Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Suchmasachine Bing kommt seit gestern immer bei neuem Fenster...

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 24.01.2014, 17:49   #1
dreizwonull
 
Suchmasachine Bing kommt seit gestern immer bei neuem Fenster... - Standard

Suchmasachine Bing kommt seit gestern immer bei neuem Fenster...



Moin Leute,
seit gestern kommt bei mir ständig ein Suchfenster von Bing, wenn ich einen neuen Task öffne.
Außerdem öffnen sich ungewollt Fenster.
Habe Windows 8 drauf + Gratis-Avira mit täglichem Update.
Ich arbeite mit Firefox.
Kann mir jemand bitte helfen?

Geändert von dreizwonull (24.01.2014 um 18:38 Uhr)

Alt 24.01.2014, 19:59   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Suchmasachine Bing kommt seit gestern immer bei neuem Fenster... - Standard

Suchmasachine Bing kommt seit gestern immer bei neuem Fenster...



hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________

__________________

Alt 24.01.2014, 20:50   #3
dreizwonull
 
Suchmasachine Bing kommt seit gestern immer bei neuem Fenster... - Standard

Suchmasachine Bing kommt seit gestern immer bei neuem Fenster...



Danke für die Hilfe, ich hoffe, dass ich es so richtig mache...


FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-01-2014
Ran by Eike Koopamann (administrator) on EIKE on 24-01-2014 20:45:39
Running from C:\Users\Eike Koopamann\Downloads
Windows 8 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(IvoSoft) C:\Program Files\Classic Shell\ClassicShellService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
() C:\Program Files (x86)\TOSHIBA\Password Utility\GFNEXSrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4396.1016_x64__8wekyb3d8bbwe\LiveComm.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoResident.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
(SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowsphotos_16.4.4388.928_x64__8wekyb3d8bbwe\LiveComm.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Updater) C:\ProgramData\Updater\updater.exe
(WatchDog) C:\ProgramData\RHelpers\ChromeHelper\ChromeHelper.exe
(WatchDog) C:\ProgramData\RHelpers\FirefoxHelper\FirefoxHelper.exe
(WatchDog) C:\ProgramData\RHelpers\IeHelper\IeHelper.exe
(Conduit) C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe
(Conduit) C:\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe
(Conduit) C:\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Reader_6.2.9200.20523_x64__8wekyb3d8bbwe\glcnd.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\Receiver\Receiver.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\AuthManager\AuthManSvr.exe
(Parallel Lines Development, LLC) C:\ProgramData\InternetUpdater\InternetUpdaterService.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_62280e15510f8e79\TiWorker.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [] - [x]
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13261456 2012-11-29] (Realtek Semiconductor)
HKLM\...\Run: [TCrdMain] - C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2565544 2012-10-31] ()
HKLM\...\Run: [TODDMain] - C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe [213136 2012-08-04] ()
HKLM\...\Run: [TecoResident] - C:\Program Files\TOSHIBA\Teco\TecoResident.exe [169896 2012-08-14] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] - C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [356776 2012-07-11] (TOSHIBA Corporation)
HKLM\...\Run: [SRS Premium Sound HD] - C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe [2172816 2012-10-22] (SRS Labs, Inc.)
HKLM-x32\...\Run: [Intel AppUp(R) center] - C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [156000 2012-12-18] (Intel Corporation)
HKLM-x32\...\Run: [TPUReg] - C:\Program Files (x86)\TOSHIBA\Password Utility\TosPU.exe [7152640 2012-12-05] (Pegatron Corporation)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [684600 2013-12-19] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [PDFPrint] - C:\Program Files (x86)\PDF24\pdf24.exe [162856 2013-07-22] (Geek Software GmbH)
HKLM-x32\...\Run: [Updater] - C:\ProgramData\Updater\Updater.exe [486264 2013-12-18] (Updater)
HKLM-x32\...\Run: [CitrixReceiver] - "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk"
HKLM-x32\...\Run: [ConnectionCenter] - C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [395656 2013-06-14] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [Redirector] - C:\Program Files (x86)\Citrix\ICA Client\redirector.exe [153992 2013-06-14] (Citrix Systems, Inc.)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [Updater] - C:\ProgramData\Updater\Updater.exe [486264 2013-12-18] (Updater)
HKCU\...\Run: [Optimizer Pro] - C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe [135160 2014-01-13] (PC Utilities Software Limited)
MountPoints2: {29bedb58-8051-11e3-be94-24fd5215b36f} - "E:\Startme.exe" 
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll [1344800 2014-01-01] (Conduit)
AppInit_DLLs: C:\PROGRA~2\OPTIMI~1\OPTPRO~2.DLL => C:\Program Files (x86)\Optimizer Pro\OptProCrash_x64.dll [2681648 2014-01-23] ()
AppInit_DLLs-x32: c:\progra~2\searchprotect\searchprotect\bin\spvc32loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dll [1037600 2014-01-01] (Conduit)
AppInit_DLLs-x32: c:\progra~2\optimi~1\optpro~1.dll => C:\Program Files (x86)\Optimizer Pro\OptProCrash.dll [2961368 2014-01-23] ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com/?ctid=CT3323737&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SPAADC6004-D67A-4068-997F-B273C887E248&SSPV=
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
SearchScopes: HKLM - {92DBA33B-89A9-4441-965D-BE7A8C1BC452} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MATMJS
SearchScopes: HKLM-x32 - {92DBA33B-89A9-4441-965D-BE7A8C1BC452} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MATMJS
SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://search.conduit.com/Results.aspx?ctid=CT3323737&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SPAADC6004-D67A-4068-997F-B273C887E248&q={searchTerms}&SSPV=
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://search.conduit.com/Results.aspx?ctid=CT3323737&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SPAADC6004-D67A-4068-997F-B273C887E248&q={searchTerms}&SSPV=
SearchScopes: HKCU - {92DBA33B-89A9-4441-965D-BE7A8C1BC452} URL = 
BHO: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
BHO: ClassicIE9BHO Class - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIE9DLL_64.dll (IvoSoft)
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
BHO-x32: Websteroids - {44ed99e2-16a6-4b89-80d6-5b21cf42e78b} - C:\ProgramData\Websteroids\IE\common.dll (Creative Island Media, LLC)
BHO-x32: ClassicIE9BHO Class - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIE9DLL_32.dll (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Eike Koopamann\AppData\Roaming\Mozilla\Firefox\Profiles\nvxyvzwz.default
FF NewTab: hxxp://search.conduit.com/?ctid=CT3323737&octid=EB_ORIGINAL_CTID&SearchSource=69&CUI=&SSPV=&Lay=1&UM=2&UP=SPAADC6004-D67A-4068-997F-B273C887E248
FF SearchEngineOrder.1: Google
FF SelectedSearchEngine: Bing
FF Homepage: https://www.google.de/
FF Keyword.URL: hxxp://www.google.com/search?ie=UTF-8&oe=utf-8&q=
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @Citrix.com/npican - C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)
FF SearchPlugin: C:\Users\Eike Koopamann\AppData\Roaming\Mozilla\Firefox\Profiles\nvxyvzwz.default\searchplugins\conduit-search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Websteroids - C:\Users\Eike Koopamann\AppData\Roaming\Mozilla\Firefox\Profiles\nvxyvzwz.default\Extensions\support@websteroidsapp.com [2014-01-23]
FF Extension: Adblock Plus - C:\Users\Eike Koopamann\AppData\Roaming\Mozilla\Firefox\Profiles\nvxyvzwz.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-08-11]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK

==================== Services (Whitelisted) =================

U2 70e6ca8c; C:\Program Files (x86)\Optimizer Pro\OptProCrashSvc.dll [186496 2014-01-23] ()
U2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376 2013-12-19] (Avira Operations GmbH & Co. KG)
U2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376 2013-11-25] (Avira Operations GmbH & Co. KG)
U4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1011768 2013-12-19] (Avira Operations GmbH & Co. KG)
U2 ClassicShellService; C:\Program Files\Classic Shell\ClassicShellService.exe [68608 2013-06-29] (IvoSoft)
U2 CltMngSvc; C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe [2301216 2014-01-01] (Conduit)
U2 GFNEXSrv; C:\Program Files (x86)\TOSHIBA\Password Utility\GFNEXSrv.exe [156672 2011-10-13] ()
U2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)
U2 InternetUpdater; C:\ProgramData\InternetUpdater\InternetUpdaterService.exe [45568 2014-01-15] (Parallel Lines Development, LLC)
U2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
U2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
U2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
U3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [288776 2013-09-06] (McAfee, Inc.)
U2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [201872 2012-12-05] (Realtek Semiconductor)
U3 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [116240 2013-01-04] (Toshiba Europe GmbH)
U3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-07-02] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

U2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-19] (Avira Operations GmbH & Co. KG)
U1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [131576 2013-12-19] (Avira Operations GmbH & Co. KG)
U1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2013-11-25] (Avira Operations GmbH & Co. KG)
U2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [84720 2013-12-19] (Avira Operations GmbH & Co. KG)
U3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
U3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
U2 PEGAGFN; C:\Program Files (x86)\TOSHIBA\Password Utility\PEGAGFN.sys [14344 2009-09-11] (PEGATRON)
U3 RtkBtFilter; C:\Windows\system32\DRIVERS\RtkBtfilter.sys [24208 2012-07-11] (Realtek Microelectronics)
U3 RTL8192Ce; C:\Windows\system32\DRIVERS\rtwlane.sys [1498256 2012-08-29] (Realtek Semiconductor Corporation                           )
U3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [1498256 2012-08-29] (Realtek Semiconductor Corporation                           )
U3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [31032 2012-11-29] (Synaptics Incorporated)
U3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [28632 2012-07-31] (Windows (R) Win 7 DDK provider)
U3 WUDFWpdComp; C:\Windows\system32\DRIVERS\WUDFRd.sys [198656 2012-07-26] (Microsoft Corporation)
U4 esgiguard; 

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-01-24 20:45 - 2014-01-24 20:45 - 00020833 _____ C:\Users\Eike Koopamann\Downloads\FRST.txt
2014-01-24 20:44 - 2014-01-24 20:44 - 02077696 _____ (Farbar) C:\Users\Eike Koopamann\Downloads\FRST64.exe
2014-01-23 20:47 - 2014-01-23 20:47 - 00000000 ____D C:\ProgramData\InternetUpdater
2014-01-23 20:04 - 2014-01-23 20:04 - 00000000 ____D C:\Users\Eike Koopamann\AppData\Roaming\ICAClient
2014-01-23 20:03 - 2014-01-23 20:06 - 00000000 ____D C:\Users\Eike Koopamann\AppData\Local\Citrix
2014-01-23 20:03 - 2014-01-23 20:04 - 00000000 ____D C:\ProgramData\Citrix
2014-01-23 20:03 - 2014-01-23 20:04 - 00000000 ____D C:\Program Files (x86)\Citrix
2014-01-23 20:03 - 2014-01-23 20:03 - 00000000 ____D C:\Users\Eike Koopamann\Documents\Optimizer Pro
2014-01-23 20:03 - 2014-01-23 20:03 - 00000000 ____D C:\Users\Eike Koopamann\AppData\Roaming\Optimizer Pro
2014-01-23 20:03 - 2014-01-23 20:03 - 00000000 ____D C:\Program Files (x86)\Optimizer Pro
2014-01-23 20:02 - 2014-01-23 20:02 - 00000000 ____D C:\Users\Eike Koopamann\AppData\Local\SearchProtect
2014-01-23 20:02 - 2014-01-23 20:02 - 00000000 ____D C:\ProgramData\Updater
2014-01-23 20:02 - 2014-01-23 20:02 - 00000000 ____D C:\ProgramData\RHelpers
2014-01-23 20:02 - 2014-01-23 20:02 - 00000000 ____D C:\Program Files (x86)\SearchProtect
2014-01-23 20:01 - 2014-01-23 20:01 - 00657784 _____ (Conduit) C:\Users\Eike Koopamann\Downloads\Citrix_Receiver_TSV126G03.exe
2014-01-23 20:01 - 2014-01-23 20:01 - 00000000 ____D C:\Users\Eike Koopamann\Downloads\Citrix_Receiver_TSV126G03
2014-01-23 20:01 - 2014-01-23 20:01 - 00000000 ____D C:\ProgramData\Websteroids
2014-01-19 19:23 - 2014-01-19 19:23 - 00000000 ____D C:\Users\Eike Koopamann\AppData\Roaming\sMedio
2014-01-18 10:06 - 2013-12-07 07:37 - 00688640 _____ (Microsoft Corporation) C:\windows\system32\WSShared.dll
2014-01-18 10:06 - 2013-12-07 07:37 - 00163840 _____ (Microsoft Corporation) C:\windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-01-18 10:06 - 2013-12-07 06:15 - 00562688 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSShared.dll
2014-01-18 10:06 - 2013-12-07 06:15 - 00124928 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-01-15 18:29 - 2013-10-31 06:56 - 00915968 _____ (Microsoft Corporation) C:\windows\system32\MPSSVC.dll
2014-01-15 18:29 - 2013-10-31 06:56 - 00758784 _____ (Microsoft Corporation) C:\windows\system32\FirewallAPI.dll
2014-01-15 18:29 - 2013-10-31 05:01 - 00550400 _____ (Microsoft Corporation) C:\windows\SysWOW64\FirewallAPI.dll
2014-01-15 18:29 - 2013-10-31 04:42 - 00074752 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mpsdrv.sys
2014-01-15 18:29 - 2013-10-28 06:50 - 00588288 _____ (Microsoft Corporation) C:\windows\system32\SHCore.dll
2014-01-15 18:29 - 2013-10-28 05:05 - 00452608 _____ (Microsoft Corporation) C:\windows\SysWOW64\SHCore.dll
2014-01-15 18:29 - 2013-10-13 21:49 - 00100696 _____ (Microsoft Corporation) C:\windows\system32\Drivers\disk.sys
2014-01-15 18:29 - 2013-08-27 06:21 - 00227840 _____ (Microsoft Corporation) C:\windows\system32\WebClnt.dll
2014-01-15 18:29 - 2013-08-27 06:19 - 00104448 _____ (Microsoft Corporation) C:\windows\system32\davclnt.dll
2014-01-15 18:29 - 2013-08-26 23:29 - 00199168 _____ (Microsoft Corporation) C:\windows\SysWOW64\WebClnt.dll
2014-01-15 18:29 - 2013-08-26 23:28 - 00086016 _____ (Microsoft Corporation) C:\windows\SysWOW64\davclnt.dll
2013-12-29 23:06 - 2013-12-29 23:06 - 479824446 _____ C:\windows\MEMORY.DMP
2013-12-29 23:06 - 2013-12-29 23:06 - 00285920 _____ C:\windows\Minidump\122913-18671-01.dmp
2013-12-29 23:06 - 2013-12-29 23:06 - 00000000 ____D C:\windows\Minidump
2013-12-28 23:46 - 2013-12-28 23:46 - 00329024 _____ C:\windows\system32\FNTCACHE.DAT

==================== One Month Modified Files and Folders =======

2014-01-24 20:46 - 2014-01-24 20:45 - 00020833 _____ C:\Users\Eike Koopamann\Downloads\FRST.txt
2014-01-24 20:44 - 2014-01-24 20:44 - 02077696 _____ (Farbar) C:\Users\Eike Koopamann\Downloads\FRST64.exe
2014-01-24 20:43 - 2013-08-16 15:07 - 00000884 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2014-01-24 20:02 - 2012-07-26 09:12 - 00000000 ____D C:\windows\system32\sru
2014-01-24 19:23 - 2013-08-11 17:48 - 01904871 _____ C:\windows\WindowsUpdate.log
2014-01-23 20:47 - 2014-01-23 20:47 - 00000000 ____D C:\ProgramData\InternetUpdater
2014-01-23 20:06 - 2014-01-23 20:03 - 00000000 ____D C:\Users\Eike Koopamann\AppData\Local\Citrix
2014-01-23 20:04 - 2014-01-23 20:04 - 00000000 ____D C:\Users\Eike Koopamann\AppData\Roaming\ICAClient
2014-01-23 20:04 - 2014-01-23 20:03 - 00000000 ____D C:\ProgramData\Citrix
2014-01-23 20:04 - 2014-01-23 20:03 - 00000000 ____D C:\Program Files (x86)\Citrix
2014-01-23 20:03 - 2014-01-23 20:03 - 00000000 ____D C:\Users\Eike Koopamann\Documents\Optimizer Pro
2014-01-23 20:03 - 2014-01-23 20:03 - 00000000 ____D C:\Users\Eike Koopamann\AppData\Roaming\Optimizer Pro
2014-01-23 20:03 - 2014-01-23 20:03 - 00000000 ____D C:\Program Files (x86)\Optimizer Pro
2014-01-23 20:02 - 2014-01-23 20:02 - 00000000 ____D C:\Users\Eike Koopamann\AppData\Local\SearchProtect
2014-01-23 20:02 - 2014-01-23 20:02 - 00000000 ____D C:\ProgramData\Updater
2014-01-23 20:02 - 2014-01-23 20:02 - 00000000 ____D C:\ProgramData\RHelpers
2014-01-23 20:02 - 2014-01-23 20:02 - 00000000 ____D C:\Program Files (x86)\SearchProtect
2014-01-23 20:01 - 2014-01-23 20:01 - 00657784 _____ (Conduit) C:\Users\Eike Koopamann\Downloads\Citrix_Receiver_TSV126G03.exe
2014-01-23 20:01 - 2014-01-23 20:01 - 00000000 ____D C:\Users\Eike Koopamann\Downloads\Citrix_Receiver_TSV126G03
2014-01-23 20:01 - 2014-01-23 20:01 - 00000000 ____D C:\ProgramData\Websteroids
2014-01-19 19:23 - 2014-01-19 19:23 - 00000000 ____D C:\Users\Eike Koopamann\AppData\Roaming\sMedio
2014-01-19 19:21 - 2012-07-26 08:21 - 00029633 _____ C:\windows\setupact.log
2014-01-18 16:00 - 2012-07-26 08:22 - 00000006 ____H C:\windows\Tasks\SA.DAT
2014-01-18 15:59 - 2012-07-26 06:26 - 00262144 ___SH C:\windows\system32\config\BBI
2014-01-18 15:58 - 2013-08-18 20:50 - 00000000 ____D C:\windows\system32\MRT
2014-01-18 15:58 - 2012-07-26 09:12 - 00000000 ____D C:\windows\WinStore
2014-01-18 15:56 - 2013-08-18 20:50 - 86054176 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-01-13 21:03 - 2012-07-26 09:12 - 00000000 ____D C:\windows\AUInstallAgent
2014-01-10 20:43 - 2012-08-01 17:55 - 00780976 _____ C:\windows\system32\perfh010.dat
2014-01-10 20:43 - 2012-08-01 17:55 - 00152608 _____ C:\windows\system32\perfc010.dat
2014-01-10 20:43 - 2012-08-01 17:38 - 00753134 _____ C:\windows\system32\perfh007.dat
2014-01-10 20:43 - 2012-08-01 17:38 - 00155826 _____ C:\windows\system32\perfc007.dat
2014-01-10 20:43 - 2012-07-26 08:28 - 02679026 _____ C:\windows\system32\PerfStringBackup.INI
2014-01-09 09:02 - 2013-11-19 21:21 - 00694240 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-01-09 09:02 - 2013-11-19 21:21 - 00078296 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-12-29 23:06 - 2013-12-29 23:06 - 479824446 _____ C:\windows\MEMORY.DMP
2013-12-29 23:06 - 2013-12-29 23:06 - 00285920 _____ C:\windows\Minidump\122913-18671-01.dmp
2013-12-29 23:06 - 2013-12-29 23:06 - 00000000 ____D C:\windows\Minidump
2013-12-28 23:46 - 2013-12-28 23:46 - 00329024 _____ C:\windows\system32\FNTCACHE.DAT
2013-12-28 23:46 - 2013-08-11 18:03 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-12-28 23:44 - 2012-07-26 06:38 - 00000000 ____D C:\windows\system32\oobe

Some content of TEMP:
====================
C:\Users\Eike Koopamann\AppData\Local\Temp\avgnt.exe
C:\Users\Eike Koopamann\AppData\Local\Temp\nsf703A.exe
C:\Users\Eike Koopamann\AppData\Local\Temp\nsh8C5F.exe
C:\Users\Eike Koopamann\AppData\Local\Temp\nsi8ED1.exe
C:\Users\Eike Koopamann\AppData\Local\Temp\nsk6D9A.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-01-19 15:29

==================== End Of Log ============================
         
--- --- ---


Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-01-2014
Ran by Eike Koopamann at 2014-01-24 20:48:23
Running from C:\Users\Eike Koopamann\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Avira Desktop (Enabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AS: Avira Desktop (Enabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.170 - Adobe Systems Incorporated)
Avira Free Antivirus (x32 Version: 14.0.2.286 - Avira)
Citrix Authentication Manager (x32 Version: 5.0.0.60597 - Citrix Systems, Inc.) Hidden
Citrix Receiver (DV) (x32 Version: 14.0.0.91 - Citrix Systems, Inc.) Hidden
Citrix Receiver (HDX Flash-Umleitung) (x32 Version: 14.0.0.91 - Citrix Systems, Inc.) Hidden
Citrix Receiver (USB) (x32 Version: 14.0.0.91 - Citrix Systems, Inc.) Hidden
Citrix Receiver (x32 Version: 14.0.0.91 - Citrix Systems, Inc.)
Citrix Receiver Inside (x32 Version: 3.4.0.45902 - Citrix Systems, Inc.) Hidden
Citrix Receiver Updater (x32 Version: 4.0.0.45893 - Citrix Systems, Inc.) Hidden
Citrix Receiver(Aero) (x32 Version: 14.0.0.91 - Citrix Systems, Inc.) Hidden
Classic Shell (Version: 3.6.8 - IvoSoft)
ElsterFormular (x32 Version: 14.4.12044 - Landesfinanzdirektion Thüringen)
FileParade bundle uninstaller (x32 Version: 1.0.0.0 - FileParade)
Intel AppUp(R) center (x32 Version: 3.8.0.41663.61 - Intel)
Intel(R) Management Engine Components (x32 Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (x32 Version: 9.17.10.2875 - Intel Corporation)
Intel(R) Rapid Storage Technology (x32 Version: 11.5.2.1001 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (x32 Version: 2.0.0.37149 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden
Internet Updater (x32 Version: 2.6.57 - Parallel Lines Development, LLC) <==== ATTENTION
LibreOffice 4.1.0.4 (x32 Version: 4.1.0.4 - The Document Foundation)
Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300 - Malwarebytes Corporation)
McAfee Security Scan Plus (Version: 3.8.130.10 - McAfee, Inc.)
Microsoft Office (x32 Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation)
MozBackup 1.5.1 (x32 Version:  - Pavel Cvrcek)
Mozilla Firefox 26.0 (x86 de) (x32 Version: 26.0 - Mozilla)
Mozilla Maintenance Service (x32 Version: 26.0 - Mozilla)
Mozilla Thunderbird 17.0.8 (x86 de) (x32 Version: 17.0.8 - Mozilla)
Nokia Connectivity Cable Driver (Version: 7.1.32.69 - )
Online Plug-in (x32 Version: 14.0.0.91 - Citrix Systems, Inc.) Hidden
Optimizer Pro v3.2 (x32 Version:  - PC Utilities Software Limited) <==== ATTENTION
PDF24 Creator 5.7.0 (x32 Version:  - PDF24.org)
Premium Sound HD (Version: 1.12.6000 - DTS, Inc.)
Realtek Bluetooth Filter Driver Package (x32 Version: 12.24.2012.0802 - REALTEK Semiconductor Corp)
Realtek Bluetooth Filter Driver Package (x32 Version: 12.24.2012.0802 - REALTEK Semiconductor Corp) Hidden
Realtek Ethernet Controller Driver (x32 Version: 8.3.730.2012 - Realtek)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6794 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (x32 Version: 6.1.8400.30136 - Realtek Semiconductor Corp.)
Realtek WLAN Driver (x32 Version: 2.00.0020 - REALTEK Semiconductor Corp.)
Search Protect (x32 Version: 2.9.40.12 - Conduit) <==== ATTENTION
Self-Service Plug-in (x32 Version: 4.0.0.40674 - Citrix Systems, Inc.) Hidden
Shared C Run-time for x64 (Version: 10.0.0 - McAfee)
Synaptics Pointing Device Driver (Version: 16.3.4.0 - Synaptics Incorporated)
TOSHIBA Desktop Assist (Version: 1.00.08.6402 - Toshiba Corporation)
TOSHIBA eco Utility (Version: 2.0.0.6415 - Toshiba Corporation)
TOSHIBA Function Key (Version: 1.00.6626.6410 - Toshiba Corporation)
TOSHIBA Manuals (x32 Version: 10.10 - TOSHIBA)
TOSHIBA Password Utility (x32 Version: 2.00.973 - Toshiba Corporation)
TOSHIBA Password Utility (x32 Version: 2.00.973 - Toshiba Corporation) Hidden
TOSHIBA PC Health Monitor (Version: 1.8.17.640104 - Toshiba Corporation)
TOSHIBA Recovery Media Creator (x32 Version: 2.2.1.54043006 - Toshiba Corporation)
TOSHIBA Resolution+ Plug-in for Windows Media Player (x32 Version: 1.2.2.00 - TOSHIBA Corporation)
TOSHIBA Service Station (Version: 2.4.4 - TOSHIBA)
TOSHIBA System Driver (x32 Version: 1.00.0015 - Toshiba Corporation)
TOSHIBA System Settings (x32 Version: 1.00.0002.32002 - Toshiba Corporation)
Toshiba TEMPRO (x32 Version: 4.3.3 - Toshiba Europe GmbH)
TOSHIBA VIDEO PLAYER (Version: 5.1.0.21-A - Toshiba Corporation)
Updater (x32 Version: 2.6.53 - Creative Island Media, LLC)
Websteroids (x32 Version: 2.6.53 - Creative Island Media, LLC) <==== ATTENTION
Windows Driver Package - Realtek Semiconductor Corp. RtkBtFilter Bluetooth  (07/11/2012 2.3.13.3) (Version: 07/11/2012 2.3.13.3 - Realtek Semiconductor Corp.)

==================== Restore Points  =========================

17-01-2014 17:24:44 Windows Update

==================== Hosts content: ==========================

2012-07-26 06:26 - 2012-07-26 06:26 - 00000824 ____N C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {0A1CB763-BDC3-40BF-87B4-F1AE0CAA5020} - System32\Tasks\Toshiba\CommonNotifier => C:\Program Files (x86)\Toshiba TEMPRO\Toshiba.Tempro.UI.CommonNotifier.exe [2013-01-04] (Toshiba Europe GmbH)
Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {1CEDC5A2-E183-4BE9-BBCB-404EA7C62650} - System32\Tasks\Microsoft\Windows\Setup\Windows Upgrade Notification Task => C:\windows\system32\NotificationUI.exe [2013-08-16] (Microsoft Corporation)
Task: {1FCD2161-F8D6-4A23-A1DF-3742FE23B9BF} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2012-11-29] (Synaptics Incorporated)
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {8260E436-41C8-4649-9C17-44C4E45025A4} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [2012-07-27] (TOSHIBA Corporation)
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {C15F0BA4-27D9-4E4F-8A09-8D5E3E97F1A7} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-10] (Adobe Systems Incorporated)
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {CEF8B262-C34A-4992-B98E-8B950462793E} - \Desk 365 RunAsStdUser No Task File
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {EE327E2B-FAFF-4880-B399-0CE2667FA2CC} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\system32\NotificationUI.exe [2013-08-16] (Microsoft Corporation)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2013-01-29 20:09 - 2012-11-01 14:43 - 00175008 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4396.1016_x64__8wekyb3d8bbwe\ModernShared\ErrorReporting\ErrorReporting.dll
2012-10-26 00:24 - 2012-10-24 06:44 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-07-19 02:38 - 2012-07-19 02:38 - 00020904 _____ () C:\Program Files\TOSHIBA\Hotkey\SmoothView.dll
2012-07-19 02:38 - 2012-07-19 02:38 - 00049064 _____ () C:\Program Files\TOSHIBA\Hotkey\Hotkey\FnZ.dll
2012-08-14 03:13 - 2012-08-14 03:13 - 00018344 _____ () C:\Program Files\TOSHIBA\Teco\TecoMUI.dll
2013-08-28 21:16 - 2013-08-28 21:16 - 01179136 _____ () C:\windows\assembly\NativeImages_v4.0.30319_64\Windows.UI\9fbc5975a21c5638ba05f81b9febfaee\Windows.UI.ni.dll
2013-11-09 17:30 - 2013-11-09 17:30 - 00351232 _____ () C:\windows\assembly\NativeImages_v4.0.30319_64\Windows.Data\967740f7ed74ebe361d82cba59a694b2\Windows.Data.ni.dll
2013-08-28 21:16 - 2013-08-28 21:16 - 00295936 _____ () C:\windows\assembly\NativeImages_v4.0.30319_64\Windows.Foundation\14050be959443e89237e6c9136ea8e5e\Windows.Foundation.ni.dll
2013-01-29 20:09 - 2012-11-01 14:43 - 00175008 _____ () C:\Program Files\WindowsApps\microsoft.windowsphotos_16.4.4388.928_x64__8wekyb3d8bbwe\ModernShared\ErrorReporting\ErrorReporting.dll
2013-08-11 10:19 - 2013-08-13 21:14 - 00394824 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2013-05-09 17:01 - 2012-06-25 18:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2014-01-23 20:03 - 2014-01-23 20:03 - 00186496 _____ () C:\Program Files (x86)\Optimizer Pro\OptProCrashSvc.dll
2014-01-23 20:03 - 2014-01-23 20:03 - 02961368 _____ () C:\Program Files (x86)\Optimizer Pro\OptProCrash.dll
2013-12-20 18:30 - 2013-12-20 18:30 - 03559024 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\TEMP:373E1720

==================== Safe Mode (whitelisted) ===================


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Could not start eventlog service, could not read events.

Der angeforderte Dienst wurde bereits gestartet.

Sie erhalten weitere Hilfe, wenn Sie NET HELPMSG 2182 eingeben.


==================== Memory info =========================== 

Percentage of memory in use: 65%
Total physical RAM: 3979.21 MB
Available physical RAM: 1390 MB
Total Pagefile: 8075.21 MB
Available Pagefile: 4415.59 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (TI31051200A) (Fixed) (Total:286.89 GB) (Free:243.74 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298 GB) (Disk ID: 00000000)

Partition: GPT Partition Type
==================== End Of Log ============================
         
__________________

Alt 25.01.2014, 13:28   #4
schrauber
/// the machine
/// TB-Ausbilder
 

Suchmasachine Bing kommt seit gestern immer bei neuem Fenster... - Standard

Suchmasachine Bing kommt seit gestern immer bei neuem Fenster...



Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 25.01.2014, 15:49   #5
dreizwonull
 
Suchmasachine Bing kommt seit gestern immer bei neuem Fenster... - Standard

Suchmasachine Bing kommt seit gestern immer bei neuem Fenster...



Code:
ATTFilter
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2014.01.25.08

Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16750
Eike Koopamann :: EIKE [Administrator]

25.01.2014 15:42:43
mbam-log-2014-01-25 (15-42-43).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 205132
Laufzeit: 4 Minute(n), 3 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         
Code:
ATTFilter
# AdwCleaner v3.017 - Bericht erstellt am 25/01/2014 um 15:33:27
# Aktualisiert 12/01/2014 von Xplode
# Betriebssystem : Windows 8  (64 bits)
# Benutzername : Eike Koopamann - EIKE
# Gestartet von : C:\Users\Eike Koopamann\Desktop\adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****

[#] Dienst Gelöscht : 70e6ca8c

***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\RHelpers
Ordner Gelöscht : C:\Program Files (x86)\sweetpacks bundle uninstaller
Ordner Gelöscht : C:\Users\Eike Koopamann\AppData\Local\Searchprotect
Ordner Gelöscht : C:\Users\Eike Koopamann\AppData\Roaming\optimizer pro
Datei Gelöscht : C:\Users\Eike Koopamann\AppData\Roaming\Mozilla\Firefox\Profiles\nvxyvzwz.default\searchplugins\conduit-search.xml

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\IM
Schlüssel Gelöscht : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\DynConIE
Schlüssel Gelöscht : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gelöscht : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Schlüssel Gelöscht : HKLM\Software\SearchProtect
Daten Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll
Daten Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\OPTIMI~1\OPTPRO~2.DLL

***** [ Browser ] *****

-\\ Internet Explorer v10.0.9200.16537


-\\ Mozilla Firefox v26.0 (de)

[ Datei : C:\Users\Eike Koopamann\AppData\Roaming\Mozilla\Firefox\Profiles\nvxyvzwz.default\prefs.js ]

Zeile gelöscht : user_pref("browser.newtab.url", "hxxp://search.conduit.com/?ctid=CT3323737&octid=EB_ORIGINAL_CTID&SearchSource=69&CUI=&SSPV=&Lay=1&UM=2&UP=SPAADC6004-D67A-4068-997F-B273C887E248");
Zeile gelöscht : user_pref("browser.search.defaultenginename", "Conduit Search");
Zeile gelöscht : user_pref("browser.search.selectedEngine", "Conduit Search");
Zeile gelöscht : user_pref("extentions.webcake.installId", "51611ED4-A4D9-B305-7D4B-73E165587581");
Zeile gelöscht : user_pref("extentions.webcake.installId_backup", "51611ED4-A4D9-B305-7D4B-73E165587581");

*************************

AdwCleaner[R0].txt - [6068 octets] - [04/12/2013 17:46:29]
AdwCleaner[R1].txt - [2964 octets] - [25/01/2014 15:32:09]
AdwCleaner[R2].txt - [3024 octets] - [25/01/2014 15:32:57]
AdwCleaner[S0].txt - [5516 octets] - [04/12/2013 17:47:14]
AdwCleaner[S1].txt - [2732 octets] - [25/01/2014 15:33:27]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [2792 octets] ##########
         
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.0 (01.07.2014:1)
OS: Windows 8 x64
Ran by Eike Koopamann on 25.01.2014 at 15:38:52,10
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\Eike Koopamann\AppData\Roaming\mozilla\firefox\profiles\nvxyvzwz.default\minidumps [7 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 25.01.2014 at 15:44:07,90
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-01-2014
Ran by Eike Koopamann (administrator) on EIKE on 25-01-2014 15:48:35
Running from C:\Users\Eike Koopamann\Downloads
Windows 8 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(IvoSoft) C:\Program Files\Classic Shell\ClassicShellService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
() C:\Program Files (x86)\TOSHIBA\Password Utility\GFNEXSrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4396.1016_x64__8wekyb3d8bbwe\LiveComm.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoResident.exe
(SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\redirector.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\Receiver\Receiver.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\Toshiba.Tempro.UI.CommonNotifier.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [] - [x]
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13261456 2012-11-29] (Realtek Semiconductor)
HKLM\...\Run: [TCrdMain] - C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2565544 2012-10-31] ()
HKLM\...\Run: [TODDMain] - C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe [213136 2012-08-04] ()
HKLM\...\Run: [TecoResident] - C:\Program Files\TOSHIBA\Teco\TecoResident.exe [169896 2012-08-14] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] - C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [356776 2012-07-11] (TOSHIBA Corporation)
HKLM\...\Run: [SRS Premium Sound HD] - C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe [2172816 2012-10-22] (SRS Labs, Inc.)
HKLM-x32\...\Run: [Intel AppUp(R) center] - C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [156000 2012-12-18] (Intel Corporation)
HKLM-x32\...\Run: [TPUReg] - C:\Program Files (x86)\TOSHIBA\Password Utility\TosPU.exe [7152640 2012-12-05] (Pegatron Corporation)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [684600 2013-12-19] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [PDFPrint] - C:\Program Files (x86)\PDF24\pdf24.exe [162856 2013-07-22] (Geek Software GmbH)
HKLM-x32\...\Run: [CitrixReceiver] - "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk"
HKLM-x32\...\Run: [ConnectionCenter] - C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [395656 2013-06-14] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [Redirector] - C:\Program Files (x86)\Citrix\ICA Client\redirector.exe [153992 2013-06-14] (Citrix Systems, Inc.)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
MountPoints2: {29bedb58-8051-11e3-be94-24fd5215b36f} - "E:\Startme.exe" 

==================== Internet (Whitelisted) ====================

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
SearchScopes: HKLM - {92DBA33B-89A9-4441-965D-BE7A8C1BC452} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MATMJS
SearchScopes: HKLM-x32 - {92DBA33B-89A9-4441-965D-BE7A8C1BC452} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MATMJS
SearchScopes: HKCU - {92DBA33B-89A9-4441-965D-BE7A8C1BC452} URL = 
BHO: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
BHO: ClassicIE9BHO Class - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIE9DLL_64.dll (IvoSoft)
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
BHO-x32: ClassicIE9BHO Class - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIE9DLL_32.dll (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Eike Koopamann\AppData\Roaming\Mozilla\Firefox\Profiles\nvxyvzwz.default
FF SearchEngineOrder.1: Google
FF Homepage: www.google.de
FF Keyword.URL: hxxp://www.google.com/search?ie=UTF-8&oe=utf-8&q=
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @Citrix.com/npican - C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Websteroids - C:\Users\Eike Koopamann\AppData\Roaming\Mozilla\Firefox\Profiles\nvxyvzwz.default\Extensions\support@websteroidsapp.com [2014-01-23]
FF Extension: Adblock Plus - C:\Users\Eike Koopamann\AppData\Roaming\Mozilla\Firefox\Profiles\nvxyvzwz.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-08-11]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK

==================== Services (Whitelisted) =================

U2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376 2013-12-19] (Avira Operations GmbH & Co. KG)
U2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376 2013-11-25] (Avira Operations GmbH & Co. KG)
U4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1011768 2013-12-19] (Avira Operations GmbH & Co. KG)
U2 ClassicShellService; C:\Program Files\Classic Shell\ClassicShellService.exe [68608 2013-06-29] (IvoSoft)
U2 GFNEXSrv; C:\Program Files (x86)\TOSHIBA\Password Utility\GFNEXSrv.exe [156672 2011-10-13] ()
U2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)
U2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
U2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
U2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
U3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [288776 2013-09-06] (McAfee, Inc.)
U2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [201872 2012-12-05] (Realtek Semiconductor)
U3 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [116240 2013-01-04] (Toshiba Europe GmbH)
U3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-07-02] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

U2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-19] (Avira Operations GmbH & Co. KG)
U1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [131576 2013-12-19] (Avira Operations GmbH & Co. KG)
U1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2013-11-25] (Avira Operations GmbH & Co. KG)
U2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [84720 2013-12-19] (Avira Operations GmbH & Co. KG)
U3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
U3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
U2 PEGAGFN; C:\Program Files (x86)\TOSHIBA\Password Utility\PEGAGFN.sys [14344 2009-09-11] (PEGATRON)
U3 RtkBtFilter; C:\Windows\system32\DRIVERS\RtkBtfilter.sys [24208 2012-07-11] (Realtek Microelectronics)
U3 RTL8192Ce; C:\Windows\system32\DRIVERS\rtwlane.sys [1498256 2012-08-29] (Realtek Semiconductor Corporation                           )
U3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [1498256 2012-08-29] (Realtek Semiconductor Corporation                           )
U3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [31032 2012-11-29] (Synaptics Incorporated)
U3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [28632 2012-07-31] (Windows (R) Win 7 DDK provider)
U3 WUDFWpdComp; C:\Windows\system32\DRIVERS\WUDFRd.sys [198656 2012-07-26] (Microsoft Corporation)
U4 esgiguard; 

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-01-25 15:44 - 2014-01-25 15:44 - 00000890 _____ C:\Users\Eike Koopamann\Desktop\JRT.txt
2014-01-25 15:37 - 2014-01-25 15:37 - 01037068 _____ (Thisisu) C:\Users\Eike Koopamann\Desktop\JRT.exe
2014-01-25 15:30 - 2014-01-25 15:30 - 01236282 _____ C:\Users\Eike Koopamann\Desktop\adwcleaner.exe
2014-01-25 15:14 - 2014-01-25 15:14 - 00001084 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-01-25 15:12 - 2014-01-25 15:12 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Eike Koopamann\Downloads\mbam-setup-1.75.0.1300(1).exe
2014-01-24 20:48 - 2014-01-24 20:49 - 00011495 _____ C:\Users\Eike Koopamann\Downloads\Addition.txt
2014-01-24 20:45 - 2014-01-25 15:48 - 00017401 _____ C:\Users\Eike Koopamann\Downloads\FRST.txt
2014-01-24 20:44 - 2014-01-24 20:44 - 02077696 _____ (Farbar) C:\Users\Eike Koopamann\Downloads\FRST64.exe
2014-01-23 20:04 - 2014-01-23 20:04 - 00000000 ____D C:\Users\Eike Koopamann\AppData\Roaming\ICAClient
2014-01-23 20:03 - 2014-01-23 20:06 - 00000000 ____D C:\Users\Eike Koopamann\AppData\Local\Citrix
2014-01-23 20:03 - 2014-01-23 20:04 - 00000000 ____D C:\ProgramData\Citrix
2014-01-23 20:03 - 2014-01-23 20:04 - 00000000 ____D C:\Program Files (x86)\Citrix
2014-01-23 20:02 - 2014-01-25 15:26 - 00000000 ____D C:\ProgramData\Updater
2014-01-23 20:01 - 2014-01-23 20:01 - 00000000 ____D C:\Users\Eike Koopamann\Downloads\Citrix_Receiver_TSV126G03
2014-01-19 19:23 - 2014-01-19 19:23 - 00000000 ____D C:\Users\Eike Koopamann\AppData\Roaming\sMedio
2014-01-18 10:06 - 2013-12-07 07:37 - 00688640 _____ (Microsoft Corporation) C:\windows\system32\WSShared.dll
2014-01-18 10:06 - 2013-12-07 07:37 - 00163840 _____ (Microsoft Corporation) C:\windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-01-18 10:06 - 2013-12-07 06:15 - 00562688 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSShared.dll
2014-01-18 10:06 - 2013-12-07 06:15 - 00124928 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-01-15 18:29 - 2013-10-31 06:56 - 00915968 _____ (Microsoft Corporation) C:\windows\system32\MPSSVC.dll
2014-01-15 18:29 - 2013-10-31 06:56 - 00758784 _____ (Microsoft Corporation) C:\windows\system32\FirewallAPI.dll
2014-01-15 18:29 - 2013-10-31 05:01 - 00550400 _____ (Microsoft Corporation) C:\windows\SysWOW64\FirewallAPI.dll
2014-01-15 18:29 - 2013-10-31 04:42 - 00074752 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mpsdrv.sys
2014-01-15 18:29 - 2013-10-28 06:50 - 00588288 _____ (Microsoft Corporation) C:\windows\system32\SHCore.dll
2014-01-15 18:29 - 2013-10-28 05:05 - 00452608 _____ (Microsoft Corporation) C:\windows\SysWOW64\SHCore.dll
2014-01-15 18:29 - 2013-10-13 21:49 - 00100696 _____ (Microsoft Corporation) C:\windows\system32\Drivers\disk.sys
2014-01-15 18:29 - 2013-08-27 06:21 - 00227840 _____ (Microsoft Corporation) C:\windows\system32\WebClnt.dll
2014-01-15 18:29 - 2013-08-27 06:19 - 00104448 _____ (Microsoft Corporation) C:\windows\system32\davclnt.dll
2014-01-15 18:29 - 2013-08-26 23:29 - 00199168 _____ (Microsoft Corporation) C:\windows\SysWOW64\WebClnt.dll
2014-01-15 18:29 - 2013-08-26 23:28 - 00086016 _____ (Microsoft Corporation) C:\windows\SysWOW64\davclnt.dll
2013-12-29 23:06 - 2013-12-29 23:06 - 479824446 _____ C:\windows\MEMORY.DMP
2013-12-29 23:06 - 2013-12-29 23:06 - 00285920 _____ C:\windows\Minidump\122913-18671-01.dmp
2013-12-29 23:06 - 2013-12-29 23:06 - 00000000 ____D C:\windows\Minidump
2013-12-28 23:46 - 2013-12-28 23:46 - 00329024 _____ C:\windows\system32\FNTCACHE.DAT

==================== One Month Modified Files and Folders =======

2014-01-25 15:48 - 2014-01-24 20:45 - 00017401 _____ C:\Users\Eike Koopamann\Downloads\FRST.txt
2014-01-25 15:44 - 2014-01-25 15:44 - 00000890 _____ C:\Users\Eike Koopamann\Desktop\JRT.txt
2014-01-25 15:43 - 2013-08-16 15:07 - 00000884 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2014-01-25 15:37 - 2014-01-25 15:37 - 01037068 _____ (Thisisu) C:\Users\Eike Koopamann\Desktop\JRT.exe
2014-01-25 15:34 - 2012-07-26 08:22 - 00000006 ____H C:\windows\Tasks\SA.DAT
2014-01-25 15:33 - 2013-12-04 17:45 - 00000000 ____D C:\AdwCleaner
2014-01-25 15:30 - 2014-01-25 15:30 - 01236282 _____ C:\Users\Eike Koopamann\Desktop\adwcleaner.exe
2014-01-25 15:26 - 2014-01-23 20:02 - 00000000 ____D C:\ProgramData\Updater
2014-01-25 15:26 - 2013-08-11 17:48 - 02035537 _____ C:\windows\WindowsUpdate.log
2014-01-25 15:26 - 2013-01-30 03:47 - 00063406 _____ C:\windows\PFRO.log
2014-01-25 15:26 - 2012-07-26 06:26 - 00262144 ___SH C:\windows\system32\config\BBI
2014-01-25 15:14 - 2014-01-25 15:14 - 00001084 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-01-25 15:14 - 2013-11-08 17:56 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-25 15:12 - 2014-01-25 15:12 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Eike Koopamann\Downloads\mbam-setup-1.75.0.1300(1).exe
2014-01-25 15:12 - 2012-07-26 09:12 - 00000000 ____D C:\windows\system32\sru
2014-01-24 20:49 - 2014-01-24 20:48 - 00011495 _____ C:\Users\Eike Koopamann\Downloads\Addition.txt
2014-01-24 20:44 - 2014-01-24 20:44 - 02077696 _____ (Farbar) C:\Users\Eike Koopamann\Downloads\FRST64.exe
2014-01-23 20:06 - 2014-01-23 20:03 - 00000000 ____D C:\Users\Eike Koopamann\AppData\Local\Citrix
2014-01-23 20:04 - 2014-01-23 20:04 - 00000000 ____D C:\Users\Eike Koopamann\AppData\Roaming\ICAClient
2014-01-23 20:04 - 2014-01-23 20:03 - 00000000 ____D C:\ProgramData\Citrix
2014-01-23 20:04 - 2014-01-23 20:03 - 00000000 ____D C:\Program Files (x86)\Citrix
2014-01-23 20:01 - 2014-01-23 20:01 - 00000000 ____D C:\Users\Eike Koopamann\Downloads\Citrix_Receiver_TSV126G03
2014-01-19 19:23 - 2014-01-19 19:23 - 00000000 ____D C:\Users\Eike Koopamann\AppData\Roaming\sMedio
2014-01-19 19:21 - 2012-07-26 08:21 - 00029633 _____ C:\windows\setupact.log
2014-01-18 15:58 - 2013-08-18 20:50 - 00000000 ____D C:\windows\system32\MRT
2014-01-18 15:58 - 2012-07-26 09:12 - 00000000 ____D C:\windows\WinStore
2014-01-18 15:56 - 2013-08-18 20:50 - 86054176 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-01-13 21:03 - 2012-07-26 09:12 - 00000000 ____D C:\windows\AUInstallAgent
2014-01-10 20:43 - 2012-08-01 17:55 - 00780976 _____ C:\windows\system32\perfh010.dat
2014-01-10 20:43 - 2012-08-01 17:55 - 00152608 _____ C:\windows\system32\perfc010.dat
2014-01-10 20:43 - 2012-08-01 17:38 - 00753134 _____ C:\windows\system32\perfh007.dat
2014-01-10 20:43 - 2012-08-01 17:38 - 00155826 _____ C:\windows\system32\perfc007.dat
2014-01-10 20:43 - 2012-07-26 08:28 - 02679026 _____ C:\windows\system32\PerfStringBackup.INI
2014-01-09 09:02 - 2013-11-19 21:21 - 00694240 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-01-09 09:02 - 2013-11-19 21:21 - 00078296 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-12-29 23:06 - 2013-12-29 23:06 - 479824446 _____ C:\windows\MEMORY.DMP
2013-12-29 23:06 - 2013-12-29 23:06 - 00285920 _____ C:\windows\Minidump\122913-18671-01.dmp
2013-12-29 23:06 - 2013-12-29 23:06 - 00000000 ____D C:\windows\Minidump
2013-12-28 23:46 - 2013-12-28 23:46 - 00329024 _____ C:\windows\system32\FNTCACHE.DAT
2013-12-28 23:46 - 2013-08-11 18:03 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-12-28 23:44 - 2012-07-26 06:38 - 00000000 ____D C:\windows\system32\oobe

Some content of TEMP:
====================
C:\Users\Eike Koopamann\AppData\Local\Temp\avgnt.exe
C:\Users\Eike Koopamann\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-01-19 15:29

==================== End Of Log ============================
         
--- --- ---


Alt 26.01.2014, 07:26   #6
schrauber
/// the machine
/// TB-Ausbilder
 

Suchmasachine Bing kommt seit gestern immer bei neuem Fenster... - Standard

Suchmasachine Bing kommt seit gestern immer bei neuem Fenster...




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?
__________________
--> Suchmasachine Bing kommt seit gestern immer bei neuem Fenster...

Alt 26.01.2014, 11:37   #7
dreizwonull
 
Suchmasachine Bing kommt seit gestern immer bei neuem Fenster... - Standard

Suchmasachine Bing kommt seit gestern immer bei neuem Fenster...



Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=cfd0e1f5f6c872488d66e365b74a5b96
# engine=16799
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-01-26 10:27:41
# local_time=2014-01-26 11:27:41 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.2.9200 NT 
# compatibility_mode=1799 16775165 100 96 75303 161406966 68073 0
# compatibility_mode=5893 16776574 100 94 4558302 37628482 0 0
# scanned=181021
# found=3
# cleaned=0
# scan_time=3453
sh=42BE14A1364480B439C0FC2592A4BB86E04F4219 ft=1 fh=23eba6a0d8026998 vn="probably a variant of Win32/Adware.Yontoo.A application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Betcat\WebCakeIEClient.dll.vir"
sh=759D415B53185628CA25492523A5B2BC7E562D4A ft=1 fh=2db2a80633ac8466 vn="probably a variant of Win32/Adware.Yontoo.B application" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\Tarma Installer\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}\_Setupx.dll.vir"
sh=96C0D8FAE0FA351F8ED8FFAAE02A7D6EB4BAD4AD ft=0 fh=0000000000000000 vn="JS/Adware.Yontoo.C application" ac=I fn="C:\FRST\Quarantine\plugins@getwebcake.com.xpi"
         
Code:
ATTFilter
 Results of screen317's Security Check version 0.99.79  
   x64 (UAC is enabled)  
 Internet Explorer 10 Out of date! 
``````````````Antivirus/Firewall Check:`````````````` 
Windows Defender   
Avira Desktop      
 Antivirus up to date!  (On Access scanning disabled!) 
`````````Anti-malware/Other Utilities Check:````````` 
 Malwarebytes Anti-Malware Version 1.75.0.1300  
 Adobe Flash Player 	11.9.900.170  
 Mozilla Firefox (26.0) 
 Mozilla Thunderbird (17.0.8) 
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbamgui.exe  
 Avira Antivir avgnt.exe 
 Avira Antivir avguard.exe 
 Malwarebytes' Anti-Malware mbamscheduler.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log``````````````````````
         

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-01-2014 01
Ran by Eike Koopamann (administrator) on EIKE on 26-01-2014 11:36:31
Running from C:\Users\Eike Koopamann\Downloads
Windows 8 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(IvoSoft) C:\Program Files\Classic Shell\ClassicShellService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
() C:\Program Files (x86)\TOSHIBA\Password Utility\GFNEXSrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4396.1016_x64__8wekyb3d8bbwe\LiveComm.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoResident.exe
(SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\redirector.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\Receiver\Receiver.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\Toshiba.Tempro.UI.CommonNotifier.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowsphotos_16.4.4388.928_x64__8wekyb3d8bbwe\LiveComm.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [] - [x]
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13261456 2012-11-29] (Realtek Semiconductor)
HKLM\...\Run: [TCrdMain] - C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2565544 2012-10-31] ()
HKLM\...\Run: [TODDMain] - C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe [213136 2012-08-04] ()
HKLM\...\Run: [TecoResident] - C:\Program Files\TOSHIBA\Teco\TecoResident.exe [169896 2012-08-14] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] - C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [356776 2012-07-11] (TOSHIBA Corporation)
HKLM\...\Run: [SRS Premium Sound HD] - C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe [2172816 2012-10-22] (SRS Labs, Inc.)
HKLM-x32\...\Run: [Intel AppUp(R) center] - C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [156000 2012-12-18] (Intel Corporation)
HKLM-x32\...\Run: [TPUReg] - C:\Program Files (x86)\TOSHIBA\Password Utility\TosPU.exe [7152640 2012-12-05] (Pegatron Corporation)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [684600 2013-12-19] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [PDFPrint] - C:\Program Files (x86)\PDF24\pdf24.exe [162856 2013-07-22] (Geek Software GmbH)
HKLM-x32\...\Run: [CitrixReceiver] - "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk"
HKLM-x32\...\Run: [ConnectionCenter] - C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [395656 2013-06-14] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [Redirector] - C:\Program Files (x86)\Citrix\ICA Client\redirector.exe [153992 2013-06-14] (Citrix Systems, Inc.)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
MountPoints2: {29bedb58-8051-11e3-be94-24fd5215b36f} - "E:\Startme.exe" 

==================== Internet (Whitelisted) ====================

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
SearchScopes: HKLM - {92DBA33B-89A9-4441-965D-BE7A8C1BC452} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MATMJS
SearchScopes: HKLM-x32 - {92DBA33B-89A9-4441-965D-BE7A8C1BC452} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MATMJS
SearchScopes: HKCU - DefaultScope {92DBA33B-89A9-4441-965D-BE7A8C1BC452} URL = 
SearchScopes: HKCU - {92DBA33B-89A9-4441-965D-BE7A8C1BC452} URL = 
BHO: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
BHO: ClassicIE9BHO Class - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIE9DLL_64.dll (IvoSoft)
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
BHO-x32: ClassicIE9BHO Class - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIE9DLL_32.dll (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Eike Koopamann\AppData\Roaming\Mozilla\Firefox\Profiles\nvxyvzwz.default
FF SearchEngineOrder.1: Google
FF Homepage: www.google.de
FF Keyword.URL: hxxp://www.google.com/search?ie=UTF-8&oe=utf-8&q=
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @Citrix.com/npican - C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Websteroids - C:\Users\Eike Koopamann\AppData\Roaming\Mozilla\Firefox\Profiles\nvxyvzwz.default\Extensions\support@websteroidsapp.com [2014-01-23]
FF Extension: Adblock Plus - C:\Users\Eike Koopamann\AppData\Roaming\Mozilla\Firefox\Profiles\nvxyvzwz.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-08-11]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK

==================== Services (Whitelisted) =================

U2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376 2013-12-19] (Avira Operations GmbH & Co. KG)
U2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376 2013-11-25] (Avira Operations GmbH & Co. KG)
U4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1011768 2013-12-19] (Avira Operations GmbH & Co. KG)
U2 ClassicShellService; C:\Program Files\Classic Shell\ClassicShellService.exe [68608 2013-06-29] (IvoSoft)
U2 GFNEXSrv; C:\Program Files (x86)\TOSHIBA\Password Utility\GFNEXSrv.exe [156672 2011-10-13] ()
U2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)
U2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
U2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
U2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
U3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [288776 2013-09-06] (McAfee, Inc.)
U2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [201872 2012-12-05] (Realtek Semiconductor)
U3 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [116240 2013-01-04] (Toshiba Europe GmbH)
U3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-07-02] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

U2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-19] (Avira Operations GmbH & Co. KG)
U1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [131576 2013-12-19] (Avira Operations GmbH & Co. KG)
U1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2013-11-25] (Avira Operations GmbH & Co. KG)
U2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [84720 2013-12-19] (Avira Operations GmbH & Co. KG)
U3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
U3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
U2 PEGAGFN; C:\Program Files (x86)\TOSHIBA\Password Utility\PEGAGFN.sys [14344 2009-09-11] (PEGATRON)
U3 RtkBtFilter; C:\Windows\system32\DRIVERS\RtkBtfilter.sys [24208 2012-07-11] (Realtek Microelectronics)
U3 RTL8192Ce; C:\Windows\system32\DRIVERS\rtwlane.sys [1498256 2012-08-29] (Realtek Semiconductor Corporation                           )
U3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [1498256 2012-08-29] (Realtek Semiconductor Corporation                           )
U3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [31032 2012-11-29] (Synaptics Incorporated)
U3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [28632 2012-07-31] (Windows (R) Win 7 DDK provider)
U3 WUDFWpdComp; C:\Windows\system32\DRIVERS\WUDFRd.sys [198656 2012-07-26] (Microsoft Corporation)
U4 esgiguard; 

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-01-26 11:36 - 2014-01-26 11:36 - 00000000 ____D C:\Users\Eike Koopamann\Downloads\FRST-OlderVersion
2014-01-26 11:33 - 2014-01-26 11:33 - 00987425 _____ C:\Users\Eike Koopamann\Desktop\SecurityCheck.exe
2014-01-26 10:25 - 2014-01-26 10:25 - 02347384 _____ (ESET) C:\Users\Eike Koopamann\Downloads\esetsmartinstaller_enu(1).exe
2014-01-26 10:24 - 2014-01-26 10:25 - 02347384 _____ (ESET) C:\Users\Eike Koopamann\Downloads\esetsmartinstaller_enu.exe
2014-01-25 15:44 - 2014-01-25 15:44 - 00000890 _____ C:\Users\Eike Koopamann\Desktop\JRT.txt
2014-01-25 15:37 - 2014-01-25 15:37 - 01037068 _____ (Thisisu) C:\Users\Eike Koopamann\Desktop\JRT.exe
2014-01-25 15:30 - 2014-01-25 15:30 - 01236282 _____ C:\Users\Eike Koopamann\Desktop\adwcleaner.exe
2014-01-25 15:14 - 2014-01-25 15:14 - 00001084 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-01-25 15:12 - 2014-01-25 15:12 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Eike Koopamann\Downloads\mbam-setup-1.75.0.1300(1).exe
2014-01-24 20:48 - 2014-01-24 20:49 - 00011495 _____ C:\Users\Eike Koopamann\Downloads\Addition.txt
2014-01-24 20:45 - 2014-01-26 11:36 - 00017666 _____ C:\Users\Eike Koopamann\Downloads\FRST.txt
2014-01-24 20:44 - 2014-01-26 11:36 - 02078208 _____ (Farbar) C:\Users\Eike Koopamann\Downloads\FRST64.exe
2014-01-23 20:04 - 2014-01-23 20:04 - 00000000 ____D C:\Users\Eike Koopamann\AppData\Roaming\ICAClient
2014-01-23 20:03 - 2014-01-23 20:06 - 00000000 ____D C:\Users\Eike Koopamann\AppData\Local\Citrix
2014-01-23 20:03 - 2014-01-23 20:04 - 00000000 ____D C:\ProgramData\Citrix
2014-01-23 20:03 - 2014-01-23 20:04 - 00000000 ____D C:\Program Files (x86)\Citrix
2014-01-23 20:02 - 2014-01-25 15:26 - 00000000 ____D C:\ProgramData\Updater
2014-01-19 19:23 - 2014-01-19 19:23 - 00000000 ____D C:\Users\Eike Koopamann\AppData\Roaming\sMedio
2014-01-18 10:06 - 2013-12-07 07:37 - 00688640 _____ (Microsoft Corporation) C:\windows\system32\WSShared.dll
2014-01-18 10:06 - 2013-12-07 07:37 - 00163840 _____ (Microsoft Corporation) C:\windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-01-18 10:06 - 2013-12-07 06:15 - 00562688 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSShared.dll
2014-01-18 10:06 - 2013-12-07 06:15 - 00124928 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-01-15 18:29 - 2013-10-31 06:56 - 00915968 _____ (Microsoft Corporation) C:\windows\system32\MPSSVC.dll
2014-01-15 18:29 - 2013-10-31 06:56 - 00758784 _____ (Microsoft Corporation) C:\windows\system32\FirewallAPI.dll
2014-01-15 18:29 - 2013-10-31 05:01 - 00550400 _____ (Microsoft Corporation) C:\windows\SysWOW64\FirewallAPI.dll
2014-01-15 18:29 - 2013-10-31 04:42 - 00074752 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mpsdrv.sys
2014-01-15 18:29 - 2013-10-28 06:50 - 00588288 _____ (Microsoft Corporation) C:\windows\system32\SHCore.dll
2014-01-15 18:29 - 2013-10-28 05:05 - 00452608 _____ (Microsoft Corporation) C:\windows\SysWOW64\SHCore.dll
2014-01-15 18:29 - 2013-10-13 21:49 - 00100696 _____ (Microsoft Corporation) C:\windows\system32\Drivers\disk.sys
2014-01-15 18:29 - 2013-08-27 06:21 - 00227840 _____ (Microsoft Corporation) C:\windows\system32\WebClnt.dll
2014-01-15 18:29 - 2013-08-27 06:19 - 00104448 _____ (Microsoft Corporation) C:\windows\system32\davclnt.dll
2014-01-15 18:29 - 2013-08-26 23:29 - 00199168 _____ (Microsoft Corporation) C:\windows\SysWOW64\WebClnt.dll
2014-01-15 18:29 - 2013-08-26 23:28 - 00086016 _____ (Microsoft Corporation) C:\windows\SysWOW64\davclnt.dll
2013-12-29 23:06 - 2013-12-29 23:06 - 479824446 _____ C:\windows\MEMORY.DMP
2013-12-29 23:06 - 2013-12-29 23:06 - 00285920 _____ C:\windows\Minidump\122913-18671-01.dmp
2013-12-29 23:06 - 2013-12-29 23:06 - 00000000 ____D C:\windows\Minidump
2013-12-28 23:46 - 2013-12-28 23:46 - 00329024 _____ C:\windows\system32\FNTCACHE.DAT

==================== One Month Modified Files and Folders =======

2014-01-26 11:36 - 2014-01-26 11:36 - 00000000 ____D C:\Users\Eike Koopamann\Downloads\FRST-OlderVersion
2014-01-26 11:36 - 2014-01-24 20:45 - 00017666 _____ C:\Users\Eike Koopamann\Downloads\FRST.txt
2014-01-26 11:36 - 2014-01-24 20:44 - 02078208 _____ (Farbar) C:\Users\Eike Koopamann\Downloads\FRST64.exe
2014-01-26 11:36 - 2013-12-03 23:28 - 00000000 ____D C:\FRST
2014-01-26 11:33 - 2014-01-26 11:33 - 00987425 _____ C:\Users\Eike Koopamann\Desktop\SecurityCheck.exe
2014-01-26 11:00 - 2012-07-26 09:12 - 00000000 ____D C:\windows\system32\sru
2014-01-26 10:43 - 2013-08-16 15:07 - 00000884 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2014-01-26 10:32 - 2013-08-11 17:48 - 02077813 _____ C:\windows\WindowsUpdate.log
2014-01-26 10:25 - 2014-01-26 10:25 - 02347384 _____ (ESET) C:\Users\Eike Koopamann\Downloads\esetsmartinstaller_enu(1).exe
2014-01-26 10:25 - 2014-01-26 10:24 - 02347384 _____ (ESET) C:\Users\Eike Koopamann\Downloads\esetsmartinstaller_enu.exe
2014-01-25 15:44 - 2014-01-25 15:44 - 00000890 _____ C:\Users\Eike Koopamann\Desktop\JRT.txt
2014-01-25 15:37 - 2014-01-25 15:37 - 01037068 _____ (Thisisu) C:\Users\Eike Koopamann\Desktop\JRT.exe
2014-01-25 15:34 - 2012-07-26 08:22 - 00000006 ____H C:\windows\Tasks\SA.DAT
2014-01-25 15:33 - 2013-12-04 17:45 - 00000000 ____D C:\AdwCleaner
2014-01-25 15:30 - 2014-01-25 15:30 - 01236282 _____ C:\Users\Eike Koopamann\Desktop\adwcleaner.exe
2014-01-25 15:26 - 2014-01-23 20:02 - 00000000 ____D C:\ProgramData\Updater
2014-01-25 15:26 - 2013-01-30 03:47 - 00063406 _____ C:\windows\PFRO.log
2014-01-25 15:26 - 2012-07-26 06:26 - 00262144 ___SH C:\windows\system32\config\BBI
2014-01-25 15:14 - 2014-01-25 15:14 - 00001084 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-01-25 15:14 - 2013-11-08 17:56 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-25 15:12 - 2014-01-25 15:12 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Eike Koopamann\Downloads\mbam-setup-1.75.0.1300(1).exe
2014-01-24 20:49 - 2014-01-24 20:48 - 00011495 _____ C:\Users\Eike Koopamann\Downloads\Addition.txt
2014-01-23 20:06 - 2014-01-23 20:03 - 00000000 ____D C:\Users\Eike Koopamann\AppData\Local\Citrix
2014-01-23 20:04 - 2014-01-23 20:04 - 00000000 ____D C:\Users\Eike Koopamann\AppData\Roaming\ICAClient
2014-01-23 20:04 - 2014-01-23 20:03 - 00000000 ____D C:\ProgramData\Citrix
2014-01-23 20:04 - 2014-01-23 20:03 - 00000000 ____D C:\Program Files (x86)\Citrix
2014-01-19 19:23 - 2014-01-19 19:23 - 00000000 ____D C:\Users\Eike Koopamann\AppData\Roaming\sMedio
2014-01-19 19:21 - 2012-07-26 08:21 - 00029633 _____ C:\windows\setupact.log
2014-01-18 15:58 - 2013-08-18 20:50 - 00000000 ____D C:\windows\system32\MRT
2014-01-18 15:58 - 2012-07-26 09:12 - 00000000 ____D C:\windows\WinStore
2014-01-18 15:56 - 2013-08-18 20:50 - 86054176 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-01-13 21:03 - 2012-07-26 09:12 - 00000000 ____D C:\windows\AUInstallAgent
2014-01-10 20:43 - 2012-08-01 17:55 - 00780976 _____ C:\windows\system32\perfh010.dat
2014-01-10 20:43 - 2012-08-01 17:55 - 00152608 _____ C:\windows\system32\perfc010.dat
2014-01-10 20:43 - 2012-08-01 17:38 - 00753134 _____ C:\windows\system32\perfh007.dat
2014-01-10 20:43 - 2012-08-01 17:38 - 00155826 _____ C:\windows\system32\perfc007.dat
2014-01-10 20:43 - 2012-07-26 08:28 - 02679026 _____ C:\windows\system32\PerfStringBackup.INI
2014-01-09 09:02 - 2013-11-19 21:21 - 00694240 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-01-09 09:02 - 2013-11-19 21:21 - 00078296 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-12-29 23:06 - 2013-12-29 23:06 - 479824446 _____ C:\windows\MEMORY.DMP
2013-12-29 23:06 - 2013-12-29 23:06 - 00285920 _____ C:\windows\Minidump\122913-18671-01.dmp
2013-12-29 23:06 - 2013-12-29 23:06 - 00000000 ____D C:\windows\Minidump
2013-12-28 23:46 - 2013-12-28 23:46 - 00329024 _____ C:\windows\system32\FNTCACHE.DAT
2013-12-28 23:46 - 2013-08-11 18:03 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-12-28 23:44 - 2012-07-26 06:38 - 00000000 ____D C:\windows\system32\oobe

Some content of TEMP:
====================
C:\Users\Eike Koopamann\AppData\Local\Temp\avgnt.exe
C:\Users\Eike Koopamann\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-01-19 15:29

==================== End Of Log ============================
         
--- --- ---

--- --- ---


Ich habe jetzt noch das Problem, dass ich teilweise Wörter unterstrichen habe und sich ein Linkfesnster öffnen, wenn ich mit der Maus hingehe.

Das Bing-Fenster scheint weg zu sein.

Geändert von dreizwonull (26.01.2014 um 11:46 Uhr)

Alt 27.01.2014, 08:36   #8
schrauber
/// the machine
/// TB-Ausbilder
 

Suchmasachine Bing kommt seit gestern immer bei neuem Fenster... - Standard

Suchmasachine Bing kommt seit gestern immer bei neuem Fenster...



in welchem Browser?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 27.01.2014, 12:39   #9
dreizwonull
 
Suchmasachine Bing kommt seit gestern immer bei neuem Fenster... - Standard

Suchmasachine Bing kommt seit gestern immer bei neuem Fenster...



Firefox...

Alt 28.01.2014, 10:39   #10
schrauber
/// the machine
/// TB-Ausbilder
 

Suchmasachine Bing kommt seit gestern immer bei neuem Fenster... - Standard

Suchmasachine Bing kommt seit gestern immer bei neuem Fenster...



Revo Uninstaller - Download - Filepony
damit Firefox deinstallieren, keine Daten behalten, Reste entfernen lassen, neu installieren. Dann:
https://support.mozilla.org/de/kb/fi...einfach-loesen
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 28.01.2014, 16:37   #11
dreizwonull
 
Suchmasachine Bing kommt seit gestern immer bei neuem Fenster... - Standard

Suchmasachine Bing kommt seit gestern immer bei neuem Fenster...



Hm, scheint alles sauber zu sein.
Danke!

Alt 29.01.2014, 10:53   #12
schrauber
/// the machine
/// TB-Ausbilder
 

Suchmasachine Bing kommt seit gestern immer bei neuem Fenster... - Standard

Suchmasachine Bing kommt seit gestern immer bei neuem Fenster...



Fertig

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.



Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun

Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 29.01.2014, 17:52   #13
dreizwonull
 
Suchmasachine Bing kommt seit gestern immer bei neuem Fenster... - Standard

Suchmasachine Bing kommt seit gestern immer bei neuem Fenster...



Danke, Schrauber. Thema kann von mir auis geschlossen werden!

Alt 30.01.2014, 16:04   #14
schrauber
/// the machine
/// TB-Ausbilder
 

Suchmasachine Bing kommt seit gestern immer bei neuem Fenster... - Standard

Suchmasachine Bing kommt seit gestern immer bei neuem Fenster...



Gern Geschehen
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu Suchmasachine Bing kommt seit gestern immer bei neuem Fenster...
gestern, heute, js/adware.yontoo.c, leute, neue, neuem, neuen, ungewollt, win32/adware.yontoo.a, win32/adware.yontoo.b, öffnen



Ähnliche Themen: Suchmasachine Bing kommt seit gestern immer bei neuem Fenster...


  1. lästiger Werbebanner erscheint seit gestern
    Plagegeister aller Art und deren Bekämpfung - 17.11.2013 (1)
  2. GVU Trojaner mit Foto seit gestern
    Plagegeister aller Art und deren Bekämpfung - 28.04.2013 (14)
  3. Virus kommt immer wieder, auch mit neuem MBR. Brauche Experten
    Plagegeister aller Art und deren Bekämpfung - 07.04.2013 (13)
  4. Windwosverschlüsselungstrojaner -seit gestern Abend
    Log-Analyse und Auswertung - 28.06.2012 (5)
  5. Neues Fenster kommt immer beim an- und abmelden, http://fla15.maxexp.com/tag1.html
    Plagegeister aller Art und deren Bekämpfung - 13.04.2012 (10)
  6. Seit ein paar tagen geht das Fenster aufmachen in Mozila so langsam und lädt immer
    Log-Analyse und Auswertung - 24.01.2012 (7)
  7. seit gestern Fehlermeldung bei Windowsstart
    Plagegeister aller Art und deren Bekämpfung - 15.01.2012 (5)
  8. Trojaner Kazy.mekml.1 seit gestern - Daten weg, PC fährt immer runter
    Plagegeister aller Art und deren Bekämpfung - 28.04.2011 (13)
  9. PC lahmt seit gestern :(
    Log-Analyse und Auswertung - 16.04.2009 (24)
  10. Pc seit gestern langsam. Virus?
    Mülltonne - 12.11.2008 (0)
  11. Favoriten sind seit gestern weg....
    Plagegeister aller Art und deren Bekämpfung - 05.05.2008 (15)
  12. Seit gestern erhebliche Probleme
    Log-Analyse und Auswertung - 27.12.2007 (1)
  13. TR/Obustat.A nervt seit gestern
    Log-Analyse und Auswertung - 07.08.2007 (14)
  14. Pc hängt und stürtzt seit gestern ab
    Log-Analyse und Auswertung - 04.03.2007 (7)
  15. InternetProbleme seit gestern..
    Plagegeister aller Art und deren Bekämpfung - 14.08.2006 (3)
  16. Seit gestern etwa 40 Trojaner...
    Log-Analyse und Auswertung - 27.04.2006 (8)
  17. Bei mir gehen seit Gestern immer neue Fenster im IE auf
    Plagegeister aller Art und deren Bekämpfung - 25.10.2005 (2)

Zum Thema Suchmasachine Bing kommt seit gestern immer bei neuem Fenster... - Moin Leute, seit gestern kommt bei mir ständig ein Suchfenster von Bing, wenn ich einen neuen Task öffne. Außerdem öffnen sich ungewollt Fenster. Habe Windows 8 drauf + Gratis-Avira mit - Suchmasachine Bing kommt seit gestern immer bei neuem Fenster......
Archiv
Du betrachtest: Suchmasachine Bing kommt seit gestern immer bei neuem Fenster... auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.