Ich habe angeblich Java Upgrade gemacht, Avira sagte - VIRUS und ich sehe es auch so...

tantan · 10.11.2013, 19:59

Hallo,

ich habe heute einen JAVA-Upgrade angeblich gemacht.
Danach habe ich gesehen, dass mehrere neue und unbekannte Programme instlaliert waren.
Manche habe ich gelöscht/deinstaliert.
Mein AVIRA sagte ich hätte einen Virus.
Momentan kann ich den Optimizer Pro v3.2 NICHT deinstalieren.
Ausserdem als Startseite/Suchmaschine habe ich Snap.do, was ich nicht entfernen kann.

Ich beobachte kommische Sachen - zB ich wähle eine Internetseite, es öffent sich aber eine andere; oder öffnet sich gar nicht das, was ich öffnen will.

Bitte, prüfen Sie und helfen Sie mir.
Habe Angst, dass ich etwas böses mir angefangen habe.

Danke.

cosinus · 11.11.2013, 01:26

Hallo und

Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die mal fündig geworden?

Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs in CODE-Tags posten!
Relevant sind nur Logs der letzten 7 Tage bzw. seitdem das Problem besteht!

Zudem bitte auch ein Log mit Farbars Tool machen:

Scan mit Farbar's Recovery Scan Tool (FRST)

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

tantan · 11.11.2013, 23:18

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 10-11-2013 01
Ran by Administrator (administrator) on YOUR-8E8F8D6E2D on 11-11-2013 22:56:04
Running from C:\Documents and Settings\Administrator\Desktop
Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Intel Corporation) C:\WINDOWS\system32\igfxtray.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(Panasonic Corporation) C:\Program Files\Panasonic\WSwitch\WSwitch.exe
(Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe
(Panasonic Corporation) C:\Program Files\Panasonic\Hotkey Appendix\HKEYAPP.EXE
( TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Brother Industries, Ltd.) C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Geek Software GmbH) C:\Program Files\PDF24\pdf24.exe
(HP) C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
(Hewlett-Packard) C:\WINDOWS\system32\hphmon04.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(APN) C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe
(APN LLC.) C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe
(Microsoft Corporation) C:\Program Files\Messenger\msmsgs.exe
(Brother Industries, Ltd.) C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
() c:\progra~1\optimi~1\OptProCrash.exe
(Panasonic Corporation) C:\WINDOWS\System32\DVDRAMSV.exe
(Intel Corporation) C:\WINDOWS\system32\EtmService.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Panasonic Corporation) C:\Program Files\Panasonic\CHGBMODE\ChgBmode.exe
(Brother Industries, Ltd.) C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
() C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
(Panasonic Corporation) C:\Program Files\Panasonic\OPDOFF\opdoff.exe
(Panasonic Corporation) C:\Program Files\Panasonic\PPopup\ppopup.exe
(Panasonic Corporation) C:\WINDOWS\system32\RAMAsst.exe
(Panasonic Corporation) C:\Program Files\Panasonic\WheelPad\Touchpad.exe
(InterVideo) c:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
(Panasonic Corporation) C:\Program Files\Panasonic\OPDOFF\opdoffsv.exe
(Panasonic Corporation) C:\Program Files\Panasonic\pcinfo\PCInfoPi.exe
(Panasonic Corporation) C:\Program Files\Panasonic\pcinfo\PCInfoSV.exe
(TOSHIBA CORPORATION.) c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Skype Technologies S.A.) C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(TOSHIBA CORPORATION.) c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
(TOSHIBA CORPORATION) c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
(TOSHIBA CORPORATION.) c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(10superSoftabcd) c:\program files\superlyrics-16\superlyrics-16-bg.exe
(APN LLC.) C:\Program Files\AskPartnerNetwork\Toolbar\ServiceLocator.exe
(APN LLC.) C:\Program Files\AskPartnerNetwork\Toolbar\Toolbar.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [HotKeysCmds] - C:\WINDOWS\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [PRunOnce] - C:\util\prunonce\PRunOnce.exe [161088 2008-10-23] (Panasonic Corporation)
HKLM\...\Run: [WSwitch] - C:\Program Files\Panasonic\WSwitch\WSwitch.exe [800064 2008-11-05] (Panasonic Corporation)
HKLM\...\Run: [SynTPStart] - C:\Program Files\Synaptics\SynTP\SynTPStart.exe [204800 2007-07-27] (Synaptics, Inc.)
HKLM\...\Run: [SoundMAX] - C:\Program Files\Analog Devices\SoundMAX\SMax4.exe [884736 2008-03-24] (Analog Devices, Inc.)
HKLM\...\Run: [setfan] - C:\Program Files\Panasonic\setfan\setfan.exe [443712 2008-10-24] (Panasonic Corporation)
HKLM\...\Run: [Panasonic Hotkey Manager] - C:\Program Files\Panasonic\Hotkey Appendix\hkeyapp.exe [1058104 2008-10-18] (Panasonic Corporation)
HKLM\...\Run: [PCinfo] - C:\Program Files\Panasonic\pcinfo\PcInfoUt.exe [91456 2008-10-24] (Panasonic Corporation)
HKLM\...\Run: [ITSecMng] - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe [75136 2007-09-29] ( TOSHIBA CORPORATION)
HKLM\...\Run: [IntelZeroConfig] - C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe [1368064 2008-12-22] (Intel(R) Corporation)
HKLM\...\Run: [IMJPMIG8.1] - C:\WINDOWS\ime\imjp8_1\imjpmig.exe [208952 2004-08-05] (Microsoft Corporation)
HKLM\...\Run: [MSPY2002] - C:\WINDOWS\system32\IME\PINTLGNT\IMSCINST.EXE [59392 2004-08-05] ()
HKLM\...\Run: [PHIME2002ASync] - C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [455168 2004-08-05] (Microsoft Corporation)
HKLM\...\Run: [PHIME2002A] - C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [455168 2004-08-05] (Microsoft Corporation)
HKLM\...\Run: [IntelWireless] - C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1191936 2008-12-22] (Intel(R) Corporation)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [BrMfcWnd] - C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe [745472 2009-02-10] (Brother Industries, Ltd.)
HKLM\...\Run: [ControlCenter3] - C:\Program Files\Brother\ControlCenter3\BrCtrCen.exe [77824 2007-10-30] (Brother Industries, Ltd.)
HKLM\...\Run: [REGSHAVE] - C:\Program Files\REGSHAVE\REGSHAVE.EXE [53248 2002-02-04] (FUJI PHOTO FILM CO., LTD.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [SwitchBoard] - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM\...\Run: [AdobeCS6ServiceManager] - C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM\...\Run: [PDFPrint] - C:\Program Files\PDF24\pdf24.exe [163000 2012-12-12] (Geek Software GmbH)
HKLM\...\Run: [HPDJ Taskbar Utility] - C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe [188416 2002-05-24] (HP)
HKLM\...\Run: [HPHmon04] - C:\WINDOWS\system32\hphmon04.exe [339968 2002-06-20] (Hewlett-Packard)
HKLM\...\Run: [HPHUPD04] - C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe [49152 2002-05-24] (Hewlett-Packard)
HKLM\...\Run: [Share-to-Web Namespace Daemon] - C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe [69632 2002-04-17] (Hewlett-Packard)
HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [347192 2013-09-05] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [ApnTBMon] - C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1673680 2013-10-23] (APN)
HKLM\...\Run: [SoundMAXPnP] - C:\Program Files\Analog Devices\Core\smax4pnp.exe [1040384 2008-04-14] (Analog Devices, Inc.)
HKCU\...\Run: [MSMSGS] - C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-14] (Microsoft Corporation)
HKCU\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [20549280 2013-10-21] (Skype Technologies S.A.)
HKCU\...\Run: [Optimizer Pro] - C:\Program Files\Optimizer Pro\OptProLauncher.exe [134648 2013-10-28] ()
AppInit_DLLs: c:\progra~1\optimi~1\optpro~1.dll [ 2013-10-29] ()
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk
ShortcutTarget: Bluetooth Manager.lnk -> C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe (TOSHIBA CORPORATION.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Economy Mode(ECO) Setting Utility.lnk
ShortcutTarget: Economy Mode(ECO) Setting Utility.lnk -> C:\Program Files\Panasonic\CHGBMODE\ChgBmode.exe (Panasonic Corporation)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Optical Disc Drive Power-Saving Utility.lnk
ShortcutTarget: Optical Disc Drive Power-Saving Utility.lnk -> C:\Program Files\Panasonic\OPDOFF\opdoff.exe (Panasonic Corporation)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\PC Information Popup.lnk
ShortcutTarget: PC Information Popup.lnk -> C:\Program Files\Panasonic\PPopup\ppopup.exe (Panasonic Corporation)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\RAMASST.lnk
ShortcutTarget: RAMASST.lnk -> C:\WINDOWS\system32\RAMAsst.exe (Panasonic Corporation)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Touch Pad Utility.lnk
ShortcutTarget: Touch Pad Utility.lnk -> C:\Program Files\Panasonic\WheelPad\Touchpad.exe (Panasonic Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://feed.snapdo.com/?publisher=Tuguu&dpid=TuguuCR&co=DE&userid=c27c7a0f-aa1d-70a0-db72-1929caf785a5&searchtype=hp&installDate=10/11/2013
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snapdo.com/?publisher=Tuguu&dpid=TuguuCR&co=DE&userid=c27c7a0f-aa1d-70a0-db72-1929caf785a5&searchtype=ds&q={searchTerms}&installDate=10/11/2013
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x1E8C8920B883CD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snapdo.com/?publisher=Tuguu&dpid=TuguuCR&co=DE&userid=c27c7a0f-aa1d-70a0-db72-1929caf785a5&searchtype=ds&q={searchTerms}&installDate=10/11/2013
SearchScopes: HKLM - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?publisher=Tuguu&dpid=TuguuCR&co=DE&userid=c27c7a0f-aa1d-70a0-db72-1929caf785a5&searchtype=ds&q={searchTerms}&installDate=10/11/2013
SearchScopes: HKLM - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?publisher=Tuguu&dpid=TuguuCR&co=DE&userid=c27c7a0f-aa1d-70a0-db72-1929caf785a5&searchtype=ds&q={searchTerms}&installDate=10/11/2013
SearchScopes: HKCU - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?publisher=Tuguu&dpid=TuguuCR&co=DE&userid=c27c7a0f-aa1d-70a0-db72-1929caf785a5&searchtype=ds&q={searchTerms}&installDate=10/11/2013
SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?publisher=Tuguu&dpid=TuguuCR&co=DE&userid=c27c7a0f-aa1d-70a0-db72-1929caf785a5&searchtype=ds&q={searchTerms}&installDate=10/11/2013
SearchScopes: HKCU - {92F32CDB-8ACA-4E12-B3F7-057434B698EB} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10395&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=^ABT&apn_dtid=^YYYYYY^YY^DE&apn_uid=9BCE5022-1EB9-4F7B-8E78-07721C2E5CC3&apn_sauid=B03CDB45-92E3-4BAD-B35D-36EA611AFA78
BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO: SuperLyrics-16 - {11111111-1111-1111-1111-110411411162} - C:\Program Files\SuperLyrics-16\SuperLyrics-16-bho.dll (10superSoftabcd)
BHO: Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.)
BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: BetterAds - {BA56787C-729F-4715-8F11-EB2A16908B91} - C:\Program Files\BetterAds\ScriptHost.dll No File
Toolbar: HKLM - Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.)
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Toolbar: HKCU - Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.)
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog9 01 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 02 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 18 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\la8iggyg.default
FF NewTab: about:blank
FF DefaultSearchEngine: Web Search
FF SearchEngineOrder.1: Ask.com
FF SelectedSearchEngine: Web Search
FF Homepage: hxxp://feed.snapdo.com/?publisher=Tuguu&dpid=TuguuCR&co=DE&userid=c27c7a0f-aa1d-70a0-db72-1929caf785a5&searchtype=hp&installDate=10/11/2013
FF Keyword.URL: hxxp://feed.snapdo.com/?publisher=Tuguu&dpid=TuguuCR&co=DE&userid=c27c7a0f-aa1d-70a0-db72-1929caf785a5&searchtype=ds&installDate=10/11/2013&q=
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin: @digitalpublishing.de/dpLaunch - C:\Program Files\digital publishing\LAUNCHER_12_999999\nplaunch.dll (digital publishing AG)
FF Plugin: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\la8iggyg.default\searchplugins\askcom.xml
FF SearchPlugin: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\la8iggyg.default\searchplugins\Web Search.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: SuperLyrics-16 - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\la8iggyg.default\Extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com
FF Extension: betterads - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\la8iggyg.default\Extensions\betterads@BetterAds.org.xpi
FF Extension: toolbar_AVIRA-V7 - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\la8iggyg.default\Extensions\toolbar_AVIRA-V7@apn.ask.com.xpi
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

Chrome: 
=======
CHR HomePage: hxxp://feed.snapdo.com/?publisher=Tuguu&dpid=TuguuCR&co=DE&userid=c27c7a0f-aa1d-70a0-db72-1929caf785a5&searchtype=hp&installDate=10/11/2013
CHR RestoreOnStartup: "hxxp://feed.snapdo.com/?publisher=Tuguu&dpid=TuguuCR&co=DE&userid=c27c7a0f-aa1d-70a0-db72-1929caf785a5&searchtype=hp&installDate=10/11/2013"
CHR DefaultSearchURL: (Web) - hxxp://feed.snapdo.com/?publisher=Tuguu&dpid=TuguuCR&co=DE&userid=c27c7a0f-aa1d-70a0-db72-1929caf785a5&searchtype=ds&q={searchTerms}&installDate=10/11/2013
CHR DefaultSuggestURL: (Web) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\21.0.1180.83\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\30.0.1599.101\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll No File
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\30.0.1599.101\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft\u00AE DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Microsoft\u00AE DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (Ipsos communication plugin) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Ipsos Panel Plus\toolbar_ff\plugins\npIpsosCommPlugin.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (dp Launcher Plugin) - C:\Program Files\digital publishing\LAUNCHER_12_999999\nplaunch.dll (digital publishing AG)
CHR Plugin: (Windows Presentation Foundation) - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Extension: (Avira SearchFree Toolbar plus Web Protection) - C:\DOCUME~1\ADMINI~1\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\aaaaacalgebmfelllfiaoknifldpngjh\25.62088_0
CHR Extension: (Avira Toolbar) - C:\DOCUME~1\ADMINI~1\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\aaaangaohdajkgeopjhpbnlpkehbhmbj\7.14.1.0_0
CHR Extension: (Snap.Do ) - C:\DOCUME~1\ADMINI~1\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0
CHR Extension: (SuperLyrics-16) - C:\DOCUME~1\ADMINI~1\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.19_0
CHR Extension: (Chrome In-App Payments service) - C:\DOCUME~1\ADMINI~1\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0
CHR HKLM\...\Chrome\Extension: [aaaaacalgebmfelllfiaoknifldpngjh] - C:\Documents and Settings\All Users\Application Data\AskPartnerNetwork\Toolbar\AVIRA-V7\CRX\ToolbarCR.crx
CHR HKLM\...\Chrome\Extension: [aaaangaohdajkgeopjhpbnlpkehbhmbj] - C:\Documents and Settings\Administrator\Local Settings\Application Data\APN\GoogleCRXs\aaaangaohdajkgeopjhpbnlpkehbhmbj_7.14.1.0.crx
CHR HKLM\...\Chrome\Extension: [cacclhdpfoingihegojhoipnihfnoaki] - C:\Documents and Settings\Administrator\Local Settings\Application Data\MediaBA\betterads.crx
CHR HKLM\...\Chrome\Extension: [jifflliplgeajjdhmkcfnngfpgbjonjg] - C:\Program Files\Perion\NewTab\newTab.crx

========================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [84024 2013-09-05] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [108088 2013-09-05] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [815160 2013-09-05] (Avira Operations GmbH & Co. KG)
R2 APNMCP; C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe [166352 2013-10-23] (APN LLC.)
R2 ca82e1a5; c:\progra~1\optimi~1\OptProCrash.exe [143488 2013-11-10] ()
R2 DVD-RAM_Service; C:\Windows\System32\DVDRAMSV.exe [172032 2008-07-17] (Panasonic Corporation)
R2 ETMService; C:\WINDOWS\system32\EtmService.exe [223768 2008-08-14] (Intel Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [235216 2013-09-06] (McAfee, Inc.)
R2 OPDOFFSV; C:\Program Files\Panasonic\OPDOFF\opdoffsv.exe [206136 2008-10-22] (Panasonic Corporation)
R2 PcInfoPi; C:\Program Files\Panasonic\pcinfo\PCInfoPi.exe [54592 2008-10-24] (Panasonic Corporation)
R2 PcInfoSV; C:\Program Files\Panasonic\pcinfo\PCInfoSV.exe [193856 2009-02-23] (Panasonic Corporation)
S3 Pml Driver HPH11; C:\WINDOWS\system32\HPHipm11.exe [77824 2002-05-24] (HP)
R2 S24EventMonitor; C:\Program Files\Intel\WiFi\bin\S24EvMon.exe [905216 2008-12-22] (Intel(R) Corporation)
R2 Skype C2C Service; C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3291008 2013-08-14] (Skype Technologies S.A.)

==================== Drivers (Whitelisted) ====================

R1 AFS2K; C:\Windows\System32\Drivers\AFS2K.sys [82380 2013-03-02] (Oak Technology Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [88840 2013-09-05] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136672 2013-09-05] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-08-18] (Avira Operations GmbH & Co. KG)
S3 BrScnUsb; C:\Windows\System32\DRIVERS\BrScnUsb.sys [15295 2004-10-15] (Brother Industries Ltd.)
S3 Dot4 HPH11; C:\Windows\System32\DRIVERS\hphid411.sys [50896 2002-05-24] (HP)
S3 Dot4Print HPH11; C:\Windows\System32\DRIVERS\hphipr11.sys [16112 2002-05-24] (HP)
S3 Dot4Storage HPH11; C:\Windows\System32\Drivers\hphs2k11.sys [50276 2002-05-24] (Hewlett-Packard)
S3 Dot4Usb HPH11; C:\Windows\System32\drivers\hphius11.sys [18928 2002-05-24] (HP)
R3 e1yexpress; C:\Windows\System32\DRIVERS\e1y5132.sys [244368 2008-03-26] (Intel Corporation)
R3 EtmCpu; C:\Windows\System32\DRIVERS\EtmDevCpu.sys [25088 2008-08-08] (Intel Corporation)
R3 EtmDevGen; C:\Windows\System32\DRIVERS\EtmDevGen.sys [18944 2008-08-08] (Intel Corporation)
R3 EtmDrvMgr; C:\Windows\System32\DRIVERS\EtmDrvMgr.sys [46592 2008-08-08] (Intel Corporation)
R3 EtmFan; C:\Windows\System32\DRIVERS\EtmDevFan.sys [11264 2008-08-08] (Intel Corporation)
R3 EtmGmchMem; C:\Windows\System32\DRIVERS\EtmDevGmch.sys [98304 2008-08-08] (Intel Corporation)
R3 HOTKEY; C:\Windows\System32\DRIVERS\hotkey.sys [24640 2009-03-09] (Panasonic Corporation)
R3 HSFHWAZL; C:\Windows\System32\DRIVERS\HSFHWAZL.sys [210304 2008-12-08] (Conexant Systems, Inc.)
R3 HSF_DPV; C:\Windows\System32\DRIVERS\HSF_DPV.sys [985856 2008-12-08] (Conexant Systems, Inc.)
R3 IFXTPM; C:\Windows\System32\DRIVERS\IFXTPM.SYS [44800 2007-12-17] (Infineon Technologies AG)
S3 Iviaspi; C:\Windows\System32\drivers\Iviaspi.sys [10368 2005-09-20] (InterVideo, Inc.)
R1 meiudf; C:\Windows\System32\Drivers\meiudf.sys [124616 2008-07-17] (Panasonic Corporation)
R3 NETw5x32; C:\Windows\System32\DRIVERS\NETw5x32.sys [3636608 2008-12-21] (Intel Corporation)
R3 NewMisc; C:\Windows\System32\DRIVERS\newmisc.sys [28608 2009-02-18] (Panasonic Corporation)
R2 s24trans; C:\Windows\System32\DRIVERS\s24trans.sys [11904 2008-08-14] (Intel Corporation)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-08-18] (Avira GmbH)
S4 IntelIde; No ImagePath
U5 ScsiPort; C:\Windows\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
U1 WS2IFSL; 

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-11-11 22:54 - 2013-11-11 22:54 - 00000000 ____D C:\FRST
2013-11-11 22:44 - 2013-11-11 22:44 - 01090275 _____ (Farbar) C:\Documents and Settings\Administrator\Desktop\FRST.exe
2013-11-11 22:40 - 2013-11-11 22:40 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\SuperLyrics-16
2013-11-10 11:07 - 2013-11-10 11:07 - 04379048 _____ (Piriform Ltd) C:\Program Files\ccsetup407.exe
2013-11-10 10:56 - 2013-11-10 10:56 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\SoundMAX
2013-11-10 10:28 - 2013-11-10 10:28 - 00000000 ____D C:\Program Files\Optimizer Pro
2013-11-10 10:28 - 2013-11-10 10:28 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-11-10 10:28 - 2013-11-10 10:28 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Optimizer Pro v3.2
2013-11-10 10:28 - 2013-11-10 10:28 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Optimizer Pro
2013-11-10 08:59 - 2013-11-10 08:59 - 00071160 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2013-11-10 08:37 - 2013-11-10 08:37 - 00000000 ____D C:\Documents and Settings\Administrator\My Documents\Optimizer Pro
2013-11-10 08:36 - 2013-11-11 19:36 - 00001356 _____ C:\WINDOWS\Tasks\SuperLyrics-16-updater.job
2013-11-10 08:36 - 2013-11-11 19:34 - 00001162 _____ C:\WINDOWS\Tasks\SuperLyrics-16-enabler.job
2013-11-10 08:36 - 2013-11-10 10:35 - 00000000 ____D C:\Program Files\MyPC Backup
2013-11-10 08:36 - 2013-11-10 10:34 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\Lollipop
2013-11-10 08:35 - 2013-11-11 19:34 - 00001964 _____ C:\WINDOWS\Tasks\SuperLyrics-16-chromeinstaller.job
2013-11-10 08:35 - 2013-11-11 19:34 - 00001888 _____ C:\WINDOWS\Tasks\SuperLyrics-16-firefoxinstaller.job
2013-11-10 08:35 - 2013-11-11 19:34 - 00001262 _____ C:\WINDOWS\Tasks\SuperLyrics-16-codedownloader.job
2013-11-10 08:35 - 2013-11-10 08:36 - 00000000 ____D C:\Program Files\SuperLyrics-16
2013-11-10 08:35 - 2013-11-10 08:35 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\DealPly
2013-11-10 08:34 - 2013-11-10 08:34 - 00000000 ____D C:\Program Files\SearchProtect
2013-11-10 08:34 - 2013-11-10 08:34 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\SearchProtect
2013-11-10 08:34 - 2013-11-10 08:34 - 00000000 _____ C:\END
2013-11-10 08:33 - 2013-11-10 08:33 - 00555720 _____ C:\Program Files\Java7.exe
2013-11-05 17:51 - 2013-11-07 08:07 - 102894578 _____ C:\WINDOWS\system32\僕Ｑ囌7
2013-11-03 22:31 - 2013-11-07 20:12 - 00000000 ____D C:\Documents and Settings\Administrator\Desktop\Planung
2013-11-02 10:35 - 2013-11-02 10:35 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\McAfee Security Scan Plus
2013-10-29 19:02 - 2013-11-10 10:28 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-10-17 17:27 - 2013-10-17 17:27 - 101544623 _____ C:\WINDOWS\system32\꛵苅囌7
2013-10-12 18:51 - 2013-10-12 18:51 - 100651105 _____ C:\WINDOWS\system32\띬劫囌7

==================== One Month Modified Files and Folders =======

2013-11-11 22:54 - 2013-11-11 22:54 - 00000000 ____D C:\FRST
2013-11-11 22:51 - 2012-06-13 17:01 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2013-11-11 22:44 - 2013-11-11 22:44 - 01090275 _____ (Farbar) C:\Documents and Settings\Administrator\Desktop\FRST.exe
2013-11-11 22:40 - 2013-11-11 22:40 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\SuperLyrics-16
2013-11-11 22:40 - 2009-05-07 20:58 - 01345098 _____ C:\WINDOWS\WindowsUpdate.log
2013-11-11 22:36 - 2012-07-18 11:48 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Skype
2013-11-11 19:36 - 2013-11-10 08:36 - 00001356 _____ C:\WINDOWS\Tasks\SuperLyrics-16-updater.job
2013-11-11 19:36 - 2009-05-07 12:44 - 00001158 _____ C:\WINDOWS\system32\wpa.dbl
2013-11-11 19:35 - 2009-05-07 13:57 - 00000259 _____ C:\WINDOWS\wiadebug.log
2013-11-11 19:35 - 2009-05-07 13:57 - 00000050 _____ C:\WINDOWS\wiaservc.log
2013-11-11 19:34 - 2013-11-10 08:36 - 00001162 _____ C:\WINDOWS\Tasks\SuperLyrics-16-enabler.job
2013-11-11 19:34 - 2013-11-10 08:35 - 00001964 _____ C:\WINDOWS\Tasks\SuperLyrics-16-chromeinstaller.job
2013-11-11 19:34 - 2013-11-10 08:35 - 00001888 _____ C:\WINDOWS\Tasks\SuperLyrics-16-firefoxinstaller.job
2013-11-11 19:34 - 2013-11-10 08:35 - 00001262 _____ C:\WINDOWS\Tasks\SuperLyrics-16-codedownloader.job
2013-11-11 19:34 - 2012-08-30 07:47 - 00001108 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2013-11-11 19:34 - 2009-05-07 21:03 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2013-11-10 23:26 - 2009-05-07 21:03 - 00032626 _____ C:\WINDOWS\SchedLgU.Txt
2013-11-10 23:26 - 2009-05-07 21:03 - 00000178 ___SH C:\Documents and Settings\Administrator\ntuser.ini
2013-11-10 23:26 - 2009-05-07 21:03 - 00000000 ____D C:\Documents and Settings\Administrator
2013-11-10 23:23 - 2012-08-30 07:47 - 00001112 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2013-11-10 11:10 - 2012-06-13 17:08 - 00000000 __SHD C:\Documents and Settings\Administrator\UserData
2013-11-10 11:08 - 2012-12-25 02:39 - 00000000 ____D C:\WINDOWS\Minidump
2013-11-10 11:07 - 2013-11-10 11:07 - 04379048 _____ (Piriform Ltd) C:\Program Files\ccsetup407.exe
2013-11-10 10:56 - 2013-11-10 10:56 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\SoundMAX
2013-11-10 10:35 - 2013-11-10 08:36 - 00000000 ____D C:\Program Files\MyPC Backup
2013-11-10 10:34 - 2013-11-10 08:36 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\Lollipop
2013-11-10 10:28 - 2013-11-10 10:28 - 00000000 ____D C:\Program Files\Optimizer Pro
2013-11-10 10:28 - 2013-11-10 10:28 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-11-10 10:28 - 2013-11-10 10:28 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Optimizer Pro v3.2
2013-11-10 10:28 - 2013-11-10 10:28 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Optimizer Pro
2013-11-10 10:28 - 2013-10-29 19:02 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-11-10 10:28 - 2009-05-07 22:14 - 00000000 ____D C:\Program Files\Panasonic
2013-11-10 10:28 - 2009-05-07 21:03 - 00000000 __SHD C:\Documents and Settings\NetworkService
2013-11-10 10:28 - 2009-05-07 21:03 - 00000000 __SHD C:\Documents and Settings\LocalService
2013-11-10 10:28 - 2009-05-07 20:58 - 00000000 ____D C:\WINDOWS\Registration
2013-11-10 10:15 - 2009-05-07 21:05 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2013-11-10 08:59 - 2013-11-10 08:59 - 00071160 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2013-11-10 08:37 - 2013-11-10 08:37 - 00000000 ____D C:\Documents and Settings\Administrator\My Documents\Optimizer Pro
2013-11-10 08:36 - 2013-11-10 08:35 - 00000000 ____D C:\Program Files\SuperLyrics-16
2013-11-10 08:35 - 2013-11-10 08:35 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\DealPly
2013-11-10 08:34 - 2013-11-10 08:34 - 00000000 ____D C:\Program Files\SearchProtect
2013-11-10 08:34 - 2013-11-10 08:34 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\SearchProtect
2013-11-10 08:34 - 2013-11-10 08:34 - 00000000 _____ C:\END
2013-11-10 08:33 - 2013-11-10 08:33 - 00555720 _____ C:\Program Files\Java7.exe
2013-11-09 10:03 - 2009-05-07 20:58 - 00000000 ____D C:\WINDOWS\system32\Restore
2013-11-09 09:32 - 2012-07-30 19:16 - 00065536 _____ C:\WINDOWS\system32\config\OAlerts.evt
2013-11-07 20:12 - 2013-11-03 22:31 - 00000000 ____D C:\Documents and Settings\Administrator\Desktop\Planung
2013-11-07 17:55 - 2012-07-18 11:50 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Skype
2013-11-07 17:55 - 2012-07-18 11:48 - 00000000 ___RD C:\Program Files\Skype
2013-11-07 08:07 - 2013-11-05 17:51 - 102894578 _____ C:\WINDOWS\system32\僕Ｑ囌7
2013-11-06 19:58 - 2012-10-29 18:41 - 00000000 ____D C:\Bücher
2013-11-02 10:35 - 2013-11-02 10:35 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\McAfee Security Scan Plus
2013-11-02 10:35 - 2012-07-30 08:44 - 00000000 ____D C:\Program Files\McAfee Security Scan
2013-10-28 15:53 - 2009-05-07 13:54 - 00522638 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2013-10-18 18:32 - 2012-08-08 12:53 - 00000000 ____D C:\§SNIMKI
2013-10-17 19:16 - 2012-07-16 14:12 - 00000664 _____ C:\WINDOWS\system32\d3d9caps.dat
2013-10-17 17:27 - 2013-10-17 17:27 - 101544623 _____ C:\WINDOWS\system32\꛵苅囌7
2013-10-15 19:53 - 2012-08-10 08:57 - 00000000 ____D C:\Documents and Settings\Administrator\My Documents\Ebay-Photos
2013-10-14 18:32 - 2009-05-08 01:11 - 00000000 ____D C:\WINDOWS\Microsoft.NET
2013-10-12 19:59 - 2012-08-07 10:13 - 00104448 _____ C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-10-12 18:51 - 2013-10-12 18:51 - 100651105 _____ C:\WINDOWS\system32\띬劫囌7

Some content of TEMP:
====================
C:\Documents and Settings\Administrator\Local Settings\Temp\BackupSetup.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\setup.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\vcredist_x86.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\_isB8.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================

--- --- ---

--- --- ---

ich glaube sind 2 unterschiedliche

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 10-11-2013 01
Ran by Administrator at 2013-11-11 22:57:26
Running from C:\Documents and Settings\Administrator\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Avira Desktop (Disabled - Up to date) {AD166499-45F9-482A-A743-FDD3350758C7}

==================== Installed Programs ======================

7-PDF Split & Merge Version 2.0.4 (Build 112) (Version: 7-PDF Split & Merge - Version 2.0.4 (Build 112))
Adobe AIR (Version: 3.3.0.3650)
Adobe Download Assistant (Version: 1.2)
Adobe Flash Player 11 ActiveX (Version: 11.9.900.117)
Adobe Flash Player 11 Plugin (Version: 11.9.900.117)
Adobe Photoshop CS6 (Version: 13.0)
Adobe Reader X (10.1.8) - Deutsch (Version: 10.1.8)
Avira Free Antivirus (Version: 13.0.0.4052)
Avira SearchFree Toolbar (Version: 12.6.0.1900)
AVS Media Player 4.1.6.80
AVS Update Manager 1.0
AVS Video Converter 8
AVS4YOU Software Navigator 1.4
Battery Recalibration (Version: V2.01L14 M00)
BetterAds (Version: 1.5)
Bluetooth Stack for Windows by Toshiba (Version: v6.00.11(P))
Brother MFL-Pro Suite (Version: 1.00)
CCleaner (Version: 3.22)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
DVD-RAM Driver (Version: 5.4.0.3)
Economy Mode(ECO) Setting Utility (Version: V2.00L15S M00)
Fan Control Utility (Version: V1.01L12S M00)
FUJIFILM USB Driver
Google Chrome (Version: 30.0.1599.101)
Google Update Helper (Version: 1.3.21.165)
HDAUDIO Soft Data Fax Modem with SmartCP (Version: 7.80.3.0)
High Definition Audio Driver Package - KB888111 (Version: 20040219.000000)
Hotkey Appendix (Version: V8.00L10S M00)
Hotkey Settings (Version: 2.0.1219.0)
HP Photo and Imaging 1.0 - HP Photosmart Printer Series (Version: 1.1.0000)
Icon Enlarger
Intel PROSet Wireless
Intel(R) Dynamic Power Performance Management
Intel(R) Graphics Media Accelerator Driver
Intel(R) PROSet/Wireless WiFi Software (Version: 12.02.1000)
Intel® Matrix Storage Manager
InterVideo WinDVD (Version: 8.0-B9.732)
KONICA MINOLTA magicolor 1680MF Scanner (Version: 1.00.0000)
Loupe Utility (Version: V2.00L13 M00)
McAfee Security Scan Plus (Version: 3.8.130.8)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 1.1 Security Update (KB2833941)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft GB18030 Support Package (Version: 1.0.1)
Microsoft Kernel-Mode Driver Framework Feature Pack 1.1
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Excel MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Home and Student 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Italian) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Single Image 2010 (Version: 14.0.6029.1000)
Microsoft Office Word MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Software Update for Web Folders  (German) 14 (Version: 14.0.6029.1000)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053)
Microsoft_VC90_CRT_x86 (Version: 1.00.0000)
Mozilla Firefox 25.0 (x86 de) (Version: 25.0)
Mozilla Maintenance Service (Version: 25.0)
MSN
MSXML 4.0 SP2 (KB927978) (Version: 4.20.9841.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 6.0 Parser (KB933579) (Version: 6.10.1200.0)
Optical Disc Drive Letter-Setting Utility (Version: V3.00L11S M00)
Optical Disc Drive Power-Saving Utility (Version: V5.00L15S M00)
Optimizer Pro v3.2
Panasonic Common Components (Version: 2.0.1100.0)
PC Information Popup (Version: V4.02L12 M00)
PC Information Viewer (Version: 6.2.1000.0)
PDF Settings CS6 (Version: 11.0)
PDF24 Creator 5.2.0
Photosmart 130,230,7150,7345,7350,7550 (nur entfernen)
Power Saving Utility (Version: V3.03L10 M00)
Roxio Activation Module (Version: 1.0)
Roxio BackOnTrack (Version: 1.1.0)
Roxio Central Audio (Version: 3.7.0)
Roxio Central Copy (Version: 3.7.0)
Roxio Central Data (Version: 3.7.0)
Roxio Central Tools (Version: 3.7.0)
Roxio Creator LJB (Version: 10.1)
Roxio Creator LJB (Version: 3.7.0)
Roxio File Backup (Version: 1.1.0)
Skype Click to Call (Version: 6.11.13348)
Skype™ 6.10 (Version: 6.10.104)
SoundMAX (Version: 5.10.01.6500)
SuperLyrics-16 (Version: 1.30.153.0)
Sweet Home 3D version 3.7
Synaptics Pointing Device Driver (Version: 10.0.9.0)
Touch Pad Utility (Version: V4.01L12 M00)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition
Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition
Update for Microsoft Word 2010 (KB2827323) 32-Bit Edition
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2661254-v2) (Version: 2)
Update for Windows XP (KB2718704) (Version: 1)
Update for Windows XP (KB2736233) (Version: 1)
Update for Windows XP (KB2749655) (Version: 1)
Update for Windows XP (KB2863058) (Version: 1)
Update for Windows XP (KB898461) (Version: 1)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
WebFldrs XP (Version: 9.50.7523)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.9.0040.0)
Windows Imaging Component (Version: 3.0.0.0)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Media Format 11 runtime
Windows Media Player 10 Hotfix [See KB887626 for more information]
Windows Media Player 11
Windows PowerShell(TM) 1.0 (Version: 2)
Windows XP Service Pack 3 (Version: 20080414.031525)
WinX DVD Player 3.1.3
Wireless Switch Utility (Version: V3.06L12 M00)
XML Paper Specification Shared Components Pack 1.0

==================== Restore Points  =========================

10-11-2013 07:52:48 Systemprüfpunkt
10-11-2013 09:00:25 09.11.2013
10-11-2013 09:01:15 Neu
09-11-2013 09:03:14 Wiederherstellungsvorgang
10-11-2013 09:08:12 Wiederherstellungsvorgang
10-11-2013 09:15:10 Removed Wireless Switch Utility
10-11-2013 09:27:58 Wiederherstellungsvorgang
10-11-2013 09:55:08 Removed Snap.Do
10-11-2013 09:56:09 Configured SoundMAX
10-11-2013 09:56:30 Installed SoundMAX
11-11-2013 18:55:21 Systemprüfpunkt

==================== Hosts content: ==========================

2009-05-07 12:43 - 2004-08-04 06:00 - 00000734 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\AdobeAAMUpdater-1.0-YOUR-8E8F8D6E2D-Administrator.job => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\SuperLyrics-16-chromeinstaller.job => C:\Program Files\SuperLyrics-16\SuperLyrics-16-chromeinstaller.exe
Task: C:\WINDOWS\Tasks\SuperLyrics-16-codedownloader.job => C:\Program Files\SuperLyrics-16\SuperLyrics-16-codedownloader.exe
Task: C:\WINDOWS\Tasks\SuperLyrics-16-enabler.job => C:\Program Files\SuperLyrics-16\SuperLyrics-16-enabler.exe
Task: C:\WINDOWS\Tasks\SuperLyrics-16-firefoxinstaller.job => C:\Program Files\SuperLyrics-16\SuperLyrics-16-firefoxinstaller.exe
Task: C:\WINDOWS\Tasks\SuperLyrics-16-updater.job => C:\Program Files\SuperLyrics-16\SuperLyrics-16-updater.exe

==================== Loaded Modules (whitelisted) =============

2008-12-22 18:33 - 2008-12-22 18:33 - 00200704 _____ () C:\Program Files\Intel\WiFi\bin\IWMSPROV.DLL
2013-08-18 08:55 - 2013-08-18 07:56 - 00394824 _____ () C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
2013-09-03 14:54 - 2013-09-03 14:54 - 00301056 _____ () C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.DEU
2002-04-17 10:49 - 2002-04-17 10:49 - 00024576 _____ () C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnfps.dll
2013-11-10 08:36 - 2013-10-29 14:08 - 02869720 _____ () C:\Program Files\Optimizer Pro\OptProCrash.dll
2005-07-23 05:30 - 2005-07-23 05:30 - 00065536 _____ () C:\WINDOWS\system32\TosCommAPI.dll
2013-11-10 08:35 - 2013-11-10 08:35 - 00423936 _____ () c:\program files\superlyrics-16\SuperLyrics-16-buttonutil.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:373E1720

==================== Safe Mode (whitelisted) ===================


==================== Faulty Device Manager Devices =============

Name: Qualcomm HS-USB
Description: Qualcomm HS-USB
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============
Error: (11/10/2013 10:35:10 AM) (Source: Service Control Manager) (User: )
Description: Dienst "Computer Backup (MyPC Backup)" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (11/10/2013 10:18:10 AM) (Source: Service Control Manager) (User: )
Description: Dienst "Computer Backup (MyPC Backup)" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (11/10/2013 08:42:51 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Computer Backup (MyPC Backup)" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (11/10/2013 08:42:51 AM) (Source: Service Control Manager) (User: )
Description: Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst Computer Backup (MyPC Backup).

Error: (11/06/2013 08:00:49 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Avira Browser-Schutz" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Starten Sie den Dienst neu..


Microsoft Office Sessions:
=========================

==================== Memory info =========================== 

Percentage of memory in use: 50%
Total physical RAM: 1914.66 MB
Available physical RAM: 956.39 MB
Total Pagefile: 3807.17 MB
Available Pagefile: 2615.34 MB
Total Virtual: 2047.88 MB
Available Virtual: 1939.32 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:232.88 GB) (Free:179.83 GB) NTFS ==>[Drive with boot components (Windows XP)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 233 GB) (Disk ID: 45BD77A0)
Partition 1: (Active) - (Size=233 GB) - (Type=07 NTFS)

==================== End Of Log ============================

cosinus · 11.11.2013, 23:34

Ich vermisse die Logs über die angeblichen Funde. Bitte nachreichen.

Außerdem bitte das hier lesen:

Lesestoff:
Windows XP

Auf deinem Rechner läuft noch Windows XP. Microsoft hat dieses Betriebssystem bereits 2001 veröffentlicht und stellt den Support endgültig ab April 2014 ein, d.h. ab Mai 2014 gibt es keine weiteren Updates mehr und danach gefundene Lücken werden nicht mehr durch Updates/Hotfixes geschlossen werden können.

Mit Windows XP nach April 2014 zu surfen wird damit ein großes Sicherheitsrisiko. Du solltest dir jetzt unbedingt Gedanken machen, möglichst schnell auf ein aktuelleres Betriebssystem umzusteigen.

tantan · 12.11.2013, 20:08

Hallo,

vielen Dank für Ihre Hilfe erstmal! Ich habe auch für XP gelesen!

Ich bin mir nicht sicher wo finde ich die Logs. Während den JAVA-Upgrade, AVira sagte unten im rechten Ecke dass ein Virus da ist. Ich habe auf OK gedrückt. Danach habe ich gesehen dass irgendwelche Programmen auf meinen PC instaliert worden sind.

Ich glaube Avira meinte das:
In der Datei 'C:\Documents and Settings\Administrator\Local Settings\Temp\{62F0342A-F61E-497E-BEA1-5AF40362A64B}\files\DealPlyIE.dll'
wurde ein Virus oder unerwünschtes Programm 'ADWARE/DealPly.B' [adware] gefunden.
Ausgeführte Aktion: Zugriff verweigern

Dieser Bericht habe ich in AVIRA -Fenster , in das graue Feld von links, unten EREIGNISSE gefunden. Ansonsten weiss ich nicht wo ich suchen soll.

Liebe Grüße
tantan

ah ja,

jetzt habe ich in Ihre Post von gestern gesehen wie genau - entschuldigung!

Exportierte Ereignisse:

10.11.2013 08:35 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Documents and Settings\Administrator\Local
Settings\Temp\{62F0342A-F61E-497E-BEA1-5AF40362A64B}\files\DealPlyIE.dll'
wurde ein Virus oder unerwünschtes Programm 'ADWARE/DealPly.B' [adware]
gefunden.
Ausgeführte Aktion: Zugriff verweigern

cosinus · 12.11.2013, 22:59

Malwarebytes Anti-Rootkit (MBAR)

Downloade dir bitte

Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.

Starte bitte die mbar.exe.
Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
Klicke auf den CleanUp Button und erlaube den Neustart.
Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
Nach dem Neustart starte die mbar.exe erneut.
Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.

Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

tantan · 13.11.2013, 18:19

Hallo,

entschuldigung, welches Archiv soll ich entpacken?
Ich habe das "mbar-1.07.0.1007" auf dem Desktop heruntergeladen.

Ausserdem welche Datenbank danch soll ich aktualieseieren?

Danke. Es tut mir Leid - bin ziemlich behindert was Instalationen betrifft...

Schöne Abend
tantan

cosinus · 13.11.2013, 22:23

Da wurde etwas geändert, MBAR wird als EXE ausgeliefert. Einfach doppelklicken

tantan · 14.11.2013, 19:50

Hallo,

ich habe 2 Cleans durchgeführt.
Vor dem ersten waren irgendwelche Maleware vorhanden. Beim zweiten war alles clean.
Unten sehen Sie bitte die Logfile.

Ausserdem before die Scans hat mir Avira wieder gesagt, dass ich Virus hab. Die "Ereignisse" von Avira poste ich auch noch.

Obwohl ich "clean" sein sollte, irgendwie habe ich das Gefühl dass es noch nicht alles vorbei ist.

Auf jeden Fall vielen Dank für die Unterstüzung!

Schöner Abend noch
tantan

mbar-log-2013-11-14 (18-00-01)

Code:

ATTFilter

Malwarebytes Anti-Rootkit BETA 1.07.0.1007
www.malwarebytes.org

Database version: v2013.11.14.07

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Administrator :: YOUR-8E8F8D6E2D [administrator]

14.11.2013 18:00:01
mbar-log-2013-11-14 (18-00-01).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 203842
Time elapsed: 27 minute(s), 17 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 6
HKLM\SOFTWARE\CLASSES\CLSID\{BA56787C-729F-4715-8F11-EB2A16908B91} (Adware.BetterAds) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\BetterAds.ScriptHostObject.1 (Adware.BetterAds) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\BetterAds.ScriptHostObject (Adware.BetterAds) -> Delete on reboot.
HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{BA56787C-729F-4715-8F11-EB2A16908B91} (Adware.BetterAds) -> Delete on reboot.
HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{BA56787C-729F-4715-8F11-EB2A16908B91} (Adware.BetterAds) -> Delete on reboot.
HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{BA56787C-729F-4715-8F11-EB2A16908B91} (Adware.BetterAds) -> Delete on reboot.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\Program Files\Java7.exe (Trojan.Dropper.FJ) -> Delete on reboot.
C:\Documents and Settings\Administrator\Local Settings\Temp\DM\parent.txt (Trojan.Dropper.FJ) -> Delete on reboot.

Physical Sectors Detected: 0
(No malicious items detected)

(end)

system-log

Code:

ATTFilter

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1007

(c) Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 8.0.6001.18702

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.394000 GHz
Memory total: 2007662592, free: 939364352

=======================================


---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1007

(c) Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 8.0.6001.18702

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.394000 GHz
Memory total: 2007662592, free: 1654767616

=======================================
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1007

(c) Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 8.0.6001.18702

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.394000 GHz
Memory total: 2007662592, free: 1147469824

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1007

(c) Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 8.0.6001.18702

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.394000 GHz
Memory total: 2007662592, free: 1128181760

Downloaded database version: v2013.11.14.07
Downloaded database version: v2013.10.11.02
=======================================
Initializing...
------------ Kernel report ------------
     11/14/2013 17:59:53
------------ Loaded modules -----------
\WINDOWS\system32\ntkrnlpa.exe
\WINDOWS\system32\hal.dll
\WINDOWS\system32\KDCOM.DLL
\WINDOWS\system32\BOOTVID.dll
ACPI.sys
\WINDOWS\system32\DRIVERS\WMILIB.SYS
pci.sys
isapnp.sys
compbatt.sys
\WINDOWS\system32\DRIVERS\BATTC.SYS
pciide.sys
\WINDOWS\system32\DRIVERS\PCIIDEX.SYS
pcmcia.sys
MountMgr.sys
ftdisk.sys
dmload.sys
dmio.sys
ACPIEC.sys
\WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
PartMgr.sys
VolSnap.sys
atapi.sys
iaStor.sys
disk.sys
\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
fltmgr.sys
sr.sys
PxHelp20.sys
KSecDD.sys
Ntfs.sys
NDIS.sys
Mup.sys
\SystemRoot\system32\DRIVERS\igxpmp32.sys
\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
\SystemRoot\system32\DRIVERS\e1y5132.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\NETw5x32.sys
\SystemRoot\system32\DRIVERS\sdbus.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\EtmDevFan.sys
\SystemRoot\system32\DRIVERS\WDFLDR.SYS
\SystemRoot\system32\DRIVERS\Wdf01000.sys
\SystemRoot\system32\DRIVERS\EtmDevGen.sys
\SystemRoot\system32\DRIVERS\IFXTPM.SYS
\SystemRoot\system32\DRIVERS\EtmDevGmch.sys
\SystemRoot\system32\DRIVERS\newmisc.sys
\SystemRoot\system32\DRIVERS\hotkey.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\EtmDevCpu.sys
\SystemRoot\system32\DRIVERS\EtmDrvMgr.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\System32\Drivers\tosrfcom.sys
\SystemRoot\system32\DRIVERS\audstub.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\psched.sys
\SystemRoot\system32\DRIVERS\msgpc.sys
\SystemRoot\system32\DRIVERS\ptilink.sys
\SystemRoot\system32\DRIVERS\raspti.sys
\SystemRoot\system32\DRIVERS\rdpdr.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\update.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\system32\DRIVERS\tosporte.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\drivers\ADIHdAud.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\AEAudio.sys
\SystemRoot\system32\DRIVERS\HSFHWAZL.sys
\SystemRoot\system32\DRIVERS\HSF_DPV.sys
\SystemRoot\system32\DRIVERS\HSF_CNXT.sys
\SystemRoot\System32\Drivers\Modem.SYS
\SystemRoot\system32\drivers\IntcHdmi.sys
\SystemRoot\System32\Drivers\AFS2K.SYS
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\Drivers\mnmdd.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\System32\Drivers\meiudf.sys
\SystemRoot\System32\Drivers\Udfs.SYS
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\ipsec.sys
\SystemRoot\system32\DRIVERS\tcpip.sys
\SystemRoot\system32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\ipnat.sys
\SystemRoot\System32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\ssmdrv.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\System32\Drivers\Fips.SYS
\SystemRoot\system32\DRIVERS\avkmgr.sys
\SystemRoot\system32\DRIVERS\avipbb.sys
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\watchdog.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\drivers\dxgthk.sys
\SystemRoot\System32\igxpgd32.dll
\SystemRoot\System32\igxprd32.dll
\SystemRoot\System32\igxpdv32.DLL
\SystemRoot\System32\igxpdx32.DLL
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\DRIVERS\avgntflt.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\s24trans.sys
\SystemRoot\system32\DRIVERS\mrxdav.sys
\SystemRoot\system32\drivers\wdmaud.sys
\SystemRoot\system32\drivers\sysaudio.sys
\SystemRoot\system32\DRIVERS\mdmxsdk.sys
\SystemRoot\system32\DRIVERS\srv.sys
\SystemRoot\system32\drivers\regi.sys
\SystemRoot\System32\Drivers\HTTP.sys
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
\??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
\WINDOWS\system32\ntdll.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff8a59f8c8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-0\
Lower Device Object: 0xffffffff8a688028
Lower Device Driver Name: \Driver\iaStor\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff8a59f8c8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8a59f6a0, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff8a59f8c8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8a564310, DeviceName: \Device\00000087\, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff8a688028, DeviceName: \Device\Ide\IAAStorageDevice-0\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 45BD77A0

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 63  Numsec = 488392002
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 250059350016 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-62-488377168-488397168)...
Done!
Infected: HKLM\SOFTWARE\CLASSES\CLSID\{BA56787C-729F-4715-8F11-EB2A16908B91} --> [Adware.BetterAds]
Infected: HKLM\SOFTWARE\CLASSES\BetterAds.ScriptHostObject.1 --> [Adware.BetterAds]
Infected: HKLM\SOFTWARE\CLASSES\BetterAds.ScriptHostObject --> [Adware.BetterAds]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{BA56787C-729F-4715-8F11-EB2A16908B91} --> [Adware.BetterAds]
Infected: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{BA56787C-729F-4715-8F11-EB2A16908B91} --> [Adware.BetterAds]
Infected: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{BA56787C-729F-4715-8F11-EB2A16908B91} --> [Adware.BetterAds]
Infected: C:\Program Files\Java7.exe --> [Trojan.Dropper.FJ]
Infected: C:\Documents and Settings\Administrator\Local Settings\Temp\DM\parent.txt --> [Trojan.Dropper.FJ]
Scan finished
Creating System Restore point...
Cleaning up...
Removal scheduling successful. System shutdown needed.
System shutdown occurred
=======================================


---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1007

(c) Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 8.0.6001.18702

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.394000 GHz
Memory total: 2007662592, free: 1656066048

=======================================
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1007

(c) Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 8.0.6001.18702

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.394000 GHz
Memory total: 2007662592, free: 1382490112

Downloaded database version: v2013.11.14.07
Downloaded database version: v2013.10.11.02
=======================================
Initializing...
------------ Kernel report ------------
     11/14/2013 18:48:01
------------ Loaded modules -----------
\WINDOWS\system32\ntkrnlpa.exe
\WINDOWS\system32\hal.dll
\WINDOWS\system32\KDCOM.DLL
\WINDOWS\system32\BOOTVID.dll
\WINDOWS\system32\drivers\CLASSPNP.SYS
imofugc.sys
ACPI.sys
\WINDOWS\system32\DRIVERS\WMILIB.SYS
pci.sys
isapnp.sys
compbatt.sys
\WINDOWS\system32\DRIVERS\BATTC.SYS
\WINDOWS\system32\DRIVERS\PCIIDEX.SYS
pcmcia.sys
MountMgr.sys
ftdisk.sys
dmload.sys
dmio.sys
ACPIEC.sys
\WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
PartMgr.sys
VolSnap.sys
iaStor.sys
disk.sys
fltmgr.sys
sr.sys
PxHelp20.sys
KSecDD.sys
Ntfs.sys
NDIS.sys
Mup.sys
\SystemRoot\system32\DRIVERS\igxpmp32.sys
\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
\SystemRoot\system32\DRIVERS\e1y5132.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\NETw5x32.sys
\SystemRoot\system32\DRIVERS\sdbus.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\EtmDevFan.sys
\SystemRoot\system32\DRIVERS\WDFLDR.SYS
\SystemRoot\system32\DRIVERS\Wdf01000.sys
\SystemRoot\system32\DRIVERS\EtmDevGen.sys
\SystemRoot\system32\DRIVERS\IFXTPM.SYS
\SystemRoot\system32\DRIVERS\EtmDevGmch.sys
\SystemRoot\system32\DRIVERS\newmisc.sys
\SystemRoot\system32\DRIVERS\hotkey.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\EtmDevCpu.sys
\SystemRoot\system32\DRIVERS\EtmDrvMgr.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\System32\Drivers\tosrfcom.sys
\SystemRoot\system32\DRIVERS\audstub.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\psched.sys
\SystemRoot\system32\DRIVERS\msgpc.sys
\SystemRoot\system32\DRIVERS\ptilink.sys
\SystemRoot\system32\DRIVERS\raspti.sys
\SystemRoot\system32\DRIVERS\rdpdr.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\update.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\system32\DRIVERS\tosporte.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\drivers\ADIHdAud.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\AEAudio.sys
\SystemRoot\system32\DRIVERS\HSFHWAZL.sys
\SystemRoot\system32\DRIVERS\HSF_DPV.sys
\SystemRoot\system32\DRIVERS\HSF_CNXT.sys
\SystemRoot\System32\Drivers\Modem.SYS
\SystemRoot\system32\drivers\IntcHdmi.sys
\SystemRoot\System32\Drivers\AFS2K.SYS
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\Drivers\mnmdd.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\System32\Drivers\meiudf.sys
\SystemRoot\System32\Drivers\Udfs.SYS
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\ipsec.sys
\SystemRoot\system32\DRIVERS\tcpip.sys
\SystemRoot\system32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\ipnat.sys
\SystemRoot\System32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\ssmdrv.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\System32\Drivers\Fips.SYS
\SystemRoot\system32\DRIVERS\avkmgr.sys
\SystemRoot\system32\DRIVERS\avipbb.sys
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\watchdog.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\drivers\dxgthk.sys
\SystemRoot\System32\igxpgd32.dll
\SystemRoot\System32\igxprd32.dll
\SystemRoot\System32\igxpdv32.DLL
\SystemRoot\System32\igxpdx32.DLL
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\DRIVERS\avgntflt.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\s24trans.sys
\SystemRoot\system32\drivers\wdmaud.sys
\SystemRoot\system32\drivers\sysaudio.sys
\SystemRoot\system32\DRIVERS\mrxdav.sys
\SystemRoot\system32\DRIVERS\mdmxsdk.sys
\SystemRoot\system32\DRIVERS\srv.sys
\SystemRoot\system32\drivers\regi.sys
\SystemRoot\System32\Drivers\HTTP.sys
\SystemRoot\system32\drivers\kmixer.sys
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
\??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
\WINDOWS\system32\ntdll.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff8a5cd030
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-0\
Lower Device Object: 0xffffffff8a5ea028
Lower Device Driver Name: \Driver\iaStor\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff8a5cd030, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8a6075f0, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff8a5cd030, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8a607b28, DeviceName: \Device\00000087\, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff8a5ea028, DeviceName: \Device\Ide\IAAStorageDevice-0\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 45BD77A0

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 63  Numsec = 488392002
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 250059350016 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-62-488377168-488397168)...
Done!
Scan finished

Avira, before den Scan mit Malwarebytes

Code:

ATTFilter

Exportierte Ereignisse:

13.11.2013 18:57 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\System Volume 
      Information\_restore{53F52927-EB7D-4F03-82D4-1244CC403C5C}\RP6\A0000125.exe'
      wurde ein Virus oder unerwünschtes Programm 'ADWARE/Lollipop.IE' [adware] 
      gefunden.
      Ausgeführte Aktion: Zugriff verweigern

cosinus · 15.11.2013, 00:28

Dann bitte jetzt Combofix ausführen:

Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

WICHTIG: Speichere Combofix auf deinem Desktop

Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Combofix wird überprüfen, ob die Microsoft Windows Wiederherstellungskonsole installiert ist.
Ist diese nicht installiert, erlaube Combofix diese herunter zu laden und zu installieren. Folge dazu einfach den Anweisungen und aktzeptiere die Endbenutzer-Lizenz.
Bei heutiger Malware ist dies sehr empfehlenswert, da diese uns eine Möglichkeit bietet, dein System zu reparieren, falls etwas schief geht.
Bestätige die Information, dass die Wiederherstellungskonsole installiert wurde mit Ja.
Hinweis: Ist diese bereits installiert, wird Combofix mit der Malwareentfernung fortfahren.

Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!

Wenn Combofix fertig ist, wird es eine Logfile erstellen.

Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

tantan · 15.11.2013, 08:12

Hallo,

ich habe heute noch früh geschafft :-)

Optimizer pro v3.2 ist aber immer noch hier sowie snap.do.

Hilfe, was habe ich mir gehollt ...

Schöner Tag und beste Grüße
tantan

Code:

ATTFilter

ComboFix 13-11-15.01 - Administrator 15.11.2013   7:36.1.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.49.1033.18.1915.708 [GMT 1:00]
ausgeführt von:: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\la8iggyg.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\la8iggyg.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome.manifest
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\la8iggyg.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome\content\api.js
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\la8iggyg.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome\content\api\asyncDB.js
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\la8iggyg.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome\content\api\background.js
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\la8iggyg.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome\content\api\browserAction.js
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\la8iggyg.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome\content\api\contextMenu.js
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\la8iggyg.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome\content\api\dbManager.js
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\la8iggyg.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome\content\api\dom_bg.js
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\la8iggyg.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome\content\api\fileManager.js
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\la8iggyg.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome\content\api\firefox.js
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\la8iggyg.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome\content\api\firefoxNotifications.js
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\la8iggyg.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome\content\api\firefoxOmnibox.js
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\la8iggyg.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome\content\api\message.js
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\la8iggyg.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome\content\api\pageAction.js
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\la8iggyg.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome\content\api\request.js
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\la8iggyg.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome\content\api\tabs.js
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\la8iggyg.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome\content\api\webRequest.js
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\la8iggyg.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome\content\background.html
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\la8iggyg.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome\content\baseObject.js
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\la8iggyg.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome\content\browser.xul
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\la8iggyg.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome\content\core\console.js
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\la8iggyg.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome\content\core\consts.js
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\la8iggyg.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome\content\core\delegate.js
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\la8iggyg.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome\content\core\extensionDataStore.js
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\la8iggyg.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome\content\core\folderIOWrapper.js
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\la8iggyg.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome\content\core\httpObserver.js
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\la8iggyg.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome\content\core\IDBWrapper.js
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\la8iggyg.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome\content\core\installer.js
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\la8iggyg.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome\content\core\logFile.js
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\la8iggyg.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome\content\core\prefs.js
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\la8iggyg.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome\content\core\progressListenerObserver.js
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\la8iggyg.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome\content\core\registry.js
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\la8iggyg.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome\content\core\reloadObserver.js
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\la8iggyg.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome\content\core\reports.js
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\la8iggyg.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome\content\core\requestObject.js
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\la8iggyg.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome\content\core\searchSettings.js
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\la8iggyg.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome\content\core\uninstallObserver.js
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\la8iggyg.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome\content\core\updateManager.js
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\la8iggyg.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome\content\core\utils.js
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\la8iggyg.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome\content\core\xhr.js
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\la8iggyg.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome\content\dialog.js
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\la8iggyg.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome\content\main.js
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\la8iggyg.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome\content\options.js
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\la8iggyg.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome\content\options.xul
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\la8iggyg.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome\content\search_dialog.xul
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\la8iggyg.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\defaults\preferences\prefs.js
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\la8iggyg.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\manifest.xml
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\la8iggyg.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\plugins.json
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\la8iggyg.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\plugins\1_base.js
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\la8iggyg.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\plugins\102_dealply_m.js
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\la8iggyg.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\plugins\103_intext_5_m.js
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\la8iggyg.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\plugins\104_jollywallet_m.js
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\la8iggyg.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\plugins\105_corticas_m.js
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\la8iggyg.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\plugins\108_icm_m.js
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\la8iggyg.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\plugins\117_coupons_intext_ads_5_m.js
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\la8iggyg.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\plugins\119_similar_web_m.js
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\la8iggyg.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\plugins\120_luck_m.js
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\la8iggyg.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\plugins\123_intext_adv_m.js
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\la8iggyg.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\plugins\124_superfish_no_search_no_coupons_m.js
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\la8iggyg.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\plugins\125_arcadi2_m.js
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\la8iggyg.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\plugins\126_revizer_ws_m.js
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\la8iggyg.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\plugins\127_revizer_p_m.js
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\la8iggyg.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\plugins\128_superfish_pricora_m.js
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\la8iggyg.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\plugins\13_CrossriderAppUtils.js
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\la8iggyg.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\plugins\135_arcadi3_m.js
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\la8iggyg.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\plugins\138_getdeal_m.js
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\la8iggyg.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\plugins\14_CrossriderUtils.js
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\la8iggyg.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\plugins\141_corticas_ru_m.js.js
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\la8iggyg.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\plugins\142_intext_fa_m.js
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\la8iggyg.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\plugins\155_ibario_pops_m.js
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\la8iggyg.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\plugins\158_50onred_ads_only_no_fb_m.js
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\la8iggyg.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\plugins\159_cortica_rollover_m.js
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\la8iggyg.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\plugins\16_FFAppAPIWrapper.js
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\la8iggyg.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\plugins\17_jQuery.js
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\la8iggyg.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\plugins\171_arcadi2_sourceID_m.js
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\la8iggyg.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\plugins\174_arcadi_serp_dynamic_id_m.js
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\la8iggyg.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\plugins\175_coolmirage_m.js
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\la8iggyg.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\plugins\178_revizer_ws_dynamic_m.js
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\la8iggyg.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\plugins\179_revizer_p_dynamic_m.js
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\la8iggyg.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\plugins\180_bpo_serp_m.js
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\la8iggyg.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\plugins\21_debug.js
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\la8iggyg.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\plugins\22_resources.js
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\la8iggyg.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\plugins\28_initializer.js
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\la8iggyg.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\plugins\4_jquery_1_7_1.js
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\la8iggyg.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\plugins\47_resources_background.js
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\la8iggyg.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\plugins\64_appApiMessage.js
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\la8iggyg.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\plugins\7_hooks.js
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\la8iggyg.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\plugins\72_appApiValidation.js
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\la8iggyg.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\plugins\78_CrossriderInfo.js
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\la8iggyg.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\plugins\87_ginyas_wrapper.js
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\la8iggyg.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\plugins\9_search_engine_hook.js
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\la8iggyg.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\plugins\91_monetizationLoader.js.js
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\la8iggyg.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\plugins\93_superfish_no_coupons_m.js
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\la8iggyg.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\plugins\98_omniCommands.js
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\la8iggyg.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\userCode\background.js
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\la8iggyg.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\userCode\extension.js
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\la8iggyg.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\install.rdf
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\la8iggyg.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\locale\en-US\translations.dtd
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\la8iggyg.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\skin\button1.png
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\la8iggyg.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\skin\button2.png
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\la8iggyg.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\skin\button3.png
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\la8iggyg.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\skin\button4.png
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\la8iggyg.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\skin\button5.png
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\la8iggyg.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\skin\crossrider_statusbar.png
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\la8iggyg.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\skin\icon128.png
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\la8iggyg.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\skin\icon16.png
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\la8iggyg.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\skin\icon24.png
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\la8iggyg.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\skin\icon48.png
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\la8iggyg.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\skin\panelarrow-up.png
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\la8iggyg.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\skin\popup.html
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\la8iggyg.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\skin\skin.css
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\la8iggyg.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\skin\update.css
c:\documents and settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\databases\chrome-extension_incpbbmbclbkhjphicahojidkcabaajc_0
c:\documents and settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\databases\chrome-extension_incpbbmbclbkhjphicahojidkcabaajc_0\3
c:\documents and settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc
c:\documents and settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.19_0\background.html
c:\documents and settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.19_0\crossriderManifest.json
c:\documents and settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.19_0\extensionData\manifest.xml
c:\documents and settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.19_0\extensionData\plugins.json
c:\documents and settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.19_0\extensionData\plugins\1_base.js
c:\documents and settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.19_0\extensionData\plugins\102_dealply_m.js
c:\documents and settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.19_0\extensionData\plugins\103_intext_5_m.js
c:\documents and settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.19_0\extensionData\plugins\104_jollywallet_m.js
c:\documents and settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.19_0\extensionData\plugins\105_corticas_m.js
c:\documents and settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.19_0\extensionData\plugins\108_icm_m.js
c:\documents and settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.19_0\extensionData\plugins\117_coupons_intext_ads_5_m.js
c:\documents and settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.19_0\extensionData\plugins\119_similar_web_m.js
c:\documents and settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.19_0\extensionData\plugins\120_luck_m.js
c:\documents and settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.19_0\extensionData\plugins\123_intext_adv_m.js
c:\documents and settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.19_0\extensionData\plugins\124_superfish_no_search_no_coupons_m.js
c:\documents and settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.19_0\extensionData\plugins\125_arcadi2_m.js
c:\documents and settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.19_0\extensionData\plugins\126_revizer_ws_m.js
c:\documents and settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.19_0\extensionData\plugins\127_revizer_p_m.js
c:\documents and settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.19_0\extensionData\plugins\128_superfish_pricora_m.js
c:\documents and settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.19_0\extensionData\plugins\13_CrossriderAppUtils.js
c:\documents and settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.19_0\extensionData\plugins\135_arcadi3_m.js
c:\documents and settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.19_0\extensionData\plugins\138_getdeal_m.js
c:\documents and settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.19_0\extensionData\plugins\14_CrossriderUtils.js
c:\documents and settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.19_0\extensionData\plugins\141_corticas_ru_m.js.js
c:\documents and settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.19_0\extensionData\plugins\142_intext_fa_m.js
c:\documents and settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.19_0\extensionData\plugins\155_ibario_pops_m.js
c:\documents and settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.19_0\extensionData\plugins\158_50onred_ads_only_no_fb_m.js
c:\documents and settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.19_0\extensionData\plugins\159_cortica_rollover_m.js
c:\documents and settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.19_0\extensionData\plugins\17_jQuery.js
c:\documents and settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.19_0\extensionData\plugins\171_arcadi2_sourceID_m.js
c:\documents and settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.19_0\extensionData\plugins\174_arcadi_serp_dynamic_id_m.js
c:\documents and settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.19_0\extensionData\plugins\175_coolmirage_m.js
c:\documents and settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.19_0\extensionData\plugins\178_revizer_ws_dynamic_m.js
c:\documents and settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.19_0\extensionData\plugins\179_revizer_p_dynamic_m.js
c:\documents and settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.19_0\extensionData\plugins\180_bpo_serp_m.js
c:\documents and settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.19_0\extensionData\plugins\19_CHAppAPIWrapper.js
c:\documents and settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.19_0\extensionData\plugins\21_debug.js
c:\documents and settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.19_0\extensionData\plugins\22_resources.js
c:\documents and settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.19_0\extensionData\plugins\28_initializer.js
c:\documents and settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.19_0\extensionData\plugins\4_jquery_1_7_1.js
c:\documents and settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.19_0\extensionData\plugins\47_resources_background.js
c:\documents and settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.19_0\extensionData\plugins\64_appApiMessage.js
c:\documents and settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.19_0\extensionData\plugins\7_hooks.js
c:\documents and settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.19_0\extensionData\plugins\72_appApiValidation.js
c:\documents and settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.19_0\extensionData\plugins\78_CrossriderInfo.js
c:\documents and settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.19_0\extensionData\plugins\80_CHPopupAppAPI.js
c:\documents and settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.19_0\extensionData\plugins\87_ginyas_wrapper.js
c:\documents and settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.19_0\extensionData\plugins\9_search_engine_hook.js
c:\documents and settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.19_0\extensionData\plugins\91_monetizationLoader.js.js
c:\documents and settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.19_0\extensionData\plugins\93_superfish_no_coupons_m.js
c:\documents and settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.19_0\extensionData\plugins\97_resourceApiWrapper.js
c:\documents and settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.19_0\extensionData\userCode\background.js
c:\documents and settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.19_0\extensionData\userCode\extension.js
c:\documents and settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.19_0\icons\actions\1.png
c:\documents and settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.19_0\icons\icon128.png
c:\documents and settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.19_0\icons\icon16.png
c:\documents and settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.19_0\icons\icon48.png
c:\documents and settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.19_0\js\api\chrome.js
c:\documents and settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.19_0\js\api\cookie.js
c:\documents and settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.19_0\js\api\message.js
c:\documents and settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.19_0\js\api\pageAction.js
c:\documents and settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.19_0\js\api\pageActionBG.js
c:\documents and settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.19_0\js\background.js
c:\documents and settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.19_0\js\lib\app_api.js
c:\documents and settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.19_0\js\lib\bg_app_api.js
c:\documents and settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.19_0\js\lib\consts.js
c:\documents and settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.19_0\js\lib\cookie_store.js
c:\documents and settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.19_0\js\lib\crossriderAPI.js
c:\documents and settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.19_0\js\lib\delegate.js
c:\documents and settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.19_0\js\lib\events.js
c:\documents and settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.19_0\js\lib\extensionDataStore.js
c:\documents and settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.19_0\js\lib\installer.js
c:\documents and settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.19_0\js\lib\logFile.js
c:\documents and settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.19_0\js\lib\logging.js
c:\documents and settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.19_0\js\lib\onBGDocumentLoad.js
c:\documents and settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.19_0\js\lib\popupResource\newPopup.js
c:\documents and settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.19_0\js\lib\popupResource\popup.js
c:\documents and settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.19_0\js\lib\reports.js
c:\documents and settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.19_0\js\lib\storageWrapper.js
c:\documents and settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.19_0\js\lib\updateManager.js
c:\documents and settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.19_0\js\lib\util.js
c:\documents and settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.19_0\js\lib\xhr.js
c:\documents and settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.19_0\js\main.js
c:\documents and settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.19_0\manifest.json
c:\documents and settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.19_0\popup.html
c:\documents and settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Extension Settings\incpbbmbclbkhjphicahojidkcabaajc
c:\documents and settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Extension Settings\incpbbmbclbkhjphicahojidkcabaajc\000006.log
c:\documents and settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Extension Settings\incpbbmbclbkhjphicahojidkcabaajc\CURRENT
c:\documents and settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Extension Settings\incpbbmbclbkhjphicahojidkcabaajc\LOCK
c:\documents and settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Extension Settings\incpbbmbclbkhjphicahojidkcabaajc\LOG
c:\documents and settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Extension Settings\incpbbmbclbkhjphicahojidkcabaajc\LOG.old
c:\documents and settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Extension Settings\incpbbmbclbkhjphicahojidkcabaajc\MANIFEST-000004
c:\documents and settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_incpbbmbclbkhjphicahojidkcabaajc_0.localstorage-journal
c:\documents and settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_incpbbmbclbkhjphicahojidkcabaajc_0.localstorage
c:\documents and settings\Administrator\Local Settings\Application Data\lollipop
c:\documents and settings\Administrator\Local Settings\Application Data\SuperLyrics-16
c:\documents and settings\All Users\Application Data\TEMP
C:\END
c:\program files\DCP-7030-inst-B2-de.EXE
c:\program files\IE8-WindowsXP-KB2618444-x86-ENU.exe
c:\program files\SuperLyrics-16
c:\program files\SuperLyrics-16\44162.crx
c:\program files\SuperLyrics-16\44162.xpi
c:\program files\SuperLyrics-16\background.html
c:\program files\SuperLyrics-16\Installer.log
c:\program files\SuperLyrics-16\SuperLyrics-16-bg.exe
c:\program files\SuperLyrics-16\SuperLyrics-16-bho.dll
c:\program files\SuperLyrics-16\SuperLyrics-16-buttonutil.dll
c:\program files\SuperLyrics-16\SuperLyrics-16-buttonutil.exe
c:\program files\SuperLyrics-16\SuperLyrics-16-chromeinstaller.exe
c:\program files\SuperLyrics-16\SuperLyrics-16-codedownloader.exe
c:\program files\SuperLyrics-16\SuperLyrics-16-enabler.exe
c:\program files\SuperLyrics-16\SuperLyrics-16-firefoxinstaller.exe
c:\program files\SuperLyrics-16\SuperLyrics-16-helper.exe
c:\program files\SuperLyrics-16\SuperLyrics-16-updater.exe
c:\program files\SuperLyrics-16\SuperLyrics-16.ico
c:\program files\SuperLyrics-16\Uninstall.exe
c:\program files\SuperLyrics-16\utils.exe
c:\program files\WindowsXP-KB932823-v3-x86-ENU.exe
c:\program files\WindowsXP-KB936929-SP3-x86-ENU.exe
c:\windows\system32\FlashPlayerApp.exe
c:\windows\system32\MUI\0401\tourstart.exe
c:\windows\system32\MUI\0404\tourstart.exe
c:\windows\system32\MUI\0405\tourstart.exe
c:\windows\system32\MUI\0406\tourstart.exe
c:\windows\system32\MUI\0407\tourstart.exe
c:\windows\system32\MUI\0408\tourstart.exe
c:\windows\system32\MUI\040b\tourstart.exe
c:\windows\system32\MUI\040C\tourstart.exe
c:\windows\system32\MUI\040D\tourstart.exe
c:\windows\system32\MUI\040e\tourstart.exe
c:\windows\system32\MUI\0410\tourstart.exe
c:\windows\system32\MUI\0411\tourstart.exe
c:\windows\system32\MUI\0412\tourstart.exe
c:\windows\system32\MUI\0413\tourstart.exe
c:\windows\system32\MUI\0414\tourstart.exe
c:\windows\system32\MUI\0415\tourstart.exe
c:\windows\system32\MUI\0416\tourstart.exe
c:\windows\system32\MUI\0419\tourstart.exe
c:\windows\system32\MUI\041b\tourstart.exe
c:\windows\system32\MUI\041D\tourstart.exe
c:\windows\system32\MUI\041f\tourstart.exe
c:\windows\system32\MUI\0424\tourstart.exe
c:\windows\system32\MUI\0804\tourstart.exe
c:\windows\system32\MUI\0816\tourstart.exe
c:\windows\system32\MUI\0C0A\tourstart.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-10-15 bis 2013-11-15  ))))))))))))))))))))))))))))))
.
.
2013-11-14 16:59 . 2013-11-14 17:48	105176	----a-w-	c:\windows\system32\drivers\MBAMSwissArmy.sys
2013-11-13 17:12 . 2013-11-14 17:46	47064	----a-w-	c:\windows\system32\drivers\mbamchameleon.sys
2013-11-11 21:54 . 2013-11-11 21:54	--------	d-----w-	C:\FRST
2013-11-10 10:07 . 2013-11-10 10:07	4379048	----a-w-	c:\program files\ccsetup407.exe
2013-11-10 09:28 . 2013-11-10 09:28	--------	d-----w-	c:\windows\system32\wbem\Repository
2013-11-10 09:28 . 2013-11-10 09:28	--------	d-----w-	c:\program files\Optimizer Pro
2013-11-10 09:28 . 2013-11-10 09:28	--------	d-----w-	c:\documents and settings\Administrator\Application Data\Optimizer Pro
2013-11-10 09:28 . 2013-11-10 09:28	--------	d-----w-	c:\program files\Mozilla Maintenance Service
2013-11-10 07:38 . 2013-11-10 07:38	--------	d-----w-	c:\program files\Uninstaller
2013-11-10 07:36 . 2013-11-10 09:35	--------	d-----w-	c:\program files\MyPC Backup
2013-11-10 07:35 . 2013-11-10 07:35	--------	d-----w-	c:\documents and settings\Administrator\Application Data\DealPly
2013-11-10 07:34 . 2013-11-10 07:34	--------	d-----w-	c:\program files\SearchProtect
2013-11-10 07:34 . 2013-11-10 07:34	--------	d-----w-	c:\documents and settings\Administrator\Local Settings\Application Data\SearchProtect
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-10-13 07:25 . 2009-05-07 11:44	920064	----a-w-	c:\windows\system32\wininet.dll
2013-10-13 07:25 . 2009-05-07 11:43	43520	----a-w-	c:\windows\system32\licmgr10.dll
2013-10-13 07:25 . 2009-05-07 11:43	1469440	----a-w-	c:\windows\system32\inetcpl.cpl
2013-10-13 07:24 . 2009-05-07 11:42	18944	----a-w-	c:\windows\system32\corpol.dll
2013-10-13 06:57 . 2009-05-07 11:43	385024	----a-w-	c:\windows\system32\html.iec
2013-10-12 15:56 . 2009-05-07 11:43	278528	----a-w-	c:\windows\system32\oakley.dll
2013-10-10 19:51 . 2012-06-13 16:01	71048	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2013-10-09 13:12 . 2009-05-07 11:43	287744	----a-w-	c:\windows\system32\gdi32.dll
2013-10-07 10:59 . 2009-05-07 11:42	603136	----a-w-	c:\windows\system32\crypt32.dll
2013-10-05 01:14 . 2012-06-17 10:21	7168	----a-w-	c:\windows\system32\xpsp4res.dll
2013-09-05 15:32 . 2013-08-18 07:55	88840	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2013-09-05 15:32 . 2013-08-18 07:55	136672	----a-w-	c:\windows\system32\drivers\avipbb.sys
2013-08-29 01:31 . 2009-05-07 11:44	1878656	----a-w-	c:\windows\system32\win32k.sys
2013-08-18 06:56 . 2013-08-18 07:55	37352	----a-w-	c:\windows\system32\drivers\avkmgr.sys
2013-01-01 08:39 . 2013-01-01 08:35	32664816	----a-w-	c:\program files\SweetHome3D-3.7-windows-oc.exe
2012-09-17 14:08 . 2012-09-17 14:08	1461628	----a-w-	c:\program files\7-PDFSplitMerge204.exe
2012-09-01 21:49 . 2012-09-01 21:48	3927560	----a-w-	c:\program files\ccsetup322.exe
2012-08-08 16:40 . 2012-08-08 16:40	8321680	----a-w-	c:\program files\IpsosPanelPlusSetup.exe
2012-08-08 10:35 . 2012-08-08 10:27	92268272	----a-w-	c:\program files\AVSMediaPlayer419.exe
2012-08-08 10:26 . 2012-08-08 10:26	739864	----a-w-	c:\program files\ChromeSetup.exe
2012-08-07 13:39 . 2012-08-07 13:39	6951816	----a-w-	c:\program files\dpLaunchSet.exe
2012-08-07 09:08 . 2012-08-07 09:08	2453107	----a-w-	c:\program files\USBdrvWinXP.exe
2012-08-01 03:15 . 2012-08-01 03:14	10494632	----a-w-	c:\program files\pdf24-creator.exe
2012-06-19 13:51 . 2012-06-19 13:49	16420744	----a-w-	c:\program files\Firefox Setup 13.0.1.exe
2012-06-19 12:17 . 2012-06-19 12:17	2500792	----a-w-	c:\program files\AdobeDownloadAssistant.exe
2012-06-14 20:41 . 2012-06-14 20:37	16883056	----a-w-	c:\program files\IE8-WindowsXP-x86-ENU.exe
2012-06-14 09:48 . 2012-06-14 09:48	99308192	----a-w-	c:\program files\avira_free_antivirus_de.exe
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{41564952-412D-5637-00A7-7A786E7484D7}]
2013-10-23 19:52	12240	----a-w-	c:\program files\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{41564952-412D-5637-00A7-7A786E7484D7}"= "c:\program files\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll" [2013-10-23 12240]
.
[HKEY_CLASSES_ROOT\clsid\{41564952-412d-5637-00a7-7a786e7484d7}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{41564952-412D-5637-00A7-7A786E7484D7}"= "c:\program files\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll" [2013-10-23 12240]
.
[HKEY_CLASSES_ROOT\clsid\{41564952-412d-5637-00a7-7a786e7484d7}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2013-10-21 20549280]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-09-17 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-09-17 178712]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-09-17 150040]
"PRunOnce"="c:\util\prunonce\PRunOnce.exe" [2008-10-23 161088]
"WSwitch"="c:\program files\Panasonic\WSwitch\WSwitch.exe" [2008-11-05 800064]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-07-26 204800]
"setfan"="c:\program files\Panasonic\setfan\setfan.exe" [2008-10-24 443712]
"Panasonic Hotkey Manager"="c:\program files\Panasonic\Hotkey Appendix\HKEYAPP.EXE" [2008-10-18 1058104]
"PCinfo"="c:\program files\Panasonic\pcinfo\PcInfoUt.exe" [2008-10-24 91456]
"ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2007-09-28 75136]
"IntelZeroConfig"="c:\program files\Intel\WiFi\bin\ZCfgSvc.exe" [2008-12-22 1368064]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-05 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-05 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2008-12-22 1191936]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2009-02-10 745472]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2007-10-30 77824]
"REGSHAVE"="c:\program files\REGSHAVE\REGSHAVE.EXE" [2002-02-04 53248]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS6ServiceManager"="c:\program files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
"PDFPrint"="c:\program files\PDF24\pdf24.exe" [2012-12-12 163000]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb05.exe" [2002-05-24 188416]
"HPHmon04"="c:\windows\system32\hphmon04.exe" [2002-06-20 339968]
"HPHUPD04"="c:\program files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe" [2002-05-24 49152]
"Share-to-Web Namespace Daemon"="c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 69632]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2013-09-05 347192]
"ApnTBMon"="c:\program files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe" [2013-10-23 1673680]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2008-04-14 1040384]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe [2007-11-1 421888]
Economy Mode(ECO) Setting Utility.lnk - c:\program files\Panasonic\CHGBMODE\ChgBmode.exe /NOMSG [2009-5-7 308544]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.8.130\SSScheduler.exe [2013-9-6 273296]
Optical Disc Drive Power-Saving Utility.lnk - c:\program files\Panasonic\OPDOFF\opdoff.exe [2009-5-7 1516856]
PC Information Popup.lnk - c:\program files\Panasonic\PPopup\ppopup.exe /startup [2009-5-7 689472]
RAMASST.lnk - c:\windows\system32\RAMAsst.exe [2009-5-8 266240]
Touch Pad Utility.lnk - c:\program files\Panasonic\WheelPad\Touchpad.exe [2009-5-7 456000]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [18.08.2013 08:55 37352]
R2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [18.08.2013 08:55 84024]
R2 APNMCP;Ask Aktualisierungsdienst;c:\program files\AskPartnerNetwork\Toolbar\apnmcp.exe [23.10.2013 20:52 166352]
R2 ETMService;Intel(R) Dynamic Power Performance Management Service Application;c:\windows\system32\etmservice.exe [07.05.2009 21:04 223768]
R2 OPDOFFSV;Panasonic Opdoff Utility;c:\program files\Panasonic\OPDOFF\opdoffsv.exe [07.05.2009 22:23 206136]
R2 PcInfoPi;Panasonic PC Information Viewer Service 2;c:\program files\Panasonic\pcinfo\PcInfoPi.exe [07.05.2009 22:46 54592]
R2 PcInfoSV;Panasonic PC Information Viewer;c:\program files\Panasonic\pcinfo\PCInfoSV.exe [07.05.2009 22:46 193856]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [17.04.2007 19:09 11032]
R2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [14.08.2013 10:10 3291008]
R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [07.05.2009 12:50 244368]
R3 EtmCpu;EtmCpu;c:\windows\system32\drivers\EtmDevCpu.sys [07.05.2009 21:04 25088]
R3 EtmDevGen;EtmDevGen;c:\windows\system32\drivers\EtmDevGen.sys [07.05.2009 21:04 18944]
R3 EtmDrvMgr;EtmDrvMgr;c:\windows\system32\drivers\EtmDrvMgr.sys [07.05.2009 21:04 46592]
R3 EtmFan;EtmFan;c:\windows\system32\drivers\EtmDevFan.sys [07.05.2009 21:04 11264]
R3 EtmGmchMem;EtmGmchMem;c:\windows\system32\drivers\EtmDevGmch.sys [07.05.2009 21:04 98304]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [07.05.2009 12:51 44800]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [07.05.2009 12:53 110080]
R3 NewMisc;Panasonic Misc Driver C;c:\windows\system32\drivers\newmisc.sys [07.05.2009 12:50 28608]
S2 AntiVirWebService;Avira Browser-Schutz;c:\program files\Avira\AntiVir Desktop\avwebgrd.exe [18.08.2013 08:55 815160]
S2 ca82e1a5;Optimizer Pro Crash Monitor;c:\progra~1\optimi~1\OptProCrash.exe [10.11.2013 08:36 143488]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [05.09.2013 10:34 171680]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.8.130\McCHSvc.exe [06.09.2013 17:29 235216]
S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [19.02.2010 12:37 517096]
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-10-19 03:24	1185744	----a-w-	c:\program files\Google\Chrome\Application\30.0.1599.101\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-11-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-13 19:51]
.
2013-03-04 c:\windows\Tasks\AdobeAAMUpdater-1.0-YOUR-8E8F8D6E2D-Administrator.job
- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2012-08-08 04:09]
.
2013-11-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-08-30 06:47]
.
2013-11-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-08-30 06:47]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://feed.snapdo.com/?publisher=Tuguu&dpid=TuguuCR&co=DE&userid=c27c7a0f-aa1d-70a0-db72-1929caf785a5&searchtype=hp&installDate=10/11/2013
uSearchAssistant = hxxp://feed.snapdo.com/?publisher=Tuguu&dpid=TuguuCR&co=DE&userid=c27c7a0f-aa1d-70a0-db72-1929caf785a5&searchtype=ds&q={searchTerms}&installDate=10/11/2013
IE: An OneNote s&enden - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\la8iggyg.default\
FF - prefs.js: browser.search.selectedEngine - Web Search
FF - prefs.js: browser.startup.homepage - hxxp://feed.snapdo.com/?publisher=Tuguu&dpid=TuguuCR&co=DE&userid=c27c7a0f-aa1d-70a0-db72-1929caf785a5&searchtype=hp&installDate=10/11/2013
FF - prefs.js: keyword.URL - hxxp://feed.snapdo.com/?publisher=Tuguu&dpid=TuguuCR&co=DE&userid=c27c7a0f-aa1d-70a0-db72-1929caf785a5&searchtype=ds&installDate=10/11/2013&q=
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-BetterAds - c:\program files\BetterAds\uninstall.exe
AddRemove-SuperLyrics-16 - c:\program files\SuperLyrics-16\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2013-11-15 07:58
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-3402263254-3905192389-2916328827-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f9,5e,58,ef,33,d9,f8,4c,b6,72,38,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f9,5e,58,ef,33,d9,f8,4c,b6,72,38,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'winlogon.exe'(1196)
c:\windows\system32\netprovcredman.dll
c:\windows\system32\igfxdev.dll
.
- - - - - - - > 'lsass.exe'(1252)
c:\program files\Avira\AntiVir Desktop\avsda.dll
.
- - - - - - - > 'explorer.exe'(4092)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files\Intel\WiFi\bin\S24EvMon.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Synaptics\SynTP\SynTPEnh.exe
c:\program files\Brother\ControlCenter3\brccMCtl.exe
c:\program files\Panasonic\CHGBMODE\ChgBmode.exe
c:\program files\Brother\Brmfcmon\BrMfcmon.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
c:\program files\Panasonic\PPopup\ppopup.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
c:\windows\System32\DVDRAMSV.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-11-15  08:04:53 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2013-11-15 07:04
.
Vor Suchlauf: 192.288.673.792 bytes free
Nach Suchlauf: 192.295.698.432 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - DA5BF5B7037BCFE743015C8C416C3567
8F558EB6672622401DA993E1E865C861

cosinus · 15.11.2013, 10:39

Adware/Junkware/Toolbars entfernen

1. Schritt: adwCleaner

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

2. Schritt: JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

3. Schritt: Frisches Log mit FRST

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

tantan · 15.11.2013, 18:55

Hallo,

alles 3 wurden durchgeführt.
Juhuhuuu es sieht gut aus :-)
Aber, bitte schauen Sie unten die logfiles.

Herzlichen Dank!

tantan

1. Schritt: adwCleaner

Code:

ATTFilter

# AdwCleaner v3.012 - Report created 15/11/2013 at 18:24:06
# Updated 11/11/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Administrator - YOUR-8E8F8D6E2D
# Running from : C:\Documents and Settings\Administrator\Desktop\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Documents and Settings\All Users\Start Menu\Programs\optimizer pro v3.2
Folder Deleted : C:\Program Files\MyPC Backup
Folder Deleted : C:\Program Files\optimizer pro
Folder Deleted : C:\Program Files\Searchprotect
Folder Deleted : C:\Documents and Settings\LocalService\Local Settings\Application Data\AskToolbar
Folder Deleted : C:\Documents and Settings\Administrator\Local Settings\Application Data\Searchprotect
Folder Deleted : C:\Documents and Settings\Administrator\Application Data\DealPly
Folder Deleted : C:\Documents and Settings\Administrator\Application Data\optimizer pro
Folder Deleted : C:\Documents and Settings\Administrator\My Documents\optimizer pro
[!] Folder Deleted : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aaaangaohdajkgeopjhpbnlpkehbhmbj
[!] Folder Deleted : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl
File Deleted : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\la8iggyg.default\searchplugins\Askcom.xml
File Deleted : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\la8iggyg.default\searchplugins\Web Search.xml

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\aaaangaohdajkgeopjhpbnlpkehbhmbj
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\DealPly
Key Deleted : HKLM\SOFTWARE\Classes\AppID\AddonsFramework.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ButtonSite.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\PropertySync.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHost.DLL
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHost.Tool
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHost.Tool.1
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0044162.BHO
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0044162.Sandbox
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0044162.Sandbox.1
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{19975B78-1907-4DD6-A437-4C48120F46A4}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{562B9317-C08A-444A-9482-62080DD851AE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9173F089-1A84-4023-B972-55A6EE7103B0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220422412262}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{045F91B3-695F-423A-98C7-8DE3C47AA020}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1348BD1B-C32A-41A7-9BD4-5377AA1AB925}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{43969E3F-3E7C-4911-A8F1-79C6CA6AC731}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{94CADA2E-1D3F-419F-8A3D-06C58EDF53C8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E52EB8B-8DD9-4605-AD36-D352BCD482F2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A1440EC3-F0FA-407A-B811-DE6668C06D29}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B9A84AD0-5777-46FD-8B8F-1EBD06750FBC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C815E3DA-0823-49B0-9270-D1771D58B317}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D3BC53E7-0437-4C97-90EE-2CD6FF47FB14}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550455415562}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660466416662}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{13A9E13B-139B-48D1-B698-9C3DFF726345}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Key Deleted : HKCU\Software\incredibar.com
Key Deleted : HKCU\Software\installedbrowserextensions
Key Deleted : HKCU\Software\InstalledThirdPartyPrograms
Key Deleted : HKCU\Software\lollipop
Key Deleted : HKCU\Software\Optimizer Pro
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\Software\incredibar.com
Key Deleted : HKLM\Software\InstalledThirdPartyPrograms
Key Deleted : HKLM\Software\Softonic
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DealPly
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MyPC Backup
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Optimizer Pro_is1

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Search [Default_Search_URL]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Search [SearchAssistant]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [Default]

-\\ Mozilla Firefox v25.0 (de)

[ File : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\la8iggyg.default\prefs.js ]

Line Deleted : user_pref("browser.search.defaultenginename", "Web Search");
Line Deleted : user_pref("browser.search.selectedEngine", "Web Search");
Line Deleted : user_pref("browser.startup.homepage", "hxxp://feed.snapdo.com/?publisher=Tuguu&dpid=TuguuCR&co=DE&userid=c27c7a0f-aa1d-70a0-db72-1929caf785a5&searchtype=hp&installDate=10/11/2013");
Line Deleted : user_pref("extensions.AVIRA-V7.apn.tldcache", "{\"date\":1382034000454,\"domainList\":[\"ac\",\"com.ac\",\"edu.ac\",\"gov.ac\",\"net.ac\",\"mil.ac\",\"org.ac\",\"ad\",\"nom.ad\",\"ae\",\"co.ae\",\"net[...]
Line Deleted : user_pref("extensions.crossrider.bic", "14240f244f5ccf010400caf390e8282f");
Line Deleted : user_pref("keyword.URL", "hxxp://feed.snapdo.com/?publisher=Tuguu&dpid=TuguuCR&co=DE&userid=c27c7a0f-aa1d-70a0-db72-1929caf785a5&searchtype=ds&installDate=10/11/2013&q=");

-\\ Google Chrome v30.0.1599.101

[ File : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]

Deleted : homepage
Deleted : icon_url
Deleted : search_url
Deleted : keyword
Deleted : urls_to_restore_on_startup

*************************

AdwCleaner[R0].txt - [8532 octets] - [15/11/2013 18:22:54]
AdwCleaner[S0].txt - [7872 octets] - [15/11/2013 18:24:06]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [7932 octets] ##########

2. Schritt: JRT - Junkware Removal Tool

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Microsoft Windows XP x86
Ran by Administrator on 15.11.2013 at 18:32:26,04
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\apntbmon



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{41564952-412D-5637-00A7-7A786E7484D7}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{92F32CDB-8ACA-4E12-B3F7-057434B698EB}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\apn"
Successfully deleted: [Folder] "C:\Documents and Settings\Administrator\Local Settings\Application Data\apn"



~~~ FireFox

Successfully deleted: [File] C:\Documents and Settings\Administrator\Application Data\mozilla\firefox\profiles\la8iggyg.default\extensions\toolbar_avira-v7@apn.ask.com.xpi
Successfully deleted the following from C:\Documents and Settings\Administrator\Application Data\mozilla\firefox\profiles\la8iggyg.default\prefs.js

user_pref("extensions.AVIRA-V7.com.avira.dnt.rules", "\"{\\\"Version\\\":39,\\\"Companies\\\":[{\\\"company\\\":\\\"Google Inc\\\",\\\"rules\\\":[{\\\"name\\\":\\\"Google Anal
user_pref("extensions.AVIRA-V7.domain", "\"avira.search.ask.com\"");
user_pref("extensions.AVIRA-V7.hpr_cr", "\"hxxp://avira.search.ask.com/?tpid=AVIRA-V7&o=APN11074&pf=&trgb=ALL&p2=%5EB0Q%5EYYYYYY%5EYY%5EDE&gct=hp&apn_ptnrs=%5EB0Q&apn_dtid=%5E



~~~ Chrome

Successfully deleted: [Folder] C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aaaaacalgebmfelllfiaoknifldpngjh
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\aaaaacalgebmfelllfiaoknifldpngjh





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 15.11.2013 at 18:38:59,75
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

3. Schritt: Frisches Log mit FRST

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 14-11-2013
Ran by Administrator (administrator) on YOUR-8E8F8D6E2D on 15-11-2013 18:49:02
Running from C:\Documents and Settings\Administrator\Desktop
Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Intel Corporation) C:\WINDOWS\system32\igfxtray.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(Panasonic Corporation) C:\Program Files\Panasonic\WSwitch\WSwitch.exe
(Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe
(Panasonic Corporation) C:\Program Files\Panasonic\Hotkey Appendix\HKEYAPP.EXE
( TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Brother Industries, Ltd.) C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
(Geek Software GmbH) C:\Program Files\PDF24\pdf24.exe
(HP) C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
(Hewlett-Packard) C:\WINDOWS\system32\hphmon04.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Brother Industries, Ltd.) C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(APN) C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Panasonic Corporation) C:\Program Files\Panasonic\CHGBMODE\ChgBmode.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
(Panasonic Corporation) C:\Program Files\Panasonic\OPDOFF\opdoff.exe
(TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
(Panasonic Corporation) C:\Program Files\Panasonic\PPopup\ppopup.exe
(Brother Industries, Ltd.) C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
() C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
(Panasonic Corporation) C:\WINDOWS\system32\RAMAsst.exe
(Panasonic Corporation) C:\Program Files\Panasonic\WheelPad\Touchpad.exe
(TOSHIBA CORPORATION.) c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
(TOSHIBA CORPORATION.) c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
(TOSHIBA CORPORATION.) c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(APN LLC.) C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe
(Panasonic Corporation) C:\WINDOWS\System32\DVDRAMSV.exe
(Intel Corporation) C:\WINDOWS\system32\EtmService.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(InterVideo) c:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(Panasonic Corporation) C:\Program Files\Panasonic\OPDOFF\opdoffsv.exe
(Panasonic Corporation) C:\Program Files\Panasonic\pcinfo\PCInfoPi.exe
(Panasonic Corporation) C:\Program Files\Panasonic\pcinfo\PCInfoSV.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Skype Technologies S.A.) C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(TOSHIBA CORPORATION) c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [HotKeysCmds] - C:\WINDOWS\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [PRunOnce] - C:\util\prunonce\PRunOnce.exe [161088 2008-10-23] (Panasonic Corporation)
HKLM\...\Run: [WSwitch] - C:\Program Files\Panasonic\WSwitch\WSwitch.exe [800064 2008-11-05] (Panasonic Corporation)
HKLM\...\Run: [SynTPStart] - C:\Program Files\Synaptics\SynTP\SynTPStart.exe [204800 2007-07-27] (Synaptics, Inc.)
HKLM\...\Run: [setfan] - C:\Program Files\Panasonic\setfan\setfan.exe [443712 2008-10-24] (Panasonic Corporation)
HKLM\...\Run: [Panasonic Hotkey Manager] - C:\Program Files\Panasonic\Hotkey Appendix\hkeyapp.exe [1058104 2008-10-18] (Panasonic Corporation)
HKLM\...\Run: [PCinfo] - C:\Program Files\Panasonic\pcinfo\PcInfoUt.exe [91456 2008-10-24] (Panasonic Corporation)
HKLM\...\Run: [ITSecMng] - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe [75136 2007-09-29] ( TOSHIBA CORPORATION)
HKLM\...\Run: [IntelZeroConfig] - C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe [1368064 2008-12-22] (Intel(R) Corporation)
HKLM\...\Run: [IMJPMIG8.1] - C:\WINDOWS\ime\imjp8_1\imjpmig.exe [208952 2004-08-05] (Microsoft Corporation)
HKLM\...\Run: [MSPY2002] - C:\WINDOWS\system32\IME\PINTLGNT\IMSCINST.EXE [59392 2004-08-05] ()
HKLM\...\Run: [PHIME2002ASync] - C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [455168 2004-08-05] (Microsoft Corporation)
HKLM\...\Run: [PHIME2002A] - C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [455168 2004-08-05] (Microsoft Corporation)
HKLM\...\Run: [IntelWireless] - C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1191936 2008-12-22] (Intel(R) Corporation)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [BrMfcWnd] - C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe [745472 2009-02-10] (Brother Industries, Ltd.)
HKLM\...\Run: [ControlCenter3] - C:\Program Files\Brother\ControlCenter3\BrCtrCen.exe [77824 2007-10-30] (Brother Industries, Ltd.)
HKLM\...\Run: [REGSHAVE] - C:\Program Files\REGSHAVE\REGSHAVE.EXE [53248 2002-02-04] (FUJI PHOTO FILM CO., LTD.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [SwitchBoard] - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM\...\Run: [AdobeCS6ServiceManager] - C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM\...\Run: [PDFPrint] - C:\Program Files\PDF24\pdf24.exe [163000 2012-12-12] (Geek Software GmbH)
HKLM\...\Run: [HPDJ Taskbar Utility] - C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe [188416 2002-05-24] (HP)
HKLM\...\Run: [HPHmon04] - C:\WINDOWS\system32\hphmon04.exe [339968 2002-06-20] (Hewlett-Packard)
HKLM\...\Run: [HPHUPD04] - C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe [49152 2002-05-24] (Hewlett-Packard)
HKLM\...\Run: [Share-to-Web Namespace Daemon] - C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe [69632 2002-04-17] (Hewlett-Packard)
HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [347192 2013-09-05] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [SoundMAXPnP] - C:\Program Files\Analog Devices\Core\smax4pnp.exe [1040384 2008-04-14] (Analog Devices, Inc.)
HKCU\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [20549280 2013-10-21] (Skype Technologies S.A.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk
ShortcutTarget: Bluetooth Manager.lnk -> C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe (TOSHIBA CORPORATION.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Economy Mode(ECO) Setting Utility.lnk
ShortcutTarget: Economy Mode(ECO) Setting Utility.lnk -> C:\Program Files\Panasonic\CHGBMODE\ChgBmode.exe (Panasonic Corporation)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Optical Disc Drive Power-Saving Utility.lnk
ShortcutTarget: Optical Disc Drive Power-Saving Utility.lnk -> C:\Program Files\Panasonic\OPDOFF\opdoff.exe (Panasonic Corporation)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\PC Information Popup.lnk
ShortcutTarget: PC Information Popup.lnk -> C:\Program Files\Panasonic\PPopup\ppopup.exe (Panasonic Corporation)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\RAMASST.lnk
ShortcutTarget: RAMASST.lnk -> C:\WINDOWS\system32\RAMAsst.exe (Panasonic Corporation)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Touch Pad Utility.lnk
ShortcutTarget: Touch Pad Utility.lnk -> C:\Program Files\Panasonic\WheelPad\Touchpad.exe (Panasonic Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x1E8C8920B883CD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO: No Name - {41564952-412D-5637-00A7-7A786E7484D7} -  No File
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
Toolbar: HKLM - No Name - {41564952-412D-5637-00A7-7A786E7484D7} -  No File
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
Toolbar: HKCU - No Name - {41564952-412D-5637-00A7-7A786E7484D7} -  No File
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog9 01 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 02 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 18 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\la8iggyg.default
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin: @digitalpublishing.de/dpLaunch - C:\Program Files\digital publishing\LAUNCHER_12_999999\nplaunch.dll (digital publishing AG)
FF Plugin: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: betterads - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\la8iggyg.default\Extensions\betterads@BetterAds.org.xpi
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

Chrome: 
=======
CHR HomePage: hxxp://www.google.com
CHR RestoreOnStartup: "hxxp://www.google.com"
CHR DefaultSearchURL: (Web) - hxxp://www.google.com
CHR DefaultSuggestURL: (Web) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\21.0.1180.83\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\30.0.1599.101\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll No File
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\30.0.1599.101\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft\u00AE DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Microsoft\u00AE DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (Ipsos communication plugin) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Ipsos Panel Plus\toolbar_ff\plugins\npIpsosCommPlugin.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (dp Launcher Plugin) - C:\Program Files\digital publishing\LAUNCHER_12_999999\nplaunch.dll (digital publishing AG)
CHR Plugin: (Windows Presentation Foundation) - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Extension: (Chrome In-App Payments service) - C:\DOCUME~1\ADMINI~1\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0
CHR HKLM\...\Chrome\Extension: [cacclhdpfoingihegojhoipnihfnoaki] - C:\Documents and Settings\Administrator\Local Settings\Application Data\MediaBA\betterads.crx

========================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [84024 2013-09-05] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [108088 2013-09-05] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [815160 2013-09-05] (Avira Operations GmbH & Co. KG)
R2 APNMCP; C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe [166352 2013-10-23] (APN LLC.)
R2 DVD-RAM_Service; C:\Windows\System32\DVDRAMSV.exe [172032 2008-07-17] (Panasonic Corporation)
R2 ETMService; C:\WINDOWS\system32\EtmService.exe [223768 2008-08-14] (Intel Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [235216 2013-09-06] (McAfee, Inc.)
R2 OPDOFFSV; C:\Program Files\Panasonic\OPDOFF\opdoffsv.exe [206136 2008-10-22] (Panasonic Corporation)
R2 PcInfoPi; C:\Program Files\Panasonic\pcinfo\PCInfoPi.exe [54592 2008-10-24] (Panasonic Corporation)
R2 PcInfoSV; C:\Program Files\Panasonic\pcinfo\PCInfoSV.exe [193856 2009-02-23] (Panasonic Corporation)
S3 Pml Driver HPH11; C:\WINDOWS\system32\HPHipm11.exe [77824 2002-05-24] (HP)
R2 S24EventMonitor; C:\Program Files\Intel\WiFi\bin\S24EvMon.exe [905216 2008-12-22] (Intel(R) Corporation)
R2 Skype C2C Service; C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3291008 2013-08-14] (Skype Technologies S.A.)
S2 ca82e1a5; "c:\progra~1\optimi~1\OptProCrash.exe" [x]

==================== Drivers (Whitelisted) ====================

R1 AFS2K; C:\Windows\System32\Drivers\AFS2K.sys [82380 2013-03-02] (Oak Technology Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [88840 2013-09-05] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136672 2013-09-05] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-08-18] (Avira Operations GmbH & Co. KG)
S3 BrScnUsb; C:\Windows\System32\DRIVERS\BrScnUsb.sys [15295 2004-10-15] (Brother Industries Ltd.)
S3 Dot4 HPH11; C:\Windows\System32\DRIVERS\hphid411.sys [50896 2002-05-24] (HP)
S3 Dot4Print HPH11; C:\Windows\System32\DRIVERS\hphipr11.sys [16112 2002-05-24] (HP)
S3 Dot4Storage HPH11; C:\Windows\System32\Drivers\hphs2k11.sys [50276 2002-05-24] (Hewlett-Packard)
S3 Dot4Usb HPH11; C:\Windows\System32\drivers\hphius11.sys [18928 2002-05-24] (HP)
R3 e1yexpress; C:\Windows\System32\DRIVERS\e1y5132.sys [244368 2008-03-26] (Intel Corporation)
R3 EtmCpu; C:\Windows\System32\DRIVERS\EtmDevCpu.sys [25088 2008-08-08] (Intel Corporation)
R3 EtmDevGen; C:\Windows\System32\DRIVERS\EtmDevGen.sys [18944 2008-08-08] (Intel Corporation)
R3 EtmDrvMgr; C:\Windows\System32\DRIVERS\EtmDrvMgr.sys [46592 2008-08-08] (Intel Corporation)
R3 EtmFan; C:\Windows\System32\DRIVERS\EtmDevFan.sys [11264 2008-08-08] (Intel Corporation)
R3 EtmGmchMem; C:\Windows\System32\DRIVERS\EtmDevGmch.sys [98304 2008-08-08] (Intel Corporation)
R3 HOTKEY; C:\Windows\System32\DRIVERS\hotkey.sys [24640 2009-03-09] (Panasonic Corporation)
R3 HSFHWAZL; C:\Windows\System32\DRIVERS\HSFHWAZL.sys [210304 2008-12-08] (Conexant Systems, Inc.)
R3 HSF_DPV; C:\Windows\System32\DRIVERS\HSF_DPV.sys [985856 2008-12-08] (Conexant Systems, Inc.)
R3 IFXTPM; C:\Windows\System32\DRIVERS\IFXTPM.SYS [44800 2007-12-17] (Infineon Technologies AG)
S3 Iviaspi; C:\Windows\System32\drivers\Iviaspi.sys [10368 2005-09-20] (InterVideo, Inc.)
R1 meiudf; C:\Windows\System32\Drivers\meiudf.sys [124616 2008-07-17] (Panasonic Corporation)
R3 NETw5x32; C:\Windows\System32\DRIVERS\NETw5x32.sys [3636608 2008-12-21] (Intel Corporation)
R3 NewMisc; C:\Windows\System32\DRIVERS\newmisc.sys [28608 2009-02-18] (Panasonic Corporation)
R2 s24trans; C:\Windows\System32\DRIVERS\s24trans.sys [11904 2008-08-14] (Intel Corporation)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-08-18] (Avira GmbH)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S4 IntelIde; No ImagePath
U5 ScsiPort; C:\Windows\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-11-15 18:44 - 2013-11-15 18:44 - 01090529 _____ (Farbar) C:\Documents and Settings\Administrator\Desktop\FRST.exe
2013-11-15 18:39 - 2013-11-15 18:38 - 00002397 _____ C:\Documents and Settings\Administrator\Desktop\JRT.txt
2013-11-15 18:32 - 2013-11-15 18:32 - 00000000 ____D C:\WINDOWS\ERUNT
2013-11-15 18:31 - 2013-11-15 18:31 - 01034531 _____ (Thisisu) C:\Documents and Settings\Administrator\Desktop\JRT.exe
2013-11-15 18:22 - 2013-11-15 18:24 - 00000000 ____D C:\AdwCleaner
2013-11-15 18:16 - 2013-11-15 18:16 - 01085542 _____ C:\Documents and Settings\Administrator\Desktop\adwcleaner.exe
2013-11-15 08:04 - 2013-11-15 08:04 - 00065077 _____ C:\ComboFix.txt
2013-11-15 07:33 - 2013-11-15 07:33 - 00000000 _RSHD C:\cmdcons
2013-11-15 07:33 - 2012-06-07 18:15 - 00000211 _____ C:\Boot.bak
2013-11-15 07:33 - 2004-08-03 23:00 - 00262448 __RSH C:\cmldr
2013-11-15 07:30 - 2013-11-15 08:04 - 00000000 ____D C:\Qoobox
2013-11-15 07:30 - 2013-11-15 08:03 - 00000000 ____D C:\WINDOWS\erdnt
2013-11-15 07:30 - 2011-06-26 07:45 - 00256000 _____ C:\WINDOWS\PEV.exe
2013-11-15 07:30 - 2010-11-07 18:20 - 00208896 _____ C:\WINDOWS\MBR.exe
2013-11-15 07:30 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
2013-11-15 07:30 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
2013-11-15 07:30 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
2013-11-15 07:30 - 2000-08-31 01:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe
2013-11-15 07:30 - 2000-08-31 01:00 - 00098816 _____ C:\WINDOWS\sed.exe
2013-11-15 07:30 - 2000-08-31 01:00 - 00080412 _____ C:\WINDOWS\grep.exe
2013-11-15 07:30 - 2000-08-31 01:00 - 00068096 _____ C:\WINDOWS\zip.exe
2013-11-15 07:29 - 2013-11-15 07:29 - 05146278 ____R (Swearware) C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
2013-11-14 17:59 - 2013-11-14 18:48 - 00105176 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2013-11-13 21:41 - 2013-11-13 21:41 - 00010330 _____ C:\WINDOWS\KB2900986.log
2013-11-13 21:41 - 2013-11-13 21:41 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2900986$
2013-11-13 21:41 - 2013-11-13 21:41 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2868626$
2013-11-13 21:39 - 2013-11-13 21:40 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862152$
2013-11-13 21:39 - 2013-11-13 21:39 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2876331$
2013-11-13 21:38 - 2013-11-13 21:41 - 00033880 _____ C:\WINDOWS\iis6.log
2013-11-13 21:38 - 2013-11-13 21:41 - 00030913 _____ C:\WINDOWS\FaxSetup.log
2013-11-13 21:38 - 2013-11-13 21:41 - 00014780 _____ C:\WINDOWS\ocgen.log
2013-11-13 21:38 - 2013-11-13 21:41 - 00014105 _____ C:\WINDOWS\tsoc.log
2013-11-13 21:38 - 2013-11-13 21:41 - 00010216 _____ C:\WINDOWS\comsetup.log
2013-11-13 21:38 - 2013-11-13 21:41 - 00009580 _____ C:\WINDOWS\msmqinst.log
2013-11-13 21:38 - 2013-11-13 21:41 - 00006191 _____ C:\WINDOWS\ntdtcsetup.log
2013-11-13 21:38 - 2013-11-13 21:41 - 00005415 _____ C:\WINDOWS\netfxocm.log
2013-11-13 21:38 - 2013-11-13 21:41 - 00004101 _____ C:\WINDOWS\updspapi.log
2013-11-13 21:38 - 2013-11-13 21:41 - 00002125 _____ C:\WINDOWS\MedCtrOC.log
2013-11-13 21:38 - 2013-11-13 21:41 - 00001710 _____ C:\WINDOWS\ocmsn.log
2013-11-13 21:38 - 2013-11-13 21:41 - 00001555 _____ C:\WINDOWS\tabletoc.log
2013-11-13 21:38 - 2013-11-13 21:41 - 00001545 _____ C:\WINDOWS\msgsocm.log
2013-11-13 21:38 - 2013-11-13 21:41 - 00001393 _____ C:\WINDOWS\imsins.log
2013-11-13 21:38 - 2013-11-13 21:41 - 00001393 _____ C:\WINDOWS\imsins.BAK
2013-11-13 21:38 - 2013-11-13 21:38 - 00012553 _____ C:\WINDOWS\KB2888505-IE8.log
2013-11-13 21:38 - 2013-11-13 21:38 - 00000000 _____ C:\WINDOWS\setuperr.log
2013-11-13 21:38 - 2013-11-13 21:38 - 00000000 _____ C:\WINDOWS\setupact.log
2013-11-13 18:12 - 2013-11-14 19:51 - 00000000 ____D C:\Documents and Settings\Administrator\Desktop\mbar
2013-11-13 18:12 - 2013-11-14 18:46 - 00047064 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2013-11-13 18:05 - 2013-11-13 18:05 - 12576792 _____ (Malwarebytes Corp.) C:\Documents and Settings\Administrator\Desktop\mbar-1.07.0.1007.exe
2013-11-13 17:50 - 2013-11-13 21:41 - 00017451 _____ C:\WINDOWS\KB2868626.log
2013-11-13 17:49 - 2013-11-13 21:40 - 00016435 _____ C:\WINDOWS\KB2862152.log
2013-11-13 17:49 - 2013-11-13 21:39 - 00015985 _____ C:\WINDOWS\KB2876331.log
2013-11-11 23:11 - 2013-11-15 18:42 - 00000000 ____D C:\Documents and Settings\Administrator\Desktop\vvviirus
2013-11-11 22:58 - 2013-11-15 18:49 - 00020541 _____ C:\Documents and Settings\Administrator\Desktop\FRST.txt
2013-11-11 22:57 - 2013-11-11 22:58 - 00014165 _____ C:\Documents and Settings\Administrator\Desktop\Addition.txt
2013-11-11 22:54 - 2013-11-11 22:54 - 00000000 ____D C:\FRST
2013-11-10 11:07 - 2013-11-10 11:07 - 04379048 _____ (Piriform Ltd) C:\Program Files\ccsetup407.exe
2013-11-10 10:56 - 2013-11-10 10:56 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\SoundMAX
2013-11-10 10:28 - 2013-11-10 10:28 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-11-10 08:59 - 2013-11-10 08:59 - 00071160 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2013-11-05 17:51 - 2013-11-07 08:07 - 102894578 _____ C:\WINDOWS\system32\僕Ｑ囌7
2013-11-03 22:31 - 2013-11-07 20:12 - 00000000 ____D C:\Documents and Settings\Administrator\Desktop\Planung
2013-11-02 10:35 - 2013-11-02 10:35 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\McAfee Security Scan Plus
2013-10-29 19:02 - 2013-11-10 10:28 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-10-17 17:27 - 2013-10-17 17:27 - 101544623 _____ C:\WINDOWS\system32\꛵苅囌7

==================== One Month Modified Files and Folders =======

2013-11-15 18:49 - 2013-11-11 22:58 - 00020541 _____ C:\Documents and Settings\Administrator\Desktop\FRST.txt
2013-11-15 18:44 - 2013-11-15 18:44 - 01090529 _____ (Farbar) C:\Documents and Settings\Administrator\Desktop\FRST.exe
2013-11-15 18:42 - 2013-11-11 23:11 - 00000000 ____D C:\Documents and Settings\Administrator\Desktop\vvviirus
2013-11-15 18:38 - 2013-11-15 18:39 - 00002397 _____ C:\Documents and Settings\Administrator\Desktop\JRT.txt
2013-11-15 18:32 - 2013-11-15 18:32 - 00000000 ____D C:\WINDOWS\ERUNT
2013-11-15 18:31 - 2013-11-15 18:31 - 01034531 _____ (Thisisu) C:\Documents and Settings\Administrator\Desktop\JRT.exe
2013-11-15 18:30 - 2009-05-07 20:58 - 01152436 _____ C:\WINDOWS\WindowsUpdate.log
2013-11-15 18:28 - 2012-07-18 11:48 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Skype
2013-11-15 18:26 - 2009-05-07 13:57 - 00000259 _____ C:\WINDOWS\wiadebug.log
2013-11-15 18:26 - 2009-05-07 12:44 - 00001158 _____ C:\WINDOWS\system32\wpa.dbl
2013-11-15 18:25 - 2012-08-30 07:47 - 00001108 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2013-11-15 18:25 - 2009-05-07 21:03 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2013-11-15 18:25 - 2009-05-07 13:57 - 00000050 _____ C:\WINDOWS\wiaservc.log
2013-11-15 18:24 - 2013-11-15 18:22 - 00000000 ____D C:\AdwCleaner
2013-11-15 18:24 - 2009-05-07 21:03 - 00032498 _____ C:\WINDOWS\SchedLgU.Txt
2013-11-15 18:24 - 2009-05-07 21:03 - 00000178 ___SH C:\Documents and Settings\Administrator\ntuser.ini
2013-11-15 18:24 - 2009-05-07 21:03 - 00000000 ____D C:\Documents and Settings\Administrator
2013-11-15 18:23 - 2012-08-30 07:47 - 00001112 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2013-11-15 18:16 - 2013-11-15 18:16 - 01085542 _____ C:\Documents and Settings\Administrator\Desktop\adwcleaner.exe
2013-11-15 17:51 - 2012-06-13 17:01 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2013-11-15 17:36 - 2009-05-07 21:03 - 00000000 __SHD C:\Documents and Settings\NetworkService
2013-11-15 08:04 - 2013-11-15 08:04 - 00065077 _____ C:\ComboFix.txt
2013-11-15 08:04 - 2013-11-15 07:30 - 00000000 ____D C:\Qoobox
2013-11-15 08:03 - 2013-11-15 07:30 - 00000000 ____D C:\WINDOWS\erdnt
2013-11-15 07:44 - 2009-05-07 12:44 - 00000227 _____ C:\WINDOWS\system.ini
2013-11-15 07:33 - 2013-11-15 07:33 - 00000000 _RSHD C:\cmdcons
2013-11-15 07:33 - 2009-05-07 13:03 - 00000327 __RSH C:\boot.ini
2013-11-15 07:29 - 2013-11-15 07:29 - 05146278 ____R (Swearware) C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
2013-11-14 19:51 - 2013-11-13 18:12 - 00000000 ____D C:\Documents and Settings\Administrator\Desktop\mbar
2013-11-14 18:48 - 2013-11-14 17:59 - 00105176 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2013-11-14 18:46 - 2013-11-13 18:12 - 00047064 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2013-11-14 18:32 - 2009-05-07 22:03 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB942840$
2013-11-13 21:41 - 2013-11-13 21:41 - 00010330 _____ C:\WINDOWS\KB2900986.log
2013-11-13 21:41 - 2013-11-13 21:41 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2900986$
2013-11-13 21:41 - 2013-11-13 21:41 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2868626$
2013-11-13 21:41 - 2013-11-13 21:38 - 00033880 _____ C:\WINDOWS\iis6.log
2013-11-13 21:41 - 2013-11-13 21:38 - 00030913 _____ C:\WINDOWS\FaxSetup.log
2013-11-13 21:41 - 2013-11-13 21:38 - 00014780 _____ C:\WINDOWS\ocgen.log
2013-11-13 21:41 - 2013-11-13 21:38 - 00014105 _____ C:\WINDOWS\tsoc.log
2013-11-13 21:41 - 2013-11-13 21:38 - 00010216 _____ C:\WINDOWS\comsetup.log
2013-11-13 21:41 - 2013-11-13 21:38 - 00009580 _____ C:\WINDOWS\msmqinst.log
2013-11-13 21:41 - 2013-11-13 21:38 - 00006191 _____ C:\WINDOWS\ntdtcsetup.log
2013-11-13 21:41 - 2013-11-13 21:38 - 00005415 _____ C:\WINDOWS\netfxocm.log
2013-11-13 21:41 - 2013-11-13 21:38 - 00004101 _____ C:\WINDOWS\updspapi.log
2013-11-13 21:41 - 2013-11-13 21:38 - 00002125 _____ C:\WINDOWS\MedCtrOC.log
2013-11-13 21:41 - 2013-11-13 21:38 - 00001710 _____ C:\WINDOWS\ocmsn.log
2013-11-13 21:41 - 2013-11-13 21:38 - 00001555 _____ C:\WINDOWS\tabletoc.log
2013-11-13 21:41 - 2013-11-13 21:38 - 00001545 _____ C:\WINDOWS\msgsocm.log
2013-11-13 21:41 - 2013-11-13 21:38 - 00001393 _____ C:\WINDOWS\imsins.log
2013-11-13 21:41 - 2013-11-13 21:38 - 00001393 _____ C:\WINDOWS\imsins.BAK
2013-11-13 21:41 - 2013-11-13 17:50 - 00017451 _____ C:\WINDOWS\KB2868626.log
2013-11-13 21:41 - 2012-07-30 19:12 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Microsoft Help
2013-11-13 21:40 - 2013-11-13 21:39 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862152$
2013-11-13 21:40 - 2013-11-13 17:49 - 00016435 _____ C:\WINDOWS\KB2862152.log
2013-11-13 21:39 - 2013-11-13 21:39 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2876331$
2013-11-13 21:39 - 2013-11-13 17:49 - 00015985 _____ C:\WINDOWS\KB2876331.log
2013-11-13 21:38 - 2013-11-13 21:38 - 00012553 _____ C:\WINDOWS\KB2888505-IE8.log
2013-11-13 21:38 - 2013-11-13 21:38 - 00000000 _____ C:\WINDOWS\setuperr.log
2013-11-13 21:38 - 2013-11-13 21:38 - 00000000 _____ C:\WINDOWS\setupact.log
2013-11-13 21:38 - 2013-08-18 08:00 - 00000000 ____D C:\WINDOWS\system32\MRT
2013-11-13 21:38 - 2012-06-16 16:16 - 00000000 ____D C:\WINDOWS\ie8updates
2013-11-13 21:35 - 2012-06-20 09:01 - 80340640 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2013-11-13 18:05 - 2013-11-13 18:05 - 12576792 _____ (Malwarebytes Corp.) C:\Documents and Settings\Administrator\Desktop\mbar-1.07.0.1007.exe
2013-11-11 22:58 - 2013-11-11 22:57 - 00014165 _____ C:\Documents and Settings\Administrator\Desktop\Addition.txt
2013-11-11 22:54 - 2013-11-11 22:54 - 00000000 ____D C:\FRST
2013-11-10 11:10 - 2012-06-13 17:08 - 00000000 __SHD C:\Documents and Settings\Administrator\UserData
2013-11-10 11:08 - 2012-12-25 02:39 - 00000000 ____D C:\WINDOWS\Minidump
2013-11-10 11:07 - 2013-11-10 11:07 - 04379048 _____ (Piriform Ltd) C:\Program Files\ccsetup407.exe
2013-11-10 10:56 - 2013-11-10 10:56 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\SoundMAX
2013-11-10 10:28 - 2013-11-10 10:28 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-11-10 10:28 - 2013-10-29 19:02 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-11-10 10:28 - 2009-05-07 22:14 - 00000000 ____D C:\Program Files\Panasonic
2013-11-10 10:28 - 2009-05-07 21:03 - 00000000 __SHD C:\Documents and Settings\LocalService
2013-11-10 10:28 - 2009-05-07 20:58 - 00000000 ____D C:\WINDOWS\Registration
2013-11-10 10:15 - 2009-05-07 21:05 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2013-11-10 08:59 - 2013-11-10 08:59 - 00071160 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2013-11-09 10:03 - 2009-05-07 20:58 - 00000000 ____D C:\WINDOWS\system32\Restore
2013-11-09 09:32 - 2012-07-30 19:16 - 00065536 _____ C:\WINDOWS\system32\config\OAlerts.evt
2013-11-07 20:12 - 2013-11-03 22:31 - 00000000 ____D C:\Documents and Settings\Administrator\Desktop\Planung
2013-11-07 17:55 - 2012-07-18 11:50 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Skype
2013-11-07 17:55 - 2012-07-18 11:48 - 00000000 ___RD C:\Program Files\Skype
2013-11-07 08:07 - 2013-11-05 17:51 - 102894578 _____ C:\WINDOWS\system32\僕Ｑ囌7
2013-11-06 19:58 - 2012-10-29 18:41 - 00000000 ____D C:\Bücher
2013-11-02 10:35 - 2013-11-02 10:35 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\McAfee Security Scan Plus
2013-11-02 10:35 - 2012-07-30 08:44 - 00000000 ____D C:\Program Files\McAfee Security Scan
2013-10-28 15:53 - 2009-05-07 13:54 - 00522638 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2013-10-18 18:32 - 2012-08-08 12:53 - 00000000 ____D C:\§SNIMKI
2013-10-17 19:16 - 2012-07-16 14:12 - 00000664 _____ C:\WINDOWS\system32\d3d9caps.dat
2013-10-17 17:27 - 2013-10-17 17:27 - 101544623 _____ C:\WINDOWS\system32\꛵苅囌7

Some content of TEMP:
====================
C:\Documents and Settings\Administrator\Local Settings\temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================

--- --- ---

cosinus · 16.11.2013, 04:11

Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes Anti-Malware (MBAM)

Hinweis: Denk bitte vorher daran, Malwarebytes Anti-Malware über den Updatebutton zu aktualisieren!

Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

tantan · 16.11.2013, 15:56

Hi,
ich glaube ich habe mich zu früh gefreut. Oder?
Eset hat über 7 Funds berichtet:-(

Hier unten bitte die Ergebnisse.

Schönes Wochenende wünsche ich euch!
tantan

Malwarebytes Anti-Malware

Code:

ATTFilter

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.11.16.01

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Administrator :: YOUR-8E8F8D6E2D [Administrator]

16.11.2013 08:02:11
mbam-log-2013-11-16 (08-02-11).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 200770
Laufzeit: 10 Minute(n), 58 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

ESET Online Scanner

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=4c7bfa88d9b50945b0c7f116a6107d44
# engine=15907
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-11-16 02:03:36
# local_time=2013-11-16 03:03:36 (+0100, W. Europe Standard Time)
# country="Germany"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1799 16775165 100 95 33351 155281921 26108 0
# scanned=174698
# found=7
# cleaned=0
# scan_time=20709
sh=E726D8BAED9714F2CCF9E8EE01DA76F32716870A ft=1 fh=3a4d9e1ea77ed494 vn="a variant of Win32/SpeedingUpMyPC application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\optimizer pro\OptimizerPro.exe.vir"
sh=DDD2974F59F7DBB2C99557C05FB33787C7B27748 ft=1 fh=b62022df389e395a vn="a variant of Win32/Adware.SpeedingUpMyPC.C application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\optimizer pro\OptProSmartScan.exe.vir"
sh=70D5E6C9AF1F791A05E45A82D0E935B0309F52AD ft=0 fh=0000000000000000 vn="LNK/Agent.AK trojan" ac=I fn="C:\System Volume Information\_restore{53F52927-EB7D-4F03-82D4-1244CC403C5C}\RP10\A0000752.lnk"
sh=E726D8BAED9714F2CCF9E8EE01DA76F32716870A ft=1 fh=3a4d9e1ea77ed494 vn="a variant of Win32/SpeedingUpMyPC application" ac=I fn="C:\System Volume Information\_restore{53F52927-EB7D-4F03-82D4-1244CC403C5C}\RP14\A0001229.exe"
sh=DDD2974F59F7DBB2C99557C05FB33787C7B27748 ft=1 fh=b62022df389e395a vn="a variant of Win32/Adware.SpeedingUpMyPC.C application" ac=I fn="C:\System Volume Information\_restore{53F52927-EB7D-4F03-82D4-1244CC403C5C}\RP14\A0001236.exe"
sh=DDD2974F59F7DBB2C99557C05FB33787C7B27748 ft=1 fh=b62022df389e395a vn="a variant of Win32/Adware.SpeedingUpMyPC.C application" ac=I fn="C:\System Volume Information\_restore{53F52927-EB7D-4F03-82D4-1244CC403C5C}\RP6\A0000068.exe"
sh=E726D8BAED9714F2CCF9E8EE01DA76F32716870A ft=1 fh=3a4d9e1ea77ed494 vn="a variant of Win32/SpeedingUpMyPC application" ac=I fn="C:\System Volume Information\_restore{53F52927-EB7D-4F03-82D4-1244CC403C5C}\RP6\A0000072.exe"

13.11.2013, 22:23	#8
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Ich habe angeblich Java Upgrade gemacht, Avira sagte - VIRUS und ich sehe es auch so... Da wurde etwas geändert, MBAR wird als EXE ausgeliefert. Einfach doppelklicken __________________ Logfiles bitte immer in CODE-Tags posten

Ich habe angeblich Java Upgrade gemacht, Avira sagte - VIRUS und ich sehe es auch so...

Log-Analyse und Auswertung: Ich habe angeblich Java Upgrade gemacht, Avira sagte - VIRUS und ich sehe es auch so...