Charger_is1) (Version:  - ASRock Inc.)
ASRock eXtreme Tuner v0.1.190 (HKLM-x32\...\ASRock eXtreme Tuner_is1) (Version:  - )
ASRock XFast RAM v2.0.9 (HKLM\...\ASRock XFast RAM_is1) (Version:  - ASRock Inc.)
Audiograbber 1.83 SE  (HKLM-x32\...\Audiograbber) (Version: 1.83 SE  - Audiograbber)
Audiograbber MP3-Plugin (HKLM-x32\...\Audiograbber-Lame) (Version: 1.0 - AG)
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.3.350 - Avira)
AVRStudio4 (HKLM-x32\...\{D5D88F8F-FDA4-4CF4-9F3E-3F40118C2120}) (Version: 4.12.460 - Atmel)
best-markit (HKLM-x32\...\cec73dbc-cc47-471c-a2e7-288ad572cb41) (Version:  - best-markit Software)
CameraHelperMsi (x32 Version: 13.51.815.0 - Logitech) Hidden
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.3.4643 - CDBurnerXP)
Command & Conquer Die ersten 10 Jahre (HKLM-x32\...\{66D6F3BD-CA23-41A4-9FA3-96B26B32528D}) (Version: 1.00.0000 - Electronic Arts)
Dropbox (HKCU\...\Dropbox) (Version: 2.6.33 - Dropbox, Inc.)
ElsterFormular (HKLM-x32\...\ElsterFormular) (Version: 15.0.20140212 - Landesfinanzdirektion Thüringen)
erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
FreePDF (Remove only) (HKLM-x32\...\FreePDF_XP) (Version:  - )
GPL Ghostscript (HKLM\...\GPL Ghostscript 9.10) (Version: 9.10 - Artifex Software Inc.)
Hauppauge WinTV 7 (HKLM-x32\...\Hauppauge WinTV 7) (Version: v7.0.31050 (CD 2.7) - Hauppauge Computer Works)
Hudl Mercury (HKLM-x32\...\{BB93E1B1-1149-4303-9504-45993A2489CB}_is1) (Version: 1.4.1 - Agile Sports Technologies, Inc.)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{A6C48A9F-694A-4234-B3AA-62590B668927}) (Version: 1.0.0.35342 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.2.1410 - Intel Corporation)
Intel(R) OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version:  - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2669 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.0.0.1032 - Intel Corporation)
Intel(R) Smart Connect Technology 2.0 x64 (HKLM\...\{54F8B6C7-9B25-4E85-A1E0-26CFB80DE787}) (Version: 2.0.1083.0 - Intel)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.3.214 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{09536BA1-E498-4CC3-B834-D884A67D7E34}) (Version: 1.23.605.1 - Intel Corporation)
Logitech Webcam-Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.51 - Logitech Inc.)
LWS Facebook (x32 Version: 13.50.854.0 - Logitech) Hidden
LWS Gallery (x32 Version: 13.51.827.0 - Logitech) Hidden
LWS Help_main (x32 Version: 13.51.828.0 - Logitech) Hidden
LWS Launcher (x32 Version: 13.51.828.0 - Logitech) Hidden
LWS Motion Detection (x32 Version: 13.51.815.0 - Logitech) Hidden
LWS Pictures And Video (x32 Version: 13.51.815.0 - Logitech) Hidden
LWS Twitter (x32 Version: 13.30.1346.0 - Logitech) Hidden
LWS Webcam Software (x32 Version: 13.51.815.0 - Logitech) Hidden
LWS WLM Plugin (x32 Version: 1.30.1201.0 - Logitech) Hidden
LWS YouTube Plugin (x32 Version: 13.31.1038.0 - Logitech) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Extended DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Office Professional Edition 2003 (HKLM-x32\...\{90110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.5614.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 29.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 29.0.1 (x86 de)) (Version: 29.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Mozilla Thunderbird 17.0.3 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 17.0.3 (x86 de)) (Version: 17.0.3 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyTomTom 3.2.0.1220 (HKLM-x32\...\MyTomTom) (Version: 3.2.0.1220 - TomTom)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.5.1 - Notepad++ Team)
PDF24 Creator 6.3.2 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
PL-2303 USB-to-Serial (HKLM-x32\...\{A9111573-EF12-4D80-A5B9-55F620D5BCA1}) (Version: 1.00.000 - Prolific Technology INC)
Protegere (HKLM-x32\...\Protegere) (Version:  - )
Python 2.7.6 (HKLM-x32\...\{C3CC4DF5-39A5-4027-B136-2B3E1F5AB6E2}) (Version: 2.7.6150 - Python Software Foundation)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.48.823.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6482 - Realtek Semiconductor Corp.)
RedMon - Redirection Port Monitor (HKLM\...\Redirection Port Monitor) (Version:  - )
rrsavings (HKLM\...\rrsavings) (Version: 2.0.1 - rrsavings) <==== ATTENTION
RrSavings (x32 Version: 1.0.0.0 - RrSavings) Hidden <==== ATTENTION
Search Protect (HKLM-x32\...\SearchProtect) (Version: 2.13.1.47 - Client Connect LTD) <==== ATTENTION
Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
THX TruStudio (HKLM-x32\...\{AFB907F5-C0E6-4753-8284-DE955EF86AC2}) (Version: 1.00.01 - Creative Technology Limited)
TortoiseSVN 1.7.11.23600 (64 bit) (HKLM\...\{6B13A3F1-F66A-42FB-9E62-98952D582187}) (Version: 1.7.23600 - TortoiseSVN)
Total Commander 64-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 8.01 - Ghisler Software GmbH)
Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
VLC media player 2.0.5 (HKLM\...\VLC media player) (Version: 2.0.5 - VideoLAN)
WinAVR 20100110 (remove only) (HKLM-x32\...\WinAVR-20100110) (Version: 20100110 - )
World of Tanks (HKLM-x32\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812EU}_is1) (Version:  - Wargaming.net)
XFastUSB (HKLM-x32\...\XFastUSB) (Version: 3.02.30 - ASRock Inc.)

==================== Restore Points  =========================

Could not list Restore Points. Check "winmgmt" service or repair WMI.


==================== Hosts content: ==========================

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => ?
Task: C:\Windows\Tasks\best-markit Update.job => ?
Task: C:\Windows\Tasks\best-markit_wd.job => ?
Task: C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job => ?
Task: C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job => ?

==================== Loaded Modules (whitelisted) =============

2012-12-12 22:37 - 2012-12-12 22:37 - 00088968 _____ () C:\Program Files\TortoiseSVN\bin\libsasl.dll
2013-01-12 00:07 - 2012-02-27 18:07 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-01-12 00:20 - 2011-05-19 10:58 - 00246784 _____ () C:\Windows\SYSTEM32\APOMgr64.DLL

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== EXE Association (whitelisted) =============


==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (05/14/2014 06:50:12 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/14/2014 06:48:35 PM) (Source: ISCT Agent) (EventID: 1003) (User: )
Description: CAgentState::DoPeriodicSuspendResume    ****Error in initialize NetDetect, status = 0x2

Error: (05/13/2014 08:10:35 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/13/2014 08:08:58 PM) (Source: ISCT Agent) (EventID: 1003) (User: )
Description: CAgentState::DoPeriodicSuspendResume    ****Error in initialize NetDetect, status = 0x2

Error: (05/13/2014 08:44:28 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/13/2014 08:42:52 AM) (Source: ISCT Agent) (EventID: 1003) (User: )
Description: CAgentState::DoPeriodicSuspendResume    ****Error in initialize NetDetect, status = 0x2

Error: (05/12/2014 08:47:29 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/12/2014 08:45:50 PM) (Source: ISCT Agent) (EventID: 1003) (User: )
Description: CAgentState::DoPeriodicSuspendResume    ****Error in initialize NetDetect, status = 0x2

Error: (05/11/2014 10:42:26 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/11/2014 10:40:47 PM) (Source: ISCT Agent) (EventID: 1003) (User: )
Description: CAgentState::DoPeriodicSuspendResume    ****Error in initialize NetDetect, status = 0x2


System errors:
=============
Error: (05/14/2014 06:51:31 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {80C25488-192B-4DE2-8150-5B2D2A2F835E}

Error: (05/07/2014 10:44:09 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "BUP Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (04/10/2014 05:00:42 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR53 gefunden.

Error: (04/10/2014 05:00:36 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR52 gefunden.

Error: (04/10/2014 04:54:02 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR45 gefunden.

Error: (04/10/2014 04:53:57 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR44 gefunden.

Error: (04/10/2014 04:49:12 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR39 gefunden.

Error: (04/10/2014 04:49:06 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR38 gefunden.

Error: (04/10/2014 04:39:57 PM) (Source: VDS Basic Provider) (EventID: 1) (User: )
Description: Unerwarteter Fehler. Fehlercode: D@01010004

Error: (04/10/2014 04:39:57 PM) (Source: VDS Basic Provider) (EventID: 1) (User: )
Description: Unerwarteter Fehler. Fehlercode: D@01010004


Microsoft Office Sessions:
=========================
Error: (05/14/2014 06:50:12 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/14/2014 06:48:35 PM) (Source: ISCT Agent) (EventID: 1003) (User: )
Description: CAgentState::DoPeriodicSuspendResume    ****Error in initialize NetDetect, status = 0x2

Error: (05/13/2014 08:10:35 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/13/2014 08:08:58 PM) (Source: ISCT Agent) (EventID: 1003) (User: )
Description: CAgentState::DoPeriodicSuspendResume    ****Error in initialize NetDetect, status = 0x2

Error: (05/13/2014 08:44:28 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/13/2014 08:42:52 AM) (Source: ISCT Agent) (EventID: 1003) (User: )
Description: CAgentState::DoPeriodicSuspendResume    ****Error in initialize NetDetect, status = 0x2

Error: (05/12/2014 08:47:29 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/12/2014 08:45:50 PM) (Source: ISCT Agent) (EventID: 1003) (User: )
Description: CAgentState::DoPeriodicSuspendResume    ****Error in initialize NetDetect, status = 0x2

Error: (05/11/2014 10:42:26 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/11/2014 10:40:47 PM) (Source: ISCT Agent) (EventID: 1003) (User: )
Description: CAgentState::DoPeriodicSuspendResume    ****Error in initialize NetDetect, status = 0x2


==================== Memory info ===========================

Percentage of memory in use: 47%
Total physical RAM: 3782.71 MB
Available physical RAM: 1967.89 MB
Total Pagefile: 7563.6 MB
Available Pagefile: 5137.25 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:195.21 GB) (Free:139.81 GB) NTFS
Drive d: (Volume) (Fixed) (Total:736.2 GB) (Free:466.18 GB) NTFS

==================== MBR & Partition Table ==================

==================== End Of Log ============================
Gruss
Buck

schrauber 15.05.2014 12:34
Unsere Tools brauchen immer Adminrechte!


Adware & Co. deinstallieren

Solltest Du ein Programm nicht finden oder nicht deinstallieren können, mache bitte mit dem nächsten Schritt weiter:



Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

BuckWheat 15.05.2014 19:01
Hi,

folgendes konnte ich nicht deinstallierenn:
rrsavings (HKLM\...\rrsavings) (Version: 2.0.1 - rrsavings) <==== ATTENTION not
RrSavings (x32 Version: 1.0.0.0 - RrSavings) Hidden <==== ATTENTION not

Hier der Log von ComboFix:
Code:
Combofix Logfile:

       
Code:

       
ComboFix 14-05-13.01 - admin 15.05.2014  19:47:35.1.2 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.3783.1698 [GMT 2:00]
ausgeführt von:: c:\users\joern\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Desktop *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((   Dateien erstellt von 2014-04-15 bis 2014-05-15  ))))))))))))))))))))))))))))))
.
.
2014-05-15 17:52 . 2014-05-15 17:52        --------        d-----w-        c:\users\Default\AppData\Local\temp
2014-05-15 17:52 . 2014-05-15 17:52        --------        d-----w-        c:\users\admin\AppData\Local\temp
2014-05-15 17:52 . 2014-05-15 17:52        --------        d-----w-        c:\users\tvuser\AppData\Local\temp
2014-05-15 17:35 . 2014-05-15 17:35        --------        d-----w-        c:\program files (x86)\VS Revo Group
2014-05-14 16:53 . 2014-05-14 17:07        --------        d-----w-        C:\FRST
2014-05-14 16:50 . 2014-05-14 16:50        --------        d-----w-        c:\users\joern\AppData\Roaming\DropboxMaster
2014-05-13 18:50 . 2014-05-07 02:26        965232        ----a-w-        c:\program files (x86)\Mozilla Firefox\icuuc52.dll
2014-05-13 18:50 . 2014-05-07 02:26        1266800        ----a-w-        c:\program files (x86)\Mozilla Firefox\icuin52.dll
2014-05-13 18:50 . 2014-05-07 02:26        10594416        ----a-w-        c:\program files (x86)\Mozilla Firefox\icudt52.dll
2014-05-08 19:15 . 2014-05-15 16:59        94656        ----a-w-        c:\windows\system32\WPRO_41_2001woem.tmp
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-05-15 16:59 . 2013-01-11 22:17        34752        ----a-w-        c:\windows\system32\drivers\WPRO_41_2001.sys
2014-05-13 19:51 . 2013-01-11 22:48        70832        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-05-13 19:51 . 2013-01-11 22:48        692400        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe
2014-04-10 14:59 . 2013-01-12 15:13        32320        ----a-w-        c:\windows\system32\drivers\FNETTBOH_305.SYS
2014-02-17 00:32 . 2014-02-23 00:57        10536864        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{E1613498-11B3-47CB-9826-7FD24DED5874}\mpengine.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{10AD2C61-0898-4348-8600-14A342F22AC3}]
2014-03-17 10:47        91104        ----a-w-        c:\program files (x86)\RrSavings\2rs3.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20        64792        ----a-w-        c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20        64792        ----a-w-        c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20        64792        ----a-w-        c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20        64792        ----a-w-        c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20        64792        ----a-w-        c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20        64792        ----a-w-        c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20        64792        ----a-w-        c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20        64792        ----a-w-        c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20        64792        ----a-w-        c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MyTomTomSA.exe"="c:\program files (x86)\MyTomTom 3\MyTomTomSA.exe" [2013-08-01 458680]
"Hudl Mercury"="c:\program files (x86)\Hudl Mercury\HudlMercury.exe" [2013-12-04 3396760]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-11-29 284440]
"IMSS"="c:\program files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" [2012-02-07 133400]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-01-26 291608]
"XFastUSB"="c:\program files (x86)\XFastUSB\XFastUsb.exe" [2013-01-11 5019360]
"THX TruStudio NB Settings"="c:\program files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe" [2011-05-19 909824]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2014-02-22 689744]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-18 946352]
"FreePDF Assistant"="c:\program files (x86)\FreePDF_XP\fpassist.exe" [2013-03-14 373760]
"LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2012-09-12 204136]
"PDFPrint"="c:\program files (x86)\PDF24\pdf24.exe" [2014-02-06 189480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"SpUninstallCleanUp"="REG delete HKEY_LOCAL_MACHINE\Software\SearchProtect" [X]
.
c:\users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech . Produktregistrierung.lnk - c:\program files (x86)\Logitech\Ereg\eReg.exe /remind /language=DEU /_WFM="." [2009-11-16 517384]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AutoStart IR.lnk - d:\programme\WinTV\Ir.exe /QUIET [2013-3-4 110647]
WinTV Recording Status.lnk - d:\programme\WinTV\WinTV7\WinTVTray.exe [2013-3-4 151040]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 FNETTBOH_305;FNETTBOH_305;c:\windows\system32\drivers\FNETTBOH_305.SYS;c:\windows\SYSNATIVE\drivers\FNETTBOH_305.SYS [x]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys;c:\windows\SYSNATIVE\drivers\nusb3hub.sys [x]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys;c:\windows\SYSNATIVE\drivers\nusb3xhc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
S0 asahci64;asahci64;c:\windows\system32\DRIVERS\asahci64.sys;c:\windows\SYSNATIVE\DRIVERS\asahci64.sys [x]
S0 AsrRamDisk;AsrRamDisk;c:\windows\system32\DRIVERS\AsrRamDisk.sys;c:\windows\SYSNATIVE\DRIVERS\AsrRamDisk.sys [x]
S0 iusb3hcs;Intel(R) USB 3.0 Hostcontroller-Switchtreiber;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S1 AsrAppCharger;AsrAppCharger;c:\windows\system32\DRIVERS\AsrAppCharger.sys;c:\windows\SYSNATIVE\DRIVERS\AsrAppCharger.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S1 FNETURPX;FNETURPX;c:\windows\system32\drivers\FNETURPX.SYS;c:\windows\SYSNATIVE\drivers\FNETURPX.SYS [x]
S1 HCW88AUD;Hauppauge WinTV 88x Audio Capture;c:\windows\system32\drivers\hcw88aud.sys;c:\windows\SYSNATIVE\drivers\hcw88aud.sys [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 best-markit;best-markit;c:\program files (x86)\best-markit Corp\best-markit158.exe;c:\program files (x86)\best-markit Corp\best-markit158.exe [x]
S2 bukgmhvrux64;bukgmhvrux64;c:\program files\002\bukgmhvrux64.exe run options=01110010020000000000000000000000 sourceguid=EBE2826B-342A-4A1C-8C47-FCCC554BD1A1;c:\program files\002\bukgmhvrux64.exe run options=01110010020000000000000000000000 sourceguid=EBE2826B-342A-4A1C-8C47-FCCC554BD1A1 [x]
S2 HauppaugeTVServer;HauppaugeTVServer;d:\programme\WinTV\TVServer\HauppaugeTVServer.exe;d:\programme\WinTV\TVServer\HauppaugeTVServer.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 Intel(R) ME Service;Intel(R) ME Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [x]
S2 ISCTAgent;ISCT Always Updated Agent;c:\program files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe;c:\program files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 KjsUpdateService2;AppLife Update Service 2.0;c:\program files (x86)\Common Files\AppLifeUpdateService2\kjsausvc.exe;c:\program files (x86)\Common Files\AppLifeUpdateService2\kjsausvc.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 HCW88BDA;Hauppauge WinTV 88x DVB Tuner/Demod;c:\windows\system32\drivers\hcw88bda.sys;c:\windows\SYSNATIVE\drivers\hcw88bda.sys [x]
S3 HCW88TSE;Hauppauge WinTV 88x MPEG/TS Capture;c:\windows\system32\drivers\hcw88tse.sys;c:\windows\SYSNATIVE\drivers\hcw88tse.sys [x]
S3 HCW88TUNE;Hauppauge WinTV 88x Tuner;c:\windows\system32\drivers\hcw88tun.sys;c:\windows\SYSNATIVE\drivers\hcw88tun.sys [x]
S3 hcw88vid;Hauppauge WinTV 88x Video;c:\windows\system32\drivers\hcw88vid.sys;c:\windows\SYSNATIVE\drivers\hcw88vid.sys [x]
S3 HCW88XBAR;Hauppauge WinTV 88x Crossbar;c:\windows\system32\drivers\HCW88BAR.sys;c:\windows\SYSNATIVE\drivers\HCW88BAR.sys [x]
S3 ikbevent;Intel Upper keyboard Class Filter Driver;c:\windows\system32\DRIVERS\ikbevent.sys;c:\windows\SYSNATIVE\DRIVERS\ikbevent.sys [x]
S3 imsevent;Intel Upper Mouse Class Filter Driver;c:\windows\system32\DRIVERS\imsevent.sys;c:\windows\SYSNATIVE\DRIVERS\imsevent.sys [x]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 ISCT;Intel(R) Smart Connect Technology Device Driver;c:\windows\system32\DRIVERS\ISCTD64.sys;c:\windows\SYSNATIVE\DRIVERS\ISCTD64.sys [x]
S3 iusb3hub;Intel(R) USB 3.0-Hubtreiber;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible-Hostcontrollertreiber;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x]
S3 LVUVC64;Logitech HD Webcam C270(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x]
S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys;c:\windows\SYSNATIVE\drivers\MBfilt64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 WPRO_41_2001;WinPcap Packet Driver (WPRO_41_2001);c:\windows\system32\drivers\WPRO_41_2001.sys;c:\windows\SYSNATIVE\drivers\WPRO_41_2001.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2014-05-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-01-11 19:51]
.
2014-05-15 c:\windows\Tasks\best-markit Update.job
- c:\program files (x86)\best-markit Corp\bestu.exe [2014-04-09 19:26]
.
2014-05-15 c:\windows\Tasks\best-markit_wd.job
- c:\program files (x86)\best-markit Corp\best-markit_wd.exe [2014-04-09 19:26]
.
2014-05-15 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
- c:\program files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25 12:41]
.
2014-03-30 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
- c:\program files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25 12:41]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20        75544        ----a-w-        c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20        75544        ----a-w-        c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20        75544        ----a-w-        c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20        75544        ----a-w-        c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20        75544        ----a-w-        c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20        75544        ----a-w-        c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20        75544        ----a-w-        c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20        75544        ----a-w-        c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20        75544        ----a-w-        c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-03-06 170264]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-03-06 398616]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-03-06 439576]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-10-17 13307496]
"THXCfg64"="c:\windows\system32\THXCfg64.dll" [2011-05-13 26624]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"*WerKernelReporting"="c:\windows\SYSTEM32\WerFault.exe" [2009-07-14 415232]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.hattrick.org/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\d9stfx7p.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.hattrick.org
FF - user.js: extensions.blocklist.enabled - false
FF - user.js: app.update.auto - false
FF - user.js: extensions.autoDisableScopes - 0
FF - user.js: extensions.shownSelectionUI - true
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
Wow6432Node-HKCU-Run-ASRockXTU - (no file)
c:\users\joern\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk - c:\users\admin\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - c:\users\joern\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - c:\users\joern\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - c:\users\joern\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - c:\users\joern\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1196304418-2561846535-3657677396-1000_Classes\CLSID]
@DACL=(02 0000)
.
[HKEY_USERS\S-1-5-21-1196304418-2561846535-3657677396-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}]
@DACL=(02 0000)
@="Dropbox Autoplay COM Server"
.
[HKEY_USERS\S-1-5-21-1196304418-2561846535-3657677396-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
@DACL=(02 0000)
@="DropboxExt"
.
[HKEY_USERS\S-1-5-21-1196304418-2561846535-3657677396-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
@DACL=(02 0000)
@="DropboxExt"
.
[HKEY_USERS\S-1-5-21-1196304418-2561846535-3657677396-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
@DACL=(02 0000)
@="DropboxExt"
.
[HKEY_USERS\S-1-5-21-1196304418-2561846535-3657677396-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
@DACL=(02 0000)
@="DropboxExt"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_214_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_214_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_214_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_214_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.13"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2014-05-15  19:54:54
ComboFix-quarantined-files.txt  2014-05-15 17:54
.
Vor Suchlauf: 13 Verzeichnis(se), 150.004.895.744 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 151.981.051.904 Bytes frei
.
- - End Of File - - 1841098091C391026CDCBC1B75153437

--- --- ---
A36C5E4F47E84449FF07ED3517B43A31
Gruss
Buck

schrauber 16.05.2014 11:50
Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.

BuckWheat 17.05.2014 12:19
Hi,

mit den Logs ist etwas schiefgegangen.
Die Logs hatte ich mir in einen Ordner abgelegt.

Nach dem Ausführen von JRT wurde dieser Ordner gelöscht.

Deshalb fehlen die Logs von Malware, Adv cleaner, nur das von JRT ist noch da.
Die Programme sind auch bis auf Malware und Revo wieder entfernt worden.
Sieht nach einer Systemrückstellung aus.

Hir das JRT Log:
Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Professional x64
Ran by admin on 17.05.2014 at  1:35:52,47
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files

Successfully deleted: [File] "C:\Users\admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\user pinned\taskbar\startfenster.lnk"



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\admin\AppData\Roaming\mozilla\firefox\profiles\d9stfx7p.default\minidumps [3 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 17.05.2014 at  1:42:08,16
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRT wieder runtergeladen und Log erstellt:

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-05-2014
Ran by admin (administrator) on JOERN-PC on 17-05-2014 02:04:16
Running from C:\Users\admin\Desktop
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Hauppauge Computer Works) D:\Programme\WinTV\TVServer\HauppaugeTVServer.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
() C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Kinetic Jump Software, LLC) C:\Program Files (x86)\Common Files\AppLifeUpdateService2\kjsausvc.exe
(Hauppauge Computer Works) D:\Programme\WinTV\TVServer\CaptureGenPCI.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(TomTom) C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe
(Hauppauge Computer Works) D:\Programme\WinTV\Ir.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Hauppauge Computer Works, Inc.) D:\Programme\WinTV\WinTV7\WinTVTray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(FNet Co., Ltd.) C:\Program Files (x86)\XFastUSB\XFastUsb.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(shbox.de) C:\Program Files (x86)\FreePDF_XP\fpassist.exe
(Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(hxxp://tortoisesvn.net) C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(hxxp://tortoisesvn.net) C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13307496 2011-10-17] (Realtek Semiconductor)
HKLM\...\Run: [THXCfg64] => C:\Windows\system32\THXCfg64.dll [26624 2011-05-13] (Creative Technology Ltd.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-11-29] (Intel Corporation)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [133400 2012-02-07] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-01-26] (Intel Corporation)
HKLM-x32\...\Run: [XFastUSB] => C:\Program Files (x86)\XFastUSB\XFastUsb.exe [5019360 2013-01-12] (FNet Co., Ltd.)
HKLM-x32\...\Run: [THX TruStudio NB Settings] => C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe [909824 2011-05-19] (Creative Technology Ltd)
HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-22] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [946352 2012-12-18] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [FreePDF Assistant] => C:\Program Files (x86)\FreePDF_XP\fpassist.exe [373760 2013-03-14] (shbox.de)
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-13] (Logitech Inc.)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [189480 2014-02-06] (Geek Software GmbH)
HKLM\...\RunOnce: [*WerKernelReporting] - %SYSTEMROOT%\SYSTEM32\WerFault.exe -k -rq [415232 2009-07-14] (Microsoft Corporation)
HKLM-x32\...\Runonce: [SpUninstallCleanUp] - REG delete HKEY_LOCAL_MACHINE\Software\SearchProtect /f [X]
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1196304418-2561846535-3657677396-1000\...\Run: [ASRockXTU] => [X]
HKU\S-1-5-21-1196304418-2561846535-3657677396-1000\...\Run: [MyTomTomSA.exe] => C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe [458680 2013-08-01] (TomTom)
HKU\S-1-5-21-1196304418-2561846535-3657677396-1000\...\MountPoints2: G - "G:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-21-1196304418-2561846535-3657677396-1000\...\MountPoints2: {1eafcd0e-5c46-11e2-8641-bc5ff43d783c} - "G:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-21-1196304418-2561846535-3657677396-1001\...\Run: [MyTomTomSA.exe] => C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe [458680 2013-08-01] (TomTom)
HKU\S-1-5-21-1196304418-2561846535-3657677396-1001\...\Run: [Hudl Mercury] => C:\Program Files (x86)\Hudl Mercury\HudlMercury.exe [3396760 2013-12-04] (Agile Sports Technologies)
Startup: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk
ShortcutTarget: Logitech . Produktregistrierung.lnk -> C:\Program Files (x86)\Logitech\Ereg\eReg.exe (Leader Technologies/Logitech)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AutoStart IR.lnk
ShortcutTarget: AutoStart IR.lnk -> D:\Programme\WinTV\Ir.exe (Hauppauge Computer Works)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinTV Recording Status.lnk
ShortcutTarget: WinTV Recording Status.lnk -> D:\Programme\WinTV\WinTV7\WinTVTray.exe (Hauppauge Computer Works, Inc.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.hattrick.org/
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=protegere
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\d9stfx7p.default
FF Homepage: hxxp://www.hattrick.org
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.5 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Protegere - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\d9stfx7p.default\Extensions\security@protegere.org [2014-04-09]
FF HKCU\...\Firefox\Extensions: [{07e403c0-41ac-420d-8d82-3a4d196059a8}] - C:\Program Files (x86)\best-markit Corp\158.xpi
FF Extension: No Name - C:\Program Files (x86)\best-markit Corp\158.xpi [2014-04-09]

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-22] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-22] (Avira Operations GmbH & Co. KG)
R2 HauppaugeTVServer; D:\Programme\WinTV\TVServer\HauppaugeTVServer.exe [577536 2013-01-25] (Hauppauge Computer Works)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128280 2012-02-07] ()
R2 ISCTAgent; C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [133632 2012-02-09] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-02-07] (Intel Corporation)
R2 KjsUpdateService2; C:\Program Files (x86)\Common Files\AppLifeUpdateService2\kjsausvc.exe [12800 2011-08-02] (Kinetic Jump Software, LLC)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation)

==================== Drivers (Whitelisted) ====================

R0 asahci64; C:\Windows\System32\DRIVERS\asahci64.sys [49760 2011-09-21] (Asmedia Technology)
R0 AsrRamDisk; C:\Windows\System32\DRIVERS\AsrRamDisk.sys [31016 2012-01-13] (ASRock Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-25] (Avira Operations GmbH & Co. KG)
R3 FNETTBOH_305; C:\Windows\System32\drivers\FNETTBOH_305.SYS [32320 2014-04-10] (FNet Co., Ltd.)
R1 FNETURPX; C:\Windows\System32\drivers\FNETURPX.SYS [15936 2013-01-12] (FNet Co., Ltd.)
R3 ikbevent; C:\Windows\System32\DRIVERS\ikbevent.sys [25536 2012-02-09] ()
R3 imsevent; C:\Windows\System32\DRIVERS\imsevent.sys [25536 2012-02-09] ()
R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [44992 2012-02-09] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-04-03] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63192 2014-04-03] (Malwarebytes Corporation)
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [59904 2009-07-14] (Microsoft Corporation)
R3 WPRO_41_2001; C:\Windows\System32\drivers\WPRO_41_2001.sys [34752 2014-05-17] ()

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-17 02:04 - 2014-05-17 02:04 - 00014436 _____ () C:\Users\admin\Desktop\FRST.txt
2014-05-17 02:00 - 2014-05-17 02:00 - 02067456 _____ (Farbar) C:\Users\admin\Desktop\FRST64.exe
2014-05-17 01:53 - 2014-05-17 01:53 - 00001146 _____ () C:\Users\joern\Desktop\mbam.txt
2014-05-17 01:42 - 2014-05-17 01:42 - 00000899 _____ () C:\Users\admin\Desktop\JRT.txt
2014-05-17 01:35 - 2014-05-17 01:35 - 00000000 ____D () C:\Windows\ERUNT
2014-05-17 01:32 - 2014-05-17 01:32 - 01016261 _____ (Thisisu) C:\Users\joern\Desktop\JRT.exe
2014-05-16 19:59 - 2014-05-17 01:34 - 00000000 ____D () C:\AdwCleaner
2014-05-16 19:58 - 2014-05-16 19:58 - 01325827 _____ () C:\Users\joern\Desktop\adwcleaner_3.208.exe
2014-05-16 19:56 - 2014-05-16 19:56 - 00004830 _____ () C:\Users\joern\Desktop\malware.txt
2014-05-16 19:33 - 2014-05-16 19:33 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-16 19:32 - 2014-05-16 19:32 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-16 19:32 - 2014-05-16 19:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-16 19:32 - 2014-05-16 19:32 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-16 19:32 - 2014-05-16 19:32 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-16 19:32 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-16 19:32 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-16 19:32 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-16 19:31 - 2014-05-16 19:31 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\joern\Downloads\mbam-setup-2.0.1.1004.exe
2014-05-15 19:54 - 2014-05-15 19:54 - 00026672 _____ () C:\ComboFix.txt
2014-05-15 19:44 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-05-15 19:44 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-05-15 19:44 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-05-15 19:44 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-05-15 19:44 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-05-15 19:44 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-05-15 19:44 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-05-15 19:44 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-05-15 19:43 - 2014-05-15 19:54 - 00000000 ____D () C:\Qoobox
2014-05-15 19:43 - 2014-05-15 19:42 - 05200050 ____R (Swearware) C:\Users\joern\Desktop\ComboFix.exe
2014-05-15 19:42 - 2014-05-15 19:53 - 00000000 ____D () C:\Windows\erdnt
2014-05-15 19:41 - 2014-05-15 19:42 - 05200050 ____R (Swearware) C:\Users\joern\Downloads\ComboFix.exe
2014-05-15 19:35 - 2014-05-15 19:35 - 00001268 _____ () C:\Users\admin\Desktop\Revo Uninstaller.lnk
2014-05-15 19:35 - 2014-05-15 19:35 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-05-15 19:32 - 2014-05-15 19:32 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\joern\Downloads\revosetup95.exe
2014-05-14 18:55 - 2014-05-15 19:39 - 00017478 _____ () C:\Users\joern\Desktop\Addition.txt
2014-05-14 18:53 - 2014-05-17 02:04 - 00000000 ____D () C:\FRST
2014-05-14 18:53 - 2014-05-14 19:07 - 00019061 _____ () C:\Users\joern\Desktop\FRST.txt
2014-05-14 18:52 - 2014-05-14 18:52 - 02066944 _____ (Farbar) C:\Users\joern\Desktop\FRST64.exe
2014-05-14 18:50 - 2014-05-14 18:50 - 00000000 ____D () C:\Users\joern\AppData\Roaming\DropboxMaster
2014-05-13 20:48 - 2014-05-13 20:48 - 00283144 _____ (Mozilla) C:\Users\joern\Downloads\Firefox Setup Stub 29.0.1.exe
2014-05-08 21:15 - 2014-05-17 01:26 - 00094656 _____ (CACE Technologies) C:\Windows\system32\WPRO_41_2001woem.tmp

==================== One Month Modified Files and Folders =======

2014-05-17 02:04 - 2014-05-17 02:04 - 00014436 _____ () C:\Users\admin\Desktop\FRST.txt
2014-05-17 02:04 - 2014-05-14 18:53 - 00000000 ____D () C:\FRST
2014-05-17 02:00 - 2014-05-17 02:00 - 02067456 _____ (Farbar) C:\Users\admin\Desktop\FRST64.exe
2014-05-17 01:53 - 2014-05-17 01:53 - 00001146 _____ () C:\Users\joern\Desktop\mbam.txt
2014-05-17 01:51 - 2014-02-06 12:30 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-17 01:42 - 2014-05-17 01:42 - 00000899 _____ () C:\Users\admin\Desktop\JRT.txt
2014-05-17 01:35 - 2014-05-17 01:35 - 00000000 ____D () C:\Windows\ERUNT
2014-05-17 01:34 - 2014-05-16 19:59 - 00000000 ____D () C:\AdwCleaner
2014-05-17 01:34 - 2009-07-14 06:45 - 00026720 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-17 01:34 - 2009-07-14 06:45 - 00026720 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-17 01:32 - 2014-05-17 01:32 - 01016261 _____ (Thisisu) C:\Users\joern\Desktop\JRT.exe
2014-05-17 01:32 - 2013-01-09 07:02 - 00696132 _____ () C:\Windows\system32\perfh007.dat
2014-05-17 01:32 - 2013-01-09 07:02 - 00147428 _____ () C:\Windows\system32\perfc007.dat
2014-05-17 01:32 - 2009-07-14 07:13 - 01611160 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-17 01:27 - 2013-01-12 00:12 - 00000828 _____ () C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
2014-05-17 01:26 - 2014-05-08 21:15 - 00094656 _____ (CACE Technologies) C:\Windows\system32\WPRO_41_2001woem.tmp
2014-05-17 01:26 - 2014-04-09 21:26 - 00000402 _____ () C:\Windows\Tasks\best-markit_wd.job
2014-05-17 01:26 - 2014-04-09 21:26 - 00000400 _____ () C:\Windows\Tasks\best-markit Update.job
2014-05-17 01:26 - 2013-09-09 21:14 - 00000000 ____D () C:\Users\joern\AppData\Local\FreePDF_XP
2014-05-17 01:26 - 2013-01-12 00:17 - 00034752 _____ () C:\Windows\system32\Drivers\WPRO_41_2001.sys
2014-05-17 01:26 - 2010-11-21 05:47 - 00228734 _____ () C:\Windows\PFRO.log
2014-05-17 01:26 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-17 01:26 - 2009-07-14 06:51 - 00062659 _____ () C:\Windows\setupact.log
2014-05-17 01:25 - 2013-01-08 22:10 - 01469765 _____ () C:\Windows\WindowsUpdate.log
2014-05-16 19:58 - 2014-05-16 19:58 - 01325827 _____ () C:\Users\joern\Desktop\adwcleaner_3.208.exe
2014-05-16 19:56 - 2014-05-16 19:56 - 00004830 _____ () C:\Users\joern\Desktop\malware.txt
2014-05-16 19:56 - 2014-04-09 21:26 - 00000000 ____D () C:\Program Files (x86)\best-markit Corp
2014-05-16 19:48 - 2013-02-23 01:02 - 00000000 ____D () C:\Users\joern\AppData\Local\TSVNCache
2014-05-16 19:33 - 2014-05-16 19:33 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-16 19:33 - 2013-02-23 02:42 - 00000000 ____D () C:\Users\admin\AppData\Local\TSVNCache
2014-05-16 19:32 - 2014-05-16 19:32 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-16 19:32 - 2014-05-16 19:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-16 19:32 - 2014-05-16 19:32 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-16 19:32 - 2014-05-16 19:32 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-16 19:31 - 2014-05-16 19:31 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\joern\Downloads\mbam-setup-2.0.1.1004.exe
2014-05-15 20:03 - 2013-02-23 01:10 - 00000000 ___RD () C:\Users\joern\Dropbox
2014-05-15 19:55 - 2009-07-14 07:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-05-15 19:54 - 2014-05-15 19:54 - 00026672 _____ () C:\ComboFix.txt
2014-05-15 19:54 - 2014-05-15 19:43 - 00000000 ____D () C:\Qoobox
2014-05-15 19:53 - 2014-05-15 19:42 - 00000000 ____D () C:\Windows\erdnt
2014-05-15 19:53 - 2013-01-08 22:10 - 00000000 ___RD () C:\Users\joern\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-15 19:53 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-05-15 19:42 - 2014-05-15 19:43 - 05200050 ____R (Swearware) C:\Users\joern\Desktop\ComboFix.exe
2014-05-15 19:42 - 2014-05-15 19:41 - 05200050 ____R (Swearware) C:\Users\joern\Downloads\ComboFix.exe
2014-05-15 19:39 - 2014-05-14 18:55 - 00017478 _____ () C:\Users\joern\Desktop\Addition.txt
2014-05-15 19:35 - 2014-05-15 19:35 - 00001268 _____ () C:\Users\admin\Desktop\Revo Uninstaller.lnk
2014-05-15 19:35 - 2014-05-15 19:35 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-05-15 19:32 - 2014-05-15 19:32 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\joern\Downloads\revosetup95.exe
2014-05-15 19:29 - 2013-02-23 01:05 - 00000000 ____D () C:\Users\joern\AppData\Roaming\Dropbox
2014-05-14 19:07 - 2014-05-14 18:53 - 00019061 _____ () C:\Users\joern\Desktop\FRST.txt
2014-05-14 18:52 - 2014-05-14 18:52 - 02066944 _____ (Farbar) C:\Users\joern\Desktop\FRST64.exe
2014-05-14 18:50 - 2014-05-14 18:50 - 00000000 ____D () C:\Users\joern\AppData\Roaming\DropboxMaster
2014-05-14 18:50 - 2013-02-23 01:10 - 00000979 _____ () C:\Users\joern\Desktop\Dropbox.lnk
2014-05-14 18:50 - 2013-02-23 01:07 - 00000000 ____D () C:\Users\joern\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-05-14 18:48 - 2014-03-30 10:20 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-14 18:48 - 2013-01-12 00:47 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-05-13 21:51 - 2014-02-06 12:30 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-05-13 21:51 - 2013-01-12 00:48 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-13 21:51 - 2013-01-12 00:48 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-13 20:50 - 2013-01-12 00:47 - 00001163 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-05-13 20:50 - 2013-01-12 00:47 - 00001151 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-05-13 20:48 - 2014-05-13 20:48 - 00283144 _____ (Mozilla) C:\Users\joern\Downloads\Firefox Setup Stub 29.0.1.exe
2014-05-13 08:42 - 2009-07-14 07:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-05-07 22:44 - 2013-02-03 16:43 - 00000000 ____D () C:\Users\joern\AppData\Roaming\Skype

Some content of TEMP:
====================
C:\Users\joern\AppData\Local\temp\avgnt.exe
C:\Users\joern\AppData\Local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpnjoyvp.dll


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-05-12 21:23

==================== End Of Log ============================
--- --- ---

--- --- ---


FRT Addition:

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-05-2014
Ran by admin (administrator) on JOERN-PC on 17-05-2014 02:07:19
Running from C:\Users\admin\Desktop
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Hauppauge Computer Works) D:\Programme\WinTV\TVServer\HauppaugeTVServer.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
() C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Kinetic Jump Software, LLC) C:\Program Files (x86)\Common Files\AppLifeUpdateService2\kjsausvc.exe
(Hauppauge Computer Works) D:\Programme\WinTV\TVServer\CaptureGenPCI.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(TomTom) C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe
(Hauppauge Computer Works) D:\Programme\WinTV\Ir.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Hauppauge Computer Works, Inc.) D:\Programme\WinTV\WinTV7\WinTVTray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(FNet Co., Ltd.) C:\Program Files (x86)\XFastUSB\XFastUsb.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(shbox.de) C:\Program Files (x86)\FreePDF_XP\fpassist.exe
(Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(hxxp://tortoisesvn.net) C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(hxxp://tortoisesvn.net) C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13307496 2011-10-17] (Realtek Semiconductor)
HKLM\...\Run: [THXCfg64] => C:\Windows\system32\THXCfg64.dll [26624 2011-05-13] (Creative Technology Ltd.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-11-29] (Intel Corporation)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [133400 2012-02-07] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-01-26] (Intel Corporation)
HKLM-x32\...\Run: [XFastUSB] => C:\Program Files (x86)\XFastUSB\XFastUsb.exe [5019360 2013-01-12] (FNet Co., Ltd.)
HKLM-x32\...\Run: [THX TruStudio NB Settings] => C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe [909824 2011-05-19] (Creative Technology Ltd)
HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-22] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [946352 2012-12-18] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [FreePDF Assistant] => C:\Program Files (x86)\FreePDF_XP\fpassist.exe [373760 2013-03-14] (shbox.de)
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-13] (Logitech Inc.)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [189480 2014-02-06] (Geek Software GmbH)
HKLM\...\RunOnce: [*WerKernelReporting] - %SYSTEMROOT%\SYSTEM32\WerFault.exe -k -rq [415232 2009-07-14] (Microsoft Corporation)
HKLM-x32\...\Runonce: [SpUninstallCleanUp] - REG delete HKEY_LOCAL_MACHINE\Software\SearchProtect /f [X]
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1196304418-2561846535-3657677396-1000\...\Run: [ASRockXTU] => [X]
HKU\S-1-5-21-1196304418-2561846535-3657677396-1000\...\Run: [MyTomTomSA.exe] => C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe [458680 2013-08-01] (TomTom)
HKU\S-1-5-21-1196304418-2561846535-3657677396-1000\...\MountPoints2: G - "G:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-21-1196304418-2561846535-3657677396-1000\...\MountPoints2: {1eafcd0e-5c46-11e2-8641-bc5ff43d783c} - "G:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-21-1196304418-2561846535-3657677396-1001\...\Run: [MyTomTomSA.exe] => C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe [458680 2013-08-01] (TomTom)
HKU\S-1-5-21-1196304418-2561846535-3657677396-1001\...\Run: [Hudl Mercury] => C:\Program Files (x86)\Hudl Mercury\HudlMercury.exe [3396760 2013-12-04] (Agile Sports Technologies)
Startup: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk
ShortcutTarget: Logitech . Produktregistrierung.lnk -> C:\Program Files (x86)\Logitech\Ereg\eReg.exe (Leader Technologies/Logitech)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AutoStart IR.lnk
ShortcutTarget: AutoStart IR.lnk -> D:\Programme\WinTV\Ir.exe (Hauppauge Computer Works)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinTV Recording Status.lnk
ShortcutTarget: WinTV Recording Status.lnk -> D:\Programme\WinTV\WinTV7\WinTVTray.exe (Hauppauge Computer Works, Inc.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.hattrick.org/
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=protegere
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\d9stfx7p.default
FF Homepage: hxxp://www.hattrick.org
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.5 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Protegere - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\d9stfx7p.default\Extensions\security@protegere.org [2014-04-09]
FF HKCU\...\Firefox\Extensions: [{07e403c0-41ac-420d-8d82-3a4d196059a8}] - C:\Program Files (x86)\best-markit Corp\158.xpi
FF Extension: No Name - C:\Program Files (x86)\best-markit Corp\158.xpi [2014-04-09]

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-22] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-22] (Avira Operations GmbH & Co. KG)
R2 HauppaugeTVServer; D:\Programme\WinTV\TVServer\HauppaugeTVServer.exe [577536 2013-01-25] (Hauppauge Computer Works)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128280 2012-02-07] ()
R2 ISCTAgent; C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [133632 2012-02-09] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-02-07] (Intel Corporation)
R2 KjsUpdateService2; C:\Program Files (x86)\Common Files\AppLifeUpdateService2\kjsausvc.exe [12800 2011-08-02] (Kinetic Jump Software, LLC)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation)

==================== Drivers (Whitelisted) ====================

R0 asahci64; C:\Windows\System32\DRIVERS\asahci64.sys [49760 2011-09-21] (Asmedia Technology)
R0 AsrRamDisk; C:\Windows\System32\DRIVERS\AsrRamDisk.sys [31016 2012-01-13] (ASRock Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-25] (Avira Operations GmbH & Co. KG)
R3 FNETTBOH_305; C:\Windows\System32\drivers\FNETTBOH_305.SYS [32320 2014-04-10] (FNet Co., Ltd.)
R1 FNETURPX; C:\Windows\System32\drivers\FNETURPX.SYS [15936 2013-01-12] (FNet Co., Ltd.)
R3 ikbevent; C:\Windows\System32\DRIVERS\ikbevent.sys [25536 2012-02-09] ()
R3 imsevent; C:\Windows\System32\DRIVERS\imsevent.sys [25536 2012-02-09] ()
R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [44992 2012-02-09] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-04-03] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63192 2014-04-03] (Malwarebytes Corporation)
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [59904 2009-07-14] (Microsoft Corporation)
R3 WPRO_41_2001; C:\Windows\System32\drivers\WPRO_41_2001.sys [34752 2014-05-17] ()

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-17 02:04 - 2014-05-17 02:07 - 00014436 _____ () C:\Users\admin\Desktop\FRST.txt
2014-05-17 02:00 - 2014-05-17 02:00 - 02067456 _____ (Farbar) C:\Users\admin\Desktop\FRST64.exe
2014-05-17 01:53 - 2014-05-17 01:53 - 00001146 _____ () C:\Users\joern\Desktop\mbam.txt
2014-05-17 01:42 - 2014-05-17 01:42 - 00000899 _____ () C:\Users\admin\Desktop\JRT.txt
2014-05-17 01:35 - 2014-05-17 01:35 - 00000000 ____D () C:\Windows\ERUNT
2014-05-17 01:32 - 2014-05-17 01:32 - 01016261 _____ (Thisisu) C:\Users\joern\Desktop\JRT.exe
2014-05-16 19:59 - 2014-05-17 01:34 - 00000000 ____D () C:\AdwCleaner
2014-05-16 19:58 - 2014-05-16 19:58 - 01325827 _____ () C:\Users\joern\Desktop\adwcleaner_3.208.exe
2014-05-16 19:56 - 2014-05-16 19:56 - 00004830 _____ () C:\Users\joern\Desktop\malware.txt
2014-05-16 19:33 - 2014-05-16 19:33 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-16 19:32 - 2014-05-16 19:32 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-16 19:32 - 2014-05-16 19:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-16 19:32 - 2014-05-16 19:32 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-16 19:32 - 2014-05-16 19:32 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-16 19:32 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-16 19:32 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-16 19:32 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-16 19:31 - 2014-05-16 19:31 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\joern\Downloads\mbam-setup-2.0.1.1004.exe
2014-05-15 19:54 - 2014-05-15 19:54 - 00026672 _____ () C:\ComboFix.txt
2014-05-15 19:44 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-05-15 19:44 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-05-15 19:44 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-05-15 19:44 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-05-15 19:44 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-05-15 19:44 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-05-15 19:44 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-05-15 19:44 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-05-15 19:43 - 2014-05-15 19:54 - 00000000 ____D () C:\Qoobox
2014-05-15 19:43 - 2014-05-15 19:42 - 05200050 ____R (Swearware) C:\Users\joern\Desktop\ComboFix.exe
2014-05-15 19:42 - 2014-05-15 19:53 - 00000000 ____D () C:\Windows\erdnt
2014-05-15 19:41 - 2014-05-15 19:42 - 05200050 ____R (Swearware) C:\Users\joern\Downloads\ComboFix.exe
2014-05-15 19:35 - 2014-05-15 19:35 - 00001268 _____ () C:\Users\admin\Desktop\Revo Uninstaller.lnk
2014-05-15 19:35 - 2014-05-15 19:35 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-05-15 19:32 - 2014-05-15 19:32 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\joern\Downloads\revosetup95.exe
2014-05-14 18:55 - 2014-05-15 19:39 - 00017478 _____ () C:\Users\joern\Desktop\Addition.txt
2014-05-14 18:53 - 2014-05-17 02:07 - 00000000 ____D () C:\FRST
2014-05-14 18:53 - 2014-05-14 19:07 - 00019061 _____ () C:\Users\joern\Desktop\FRST.txt
2014-05-14 18:52 - 2014-05-14 18:52 - 02066944 _____ (Farbar) C:\Users\joern\Desktop\FRST64.exe
2014-05-14 18:50 - 2014-05-14 18:50 - 00000000 ____D () C:\Users\joern\AppData\Roaming\DropboxMaster
2014-05-13 20:48 - 2014-05-13 20:48 - 00283144 _____ (Mozilla) C:\Users\joern\Downloads\Firefox Setup Stub 29.0.1.exe
2014-05-08 21:15 - 2014-05-17 01:26 - 00094656 _____ (CACE Technologies) C:\Windows\system32\WPRO_41_2001woem.tmp

==================== One Month Modified Files and Folders =======

2014-05-17 02:07 - 2014-05-17 02:04 - 00014436 _____ () C:\Users\admin\Desktop\FRST.txt
2014-05-17 02:07 - 2014-05-14 18:53 - 00000000 ____D () C:\FRST
2014-05-17 02:00 - 2014-05-17 02:00 - 02067456 _____ (Farbar) C:\Users\admin\Desktop\FRST64.exe
2014-05-17 01:53 - 2014-05-17 01:53 - 00001146 _____ () C:\Users\joern\Desktop\mbam.txt
2014-05-17 01:51 - 2014-02-06 12:30 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-17 01:42 - 2014-05-17 01:42 - 00000899 _____ () C:\Users\admin\Desktop\JRT.txt
2014-05-17 01:35 - 2014-05-17 01:35 - 00000000 ____D () C:\Windows\ERUNT
2014-05-17 01:34 - 2014-05-16 19:59 - 00000000 ____D () C:\AdwCleaner
2014-05-17 01:34 - 2009-07-14 06:45 - 00026720 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-17 01:34 - 2009-07-14 06:45 - 00026720 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-17 01:32 - 2014-05-17 01:32 - 01016261 _____ (Thisisu) C:\Users\joern\Desktop\JRT.exe
2014-05-17 01:32 - 2013-01-09 07:02 - 00696132 _____ () C:\Windows\system32\perfh007.dat
2014-05-17 01:32 - 2013-01-09 07:02 - 00147428 _____ () C:\Windows\system32\perfc007.dat
2014-05-17 01:32 - 2009-07-14 07:13 - 01611160 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-17 01:31 - 2013-01-08 22:10 - 01469765 _____ () C:\Windows\WindowsUpdate.log
2014-05-17 01:27 - 2013-01-12 00:12 - 00000828 _____ () C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
2014-05-17 01:26 - 2014-05-08 21:15 - 00094656 _____ (CACE Technologies) C:\Windows\system32\WPRO_41_2001woem.tmp
2014-05-17 01:26 - 2014-04-09 21:26 - 00000402 _____ () C:\Windows\Tasks\best-markit_wd.job
2014-05-17 01:26 - 2014-04-09 21:26 - 00000400 _____ () C:\Windows\Tasks\best-markit Update.job
2014-05-17 01:26 - 2013-09-09 21:14 - 00000000 ____D () C:\Users\joern\AppData\Local\FreePDF_XP
2014-05-17 01:26 - 2013-01-12 00:17 - 00034752 _____ () C:\Windows\system32\Drivers\WPRO_41_2001.sys
2014-05-17 01:26 - 2010-11-21 05:47 - 00228734 _____ () C:\Windows\PFRO.log
2014-05-17 01:26 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-17 01:26 - 2009-07-14 06:51 - 00062659 _____ () C:\Windows\setupact.log
2014-05-16 19:58 - 2014-05-16 19:58 - 01325827 _____ () C:\Users\joern\Desktop\adwcleaner_3.208.exe
2014-05-16 19:56 - 2014-05-16 19:56 - 00004830 _____ () C:\Users\joern\Desktop\malware.txt
2014-05-16 19:56 - 2014-04-09 21:26 - 00000000 ____D () C:\Program Files (x86)\best-markit Corp
2014-05-16 19:48 - 2013-02-23 01:02 - 00000000 ____D () C:\Users\joern\AppData\Local\TSVNCache
2014-05-16 19:33 - 2014-05-16 19:33 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-16 19:33 - 2013-02-23 02:42 - 00000000 ____D () C:\Users\admin\AppData\Local\TSVNCache
2014-05-16 19:32 - 2014-05-16 19:32 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-16 19:32 - 2014-05-16 19:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-16 19:32 - 2014-05-16 19:32 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-16 19:32 - 2014-05-16 19:32 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-16 19:31 - 2014-05-16 19:31 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\joern\Downloads\mbam-setup-2.0.1.1004.exe
2014-05-15 20:03 - 2013-02-23 01:10 - 00000000 ___RD () C:\Users\joern\Dropbox
2014-05-15 19:55 - 2009-07-14 07:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-05-15 19:54 - 2014-05-15 19:54 - 00026672 _____ () C:\ComboFix.txt
2014-05-15 19:54 - 2014-05-15 19:43 - 00000000 ____D () C:\Qoobox
2014-05-15 19:53 - 2014-05-15 19:42 - 00000000 ____D () C:\Windows\erdnt
2014-05-15 19:53 - 2013-01-08 22:10 - 00000000 ___RD () C:\Users\joern\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-15 19:53 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-05-15 19:42 - 2014-05-15 19:43 - 05200050 ____R (Swearware) C:\Users\joern\Desktop\ComboFix.exe
2014-05-15 19:42 - 2014-05-15 19:41 - 05200050 ____R (Swearware) C:\Users\joern\Downloads\ComboFix.exe
2014-05-15 19:39 - 2014-05-14 18:55 - 00017478 _____ () C:\Users\joern\Desktop\Addition.txt
2014-05-15 19:35 - 2014-05-15 19:35 - 00001268 _____ () C:\Users\admin\Desktop\Revo Uninstaller.lnk
2014-05-15 19:35 - 2014-05-15 19:35 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-05-15 19:32 - 2014-05-15 19:32 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\joern\Downloads\revosetup95.exe
2014-05-15 19:29 - 2013-02-23 01:05 - 00000000 ____D () C:\Users\joern\AppData\Roaming\Dropbox
2014-05-14 19:07 - 2014-05-14 18:53 - 00019061 _____ () C:\Users\joern\Desktop\FRST.txt
2014-05-14 18:52 - 2014-05-14 18:52 - 02066944 _____ (Farbar) C:\Users\joern\Desktop\FRST64.exe
2014-05-14 18:50 - 2014-05-14 18:50 - 00000000 ____D () C:\Users\joern\AppData\Roaming\DropboxMaster
2014-05-14 18:50 - 2013-02-23 01:10 - 00000979 _____ () C:\Users\joern\Desktop\Dropbox.lnk
2014-05-14 18:50 - 2013-02-23 01:07 - 00000000 ____D () C:\Users\joern\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-05-14 18:48 - 2014-03-30 10:20 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-14 18:48 - 2013-01-12 00:47 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-05-13 21:51 - 2014-02-06 12:30 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-05-13 21:51 - 2013-01-12 00:48 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-13 21:51 - 2013-01-12 00:48 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-13 20:50 - 2013-01-12 00:47 - 00001163 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-05-13 20:50 - 2013-01-12 00:47 - 00001151 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-05-13 20:48 - 2014-05-13 20:48 - 00283144 _____ (Mozilla) C:\Users\joern\Downloads\Firefox Setup Stub 29.0.1.exe
2014-05-13 08:42 - 2009-07-14 07:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-05-07 22:44 - 2013-02-03 16:43 - 00000000 ____D () C:\Users\joern\AppData\Roaming\Skype

Some content of TEMP:
====================
C:\Users\joern\AppData\Local\temp\avgnt.exe
C:\Users\joern\AppData\Local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpnjoyvp.dll


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-05-12 21:23

==================== End Of Log ============================
--- --- ---

--- --- ---

Hier gibt es wieder ein Attention:
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION


Gruss
Buck

Nachtrag.

Heute nach dem Hochfahren waren der Ordner mit den Logs wieder da.
Auch scheint das System nochmals wiederhergestellt worden zu sein.

Bildschirmauflösung etc sind wieder die alten.
Ich maile mal die fehlenden Logs.

Firefox arbeitet schon wieder wie früher, da gibt es Erfolge zu melden.
Im FRT Log ist noch ein Attention.

Gruss
Buck


AdwCleaner[R0]
Code:
# AdwCleaner v3.208 - Bericht erstellt am 16/05/2014 um 19:59:59
# Aktualisiert 11/05/2014 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzername : admin - JOERN-PC
# Gestartet von : C:\Users\joern\Desktop\adwcleaner_3.208.exe
# Option : Suchen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Datei Gefunden : C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Startfenster.lnk
Datei Gefunden : C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\d9stfx7p.default\user.js
Ordner Gefunden : C:\Program Files (x86)\RrSavings
Ordner Gefunden : C:\Program Files\002
Ordner Gefunden : C:\Program Files\RrSavings
Ordner Gefunden : C:\Users\admin\AppData\Roaming\BupSystem

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\RrSavings
Schlüssel Gefunden : HKCU\Software\OCS
Schlüssel Gefunden : [x64] HKCU\Software\OCS
Schlüssel Gefunden : HKLM\Software\Classes\Installer\Features\07BF6653227E2814286618E5EA689289
Schlüssel Gefunden : HKLM\Software\Classes\Installer\Products\07BF6653227E2814286618E5EA689289
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3566FB70-E722-4182-8266-815EAE862998}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\LevelQualityWatcher
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RrSavings
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\RrSavings

***** [ Browser ] *****

-\\ Internet Explorer v9.0.8112.16476


-\\ Mozilla Firefox v29.0.1 (de)

[ Datei : C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\d9stfx7p.default\prefs.js ]


[ Datei : C:\Users\joern\AppData\Roaming\Mozilla\Firefox\Profiles\f2475axk.default\prefs.js ]

Zeile gefunden : user_pref("browser.startup.homepage", "hxxp://search.conduit.com/?gd=&ctid=CT3322196&octid=EB_ORIGINAL_CTID&ISID=M450BE6AF-FF72-41A4-BDA4-24FE07A633F3&SearchSource=55&CUI=&UM=5&UP=SPFACFADE7-2D05-4DF6[...]

[ Datei : C:\Users\tvuser\AppData\Roaming\Mozilla\Firefox\Profiles\sn4agd5i.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [2418 octets] - [16/05/2014 19:59:59]

########## EOF - \AdwCleaner\AdwCleaner[R0].txt - [2478 octets] ##########
AdwCleaner[R0]
Code:
# AdwCleaner v3.208 - Bericht erstellt am 17/05/2014 um 01:25:11
# Aktualisiert 11/05/2014 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzername : admin - JOERN-PC
# Gestartet von : C:\Users\joern\Desktop\adwcleaner_3.208.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\Program Files (x86)\RrSavings
Ordner Gelöscht : C:\Program Files\002
Ordner Gelöscht : C:\Program Files\RrSavings
Ordner Gelöscht : C:\Users\admin\AppData\Roaming\BupSystem
Datei Gelöscht : C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Startfenster.lnk
Datei Gelöscht : C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\d9stfx7p.default\user.js

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\RrSavings
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3566FB70-E722-4182-8266-815EAE862998}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\LevelQualityWatcher
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\RrSavings
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RrSavings
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Features\07BF6653227E2814286618E5EA689289
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Products\07BF6653227E2814286618E5EA689289

***** [ Browser ] *****

-\\ Internet Explorer v9.0.8112.16476


-\\ Mozilla Firefox v29.0.1 (de)

[ Datei : C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\d9stfx7p.default\prefs.js ]


[ Datei : C:\Users\joern\AppData\Roaming\Mozilla\Firefox\Profiles\f2475axk.default\prefs.js ]

Zeile gelöscht : user_pref("browser.startup.homepage", "hxxp://search.conduit.com/?gd=&ctid=CT3322196&octid=EB_ORIGINAL_CTID&ISID=M450BE6AF-FF72-41A4-BDA4-24FE07A633F3&SearchSource=55&CUI=&UM=5&UP=SPFACFADE7-2D05-4DF6[...]

[ Datei : C:\Users\tvuser\AppData\Roaming\Mozilla\Firefox\Profiles\sn4agd5i.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [2572 octets] - [16/05/2014 19:59:59]
AdwCleaner[S0].txt - [2437 octets] - [17/05/2014 01:25:11]

########## EOF - \AdwCleaner\AdwCleaner[S0].txt - [2497 octets] ##########
mbam
Code:
Malwarebytes Anti-Malware
www.malwarebytes.org


Protection, 16.05.2014 19:33:06, SYSTEM, JOERN-PC, Protection, Malware Protection, Starting,
Protection, 16.05.2014 19:33:06, SYSTEM, JOERN-PC, Protection, Malware Protection, Started,
Protection, 16.05.2014 19:33:06, SYSTEM, JOERN-PC, Protection, Malicious Website Protection, Starting,
Update, 16.05.2014 19:33:16, SYSTEM, JOERN-PC, Manual, Rootkit Database, 2014.2.20.1, 2014.3.27.1,
Protection, 16.05.2014 19:33:21, SYSTEM, JOERN-PC, Protection, Malicious Website Protection, Started,
Update, 16.05.2014 19:33:27, SYSTEM, JOERN-PC, Manual, Malware Database, 2014.3.4.9, 2014.5.16.12,
Protection, 16.05.2014 19:33:38, SYSTEM, JOERN-PC, Protection, Refresh, Starting,
Protection, 16.05.2014 19:33:38, SYSTEM, JOERN-PC, Protection, Malicious Website Protection, Stopping,
Protection, 16.05.2014 19:33:38, SYSTEM, JOERN-PC, Protection, Malicious Website Protection, Stopped,
Protection, 16.05.2014 19:33:42, SYSTEM, JOERN-PC, Protection, Refresh, Success,
Protection, 16.05.2014 19:33:42, SYSTEM, JOERN-PC, Protection, Malicious Website Protection, Starting,
Protection, 16.05.2014 19:33:43, SYSTEM, JOERN-PC, Protection, Malicious Website Protection, Started,
Protection, 16.05.2014 19:47:58, SYSTEM, JOERN-PC, Protection, Malware Protection, Starting,
Protection, 16.05.2014 19:47:58, SYSTEM, JOERN-PC, Protection, Malware Protection, Started,
Protection, 16.05.2014 19:47:58, SYSTEM, JOERN-PC, Protection, Malicious Website Protection, Starting,
Protection, 16.05.2014 19:49:17, SYSTEM, JOERN-PC, Protection, Malicious Website Protection, Started,
Detection, 16.05.2014 19:50:58, SYSTEM, JOERN-PC, Protection, Malware Protection, File, PUP.Optional.RRSavings.A, C:\Program Files (x86)\RrSavings\2rs3.dll, Quarantine, [bf5d7fd3e79481b5593fbbc1976b8977]
Protection, 16.05.2014 19:50:58, SYSTEM, JOERN-PC, Protection, SDKQuarantine, 5, Failed, C:\Program Files (x86)\RrSavings\2rs3.dll,
Error, 16.05.2014 19:50:58, SYSTEM, JOERN-PC, Protection, SDKQuarantine, 5, Failed, C:\Program Files (x86)\RrSavings\2rs3.dll,
Detection, 16.05.2014 19:54:44, SYSTEM, JOERN-PC, Protection, Malware Protection, File, PUP.Optional.RRSavings.A, c:\program files (x86)\rrsavings\2rs3.dll, Quarantine, [bf5d7fd3e79481b5593fbbc1976b8977]
Protection, 16.05.2014 19:54:44, SYSTEM, JOERN-PC, Protection, SDKQuarantine, 2, Failed, c:\program files (x86)\rrsavings\2rs3.dll,
Error, 16.05.2014 19:54:44, SYSTEM, JOERN-PC, Protection, SDKQuarantine, 2, Failed, c:\program files (x86)\rrsavings\2rs3.dll,
Detection, 16.05.2014 19:54:47, SYSTEM, JOERN-PC, Protection, Malware Protection, File, PUP.Optional.RRSavings.A, c:\program files (x86)\rrsavings\2rs3.dll, Quarantine, [bf5d7fd3e79481b5593fbbc1976b8977]
Protection, 16.05.2014 19:54:47, SYSTEM, JOERN-PC, Protection, SDKQuarantine, 2, Failed, c:\program files (x86)\rrsavings\2rs3.dll,
Error, 16.05.2014 19:54:47, SYSTEM, JOERN-PC, Protection, SDKQuarantine, 2, Failed, c:\program files (x86)\rrsavings\2rs3.dll,
Detection, 16.05.2014 19:54:47, SYSTEM, JOERN-PC, Protection, Malware Protection, File, PUP.Optional.BestMarkIt.A, C:\Program Files (x86)\best-markit Corp\best-markit158.exe, Quarantine, [39e321311c5f2f074ad952257989b14f]
Protection, 16.05.2014 19:54:47, SYSTEM, JOERN-PC, Protection, SDKQuarantine, 5, Failed, C:\Program Files (x86)\best-markit Corp\best-markit158.exe,
Error, 16.05.2014 19:54:47, SYSTEM, JOERN-PC, Protection, SDKQuarantine, 5, Failed, C:\Program Files (x86)\best-markit Corp\best-markit158.exe,
Detection, 16.05.2014 19:54:47, SYSTEM, JOERN-PC, Protection, Malware Protection, File, PUP.Optional.BestMarkIt.A, C:\Program Files (x86)\best-markit Corp\best-markit158.dll, Quarantine, [d14b262ceb90c76f1e051f587d85847c]
Protection, 16.05.2014 19:54:47, SYSTEM, JOERN-PC, Protection, SDKQuarantine, 5, Failed, C:\Program Files (x86)\best-markit Corp\best-markit158.dll,
Error, 16.05.2014 19:54:47, SYSTEM, JOERN-PC, Protection, SDKQuarantine, 5, Failed, C:\Program Files (x86)\best-markit Corp\best-markit158.dll,
Detection, 16.05.2014 19:55:51, SYSTEM, JOERN-PC, Protection, Malware Protection, File, PUP.Optional.BestMarkIt.A, C:\Program Files (x86)\best-markit Corp\best-markit158.dll, Quarantine, [d14b262ceb90c76f1e051f587d85847c]
Detection, 16.05.2014 19:55:51, SYSTEM, JOERN-PC, Protection, Malware Protection, File, PUP.Optional.BestMarkIt.A, C:\Program Files (x86)\best-markit Corp\best-markit158.exe, Quarantine, [39e321311c5f2f074ad952257989b14f]
Protection, 16.05.2014 19:55:51, SYSTEM, JOERN-PC, Protection, SDKQuarantine, 5, Failed, C:\Program Files (x86)\best-markit Corp\best-markit158.exe,
Error, 16.05.2014 19:55:51, SYSTEM, JOERN-PC, Protection, SDKQuarantine, 5, Failed, C:\Program Files (x86)\best-markit Corp\best-markit158.exe,

(end)

mbam2
Code:
Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 16.05.2014
Suchlauf-Zeit: 19:46:20
Logdatei: mbam2.txt
Administrator: Nein

Version: 2.00.1.1004
Malware Datenbank: v2014.05.16.12
Rootkit Datenbank: v2014.03.27.01
Lizenz: Testversion
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Chameleon: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: joern

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 193035
Verstrichene Zeit: 12 Min, 13 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Shuriken: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 7
Adware.Adpeak, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\bukgmhvrux64, Löschen bei Neustart, [74a830228ceff83edd9507350ff530d0],
PUP.Optional.CouponDownloader.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{10AD2C61-0898-4348-8600-14A342F22AC3}, Löschen bei Neustart, [41dbd37fccaf75c14f981c0962a02cd4],
PUP.Optional.CouponDownloader.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{10AD2C61-0898-4348-8600-14A342F22AC3}, Löschen bei Neustart, [41dbd37fccaf75c14f981c0962a02cd4],
PUP.Optional.RRSavings.A, HKLM\SOFTWARE\rrsavings, Löschen bei Neustart, [63b9ff53e19ad561c80f0a7e57abf907],
PUP.Optional.RRSavings.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\rrsavings, Löschen bei Neustart, [d349f260106b59ddd2033f4905fd916f],
PUP.Optional.BestMarkIt.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\best-markit, Löschen bei Neustart, [d349232f1c5f64d26adb098eb949ad53],
PUP.Optional.BestMarkIt.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\cec73dbc-cc47-471c-a2e7-288ad572cb41, Löschen bei Neustart, [d04c520083f84ceae241c5b2a2600df3],

Registrierungswerte: 0
(No malicious items detected)

Registrierungsdaten: 0
(No malicious items detected)

Ordner: 31
PUP.Optional.BestMarkIt.A, C:\Program Files (x86)\best-markit Corp, Löschen bei Neustart, [d04c520083f84ceae241c5b2a2600df3],
PUP.Optional.RRSavings.A, C:\Program Files\rrsavings, Löschen bei Neustart, [36e60b473348b77f9206106cb64c46ba],
PUP.Optional.RRSavings.A, C:\Program Files (x86)\RrSavings, Löschen bei Neustart, [fc209db5b0cbd85e67315d1fba4851af],
PUP.Optional.RRSavings.A, C:\Users\joern\AppData\Roaming\Mozilla\Firefox\Profiles\f2475axk.default\extensions\RrSavings@jetpack, In Quarantäne, [28f4de7498e38ea8a9f1c7b5ea188080],
PUP.Optional.RRSavings.A, C:\Users\joern\AppData\Roaming\Mozilla\Firefox\Profiles\f2475axk.default\extensions\RrSavings@jetpack\defaults, In Quarantäne, [28f4de7498e38ea8a9f1c7b5ea188080],
PUP.Optional.RRSavings.A, C:\Users\joern\AppData\Roaming\Mozilla\Firefox\Profiles\f2475axk.default\extensions\RrSavings@jetpack\defaults\preferences, In Quarantäne, [28f4de7498e38ea8a9f1c7b5ea188080],
PUP.Optional.RRSavings.A, C:\Users\joern\AppData\Roaming\Mozilla\Firefox\Profiles\f2475axk.default\extensions\RrSavings@jetpack\locale, In Quarantäne, [28f4de7498e38ea8a9f1c7b5ea188080],
PUP.Optional.RRSavings.A, C:\Users\joern\AppData\Roaming\Mozilla\Firefox\Profiles\f2475axk.default\extensions\RrSavings@jetpack\resources, In Quarantäne, [28f4de7498e38ea8a9f1c7b5ea188080],
PUP.Optional.RRSavings.A, C:\Users\joern\AppData\Roaming\Mozilla\Firefox\Profiles\f2475axk.default\extensions\RrSavings@jetpack\resources\addon-kit, In Quarantäne, [28f4de7498e38ea8a9f1c7b5ea188080],
PUP.Optional.RRSavings.A, C:\Users\joern\AppData\Roaming\Mozilla\Firefox\Profiles\f2475axk.default\extensions\RrSavings@jetpack\resources\addon-kit\data, In Quarantäne, [28f4de7498e38ea8a9f1c7b5ea188080],
PUP.Optional.RRSavings.A, C:\Users\joern\AppData\Roaming\Mozilla\Firefox\Profiles\f2475axk.default\extensions\RrSavings@jetpack\resources\addon-kit\lib, In Quarantäne, [28f4de7498e38ea8a9f1c7b5ea188080],
PUP.Optional.RRSavings.A, C:\Users\joern\AppData\Roaming\Mozilla\Firefox\Profiles\f2475axk.default\extensions\RrSavings@jetpack\resources\api-utils, In Quarantäne, [28f4de7498e38ea8a9f1c7b5ea188080],
PUP.Optional.RRSavings.A, C:\Users\joern\AppData\Roaming\Mozilla\Firefox\Profiles\f2475axk.default\extensions\RrSavings@jetpack\resources\api-utils\data, In Quarantäne, [28f4de7498e38ea8a9f1c7b5ea188080],
PUP.Optional.RRSavings.A, C:\Users\joern\AppData\Roaming\Mozilla\Firefox\Profiles\f2475axk.default\extensions\RrSavings@jetpack\resources\api-utils\lib, In Quarantäne, [28f4de7498e38ea8a9f1c7b5ea188080],
PUP.Optional.RRSavings.A, C:\Users\joern\AppData\Roaming\Mozilla\Firefox\Profiles\f2475axk.default\extensions\RrSavings@jetpack\resources\api-utils\lib\event, In Quarantäne, [28f4de7498e38ea8a9f1c7b5ea188080],
PUP.Optional.RRSavings.A, C:\Users\joern\AppData\Roaming\Mozilla\Firefox\Profiles\f2475axk.default\extensions\RrSavings@jetpack\resources\api-utils\lib\addon, In Quarantäne, [28f4de7498e38ea8a9f1c7b5ea188080],
PUP.Optional.RRSavings.A, C:\Users\joern\AppData\Roaming\Mozilla\Firefox\Profiles\f2475axk.default\extensions\RrSavings@jetpack\resources\api-utils\lib\content, In Quarantäne, [28f4de7498e38ea8a9f1c7b5ea188080],
PUP.Optional.RRSavings.A, C:\Users\joern\AppData\Roaming\Mozilla\Firefox\Profiles\f2475axk.default\extensions\RrSavings@jetpack\resources\api-utils\lib\dom, In Quarantäne, [28f4de7498e38ea8a9f1c7b5ea188080],
PUP.Optional.RRSavings.A, C:\Users\joern\AppData\Roaming\Mozilla\Firefox\Profiles\f2475axk.default\extensions\RrSavings@jetpack\resources\api-utils\lib\events, In Quarantäne, [28f4de7498e38ea8a9f1c7b5ea188080],
PUP.Optional.RRSavings.A, C:\Users\joern\AppData\Roaming\Mozilla\Firefox\Profiles\f2475axk.default\extensions\RrSavings@jetpack\resources\api-utils\lib\l10n, In Quarantäne, [28f4de7498e38ea8a9f1c7b5ea188080],
PUP.Optional.RRSavings.A, C:\Users\joern\AppData\Roaming\Mozilla\Firefox\Profiles\f2475axk.default\extensions\RrSavings@jetpack\resources\api-utils\lib\private-browsing, In Quarantäne, [28f4de7498e38ea8a9f1c7b5ea188080],
PUP.Optional.RRSavings.A, C:\Users\joern\AppData\Roaming\Mozilla\Firefox\Profiles\f2475axk.default\extensions\RrSavings@jetpack\resources\api-utils\lib\system, In Quarantäne, [28f4de7498e38ea8a9f1c7b5ea188080],
PUP.Optional.RRSavings.A, C:\Users\joern\AppData\Roaming\Mozilla\Firefox\Profiles\f2475axk.default\extensions\RrSavings@jetpack\resources\api-utils\lib\tabs, In Quarantäne, [28f4de7498e38ea8a9f1c7b5ea188080],
PUP.Optional.RRSavings.A, C:\Users\joern\AppData\Roaming\Mozilla\Firefox\Profiles\f2475axk.default\extensions\RrSavings@jetpack\resources\api-utils\lib\traits, In Quarantäne, [28f4de7498e38ea8a9f1c7b5ea188080],
PUP.Optional.RRSavings.A, C:\Users\joern\AppData\Roaming\Mozilla\Firefox\Profiles\f2475axk.default\extensions\RrSavings@jetpack\resources\api-utils\lib\utils, In Quarantäne, [28f4de7498e38ea8a9f1c7b5ea188080],
PUP.Optional.RRSavings.A, C:\Users\joern\AppData\Roaming\Mozilla\Firefox\Profiles\f2475axk.default\extensions\RrSavings@jetpack\resources\api-utils\lib\window, In Quarantäne, [28f4de7498e38ea8a9f1c7b5ea188080],
PUP.Optional.RRSavings.A, C:\Users\joern\AppData\Roaming\Mozilla\Firefox\Profiles\f2475axk.default\extensions\RrSavings@jetpack\resources\api-utils\lib\windows, In Quarantäne, [28f4de7498e38ea8a9f1c7b5ea188080],
PUP.Optional.RRSavings.A, C:\Users\joern\AppData\Roaming\Mozilla\Firefox\Profiles\f2475axk.default\extensions\RrSavings@jetpack\resources\RrSavings, In Quarantäne, [28f4de7498e38ea8a9f1c7b5ea188080],
PUP.Optional.RRSavings.A, C:\Users\joern\AppData\Roaming\Mozilla\Firefox\Profiles\f2475axk.default\extensions\RrSavings@jetpack\resources\RrSavings\data, In Quarantäne, [28f4de7498e38ea8a9f1c7b5ea188080],
PUP.Optional.RRSavings.A, C:\Users\joern\AppData\Roaming\Mozilla\Firefox\Profiles\f2475axk.default\extensions\RrSavings@jetpack\resources\RrSavings\lib, In Quarantäne, [28f4de7498e38ea8a9f1c7b5ea188080],
PUP.Optional.RRSavings.A, C:\Users\joern\AppData\Roaming\Mozilla\Firefox\Profiles\f2475axk.default\extensions\RrSavings@jetpack\resources\RrSavings\tests, In Quarantäne, [28f4de7498e38ea8a9f1c7b5ea188080],

Dateien: 121
Adware.Adpeak, C:\Program Files\002\bukgmhvrux64.exe, Löschen bei Neustart, [74a830228ceff83edd9507350ff530d0],
PUP.Optional.CouponDownloader.A, C:\Program Files (x86)\RrSavings\2rs3.dll, Löschen bei Neustart, [41dbd37fccaf75c14f981c0962a02cd4],
PUP.Optional.Breitschopp, C:\Users\joern\Downloads\agsetup183se.exe, In Quarantäne, [9c80f45e3d3e1422452d4eeb699b6799],
PUP.Optional.Trovi.A, C:\Users\joern\AppData\Roaming\Mozilla\Firefox\Profiles\f2475axk.default\searchplugins\trovi-search.xml, In Quarantäne, [23f9df73ef8ce84e37d63c47ad558c74],
PUP.Optional.BestMarkIt.A, C:\Windows\Tasks\best-markit Update.job, Löschen bei Neustart, [e03c8cc6eb90b086bd31a3eb2fd34cb4],
PUP.Optional.BestMarkIt.A, C:\Windows\Tasks\best-markit_wd.job, Löschen bei Neustart, [38e495bd82f90d29f7f7bdd1ef13e917],
PUP.Optional.BestMarkIt.A, C:\Program Files (x86)\best-markit Corp\best-markit158.exe, Löschen bei Neustart, [d349232f1c5f64d26adb098eb949ad53],
PUP.Optional.BestMarkIt.A, C:\Program Files (x86)\best-markit Corp\158.crx, Löschen bei Neustart, [d04c520083f84ceae241c5b2a2600df3],
PUP.Optional.BestMarkIt.A, C:\Program Files (x86)\best-markit Corp\158.dat, Löschen bei Neustart, [d04c520083f84ceae241c5b2a2600df3],
PUP.Optional.BestMarkIt.A, C:\Program Files (x86)\best-markit Corp\158.xpi, Löschen bei Neustart, [d04c520083f84ceae241c5b2a2600df3],
PUP.Optional.BestMarkIt.A, C:\Program Files (x86)\best-markit Corp\a.db, Löschen bei Neustart, [d04c520083f84ceae241c5b2a2600df3],
PUP.Optional.BestMarkIt.A, C:\Program Files (x86)\best-markit Corp\b.db, Löschen bei Neustart, [d04c520083f84ceae241c5b2a2600df3],
PUP.Optional.BestMarkIt.A, C:\Program Files (x86)\best-markit Corp\best-markit158.bin, Löschen bei Neustart, [d04c520083f84ceae241c5b2a2600df3],
PUP.Optional.BestMarkIt.A, C:\Program Files (x86)\best-markit Corp\best-markit158.dll, Löschen bei Neustart, [d04c520083f84ceae241c5b2a2600df3],
PUP.Optional.BestMarkIt.A, C:\Program Files (x86)\best-markit Corp\best-markit158.ini, Löschen bei Neustart, [d04c520083f84ceae241c5b2a2600df3],
PUP.Optional.BestMarkIt.A, C:\Program Files (x86)\best-markit Corp\best-markit_wd.exe, Löschen bei Neustart, [d04c520083f84ceae241c5b2a2600df3],
PUP.Optional.BestMarkIt.A, C:\Program Files (x86)\best-markit Corp\bestu.exe, Löschen bei Neustart, [d04c520083f84ceae241c5b2a2600df3],
PUP.Optional.BestMarkIt.A, C:\Program Files (x86)\best-markit Corp\Sqlite3.dll, Löschen bei Neustart, [d04c520083f84ceae241c5b2a2600df3],
PUP.Optional.BestMarkIt.A, C:\Program Files (x86)\best-markit Corp\Uninstall.exe, Löschen bei Neustart, [d04c520083f84ceae241c5b2a2600df3],
PUP.Optional.RRSavings.A, C:\Program Files\rrsavings\uninstaller.exe, Löschen bei Neustart, [36e60b473348b77f9206106cb64c46ba],
PUP.Optional.RRSavings.A, C:\Program Files (x86)\RrSavings\background.js, Löschen bei Neustart, [fc209db5b0cbd85e67315d1fba4851af],
PUP.Optional.RRSavings.A, C:\Program Files (x86)\RrSavings\CustomActionInstall, Löschen bei Neustart, [fc209db5b0cbd85e67315d1fba4851af],
PUP.Optional.RRSavings.A, C:\Program Files (x86)\RrSavings\CustomActionUninstall, Löschen bei Neustart, [fc209db5b0cbd85e67315d1fba4851af],
PUP.Optional.RRSavings.A, C:\Program Files (x86)\RrSavings\icon128.png, Löschen bei Neustart, [fc209db5b0cbd85e67315d1fba4851af],
PUP.Optional.RRSavings.A, C:\Program Files (x86)\RrSavings\icon16.png, Löschen bei Neustart, [fc209db5b0cbd85e67315d1fba4851af],
PUP.Optional.RRSavings.A, C:\Program Files (x86)\RrSavings\icon32.png, Löschen bei Neustart, [fc209db5b0cbd85e67315d1fba4851af],
PUP.Optional.RRSavings.A, C:\Program Files (x86)\RrSavings\icon48.png, Löschen bei Neustart, [fc209db5b0cbd85e67315d1fba4851af],
PUP.Optional.RRSavings.A, C:\Program Files (x86)\RrSavings\icon64.png, Löschen bei Neustart, [fc209db5b0cbd85e67315d1fba4851af],
PUP.Optional.RRSavings.A, C:\Program Files (x86)\RrSavings\icon8.png, Löschen bei Neustart, [fc209db5b0cbd85e67315d1fba4851af],
PUP.Optional.RRSavings.A, C:\Program Files (x86)\RrSavings\iwalyk.js, Löschen bei Neustart, [fc209db5b0cbd85e67315d1fba4851af],
PUP.Optional.RRSavings.A, C:\Program Files (x86)\RrSavings\manifest.json, Löschen bei Neustart, [fc209db5b0cbd85e67315d1fba4851af],
PUP.Optional.RRSavings.A, C:\Program Files (x86)\RrSavings\marcopolo.js, Löschen bei Neustart, [fc209db5b0cbd85e67315d1fba4851af],
PUP.Optional.RRSavings.A, C:\Program Files (x86)\RrSavings\Microsoft.Deployment.WindowsInstaller.dll, Löschen bei Neustart, [fc209db5b0cbd85e67315d1fba4851af],
PUP.Optional.RRSavings.A, C:\Program Files (x86)\RrSavings\Microsoft.Deployment.WindowsInstaller.xml, Löschen bei Neustart, [fc209db5b0cbd85e67315d1fba4851af],
PUP.Optional.RRSavings.A, C:\Program Files (x86)\RrSavings\SendJson.dll, Löschen bei Neustart, [fc209db5b0cbd85e67315d1fba4851af],
PUP.Optional.RRSavings.A, C:\Users\joern\AppData\Roaming\Mozilla\Firefox\Profiles\f2475axk.default\extensions\RrSavings@jetpack\bootstrap.js, In Quarantäne, [28f4de7498e38ea8a9f1c7b5ea188080],
PUP.Optional.RRSavings.A, C:\Users\joern\AppData\Roaming\Mozilla\Firefox\Profiles\f2475axk.default\extensions\RrSavings@jetpack\harness-options.json, In Quarantäne, [28f4de7498e38ea8a9f1c7b5ea188080],
PUP.Optional.RRSavings.A, C:\Users\joern\AppData\Roaming\Mozilla\Firefox\Profiles\f2475axk.default\extensions\RrSavings@jetpack\icon.png, In Quarantäne, [28f4de7498e38ea8a9f1c7b5ea188080],
PUP.Optional.RRSavings.A, C:\Users\joern\AppData\Roaming\Mozilla\Firefox\Profiles\f2475axk.default\extensions\RrSavings@jetpack\install.rdf, In Quarantäne, [28f4de7498e38ea8a9f1c7b5ea188080],
PUP.Optional.RRSavings.A, C:\Users\joern\AppData\Roaming\Mozilla\Firefox\Profiles\f2475axk.default\extensions\RrSavings@jetpack\locales.json, In Quarantäne, [28f4de7498e38ea8a9f1c7b5ea188080],
PUP.Optional.RRSavings.A, C:\Users\joern\AppData\Roaming\Mozilla\Firefox\Profiles\f2475axk.default\extensions\RrSavings@jetpack\defaults\preferences\prefs.js, In Quarantäne, [28f4de7498e38ea8a9f1c7b5ea188080],
PUP.Optional.RRSavings.A, C:\Users\joern\AppData\Roaming\Mozilla\Firefox\Profiles\f2475axk.default\extensions\RrSavings@jetpack\resources\addon-kit\lib\page-mod.js, In Quarantäne, [28f4de7498e38ea8a9f1c7b5ea188080],
PUP.Optional.RRSavings.A, C:\Users\joern\AppData\Roaming\Mozilla\Firefox\Profiles\f2475axk.default\extensions\RrSavings@jetpack\resources\addon-kit\lib\private-browsing.js, In Quarantäne, [28f4de7498e38ea8a9f1c7b5ea188080],
PUP.Optional.RRSavings.A, C:\Users\joern\AppData\Roaming\Mozilla\Firefox\Profiles\f2475axk.default\extensions\RrSavings@jetpack\resources\addon-kit\lib\request.js, In Quarantäne, [28f4de7498e38ea8a9f1c7b5ea188080],
PUP.Optional.RRSavings.A, C:\Users\joern\AppData\Roaming\Mozilla\Firefox\Profiles\f2475axk.default\extensions\RrSavings@jetpack\resources\addon-kit\lib\windows.js, In Quarantäne, [28f4de7498e38ea8a9f1c7b5ea188080],
PUP.Optional.RRSavings.A, C:\Users\joern\AppData\Roaming\Mozilla\Firefox\Profiles\f2475axk.default\extensions\RrSavings@jetpack\resources\api-utils\lib\observer-service.js, In Quarantäne, [28f4de7498e38ea8a9f1c7b5ea188080],
PUP.Optional.RRSavings.A, C:\Users\joern\AppData\Roaming\Mozilla\Firefox\Profiles\f2475axk.default\extensions\RrSavings@jetpack\resources\api-utils\lib\api-utils.js, In Quarantäne, [28f4de7498e38ea8a9f1c7b5ea188080],
PUP.Optional.RRSavings.A, C:\Users\joern\AppData\Roaming\Mozilla\Firefox\Profiles\f2475axk.default\extensions\RrSavings@jetpack\resources\api-utils\lib\base64.js, In Quarantäne, [28f4de7498e38ea8a9f1c7b5ea188080],
PUP.Optional.RRSavings.A, C:\Users\joern\AppData\Roaming\Mozilla\Firefox\Profiles\f2475axk.default\extensions\RrSavings@jetpack\resources\api-utils\lib\byte-streams.js, In Quarantäne, [28f4de7498e38ea8a9f1c7b5ea188080],
PUP.Optional.RRSavings.A, C:\Users\joern\AppData\Roaming\Mozilla\Firefox\Profiles\f2475axk.default\extensions\RrSavings@jetpack\resources\api-utils\lib\collection.js, In Quarantäne, [28f4de7498e38ea8a9f1c7b5ea188080],
PUP.Optional.RRSavings.A, C:\Users\joern\AppData\Roaming\Mozilla\Firefox\Profiles\f2475axk.default\extensions\RrSavings@jetpack\resources\api-utils\lib\content.js, In Quarantäne, [28f4de7498e38ea8a9f1c7b5ea188080],
PUP.Optional.RRSavings.A, C:\Users\joern\AppData\Roaming\Mozilla\Firefox\Profiles\f2475axk.default\extensions\RrSavings@jetpack\resources\api-utils\lib\cortex.js, In Quarantäne, [28f4de7498e38ea8a9f1c7b5ea188080],
PUP.Optional.RRSavings.A, C:\Users\joern\AppData\Roaming\Mozilla\Firefox\Profiles\f2475axk.default\extensions\RrSavings@jetpack\resources\api-utils\lib\cuddlefish.js, In Quarantäne, [28f4de7498e38ea8a9f1c7b5ea188080],
PUP.Optional.RRSavings.A, C:\Users\joern\AppData\Roaming\Mozilla\Firefox\Profiles\f2475axk.default\extensions\RrSavings@jetpack\resources\api-utils\lib\deprecate.js, In Quarantäne, [28f4de7498e38ea8a9f1c7b5ea188080],
PUP.Optional.RRSavings.A, C:\Users\joern\AppData\Roaming\Mozilla\Firefox\Profiles\f2475axk.default\extensions\RrSavings@jetpack\resources\api-utils\lib\environment.js, In Quarantäne, [28f4de7498e38ea8a9f1c7b5ea188080],
PUP.Optional.RRSavings.A, C:\Users\joern\AppData\Roaming\Mozilla\Firefox\Profiles\f2475axk.default\extensions\RrSavings@jetpack\resources\api-utils\lib\errors.js, In Quarantäne, [28f4de7498e38ea8a9f1c7b5ea188080],
PUP.Optional.RRSavings.A, C:\Users\joern\AppData\Roaming\Mozilla\Firefox\Profiles\f2475axk.default\extensions\RrSavings@jetpack\resources\api-utils\lib\events.js, In Quarantäne, [28f4de7498e38ea8a9f1c7b5ea188080],
PUP.Optional.RRSavings.A, C:\Users\joern\AppData\Roaming\Mozilla\Firefox\Profiles\f2475axk.default\extensions\RrSavings@jetpack\resources\api-utils\lib\file.js, In Quarantäne, [28f4de7498e38ea8a9f1c7b5ea188080],
PUP.Optional.RRSavings.A, C:\Users\joern\AppData\Roaming\Mozilla\Firefox\Profiles\f2475axk.default\extensions\RrSavings@jetpack\resources\api-utils\lib\functional.js, In Quarantäne, [28f4de7498e38ea8a9f1c7b5ea188080],
PUP.Optional.RRSavings.A, C:\Users\joern\AppData\Roaming\Mozilla\Firefox\Profiles\f2475axk.default\extensions\RrSavings@jetpack\resources\api-utils\lib\globals.js, In Quarantäne, [28f4de7498e38ea8a9f1c7b5ea188080],
PUP.Optional.RRSavings.A, C:\Users\joern\AppData\Roaming\Mozilla\Firefox\Profiles\f2475axk.default\extensions\RrSavings@jetpack\resources\api-utils\lib\heritage.js, In Quarantäne, [28f4de7498e38ea8a9f1c7b5ea188080],
PUP.Optional.RRSavings.A, C:\Users\joern\AppData\Roaming\Mozilla\Firefox\Profiles\f2475axk.default\extensions\RrSavings@jetpack\resources\api-utils\lib\hidden-frame.js, In Quarantäne, [28f4de7498e38ea8a9f1c7b5ea188080],
PUP.Optional.RRSavings.A, C:\Users\joern\AppData\Roaming\Mozilla\Firefox\Profiles\f2475axk.default\extensions\RrSavings@jetpack\resources\api-utils\lib\light-traits.js, In Quarantäne, [28f4de7498e38ea8a9f1c7b5ea188080],
PUP.Optional.RRSavings.A, C:\Users\joern\AppData\Roaming\Mozilla\Firefox\Profiles\f2475axk.default\extensions\RrSavings@jetpack\resources\api-utils\lib\list.js, In Quarantäne, [28f4de7498e38ea8a9f1c7b5ea188080],
PUP.Optional.RRSavings.A, C:\Users\joern\AppData\Roaming\Mozilla\Firefox\Profiles\f2475axk.default\extensions\RrSavings@jetpack\resources\api-utils\lib\loader.js, In Quarantäne, [28f4de7498e38ea8a9f1c7b5ea188080],
PUP.Optional.RRSavings.A, C:\Users\joern\AppData\Roaming\Mozilla\Firefox\Profiles\f2475axk.default\extensions\RrSavings@jetpack\resources\api-utils\lib\match-pattern.js, In Quarantäne, [28f4de7498e38ea8a9f1c7b5ea188080],
PUP.Optional.RRSavings.A, C:\Users\joern\AppData\Roaming\Mozilla\Firefox\Profiles\f2475axk.default\extensions\RrSavings@jetpack\resources\api-utils\lib\memory.js, In Quarantäne, [28f4de7498e38ea8a9f1c7b5ea188080],
PUP.Optional.RRSavings.A, C:\Users\joern\AppData\Roaming\Mozilla\Firefox\Profiles\f2475axk.default\extensions\RrSavings@jetpack\resources\api-utils\lib\namespace.js, In Quarantäne, [28f4de7498e38ea8a9f1c7b5ea188080],
PUP.Optional.RRSavings.A, C:\Users\joern\AppData\Roaming\Mozilla\Firefox\Profiles\f2475axk.default\extensions\RrSavings@jetpack\resources\api-utils\lib\plain-text-console.js, In Quarantäne, [28f4de7498e38ea8a9f1c7b5ea188080],
PUP.Optional.RRSavings.A, C:\Users\joern\AppData\Roaming\Mozilla\Firefox\Profiles\f2475axk.default\extensions\RrSavings@jetpack\resources\api-utils\lib\preferences-service.js, In Quarantäne, [28f4de7498e38ea8a9f1c7b5ea188080],
PUP.Optional.RRSavings.A, C:\Users\joern\AppData\Roaming\Mozilla\Firefox\Profiles\f2475axk.default\extensions\RrSavings@jetpack\resources\api-utils\lib\promise.js, In Quarantäne, [28f4de7498e38ea8a9f1c7b5ea188080],
PUP.Optional.RRSavings.A, C:\Users\joern\AppData\Roaming\Mozilla\Firefox\Profiles\f2475axk.default\extensions\RrSavings@jetpack\resources\api-utils\lib\querystring.js, In Quarantäne, [28f4de7498e38ea8a9f1c7b5ea188080],
PUP.Optional.RRSavings.A, C:\Users\joern\AppData\Roaming\Mozilla\Firefox\Profiles\f2475axk.default\extensions\RrSavings@jetpack\resources\api-utils\lib\runtime.js, In Quarantäne, [28f4de7498e38ea8a9f1c7b5ea188080],
PUP.Optional.RRSavings.A, C:\Users\joern\AppData\Roaming\Mozilla\Firefox\Profiles\f2475axk.default\extensions\RrSavings@jetpack\resources\api-utils\lib\sandbox.js, In Quarantäne, [28f4de7498e38ea8a9f1c7b5ea188080],
PUP.Optional.RRSavings.A, C:\Users\joern\AppData\Roaming\Mozilla\Firefox\Profiles\f2475axk.default\extensions\RrSavings@jetpack\resources\api-utils\lib\self.js, In Quarantäne, [28f4de7498e38ea8a9f1c7b5ea188080],
PUP.Optional.RRSavings.A, C:\Users\joern\AppData\Roaming\Mozilla\Firefox\Profiles\f2475axk.default\extensions\RrSavings@jetpack\resources\api-utils\lib\system.js, In Quarantäne, [28f4de7498e38ea8a9f1c7b5ea188080],
PUP.Optional.RRSavings.A, C:\Users\joern\AppData\Roaming\Mozilla\Firefox\Profiles\f2475axk.default\extensions\RrSavings@jetpack\resources\api-utils\lib\text-streams.js, In Quarantäne, [28f4de7498e38ea8a9f1c7b5ea188080],
PUP.Optional.RRSavings.A, C:\Users\joern\AppData\Roaming\Mozilla\Firefox\Profiles\f2475axk.default\extensions\RrSavings@jetpack\resources\api-utils\lib\timer.js, In Quarantäne, [28f4de7498e38ea8a9f1c7b5ea188080],
PUP.Optional.RRSavings.A, C:\Users\joern\AppData\Roaming\Mozilla\Firefox\Profiles\f2475axk.default\extensions\RrSavings@jetpack\resources\api-utils\lib\traceback.js, In Quarantäne, [28f4de7498e38ea8a9f1c7b5ea188080],
PUP.Optional.RRSavings.A, C:\Users\joern\AppData\Roaming\Mozilla\Firefox\Profiles\f2475axk.default\extensions\RrSavings@jetpack\resources\api-utils\lib\traits.js, In Quarantäne, [28f4de7498e38ea8a9f1c7b5ea188080],
PUP.Optional.RRSavings.A, C:\Users\joern\AppData\Roaming\Mozilla\Firefox\Profiles\f2475axk.default\extensions\RrSavings@jetpack\resources\api-utils\lib\unload.js, In Quarantäne, [28f4de7498e38ea8a9f1c7b5ea188080],
PUP.Optional.RRSavings.A, C:\Users\joern\AppData\Roaming\Mozilla\Firefox\Profiles\f2475axk.default\extensions\RrSavings@jetpack\resources\api-utils\lib\url.js, In Quarantäne, [28f4de7498e38ea8a9f1c7b5ea188080],
PUP.Optional.RRSavings.A, C:\Users\joern\AppData\Roaming\Mozilla\Firefox\Profiles\f2475axk.default\extensions\RrSavings@jetpack\resources\api-utils\lib\uuid.js, In Quarantäne, [28f4de7498e38ea8a9f1c7b5ea188080],
PUP.Optional.RRSavings.A, C:\Users\joern\AppData\Roaming\Mozilla\Firefox\Profiles\f2475axk.default\extensions\RrSavings@jetpack\resources\api-utils\lib\window-utils.js, In Quarantäne, [28f4de7498e38ea8a9f1c7b5ea188080],
PUP.Optional.RRSavings.A, C:\Users\joern\AppData\Roaming\Mozilla\Firefox\Profiles\f2475axk.default\extensions\RrSavings@jetpack\resources\api-utils\lib\xhr.js, In Quarantäne, [28f4de7498e38ea8a9f1c7b5ea188080],
PUP.Optional.RRSavings.A, C:\Users\joern\AppData\Roaming\Mozilla\Firefox\Profiles\f2475axk.default\extensions\RrSavings@jetpack\resources\api-utils\lib\xpcom.js, In Quarantäne, [28f4de7498e38ea8a9f1c7b5ea188080],
PUP.Optional.RRSavings.A, C:\Users\joern\AppData\Roaming\Mozilla\Firefox\Profiles\f2475axk.default\extensions\RrSavings@jetpack\resources\api-utils\lib\xul-app.js, In Quarantäne, [28f4de7498e38ea8a9f1c7b5ea188080],
PUP.Optional.RRSavings.A, C:\Users\joern\AppData\Roaming\Mozilla\Firefox\Profiles\f2475axk.default\extensions\RrSavings@jetpack\resources\api-utils\lib\event\core.js, In Quarantäne, [28f4de7498e38ea8a9f1c7b5ea188080],
PUP.Optional.RRSavings.A, C:\Users\joern\AppData\Roaming\Mozilla\Firefox\Profiles\f2475axk.default\extensions\RrSavings@jetpack\resources\api-utils\lib\event\target.js, In Quarantäne, [28f4de7498e38ea8a9f1c7b5ea188080],
PUP.Optional.RRSavings.A, C:\Users\joern\AppData\Roaming\Mozilla\Firefox\Profiles\f2475axk.default\extensions\RrSavings@jetpack\resources\api-utils\lib\addon\runner.js, In Quarantäne, [28f4de7498e38ea8a9f1c7b5ea188080],
PUP.Optional.RRSavings.A, C:\Users\joern\AppData\Roaming\Mozilla\Firefox\Profiles\f2475axk.default\extensions\RrSavings@jetpack\resources\api-utils\lib\content\content-proxy.js, In Quarantäne, [28f4de7498e38ea8a9f1c7b5ea188080],
PUP.Optional.RRSavings.A, C:\Users\joern\AppData\Roaming\Mozilla\Firefox\Profiles\f2475axk.default\extensions\RrSavings@jetpack\resources\api-utils\lib\content\content-worker.js, In Quarantäne, [28f4de7498e38ea8a9f1c7b5ea188080],
PUP.Optional.RRSavings.A, C:\Users\joern\AppData\Roaming\Mozilla\Firefox\Profiles\f2475axk.default\extensions\RrSavings@jetpack\resources\api-utils\lib\content\loader.js, In Quarantäne, [28f4de7498e38ea8a9f1c7b5ea188080],
PUP.Optional.RRSavings.A, C:\Users\joern\AppData\Roaming\Mozilla\Firefox\Profiles\f2475axk.default\extensions\RrSavings@jetpack\resources\api-utils\lib\content\symbiont.js, In Quarantäne, [28f4de7498e38ea8a9f1c7b5ea188080],
PUP.Optional.RRSavings.A, C:\Users\joern\AppData\Roaming\Mozilla\Firefox\Profiles\f2475axk.default\extensions\RrSavings@jetpack\resources\api-utils\lib\content\worker.js, In Quarantäne, [28f4de7498e38ea8a9f1c7b5ea188080],
PUP.Optional.RRSavings.A, C:\Users\joern\AppData\Roaming\Mozilla\Firefox\Profiles\f2475axk.default\extensions\RrSavings@jetpack\resources\api-utils\lib\dom\events.js, In Quarantäne, [28f4de7498e38ea8a9f1c7b5ea188080],
PUP.Optional.RRSavings.A, C:\Users\joern\AppData\Roaming\Mozilla\Firefox\Profiles\f2475axk.default\extensions\RrSavings@jetpack\resources\api-utils\lib\events\assembler.js, In Quarantäne, [28f4de7498e38ea8a9f1c7b5ea188080],
PUP.Optional.RRSavings.A, C:\Users\joern\AppData\Roaming\Mozilla\Firefox\Profiles\f2475axk.default\extensions\RrSavings@jetpack\resources\api-utils\lib\l10n\core.js, In Quarantäne, [28f4de7498e38ea8a9f1c7b5ea188080],
PUP.Optional.RRSavings.A, C:\Users\joern\AppData\Roaming\Mozilla\Firefox\Profiles\f2475axk.default\extensions\RrSavings@jetpack\resources\api-utils\lib\l10n\html.js, In Quarantäne, [28f4de7498e38ea8a9f1c7b5ea188080],
PUP.Optional.RRSavings.A, C:\Users\joern\AppData\Roaming\Mozilla\Firefox\Profiles\f2475axk.default\extensions\RrSavings@jetpack\resources\api-utils\lib\l10n\loader.js, In Quarantäne, [28f4de7498e38ea8a9f1c7b5ea188080],
PUP.Optional.RRSavings.A, C:\Users\joern\AppData\Roaming\Mozilla\Firefox\Profiles\f2475axk.default\extensions\RrSavings@jetpack\resources\api-utils\lib\l10n\locale.js, In Quarantäne, [28f4de7498e38ea8a9f1c7b5ea188080],
PUP.Optional.RRSavings.A, C:\Users\joern\AppData\Roaming\Mozilla\Firefox\Profiles\f2475axk.default\extensions\RrSavings@jetpack\resources\api-utils\lib\l10n\prefs.js, In Quarantäne, [28f4de7498e38ea8a9f1c7b5ea188080],
PUP.Optional.RRSavings.A, C:\Users\joern\AppData\Roaming\Mozilla\Firefox\Profiles\f2475axk.default\extensions\RrSavings@jetpack\resources\api-utils\lib\private-browsing\utils.js, In Quarantäne, [28f4de7498e38ea8a9f1c7b5ea188080],
PUP.Optional.RRSavings.A, C:\Users\joern\AppData\Roaming\Mozilla\Firefox\Profiles\f2475axk.default\extensions\RrSavings@jetpack\resources\api-utils\lib\system\events.js, In Quarantäne, [28f4de7498e38ea8a9f1c7b5ea188080],
PUP.Optional.RRSavings.A, C:\Users\joern\AppData\Roaming\Mozilla\Firefox\Profiles\f2475axk.default\extensions\RrSavings@jetpack\resources\api-utils\lib\tabs\events.js, In Quarantäne, [28f4de7498e38ea8a9f1c7b5ea188080],
PUP.Optional.RRSavings.A, C:\Users\joern\AppData\Roaming\Mozilla\Firefox\Profiles\f2475axk.default\extensions\RrSavings@jetpack\resources\api-utils\lib\tabs\observer.js, In Quarantäne, [28f4de7498e38ea8a9f1c7b5ea188080],
PUP.Optional.RRSavings.A, C:\Users\joern\AppData\Roaming\Mozilla\Firefox\Profiles\f2475axk.default\extensions\RrSavings@jetpack\resources\api-utils\lib\tabs\tab.js, In Quarantäne, [28f4de7498e38ea8a9f1c7b5ea188080],
PUP.Optional.RRSavings.A, C:\Users\joern\AppData\Roaming\Mozilla\Firefox\Profiles\f2475axk.default\extensions\RrSavings@jetpack\resources\api-utils\lib\tabs\utils.js, In Quarantäne, [28f4de7498e38ea8a9f1c7b5ea188080],
PUP.Optional.RRSavings.A, C:\Users\joern\AppData\Roaming\Mozilla\Firefox\Profiles\f2475axk.default\extensions\RrSavings@jetpack\resources\api-utils\lib\traits\core.js, In Quarantäne, [28f4de7498e38ea8a9f1c7b5ea188080],
PUP.Optional.RRSavings.A, C:\Users\joern\AppData\Roaming\Mozilla\Firefox\Profiles\f2475axk.default\extensions\RrSavings@jetpack\resources\api-utils\lib\utils\data.js, In Quarantäne, [28f4de7498e38ea8a9f1c7b5ea188080],
PUP.Optional.RRSavings.A, C:\Users\joern\AppData\Roaming\Mozilla\Firefox\Profiles\f2475axk.default\extensions\RrSavings@jetpack\resources\api-utils\lib\utils\object.js, In Quarantäne, [28f4de7498e38ea8a9f1c7b5ea188080],
PUP.Optional.RRSavings.A, C:\Users\joern\AppData\Roaming\Mozilla\Firefox\Profiles\f2475axk.default\extensions\RrSavings@jetpack\resources\api-utils\lib\utils\registry.js, In Quarantäne, [28f4de7498e38ea8a9f1c7b5ea188080],
PUP.Optional.RRSavings.A, C:\Users\joern\AppData\Roaming\Mozilla\Firefox\Profiles\f2475axk.default\extensions\RrSavings@jetpack\resources\api-utils\lib\utils\thumbnail.js, In Quarantäne, [28f4de7498e38ea8a9f1c7b5ea188080],
PUP.Optional.RRSavings.A, C:\Users\joern\AppData\Roaming\Mozilla\Firefox\Profiles\f2475axk.default\extensions\RrSavings@jetpack\resources\api-utils\lib\window\utils.js, In Quarantäne, [28f4de7498e38ea8a9f1c7b5ea188080],
PUP.Optional.RRSavings.A, C:\Users\joern\AppData\Roaming\Mozilla\Firefox\Profiles\f2475axk.default\extensions\RrSavings@jetpack\resources\api-utils\lib\windows\dom.js, In Quarantäne, [28f4de7498e38ea8a9f1c7b5ea188080],
PUP.Optional.RRSavings.A, C:\Users\joern\AppData\Roaming\Mozilla\Firefox\Profiles\f2475axk.default\extensions\RrSavings@jetpack\resources\api-utils\lib\windows\loader.js, In Quarantäne, [28f4de7498e38ea8a9f1c7b5ea188080],
PUP.Optional.RRSavings.A, C:\Users\joern\AppData\Roaming\Mozilla\Firefox\Profiles\f2475axk.default\extensions\RrSavings@jetpack\resources\api-utils\lib\windows\observer.js, In Quarantäne, [28f4de7498e38ea8a9f1c7b5ea188080],
PUP.Optional.RRSavings.A, C:\Users\joern\AppData\Roaming\Mozilla\Firefox\Profiles\f2475axk.default\extensions\RrSavings@jetpack\resources\api-utils\lib\windows\tabs.js, In Quarantäne, [28f4de7498e38ea8a9f1c7b5ea188080],
PUP.Optional.RRSavings.A, C:\Users\joern\AppData\Roaming\Mozilla\Firefox\Profiles\f2475axk.default\extensions\RrSavings@jetpack\resources\RrSavings\data\icon64.png, In Quarantäne, [28f4de7498e38ea8a9f1c7b5ea188080],
PUP.Optional.RRSavings.A, C:\Users\joern\AppData\Roaming\Mozilla\Firefox\Profiles\f2475axk.default\extensions\RrSavings@jetpack\resources\RrSavings\lib\main.js, In Quarantäne, [28f4de7498e38ea8a9f1c7b5ea188080],
PUP.Optional.Conduit.A, C:\Users\joern\AppData\Roaming\Mozilla\Firefox\Profiles\f2475axk.default\prefs.js, Gut: (), Schlecht: (user_pref("browser.startup.homepage", "hxxp://search.conduit.com/?gd=&ctid=CT3322196&octid=EB_ORIGINAL_CTID&ISID=M450BE6AF-FF72-41A4-BDA4-24FE07A633F3&SearchSource=55&CUI=&UM=5&UP=SPFACFADE7-2D05-4DF6-B089-493582693CDC&SSPV=");), Ersetzt,[51cbd0826219181e00d9f186e51fef11]

Physische Sektoren: 0
(No malicious items detected)


(end)
aktuelles FRT
Ein Addition von FRT wurde nicht erzeugt.
Ein Attention ist im Log:
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION


FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-05-2014
Ran by joern (ATTENTION: The logged in user is not administrator) on JOERN-PC on 17-05-2014 13:11:30
Running from C:\Users\joern\Desktop
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(hxxp://tortoisesvn.net) C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(TomTom) C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe
(Hauppauge Computer Works) D:\Programme\WinTV\Ir.exe
(Hauppauge Computer Works, Inc.) D:\Programme\WinTV\WinTV7\WinTVTray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(FNet Co., Ltd.) C:\Program Files (x86)\XFastUSB\XFastUsb.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(shbox.de) C:\Program Files (x86)\FreePDF_XP\fpassist.exe
(Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13307496 2011-10-17] (Realtek Semiconductor)
HKLM\...\Run: [THXCfg64] => C:\Windows\system32\THXCfg64.dll [26624 2011-05-13] (Creative Technology Ltd.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-11-29] (Intel Corporation)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [133400 2012-02-07] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-01-26] (Intel Corporation)
HKLM-x32\...\Run: [XFastUSB] => C:\Program Files (x86)\XFastUSB\XFastUsb.exe [5019360 2013-01-12] (FNet Co., Ltd.)
HKLM-x32\...\Run: [THX TruStudio NB Settings] => C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe [909824 2011-05-19] (Creative Technology Ltd)
HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-22] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [946352 2012-12-18] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [FreePDF Assistant] => C:\Program Files (x86)\FreePDF_XP\fpassist.exe [373760 2013-03-14] (shbox.de)
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-13] (Logitech Inc.)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [189480 2014-02-06] (Geek Software GmbH)
HKLM\...\RunOnce: [*WerKernelReporting] - %SYSTEMROOT%\SYSTEM32\WerFault.exe -k -rq [415232 2009-07-14] (Microsoft Corporation)
HKLM-x32\...\Runonce: [SpUninstallCleanUp] - REG delete HKEY_LOCAL_MACHINE\Software\SearchProtect /f [X]
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1196304418-2561846535-3657677396-1000\...\Run: [ASRockXTU] => [X]
HKU\S-1-5-21-1196304418-2561846535-3657677396-1000\...\Run: [MyTomTomSA.exe] => C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe [458680 2013-08-01] (TomTom)
HKU\S-1-5-21-1196304418-2561846535-3657677396-1000\...\MountPoints2: G - "G:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-21-1196304418-2561846535-3657677396-1000\...\MountPoints2: {1eafcd0e-5c46-11e2-8641-bc5ff43d783c} - "G:\WD SmartWare.exe" autoplay=true
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AutoStart IR.lnk
ShortcutTarget: AutoStart IR.lnk -> D:\Programme\WinTV\Ir.exe (Hauppauge Computer Works)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinTV Recording Status.lnk
ShortcutTarget: WinTV Recording Status.lnk -> D:\Programme\WinTV\WinTV7\WinTVTray.exe (Hauppauge Computer Works, Inc.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

ProxyEnable: Internet Explorer proxy is enabled.
ProxyServer: http=127.0.0.1:13828
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com/?gd=&ctid=CT3322196&octid=EB_ORIGINAL_CTID&ISID=M450BE6AF-FF72-41A4-BDA4-24FE07A633F3&SearchSource=55&CUI=&UM=5&UP=SPFACFADE7-2D05-4DF6-B089-493582693CDC&SSPV=
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.dell.com
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\joern\AppData\Roaming\Mozilla\Firefox\Profiles\f2475axk.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.5 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-22] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-22] (Avira Operations GmbH & Co. KG)
R2 HauppaugeTVServer; D:\Programme\WinTV\TVServer\HauppaugeTVServer.exe [577536 2013-01-25] (Hauppauge Computer Works)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128280 2012-02-07] ()
R2 ISCTAgent; C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [133632 2012-02-09] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-02-07] (Intel Corporation)
R2 KjsUpdateService2; C:\Program Files (x86)\Common Files\AppLifeUpdateService2\kjsausvc.exe [12800 2011-08-02] (Kinetic Jump Software, LLC)
R2 lmhosts; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation)
R2 NlaSvc; C:\Windows\System32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 nsi; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

R0 asahci64; C:\Windows\System32\DRIVERS\asahci64.sys [49760 2011-09-21] (Asmedia Technology)
R0 AsrRamDisk; C:\Windows\System32\DRIVERS\AsrRamDisk.sys [31016 2012-01-13] (ASRock Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-25] (Avira Operations GmbH & Co. KG)
R3 FNETTBOH_305; C:\Windows\System32\drivers\FNETTBOH_305.SYS [32320 2014-04-10] (FNet Co., Ltd.)
R1 FNETURPX; C:\Windows\System32\drivers\FNETURPX.SYS [15936 2013-01-12] (FNet Co., Ltd.)
R3 ikbevent; C:\Windows\System32\DRIVERS\ikbevent.sys [25536 2012-02-09] ()
R3 imsevent; C:\Windows\System32\DRIVERS\imsevent.sys [25536 2012-02-09] ()
R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [44992 2012-02-09] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-04-03] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63192 2014-04-03] (Malwarebytes Corporation)
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [59904 2009-07-14] (Microsoft Corporation)
R3 WPRO_41_2001; C:\Windows\System32\drivers\WPRO_41_2001.sys [34752 2014-05-17] ()

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-17 13:11 - 2014-05-17 13:11 - 00012071 _____ () C:\Users\joern\Desktop\FRST.txt
2014-05-17 01:53 - 2014-05-17 01:53 - 00001146 _____ () C:\Users\joern\Desktop\mbam.txt
2014-05-17 01:35 - 2014-05-17 01:35 - 00000000 ____D () C:\Windows\ERUNT
2014-05-17 01:32 - 2014-05-17 01:32 - 01016261 _____ (Thisisu) C:\Users\joern\Desktop\JRT.exe
2014-05-16 19:59 - 2014-05-17 01:34 - 00000000 ____D () C:\AdwCleaner
2014-05-16 19:58 - 2014-05-16 19:58 - 01325827 _____ () C:\Users\joern\Desktop\adwcleaner_3.208.exe
2014-05-16 19:56 - 2014-05-16 19:56 - 00004830 _____ () C:\Users\joern\Desktop\malware.txt
2014-05-16 19:33 - 2014-05-16 19:33 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-16 19:32 - 2014-05-16 19:32 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-16 19:32 - 2014-05-16 19:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-16 19:32 - 2014-05-16 19:32 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-16 19:32 - 2014-05-16 19:32 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-16 19:32 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-16 19:32 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-16 19:32 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-16 19:31 - 2014-05-16 19:31 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\joern\Downloads\mbam-setup-2.0.1.1004.exe
2014-05-15 19:54 - 2014-05-15 19:54 - 00026672 _____ () C:\ComboFix.txt
2014-05-15 19:44 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-05-15 19:44 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-05-15 19:44 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-05-15 19:44 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-05-15 19:44 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-05-15 19:44 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-05-15 19:44 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-05-15 19:44 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-05-15 19:43 - 2014-05-15 19:54 - 00000000 ____D () C:\Qoobox
2014-05-15 19:43 - 2014-05-15 19:42 - 05200050 ____R (Swearware) C:\Users\joern\Desktop\ComboFix.exe
2014-05-15 19:42 - 2014-05-15 19:53 - 00000000 ____D () C:\Windows\erdnt
2014-05-15 19:41 - 2014-05-15 19:42 - 05200050 ____R (Swearware) C:\Users\joern\Downloads\ComboFix.exe
2014-05-15 19:35 - 2014-05-15 19:35 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-05-15 19:32 - 2014-05-15 19:32 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\joern\Downloads\revosetup95.exe
2014-05-14 18:53 - 2014-05-17 13:11 - 00000000 ____D () C:\FRST
2014-05-14 18:52 - 2014-05-14 18:52 - 02066944 _____ (Farbar) C:\Users\joern\Desktop\FRST64.exe
2014-05-14 18:50 - 2014-05-14 18:50 - 00000000 ____D () C:\Users\joern\AppData\Roaming\DropboxMaster
2014-05-13 20:48 - 2014-05-13 20:48 - 00283144 _____ (Mozilla) C:\Users\joern\Downloads\Firefox Setup Stub 29.0.1.exe
2014-05-08 21:15 - 2014-05-17 11:04 - 00094656 _____ (CACE Technologies) C:\Windows\system32\WPRO_41_2001woem.tmp

==================== One Month Modified Files and Folders =======

2014-05-17 13:11 - 2014-05-17 13:11 - 00012071 _____ () C:\Users\joern\Desktop\FRST.txt
2014-05-17 13:11 - 2014-05-14 18:53 - 00000000 ____D () C:\FRST
2014-05-17 13:03 - 2013-01-09 07:02 - 00696132 _____ () C:\Windows\system32\perfh007.dat
2014-05-17 13:03 - 2013-01-09 07:02 - 00147428 _____ () C:\Windows\system32\perfc007.dat
2014-05-17 13:03 - 2009-07-14 07:13 - 01611160 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-17 13:01 - 2014-04-09 21:26 - 00000402 _____ () C:\Windows\Tasks\best-markit_wd.job
2014-05-17 13:01 - 2014-04-09 21:26 - 00000400 _____ () C:\Windows\Tasks\best-markit Update.job
2014-05-17 13:01 - 2013-01-12 00:12 - 00000828 _____ () C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
2014-05-17 13:01 - 2013-01-08 22:10 - 01499993 _____ () C:\Windows\WindowsUpdate.log
2014-05-17 13:00 - 2013-09-09 21:14 - 00000000 ____D () C:\Users\joern\AppData\Local\FreePDF_XP
2014-05-17 13:00 - 2013-02-23 01:02 - 00000000 ____D () C:\Users\joern\AppData\Local\TSVNCache
2014-05-17 12:51 - 2014-02-06 12:30 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-17 11:12 - 2009-07-14 06:45 - 00026720 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-17 11:12 - 2009-07-14 06:45 - 00026720 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-17 11:04 - 2014-05-08 21:15 - 00094656 _____ (CACE Technologies) C:\Windows\system32\WPRO_41_2001woem.tmp
2014-05-17 11:04 - 2013-01-12 00:17 - 00034752 _____ () C:\Windows\system32\Drivers\WPRO_41_2001.sys
2014-05-17 11:04 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-17 11:04 - 2009-07-14 06:51 - 00062715 _____ () C:\Windows\setupact.log
2014-05-17 11:03 - 2010-11-21 05:47 - 00229064 _____ () C:\Windows\PFRO.log
2014-05-17 01:53 - 2014-05-17 01:53 - 00001146 _____ () C:\Users\joern\Desktop\mbam.txt
2014-05-17 01:35 - 2014-05-17 01:35 - 00000000 ____D () C:\Windows\ERUNT
2014-05-17 01:34 - 2014-05-16 19:59 - 00000000 ____D () C:\AdwCleaner
2014-05-17 01:32 - 2014-05-17 01:32 - 01016261 _____ (Thisisu) C:\Users\joern\Desktop\JRT.exe
2014-05-16 19:58 - 2014-05-16 19:58 - 01325827 _____ () C:\Users\joern\Desktop\adwcleaner_3.208.exe
2014-05-16 19:56 - 2014-05-16 19:56 - 00004830 _____ () C:\Users\joern\Desktop\malware.txt
2014-05-16 19:56 - 2014-04-09 21:26 - 00000000 ____D () C:\Program Files (x86)\best-markit Corp
2014-05-16 19:33 - 2014-05-16 19:33 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-16 19:32 - 2014-05-16 19:32 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-16 19:32 - 2014-05-16 19:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-16 19:32 - 2014-05-16 19:32 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-16 19:32 - 2014-05-16 19:32 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-16 19:31 - 2014-05-16 19:31 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\joern\Downloads\mbam-setup-2.0.1.1004.exe
2014-05-15 20:03 - 2013-02-23 01:10 - 00000000 ___RD () C:\Users\joern\Dropbox
2014-05-15 19:54 - 2014-05-15 19:54 - 00026672 _____ () C:\ComboFix.txt
2014-05-15 19:54 - 2014-05-15 19:43 - 00000000 ____D () C:\Qoobox
2014-05-15 19:53 - 2014-05-15 19:42 - 00000000 ____D () C:\Windows\erdnt
2014-05-15 19:53 - 2013-01-08 22:10 - 00000000 ___RD () C:\Users\joern\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-15 19:53 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-05-15 19:42 - 2014-05-15 19:43 - 05200050 ____R (Swearware) C:\Users\joern\Desktop\ComboFix.exe
2014-05-15 19:42 - 2014-05-15 19:41 - 05200050 ____R (Swearware) C:\Users\joern\Downloads\ComboFix.exe
2014-05-15 19:35 - 2014-05-15 19:35 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-05-15 19:32 - 2014-05-15 19:32 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\joern\Downloads\revosetup95.exe
2014-05-15 19:29 - 2013-02-23 01:05 - 00000000 ____D () C:\Users\joern\AppData\Roaming\Dropbox
2014-05-14 18:52 - 2014-05-14 18:52 - 02066944 _____ (Farbar) C:\Users\joern\Desktop\FRST64.exe
2014-05-14 18:50 - 2014-05-14 18:50 - 00000000 ____D () C:\Users\joern\AppData\Roaming\DropboxMaster
2014-05-14 18:50 - 2013-02-23 01:10 - 00000979 _____ () C:\Users\joern\Desktop\Dropbox.lnk
2014-05-14 18:50 - 2013-02-23 01:07 - 00000000 ____D () C:\Users\joern\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-05-14 18:48 - 2014-03-30 10:20 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-14 18:48 - 2013-01-12 00:47 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-05-13 21:51 - 2013-01-12 00:48 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-13 21:51 - 2013-01-12 00:48 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-13 20:50 - 2013-01-12 00:47 - 00001163 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-05-13 20:50 - 2013-01-12 00:47 - 00001151 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-05-13 20:48 - 2014-05-13 20:48 - 00283144 _____ (Mozilla) C:\Users\joern\Downloads\Firefox Setup Stub 29.0.1.exe
2014-05-13 08:42 - 2009-07-14 07:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-05-07 22:44 - 2013-02-03 16:43 - 00000000 ____D () C:\Users\joern\AppData\Roaming\Skype

Some content of TEMP:
====================
C:\Users\joern\AppData\Local\Temp\avgnt.exe
C:\Users\joern\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpnjoyvp.dll


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================
--- --- ---

--- --- ---

schrauber 18.05.2014 11:09
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
ProxyEnable: Internet Explorer proxy is enabled.
ProxyServer: http=127.0.0.1:13828
HKLM-x32\...\Runonce: [SpUninstallCleanUp] - REG delete HKEY_LOCAL_MACHINE\Software\SearchProtect /f [X]

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.





ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)

BuckWheat 18.05.2014 19:20
Hi Schrauber,

die Probs sind nicht mehr da. Sieht soweit gut aus.
Vielen Dank!


Hier die Logs:
Code:
ix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 14-05-2014
Ran by joern at 2014-05-18 16:03:41 Run:2
Running from C:\Users\joern\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
ProxyEnable: Internet Explorer proxy is enabled.
ProxyServer: http=127.0.0.1:13828
HKLM-x32\...\Runonce: [SpUninstallCleanUp] - REG delete HKEY_LOCAL_MACHINE\Software\SearchProtect /f [X]


*****************


"C:\Windows\system32\GroupPolicy\Machine" directory move:

Could not move "C:\Windows\system32\GroupPolicy\Machine\Registry.pol" => Scheduled to move on reboot.
Could not move "C:\Windows\system32\GroupPolicy\Machine" directory. => Scheduled to move on reboot.

Could not move "C:\Windows\system32\GroupPolicy\GPT.ini" => Scheduled to move on reboot.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\\SpUninstallCleanUp => Unable to delete value

"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce"

Listing permissions failed. Access Denied.
Eset:
Code:
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=12
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=fc6bd7b6afc5db40bb66bc20554c773a
# engine=18312
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-05-18 04:12:59
# local_time=2014-05-18 06:12:59 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 96 111822 265852869 104591 0
# compatibility_mode=5893 16776573 100 94 102736 152059429 0 0
# scanned=141935
# found=1
# cleaned=0
# scan_time=1942
sh=7CC6AFD5678A02BBC2E0FA0D2757B7B9A960A844 ft=1 fh=d1658d117b479bd8 vn="Win32/StartPage.OPH Trojaner" ac=I fn="D:\Downloads\Programme\vlc-2.0.5-win64.exe"
SecCheck
Code:
Results of screen317's Security Check version 0.99.82 
 Windows 7 Service Pack 1 x64 (UAC is enabled) 
 Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````
Avira Desktop 
 Antivirus up to date! 
`````````Anti-malware/Other Utilities Check:`````````
 Adobe Flash Player 13.0.0.214 
 Adobe Reader XI 
 Mozilla Firefox (29.0.1)
 Mozilla Thunderbird (17.0.3)
````````Process Check: objlist.exe by Laurent```````` 
 Malwarebytes Anti-Malware mbamservice.exe 
 Malwarebytes Anti-Malware mbam.exe 
 Avira Antivir avgnt.exe
 Avira Antivir avguard.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 
````````````````````End of Log``````````````````````
Frisches FRT:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-05-2014
Ran by joern (ATTENTION: The logged in user is not administrator) on JOERN-PC on 18-05-2014 20:19:14
Running from C:\Users\joern\Desktop
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(hxxp://tortoisesvn.net) C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(TomTom) C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe
(Hauppauge Computer Works) D:\Programme\WinTV\Ir.exe
(Hauppauge Computer Works, Inc.) D:\Programme\WinTV\WinTV7\WinTVTray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(shbox.de) C:\Program Files (x86)\FreePDF_XP\fpassist.exe
(Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
(Ghisler Software GmbH) D:\Tools\totalcmd\TOTALCMD64.EXE
(Microsoft Corporation) C:\Windows\System32\prevhost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13307496 2011-10-17] (Realtek Semiconductor)
HKLM\...\Run: [THXCfg64] => C:\Windows\system32\THXCfg64.dll [26624 2011-05-13] (Creative Technology Ltd.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-11-29] (Intel Corporation)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [133400 2012-02-07] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-01-26] (Intel Corporation)
HKLM-x32\...\Run: [XFastUSB] => C:\Program Files (x86)\XFastUSB\XFastUsb.exe [5019360 2013-01-12] (FNet Co., Ltd.)
HKLM-x32\...\Run: [THX TruStudio NB Settings] => C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe [909824 2011-05-19] (Creative Technology Ltd)
HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-22] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [946352 2012-12-18] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [FreePDF Assistant] => C:\Program Files (x86)\FreePDF_XP\fpassist.exe [373760 2013-03-14] (shbox.de)
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-13] (Logitech Inc.)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [189480 2014-02-06] (Geek Software GmbH)
HKLM\...\RunOnce: [*WerKernelReporting] - %SYSTEMROOT%\SYSTEM32\WerFault.exe -k -rq [415232 2009-07-14] (Microsoft Corporation)
HKLM-x32\...\Runonce: [SpUninstallCleanUp] - REG delete HKEY_LOCAL_MACHINE\Software\SearchProtect /f [X]
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1196304418-2561846535-3657677396-1000\...\Run: [ASRockXTU] => [X]
HKU\S-1-5-21-1196304418-2561846535-3657677396-1000\...\Run: [MyTomTomSA.exe] => C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe [458680 2013-08-01] (TomTom)
HKU\S-1-5-21-1196304418-2561846535-3657677396-1000\...\MountPoints2: G - "G:\WD SmartWare.exe" autoplay=true
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AutoStart IR.lnk
ShortcutTarget: AutoStart IR.lnk -> D:\Programme\WinTV\Ir.exe (Hauppauge Computer Works)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinTV Recording Status.lnk
ShortcutTarget: WinTV Recording Status.lnk -> D:\Programme\WinTV\WinTV7\WinTVTray.exe (Hauppauge Computer Works, Inc.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com/?gd=&ctid=CT3322196&octid=EB_ORIGINAL_CTID&ISID=M450BE6AF-FF72-41A4-BDA4-24FE07A633F3&SearchSource=55&CUI=&UM=5&UP=SPFACFADE7-2D05-4DF6-B089-493582693CDC&SSPV=
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.dell.com
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\joern\AppData\Roaming\Mozilla\Firefox\Profiles\f2475axk.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.5 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-22] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-22] (Avira Operations GmbH & Co. KG)
R2 HauppaugeTVServer; D:\Programme\WinTV\TVServer\HauppaugeTVServer.exe [577536 2013-01-25] (Hauppauge Computer Works)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128280 2012-02-07] ()
R2 ISCTAgent; C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [133632 2012-02-09] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-02-07] (Intel Corporation)
R2 KjsUpdateService2; C:\Program Files (x86)\Common Files\AppLifeUpdateService2\kjsausvc.exe [12800 2011-08-02] (Kinetic Jump Software, LLC)
R2 lmhosts; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation)
R2 NlaSvc; C:\Windows\System32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 nsi; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

R0 asahci64; C:\Windows\System32\DRIVERS\asahci64.sys [49760 2011-09-21] (Asmedia Technology)
R0 AsrRamDisk; C:\Windows\System32\DRIVERS\AsrRamDisk.sys [31016 2012-01-13] (ASRock Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-25] (Avira Operations GmbH & Co. KG)
R3 FNETTBOH_305; C:\Windows\System32\drivers\FNETTBOH_305.SYS [32320 2014-05-18] (FNet Co., Ltd.)
R1 FNETURPX; C:\Windows\System32\drivers\FNETURPX.SYS [15936 2013-01-12] (FNet Co., Ltd.)
R3 ikbevent; C:\Windows\System32\DRIVERS\ikbevent.sys [25536 2012-02-09] ()
R3 imsevent; C:\Windows\System32\DRIVERS\imsevent.sys [25536 2012-02-09] ()
R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [44992 2012-02-09] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-04-03] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63192 2014-04-03] (Malwarebytes Corporation)
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [59904 2009-07-14] (Microsoft Corporation)
R3 WPRO_41_2001; C:\Windows\System32\drivers\WPRO_41_2001.sys [34752 2014-05-18] ()

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-18 20:19 - 2014-05-18 20:19 - 00000000 ____D () C:\Users\joern\Desktop\FRST-OlderVersion
2014-05-18 20:10 - 2014-05-18 20:10 - 00000819 _____ () C:\Users\joern\Desktop\checkup.txt
2014-05-18 18:34 - 2014-05-18 18:34 - 00855379 _____ () C:\Users\joern\Desktop\SecurityCheck.exe
2014-05-18 16:43 - 2014-05-18 16:49 - 02347384 _____ (ESET) C:\Users\joern\Desktop\esetsmartinstaller_deu.exe
2014-05-18 16:05 - 2014-05-18 16:05 - 00094656 _____ (CACE Technologies) C:\Windows\system32\WPRO_41_2001woem.tmp
2014-05-17 13:11 - 2014-05-18 20:19 - 00011892 _____ () C:\Users\joern\Desktop\FRST.txt
2014-05-17 01:53 - 2014-05-17 01:53 - 00001146 _____ () C:\Users\joern\Desktop\mbam.txt
2014-05-17 01:35 - 2014-05-17 01:35 - 00000000 ____D () C:\Windows\ERUNT
2014-05-17 01:32 - 2014-05-17 01:32 - 01016261 _____ (Thisisu) C:\Users\joern\Desktop\JRT.exe
2014-05-16 19:59 - 2014-05-17 01:34 - 00000000 ____D () C:\AdwCleaner
2014-05-16 19:58 - 2014-05-16 19:58 - 01325827 _____ () C:\Users\joern\Desktop\adwcleaner_3.208.exe
2014-05-16 19:56 - 2014-05-16 19:56 - 00004830 _____ () C:\Users\joern\Desktop\malware.txt
2014-05-16 19:33 - 2014-05-16 19:33 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-16 19:32 - 2014-05-16 19:32 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-16 19:32 - 2014-05-16 19:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-16 19:32 - 2014-05-16 19:32 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-16 19:32 - 2014-05-16 19:32 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-16 19:32 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-16 19:32 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-16 19:32 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-16 19:31 - 2014-05-16 19:31 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\joern\Downloads\mbam-setup-2.0.1.1004.exe
2014-05-15 19:54 - 2014-05-15 19:54 - 00026672 _____ () C:\ComboFix.txt
2014-05-15 19:44 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-05-15 19:44 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-05-15 19:44 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-05-15 19:44 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-05-15 19:44 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-05-15 19:44 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-05-15 19:44 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-05-15 19:44 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-05-15 19:43 - 2014-05-15 19:54 - 00000000 ____D () C:\Qoobox
2014-05-15 19:43 - 2014-05-15 19:42 - 05200050 ____R (Swearware) C:\Users\joern\Desktop\ComboFix.exe
2014-05-15 19:42 - 2014-05-15 19:53 - 00000000 ____D () C:\Windows\erdnt
2014-05-15 19:41 - 2014-05-15 19:42 - 05200050 ____R (Swearware) C:\Users\joern\Downloads\ComboFix.exe
2014-05-15 19:35 - 2014-05-15 19:35 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-05-15 19:32 - 2014-05-15 19:32 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\joern\Downloads\revosetup95.exe
2014-05-14 18:53 - 2014-05-18 20:19 - 00000000 ____D () C:\FRST
2014-05-14 18:52 - 2014-05-18 20:19 - 02067456 _____ (Farbar) C:\Users\joern\Desktop\FRST64.exe
2014-05-14 18:50 - 2014-05-14 18:50 - 00000000 ____D () C:\Users\joern\AppData\Roaming\DropboxMaster
2014-05-13 20:48 - 2014-05-13 20:48 - 00283144 _____ (Mozilla) C:\Users\joern\Downloads\Firefox Setup Stub 29.0.1.exe

==================== One Month Modified Files and Folders =======

2014-05-18 20:19 - 2014-05-18 20:19 - 00000000 ____D () C:\Users\joern\Desktop\FRST-OlderVersion
2014-05-18 20:19 - 2014-05-17 13:11 - 00011892 _____ () C:\Users\joern\Desktop\FRST.txt
2014-05-18 20:19 - 2014-05-14 18:53 - 00000000 ____D () C:\FRST
2014-05-18 20:19 - 2014-05-14 18:52 - 02067456 _____ (Farbar) C:\Users\joern\Desktop\FRST64.exe
2014-05-18 20:10 - 2014-05-18 20:10 - 00000819 _____ () C:\Users\joern\Desktop\checkup.txt
2014-05-18 19:51 - 2014-02-06 12:30 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-18 18:34 - 2014-05-18 18:34 - 00855379 _____ () C:\Users\joern\Desktop\SecurityCheck.exe
2014-05-18 17:36 - 2014-04-09 21:26 - 00000000 ____D () C:\Program Files (x86)\best-markit Corp
2014-05-18 16:56 - 2013-01-08 22:10 - 01600479 _____ () C:\Windows\WindowsUpdate.log
2014-05-18 16:49 - 2014-05-18 16:43 - 02347384 _____ (ESET) C:\Users\joern\Desktop\esetsmartinstaller_deu.exe
2014-05-18 16:42 - 2013-01-12 17:13 - 00032320 _____ (FNet Co., Ltd.) C:\Windows\system32\Drivers\FNETTBOH_305.SYS
2014-05-18 16:42 - 2013-01-09 07:02 - 00696132 _____ () C:\Windows\system32\perfh007.dat
2014-05-18 16:42 - 2013-01-09 07:02 - 00147428 _____ () C:\Windows\system32\perfc007.dat
2014-05-18 16:42 - 2009-07-14 07:13 - 01611160 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-18 16:35 - 2014-04-09 21:26 - 00000402 _____ () C:\Windows\Tasks\best-markit_wd.job
2014-05-18 16:35 - 2014-04-09 21:26 - 00000400 _____ () C:\Windows\Tasks\best-markit Update.job
2014-05-18 16:35 - 2013-09-09 21:14 - 00000000 ____D () C:\Users\joern\AppData\Local\FreePDF_XP
2014-05-18 16:35 - 2013-02-23 01:02 - 00000000 ____D () C:\Users\joern\AppData\Local\TSVNCache
2014-05-18 16:35 - 2013-01-12 00:12 - 00000828 _____ () C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
2014-05-18 16:13 - 2009-07-14 06:45 - 00026720 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-18 16:13 - 2009-07-14 06:45 - 00026720 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-18 16:05 - 2014-05-18 16:05 - 00094656 _____ (CACE Technologies) C:\Windows\system32\WPRO_41_2001woem.tmp
2014-05-18 16:05 - 2013-01-12 00:17 - 00034752 _____ () C:\Windows\system32\Drivers\WPRO_41_2001.sys
2014-05-18 16:05 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-18 16:05 - 2009-07-14 06:51 - 00062827 _____ () C:\Windows\setupact.log
2014-05-18 16:04 - 2010-11-21 05:47 - 00229728 _____ () C:\Windows\PFRO.log
2014-05-18 16:02 - 2013-04-07 21:09 - 00000000 ____D () C:\Users\joern\AppData\Local\CrashDumps
2014-05-17 13:23 - 2013-01-12 00:12 - 00000830 _____ () C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
2014-05-17 13:18 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-05-17 01:53 - 2014-05-17 01:53 - 00001146 _____ () C:\Users\joern\Desktop\mbam.txt
2014-05-17 01:35 - 2014-05-17 01:35 - 00000000 ____D () C:\Windows\ERUNT
2014-05-17 01:34 - 2014-05-16 19:59 - 00000000 ____D () C:\AdwCleaner
2014-05-17 01:32 - 2014-05-17 01:32 - 01016261 _____ (Thisisu) C:\Users\joern\Desktop\JRT.exe
2014-05-16 19:58 - 2014-05-16 19:58 - 01325827 _____ () C:\Users\joern\Desktop\adwcleaner_3.208.exe
2014-05-16 19:56 - 2014-05-16 19:56 - 00004830 _____ () C:\Users\joern\Desktop\malware.txt
2014-05-16 19:33 - 2014-05-16 19:33 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-16 19:32 - 2014-05-16 19:32 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-16 19:32 - 2014-05-16 19:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-16 19:32 - 2014-05-16 19:32 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-16 19:32 - 2014-05-16 19:32 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-16 19:31 - 2014-05-16 19:31 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\joern\Downloads\mbam-setup-2.0.1.1004.exe
2014-05-15 20:03 - 2013-02-23 01:10 - 00000000 ___RD () C:\Users\joern\Dropbox
2014-05-15 19:54 - 2014-05-15 19:54 - 00026672 _____ () C:\ComboFix.txt
2014-05-15 19:54 - 2014-05-15 19:43 - 00000000 ____D () C:\Qoobox
2014-05-15 19:53 - 2014-05-15 19:42 - 00000000 ____D () C:\Windows\erdnt
2014-05-15 19:53 - 2013-01-08 22:10 - 00000000 ___RD () C:\Users\joern\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-15 19:53 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-05-15 19:42 - 2014-05-15 19:43 - 05200050 ____R (Swearware) C:\Users\joern\Desktop\ComboFix.exe
2014-05-15 19:42 - 2014-05-15 19:41 - 05200050 ____R (Swearware) C:\Users\joern\Downloads\ComboFix.exe
2014-05-15 19:35 - 2014-05-15 19:35 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-05-15 19:32 - 2014-05-15 19:32 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\joern\Downloads\revosetup95.exe
2014-05-15 19:29 - 2013-02-23 01:05 - 00000000 ____D () C:\Users\joern\AppData\Roaming\Dropbox
2014-05-14 18:50 - 2014-05-14 18:50 - 00000000 ____D () C:\Users\joern\AppData\Roaming\DropboxMaster
2014-05-14 18:50 - 2013-02-23 01:10 - 00000979 _____ () C:\Users\joern\Desktop\Dropbox.lnk
2014-05-14 18:50 - 2013-02-23 01:07 - 00000000 ____D () C:\Users\joern\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-05-14 18:48 - 2014-03-30 10:20 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-14 18:48 - 2013-01-12 00:47 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-05-13 21:51 - 2013-01-12 00:48 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-13 21:51 - 2013-01-12 00:48 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-13 20:50 - 2013-01-12 00:47 - 00001163 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-05-13 20:50 - 2013-01-12 00:47 - 00001151 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-05-13 20:48 - 2014-05-13 20:48 - 00283144 _____ (Mozilla) C:\Users\joern\Downloads\Firefox Setup Stub 29.0.1.exe
2014-05-13 08:42 - 2009-07-14 07:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-05-07 22:44 - 2013-02-03 16:43 - 00000000 ____D () C:\Users\joern\AppData\Roaming\Skype

Some content of TEMP:
====================
C:\Users\joern\AppData\Local\Temp\avgnt.exe
C:\Users\joern\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpnjoyvp.dll


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

=====

schrauber 19.05.2014 12:08
FRST bitte als Admin ausführen und den Fix wiederholen.

BuckWheat 20.05.2014 06:48
Hi,

das heisst, FRT als Admin starten.
Auf Fix klicken mit dem Fix Log von vorher.
Dann einen frischen Scan.

Richtig So ?

Gruss
Buck

Hi,

als Admin ausgeführt.

Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 17-05-2014
Ran by joern at 2014-05-20 07:37:01 Run:3
Running from C:\Users\joern\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
ProxyEnable: Internet Explorer proxy is enabled.
ProxyServer: http=127.0.0.1:13828
HKLM-x32\...\Runonce: [SpUninstallCleanUp] - REG delete HKEY_LOCAL_MACHINE\Software\SearchProtect /f [X]
       
*****************


"C:\Windows\system32\GroupPolicy\Machine" directory move:

Could not move "C:\Windows\system32\GroupPolicy\Machine\Registry.pol" => Scheduled to move on reboot.
Could not move "C:\Windows\system32\GroupPolicy\Machine" directory. => Scheduled to move on reboot.

Could not move "C:\Windows\system32\GroupPolicy\GPT.ini" => Scheduled to move on reboot.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => Value not found.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\\SpUninstallCleanUp => Unable to delete value

"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce"

Listing permissions failed. Access Denied.

=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-05-20 07:39:00)<=

==> ATTENTION: System is not rebooted.
C:\Windows\system32\GroupPolicy\Machine\Registry.pol => Moved successfully.
C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.

==== End of Fixlog ====

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-05-2014
Ran by admin (administrator) on JOERN-PC on 20-05-2014 07:45:14
Running from C:\Users\joern\Desktop
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Hauppauge Computer Works) D:\Programme\WinTV\TVServer\HauppaugeTVServer.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
() C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Kinetic Jump Software, LLC) C:\Program Files (x86)\Common Files\AppLifeUpdateService2\kjsausvc.exe
(Hauppauge Computer Works) D:\Programme\WinTV\TVServer\CaptureGenPCI.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(TomTom) C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe
(Hauppauge Computer Works) D:\Programme\WinTV\Ir.exe
(hxxp://tortoisesvn.net) C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
(Hauppauge Computer Works, Inc.) D:\Programme\WinTV\WinTV7\WinTVTray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(FNet Co., Ltd.) C:\Program Files (x86)\XFastUSB\XFastUsb.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(shbox.de) C:\Program Files (x86)\FreePDF_XP\fpassist.exe
(Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13307496 2011-10-17] (Realtek Semiconductor)
HKLM\...\Run: [THXCfg64] => C:\Windows\system32\THXCfg64.dll [26624 2011-05-13] (Creative Technology Ltd.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-11-29] (Intel Corporation)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [133400 2012-02-07] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-01-26] (Intel Corporation)
HKLM-x32\...\Run: [XFastUSB] => C:\Program Files (x86)\XFastUSB\XFastUsb.exe [5019360 2013-01-12] (FNet Co., Ltd.)
HKLM-x32\...\Run: [THX TruStudio NB Settings] => C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe [909824 2011-05-19] (Creative Technology Ltd)
HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-22] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [946352 2012-12-18] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [FreePDF Assistant] => C:\Program Files (x86)\FreePDF_XP\fpassist.exe [373760 2013-03-14] (shbox.de)
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-13] (Logitech Inc.)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [189480 2014-02-06] (Geek Software GmbH)
HKLM\...\RunOnce: [*WerKernelReporting] - %SYSTEMROOT%\SYSTEM32\WerFault.exe -k -rq [415232 2009-07-14] (Microsoft Corporation)
HKLM-x32\...\Runonce: [SpUninstallCleanUp] - REG delete HKEY_LOCAL_MACHINE\Software\SearchProtect /f [X]
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1196304418-2561846535-3657677396-1000\...\Run: [ASRockXTU] => [X]
HKU\S-1-5-21-1196304418-2561846535-3657677396-1000\...\Run: [MyTomTomSA.exe] => C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe [458680 2013-08-01] (TomTom)
HKU\S-1-5-21-1196304418-2561846535-3657677396-1000\...\MountPoints2: G - "G:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-21-1196304418-2561846535-3657677396-1001\...\Run: [MyTomTomSA.exe] => C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe [458680 2013-08-01] (TomTom)
HKU\S-1-5-21-1196304418-2561846535-3657677396-1001\...\Run: [Hudl Mercury] => C:\Program Files (x86)\Hudl Mercury\HudlMercury.exe [3396760 2013-12-04] (Agile Sports Technologies)
Startup: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk
ShortcutTarget: Logitech . Produktregistrierung.lnk -> C:\Program Files (x86)\Logitech\Ereg\eReg.exe (Leader Technologies/Logitech)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AutoStart IR.lnk
ShortcutTarget: AutoStart IR.lnk -> D:\Programme\WinTV\Ir.exe (Hauppauge Computer Works)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinTV Recording Status.lnk
ShortcutTarget: WinTV Recording Status.lnk -> D:\Programme\WinTV\WinTV7\WinTVTray.exe (Hauppauge Computer Works, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.hattrick.org/
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=protegere
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\d9stfx7p.default
FF Homepage: hxxp://www.hattrick.org
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.5 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Protegere - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\d9stfx7p.default\Extensions\security@protegere.org [2014-04-09]
FF HKCU\...\Firefox\Extensions: [{07e403c0-41ac-420d-8d82-3a4d196059a8}] - C:\Program Files (x86)\best-markit Corp\158.xpi
FF Extension: best-markit - C:\Program Files (x86)\best-markit Corp\158.xpi [2014-04-09]

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-22] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-22] (Avira Operations GmbH & Co. KG)
R2 HauppaugeTVServer; D:\Programme\WinTV\TVServer\HauppaugeTVServer.exe [577536 2013-01-25] (Hauppauge Computer Works)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128280 2012-02-07] ()
R2 ISCTAgent; C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [133632 2012-02-09] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-02-07] (Intel Corporation)
R2 KjsUpdateService2; C:\Program Files (x86)\Common Files\AppLifeUpdateService2\kjsausvc.exe [12800 2011-08-02] (Kinetic Jump Software, LLC)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation)

==================== Drivers (Whitelisted) ====================

R0 asahci64; C:\Windows\System32\DRIVERS\asahci64.sys [49760 2011-09-21] (Asmedia Technology)
R0 AsrRamDisk; C:\Windows\System32\DRIVERS\AsrRamDisk.sys [31016 2012-01-13] (ASRock Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-25] (Avira Operations GmbH & Co. KG)
R3 FNETTBOH_305; C:\Windows\System32\drivers\FNETTBOH_305.SYS [32320 2014-05-18] (FNet Co., Ltd.)
R1 FNETURPX; C:\Windows\System32\drivers\FNETURPX.SYS [15936 2013-01-12] (FNet Co., Ltd.)
R3 ikbevent; C:\Windows\System32\DRIVERS\ikbevent.sys [25536 2012-02-09] ()
R3 imsevent; C:\Windows\System32\DRIVERS\imsevent.sys [25536 2012-02-09] ()
R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [44992 2012-02-09] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-04-03] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63192 2014-04-03] (Malwarebytes Corporation)
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [59904 2009-07-14] (Microsoft Corporation)
R3 WPRO_41_2001; C:\Windows\System32\drivers\WPRO_41_2001.sys [34752 2014-05-20] ()

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-18 20:19 - 2014-05-18 20:19 - 00000000 ____D () C:\Users\joern\Desktop\FRST-OlderVersion
2014-05-18 20:10 - 2014-05-18 20:10 - 00000819 _____ () C:\Users\joern\Desktop\checkup.txt
2014-05-18 18:34 - 2014-05-18 18:34 - 00855379 _____ () C:\Users\joern\Desktop\SecurityCheck.exe
2014-05-18 16:43 - 2014-05-18 16:49 - 02347384 _____ (ESET) C:\Users\joern\Desktop\esetsmartinstaller_deu.exe
2014-05-18 16:05 - 2014-05-20 07:37 - 00094656 _____ (CACE Technologies) C:\Windows\system32\WPRO_41_2001woem.tmp
2014-05-17 13:11 - 2014-05-20 07:45 - 00014237 _____ () C:\Users\joern\Desktop\FRST.txt
2014-05-17 02:04 - 2014-05-17 02:08 - 00025956 _____ () C:\Users\admin\Desktop\FRST.txt
2014-05-17 02:00 - 2014-05-17 02:00 - 02067456 _____ (Farbar) C:\Users\admin\Desktop\FRST64.exe
2014-05-17 01:53 - 2014-05-17 01:53 - 00001146 _____ () C:\Users\joern\Desktop\mbam.txt
2014-05-17 01:42 - 2014-05-17 01:42 - 00000899 _____ () C:\Users\admin\Desktop\JRT.txt
2014-05-17 01:35 - 2014-05-17 01:35 - 00000000 ____D () C:\Windows\ERUNT
2014-05-17 01:32 - 2014-05-17 01:32 - 01016261 _____ (Thisisu) C:\Users\joern\Desktop\JRT.exe
2014-05-16 19:59 - 2014-05-17 01:34 - 00000000 ____D () C:\AdwCleaner
2014-05-16 19:58 - 2014-05-16 19:58 - 01325827 _____ () C:\Users\joern\Desktop\adwcleaner_3.208.exe
2014-05-16 19:56 - 2014-05-16 19:56 - 00004830 _____ () C:\Users\joern\Desktop\malware.txt
2014-05-16 19:33 - 2014-05-16 19:33 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-16 19:32 - 2014-05-16 19:32 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-16 19:32 - 2014-05-16 19:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-16 19:32 - 2014-05-16 19:32 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-16 19:32 - 2014-05-16 19:32 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-16 19:32 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-16 19:32 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-16 19:32 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-16 19:31 - 2014-05-16 19:31 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\joern\Downloads\mbam-setup-2.0.1.1004.exe
2014-05-15 19:54 - 2014-05-15 19:54 - 00026672 _____ () C:\ComboFix.txt
2014-05-15 19:44 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-05-15 19:44 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-05-15 19:44 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-05-15 19:44 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-05-15 19:44 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-05-15 19:44 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-05-15 19:44 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-05-15 19:44 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-05-15 19:43 - 2014-05-15 19:54 - 00000000 ____D () C:\Qoobox
2014-05-15 19:43 - 2014-05-15 19:42 - 05200050 ____R (Swearware) C:\Users\joern\Desktop\ComboFix.exe
2014-05-15 19:42 - 2014-05-15 19:53 - 00000000 ____D () C:\Windows\erdnt
2014-05-15 19:41 - 2014-05-15 19:42 - 05200050 ____R (Swearware) C:\Users\joern\Downloads\ComboFix.exe
2014-05-15 19:35 - 2014-05-15 19:35 - 00001268 _____ () C:\Users\admin\Desktop\Revo Uninstaller.lnk
2014-05-15 19:35 - 2014-05-15 19:35 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-05-15 19:32 - 2014-05-15 19:32 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\joern\Downloads\revosetup95.exe
2014-05-14 18:53 - 2014-05-20 07:45 - 00000000 ____D () C:\FRST
2014-05-14 18:52 - 2014-05-18 20:19 - 02067456 _____ (Farbar) C:\Users\joern\Desktop\FRST64.exe
2014-05-14 18:50 - 2014-05-14 18:50 - 00000000 ____D () C:\Users\joern\AppData\Roaming\DropboxMaster
2014-05-13 20:48 - 2014-05-13 20:48 - 00283144 _____ (Mozilla) C:\Users\joern\Downloads\Firefox Setup Stub 29.0.1.exe

==================== One Month Modified Files and Folders =======

2014-05-20 07:45 - 2014-05-17 13:11 - 00014237 _____ () C:\Users\joern\Desktop\FRST.txt
2014-05-20 07:45 - 2014-05-14 18:53 - 00000000 ____D () C:\FRST
2014-05-20 07:43 - 2013-01-09 07:02 - 00696132 _____ () C:\Windows\system32\perfh007.dat
2014-05-20 07:43 - 2013-01-09 07:02 - 00147428 _____ () C:\Windows\system32\perfc007.dat
2014-05-20 07:43 - 2009-07-14 07:13 - 01611160 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-20 07:42 - 2013-01-08 22:10 - 01694716 _____ () C:\Windows\WindowsUpdate.log
2014-05-20 07:39 - 2009-07-14 05:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-05-20 07:38 - 2014-04-09 21:26 - 00000402 _____ () C:\Windows\Tasks\best-markit_wd.job
2014-05-20 07:38 - 2014-04-09 21:26 - 00000400 _____ () C:\Windows\Tasks\best-markit Update.job
2014-05-20 07:38 - 2013-09-09 21:14 - 00000000 ____D () C:\Users\joern\AppData\Local\FreePDF_XP
2014-05-20 07:38 - 2013-02-23 01:02 - 00000000 ____D () C:\Users\joern\AppData\Local\TSVNCache
2014-05-20 07:38 - 2013-01-12 00:12 - 00000828 _____ () C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
2014-05-20 07:37 - 2014-05-18 16:05 - 00094656 _____ (CACE Technologies) C:\Windows\system32\WPRO_41_2001woem.tmp
2014-05-20 07:37 - 2013-01-12 00:17 - 00034752 _____ () C:\Windows\system32\Drivers\WPRO_41_2001.sys
2014-05-20 07:37 - 2010-11-21 05:47 - 00231110 _____ () C:\Windows\PFRO.log
2014-05-20 07:37 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-20 07:37 - 2009-07-14 06:51 - 00062939 _____ () C:\Windows\setupact.log
2014-05-20 07:35 - 2009-07-14 06:45 - 00026720 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-20 07:35 - 2009-07-14 06:45 - 00026720 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-18 20:19 - 2014-05-18 20:19 - 00000000 ____D () C:\Users\joern\Desktop\FRST-OlderVersion
2014-05-18 20:19 - 2014-05-14 18:52 - 02067456 _____ (Farbar) C:\Users\joern\Desktop\FRST64.exe
2014-05-18 20:10 - 2014-05-18 20:10 - 00000819 _____ () C:\Users\joern\Desktop\checkup.txt
2014-05-18 19:51 - 2014-02-06 12:30 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-18 18:34 - 2014-05-18 18:34 - 00855379 _____ () C:\Users\joern\Desktop\SecurityCheck.exe
2014-05-18 17:36 - 2014-04-09 21:26 - 00000000 ____D () C:\Program Files (x86)\best-markit Corp
2014-05-18 16:49 - 2014-05-18 16:43 - 02347384 _____ (ESET) C:\Users\joern\Desktop\esetsmartinstaller_deu.exe
2014-05-18 16:42 - 2013-01-12 17:13 - 00032320 _____ (FNet Co., Ltd.) C:\Windows\system32\Drivers\FNETTBOH_305.SYS
2014-05-18 16:02 - 2013-04-07 21:09 - 00000000 ____D () C:\Users\joern\AppData\Local\CrashDumps
2014-05-17 13:23 - 2013-01-12 00:12 - 00000830 _____ () C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
2014-05-17 13:18 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-05-17 02:12 - 2013-02-23 02:42 - 00000000 ____D () C:\Users\admin\AppData\Local\TSVNCache
2014-05-17 02:08 - 2014-05-17 02:04 - 00025956 _____ () C:\Users\admin\Desktop\FRST.txt
2014-05-17 02:00 - 2014-05-17 02:00 - 02067456 _____ (Farbar) C:\Users\admin\Desktop\FRST64.exe
2014-05-17 01:53 - 2014-05-17 01:53 - 00001146 _____ () C:\Users\joern\Desktop\mbam.txt
2014-05-17 01:42 - 2014-05-17 01:42 - 00000899 _____ () C:\Users\admin\Desktop\JRT.txt
2014-05-17 01:35 - 2014-05-17 01:35 - 00000000 ____D () C:\Windows\ERUNT
2014-05-17 01:34 - 2014-05-16 19:59 - 00000000 ____D () C:\AdwCleaner
2014-05-17 01:32 - 2014-05-17 01:32 - 01016261 _____ (Thisisu) C:\Users\joern\Desktop\JRT.exe
2014-05-16 19:58 - 2014-05-16 19:58 - 01325827 _____ () C:\Users\joern\Desktop\adwcleaner_3.208.exe
2014-05-16 19:56 - 2014-05-16 19:56 - 00004830 _____ () C:\Users\joern\Desktop\malware.txt
2014-05-16 19:33 - 2014-05-16 19:33 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-16 19:32 - 2014-05-16 19:32 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-16 19:32 - 2014-05-16 19:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-16 19:32 - 2014-05-16 19:32 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-16 19:32 - 2014-05-16 19:32 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-16 19:31 - 2014-05-16 19:31 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\joern\Downloads\mbam-setup-2.0.1.1004.exe
2014-05-15 20:03 - 2013-02-23 01:10 - 00000000 ___RD () C:\Users\joern\Dropbox
2014-05-15 19:55 - 2009-07-14 07:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-05-15 19:54 - 2014-05-15 19:54 - 00026672 _____ () C:\ComboFix.txt
2014-05-15 19:54 - 2014-05-15 19:43 - 00000000 ____D () C:\Qoobox
2014-05-15 19:53 - 2014-05-15 19:42 - 00000000 ____D () C:\Windows\erdnt
2014-05-15 19:53 - 2013-01-08 22:10 - 00000000 ___RD () C:\Users\joern\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-15 19:53 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-05-15 19:42 - 2014-05-15 19:43 - 05200050 ____R (Swearware) C:\Users\joern\Desktop\ComboFix.exe
2014-05-15 19:42 - 2014-05-15 19:41 - 05200050 ____R (Swearware) C:\Users\joern\Downloads\ComboFix.exe
2014-05-15 19:35 - 2014-05-15 19:35 - 00001268 _____ () C:\Users\admin\Desktop\Revo Uninstaller.lnk
2014-05-15 19:35 - 2014-05-15 19:35 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-05-15 19:32 - 2014-05-15 19:32 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\joern\Downloads\revosetup95.exe
2014-05-15 19:29 - 2013-02-23 01:05 - 00000000 ____D () C:\Users\joern\AppData\Roaming\Dropbox
2014-05-14 18:50 - 2014-05-14 18:50 - 00000000 ____D () C:\Users\joern\AppData\Roaming\DropboxMaster
2014-05-14 18:50 - 2013-02-23 01:10 - 00000979 _____ () C:\Users\joern\Desktop\Dropbox.lnk
2014-05-14 18:50 - 2013-02-23 01:07 - 00000000 ____D () C:\Users\joern\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-05-14 18:48 - 2014-03-30 10:20 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-14 18:48 - 2013-01-12 00:47 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-05-13 21:51 - 2014-02-06 12:30 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-05-13 21:51 - 2013-01-12 00:48 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-13 21:51 - 2013-01-12 00:48 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-13 20:50 - 2013-01-12 00:47 - 00001163 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-05-13 20:50 - 2013-01-12 00:47 - 00001151 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-05-13 20:48 - 2014-05-13 20:48 - 00283144 _____ (Mozilla) C:\Users\joern\Downloads\Firefox Setup Stub 29.0.1.exe
2014-05-13 08:42 - 2009-07-14 07:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-05-07 22:44 - 2013-02-03 16:43 - 00000000 ____D () C:\Users\joern\AppData\Roaming\Skype

Some content of TEMP:
====================
C:\Users\joern\AppData\Local\temp\avgnt.exe
C:\Users\joern\AppData\Local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpnjoyvp.dll


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-05-12 21:23

==================== End Of Log ============================
--- --- ---

--- --- ---

schrauber 21.05.2014 07:34
Fertig :)

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.



Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun :)

Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.

BuckWheat 21.05.2014 08:31
Alles Ok bei mir !

schrauber 22.05.2014 08:31
Gern Geschehen :)


Alle Zeitangaben in WEZ +1. Es ist jetzt 19:23 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19