Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Von Telekom auf möglichen Befall mit Schädlingssoftware hingewiesen - Systemprüfung erforderlich

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 19.01.2014, 22:25   #1
Philip84
 
Von Telekom auf möglichen Befall mit Schädlingssoftware hingewiesen - Systemprüfung erforderlich - Standard

Von Telekom auf möglichen Befall mit Schädlingssoftware hingewiesen - Systemprüfung erforderlich



Hallo zusammen,

Die Familie meiner Freundin hat Post von der Telekom bekommen. In dieser "Sicherheitswarnung zu Ihrem Internet-Zugang" heißt es, dass von ihrem Interanschluss regelmäßig SPAM-Mails verschickt werden. Auf Nachfrage beim Telekom Sicherheitsdienst heißt es, es würde sich aufgrund der ermittelten Zeiten, zu denen diese SPAM-Mails verschickt wurden, wahrscheinlich um Schädlingssoftware handeln, die eines der Systeme befallen habe , die an diesem Netzwerk sind. Daher ist eine Systemprüfung erforderlich.
Ich hoffe mir kann geholfen werden. Hier beschreibe ich nun das, was ich bisher unternommen habe.

Ich habe einen ersten Quickscan auf dem in Frage kommenden System mit Malwarebytes Anti Malware durchgeführt und 31 betroffene Objekte gefunden, die ich vom Programm habe entfernen lassen.

Logfile Malwarebytes

Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2014.01.18.04

Windows 8 x64 NTFS
Internet Explorer 11.0.9600.16476
Masha :: MARIA [Administrator]

Schutz: Aktiviert

18.01.2014 18:44:30
mbam-log-2014-01-18 (18-44-30).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 238884
Laufzeit: 4 Minute(n), 21 Sekunde(n)

Infizierte Speicherprozesse: 1
C:\Users\Masha\AppData\Roaming\Windows Net Data\net.exe (PUP.Optional.NetData.A) -> 5052 -> Löschen bei Neustart.

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 11
HKCR\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3} (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{82E1477C-B154-48D3-9891-33D83C26BCD3} (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{C1AF5FA5-852C-4C90-812E-A7F75E011D87} (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199} (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48d2-9061-8BBD4899EB08} (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\DataMngr_Toolbar (PUP.Optional.DataMngr.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\Software\DataMngr (PUP.Optional.DataMngr.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\Software\Iminent (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\Software\AppDataLow\Software\Crossrider (PUP.Optional.CrossRider.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\Software\BabSolution\Updater (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\Software\Iminent (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 5
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Search Page (Hijack.SearchPage) -> Bösartig: (hxxp://search.certified-toolbar.com?si=66920&tid=6787&ver=4.4&ts=1380901594709&tguid=66920-6787-1380901594709-90A444A64D6FB485CFFF23F9079C8A49&st=chrome&q=) Gut: (hxxp://www.google.com) -> Erfolgreich ersetzt und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (PUP.Optional.StartPage) -> Bösartig: (hxxp://www.delta-search.com/?babsrc=HP_ss&mntrId=E4611216D84F06BA&affID=119557&tsp=5025) Gut: (hxxp://www.google.com) -> Erfolgreich ersetzt und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Default_Search_URL (Hijack.SearchPage) -> Bösartig: (hxxp://search.certified-toolbar.com?si=66920&tid=6787&ver=4.4&ts=1380901594709&tguid=66920-6787-1380901594709-90A444A64D6FB485CFFF23F9079C8A49&st=chrome&q=) Gut: (hxxp://www.google.com) -> Erfolgreich ersetzt und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Search Bar (Hijack.SearchPage) -> Bösartig: (hxxp://search.certified-toolbar.com?si=66920&tid=6787&ver=4.4&ts=1380901594709&tguid=66920-6787-1380901594709-90A444A64D6FB485CFFF23F9079C8A49&st=chrome&q=) Gut: (hxxp://www.google.com) -> Erfolgreich ersetzt und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Search|Default_Search_URL (Hijack.SearchPage) -> Bösartig: (hxxp://search.certified-toolbar.com?si=66920&tid=6787&ver=4.4&ts=1380901594709&tguid=66920-6787-1380901594709-90A444A64D6FB485CFFF23F9079C8A49&st=chrome&q=) Gut: (hxxp://www.google.com/) -> Erfolgreich ersetzt und in Quarantäne gestellt.

Infizierte Verzeichnisse: 2
C:\Users\Masha\AppData\Roaming\Babylon (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Masha\AppData\Roaming\Windows Net Data (PUP.Optional.NetData.A) -> Löschen bei Neustart.

Infizierte Dateien: 12
C:\ProgramData\DSearchLink\DSearchLink.exe (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Masha\Downloads\MyPhoneExplorer_Setup_1.8.4.exe (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Masha\Downloads\PDFCreator.exe (PUP.Optional.Firseria) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Masha\AppData\Local\DownloadGuide\Offers\hometab.exe (PUP.Optional.HomeTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Masha\AppData\Local\DownloadGuide\Offers\plus-hd-3-8.exe (PUP.Optional.CrossRider) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\AutoKMS.exe (RiskWare.Tool.CK) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\Launcher.exe (PUP.Optional.Simplytech) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Masha\AppData\Roaming\Babylon\log_file.txt (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Masha\AppData\Roaming\Windows Net Data\well.dat (PUP.Optional.NetData.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Masha\AppData\Roaming\Windows Net Data\id.dat (PUP.Optional.NetData.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Masha\AppData\Roaming\Windows Net Data\net.exe (PUP.Optional.NetData.A) -> Löschen bei Neustart.
C:\Users\Masha\AppData\Roaming\Windows Net Data\uninstaller.exe (PUP.Optional.NetData.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         

Daraufhin war der nächste Quickscan, sowie ein Vollständiger Scan ohne Funde.

Dann habe ich das Microsoft-Tool zum Entfernen bösartiger Software einen vollständigen Scan durchführen lassen - ohne Funde.

Daraufhin habe ich einen vollständigen Scan mit dem EU-Cleaner von AVIRA durchgeführt. Dieser hat einen Fund gezeigt, den ich habe entfernen lassen.

Logfile EU-Cleaner

Code:
ATTFilter
**************************************************
Zusammenfassung des Suchlaufs:
**************************************************

Zeitstempel des letzten Updates: 18.01.2014 19:09:19

Konfigurationsprofil: sysscan.avp

Plattform      : Windows 8.1 Pro
Windowsversion : (plain)  [6.2.9200]

build.dat      : 10.0.0.64      13423 Bytes  12.09.2013 08:06:00

Version der lokalen Installation:
build.dat      : 14.0.2.286     55547 Bytes  09.12.2013 11:37:00


Beginn des Suchlaufs: Samstag, 18. Januar 2014  22:54

8158303d922b8bccba60da44ec992d562e94240cfcfee4e17f3f5c78657b5cb2
  [FUND]      Enthält Erkennungsmuster der Anwendung APPL/Downloader.Gen


Ende des Suchlaufs: Sonntag, 19. Januar 2014  00:02
Benötigte Zeit: 45:17 Minute(n)

Der Suchlauf wurde vollständig durchgeführt.

  50422 Verzeichnisse wurden überprüft
 1051996 Dateien wurden geprüft
      1 Viren bzw. unerwünschte Programme wurden gefunden
      0 Dateien wurden als verdächtig eingestuft
      1 Dateien wurden gelöscht
      0 Viren bzw. unerwünschte Programme wurden repariert
      1 Dateien wurden in die Quarantäne verschoben
      0 Dateien wurden umbenannt
   4208 Dateien konnten nicht durchsucht werden
 1047787 Dateien ohne Befall
  18507 Archive wurden durchsucht
   4208 Warnungen
      1 Hinweise
         
Daraufhin eine komplette Systemprüfung mit installierter Anti-Viren Software Avira Antivir: Keine Funde.

Dann ein Scan mit ADWCleaner , der folgendes Ergebnis ausspuckte-Ich habe hier noch nichts entfernen lassen, weil ich zu diesem Zeitpunkt entschlossen habe, hier nach HIlfe zu fragen - was ich wohl besser gleich hätte tun sollen.

Code:
ATTFilter
# AdwCleaner v3.017 - Bericht erstellt am 19/01/2014 um 21:17:48
# Aktualisiert 12/01/2014 von Xplode
# Betriebssystem : Windows 8.1 Pro  (64 bits)
# Benutzername : Masha - MARIA
# Gestartet von : C:\Users\Masha\Downloads\adwcleaner_3.017.exe
# Option : Suchen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Datei Gefunden : C:\Program Files (x86)\Mozilla Firefox\searchplugins\Web Search.xml
Datei Gefunden : C:\Users\Masha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\net.lnk
Datei Gefunden : C:\Users\Masha\AppData\Roaming\Mozilla\Firefox\Profiles\fljl28xy.default\searchplugins\Web Search.xml
Datei Gefunden : C:\Users\Masha\AppData\Roaming\Mozilla\Firefox\Profiles\fljl28xy.default\user.js
Datei Gefunden : C:\Users\Masha\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_360299\searchplugins\Web Search.xml
Ordner Gefunden : C:\Program Files (x86)\Mozilla Firefox\Extensions\ffxtlbr@babylon.com
Ordner Gefunden : C:\Users\Masha\AppData\Roaming\Mozilla\Firefox\Profiles\fljl28xy.default\Extensions\EFGLQA@78ETGYN-0W7FN789T87.COM
Ordner Gefunden : C:\Users\Masha\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_360299\Extensions\EFGLQA@78ETGYN-0W7FN789T87.COM
Ordner Gefunden C:\Program Files (x86)\myfree codec
Ordner Gefunden C:\ProgramData\Babylon
Ordner Gefunden C:\ProgramData\DSearchLink
Ordner Gefunden C:\ProgramData\Microsoft\Windows\Start Menu\Programs\myfree codec
Ordner Gefunden C:\SoftwareUpdater
Ordner Gefunden C:\Users\Masha\AppData\Local\DownloadGuide

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gefunden : HKCU\Software\APN PIP
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\simplytech
Schlüssel Gefunden : HKCU\Software\BabSolution
Schlüssel Gefunden : HKCU\Software\Delta
Schlüssel Gefunden : HKCU\Software\InstalledThirdPartyPrograms
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyFreeCodec
Schlüssel Gefunden : HKCU\Software\Myfree Codec
Schlüssel Gefunden : HKCU\Software\OCS
Schlüssel Gefunden : HKCU\Software\simplytech
Schlüssel Gefunden : [x64] HKCU\Software\APN PIP
Schlüssel Gefunden : [x64] HKCU\Software\BabSolution
Schlüssel Gefunden : [x64] HKCU\Software\Delta
Schlüssel Gefunden : [x64] HKCU\Software\InstalledThirdPartyPrograms
Schlüssel Gefunden : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gefunden : [x64] HKCU\Software\Myfree Codec
Schlüssel Gefunden : [x64] HKCU\Software\OCS
Schlüssel Gefunden : [x64] HKCU\Software\simplytech
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{5C3B5DAA-0AFF-4808-90FB-0F2F2D760E36}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{FD501041-8EBE-11CE-8183-00AA00577DA2}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Schlüssel Gefunden : HKLM\Software\DataMngr
Schlüssel Gefunden : HKLM\Software\Delta
Schlüssel Gefunden : HKLM\SOFTWARE\e2d8d8b169b913
Schlüssel Gefunden : HKLM\Software\FLEXnet
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CFD485F0-96BD-47CD-BB6D-CD7DDA95F102}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Schlüssel Gefunden : HKLM\Software\Myfree Codec
Schlüssel Gefunden : HKLM\Software\PIP
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\InstalledThirdPartyPrograms

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.16384

Einstellung Gefunden : HKCU\Software\Microsoft\Internet Explorer\Search [Search Bar] - hxxp://search.certified-toolbar.com?si=66920&tid=6787&ver=4.4&ts=1380901594709&tguid=66920-6787-1380901594709-90A444A64D6FB485CFFF23F9079C8A49&st=chrome&q=
Einstellung Gefunden : HKCU\Software\Microsoft\Internet Explorer\Search [Search Page] - hxxp://search.certified-toolbar.com?si=66920&tid=6787&ver=4.4&ts=1380901594709&tguid=66920-6787-1380901594709-90A444A64D6FB485CFFF23F9079C8A49&st=chrome&q=
Einstellung Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [(Default)] - hxxp://search.certified-toolbar.com?si=66920&st=bs&tid=6787&ver=4.4&ts=1380901594709&tguid=66920-6787-1380901594709-90A444A64D6FB485CFFF23F9079C8A49&q=%s

-\\ Mozilla Firefox v26.0 (de)

[ Datei : C:\Users\Masha\AppData\Roaming\Mozilla\Firefox\Profiles\fljl28xy.default\prefs.js ]

Zeile gefunden : user_pref("browser.search.defaultengine", "Web Search");
Zeile gefunden : user_pref("browser.search.order.1", "Web Search");
Zeile gefunden : user_pref("extensions.crossrider.bic", "1418426e520fe13fda793a347eafdda8");
Zeile gefunden : user_pref("extensions.delta.admin", false);
Zeile gefunden : user_pref("extensions.delta.aflt", "babsst");
Zeile gefunden : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
Zeile gefunden : user_pref("extensions.delta.autoRvrt", "false");
Zeile gefunden : user_pref("extensions.delta.dfltLng", "de");
Zeile gefunden : user_pref("extensions.delta.excTlbr", false);
Zeile gefunden : user_pref("extensions.delta.ffxUnstlRst", true);
Zeile gefunden : user_pref("extensions.delta.id", "e4615eeb0000000000001216d84f06ba");
Zeile gefunden : user_pref("extensions.delta.instlDay", "15982");
Zeile gefunden : user_pref("extensions.delta.instlRef", "sst");
Zeile gefunden : user_pref("extensions.delta.newTab", false);
Zeile gefunden : user_pref("extensions.delta.prdct", "delta");
Zeile gefunden : user_pref("extensions.delta.prtnrId", "delta");
Zeile gefunden : user_pref("extensions.delta.rvrt", "false");
Zeile gefunden : user_pref("extensions.delta.smplGrp", "none");
Zeile gefunden : user_pref("extensions.delta.tlbrId", "base");
Zeile gefunden : user_pref("extensions.delta.tlbrSrchUrl", "");
Zeile gefunden : user_pref("extensions.delta.vrsn", "1.8.24.6");
Zeile gefunden : user_pref("extensions.delta.vrsnTs", "1.8.24.618:24:06");
Zeile gefunden : user_pref("extensions.delta.vrsni", "1.8.24.6");
Zeile gefunden : user_pref("extensions.delta_i.babExt", "");
Zeile gefunden : user_pref("extensions.delta_i.babTrack", "affID=119557&tsp=5025");
Zeile gefunden : user_pref("extensions.delta_i.srcExt", "ss");
Zeile gefunden : user_pref("iminent.LayoutId", "1");
Zeile gefunden : user_pref("iminent.version", "7.36.1.1");
Zeile gefunden : user_pref("iminent.versioning", "{\"CurrentVersion\":\"7.36.1.1\",\"InstallEventCTime\":1380903871029,\"InstallEvent\":\"True\"}");
Zeile gefunden : user_pref("keyword.URL", "hxxp://search.certified-toolbar.com?si=66920&tid=6787&ver=4.4&ts=1380901594709&tguid=66920-6787-1380901594709-90A444A64D6FB485CFFF23F9079C8A49&st=chrome&q=");

[ Datei : C:\Users\Masha\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_360299\prefs.js ]

Zeile gefunden : user_pref("browser.search.defaultengine", "Web Search");
Zeile gefunden : user_pref("browser.search.defaultenginename", "Web Search");
Zeile gefunden : user_pref("browser.search.order.1", "Web Search");
Zeile gefunden : user_pref("keyword.URL", "hxxp://search.certified-toolbar.com?si=66920&tid=6787&ver=4.4&ts=1380901594709&tguid=66920-6787-1380901594709-90A444A64D6FB485CFFF23F9079C8A49&st=chrome&q=");

*************************

AdwCleaner[R0].txt - [16810 octets] - [19/01/2014 21:17:48]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [16871 octets] ##########
         
Ich würde gerne weitere Hilfe in Anspruch nehmen.
Daher habe ich nun die Schritte, die im Thread für alle Hilfesuchenden hier im Board beschrieben sind, durchgeführt.

defogger und frst funktionierten ohne Probleme.
Bei GMER bekam ich sowohl beim Start des Programms, als auch während des Scans 2 Fehlermeldungen:
"C:\WINDOWS\system32\config\system: Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird."
"C:Users\Masha\ntuser.dat: Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird."
Trotzdem konnte ich erfolgreich ein logfile speichern.

defogger_disable.log
Code:
ATTFilter
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 21:31 on 19/01/2014 (Masha)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
         
FRST.txt
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-01-2014 04
Ran by Masha (administrator) on MARIA on 19-01-2014 21:34:15
Running from C:\Users\Masha\Desktop
Windows 8.1 Pro (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ 
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ 
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
() C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Validity Sensors, Inc.) C:\Windows\System32\vcsFPService.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Sony Ericsson Mobile Communications AB) C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [BtTray] - C:\Program Files (x86)\Bluetooth Suite\BtTray.exe [764544 2012-09-14] (Qualcomm Atheros)
HKLM\...\Run: [BtvStack] - C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [127616 2012-09-14] (Atheros Communications)
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [1664000 2012-09-20] (IDT, Inc.)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2804976 2013-10-30] (Synaptics Incorporated)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [277504 2012-08-28] (Intel Corporation)
HKLM-x32\...\Run: [PDF Complete] - C:\Program Files (x86)\PDF Complete\pdfsty.exe [684064 2012-07-17] (PDF Complete Inc)
HKLM-x32\...\Run: [QLBController] - C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe [334240 2012-08-29] (Hewlett-Packard Company)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216 2012-08-06] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] - c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-08] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] - c:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-24] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] - c:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-29] (CyberLink Corp.)
HKLM-x32\...\Run: [YouCam Mirage] - c:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [136488 2012-08-31] (CyberLink)
HKLM-x32\...\Run: [YouCam Tray] - c:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe [167024 2012-08-31] (CyberLink Corp.)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [684600 2013-12-18] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [BCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [41336 2013-09-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840568 2013-09-03] (Adobe Systems Inc.)
HKLM-x32\...\Run: [CitrixReceiver] - "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk"
HKLM-x32\...\Run: [ConnectionCenter] - C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [383544 2012-12-14] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [KiesTrayAgent] - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311152 2013-04-23] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\RunOnce: [NCPluginUpdater] - "c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\NCPluginUpdater.exe" Update [21720 2014-01-14] (Hewlett-Packard)
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe,
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [Sony Ericsson PC Companion] - C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe [772096 2009-06-18] (Sony Ericsson Mobile Communications AB)
HKCU\...\Run: [KiesPreload] - C:\Program Files (x86)\Samsung\Kies\Kies.exe [1561968 2013-04-23] (Samsung)
HKCU\...\Run: [KiesAirMessage] - C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe [578560 2013-04-18] (Samsung Electronics)
HKCU\...\Run: [] - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [844168 2013-05-19] (Samsung)
HKCU\...\Run: [Sony Ericsson PC Suite] - C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe [434176 2009-11-20] (Sony Ericsson Mobile Communications AB)
Startup: C:\Users\Masha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\net.lnk
ShortcutTarget: net.lnk -> C:\Users\Masha\AppData\Roaming\Windows Net Data\net.exe (No File)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM13/10
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM13/10
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCOM13/10
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=CMNTDFJS
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=CMNTDFJS
SearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.certified-toolbar.com?si=66920&st=bs&tid=6787&ver=4.4&ts=1380901594709&tguid=66920-6787-1380901594709-90A444A64D6FB485CFFF23F9079C8A49&q={searchTerms}
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.certified-toolbar.com?si=66920&st=bs&tid=6787&ver=4.4&ts=1380901594709&tguid=66920-6787-1380901594709-90A444A64D6FB485CFFF23F9079C8A49&q={searchTerms}
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.certified-toolbar.com?si=66920&st=bs&tid=6787&ver=4.4&ts=1380901594709&tguid=66920-6787-1380901594709-90A444A64D6FB485CFFF23F9079C8A49&q={searchTerms}
SearchScopes: HKCU - {0633ee93-d776-472f-a0ff-e1416b8b2e3a} URL = hxxp://search.certified-toolbar.com?si=66920&st=bs&tid=6787&ver=4.4&ts=1380901594709&tguid=66920-6787-1380901594709-90A444A64D6FB485CFFF23F9079C8A49&q={searchTerms}
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=E4611216D84F06BA&affID=119557&tsp=5025
BHO: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: ClassicIEBHO Class - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIEDLL_64.dll (IvoSoft)
BHO-x32: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
BHO-x32: ClassicIEBHO Class - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIEDLL_32.dll (IvoSoft)
BHO-x32: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Free PDF Perfect - {EFC2B9BE-AB2B-47F1-A47D-9EB28E58C917} - C:\Program Files (x86)\Freemium\Free PDF Perfect\ieagent64.dll (soft Xpansion)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Free PDF Perfect - {EFC2B9BE-AB2B-47F1-A47D-9EB28E58C917} - C:\Program Files (x86)\Freemium\Free PDF Perfect\ieagent32.dll (soft Xpansion)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Hosts: 127.0.0.1 activate.adobe.com      
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Masha\AppData\Roaming\Mozilla\Firefox\Profiles\fljl28xy.default
FF user.js: detected! => C:\Users\Masha\AppData\Roaming\Mozilla\Firefox\Profiles\fljl28xy.default\user.js
FF NewTab: about:home
FF SearchEngineOrder.1: Web Search
FF Homepage: hxxp://www.google.de/
FF Keyword.URL: hxxp://search.certified-toolbar.com?si=66920&tid=6787&ver=4.4&ts=1380901594709&tguid=66920-6787-1380901594709-90A444A64D6FB485CFFF23F9079C8A49&st=chrome&q=
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF64_12_0_0_43.dll ()
FF Plugin: @java.com/DTPlugin,version=10.40.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.40.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_43.dll ()
FF Plugin-x32: @Citrix.com/npican - C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\Microsoft Office\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nullsoft.com/winampDetector;version=1 - C:\Program Files (x86)\Winamp Detect\npwachk.dll (Nullsoft, Inc.)
FF Plugin-x32: @soft-xpansion/npsxpdf - C:\Program Files (x86)\Common Files\Freemium\np-sxpdf.dll (soft-Xpansion)
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Acrobat - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Masha\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF SearchPlugin: C:\Users\Masha\AppData\Roaming\Mozilla\Firefox\Profiles\fljl28xy.default\searchplugins\Web Search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\Web Search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: pricealarm - C:\Users\Masha\AppData\Roaming\Mozilla\Firefox\Profiles\fljl28xy.default\Extensions\EFGLQA@78ETGYN-0W7FN789T87.COM [2013-10-04]
FF Extension: Adblock Plus - C:\Users\Masha\AppData\Roaming\Mozilla\Firefox\Profiles\fljl28xy.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-04-05]
FF Extension: Download Manager Tweak - C:\Users\Masha\AppData\Roaming\Mozilla\Firefox\Profiles\fljl28xy.default\Extensions\{F8A55C97-3DB6-4961-A81D-0DE0080E53CB}.xpi [2013-04-05]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\ffxtlbr@babylon.com [2013-12-23]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2013-04-05]
FF HKLM-x32\...\Firefox\Extensions: [{B45418F9-6406-4828-9D1A-35313FB1E2D6}] - C:\ProgramData\Freemium\Free PDF Perfect\Data\fftb
FF Extension: Free PDF Perfect - C:\ProgramData\Freemium\Free PDF Perfect\Data\fftb [2013-10-04]
FF HKLM-x32\...\Thunderbird\Extensions: [{B45418F9-6406-4828-9D1A-35313FB1E2D6}] - C:\ProgramData\Freemium\Free PDF Perfect\Data\fftb
FF Extension: Free PDF Perfect - C:\ProgramData\Freemium\Free PDF Perfect\Data\fftb [2013-10-04]

==================== Services (Whitelisted) =================

U2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376 2013-12-18] (Avira Operations GmbH & Co. KG)
U2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376 2013-11-29] (Avira Operations GmbH & Co. KG)
U2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [216192 2012-09-14] (Qualcomm Atheros Commnucations)
U2 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe [523680 2012-08-29] (Hewlett-Packard Company)
U2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-07-19] (Intel Corporation)
U2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-07-19] (Intel Corporation)
U2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
U2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
U2 OMSI download service; C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [90112 2009-04-30] ()
U2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1134624 2012-07-17] (PDF Complete Inc)
U3 SXDS10; C:\Program Files (x86)\Common Files\soft Xpansion\sxds10.exe [234096 2013-10-04] (soft Xpansion)
U3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [346872 2013-08-22] (Microsoft Corporation)
U2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23840 2013-08-22] (Microsoft Corporation)
U2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2012-09-14] (Atheros)

==================== Drivers (Whitelisted) ====================

U0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra)
U2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-18] (Avira Operations GmbH & Co. KG)
U1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [131576 2013-12-18] (Avira Operations GmbH & Co. KG)
U1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2013-11-29] (Avira Operations GmbH & Co. KG)
U3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-13] (Windows (R) Win 7 DDK provider)
U3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [76952 2012-09-14] (Qualcomm Atheros)
U3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [224768 2013-08-22] (Microsoft Corporation)
U1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
U3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)
U3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider)
U3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation)
U3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation)
U0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-10] (Intel Corporation)
U0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2013-11-11] (Microsoft Corporation)
U3 kbldfltr; C:\Windows\System32\drivers\kbldfltr.sys [22272 2013-09-30] (Microsoft Corporation)
U0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation)
U3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
U3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation)
U3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation)
U3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924512 2013-08-22] (Microsoft Corporation)
U3 s0016bus; C:\Windows\System32\drivers\s0016bus.sys [115240 2008-05-16] (MCCI Corporation)
U3 s0016mdfl; C:\Windows\system32\DRIVERS\s0016mdfl.sys [19496 2008-05-16] (MCCI Corporation)
U3 s0016mdm; C:\Windows\system32\DRIVERS\s0016mdm.sys [158760 2008-05-16] (MCCI Corporation)
U3 s0016mgmt; C:\Windows\system32\DRIVERS\s0016mgmt.sys [137256 2008-05-16] (MCCI Corporation)
U3 s0016nd5; C:\Windows\system32\DRIVERS\s0016nd5.sys [34344 2008-05-16] (MCCI Corporation)
U3 s0016obex; C:\Windows\system32\DRIVERS\s0016obex.sys [136744 2008-05-16] (MCCI Corporation)
U3 s0016unic; C:\Windows\System32\drivers\s0016unic.sys [151592 2008-05-16] (MCCI Corporation)
U3 SensorsServiceDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [230912 2013-08-22] (Microsoft Corporation)
U3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146776 2013-10-26] (Microsoft Corporation)
U3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-08-15] (Synaptics Incorporated)
U3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [43832 2012-08-15] (Synaptics Incorporated)
U3 SNP2UVC; C:\Windows\system32\DRIVERS\snp2uvc.sys [1864328 2012-10-04] ()
U0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2013-11-24] (Microsoft Corporation)
U3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation)
U3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124256 2013-08-22] (Microsoft Corporation)
U3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20288 2012-08-03] (Hewlett-Packard Development Company, L.P.)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-01-19 21:34 - 2014-01-19 21:34 - 00027974 _____ C:\Users\Masha\Desktop\FRST.txt
2014-01-19 21:33 - 2014-01-19 21:33 - 00000000 ____D C:\FRST
2014-01-19 21:32 - 2014-01-19 21:32 - 02076672 _____ (Farbar) C:\Users\Masha\Desktop\FRST64.exe
2014-01-19 21:31 - 2014-01-19 21:31 - 00000472 _____ C:\Users\Masha\Desktop\defogger_disable.log
2014-01-19 21:31 - 2014-01-19 21:31 - 00000000 _____ C:\Users\Masha\defogger_reenable
2014-01-19 21:29 - 2014-01-19 21:29 - 00050477 _____ C:\Users\Masha\Desktop\Defogger.exe
2014-01-19 21:17 - 2014-01-19 21:18 - 00000000 ____D C:\AdwCleaner
2014-01-19 21:16 - 2014-01-19 21:16 - 01236282 _____ C:\Users\Masha\Downloads\adwcleaner.exe
2014-01-19 21:14 - 2014-01-19 21:14 - 01236282 _____ C:\Users\Masha\Downloads\adwcleaner_3.017.exe
2014-01-19 18:22 - 2014-01-19 08:38 - 00270496 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2014-01-19 18:18 - 2014-01-19 18:18 - 17888136 _____ (Adobe Systems Incorporated) C:\Users\Masha\Downloads\install_flash_player.exe
2014-01-19 17:12 - 2014-01-19 17:12 - 00018113 _____ C:\Users\Masha\Downloads\hijackthis.log
2014-01-19 16:44 - 2014-01-19 16:44 - 00388608 _____ (Trend Micro Inc.) C:\Users\Masha\Downloads\HiJackThis204.exe
2014-01-19 16:42 - 2014-01-19 16:42 - 00370610 _____ C:\Users\Masha\Downloads\gmer_2.1.19323.zip
2014-01-19 15:35 - 2014-01-19 15:37 - 00000000 ____D C:\Users\Masha\Downloads\FastCopy
2014-01-19 15:34 - 2014-01-19 15:34 - 00380687 _____ C:\Users\Masha\Downloads\FastCopy211.zip
2014-01-19 15:03 - 2014-01-19 15:03 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Avira
2014-01-19 15:00 - 2014-01-19 15:27 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\ClassicShell
2014-01-19 15:00 - 2013-11-24 14:05 - 00002172 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\startscreen.lnk
2014-01-19 14:57 - 2014-01-19 14:57 - 00001452 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-01-19 14:57 - 2014-01-19 14:57 - 00000020 ___SH C:\Users\Administrator\ntuser.ini
2014-01-19 00:14 - 2014-01-19 00:14 - 00379904 _____ C:\Users\Masha\Downloads\gm2gwll6.exe
2014-01-19 00:07 - 2014-01-19 00:07 - 00379904 _____ C:\Users\Masha\Downloads\yy5ueqol.exe
2014-01-18 20:08 - 2014-01-18 20:08 - 02209056 _____ C:\Users\Masha\Downloads\avira-eu-cleaner_de.exe
2014-01-18 19:58 - 2014-01-18 19:58 - 24859352 _____ (Microsoft Corporation) C:\Users\Masha\Downloads\Windows-KB890830-x64-V5.8.exe
2014-01-18 19:51 - 2014-01-19 18:17 - 00000000 ____D C:\Users\Masha\Desktop\Logdateien Systemüberprüfung
2014-01-18 18:43 - 2014-01-18 18:43 - 00001127 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-01-18 18:43 - 2014-01-18 18:43 - 00000000 ____D C:\Users\Masha\AppData\Roaming\Malwarebytes
2014-01-18 18:43 - 2014-01-18 18:43 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-18 18:43 - 2014-01-18 18:43 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-18 18:43 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-01-18 18:41 - 2014-01-18 18:41 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Masha\Downloads\mbam-setup-1.75.0.1300.exe
2014-01-18 18:34 - 2013-12-18 21:04 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaws.exe
2014-01-18 18:33 - 2014-01-18 18:34 - 00005327 _____ C:\WINDOWS\SysWOW64\jupdate-1.7.0_51-b13.log
2014-01-18 12:01 - 2013-12-09 01:15 - 00787968 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
2014-01-18 12:01 - 2013-11-27 16:36 - 03395920 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSService.dll
2014-01-18 12:01 - 2013-11-27 12:41 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSCollect.exe
2014-01-18 12:01 - 2013-11-27 11:34 - 00138240 _____ C:\WINDOWS\system32\OEMLicense.dll
2014-01-18 12:01 - 2013-11-27 10:54 - 00103936 _____ C:\WINDOWS\SysWOW64\OEMLicense.dll
2014-01-18 12:01 - 2013-11-27 09:48 - 00249856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-01-18 12:01 - 2013-11-27 09:45 - 00206336 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSClient.dll
2014-01-18 12:01 - 2013-11-27 09:40 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-01-18 12:01 - 2013-11-27 09:38 - 00174592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSClient.dll
2014-01-18 12:01 - 2013-11-27 09:17 - 00695808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2014-01-18 12:01 - 2013-11-27 09:12 - 00848384 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2013-12-23 10:28 - 2013-12-23 10:28 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-22 15:03 - 2013-12-22 15:03 - 00903830 _____ C:\Users\Masha\Downloads\walnut2_for_thunderbird-2.0.21-tb.xpi
2013-12-22 14:02 - 2013-12-22 14:02 - 00000000 ____D C:\Users\Masha\AppData\Roaming\Thunderbird
2013-12-22 14:02 - 2013-12-22 14:02 - 00000000 ____D C:\Users\Masha\AppData\Local\Thunderbird
2013-12-22 14:01 - 2013-12-22 14:01 - 21981704 _____ (Mozilla) C:\Users\Masha\Downloads\Thunderbird Setup 24.2.0.exe
2013-12-22 14:01 - 2013-12-22 14:01 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2013-12-21 13:28 - 2013-12-21 13:28 - 00000000 ____D C:\Users\Public\Documents\CrashDump
2013-12-21 12:58 - 2013-12-21 13:26 - 00000000 ____D C:\Users\Masha\Documents\Arina
2013-12-21 12:42 - 2013-12-21 12:42 - 00000000 ____D C:\ProgramData\BVRP Software
2013-12-21 12:09 - 2013-12-21 12:09 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_SynTP_01011.Wdf
2013-12-21 12:02 - 2013-12-21 12:02 - 19159080 _____ (Sony Ericsson                                               ) C:\Users\Masha\Downloads\Sony_Ericsson_PC_Suite_6.011.00_Web_DEU.exe

==================== One Month Modified Files and Folders =======

2014-01-19 21:34 - 2014-01-19 21:34 - 00027974 _____ C:\Users\Masha\Desktop\FRST.txt
2014-01-19 21:33 - 2014-01-19 21:33 - 00000000 ____D C:\FRST
2014-01-19 21:32 - 2014-01-19 21:32 - 02076672 _____ (Farbar) C:\Users\Masha\Desktop\FRST64.exe
2014-01-19 21:32 - 2013-11-24 14:09 - 00000000 ____D C:\Users\Masha\AppData\Roaming\ClassicShell
2014-01-19 21:31 - 2014-01-19 21:31 - 00000472 _____ C:\Users\Masha\Desktop\defogger_disable.log
2014-01-19 21:31 - 2014-01-19 21:31 - 00000000 _____ C:\Users\Masha\defogger_reenable
2014-01-19 21:31 - 2013-11-24 13:23 - 00000000 ____D C:\Users\Masha
2014-01-19 21:29 - 2014-01-19 21:29 - 00050477 _____ C:\Users\Masha\Desktop\Defogger.exe
2014-01-19 21:28 - 2013-03-23 14:13 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-01-19 21:18 - 2014-01-19 21:17 - 00000000 ____D C:\AdwCleaner
2014-01-19 21:16 - 2014-01-19 21:16 - 01236282 _____ C:\Users\Masha\Downloads\adwcleaner.exe
2014-01-19 21:14 - 2014-01-19 21:14 - 01236282 _____ C:\Users\Masha\Downloads\adwcleaner_3.017.exe
2014-01-19 21:00 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\system32\sru
2014-01-19 20:27 - 2013-11-24 13:23 - 01254792 _____ C:\WINDOWS\WindowsUpdate.log
2014-01-19 18:25 - 2013-03-22 18:21 - 00000052 _____ C:\WINDOWS\SysWOW64\DOErrors.log
2014-01-19 18:24 - 2013-03-22 18:21 - 00000000 _____ C:\WINDOWS\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-01-19 18:21 - 2013-09-30 05:14 - 01984420 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2014-01-19 18:21 - 2013-09-30 04:56 - 00843606 _____ C:\WINDOWS\system32\perfh007.dat
2014-01-19 18:21 - 2013-09-30 04:56 - 00192300 _____ C:\WINDOWS\system32\perfc007.dat
2014-01-19 18:18 - 2014-01-19 18:18 - 17888136 _____ (Adobe Systems Incorporated) C:\Users\Masha\Downloads\install_flash_player.exe
2014-01-19 18:18 - 2013-03-23 14:13 - 00003772 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2014-01-19 18:17 - 2014-01-18 19:51 - 00000000 ____D C:\Users\Masha\Desktop\Logdateien Systemüberprüfung
2014-01-19 18:16 - 2012-11-22 13:18 - 00000000 ____D C:\ProgramData\PDFC
2014-01-19 18:15 - 2013-08-22 15:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2014-01-19 18:15 - 2013-08-22 14:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2014-01-19 17:12 - 2014-01-19 17:12 - 00018113 _____ C:\Users\Masha\Downloads\hijackthis.log
2014-01-19 16:44 - 2014-01-19 16:44 - 00388608 _____ (Trend Micro Inc.) C:\Users\Masha\Downloads\HiJackThis204.exe
2014-01-19 16:42 - 2014-01-19 16:42 - 00370610 _____ C:\Users\Masha\Downloads\gmer_2.1.19323.zip
2014-01-19 15:37 - 2014-01-19 15:35 - 00000000 ____D C:\Users\Masha\Downloads\FastCopy
2014-01-19 15:34 - 2014-01-19 15:34 - 00380687 _____ C:\Users\Masha\Downloads\FastCopy211.zip
2014-01-19 15:27 - 2014-01-19 15:00 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\ClassicShell
2014-01-19 15:27 - 2013-03-22 18:05 - 00003600 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1774212757-1747870556-2990911206-1002
2014-01-19 15:22 - 2012-12-05 02:25 - 00003596 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1774212757-1747870556-2990911206-500
2014-01-19 15:09 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2014-01-19 15:03 - 2014-01-19 15:03 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Avira
2014-01-19 14:58 - 2013-11-24 12:18 - 00000000 ____D C:\Users\Administrator\AppData\Local\Packages
2014-01-19 14:57 - 2014-01-19 14:57 - 00001452 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-01-19 14:57 - 2014-01-19 14:57 - 00000020 ___SH C:\Users\Administrator\ntuser.ini
2014-01-19 14:57 - 2013-11-24 13:23 - 00000000 ____D C:\Users\Administrator
2014-01-19 14:57 - 2013-11-24 12:18 - 00000000 ___RD C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-01-19 14:57 - 2013-11-24 12:18 - 00000000 ___RD C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-01-19 14:37 - 2013-08-19 18:30 - 00000000 ____D C:\Users\Masha\AppData\Roaming\Winamp
2014-01-19 14:36 - 2013-11-24 13:15 - 00000000 ___DC C:\WINDOWS\Panther
2014-01-19 14:36 - 2013-03-22 20:04 - 00000000 ____D C:\Users\Masha\AppData\Local\CrashDumps
2014-01-19 08:38 - 2014-01-19 18:22 - 00270496 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2014-01-19 00:14 - 2014-01-19 00:14 - 00379904 _____ C:\Users\Masha\Downloads\gm2gwll6.exe
2014-01-19 00:07 - 2014-01-19 00:07 - 00379904 _____ C:\Users\Masha\Downloads\yy5ueqol.exe
2014-01-18 20:08 - 2014-01-18 20:08 - 02209056 _____ C:\Users\Masha\Downloads\avira-eu-cleaner_de.exe
2014-01-18 20:01 - 2013-11-12 22:08 - 00003158 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForMasha
2014-01-18 20:01 - 2013-11-12 22:08 - 00000344 _____ C:\WINDOWS\Tasks\HPCeeScheduleForMasha.job
2014-01-18 19:58 - 2014-01-18 19:58 - 24859352 _____ (Microsoft Corporation) C:\Users\Masha\Downloads\Windows-KB890830-x64-V5.8.exe
2014-01-18 18:51 - 2013-10-04 17:23 - 00000000 ____D C:\ProgramData\DSearchLink
2014-01-18 18:43 - 2014-01-18 18:43 - 00001127 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-01-18 18:43 - 2014-01-18 18:43 - 00000000 ____D C:\Users\Masha\AppData\Roaming\Malwarebytes
2014-01-18 18:43 - 2014-01-18 18:43 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-18 18:43 - 2014-01-18 18:43 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-18 18:41 - 2014-01-18 18:41 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Masha\Downloads\mbam-setup-1.75.0.1300.exe
2014-01-18 18:34 - 2014-01-18 18:33 - 00005327 _____ C:\WINDOWS\SysWOW64\jupdate-1.7.0_51-b13.log
2014-01-18 18:34 - 2013-10-05 12:11 - 00000000 ____D C:\ProgramData\Oracle
2014-01-18 18:34 - 2013-07-10 12:59 - 00000000 ____D C:\Program Files (x86)\Java
2014-01-18 12:53 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\WinStore
2014-01-18 12:14 - 2013-08-14 16:10 - 00000000 ____D C:\WINDOWS\system32\MRT
2014-01-18 11:54 - 2013-03-22 18:22 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2014-01-16 20:52 - 2013-03-26 18:07 - 00000000 ____D C:\Users\Masha\AppData\Roaming\vlc
2014-01-16 19:08 - 2013-03-31 13:53 - 00000000 ____D C:\Users\Masha\Documents\Haus
2014-01-16 19:02 - 2013-04-09 18:37 - 00000000 ____D C:\Users\Masha\Documents\Papa
2014-01-15 18:38 - 2013-04-25 19:08 - 00000000 ____D C:\Users\Masha\Documents\Telekom
2014-01-07 17:20 - 2013-04-11 11:23 - 00000000 ____D C:\Users\Masha\Documents\Toyota
2014-01-06 23:31 - 2013-08-22 16:38 - 00693240 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-01-06 23:31 - 2013-08-22 16:38 - 00105464 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-01-06 16:20 - 2013-03-22 20:03 - 86054176 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2013-12-24 15:46 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\rescache
2013-12-24 15:09 - 2013-08-22 16:36 - 00000000 ___RD C:\WINDOWS\ToastData
2013-12-24 15:09 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\MediaViewer
2013-12-24 15:09 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\FileManager
2013-12-24 15:09 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\Camera
2013-12-23 10:28 - 2013-12-23 10:28 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-22 15:03 - 2013-12-22 15:03 - 00903830 _____ C:\Users\Masha\Downloads\walnut2_for_thunderbird-2.0.21-tb.xpi
2013-12-22 14:02 - 2013-12-22 14:02 - 00000000 ____D C:\Users\Masha\AppData\Roaming\Thunderbird
2013-12-22 14:02 - 2013-12-22 14:02 - 00000000 ____D C:\Users\Masha\AppData\Local\Thunderbird
2013-12-22 14:01 - 2013-12-22 14:01 - 21981704 _____ (Mozilla) C:\Users\Masha\Downloads\Thunderbird Setup 24.2.0.exe
2013-12-22 14:01 - 2013-12-22 14:01 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2013-12-21 13:28 - 2013-12-21 13:28 - 00000000 ____D C:\Users\Public\Documents\CrashDump
2013-12-21 13:27 - 2013-05-19 22:45 - 00000000 ____D C:\Users\Masha\AppData\Roaming\Samsung
2013-12-21 13:26 - 2013-12-21 12:58 - 00000000 ____D C:\Users\Masha\Documents\Arina
2013-12-21 12:50 - 2013-05-19 18:01 - 00000000 ____D C:\Users\Masha\AppData\Roaming\MyPhoneExplorer
2013-12-21 12:42 - 2013-12-21 12:42 - 00000000 ____D C:\ProgramData\BVRP Software
2013-12-21 12:42 - 2013-05-19 18:07 - 00000000 ____D C:\Users\Masha\AppData\Local\Sony Ericsson
2013-12-21 12:09 - 2013-12-21 12:09 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_SynTP_01011.Wdf
2013-12-21 12:02 - 2013-12-21 12:02 - 19159080 _____ (Sony Ericsson                                               ) C:\Users\Masha\Downloads\Sony_Ericsson_PC_Suite_6.011.00_Web_DEU.exe

Files to move or delete:
====================
C:\ProgramData\hpeF355.dll


Some content of TEMP:
====================
C:\Users\Administrator\AppData\Local\Temp\avgnt.exe
C:\Users\Masha\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-01-19 18:34

==================== End Of Log ============================
         
Addition.txt
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-01-2014 04
Ran by Masha at 2014-01-19 21:34:48
Running from C:\Users\Masha\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Avira Desktop (Disabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AS: Avira Desktop (Disabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

Adobe Acrobat X Pro - English, Français, Deutsch (x32 Version: 10.1.8 - Adobe Systems)
Adobe Flash Player 12 Plugin (x32 Version: 12.0.0.43 - Adobe Systems Incorporated)
AMD Accelerated Video Transcoding (Version: 12.5.100.20806 - Advanced Micro Devices, Inc.) Hidden
AMD APP SDK Runtime (Version: 10.0.938.2 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Install Manager (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)
Avira Free Antivirus (x32 Version: 14.0.2.286 - Avira)
Bonjour (Version: 3.0.0.10 - Apple Inc.)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center (x32 Version: 2012.0806.1156.19437 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2012.0806.1156.19437 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2012.0806.1156.19437 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2012.0806.1156.19437 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Profiles Mobile (x32 Version: 2012.0806.1156.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2012.0806.1156.19437 - Advanced Micro Devices, Inc.) Hidden
CCleaner (Version: 4.01 - Piriform)
Citrix Authentication Manager (x32 Version: 4.0.0.53726 - Citrix Systems, Inc.) Hidden
Citrix Receiver (DV) (x32 Version: 13.4.0.25 - Citrix Systems, Inc.) Hidden
Citrix Receiver (HDX Flash-Umleitung) (x32 Version: 13.4.0.25 - Citrix Systems, Inc.) Hidden
Citrix Receiver (USB) (x32 Version: 13.4.0.25 - Citrix Systems, Inc.) Hidden
Citrix Receiver (x32 Version: 13.4.0.25 - Citrix Systems, Inc.)
Citrix Receiver Inside (x32 Version: 3.4.0.29585 - Citrix Systems, Inc.) Hidden
Citrix Receiver Updater (x32 Version: 3.4.0.29577 - Citrix Systems, Inc.) Hidden
Citrix Receiver(Aero) (x32 Version: 13.4.0.25 - Citrix Systems, Inc.) Hidden
Classic Shell (Version: 4.0.2 - IvoSoft)
Corel PaintShop Pro Misc Content (x32 Version: 1.0.0.45 - Corel Corporation) Hidden
Corel PaintShop Pro Misc Content (x32 Version: 1.0.0.63 - Corel Corporation) Hidden
Corel PaintShop Pro Misc Content (x32 Version: 1.0.0.65 - Corel Corporation) Hidden
Corel PaintShop Pro Misc Content (x32 Version: 1.00.0000 - Ihr Firmenname) Hidden
Corel PaintShop Pro Picture Frame Content (x32 Version: 1.0.0.41 - Corel Corporation) Hidden
Corel PaintShop Pro Picture Frame Content (x32 Version: 1.00.0000 - Ihr Firmenname) Hidden
Corel PaintShop Pro X5 (x32 Version: 15.1.0.10 - Corel Corporation)
Corel PaintShop Pro X5 (x32 Version: 15.3.0.8 - Corel Corporation) Hidden
CyberLink Media Suite 10 (x32 Version: 10.0.1.1916 - CyberLink Corp.)
CyberLink Media Suite 10 (x32 Version: 10.0.1.1916 - CyberLink Corp.) Hidden
CyberLink PhotoDirector (x32 Version: 2.0.1.3109 - CyberLink Corp.)
CyberLink PhotoDirector (x32 Version: 2.0.1.3109 - CyberLink Corp.) Hidden
CyberLink Power2Go 8 (x32 Version: 8.0.1.1924 - CyberLink Corp.)
CyberLink Power2Go 8 (x32 Version: 8.0.1.1924 - CyberLink Corp.) Hidden
CyberLink PowerDirector 10 (x32 Version: 10.0.1.2006 - CyberLink Corp.)
CyberLink PowerDirector 10 (x32 Version: 10.0.1.2006 - CyberLink Corp.) Hidden
CyberLink PowerDVD (x32 Version: 10.0.6.4330 - CyberLink Corp.)
CyberLink PowerDVD (x32 Version: 10.0.6.4330 - CyberLink Corp.) Hidden
CyberLink YouCam (x32 Version: 4.1.1.3231 - CyberLink Corp.)
CyberLink YouCam (x32 Version: 4.1.1.3231 - CyberLink Corp.) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32 Version:  - Microsoft)
ElsterFormular (x32 Version: 14.1.20130301 - Landesfinanzdirektion Thüringen)
Energy Star (Version: 1.0.8 - Hewlett-Packard)
Evernote v. 4.5.7 (x32 Version: 4.5.7.7146 - Evernote Corp.)
Free Pdf Perfect Prereq (x32 Version: 1.0.0.0 - Covus Freemium GmbH)
Free Pdf Perfect Prereq (x32 Version: 1.0.0.0 - Covus Freemium GmbH) Hidden
Freemium Free PDF Perfect (x32 Version: 1.0 - Freemium)
Hewlett-Packard ACLM.NET v1.2.0.0 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP 3D DriveGuard (Version: 5.1.5.1 - Hewlett-Packard Company)
HP Customer Experience Enhancements (x32 Version: 6.0.1.7 - Hewlett-Packard) Hidden
HP Documentation (x32 Version: 1.2.0.0 - Hewlett-Packard)
HP ESU for Microsoft Windows 8 (x32 Version: 1.0.1.1 - Hewlett-Packard Company)
HP HD Webcam Driver (x32 Version: 6.0.1112.2_WHQL - Sonix)
HP Hotkey Support (x32 Version: 4.6.10.1 - Hewlett-Packard Company)
HP Postscript Converter (Version: 3.1.3591 - Hewlett-Packard) Hidden
HP Registration Service (Version: 1.0.5976.4186 - Hewlett-Packard)
HP SoftPaq Download Manager (x32 Version: 3.4.6.0 - Hewlett-Packard Company)
HP Software Framework (x32 Version: 4.6.8.1 - Hewlett-Packard Company)
HP Software Setup (x32 Version: 8.5.4.1 - Hewlett-Packard Company)
HP Support Assistant (x32 Version: 7.0.33.6 - Hewlett-Packard Company)
HP System Default Settings (x32 Version: 1.0.3.2 - Hewlett-Packard Company)
HP Wireless Button Driver (x32 Version: 1.0.5.1 - Hewlett-Packard Company)
HxD Hex Editor Version 1.7.7.0 (x32 Version: 1.7.7.0 - Maël Hörz)
ICA (x32 Version: 15.1.0.10 - Corel Corporation) Hidden
IDT Audio (x32 Version: 1.0.6428.0 - IDT)
Intel(R) Management Engine Components (x32 Version: 8.1.0.1281 - Intel Corporation)
Intel(R) Processor Graphics (x32 Version: 10.18.10.3316 - Intel Corporation)
Intel(R) Rapid Storage Technology (x32 Version: 11.5.6.1002 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.24.738.1 - Intel Corporation) Hidden
IPM_PSP_COM (x32 Version: 15.1.0.10 - Corel Corporation) Hidden
Java 7 Update 40 (64-bit) (Version: 7.0.400 - Oracle)
Java 7 Update 51 (x32 Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
JMicron Flash Media Controller Driver (x32 Version: 1.0.72.4 - JMicron Technology Corp.)
Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft Office (x32 Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (x32 Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 26.0 (x86 de) (x32 Version: 26.0 - Mozilla)
Mozilla Maintenance Service (x32 Version: 26.0 - Mozilla)
Mozilla Thunderbird 24.2.0 (x86 de) (x32 Version: 24.2.0 - Mozilla)
MyFreeCodec (HKCU Version:  - )
MyPhoneExplorer (x32 Version: 1.8.4 - F.J. Wechselberger)
Online Plug-in (x32 Version: 13.4.0.25 - Citrix Systems, Inc.) Hidden
PDF Complete Corporate Edition (x32 Version: 4.1.8 - PDF Complete, Inc)
PSPPContent (x32 Version: 15.3.0.8 - Corel Corporation) Hidden
PSPPHelp (x32 Version: 15.1.0.10 - Corel Corporation) Hidden
PSPPro64 (Version: 15.1.0.10 - Corel Corporation) Hidden
PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
Qualcomm Atheros Bluetooth Suite (64) (Version: 8.0.0.209 - Qualcomm Atheros Communications)
Qualcomm Atheros Driver Installation Program (x32 Version: 10.0 - Qualcomm Atheros)
Realtek Ethernet Controller All-In-One Windows Driver (x32 Version: 8.2.612.2012 - Realtek)
Samsung Kies (x32 Version: 2.5.3.13043_14 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.5.3.13043_14 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (Version: 1.5.23.0 - SAMSUNG Electronics Co., Ltd.)
Scan2PDF 1.6 (x32 Version:  - Koma-Code)
Self-Service Plug-in (x32 Version: 3.4.0.33684 - Citrix Systems, Inc.) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version:  - Microsoft) Hidden
Setup (x32 Version: 15.1.0.10 - Ihr Firmenname) Hidden
Snagit 11 (x32 Version: 11.1.0 - TechSmith Corporation)
Sony Ericsson PC Companion 1.50.52 (x32 Version: 1.50.52 - Sony Ericsson)
Sony Ericsson PC Suite 6.011.00 (x32 Version: 6.011.00 - Sony Ericsson)
SopCast 3.8.2 (x32 Version: 3.8.2 - www.sopcast.com)
Synaptics Pointing Device Driver (Version: 17.0.18.8 - Synaptics Incorporated)
Unity Web Player (HKCU Version:  - Unity Technologies ApS)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition (x32 Version:  - Microsoft)
Validity Fingerprint Sensor Driver (Version: 4.4.228.0 - Validity Sensors, Inc.)
VLC media player 2.0.7 (x32 Version: 2.0.7 - VideoLAN)
Winamp (x32 Version: 5.65  - Nullsoft, Inc)
Winamp Erkennungs-Plug-in (HKCU Version: 1.0.0.1 - Nullsoft, Inc)
WinRAR 4.20 (64-Bit) (Version: 4.20.0 - win.rar GmbH)

==================== Restore Points  =========================


==================== Hosts content: ==========================

2012-07-26 06:26 - 2013-04-05 18:00 - 00002685 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 activate.adobe.com      
      127.0.0.1 practivate.adobe.com
      127.0.0.1 adobeereg.com
      127.0.0.1 www.adobeereg.com
      127.0.0.1 activate.adobe.com
      127.0.0.1 activate-sea.adobe.com
      127.0.0.1 activate-sjc0.adobe.com
      127.0.0.1 wwis-dubc1-vip60.adobe.com
      127.0.0.1 192.150.18.108
      127.0.0.1 activate.adobe.com:443
      127.0.0.1 3dns.adobe.com
      127.0.0.1 3dns-1.adobe.com
      127.0.0.1 3dns-2.adobe.com
      127.0.0.1 3dns-3.adobe.com
      127.0.0.1 3dns-4.adobe.com
      127.0.0.1 adobeereg.com
      127.0.0.1 www.adobeereg.com
      127.0.0.1 activate.adobe.com
      127.0.0.1 activate-sea.adobe.com
      127.0.0.1 activate-sjc0.adobe.com
      127.0.0.1 wwis-dubc1-vip60.adobe.com
      127.0.0.1 192.150.18.108
      127.0.0.1 adobe-dns.adobe.com
      127.0.0.1 adobe-dns-1.adobe.com
      127.0.0.1 adobe-dns-2.adobe.com
      127.0.0.1 adobe-dns-3.adobe.com
      127.0.0.1 adobe-dns-4.adobe.com
      127.0.0.1 adobe-dns-5.adobe.com
      127.0.0.1 ereg.wip3.adobe.com
      127.0.0.1 ereg.adobe.com
      127.0.0.1 practivate.adobe.com
      127.0.0.1 wip3.adobe.com
      127.0.0.1 wwis-dubc1-vip60.adobe.com
      127.0.0.1 ntrack.com
      127.0.0.1 hl2rcv.adobe.com
      127.0.0.1 activate.wip3.adobe.com
      127.0.0.1 activate.adobe.de
      127.0.0.1 practivate.adobe.de
      127.0.0.1 ereg.adobe.de
      127.0.0.1 activate.wip3.adobe.de
      127.0.0.1 wip3.adobe.de
      127.0.0.1 3dns-3.adobe.de
      127.0.0.1 3dns-2.adobe.de
      127.0.0.1 adobe-dns.adobe.de
      127.0.0.1 adobe-dns-2.adobe.de
      127.0.0.1 adobe-dns-3.adobe.de
      127.0.0.1 ereg.wip3.adobe.de
      127.0.0.1 activate-sea.adobe.de
      127.0.0.1 wwis-dubc1-vip60.adobe.de
      127.0.0.1 activate-sjc0.adobe.de
      127.0.0.1 hl2rcv.adobe.de

==================== Scheduled Tasks (whitelisted) =============

Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {0574DF83-EA43-4D11-B8D8-C33A6E108297} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Opt-in For HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF_Utils.exe [2012-08-15] (Hewlett-Packard Company)
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {699D6184-2724-4690-997B-B8DD57639910} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS.exe
Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {8380BF14-7A22-4D1B-82A9-D8ED8949D416} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-08-15] (Hewlett-Packard Company)
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {B4CBD429-23BD-42A1-B9C1-D96D7B9DB662} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-04-23] (Piriform Ltd)
Task: {C3C9FB52-0924-4B00-817E-0F6AAEFD9562} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater\HPSFUpdater.exe
Task: {CD99ECA0-B3D2-4795-A714-262924954240} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-01-19] (Adobe Systems Incorporated)
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {D349032C-454F-481B-8FD3-EB8ED44C19DE} - System32\Tasks\HPCeeScheduleForMasha => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14] (Hewlett-Packard)
Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {E02AB770-D8B9-4278-A414-A32AB0B4452D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-08-15] (Hewlett-Packard Company)
Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: {EA8B081F-A215-418F-8A08-81FD2E960C0A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-08-15] (Hewlett-Packard Company)
Task: {F0BB1A7F-77EE-4F75-8368-9CFAF4AD3662} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-01-06] (Microsoft Corporation)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForMasha.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Loaded Modules (whitelisted) =============

2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2013-10-03 23:42 - 2013-10-03 23:42 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-03-22 18:31 - 2013-03-22 18:24 - 00397704 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2013-05-19 18:10 - 2008-11-07 14:05 - 00196608 _____ () C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\Report.dll
2013-05-19 18:10 - 2009-06-03 16:25 - 00053248 _____ () C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\VObject.dll
2013-05-19 18:10 - 2009-04-01 07:33 - 00106496 _____ () C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\CalEngine.dll
2013-05-19 18:10 - 2009-06-16 16:10 - 00155648 _____ () C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\Contacts.dll
2013-05-19 18:10 - 2009-07-29 10:43 - 00155648 _____ () C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\CAgdLNote.dll
2013-05-19 18:10 - 2009-04-28 10:17 - 00208896 _____ () C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\CAgdOutlook.dll
2013-05-19 18:10 - 2009-10-13 08:45 - 00225280 _____ () C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\VistaCalendar.dll
2013-05-19 18:10 - 2009-06-24 14:48 - 00282624 _____ () C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\MESSAGING.dll
2013-05-19 18:10 - 2009-11-17 13:03 - 00745472 _____ () C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\MmsKrnl.dll
2013-05-19 18:10 - 2009-03-26 14:41 - 00315392 _____ () C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\MelodyEdit.dll
2013-05-19 18:10 - 2009-10-05 15:54 - 00200704 _____ () C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\LogoEdit.dll
2013-05-19 18:10 - 2009-11-20 13:45 - 00294912 _____ () C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\Calendar.dll
2013-11-26 20:19 - 2013-11-26 20:19 - 00016384 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PSIClient\d049e76c122ba0adf500e5c72bc3c8bf\PSIClient.ni.dll
2012-12-05 02:49 - 2012-07-18 07:55 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2013-12-23 10:28 - 2013-12-23 10:28 - 03559024 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Faulty Device Manager Devices =============

Name: Bluetooth Audio Device
Description: Bluetooth Audio Device
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: Qualcomm Atheros Communications
Service: BTATH_A2DP
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: AMD Radeon Hybrid (Blocked)
Description: AMD Radeon Hybrid (Blocked)
Class Guid: {4d36e968-e325-11ce-bfc1-08002be10318}
Manufacturer: Advanced Micro Devices, Inc.
Service: BasicDisplay
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Virtual Bluetooth Support (Include Audio)
Description: Virtual Bluetooth Support (Include Audio)
Class Guid: {c7c038ad-1f2d-44d4-b2fe-d912be20e6d5}
Manufacturer: Qualcomm Atheros Communications
Service: AthBTPort
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Bluetooth LWFLT Device
Description: Bluetooth LWFLT Device
Class Guid: {c7c038ad-1f2d-44d4-b2fe-d912be20e6d5}
Manufacturer: Qualcomm Atheros Communications
Service: BTATH_LWFLT
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver


==================== Event log errors: =========================

Could not start eventlog service, could not read events.

Der angeforderte Dienst wurde bereits gestartet.

Sie erhalten weitere Hilfe, wenn Sie NET HELPMSG 2182 eingeben.


==================== Memory info =========================== 

Percentage of memory in use: 25%
Total physical RAM: 8072.21 MB
Available physical RAM: 6022.39 MB
Total Pagefile: 9352.21 MB
Available Pagefile: 7028.3 MB
Total Virtual: 131072 MB
Available Virtual: 131071.77 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:681.23 GB) (Free:554.61 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (HP_TOOLS) (Fixed) (Total:1.99 GB) (Free:1.99 GB) FAT32
Drive f: (HP_RECOVERY) (Fixed) (Total:13.86 GB) (Free:2.21 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 699 GB) (Disk ID: A50E1C7D)

Partition: GPT Partition Type
==================== End Of Log ============================
         
gmer.log
Code:
ATTFilter
GMER 2.1.19324 - hxxp://www.gmer.net
Rootkit scan 2014-01-19 21:39:56
Windows 6.2.9200  x64 \Device\Harddisk0\DR0 -> \Device\00000038 WDC_WD7500BPKT-60PK4T0 rev.01.01A01 698,64GB
Running: yy5ueqol.exe; Driver: C:\Users\Masha\AppData\Local\Temp\uxldypod.sys


---- Kernel code sections - GMER 2.1 ----

.text   C:\WINDOWS\System32\win32k.sys!W32pServiceTable                                                                fffff9600006c700 15 bytes [00, EA, 0F, 02, 00, 7F, 6F, ...]
.text   C:\WINDOWS\System32\win32k.sys!W32pServiceTable + 16                                                           fffff9600006c710 11 bytes [00, 1F, FC, FF, 80, 52, DE, ...]

---- User code sections - GMER 2.1 ----

.text   C:\Windows\system32\vcsFPService.exe[1984] C:\Windows\system32\WSOCK32.dll!setsockopt + 194                    00007ffda3d91f6a 4 bytes [D9, A3, FD, 7F]
.text   C:\Windows\system32\vcsFPService.exe[1984] C:\Windows\system32\WSOCK32.dll!setsockopt + 218                    00007ffda3d91f82 4 bytes [D9, A3, FD, 7F]
.text   C:\Windows\system32\vcsFPService.exe[1984] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506              00007ffdad38169a 4 bytes [38, AD, FD, 7F]
.text   C:\Windows\system32\vcsFPService.exe[1984] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514              00007ffdad3816a2 4 bytes [38, AD, FD, 7F]
.text   C:\Windows\system32\vcsFPService.exe[1984] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118                 00007ffdad38181a 4 bytes [38, AD, FD, 7F]
.text   C:\Windows\system32\vcsFPService.exe[1984] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142                 00007ffdad381832 4 bytes [38, AD, FD, 7F]
.text   C:\Windows\System32\igfxpers.exe[3508] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506                  00007ffdad38169a 4 bytes [38, AD, FD, 7F]
.text   C:\Windows\System32\igfxpers.exe[3508] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514                  00007ffdad3816a2 4 bytes [38, AD, FD, 7F]
.text   C:\Windows\System32\igfxpers.exe[3508] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118                     00007ffdad38181a 4 bytes [38, AD, FD, 7F]
.text   C:\Windows\System32\igfxpers.exe[3508] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142                     00007ffdad381832 4 bytes [38, AD, FD, 7F]
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3856] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506     00007ffdad38169a 4 bytes [38, AD, FD, 7F]
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3856] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514     00007ffdad3816a2 4 bytes [38, AD, FD, 7F]
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3856] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118        00007ffdad38181a 4 bytes [38, AD, FD, 7F]
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3856] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142        00007ffdad381832 4 bytes [38, AD, FD, 7F]
.text   C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[1084] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506  00007ffdad38169a 4 bytes [38, AD, FD, 7F]
.text   C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[1084] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514  00007ffdad3816a2 4 bytes [38, AD, FD, 7F]
.text   C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[1084] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118     00007ffdad38181a 4 bytes [38, AD, FD, 7F]
.text   C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[1084] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142     00007ffdad381832 4 bytes [38, AD, FD, 7F]
.text   C:\Program Files\Windows Defender\MsMpEng.exe[5844] C:\WINDOWS\system32\psapi.dll!GetModuleBaseNameA + 506     00007ffdad38169a 4 bytes [38, AD, FD, 7F]
.text   C:\Program Files\Windows Defender\MsMpEng.exe[5844] C:\WINDOWS\system32\psapi.dll!GetModuleBaseNameA + 514     00007ffdad3816a2 4 bytes [38, AD, FD, 7F]
.text   C:\Program Files\Windows Defender\MsMpEng.exe[5844] C:\WINDOWS\system32\psapi.dll!QueryWorkingSet + 118        00007ffdad38181a 4 bytes [38, AD, FD, 7F]
.text   C:\Program Files\Windows Defender\MsMpEng.exe[5844] C:\WINDOWS\system32\psapi.dll!QueryWorkingSet + 142        00007ffdad381832 4 bytes [38, AD, FD, 7F]

---- Threads - GMER 2.1 ----

Thread  C:\WINDOWS\system32\csrss.exe [584:608]                                                                        fffff960009cb4d0

---- Disk sectors - GMER 2.1 ----

Disk    \Device\Harddisk0\DR0                                                                                          unknown MBR code

---- EOF - GMER 2.1 ----
         

Alt 20.01.2014, 08:19   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Von Telekom auf möglichen Befall mit Schädlingssoftware hingewiesen - Systemprüfung erforderlich - Standard

Von Telekom auf möglichen Befall mit Schädlingssoftware hingewiesen - Systemprüfung erforderlich



hi,

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________

__________________

Alt 20.01.2014, 19:25   #3
Philip84
 
Von Telekom auf möglichen Befall mit Schädlingssoftware hingewiesen - Systemprüfung erforderlich - Standard

Von Telekom auf möglichen Befall mit Schädlingssoftware hingewiesen - Systemprüfung erforderlich



Danke erstmal,

Anweisungen ausgeführt.

Ergebnis des Scans mit Malwarebytes Anti Rootkit:

"Scan Finished: No Malware Found"

mbar-log

Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.07.0.1008
www.malwarebytes.org

Database version: v2014.01.20.06

Windows 8 x64 NTFS
Internet Explorer 11.0.9600.16476
Masha :: MARIA [administrator]

20.01.2014 18:57:45
mbar-log-2014-01-20 (18-57-45).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 263220
Time elapsed: 12 minute(s), 51 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)
         
__________________

Alt 21.01.2014, 11:02   #4
schrauber
/// the machine
/// TB-Ausbilder
 

Von Telekom auf möglichen Befall mit Schädlingssoftware hingewiesen - Systemprüfung erforderlich - Standard

Von Telekom auf möglichen Befall mit Schädlingssoftware hingewiesen - Systemprüfung erforderlich



Mit AdwCleaner alles löschen lassen, dann:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 22.01.2014, 17:26   #5
Philip84
 
Von Telekom auf möglichen Befall mit Schädlingssoftware hingewiesen - Systemprüfung erforderlich - Standard

Von Telekom auf möglichen Befall mit Schädlingssoftware hingewiesen - Systemprüfung erforderlich



Nun, sieht nicht mehr nach Problemen aus. Obwohl man davon ja vorher auch nichts gemerkt hat. Nur die Telekom war knatschig.

Vielen lieben Dank schonmal für die tolle Hilfe.
Sieht denn soweit alles sauber aus??

hier das ESET log

Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=4b84fc1c70c1bd488997d2af77b8fd9f
# engine=16736
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-01-21 07:20:28
# local_time=2014-01-21 08:20:28 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.2.9200 NT 
# compatibility_mode=1799 16775165 100 96 12700 26362665 5455 0
# compatibility_mode=5893 16776573 100 94 8881 13165730 0 0
# scanned=266461
# found=0
# cleaned=0
# scan_time=8273
         
Hier die checkup.txt von SecurityCheck

Code:
ATTFilter
 Results of screen317's Security Check version 0.99.79  
   x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
Windows Defender   
Avira Desktop      
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Malwarebytes Anti-Malware Version 1.75.0.1300  
 Java 7 Update 51  
 Adobe Flash Player 	12.0.0.43  
 Mozilla Firefox (26.0) 
 Mozilla Thunderbird (24.2.0) 
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbamgui.exe  
 Avira Antivir avgnt.exe 
 Avira Antivir avguard.exe 
 Malwarebytes' Anti-Malware mbamscheduler.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log``````````````````````
         
Hier die frische FRST.log


FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-01-2014 01
Ran by Masha (administrator) on MARIA on 22-01-2014 17:19:07
Running from C:\Users\Masha\Desktop
Windows 8.1 Pro (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
() C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Validity Sensors, Inc.) C:\Windows\System32\vcsFPService.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Sony Ericsson Mobile Communications AB) C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [BtTray] - C:\Program Files (x86)\Bluetooth Suite\BtTray.exe [764544 2012-09-14] (Qualcomm Atheros)
HKLM\...\Run: [BtvStack] - C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [127616 2012-09-14] (Atheros Communications)
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [1664000 2012-09-20] (IDT, Inc.)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2804976 2013-10-30] (Synaptics Incorporated)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [277504 2012-08-28] (Intel Corporation)
HKLM-x32\...\Run: [PDF Complete] - C:\Program Files (x86)\PDF Complete\pdfsty.exe [684064 2012-07-17] (PDF Complete Inc)
HKLM-x32\...\Run: [QLBController] - C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe [334240 2012-08-29] (Hewlett-Packard Company)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216 2012-08-06] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] - c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-08] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] - c:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-24] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] - c:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-29] (CyberLink Corp.)
HKLM-x32\...\Run: [YouCam Mirage] - c:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [136488 2012-08-31] (CyberLink)
HKLM-x32\...\Run: [YouCam Tray] - c:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe [167024 2012-08-31] (CyberLink Corp.)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [684600 2013-12-18] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [BCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [41336 2013-09-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840568 2013-09-03] (Adobe Systems Inc.)
HKLM-x32\...\Run: [CitrixReceiver] - "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk"
HKLM-x32\...\Run: [ConnectionCenter] - C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [383544 2012-12-14] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [KiesTrayAgent] - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311152 2013-04-23] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2014-01-14] (Hewlett-Packard)
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe,
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [Sony Ericsson PC Companion] - C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe [772096 2009-06-18] (Sony Ericsson Mobile Communications AB)
HKCU\...\Run: [KiesPreload] - C:\Program Files (x86)\Samsung\Kies\Kies.exe [1561968 2013-04-23] (Samsung)
HKCU\...\Run: [KiesAirMessage] - C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe [578560 2013-04-18] (Samsung Electronics)
HKCU\...\Run: [] - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [844168 2013-05-19] (Samsung)
HKCU\...\Run: [Sony Ericsson PC Suite] - C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe [434176 2009-11-20] (Sony Ericsson Mobile Communications AB)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM13/10
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM13/10
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCOM13/10
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=CMNTDFJS
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=CMNTDFJS
SearchScopes: HKCU - {0633ee93-d776-472f-a0ff-e1416b8b2e3a} URL = hxxp://search.certified-toolbar.com?si=66920&st=bs&tid=6787&ver=4.4&ts=1380901594709&tguid=66920-6787-1380901594709-90A444A64D6FB485CFFF23F9079C8A49&q={searchTerms}
BHO: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: ClassicIEBHO Class - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIEDLL_64.dll (IvoSoft)
BHO-x32: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
BHO-x32: ClassicIEBHO Class - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIEDLL_32.dll (IvoSoft)
BHO-x32: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Free PDF Perfect - {EFC2B9BE-AB2B-47F1-A47D-9EB28E58C917} - C:\Program Files (x86)\Freemium\Free PDF Perfect\ieagent64.dll (soft Xpansion)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Free PDF Perfect - {EFC2B9BE-AB2B-47F1-A47D-9EB28E58C917} - C:\Program Files (x86)\Freemium\Free PDF Perfect\ieagent32.dll (soft Xpansion)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Hosts: 127.0.0.1 activate.adobe.com      
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Masha\AppData\Roaming\Mozilla\Firefox\Profiles\fljl28xy.default
FF NewTab: about:home
FF Homepage: hxxp://www.google.de/
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF64_12_0_0_43.dll ()
FF Plugin: @java.com/DTPlugin,version=10.40.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.40.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_43.dll ()
FF Plugin-x32: @Citrix.com/npican - C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\Microsoft Office\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nullsoft.com/winampDetector;version=1 - C:\Program Files (x86)\Winamp Detect\npwachk.dll (Nullsoft, Inc.)
FF Plugin-x32: @soft-xpansion/npsxpdf - C:\Program Files (x86)\Common Files\Freemium\np-sxpdf.dll (soft-Xpansion)
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Acrobat - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Masha\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Adblock Plus - C:\Users\Masha\AppData\Roaming\Mozilla\Firefox\Profiles\fljl28xy.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-04-05]
FF Extension: Download Manager Tweak - C:\Users\Masha\AppData\Roaming\Mozilla\Firefox\Profiles\fljl28xy.default\Extensions\{F8A55C97-3DB6-4961-A81D-0DE0080E53CB}.xpi [2013-04-05]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2013-04-05]
FF HKLM-x32\...\Firefox\Extensions: [{B45418F9-6406-4828-9D1A-35313FB1E2D6}] - C:\ProgramData\Freemium\Free PDF Perfect\Data\fftb
FF Extension: Free PDF Perfect - C:\ProgramData\Freemium\Free PDF Perfect\Data\fftb [2013-10-04]
FF HKLM-x32\...\Thunderbird\Extensions: [{B45418F9-6406-4828-9D1A-35313FB1E2D6}] - C:\ProgramData\Freemium\Free PDF Perfect\Data\fftb
FF Extension: Free PDF Perfect - C:\ProgramData\Freemium\Free PDF Perfect\Data\fftb [2013-10-04]

==================== Services (Whitelisted) =================

U2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376 2013-12-18] (Avira Operations GmbH & Co. KG)
U2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376 2013-11-29] (Avira Operations GmbH & Co. KG)
U2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [216192 2012-09-14] (Qualcomm Atheros Commnucations)
U2 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe [523680 2012-08-29] (Hewlett-Packard Company)
U2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-07-19] (Intel Corporation)
U2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-07-19] (Intel Corporation)
U2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
U2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
U2 OMSI download service; C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [90112 2009-04-30] ()
U2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1134624 2012-07-17] (PDF Complete Inc)
U3 SXDS10; C:\Program Files (x86)\Common Files\soft Xpansion\sxds10.exe [234096 2013-10-04] (soft Xpansion)
U3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [346872 2013-08-22] (Microsoft Corporation)
U3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23840 2013-08-22] (Microsoft Corporation)
U2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2012-09-14] (Atheros)

==================== Drivers (Whitelisted) ====================

U0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra)
U2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-18] (Avira Operations GmbH & Co. KG)
U1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [131576 2013-12-18] (Avira Operations GmbH & Co. KG)
U1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2013-11-29] (Avira Operations GmbH & Co. KG)
U3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-13] (Windows (R) Win 7 DDK provider)
U3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [76952 2012-09-14] (Qualcomm Atheros)
U3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [224768 2013-08-22] (Microsoft Corporation)
U1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
U3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)
U3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider)
U3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation)
U3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation)
U0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-10] (Intel Corporation)
U0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2013-11-11] (Microsoft Corporation)
U3 kbldfltr; C:\Windows\System32\drivers\kbldfltr.sys [22272 2013-09-30] (Microsoft Corporation)
U0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation)
U3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
U3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation)
U3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation)
U3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924512 2013-08-22] (Microsoft Corporation)
U3 s0016bus; C:\Windows\System32\drivers\s0016bus.sys [115240 2008-05-16] (MCCI Corporation)
U3 s0016mdfl; C:\Windows\system32\DRIVERS\s0016mdfl.sys [19496 2008-05-16] (MCCI Corporation)
U3 s0016mdm; C:\Windows\system32\DRIVERS\s0016mdm.sys [158760 2008-05-16] (MCCI Corporation)
U3 s0016mgmt; C:\Windows\system32\DRIVERS\s0016mgmt.sys [137256 2008-05-16] (MCCI Corporation)
U3 s0016nd5; C:\Windows\system32\DRIVERS\s0016nd5.sys [34344 2008-05-16] (MCCI Corporation)
U3 s0016obex; C:\Windows\system32\DRIVERS\s0016obex.sys [136744 2008-05-16] (MCCI Corporation)
U3 s0016unic; C:\Windows\System32\drivers\s0016unic.sys [151592 2008-05-16] (MCCI Corporation)
U3 SensorsServiceDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [230912 2013-08-22] (Microsoft Corporation)
U3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146776 2013-10-26] (Microsoft Corporation)
U3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-08-15] (Synaptics Incorporated)
U3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [43832 2012-08-15] (Synaptics Incorporated)
U3 SNP2UVC; C:\Windows\system32\DRIVERS\snp2uvc.sys [1864328 2012-10-04] ()
U0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2013-11-24] (Microsoft Corporation)
U3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation)
U3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124256 2013-08-22] (Microsoft Corporation)
U3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20288 2012-08-03] (Hewlett-Packard Development Company, L.P.)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-01-22 17:18 - 2014-01-22 17:18 - 00000000 ____D C:\Users\Masha\Desktop\FRST-OlderVersion
2014-01-22 17:17 - 2014-01-22 17:17 - 00000924 _____ C:\Users\Masha\Desktop\checkup.txt
2014-01-21 17:59 - 2014-01-21 17:59 - 00987425 _____ C:\Users\Masha\Desktop\SecurityCheck.exe
2014-01-21 17:58 - 2014-01-21 17:58 - 02347384 _____ (ESET) C:\Users\Masha\Desktop\esetsmartinstaller_enu.exe
2014-01-21 17:56 - 2014-01-21 17:56 - 00016360 _____ C:\Users\Masha\Desktop\AdwCleaner[S0].txt
2014-01-20 18:57 - 2014-01-20 19:23 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-01-20 18:57 - 2014-01-20 18:57 - 00117464 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-01-20 18:56 - 2014-01-20 19:23 - 00000000 ____D C:\Users\Masha\Desktop\mbar
2014-01-20 18:56 - 2014-01-20 18:56 - 00089304 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-01-20 18:53 - 2014-01-20 18:53 - 12582688 _____ (Malwarebytes Corp.) C:\Users\Masha\Desktop\mbar-1.07.0.1008.exe
2014-01-19 21:45 - 2014-01-19 21:30 - 00017168 _____ C:\Users\Masha\Desktop\AdwCleaner[R0].txt
2014-01-19 21:39 - 2014-01-19 21:39 - 00004654 _____ C:\Users\Masha\Desktop\gmer.log
2014-01-19 21:34 - 2014-01-22 17:19 - 00025884 _____ C:\Users\Masha\Desktop\FRST.txt
2014-01-19 21:34 - 2014-01-19 21:35 - 00028639 _____ C:\Users\Masha\Desktop\Addition.txt
2014-01-19 21:33 - 2014-01-22 17:18 - 00000000 ____D C:\FRST
2014-01-19 21:32 - 2014-01-22 17:18 - 02077184 _____ (Farbar) C:\Users\Masha\Desktop\FRST64.exe
2014-01-19 21:31 - 2014-01-19 21:31 - 00000472 _____ C:\Users\Masha\Desktop\defogger_disable.log
2014-01-19 21:31 - 2014-01-19 21:31 - 00000000 _____ C:\Users\Masha\defogger_reenable
2014-01-19 21:29 - 2014-01-19 21:29 - 00050477 _____ C:\Users\Masha\Desktop\Defogger.exe
2014-01-19 21:17 - 2014-01-21 17:54 - 00000000 ____D C:\AdwCleaner
2014-01-19 21:16 - 2014-01-19 21:16 - 01236282 _____ C:\Users\Masha\Downloads\adwcleaner.exe
2014-01-19 21:14 - 2014-01-19 21:14 - 01236282 _____ C:\Users\Masha\Downloads\adwcleaner_3.017.exe
2014-01-19 18:22 - 2014-01-19 08:38 - 00270496 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2014-01-19 18:18 - 2014-01-19 18:18 - 17888136 _____ (Adobe Systems Incorporated) C:\Users\Masha\Downloads\install_flash_player.exe
2014-01-19 17:12 - 2014-01-19 17:12 - 00018113 _____ C:\Users\Masha\Downloads\hijackthis.log
2014-01-19 16:44 - 2014-01-19 16:44 - 00388608 _____ (Trend Micro Inc.) C:\Users\Masha\Downloads\HiJackThis204.exe
2014-01-19 16:42 - 2014-01-19 16:42 - 00370610 _____ C:\Users\Masha\Downloads\gmer_2.1.19323.zip
2014-01-19 15:35 - 2014-01-19 15:37 - 00000000 ____D C:\Users\Masha\Downloads\FastCopy
2014-01-19 15:34 - 2014-01-19 15:34 - 00380687 _____ C:\Users\Masha\Downloads\FastCopy211.zip
2014-01-19 15:03 - 2014-01-19 15:03 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Avira
2014-01-19 15:00 - 2014-01-19 15:27 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\ClassicShell
2014-01-19 15:00 - 2013-11-24 14:05 - 00002172 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\startscreen.lnk
2014-01-19 14:57 - 2014-01-19 14:57 - 00001452 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-01-19 14:57 - 2014-01-19 14:57 - 00000020 ___SH C:\Users\Administrator\ntuser.ini
2014-01-19 00:14 - 2014-01-19 00:14 - 00379904 _____ C:\Users\Masha\Downloads\gm2gwll6.exe
2014-01-19 00:07 - 2014-01-19 00:07 - 00379904 _____ C:\Users\Masha\Downloads\yy5ueqol.exe
2014-01-18 20:08 - 2014-01-18 20:08 - 02209056 _____ C:\Users\Masha\Downloads\avira-eu-cleaner_de.exe
2014-01-18 19:58 - 2014-01-18 19:58 - 24859352 _____ (Microsoft Corporation) C:\Users\Masha\Downloads\Windows-KB890830-x64-V5.8.exe
2014-01-18 19:51 - 2014-01-19 18:17 - 00000000 ____D C:\Users\Masha\Desktop\Logdateien Systemüberprüfung
2014-01-18 18:43 - 2014-01-18 18:43 - 00001127 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-01-18 18:43 - 2014-01-18 18:43 - 00000000 ____D C:\Users\Masha\AppData\Roaming\Malwarebytes
2014-01-18 18:43 - 2014-01-18 18:43 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-18 18:43 - 2014-01-18 18:43 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-18 18:43 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-01-18 18:41 - 2014-01-18 18:41 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Masha\Downloads\mbam-setup-1.75.0.1300.exe
2014-01-18 18:34 - 2013-12-18 21:04 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaws.exe
2014-01-18 18:33 - 2014-01-18 18:34 - 00005327 _____ C:\WINDOWS\SysWOW64\jupdate-1.7.0_51-b13.log
2014-01-18 12:01 - 2013-12-09 01:15 - 00787968 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
2014-01-18 12:01 - 2013-11-27 16:36 - 03395920 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSService.dll
2014-01-18 12:01 - 2013-11-27 12:41 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSCollect.exe
2014-01-18 12:01 - 2013-11-27 11:34 - 00138240 _____ C:\WINDOWS\system32\OEMLicense.dll
2014-01-18 12:01 - 2013-11-27 10:54 - 00103936 _____ C:\WINDOWS\SysWOW64\OEMLicense.dll
2014-01-18 12:01 - 2013-11-27 09:48 - 00249856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-01-18 12:01 - 2013-11-27 09:45 - 00206336 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSClient.dll
2014-01-18 12:01 - 2013-11-27 09:40 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-01-18 12:01 - 2013-11-27 09:38 - 00174592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSClient.dll
2014-01-18 12:01 - 2013-11-27 09:17 - 00695808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2014-01-18 12:01 - 2013-11-27 09:12 - 00848384 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2013-12-23 10:28 - 2013-12-23 10:28 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

==================== One Month Modified Files and Folders =======

2014-01-22 17:19 - 2014-01-19 21:34 - 00025884 _____ C:\Users\Masha\Desktop\FRST.txt
2014-01-22 17:18 - 2014-01-22 17:18 - 00000000 ____D C:\Users\Masha\Desktop\FRST-OlderVersion
2014-01-22 17:18 - 2014-01-19 21:33 - 00000000 ____D C:\FRST
2014-01-22 17:18 - 2014-01-19 21:32 - 02077184 _____ (Farbar) C:\Users\Masha\Desktop\FRST64.exe
2014-01-22 17:17 - 2014-01-22 17:17 - 00000924 _____ C:\Users\Masha\Desktop\checkup.txt
2014-01-22 17:14 - 2013-11-24 14:09 - 00000000 ____D C:\Users\Masha\AppData\Roaming\ClassicShell
2014-01-22 17:09 - 2013-09-30 05:14 - 01984420 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2014-01-22 17:09 - 2013-09-30 04:56 - 00843606 _____ C:\WINDOWS\system32\perfh007.dat
2014-01-22 17:09 - 2013-09-30 04:56 - 00192300 _____ C:\WINDOWS\system32\perfc007.dat
2014-01-22 17:06 - 2012-11-22 13:18 - 00000000 ____D C:\ProgramData\PDFC
2014-01-22 17:05 - 2013-08-22 15:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2014-01-21 20:28 - 2013-03-23 14:13 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-01-21 20:02 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\system32\sru
2014-01-21 19:03 - 2013-11-24 13:23 - 01550927 _____ C:\WINDOWS\WindowsUpdate.log
2014-01-21 17:59 - 2014-01-21 17:59 - 00987425 _____ C:\Users\Masha\Desktop\SecurityCheck.exe
2014-01-21 17:58 - 2014-01-21 17:58 - 02347384 _____ (ESET) C:\Users\Masha\Desktop\esetsmartinstaller_enu.exe
2014-01-21 17:56 - 2014-01-21 17:56 - 00016360 _____ C:\Users\Masha\Desktop\AdwCleaner[S0].txt
2014-01-21 17:54 - 2014-01-19 21:17 - 00000000 ____D C:\AdwCleaner
2014-01-21 17:54 - 2013-03-22 17:58 - 00000000 ___RD C:\Users\Masha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-01-21 17:52 - 2013-03-22 18:21 - 00000052 _____ C:\WINDOWS\SysWOW64\DOErrors.log
2014-01-21 17:51 - 2013-03-22 18:21 - 00000000 _____ C:\WINDOWS\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-01-20 19:23 - 2014-01-20 18:57 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-01-20 19:23 - 2014-01-20 18:56 - 00000000 ____D C:\Users\Masha\Desktop\mbar
2014-01-20 18:57 - 2014-01-20 18:57 - 00117464 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-01-20 18:56 - 2014-01-20 18:56 - 00089304 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-01-20 18:55 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2014-01-20 18:53 - 2014-01-20 18:53 - 12582688 _____ (Malwarebytes Corp.) C:\Users\Masha\Desktop\mbar-1.07.0.1008.exe
2014-01-19 21:40 - 2013-08-22 14:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2014-01-19 21:39 - 2014-01-19 21:39 - 00004654 _____ C:\Users\Masha\Desktop\gmer.log
2014-01-19 21:35 - 2014-01-19 21:34 - 00028639 _____ C:\Users\Masha\Desktop\Addition.txt
2014-01-19 21:31 - 2014-01-19 21:31 - 00000472 _____ C:\Users\Masha\Desktop\defogger_disable.log
2014-01-19 21:31 - 2014-01-19 21:31 - 00000000 _____ C:\Users\Masha\defogger_reenable
2014-01-19 21:31 - 2013-11-24 13:23 - 00000000 ____D C:\Users\Masha
2014-01-19 21:30 - 2014-01-19 21:45 - 00017168 _____ C:\Users\Masha\Desktop\AdwCleaner[R0].txt
2014-01-19 21:29 - 2014-01-19 21:29 - 00050477 _____ C:\Users\Masha\Desktop\Defogger.exe
2014-01-19 21:16 - 2014-01-19 21:16 - 01236282 _____ C:\Users\Masha\Downloads\adwcleaner.exe
2014-01-19 21:14 - 2014-01-19 21:14 - 01236282 _____ C:\Users\Masha\Downloads\adwcleaner_3.017.exe
2014-01-19 18:18 - 2014-01-19 18:18 - 17888136 _____ (Adobe Systems Incorporated) C:\Users\Masha\Downloads\install_flash_player.exe
2014-01-19 18:18 - 2013-03-23 14:13 - 00003772 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2014-01-19 18:17 - 2014-01-18 19:51 - 00000000 ____D C:\Users\Masha\Desktop\Logdateien Systemüberprüfung
2014-01-19 17:12 - 2014-01-19 17:12 - 00018113 _____ C:\Users\Masha\Downloads\hijackthis.log
2014-01-19 16:44 - 2014-01-19 16:44 - 00388608 _____ (Trend Micro Inc.) C:\Users\Masha\Downloads\HiJackThis204.exe
2014-01-19 16:42 - 2014-01-19 16:42 - 00370610 _____ C:\Users\Masha\Downloads\gmer_2.1.19323.zip
2014-01-19 15:37 - 2014-01-19 15:35 - 00000000 ____D C:\Users\Masha\Downloads\FastCopy
2014-01-19 15:34 - 2014-01-19 15:34 - 00380687 _____ C:\Users\Masha\Downloads\FastCopy211.zip
2014-01-19 15:27 - 2014-01-19 15:00 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\ClassicShell
2014-01-19 15:27 - 2013-03-22 18:05 - 00003600 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1774212757-1747870556-2990911206-1002
2014-01-19 15:22 - 2012-12-05 02:25 - 00003596 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1774212757-1747870556-2990911206-500
2014-01-19 15:03 - 2014-01-19 15:03 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Avira
2014-01-19 14:58 - 2013-11-24 12:18 - 00000000 ____D C:\Users\Administrator\AppData\Local\Packages
2014-01-19 14:57 - 2014-01-19 14:57 - 00001452 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-01-19 14:57 - 2014-01-19 14:57 - 00000020 ___SH C:\Users\Administrator\ntuser.ini
2014-01-19 14:57 - 2013-11-24 13:23 - 00000000 ____D C:\Users\Administrator
2014-01-19 14:57 - 2013-11-24 12:18 - 00000000 ___RD C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-01-19 14:57 - 2013-11-24 12:18 - 00000000 ___RD C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-01-19 14:37 - 2013-08-19 18:30 - 00000000 ____D C:\Users\Masha\AppData\Roaming\Winamp
2014-01-19 14:36 - 2013-11-24 13:15 - 00000000 ___DC C:\WINDOWS\Panther
2014-01-19 14:36 - 2013-03-22 20:04 - 00000000 ____D C:\Users\Masha\AppData\Local\CrashDumps
2014-01-19 08:38 - 2014-01-19 18:22 - 00270496 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2014-01-19 00:14 - 2014-01-19 00:14 - 00379904 _____ C:\Users\Masha\Downloads\gm2gwll6.exe
2014-01-19 00:07 - 2014-01-19 00:07 - 00379904 _____ C:\Users\Masha\Downloads\yy5ueqol.exe
2014-01-18 20:08 - 2014-01-18 20:08 - 02209056 _____ C:\Users\Masha\Downloads\avira-eu-cleaner_de.exe
2014-01-18 20:01 - 2013-11-12 22:08 - 00003158 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForMasha
2014-01-18 20:01 - 2013-11-12 22:08 - 00000344 _____ C:\WINDOWS\Tasks\HPCeeScheduleForMasha.job
2014-01-18 19:58 - 2014-01-18 19:58 - 24859352 _____ (Microsoft Corporation) C:\Users\Masha\Downloads\Windows-KB890830-x64-V5.8.exe
2014-01-18 18:43 - 2014-01-18 18:43 - 00001127 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-01-18 18:43 - 2014-01-18 18:43 - 00000000 ____D C:\Users\Masha\AppData\Roaming\Malwarebytes
2014-01-18 18:43 - 2014-01-18 18:43 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-18 18:43 - 2014-01-18 18:43 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-18 18:41 - 2014-01-18 18:41 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Masha\Downloads\mbam-setup-1.75.0.1300.exe
2014-01-18 18:34 - 2014-01-18 18:33 - 00005327 _____ C:\WINDOWS\SysWOW64\jupdate-1.7.0_51-b13.log
2014-01-18 18:34 - 2013-10-05 12:11 - 00000000 ____D C:\ProgramData\Oracle
2014-01-18 18:34 - 2013-07-10 12:59 - 00000000 ____D C:\Program Files (x86)\Java
2014-01-18 12:53 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\WinStore
2014-01-18 12:14 - 2013-08-14 16:10 - 00000000 ____D C:\WINDOWS\system32\MRT
2014-01-18 11:54 - 2013-03-22 18:22 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2014-01-16 20:52 - 2013-03-26 18:07 - 00000000 ____D C:\Users\Masha\AppData\Roaming\vlc
2014-01-16 19:08 - 2013-03-31 13:53 - 00000000 ____D C:\Users\Masha\Documents\Haus
2014-01-16 19:02 - 2013-04-09 18:37 - 00000000 ____D C:\Users\Masha\Documents\Papa
2014-01-15 18:38 - 2013-04-25 19:08 - 00000000 ____D C:\Users\Masha\Documents\Telekom
2014-01-07 17:20 - 2013-04-11 11:23 - 00000000 ____D C:\Users\Masha\Documents\Toyota
2014-01-06 23:31 - 2013-08-22 16:38 - 00693240 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-01-06 23:31 - 2013-08-22 16:38 - 00105464 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-01-06 16:20 - 2013-03-22 20:03 - 86054176 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2013-12-24 15:46 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\rescache
2013-12-24 15:09 - 2013-08-22 16:36 - 00000000 ___RD C:\WINDOWS\ToastData
2013-12-24 15:09 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\MediaViewer
2013-12-24 15:09 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\FileManager
2013-12-24 15:09 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\Camera
2013-12-23 10:28 - 2013-12-23 10:28 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

Files to move or delete:
====================
C:\ProgramData\hpeF355.dll


Some content of TEMP:
====================
C:\Users\Administrator\AppData\Local\Temp\avgnt.exe
C:\Users\Masha\AppData\Local\Temp\avgnt.exe
C:\Users\Masha\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-01-21 18:13

==================== End Of Log ============================
         
--- --- ---

--- --- ---


Alt 23.01.2014, 10:56   #6
schrauber
/// the machine
/// TB-Ausbilder
 

Von Telekom auf möglichen Befall mit Schädlingssoftware hingewiesen - Systemprüfung erforderlich - Standard

Von Telekom auf möglichen Befall mit Schädlingssoftware hingewiesen - Systemprüfung erforderlich



Fertig

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.



Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun

Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________
--> Von Telekom auf möglichen Befall mit Schädlingssoftware hingewiesen - Systemprüfung erforderlich

Alt 24.01.2014, 18:42   #7
Philip84
 
Von Telekom auf möglichen Befall mit Schädlingssoftware hingewiesen - Systemprüfung erforderlich - Standard

Von Telekom auf möglichen Befall mit Schädlingssoftware hingewiesen - Systemprüfung erforderlich



Denke, hier sind vorerst keine Fragen mehr offen. Problem scheint gelöst.
Danke.

Alt 25.01.2014, 13:11   #8
schrauber
/// the machine
/// TB-Ausbilder
 

Von Telekom auf möglichen Befall mit Schädlingssoftware hingewiesen - Systemprüfung erforderlich - Standard

Von Telekom auf möglichen Befall mit Schädlingssoftware hingewiesen - Systemprüfung erforderlich



Gern Geschehen
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu Von Telekom auf möglichen Befall mit Schädlingssoftware hingewiesen - Systemprüfung erforderlich
adblock, amd radeon, appdatalow, appl/downloader.gen, bonjour, branding, device driver, entfernen, eu-cleaner, flash player, freemium, hijack.searchpage, netzwerk, pup.optional.babylon.a, pup.optional.crossrider, pup.optional.crossrider.a, pup.optional.datamngr.a, pup.optional.delta.a, pup.optional.firseria, pup.optional.hometab.a, pup.optional.iminent.a, pup.optional.netdata.a, pup.optional.opencandy, pup.optional.simplytech, pup.optional.startpage, registrierungsdatenbank, required, riskware.tool.ck, rundll, schädliche software, schädlingssoftware, services.exe, spam-emails, updates, win32k.sys



Ähnliche Themen: Von Telekom auf möglichen Befall mit Schädlingssoftware hingewiesen - Systemprüfung erforderlich


  1. Avira Free Antivirus: Systemprüfung: Warnungen. Was tun?
    Plagegeister aller Art und deren Bekämpfung - 11.05.2015 (1)
  2. 5 Sterne für schrauber (von 5 möglichen)
    Lob, Kritik und Wünsche - 19.04.2015 (1)
  3. Ich weiß nicht, ob ich Trojaner habe.Es werden ständig Reparaturprogramme aggressiv angeboten und auf Windows 7 Fehler hingewiesen.Mir ist n
    Plagegeister aller Art und deren Bekämpfung - 13.02.2015 (3)
  4. Computer auf möglichen Schädlingsbefall überprüfen.
    Plagegeister aller Art und deren Bekämpfung - 29.12.2014 (6)
  5. Windows 7 möglicher Trojaner befall nach gefälschter Telekom-Mail
    Plagegeister aller Art und deren Bekämpfung - 24.01.2014 (9)
  6. Telekom: Router warnt bei Bot-Befall
    Nachrichten - 08.09.2013 (0)
  7. ZeuS/Zbot-Befall laut Telekom
    Plagegeister aller Art und deren Bekämpfung - 18.12.2012 (11)
  8. Umleitung auf alle möglichen Seiten
    Log-Analyse und Auswertung - 02.11.2012 (10)
  9. 'sichere' Datensicherung über FRITZBOX-NAS oder Acronis bei möglichen Befall?
    Plagegeister aller Art und deren Bekämpfung - 14.05.2012 (1)
  10. Avira Systemprüfung reagiert nicht
    Plagegeister aller Art und deren Bekämpfung - 13.01.2012 (8)
  11. AntiVir meldet bei Systemprüfung TR/Gendal.A.375
    Plagegeister aller Art und deren Bekämpfung - 25.08.2011 (1)
  12. Schwierigkeit bei der Systemprüfung mit antivir
    Log-Analyse und Auswertung - 15.07.2011 (1)
  13. AV Security Suite - Systemprüfung nach Entfernung gemäß FAQ
    Plagegeister aller Art und deren Bekämpfung - 12.07.2010 (1)
  14. Trojaner wird auch nach vollständiger Systemprüfung noch angezeigt
    Log-Analyse und Auswertung - 06.01.2009 (1)
  15. Abbruch AntiVir Systemprüfung
    Antiviren-, Firewall- und andere Schutzprogramme - 19.01.2008 (2)
  16. Liste aller möglichen Autostart-Orte
    Plagegeister aller Art und deren Bekämpfung - 26.06.2006 (7)
  17. SmartSurfer meldet möglichen Dialer???
    Plagegeister aller Art und deren Bekämpfung - 24.10.2005 (2)

Zum Thema Von Telekom auf möglichen Befall mit Schädlingssoftware hingewiesen - Systemprüfung erforderlich - Hallo zusammen, Die Familie meiner Freundin hat Post von der Telekom bekommen. In dieser "Sicherheitswarnung zu Ihrem Internet-Zugang" heißt es, dass von ihrem Interanschluss regelmäßig SPAM-Mails verschickt werden. Auf Nachfrage - Von Telekom auf möglichen Befall mit Schädlingssoftware hingewiesen - Systemprüfung erforderlich...
Archiv
Du betrachtest: Von Telekom auf möglichen Befall mit Schädlingssoftware hingewiesen - Systemprüfung erforderlich auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.