Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Spam Mails werden von yahoo account verschickt - auch nach Passwortänderung

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 28.03.2014, 12:58   #1
Andi64
 
Spam Mails werden von yahoo account verschickt - auch nach Passwortänderung - Standard

Spam Mails werden von yahoo account verschickt - auch nach Passwortänderung



Hallo,

mein Problem ist folgendes: Ende letzten Jahres wurden von meinem Yahoo account SPAM Mails verschickt. Daraufhin habe ich das Passwort geändert, Virenscanner hat seiner Zeit keinen Befall feststellen können. Jetzt habe ich gestern von verschiedenen Bekannten mitgeteilt bekommen, dass wieder Spam Mails verschickt wurden



Hier die geforderten Log Files:

Code:
ATTFilter
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 13:06 on 28/03/2014 (andreas)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
         
FRST

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by andreas (administrator) on ANDREAS-PC on 28-03-2014 13:10:11
Running from C:\Users\andreas\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\windows\system32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Microsoft Corporation) C:\windows\SysWOW64\svchost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Starfield Technologies) C:\Program Files (x86)\Workspace\offSyncService.exe
() C:\windows\SysWOW64\Rezip.exe
(SafeNet, Inc.) C:\Program Files\SafeNet\Authentication\SAC\x64\SACSrv.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(SEC) C:\Program Files (x86)\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe
(SAMSUNG Electronics) C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(Akamai Technologies, Inc.) C:\Users\andreas\AppData\Local\Akamai\netsession_win.exe
(Starfield Technologies) C:\Users\andreas\AppData\Local\Workspace\workspaceupdate.exe
(Starfield Technologies) C:\Users\andreas\AppData\Local\Workspace\workspacestatus.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Dropbox, Inc.) C:\Users\andreas\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Akamai Technologies, Inc.) C:\Users\andreas\AppData\Local\Akamai\netsession_win.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Users\andreas\Desktop\Defogger.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2074408 2010-02-26] (Synaptics Incorporated)
HKLM\...\Run: [NvCplDaemon] - C:\windows\system32\NvCpl.dll [16413288 2010-02-09] (NVIDIA Corporation)
HKLM\...\Run: [Windows Mobile Device Center] - C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM-x32\...\Run: [RemoteControl8] - C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe [91432 2009-04-15] (CyberLink Corp.)
HKLM-x32\...\Run: [PDVD8LanguageShortcut] - C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe [50472 2009-04-15] (CyberLink Corp.)
HKLM-x32\...\Run: [GrooveMonitor] - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [Ad-Aware Browsing Protection] - C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe [198032 2011-10-21] (Lavasoft)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-20] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] - [X]
HKU\S-1-5-21-522234228-4192544273-3428825822-1001\...\Run: [Akamai NetSession Interface] - C:\Users\andreas\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.)
HKU\S-1-5-21-522234228-4192544273-3428825822-1001\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-08-06] (Google Inc.)
HKU\S-1-5-21-522234228-4192544273-3428825822-1001\...\Run: [Starfield Updater] - C:\Users\andreas\AppData\Local\Workspace\WorkspaceUpdate.exe [35008 2013-05-26] (Starfield Technologies)
HKU\S-1-5-21-522234228-4192544273-3428825822-1001\...\Run: [Workspace Status] - C:\Users\andreas\AppData\Local\Workspace\workspacestatus.exe [694760 2013-07-26] (Starfield Technologies)
HKU\S-1-5-21-522234228-4192544273-3428825822-1001\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20922016 2014-02-10] (Skype Technologies S.A.)
HKU\S-1-5-21-522234228-4192544273-3428825822-1001\...\MountPoints2: F - F:\AutoRun.exe
HKU\S-1-5-21-522234228-4192544273-3428825822-1001\...\MountPoints2: {32f51433-89e1-11e0-97a7-002454e954ae} - F:\AutoRun.exe
HKU\S-1-5-21-522234228-4192544273-3428825822-1001\...\MountPoints2: {32f51450-89e1-11e0-97a7-002454e954ae} - F:\AutoRun.exe
HKU\S-1-5-21-522234228-4192544273-3428825822-1001\...\MountPoints2: {41887a51-d21b-11e0-bf74-18f46a98bd77} - F:\AutoRun.exe
HKU\S-1-5-21-522234228-4192544273-3428825822-1001\...\MountPoints2: {6b2f40ea-8e7a-11e0-8377-001e101f57d0} - F:\AutoRun.exe
HKU\S-1-5-21-522234228-4192544273-3428825822-1001\...\MountPoints2: {6c622be6-6ed1-11e3-88f1-b093d91fc81a} - F:\Autorun.exe
HKU\S-1-5-21-522234228-4192544273-3428825822-1001\...\MountPoints2: {724dbaef-39fa-11e2-89df-c98f64111666} - F:\Autorun.exe
HKU\S-1-5-21-522234228-4192544273-3428825822-1001\...\MountPoints2: {7aa5abac-6b8b-11e2-b97e-1ef46a98bd77} - F:\Autorun.exe
HKU\S-1-5-21-522234228-4192544273-3428825822-1001\...\MountPoints2: {e67be80c-e7ab-11e2-bc21-18f46a98bd77} - G:\AutoRun.exe
Startup: C:\Users\andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\andreas\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.yahoo.com/?fr=fp-yie9
SearchScopes: HKCU - DefaultScope {F3EC1F04-D859-491B-921C-C994A33669CD} URL = hxxp://search.zonealarm.com/search?src=sp&tbid=goughGA&Lan=de&q={searchTerms}&gu=386d05aab96640798e6ea6ac9f50f5fc&tu=10GXz00Au1C01g0&sku=&tstsId=&ver=&&r=334
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://search.babylon.com/?q={searchTerms}&AF=108760&babsrc=SP_ss&mntrId=c641592b0000000000001ef46a98bd77
SearchScopes: HKCU - {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=WBG&o=15132&src=crm&q={searchTerms}&locale=en_US
SearchScopes: HKCU - {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = hxxp://www.google.com/search?ie=utf-8&oe=utf-8&mssrc=ms_chr&mstb=adawaretb&q={searchTerms}
SearchScopes: HKCU - {92C33D4D-06C3-49C7-9BDC-3A342E3899AD} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=chr-yie9
SearchScopes: HKCU - {AD20EAA2-12B9-46B5-BBB3-32A3A31661D2} URL = hxxp://www.flickr.com/search/?q={searchTerms}
SearchScopes: HKCU - {F3EC1F04-D859-491B-921C-C994A33669CD} URL = hxxp://search.zonealarm.com/search?src=sp&tbid=goughGA&Lan=de&q={searchTerms}&gu=386d05aab96640798e6ea6ac9f50f5fc&tu=10GXz00Au1C01g0&sku=&tstsId=&ver=&&r=334
BHO: Windows Live Family Safety Browser Helper Class - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO-x32: BFlix Class - {0C9F4179-6CE2-4c6a-A3E5-67FF3592A12E} - C:\Program Files (x86)\BFlix\BFlix.dll (BFlix)
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{011E7012-FCC3-417B-B375-8A252ADD8B30}: [NameServer]193.189.244.206 193.189.244.225
Tcpip\..\Interfaces\{708DB8B2-E39B-4BEE-842B-07EC99E3E497}: [NameServer]193.189.244.206 193.189.244.225
Tcpip\..\Interfaces\{8B8CA7B7-057C-43EE-9A22-091EB0577D86}: [NameServer]193.189.244.206 193.189.244.225

FireFox:
========
FF ProfilePath: C:\Users\andreas\AppData\Roaming\Mozilla\Firefox\Profiles\f3er6lil.default
FF user.js: detected! => C:\Users\andreas\AppData\Roaming\Mozilla\Firefox\Profiles\f3er6lil.default\user.js
FF Homepage: hxxp://yahoo.de/
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF Plugin-x32: @checkpoint.com/FFApi - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll No File
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @starfield.com/off - C:\Users\andreas\AppData\Roaming\Mozilla\Plugins\npoff.dll ( Starfield Technologies, LLC.)
FF Plugin HKCU: @starfield.com/off64 - C:\Users\andreas\AppData\Roaming\Mozilla\Plugins\npoff64.dll ( Starfield Technologies, LLC.)
FF Plugin HKCU: @starfield.com/wbe - C:\Users\andreas\AppData\Roaming\Mozilla\Plugins\npwbe.dll (Starfield Technology, LLC)
FF Plugin HKCU: @starfield.com/wbe64 - C:\Users\andreas\AppData\Roaming\Mozilla\Plugins\npwbe64.dll (Starfield Technology, LLC)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\andreas\AppData\Roaming\mozilla\plugins\npoff.dll ( Starfield Technologies, LLC.)
FF Plugin ProgramFiles/Appdata: C:\Users\andreas\AppData\Roaming\mozilla\plugins\npoff64.dll ( Starfield Technologies, LLC.)
FF Plugin ProgramFiles/Appdata: C:\Users\andreas\AppData\Roaming\mozilla\plugins\npwbe.dll (Starfield Technology, LLC)
FF Plugin ProgramFiles/Appdata: C:\Users\andreas\AppData\Roaming\mozilla\plugins\npwbe64.dll (Starfield Technology, LLC)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: WBE Paste - C:\Users\andreas\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\wbepaste@starfield [2013-05-26]
FF Extension: Workspace Email Zoom - C:\Users\andreas\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\zoomext@starfield [2013-05-26]
FF Extension: Bflix extension - C:\Users\andreas\AppData\Roaming\Mozilla\Firefox\Profiles\f3er6lil.default\Extensions\info@thebflix.com [2012-01-28]
FF Extension: loadtbs - C:\Users\andreas\AppData\Roaming\Mozilla\Firefox\Profiles\f3er6lil.default\Extensions\software@loadtubes.com [2013-12-14]
FF Extension: Yahoo! Toolbar - C:\Users\andreas\AppData\Roaming\Mozilla\Firefox\Profiles\f3er6lil.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2013-12-15]
FF Extension: Bluhell Firewall - C:\Users\andreas\AppData\Roaming\Mozilla\Firefox\Profiles\f3er6lil.default\Extensions\{6BB5760D-F97E-421B-AF5B-8457A90C3CED}.xpi [2013-12-15]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\KavAntiBanner@Kaspersky.ru [2014-02-28]
FF Extension: Anti-Banner - C:\Program Files (x86)\Mozilla Firefox\extensions\KavAntiBanner@kaspersky.ru_bak [2014-02-28]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru [2014-02-28]
FF Extension: Modul zur Link-Untersuchung - C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak [2014-02-28]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-03-03]
FF HKLM-x32\...\Firefox\Extensions: [{000a9d1c-beef-4f90-9363-039d445309b8}] - C:\Program Files (x86)\Google\Google Gears\Firefox\
FF Extension: Google Gears - C:\Program Files (x86)\Google\Google Gears\Firefox\ []
FF HKLM-x32\...\Firefox\Extensions: [virtualKeyboard@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\virtualKeyboard@kaspersky.ru
FF HKLM-x32\...\Firefox\Extensions: [KavAntiBanner@Kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\KavAntiBanner@kaspersky.ru
FF HKLM-x32\...\Firefox\Extensions: [linkfilter@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\linkfilter@kaspersky.ru
FF HKLM-x32\...\Firefox\Extensions: [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}] - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker

Chrome: 
=======
CHR DefaultSearchURL: hxxp://www.google.de/search?hl=de&source=hp&q={searchTerms}
CHR DefaultNewTabURL: 
CHR Extension: (Google Docs) - C:\Users\andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-12-13]
CHR Extension: (Google Drive) - C:\Users\andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-12-13]
CHR Extension: (YouTube) - C:\Users\andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-12-13]
CHR Extension: (Google Search) - C:\Users\andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-12-13]
CHR Extension: (Bflix extension) - C:\Users\andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlfihafpijfdgmojeeigcldgchhojpfp [2014-03-04]
CHR Extension: (Skype Click to Call) - C:\Users\andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-03-04]
CHR Extension: (Google Wallet) - C:\Users\andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR Extension: (Gmail) - C:\Users\andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-12-13]
CHR HKLM-x32\...\Chrome\Extension: [jlfihafpijfdgmojeeigcldgchhojpfp] - C:\Program Files (x86)\BFlix\BFlix.crx [2011-12-19]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-03-03]

==================== Services (Whitelisted) =================

R2 Akamai; c:\program files (x86)\common files\akamai/netsession_win_8fa3539.dll [4569856 2013-07-01] (Akamai Technologies, Inc.)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1017424 2014-02-20] (Avira Operations GmbH & Co. KG)
S3 Autodesk Licensing Service; C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe [77944 2011-03-08] (Autodesk)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1363584 2014-03-03] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1748608 2014-03-03] (Microsoft Corporation)
R2 File Backup; C:\Program Files (x86)\Workspace\offSyncService.exe [1187040 2013-07-22] (Starfield Technologies)
R2 Rezip; C:\windows\SysWOW64\Rezip.exe [311296 2009-03-05] ()
R2 SACSrv; C:\Program Files\SafeNet\Authentication\SAC\x64\SACSrv.exe [10712 2011-10-02] (SafeNet, Inc.)
S4 mcmscsvc; C:\PROGRA~2\McAfee\MSC\mcmscsvc.exe [X]
S4 McNASvc; "c:\PROGRA~2\COMMON~1\mcafee\mna\mcnasvc.exe" [X]
S4 McProxy; c:\PROGRA~2\COMMON~1\mcafee\mcproxy\mcproxy.exe [X]
S4 MpfService; "C:\Program Files (x86)\McAfee\MPF\MPFSrv.exe" [X]
S2 MSK80Service; "C:\Program Files (x86)\McAfee\MSK\MskSrver.exe" [X]

==================== Drivers (Whitelisted) ====================

R3 AKSIFDH; C:\Windows\System32\DRIVERS\aksifdh.sys [62632 2008-07-30] (Aladdin Knowledge Systems, Ltd.)
S3 AKSUP; C:\Windows\System32\drivers\aksup.sys [44712 2008-07-30] (Aladdin Knowledge Systems, Ltd.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-09] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-09] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-12-09] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [84720 2013-12-09] (Avira Operations GmbH & Co. KG)
S3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [243200 2009-10-21] (Huawei Technologies Co., Ltd.)
S3 hwusbdev; C:\Windows\System32\DRIVERS\ewusbdev.sys [114304 2009-10-12] (Huawei Technologies Co., Ltd.)
R3 iKeyEnum; C:\Windows\System32\DRIVERS\ikeyenum.sys [16160 2010-07-08] (SafeNet, Inc.)
R3 iKeyIFD; C:\Windows\System32\DRIVERS\ikeyifd.sys [22304 2010-07-08] (SafeNet, Inc.)
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [89944 2013-02-21] (Kaspersky Lab)
S4 MPFP; C:\Windows\System32\Drivers\Mpfp.sys [176144 2010-07-15] (McAfee, Inc.)
U5 RnbToken; C:\Windows\System32\Drivers\RnbToken.sys [24352 2010-07-08] (SafeNet, Inc.)
S3 rtport; C:\windows\SysWOW64\drivers\rtport.sys [15144 2010-11-05] (Windows (R) 2003 DDK 3790 provider)
S4 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
S3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [395264 2009-09-28] ()

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-28 13:10 - 2014-03-28 13:10 - 00024591 _____ () C:\Users\andreas\Desktop\FRST.txt
2014-03-28 13:10 - 2014-03-28 13:10 - 00000000 ____D () C:\FRST
2014-03-28 13:09 - 2014-03-28 13:09 - 02157056 _____ (Farbar) C:\Users\andreas\Desktop\FRST64.exe
2014-03-28 13:08 - 2014-03-28 13:09 - 02157056 _____ (Farbar) C:\Users\andreas\Downloads\FRST64.exe
2014-03-28 13:07 - 2014-03-28 13:07 - 01145856 _____ (Farbar) C:\Users\andreas\Downloads\FRST.exe
2014-03-28 13:06 - 2014-03-28 13:06 - 00000476 _____ () C:\Users\andreas\Desktop\defogger_disable.log
2014-03-28 13:06 - 2014-03-28 13:06 - 00000000 _____ () C:\Users\andreas\defogger_reenable
2014-03-28 13:05 - 2014-03-28 13:05 - 00050477 _____ () C:\Users\andreas\Downloads\Defogger.exe
2014-03-28 13:05 - 2014-03-28 13:05 - 00050477 _____ () C:\Users\andreas\Desktop\Defogger.exe
2014-03-28 10:00 - 2014-03-28 10:00 - 00167424 _____ () C:\Users\andreas\Downloads\OBRASCI ZAVRSNI 2013 - SEMNONES (2).xls
2014-03-28 09:59 - 2014-03-28 09:59 - 00167424 _____ () C:\Users\andreas\Downloads\OBRASCI ZAVRSNI 2013 - SEMNONES (1).xls
2014-03-28 09:57 - 2014-03-28 09:57 - 00167424 _____ () C:\Users\andreas\Downloads\OBRASCI ZAVRSNI 2013 - SEMNONES.xls
2014-03-22 14:26 - 2014-03-22 14:33 - 00064000 ____H () C:\Users\Guest\Desktop\~WRL3555.tmp
2014-03-22 13:25 - 2014-03-22 13:34 - 00009169 _____ () C:\Users\andreas\Documents\Bieter.xlsx
2014-03-22 09:03 - 2014-03-22 09:03 - 00000000 ____D () C:\Users\Guest\AppData\Local\Adobe
2014-03-22 09:02 - 2014-03-22 09:02 - 00000000 ____D () C:\Users\Guest\AppData\Local\Google
2014-03-22 08:35 - 2014-03-22 08:35 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Avira
2014-03-22 08:29 - 2014-03-22 08:29 - 00000000 ____H () C:\windows\system32\Drivers\Msft_User_wpdcomp_01_09_00.Wdf
2014-03-22 06:45 - 2014-03-22 06:45 - 00000000 ____D () C:\Users\Guest\Desktop\Bieterregistrierungen
2014-03-21 16:09 - 2014-03-27 22:58 - 00003942 _____ () C:\windows\System32\Tasks\User_Feed_Synchronization-{92299EF7-1E5C-417C-864B-B520F20C2A67}
2014-03-20 23:33 - 2014-03-22 15:21 - 00000000 ____D () C:\Users\Guest\Desktop\forms
2014-03-20 23:33 - 2014-03-20 23:33 - 00000000 ____D () C:\Users\Guest\Desktop\logo avus
2014-03-20 23:20 - 2014-03-20 23:20 - 00000000 ____D () C:\Users\Guest\AppData\Local\adaware
2014-03-20 23:19 - 2014-03-25 10:52 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite
2014-03-20 23:19 - 2014-03-22 09:03 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Adobe
2014-03-20 23:19 - 2014-03-20 23:20 - 00000000 ___RD () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-20 23:19 - 2014-03-20 23:20 - 00000000 ___RD () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-03-20 23:19 - 2014-03-20 23:20 - 00000000 ____D () C:\Users\Guest\AppData\Local\VirtualStore
2014-03-20 23:19 - 2014-03-20 23:19 - 00001413 _____ () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-03-20 23:19 - 2014-03-20 23:19 - 00000020 ___SH () C:\Users\Guest\ntuser.ini
2014-03-20 23:19 - 2014-03-20 23:19 - 00000000 ____D () C:\Users\Guest\AppData\Local\offsync
2014-03-20 23:19 - 2014-03-20 23:19 - 00000000 ____D () C:\Users\Guest
2014-03-20 23:19 - 2011-03-10 16:30 - 00000000 ____D () C:\Users\Guest\AppData\Local\Microsoft Help
2014-03-20 23:19 - 2011-03-06 19:34 - 00001135 _____ () C:\Users\Guest\Desktop\CyberLink YouCam.lnk
2014-03-20 23:19 - 2011-03-06 19:34 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink YouCam
2014-03-20 23:19 - 2010-08-04 03:37 - 00001190 _____ () C:\Users\Guest\Desktop\CyberLink DVD Suite.lnk
2014-03-20 23:19 - 2009-07-14 05:54 - 00000000 ___RD () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-03-20 23:19 - 2009-07-14 05:49 - 00000000 ___RD () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-03-13 21:26 - 2014-03-01 06:17 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-03-13 21:26 - 2014-03-01 06:16 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-03-13 21:26 - 2014-03-01 05:58 - 02765824 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-03-13 21:26 - 2014-03-01 05:52 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-03-13 21:26 - 2014-03-01 05:51 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-03-13 21:26 - 2014-03-01 05:40 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-03-13 21:26 - 2014-03-01 05:30 - 17074688 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-03-13 21:26 - 2014-03-01 05:17 - 00218624 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-03-13 21:26 - 2014-03-01 05:11 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-03-13 21:26 - 2014-03-01 04:52 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-03-13 21:26 - 2014-03-01 04:51 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-03-13 21:26 - 2014-03-01 04:47 - 02168320 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-03-13 21:26 - 2014-03-01 04:43 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-03-13 21:26 - 2014-03-01 04:43 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-03-13 21:26 - 2014-03-01 04:42 - 00627200 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-03-13 21:26 - 2014-03-01 04:40 - 00440832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-03-13 21:26 - 2014-03-01 04:38 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-03-13 21:26 - 2014-03-01 04:37 - 00553472 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-03-13 21:26 - 2014-03-01 04:35 - 02041856 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-03-13 21:26 - 2014-03-01 04:14 - 04244480 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-03-13 21:26 - 2014-03-01 04:03 - 00524288 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-03-13 21:26 - 2014-03-01 04:00 - 01964032 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-03-13 21:26 - 2014-03-01 03:57 - 11266048 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-03-13 21:26 - 2014-03-01 03:38 - 01393664 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-03-13 21:26 - 2014-03-01 03:27 - 01156096 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-03-13 21:26 - 2014-02-07 02:23 - 03156480 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-03-13 21:26 - 2014-01-29 03:32 - 00484864 _____ (Microsoft Corporation) C:\windows\system32\wer.dll
2014-03-13 21:26 - 2014-01-29 03:06 - 00381440 _____ (Microsoft Corporation) C:\windows\SysWOW64\wer.dll
2014-03-13 21:26 - 2014-01-28 03:32 - 00228864 _____ (Microsoft Corporation) C:\windows\system32\wwansvc.dll
2014-03-13 21:25 - 2014-03-01 07:05 - 23133696 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-03-13 21:25 - 2014-03-01 05:42 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-03-13 21:25 - 2014-03-01 05:37 - 00574976 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-03-13 21:25 - 2014-03-01 05:33 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-03-13 21:25 - 2014-03-01 05:33 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-03-13 21:25 - 2014-03-01 05:32 - 00708608 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-03-13 21:25 - 2014-03-01 05:23 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-03-13 21:25 - 2014-03-01 05:02 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-03-13 21:25 - 2014-03-01 04:54 - 05768704 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-03-13 21:25 - 2014-03-01 04:18 - 13051904 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-03-13 21:25 - 2014-03-01 04:16 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-03-13 21:25 - 2014-03-01 04:10 - 02334208 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-03-13 21:25 - 2014-03-01 03:32 - 01820160 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-03-13 21:25 - 2014-03-01 03:25 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-03-13 21:25 - 2014-03-01 03:25 - 00703488 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-03-13 21:24 - 2014-02-04 03:32 - 01424384 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll
2014-03-13 21:24 - 2014-02-04 03:32 - 00624128 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll
2014-03-13 21:24 - 2014-02-04 03:04 - 01230336 _____ (Microsoft Corporation) C:\windows\SysWOW64\WindowsCodecs.dll
2014-03-13 21:24 - 2014-02-04 03:04 - 00509440 _____ (Microsoft Corporation) C:\windows\SysWOW64\qedit.dll
2014-03-04 09:46 - 2014-03-04 09:46 - 00001109 _____ () C:\Users\andreas\Desktop\desktoptools.lnk
2014-02-28 16:55 - 2014-02-28 16:55 - 00002699 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-02-28 16:55 - 2014-02-28 16:55 - 00000000 ____D () C:\Users\andreas\AppData\Local\Skype
2014-02-28 16:46 - 2014-02-28 16:46 - 00001074 _____ () C:\Users\andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\join.me.lnk
2014-02-28 16:46 - 2014-02-28 16:46 - 00000000 ____D () C:\Users\andreas\AppData\Local\join.me
2014-02-28 15:14 - 2014-02-28 15:14 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

==================== One Month Modified Files and Folders =======

2014-03-28 13:10 - 2014-03-28 13:10 - 00024591 _____ () C:\Users\andreas\Desktop\FRST.txt
2014-03-28 13:10 - 2014-03-28 13:10 - 00000000 ____D () C:\FRST
2014-03-28 13:09 - 2014-03-28 13:09 - 02157056 _____ (Farbar) C:\Users\andreas\Desktop\FRST64.exe
2014-03-28 13:09 - 2014-03-28 13:08 - 02157056 _____ (Farbar) C:\Users\andreas\Downloads\FRST64.exe
2014-03-28 13:07 - 2014-03-28 13:07 - 01145856 _____ (Farbar) C:\Users\andreas\Downloads\FRST.exe
2014-03-28 13:06 - 2014-03-28 13:06 - 00000476 _____ () C:\Users\andreas\Desktop\defogger_disable.log
2014-03-28 13:06 - 2014-03-28 13:06 - 00000000 _____ () C:\Users\andreas\defogger_reenable
2014-03-28 13:06 - 2011-03-06 19:21 - 00000000 ____D () C:\Users\andreas
2014-03-28 13:05 - 2014-03-28 13:05 - 00050477 _____ () C:\Users\andreas\Downloads\Defogger.exe
2014-03-28 13:05 - 2014-03-28 13:05 - 00050477 _____ () C:\Users\andreas\Desktop\Defogger.exe
2014-03-28 13:03 - 2014-01-22 09:00 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-03-28 12:56 - 2011-03-06 19:52 - 00000000 ____D () C:\Users\andreas\AppData\Roaming\Skype
2014-03-28 12:40 - 2011-03-09 14:40 - 00001112 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-28 12:25 - 2013-08-06 13:09 - 00000000 ____D () C:\Users\andreas\Desktop\Classic Car Auction
2014-03-28 10:56 - 2010-08-04 03:27 - 01459412 _____ () C:\windows\WindowsUpdate.log
2014-03-28 10:00 - 2014-03-28 10:00 - 00167424 _____ () C:\Users\andreas\Downloads\OBRASCI ZAVRSNI 2013 - SEMNONES (2).xls
2014-03-28 09:59 - 2014-03-28 09:59 - 00167424 _____ () C:\Users\andreas\Downloads\OBRASCI ZAVRSNI 2013 - SEMNONES (1).xls
2014-03-28 09:57 - 2014-03-28 09:57 - 00167424 _____ () C:\Users\andreas\Downloads\OBRASCI ZAVRSNI 2013 - SEMNONES.xls
2014-03-28 09:28 - 2009-07-14 05:45 - 00014144 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-28 09:28 - 2009-07-14 05:45 - 00014144 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-28 09:22 - 2014-01-15 20:25 - 00000000 ____D () C:\Users\andreas\AppData\Roaming\Dropbox
2014-03-28 09:21 - 2014-01-15 20:44 - 00000000 ___RD () C:\Users\andreas\Desktop\Dropbox
2014-03-28 09:20 - 2011-03-06 19:21 - 00000000 ____D () C:\Users\andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite
2014-03-28 09:19 - 2011-03-09 14:40 - 00001108 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-28 09:18 - 2013-12-14 13:12 - 00019092 _____ () C:\windows\setupact.log
2014-03-28 09:18 - 2009-07-14 06:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-03-27 22:58 - 2014-03-21 16:09 - 00003942 _____ () C:\windows\System32\Tasks\User_Feed_Synchronization-{92299EF7-1E5C-417C-864B-B520F20C2A67}
2014-03-25 20:11 - 2009-07-14 06:13 - 00801824 _____ () C:\windows\system32\PerfStringBackup.INI
2014-03-25 10:52 - 2014-03-20 23:19 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite
2014-03-24 16:06 - 2014-02-22 14:14 - 00000000 ____D () C:\Users\andreas\Desktop\semnones jdoo
2014-03-22 15:21 - 2014-03-20 23:33 - 00000000 ____D () C:\Users\Guest\Desktop\forms
2014-03-22 14:33 - 2014-03-22 14:26 - 00064000 ____H () C:\Users\Guest\Desktop\~WRL3555.tmp
2014-03-22 13:34 - 2014-03-22 13:25 - 00009169 _____ () C:\Users\andreas\Documents\Bieter.xlsx
2014-03-22 09:03 - 2014-03-22 09:03 - 00000000 ____D () C:\Users\Guest\AppData\Local\Adobe
2014-03-22 09:03 - 2014-03-20 23:19 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Adobe
2014-03-22 09:02 - 2014-03-22 09:02 - 00000000 ____D () C:\Users\Guest\AppData\Local\Google
2014-03-22 08:35 - 2014-03-22 08:35 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Avira
2014-03-22 08:29 - 2014-03-22 08:29 - 00000000 ____H () C:\windows\system32\Drivers\Msft_User_wpdcomp_01_09_00.Wdf
2014-03-22 06:45 - 2014-03-22 06:45 - 00000000 ____D () C:\Users\Guest\Desktop\Bieterregistrierungen
2014-03-21 17:48 - 2009-07-14 04:20 - 00000000 ____D () C:\windows\system32\NDF
2014-03-20 23:33 - 2014-03-20 23:33 - 00000000 ____D () C:\Users\Guest\Desktop\logo avus
2014-03-20 23:20 - 2014-03-20 23:20 - 00000000 ____D () C:\Users\Guest\AppData\Local\adaware
2014-03-20 23:20 - 2014-03-20 23:19 - 00000000 ___RD () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-20 23:20 - 2014-03-20 23:19 - 00000000 ___RD () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-03-20 23:20 - 2014-03-20 23:19 - 00000000 ____D () C:\Users\Guest\AppData\Local\VirtualStore
2014-03-20 23:19 - 2014-03-20 23:19 - 00001413 _____ () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-03-20 23:19 - 2014-03-20 23:19 - 00000020 ___SH () C:\Users\Guest\ntuser.ini
2014-03-20 23:19 - 2014-03-20 23:19 - 00000000 ____D () C:\Users\Guest\AppData\Local\offsync
2014-03-20 23:19 - 2014-03-20 23:19 - 00000000 ____D () C:\Users\Guest
2014-03-20 21:52 - 2011-07-21 11:47 - 00000000 ____D () C:\Users\andreas\Desktop\james
2014-03-18 18:17 - 2011-04-06 10:41 - 00000000 ____D () C:\Users\andreas\Desktop\Roccadoro
2014-03-17 23:43 - 2013-08-15 07:57 - 00000000 ____D () C:\windows\system32\MRT
2014-03-17 23:41 - 2011-03-19 10:57 - 90015360 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-03-17 09:16 - 2011-03-08 21:20 - 00000000 ____D () C:\Users\andreas\Desktop\THE VIEW Villas doo
2014-03-16 20:04 - 2011-06-04 10:26 - 00000000 ____D () C:\Users\andreas\Desktop\Inntal Montenegro
2014-03-16 19:12 - 2011-03-06 19:43 - 00000000 ___RD () C:\Users\andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-16 15:17 - 2011-03-20 18:43 - 00000000 ____D () C:\Users\andreas\Desktop\montague stein
2014-03-15 19:29 - 2011-04-05 14:32 - 00002175 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-03-14 12:57 - 2014-02-14 09:37 - 00000000 ____D () C:\Users\andreas\Desktop\Photos portals
2014-03-14 09:32 - 2010-08-04 03:29 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-03-14 07:36 - 2009-07-14 05:45 - 00426592 _____ () C:\windows\system32\FNTCACHE.DAT
2014-03-14 07:34 - 2013-03-13 23:27 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-14 07:34 - 2013-03-13 23:27 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-03-14 02:16 - 2011-03-08 18:36 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-03-14 00:06 - 2013-05-26 17:55 - 00000000 ____D () C:\Users\andreas\AppData\Local\Workspace
2014-03-04 09:46 - 2014-03-04 09:46 - 00001109 _____ () C:\Users\andreas\Desktop\desktoptools.lnk
2014-03-01 07:05 - 2014-03-13 21:25 - 23133696 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-03-01 06:17 - 2014-03-13 21:26 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-03-01 06:16 - 2014-03-13 21:26 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-03-01 05:58 - 2014-03-13 21:26 - 02765824 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-03-01 05:52 - 2014-03-13 21:26 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-03-01 05:51 - 2014-03-13 21:26 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-03-01 05:42 - 2014-03-13 21:25 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-03-01 05:40 - 2014-03-13 21:26 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-03-01 05:37 - 2014-03-13 21:25 - 00574976 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-03-01 05:33 - 2014-03-13 21:25 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-03-01 05:33 - 2014-03-13 21:25 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-03-01 05:32 - 2014-03-13 21:25 - 00708608 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-03-01 05:30 - 2014-03-13 21:26 - 17074688 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-03-01 05:23 - 2014-03-13 21:25 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-03-01 05:17 - 2014-03-13 21:26 - 00218624 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-03-01 05:11 - 2014-03-13 21:26 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-03-01 05:02 - 2014-03-13 21:25 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-03-01 04:54 - 2014-03-13 21:25 - 05768704 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-03-01 04:52 - 2014-03-13 21:26 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-03-01 04:51 - 2014-03-13 21:26 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-03-01 04:47 - 2014-03-13 21:26 - 02168320 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-03-01 04:43 - 2014-03-13 21:26 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-03-01 04:43 - 2014-03-13 21:26 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-03-01 04:42 - 2014-03-13 21:26 - 00627200 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-03-01 04:40 - 2014-03-13 21:26 - 00440832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-03-01 04:38 - 2014-03-13 21:26 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-03-01 04:37 - 2014-03-13 21:26 - 00553472 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-03-01 04:35 - 2014-03-13 21:26 - 02041856 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-03-01 04:18 - 2014-03-13 21:25 - 13051904 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-03-01 04:16 - 2014-03-13 21:25 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-03-01 04:14 - 2014-03-13 21:26 - 04244480 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-03-01 04:10 - 2014-03-13 21:25 - 02334208 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-03-01 04:03 - 2014-03-13 21:26 - 00524288 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-03-01 04:00 - 2014-03-13 21:26 - 01964032 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-03-01 03:57 - 2014-03-13 21:26 - 11266048 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-03-01 03:38 - 2014-03-13 21:26 - 01393664 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-03-01 03:32 - 2014-03-13 21:25 - 01820160 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-03-01 03:27 - 2014-03-13 21:26 - 01156096 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-03-01 03:25 - 2014-03-13 21:25 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-03-01 03:25 - 2014-03-13 21:25 - 00703488 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-02-28 16:55 - 2014-02-28 16:55 - 00002699 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-02-28 16:55 - 2014-02-28 16:55 - 00000000 ____D () C:\Users\andreas\AppData\Local\Skype
2014-02-28 16:55 - 2010-08-04 03:29 - 00000000 ____D () C:\ProgramData\Skype
2014-02-28 16:51 - 2014-01-21 20:49 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-02-28 16:46 - 2014-02-28 16:46 - 00001074 _____ () C:\Users\andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\join.me.lnk
2014-02-28 16:46 - 2014-02-28 16:46 - 00000000 ____D () C:\Users\andreas\AppData\Local\join.me
2014-02-28 15:14 - 2014-02-28 15:14 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-27 09:04 - 2013-12-15 09:46 - 00570924 _____ () C:\windows\PFRO.log
2014-02-26 23:42 - 2011-04-21 12:42 - 00786134 _____ () C:\windows\SysWOW64\PerfStringBackup.INI

Some content of TEMP:
====================
C:\Users\andreas\AppData\Local\Temp\avgnt.exe
C:\Users\andreas\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmphck9ey.dll
C:\Users\Guest\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-03-20 09:45

==================== End Of Log ============================
         
--- --- ---


Addition

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by andreas (administrator) on ANDREAS-PC on 28-03-2014 13:10:11
Running from C:\Users\andreas\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\windows\system32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Microsoft Corporation) C:\windows\SysWOW64\svchost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Starfield Technologies) C:\Program Files (x86)\Workspace\offSyncService.exe
() C:\windows\SysWOW64\Rezip.exe
(SafeNet, Inc.) C:\Program Files\SafeNet\Authentication\SAC\x64\SACSrv.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(SEC) C:\Program Files (x86)\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe
(SAMSUNG Electronics) C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(Akamai Technologies, Inc.) C:\Users\andreas\AppData\Local\Akamai\netsession_win.exe
(Starfield Technologies) C:\Users\andreas\AppData\Local\Workspace\workspaceupdate.exe
(Starfield Technologies) C:\Users\andreas\AppData\Local\Workspace\workspacestatus.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Dropbox, Inc.) C:\Users\andreas\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Akamai Technologies, Inc.) C:\Users\andreas\AppData\Local\Akamai\netsession_win.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Users\andreas\Desktop\Defogger.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2074408 2010-02-26] (Synaptics Incorporated)
HKLM\...\Run: [NvCplDaemon] - C:\windows\system32\NvCpl.dll [16413288 2010-02-09] (NVIDIA Corporation)
HKLM\...\Run: [Windows Mobile Device Center] - C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM-x32\...\Run: [RemoteControl8] - C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe [91432 2009-04-15] (CyberLink Corp.)
HKLM-x32\...\Run: [PDVD8LanguageShortcut] - C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe [50472 2009-04-15] (CyberLink Corp.)
HKLM-x32\...\Run: [GrooveMonitor] - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [Ad-Aware Browsing Protection] - C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe [198032 2011-10-21] (Lavasoft)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-20] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] - [X]
HKU\S-1-5-21-522234228-4192544273-3428825822-1001\...\Run: [Akamai NetSession Interface] - C:\Users\andreas\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.)
HKU\S-1-5-21-522234228-4192544273-3428825822-1001\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-08-06] (Google Inc.)
HKU\S-1-5-21-522234228-4192544273-3428825822-1001\...\Run: [Starfield Updater] - C:\Users\andreas\AppData\Local\Workspace\WorkspaceUpdate.exe [35008 2013-05-26] (Starfield Technologies)
HKU\S-1-5-21-522234228-4192544273-3428825822-1001\...\Run: [Workspace Status] - C:\Users\andreas\AppData\Local\Workspace\workspacestatus.exe [694760 2013-07-26] (Starfield Technologies)
HKU\S-1-5-21-522234228-4192544273-3428825822-1001\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20922016 2014-02-10] (Skype Technologies S.A.)
HKU\S-1-5-21-522234228-4192544273-3428825822-1001\...\MountPoints2: F - F:\AutoRun.exe
HKU\S-1-5-21-522234228-4192544273-3428825822-1001\...\MountPoints2: {32f51433-89e1-11e0-97a7-002454e954ae} - F:\AutoRun.exe
HKU\S-1-5-21-522234228-4192544273-3428825822-1001\...\MountPoints2: {32f51450-89e1-11e0-97a7-002454e954ae} - F:\AutoRun.exe
HKU\S-1-5-21-522234228-4192544273-3428825822-1001\...\MountPoints2: {41887a51-d21b-11e0-bf74-18f46a98bd77} - F:\AutoRun.exe
HKU\S-1-5-21-522234228-4192544273-3428825822-1001\...\MountPoints2: {6b2f40ea-8e7a-11e0-8377-001e101f57d0} - F:\AutoRun.exe
HKU\S-1-5-21-522234228-4192544273-3428825822-1001\...\MountPoints2: {6c622be6-6ed1-11e3-88f1-b093d91fc81a} - F:\Autorun.exe
HKU\S-1-5-21-522234228-4192544273-3428825822-1001\...\MountPoints2: {724dbaef-39fa-11e2-89df-c98f64111666} - F:\Autorun.exe
HKU\S-1-5-21-522234228-4192544273-3428825822-1001\...\MountPoints2: {7aa5abac-6b8b-11e2-b97e-1ef46a98bd77} - F:\Autorun.exe
HKU\S-1-5-21-522234228-4192544273-3428825822-1001\...\MountPoints2: {e67be80c-e7ab-11e2-bc21-18f46a98bd77} - G:\AutoRun.exe
Startup: C:\Users\andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\andreas\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.yahoo.com/?fr=fp-yie9
SearchScopes: HKCU - DefaultScope {F3EC1F04-D859-491B-921C-C994A33669CD} URL = hxxp://search.zonealarm.com/search?src=sp&tbid=goughGA&Lan=de&q={searchTerms}&gu=386d05aab96640798e6ea6ac9f50f5fc&tu=10GXz00Au1C01g0&sku=&tstsId=&ver=&&r=334
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://search.babylon.com/?q={searchTerms}&AF=108760&babsrc=SP_ss&mntrId=c641592b0000000000001ef46a98bd77
SearchScopes: HKCU - {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=WBG&o=15132&src=crm&q={searchTerms}&locale=en_US
SearchScopes: HKCU - {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = hxxp://www.google.com/search?ie=utf-8&oe=utf-8&mssrc=ms_chr&mstb=adawaretb&q={searchTerms}
SearchScopes: HKCU - {92C33D4D-06C3-49C7-9BDC-3A342E3899AD} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=chr-yie9
SearchScopes: HKCU - {AD20EAA2-12B9-46B5-BBB3-32A3A31661D2} URL = hxxp://www.flickr.com/search/?q={searchTerms}
SearchScopes: HKCU - {F3EC1F04-D859-491B-921C-C994A33669CD} URL = hxxp://search.zonealarm.com/search?src=sp&tbid=goughGA&Lan=de&q={searchTerms}&gu=386d05aab96640798e6ea6ac9f50f5fc&tu=10GXz00Au1C01g0&sku=&tstsId=&ver=&&r=334
BHO: Windows Live Family Safety Browser Helper Class - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO-x32: BFlix Class - {0C9F4179-6CE2-4c6a-A3E5-67FF3592A12E} - C:\Program Files (x86)\BFlix\BFlix.dll (BFlix)
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{011E7012-FCC3-417B-B375-8A252ADD8B30}: [NameServer]193.189.244.206 193.189.244.225
Tcpip\..\Interfaces\{708DB8B2-E39B-4BEE-842B-07EC99E3E497}: [NameServer]193.189.244.206 193.189.244.225
Tcpip\..\Interfaces\{8B8CA7B7-057C-43EE-9A22-091EB0577D86}: [NameServer]193.189.244.206 193.189.244.225

FireFox:
========
FF ProfilePath: C:\Users\andreas\AppData\Roaming\Mozilla\Firefox\Profiles\f3er6lil.default
FF user.js: detected! => C:\Users\andreas\AppData\Roaming\Mozilla\Firefox\Profiles\f3er6lil.default\user.js
FF Homepage: hxxp://yahoo.de/
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF Plugin-x32: @checkpoint.com/FFApi - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll No File
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @starfield.com/off - C:\Users\andreas\AppData\Roaming\Mozilla\Plugins\npoff.dll ( Starfield Technologies, LLC.)
FF Plugin HKCU: @starfield.com/off64 - C:\Users\andreas\AppData\Roaming\Mozilla\Plugins\npoff64.dll ( Starfield Technologies, LLC.)
FF Plugin HKCU: @starfield.com/wbe - C:\Users\andreas\AppData\Roaming\Mozilla\Plugins\npwbe.dll (Starfield Technology, LLC)
FF Plugin HKCU: @starfield.com/wbe64 - C:\Users\andreas\AppData\Roaming\Mozilla\Plugins\npwbe64.dll (Starfield Technology, LLC)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\andreas\AppData\Roaming\mozilla\plugins\npoff.dll ( Starfield Technologies, LLC.)
FF Plugin ProgramFiles/Appdata: C:\Users\andreas\AppData\Roaming\mozilla\plugins\npoff64.dll ( Starfield Technologies, LLC.)
FF Plugin ProgramFiles/Appdata: C:\Users\andreas\AppData\Roaming\mozilla\plugins\npwbe.dll (Starfield Technology, LLC)
FF Plugin ProgramFiles/Appdata: C:\Users\andreas\AppData\Roaming\mozilla\plugins\npwbe64.dll (Starfield Technology, LLC)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: WBE Paste - C:\Users\andreas\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\wbepaste@starfield [2013-05-26]
FF Extension: Workspace Email Zoom - C:\Users\andreas\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\zoomext@starfield [2013-05-26]
FF Extension: Bflix extension - C:\Users\andreas\AppData\Roaming\Mozilla\Firefox\Profiles\f3er6lil.default\Extensions\info@thebflix.com [2012-01-28]
FF Extension: loadtbs - C:\Users\andreas\AppData\Roaming\Mozilla\Firefox\Profiles\f3er6lil.default\Extensions\software@loadtubes.com [2013-12-14]
FF Extension: Yahoo! Toolbar - C:\Users\andreas\AppData\Roaming\Mozilla\Firefox\Profiles\f3er6lil.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2013-12-15]
FF Extension: Bluhell Firewall - C:\Users\andreas\AppData\Roaming\Mozilla\Firefox\Profiles\f3er6lil.default\Extensions\{6BB5760D-F97E-421B-AF5B-8457A90C3CED}.xpi [2013-12-15]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\KavAntiBanner@Kaspersky.ru [2014-02-28]
FF Extension: Anti-Banner - C:\Program Files (x86)\Mozilla Firefox\extensions\KavAntiBanner@kaspersky.ru_bak [2014-02-28]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru [2014-02-28]
FF Extension: Modul zur Link-Untersuchung - C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak [2014-02-28]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-03-03]
FF HKLM-x32\...\Firefox\Extensions: [{000a9d1c-beef-4f90-9363-039d445309b8}] - C:\Program Files (x86)\Google\Google Gears\Firefox\
FF Extension: Google Gears - C:\Program Files (x86)\Google\Google Gears\Firefox\ []
FF HKLM-x32\...\Firefox\Extensions: [virtualKeyboard@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\virtualKeyboard@kaspersky.ru
FF HKLM-x32\...\Firefox\Extensions: [KavAntiBanner@Kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\KavAntiBanner@kaspersky.ru
FF HKLM-x32\...\Firefox\Extensions: [linkfilter@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\linkfilter@kaspersky.ru
FF HKLM-x32\...\Firefox\Extensions: [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}] - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker

Chrome: 
=======
CHR DefaultSearchURL: hxxp://www.google.de/search?hl=de&source=hp&q={searchTerms}
CHR DefaultNewTabURL: 
CHR Extension: (Google Docs) - C:\Users\andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-12-13]
CHR Extension: (Google Drive) - C:\Users\andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-12-13]
CHR Extension: (YouTube) - C:\Users\andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-12-13]
CHR Extension: (Google Search) - C:\Users\andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-12-13]
CHR Extension: (Bflix extension) - C:\Users\andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlfihafpijfdgmojeeigcldgchhojpfp [2014-03-04]
CHR Extension: (Skype Click to Call) - C:\Users\andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-03-04]
CHR Extension: (Google Wallet) - C:\Users\andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR Extension: (Gmail) - C:\Users\andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-12-13]
CHR HKLM-x32\...\Chrome\Extension: [jlfihafpijfdgmojeeigcldgchhojpfp] - C:\Program Files (x86)\BFlix\BFlix.crx [2011-12-19]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-03-03]

==================== Services (Whitelisted) =================

R2 Akamai; c:\program files (x86)\common files\akamai/netsession_win_8fa3539.dll [4569856 2013-07-01] (Akamai Technologies, Inc.)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1017424 2014-02-20] (Avira Operations GmbH & Co. KG)
S3 Autodesk Licensing Service; C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe [77944 2011-03-08] (Autodesk)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1363584 2014-03-03] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1748608 2014-03-03] (Microsoft Corporation)
R2 File Backup; C:\Program Files (x86)\Workspace\offSyncService.exe [1187040 2013-07-22] (Starfield Technologies)
R2 Rezip; C:\windows\SysWOW64\Rezip.exe [311296 2009-03-05] ()
R2 SACSrv; C:\Program Files\SafeNet\Authentication\SAC\x64\SACSrv.exe [10712 2011-10-02] (SafeNet, Inc.)
S4 mcmscsvc; C:\PROGRA~2\McAfee\MSC\mcmscsvc.exe [X]
S4 McNASvc; "c:\PROGRA~2\COMMON~1\mcafee\mna\mcnasvc.exe" [X]
S4 McProxy; c:\PROGRA~2\COMMON~1\mcafee\mcproxy\mcproxy.exe [X]
S4 MpfService; "C:\Program Files (x86)\McAfee\MPF\MPFSrv.exe" [X]
S2 MSK80Service; "C:\Program Files (x86)\McAfee\MSK\MskSrver.exe" [X]

==================== Drivers (Whitelisted) ====================

R3 AKSIFDH; C:\Windows\System32\DRIVERS\aksifdh.sys [62632 2008-07-30] (Aladdin Knowledge Systems, Ltd.)
S3 AKSUP; C:\Windows\System32\drivers\aksup.sys [44712 2008-07-30] (Aladdin Knowledge Systems, Ltd.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-09] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-09] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-12-09] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [84720 2013-12-09] (Avira Operations GmbH & Co. KG)
S3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [243200 2009-10-21] (Huawei Technologies Co., Ltd.)
S3 hwusbdev; C:\Windows\System32\DRIVERS\ewusbdev.sys [114304 2009-10-12] (Huawei Technologies Co., Ltd.)
R3 iKeyEnum; C:\Windows\System32\DRIVERS\ikeyenum.sys [16160 2010-07-08] (SafeNet, Inc.)
R3 iKeyIFD; C:\Windows\System32\DRIVERS\ikeyifd.sys [22304 2010-07-08] (SafeNet, Inc.)
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [89944 2013-02-21] (Kaspersky Lab)
S4 MPFP; C:\Windows\System32\Drivers\Mpfp.sys [176144 2010-07-15] (McAfee, Inc.)
U5 RnbToken; C:\Windows\System32\Drivers\RnbToken.sys [24352 2010-07-08] (SafeNet, Inc.)
S3 rtport; C:\windows\SysWOW64\drivers\rtport.sys [15144 2010-11-05] (Windows (R) 2003 DDK 3790 provider)
S4 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
S3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [395264 2009-09-28] ()

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-28 13:10 - 2014-03-28 13:10 - 00024591 _____ () C:\Users\andreas\Desktop\FRST.txt
2014-03-28 13:10 - 2014-03-28 13:10 - 00000000 ____D () C:\FRST
2014-03-28 13:09 - 2014-03-28 13:09 - 02157056 _____ (Farbar) C:\Users\andreas\Desktop\FRST64.exe
2014-03-28 13:08 - 2014-03-28 13:09 - 02157056 _____ (Farbar) C:\Users\andreas\Downloads\FRST64.exe
2014-03-28 13:07 - 2014-03-28 13:07 - 01145856 _____ (Farbar) C:\Users\andreas\Downloads\FRST.exe
2014-03-28 13:06 - 2014-03-28 13:06 - 00000476 _____ () C:\Users\andreas\Desktop\defogger_disable.log
2014-03-28 13:06 - 2014-03-28 13:06 - 00000000 _____ () C:\Users\andreas\defogger_reenable
2014-03-28 13:05 - 2014-03-28 13:05 - 00050477 _____ () C:\Users\andreas\Downloads\Defogger.exe
2014-03-28 13:05 - 2014-03-28 13:05 - 00050477 _____ () C:\Users\andreas\Desktop\Defogger.exe
2014-03-28 10:00 - 2014-03-28 10:00 - 00167424 _____ () C:\Users\andreas\Downloads\OBRASCI ZAVRSNI 2013 - SEMNONES (2).xls
2014-03-28 09:59 - 2014-03-28 09:59 - 00167424 _____ () C:\Users\andreas\Downloads\OBRASCI ZAVRSNI 2013 - SEMNONES (1).xls
2014-03-28 09:57 - 2014-03-28 09:57 - 00167424 _____ () C:\Users\andreas\Downloads\OBRASCI ZAVRSNI 2013 - SEMNONES.xls
2014-03-22 14:26 - 2014-03-22 14:33 - 00064000 ____H () C:\Users\Guest\Desktop\~WRL3555.tmp
2014-03-22 13:25 - 2014-03-22 13:34 - 00009169 _____ () C:\Users\andreas\Documents\Bieter.xlsx
2014-03-22 09:03 - 2014-03-22 09:03 - 00000000 ____D () C:\Users\Guest\AppData\Local\Adobe
2014-03-22 09:02 - 2014-03-22 09:02 - 00000000 ____D () C:\Users\Guest\AppData\Local\Google
2014-03-22 08:35 - 2014-03-22 08:35 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Avira
2014-03-22 08:29 - 2014-03-22 08:29 - 00000000 ____H () C:\windows\system32\Drivers\Msft_User_wpdcomp_01_09_00.Wdf
2014-03-22 06:45 - 2014-03-22 06:45 - 00000000 ____D () C:\Users\Guest\Desktop\Bieterregistrierungen
2014-03-21 16:09 - 2014-03-27 22:58 - 00003942 _____ () C:\windows\System32\Tasks\User_Feed_Synchronization-{92299EF7-1E5C-417C-864B-B520F20C2A67}
2014-03-20 23:33 - 2014-03-22 15:21 - 00000000 ____D () C:\Users\Guest\Desktop\forms
2014-03-20 23:33 - 2014-03-20 23:33 - 00000000 ____D () C:\Users\Guest\Desktop\logo avus
2014-03-20 23:20 - 2014-03-20 23:20 - 00000000 ____D () C:\Users\Guest\AppData\Local\adaware
2014-03-20 23:19 - 2014-03-25 10:52 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite
2014-03-20 23:19 - 2014-03-22 09:03 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Adobe
2014-03-20 23:19 - 2014-03-20 23:20 - 00000000 ___RD () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-20 23:19 - 2014-03-20 23:20 - 00000000 ___RD () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-03-20 23:19 - 2014-03-20 23:20 - 00000000 ____D () C:\Users\Guest\AppData\Local\VirtualStore
2014-03-20 23:19 - 2014-03-20 23:19 - 00001413 _____ () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-03-20 23:19 - 2014-03-20 23:19 - 00000020 ___SH () C:\Users\Guest\ntuser.ini
2014-03-20 23:19 - 2014-03-20 23:19 - 00000000 ____D () C:\Users\Guest\AppData\Local\offsync
2014-03-20 23:19 - 2014-03-20 23:19 - 00000000 ____D () C:\Users\Guest
2014-03-20 23:19 - 2011-03-10 16:30 - 00000000 ____D () C:\Users\Guest\AppData\Local\Microsoft Help
2014-03-20 23:19 - 2011-03-06 19:34 - 00001135 _____ () C:\Users\Guest\Desktop\CyberLink YouCam.lnk
2014-03-20 23:19 - 2011-03-06 19:34 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink YouCam
2014-03-20 23:19 - 2010-08-04 03:37 - 00001190 _____ () C:\Users\Guest\Desktop\CyberLink DVD Suite.lnk
2014-03-20 23:19 - 2009-07-14 05:54 - 00000000 ___RD () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-03-20 23:19 - 2009-07-14 05:49 - 00000000 ___RD () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-03-13 21:26 - 2014-03-01 06:17 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-03-13 21:26 - 2014-03-01 06:16 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-03-13 21:26 - 2014-03-01 05:58 - 02765824 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-03-13 21:26 - 2014-03-01 05:52 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-03-13 21:26 - 2014-03-01 05:51 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-03-13 21:26 - 2014-03-01 05:40 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-03-13 21:26 - 2014-03-01 05:30 - 17074688 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-03-13 21:26 - 2014-03-01 05:17 - 00218624 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-03-13 21:26 - 2014-03-01 05:11 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-03-13 21:26 - 2014-03-01 04:52 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-03-13 21:26 - 2014-03-01 04:51 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-03-13 21:26 - 2014-03-01 04:47 - 02168320 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-03-13 21:26 - 2014-03-01 04:43 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-03-13 21:26 - 2014-03-01 04:43 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-03-13 21:26 - 2014-03-01 04:42 - 00627200 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-03-13 21:26 - 2014-03-01 04:40 - 00440832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-03-13 21:26 - 2014-03-01 04:38 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-03-13 21:26 - 2014-03-01 04:37 - 00553472 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-03-13 21:26 - 2014-03-01 04:35 - 02041856 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-03-13 21:26 - 2014-03-01 04:14 - 04244480 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-03-13 21:26 - 2014-03-01 04:03 - 00524288 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-03-13 21:26 - 2014-03-01 04:00 - 01964032 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-03-13 21:26 - 2014-03-01 03:57 - 11266048 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-03-13 21:26 - 2014-03-01 03:38 - 01393664 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-03-13 21:26 - 2014-03-01 03:27 - 01156096 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-03-13 21:26 - 2014-02-07 02:23 - 03156480 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-03-13 21:26 - 2014-01-29 03:32 - 00484864 _____ (Microsoft Corporation) C:\windows\system32\wer.dll
2014-03-13 21:26 - 2014-01-29 03:06 - 00381440 _____ (Microsoft Corporation) C:\windows\SysWOW64\wer.dll
2014-03-13 21:26 - 2014-01-28 03:32 - 00228864 _____ (Microsoft Corporation) C:\windows\system32\wwansvc.dll
2014-03-13 21:25 - 2014-03-01 07:05 - 23133696 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-03-13 21:25 - 2014-03-01 05:42 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-03-13 21:25 - 2014-03-01 05:37 - 00574976 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-03-13 21:25 - 2014-03-01 05:33 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-03-13 21:25 - 2014-03-01 05:33 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-03-13 21:25 - 2014-03-01 05:32 - 00708608 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-03-13 21:25 - 2014-03-01 05:23 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-03-13 21:25 - 2014-03-01 05:02 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-03-13 21:25 - 2014-03-01 04:54 - 05768704 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-03-13 21:25 - 2014-03-01 04:18 - 13051904 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-03-13 21:25 - 2014-03-01 04:16 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-03-13 21:25 - 2014-03-01 04:10 - 02334208 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-03-13 21:25 - 2014-03-01 03:32 - 01820160 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-03-13 21:25 - 2014-03-01 03:25 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-03-13 21:25 - 2014-03-01 03:25 - 00703488 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-03-13 21:24 - 2014-02-04 03:32 - 01424384 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll
2014-03-13 21:24 - 2014-02-04 03:32 - 00624128 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll
2014-03-13 21:24 - 2014-02-04 03:04 - 01230336 _____ (Microsoft Corporation) C:\windows\SysWOW64\WindowsCodecs.dll
2014-03-13 21:24 - 2014-02-04 03:04 - 00509440 _____ (Microsoft Corporation) C:\windows\SysWOW64\qedit.dll
2014-03-04 09:46 - 2014-03-04 09:46 - 00001109 _____ () C:\Users\andreas\Desktop\desktoptools.lnk
2014-02-28 16:55 - 2014-02-28 16:55 - 00002699 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-02-28 16:55 - 2014-02-28 16:55 - 00000000 ____D () C:\Users\andreas\AppData\Local\Skype
2014-02-28 16:46 - 2014-02-28 16:46 - 00001074 _____ () C:\Users\andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\join.me.lnk
2014-02-28 16:46 - 2014-02-28 16:46 - 00000000 ____D () C:\Users\andreas\AppData\Local\join.me
2014-02-28 15:14 - 2014-02-28 15:14 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

==================== One Month Modified Files and Folders =======

2014-03-28 13:10 - 2014-03-28 13:10 - 00024591 _____ () C:\Users\andreas\Desktop\FRST.txt
2014-03-28 13:10 - 2014-03-28 13:10 - 00000000 ____D () C:\FRST
2014-03-28 13:09 - 2014-03-28 13:09 - 02157056 _____ (Farbar) C:\Users\andreas\Desktop\FRST64.exe
2014-03-28 13:09 - 2014-03-28 13:08 - 02157056 _____ (Farbar) C:\Users\andreas\Downloads\FRST64.exe
2014-03-28 13:07 - 2014-03-28 13:07 - 01145856 _____ (Farbar) C:\Users\andreas\Downloads\FRST.exe
2014-03-28 13:06 - 2014-03-28 13:06 - 00000476 _____ () C:\Users\andreas\Desktop\defogger_disable.log
2014-03-28 13:06 - 2014-03-28 13:06 - 00000000 _____ () C:\Users\andreas\defogger_reenable
2014-03-28 13:06 - 2011-03-06 19:21 - 00000000 ____D () C:\Users\andreas
2014-03-28 13:05 - 2014-03-28 13:05 - 00050477 _____ () C:\Users\andreas\Downloads\Defogger.exe
2014-03-28 13:05 - 2014-03-28 13:05 - 00050477 _____ () C:\Users\andreas\Desktop\Defogger.exe
2014-03-28 13:03 - 2014-01-22 09:00 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-03-28 12:56 - 2011-03-06 19:52 - 00000000 ____D () C:\Users\andreas\AppData\Roaming\Skype
2014-03-28 12:40 - 2011-03-09 14:40 - 00001112 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-28 12:25 - 2013-08-06 13:09 - 00000000 ____D () C:\Users\andreas\Desktop\Classic Car Auction
2014-03-28 10:56 - 2010-08-04 03:27 - 01459412 _____ () C:\windows\WindowsUpdate.log
2014-03-28 10:00 - 2014-03-28 10:00 - 00167424 _____ () C:\Users\andreas\Downloads\OBRASCI ZAVRSNI 2013 - SEMNONES (2).xls
2014-03-28 09:59 - 2014-03-28 09:59 - 00167424 _____ () C:\Users\andreas\Downloads\OBRASCI ZAVRSNI 2013 - SEMNONES (1).xls
2014-03-28 09:57 - 2014-03-28 09:57 - 00167424 _____ () C:\Users\andreas\Downloads\OBRASCI ZAVRSNI 2013 - SEMNONES.xls
2014-03-28 09:28 - 2009-07-14 05:45 - 00014144 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-28 09:28 - 2009-07-14 05:45 - 00014144 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-28 09:22 - 2014-01-15 20:25 - 00000000 ____D () C:\Users\andreas\AppData\Roaming\Dropbox
2014-03-28 09:21 - 2014-01-15 20:44 - 00000000 ___RD () C:\Users\andreas\Desktop\Dropbox
2014-03-28 09:20 - 2011-03-06 19:21 - 00000000 ____D () C:\Users\andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite
2014-03-28 09:19 - 2011-03-09 14:40 - 00001108 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-28 09:18 - 2013-12-14 13:12 - 00019092 _____ () C:\windows\setupact.log
2014-03-28 09:18 - 2009-07-14 06:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-03-27 22:58 - 2014-03-21 16:09 - 00003942 _____ () C:\windows\System32\Tasks\User_Feed_Synchronization-{92299EF7-1E5C-417C-864B-B520F20C2A67}
2014-03-25 20:11 - 2009-07-14 06:13 - 00801824 _____ () C:\windows\system32\PerfStringBackup.INI
2014-03-25 10:52 - 2014-03-20 23:19 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite
2014-03-24 16:06 - 2014-02-22 14:14 - 00000000 ____D () C:\Users\andreas\Desktop\semnones jdoo
2014-03-22 15:21 - 2014-03-20 23:33 - 00000000 ____D () C:\Users\Guest\Desktop\forms
2014-03-22 14:33 - 2014-03-22 14:26 - 00064000 ____H () C:\Users\Guest\Desktop\~WRL3555.tmp
2014-03-22 13:34 - 2014-03-22 13:25 - 00009169 _____ () C:\Users\andreas\Documents\Bieter.xlsx
2014-03-22 09:03 - 2014-03-22 09:03 - 00000000 ____D () C:\Users\Guest\AppData\Local\Adobe
2014-03-22 09:03 - 2014-03-20 23:19 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Adobe
2014-03-22 09:02 - 2014-03-22 09:02 - 00000000 ____D () C:\Users\Guest\AppData\Local\Google
2014-03-22 08:35 - 2014-03-22 08:35 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Avira
2014-03-22 08:29 - 2014-03-22 08:29 - 00000000 ____H () C:\windows\system32\Drivers\Msft_User_wpdcomp_01_09_00.Wdf
2014-03-22 06:45 - 2014-03-22 06:45 - 00000000 ____D () C:\Users\Guest\Desktop\Bieterregistrierungen
2014-03-21 17:48 - 2009-07-14 04:20 - 00000000 ____D () C:\windows\system32\NDF
2014-03-20 23:33 - 2014-03-20 23:33 - 00000000 ____D () C:\Users\Guest\Desktop\logo avus
2014-03-20 23:20 - 2014-03-20 23:20 - 00000000 ____D () C:\Users\Guest\AppData\Local\adaware
2014-03-20 23:20 - 2014-03-20 23:19 - 00000000 ___RD () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-20 23:20 - 2014-03-20 23:19 - 00000000 ___RD () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-03-20 23:20 - 2014-03-20 23:19 - 00000000 ____D () C:\Users\Guest\AppData\Local\VirtualStore
2014-03-20 23:19 - 2014-03-20 23:19 - 00001413 _____ () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-03-20 23:19 - 2014-03-20 23:19 - 00000020 ___SH () C:\Users\Guest\ntuser.ini
2014-03-20 23:19 - 2014-03-20 23:19 - 00000000 ____D () C:\Users\Guest\AppData\Local\offsync
2014-03-20 23:19 - 2014-03-20 23:19 - 00000000 ____D () C:\Users\Guest
2014-03-20 21:52 - 2011-07-21 11:47 - 00000000 ____D () C:\Users\andreas\Desktop\james
2014-03-18 18:17 - 2011-04-06 10:41 - 00000000 ____D () C:\Users\andreas\Desktop\Roccadoro
2014-03-17 23:43 - 2013-08-15 07:57 - 00000000 ____D () C:\windows\system32\MRT
2014-03-17 23:41 - 2011-03-19 10:57 - 90015360 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-03-17 09:16 - 2011-03-08 21:20 - 00000000 ____D () C:\Users\andreas\Desktop\THE VIEW Villas doo
2014-03-16 20:04 - 2011-06-04 10:26 - 00000000 ____D () C:\Users\andreas\Desktop\Inntal Montenegro
2014-03-16 19:12 - 2011-03-06 19:43 - 00000000 ___RD () C:\Users\andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-16 15:17 - 2011-03-20 18:43 - 00000000 ____D () C:\Users\andreas\Desktop\montague stein
2014-03-15 19:29 - 2011-04-05 14:32 - 00002175 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-03-14 12:57 - 2014-02-14 09:37 - 00000000 ____D () C:\Users\andreas\Desktop\Photos portals
2014-03-14 09:32 - 2010-08-04 03:29 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-03-14 07:36 - 2009-07-14 05:45 - 00426592 _____ () C:\windows\system32\FNTCACHE.DAT
2014-03-14 07:34 - 2013-03-13 23:27 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-14 07:34 - 2013-03-13 23:27 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-03-14 02:16 - 2011-03-08 18:36 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-03-14 00:06 - 2013-05-26 17:55 - 00000000 ____D () C:\Users\andreas\AppData\Local\Workspace
2014-03-04 09:46 - 2014-03-04 09:46 - 00001109 _____ () C:\Users\andreas\Desktop\desktoptools.lnk
2014-03-01 07:05 - 2014-03-13 21:25 - 23133696 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-03-01 06:17 - 2014-03-13 21:26 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-03-01 06:16 - 2014-03-13 21:26 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-03-01 05:58 - 2014-03-13 21:26 - 02765824 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-03-01 05:52 - 2014-03-13 21:26 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-03-01 05:51 - 2014-03-13 21:26 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-03-01 05:42 - 2014-03-13 21:25 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-03-01 05:40 - 2014-03-13 21:26 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-03-01 05:37 - 2014-03-13 21:25 - 00574976 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-03-01 05:33 - 2014-03-13 21:25 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-03-01 05:33 - 2014-03-13 21:25 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-03-01 05:32 - 2014-03-13 21:25 - 00708608 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-03-01 05:30 - 2014-03-13 21:26 - 17074688 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-03-01 05:23 - 2014-03-13 21:25 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-03-01 05:17 - 2014-03-13 21:26 - 00218624 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-03-01 05:11 - 2014-03-13 21:26 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-03-01 05:02 - 2014-03-13 21:25 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-03-01 04:54 - 2014-03-13 21:25 - 05768704 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-03-01 04:52 - 2014-03-13 21:26 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-03-01 04:51 - 2014-03-13 21:26 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-03-01 04:47 - 2014-03-13 21:26 - 02168320 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-03-01 04:43 - 2014-03-13 21:26 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-03-01 04:43 - 2014-03-13 21:26 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-03-01 04:42 - 2014-03-13 21:26 - 00627200 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-03-01 04:40 - 2014-03-13 21:26 - 00440832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-03-01 04:38 - 2014-03-13 21:26 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-03-01 04:37 - 2014-03-13 21:26 - 00553472 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-03-01 04:35 - 2014-03-13 21:26 - 02041856 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-03-01 04:18 - 2014-03-13 21:25 - 13051904 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-03-01 04:16 - 2014-03-13 21:25 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-03-01 04:14 - 2014-03-13 21:26 - 04244480 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-03-01 04:10 - 2014-03-13 21:25 - 02334208 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-03-01 04:03 - 2014-03-13 21:26 - 00524288 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-03-01 04:00 - 2014-03-13 21:26 - 01964032 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-03-01 03:57 - 2014-03-13 21:26 - 11266048 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-03-01 03:38 - 2014-03-13 21:26 - 01393664 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-03-01 03:32 - 2014-03-13 21:25 - 01820160 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-03-01 03:27 - 2014-03-13 21:26 - 01156096 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-03-01 03:25 - 2014-03-13 21:25 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-03-01 03:25 - 2014-03-13 21:25 - 00703488 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-02-28 16:55 - 2014-02-28 16:55 - 00002699 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-02-28 16:55 - 2014-02-28 16:55 - 00000000 ____D () C:\Users\andreas\AppData\Local\Skype
2014-02-28 16:55 - 2010-08-04 03:29 - 00000000 ____D () C:\ProgramData\Skype
2014-02-28 16:51 - 2014-01-21 20:49 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-02-28 16:46 - 2014-02-28 16:46 - 00001074 _____ () C:\Users\andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\join.me.lnk
2014-02-28 16:46 - 2014-02-28 16:46 - 00000000 ____D () C:\Users\andreas\AppData\Local\join.me
2014-02-28 15:14 - 2014-02-28 15:14 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-27 09:04 - 2013-12-15 09:46 - 00570924 _____ () C:\windows\PFRO.log
2014-02-26 23:42 - 2011-04-21 12:42 - 00786134 _____ () C:\windows\SysWOW64\PerfStringBackup.INI

Some content of TEMP:
====================
C:\Users\andreas\AppData\Local\Temp\avgnt.exe
C:\Users\andreas\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmphck9ey.dll
C:\Users\Guest\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-03-20 09:45

==================== End Of Log ============================
         
--- --- ---


GMER
GMER Logfile:
Code:
ATTFilter
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-03-28 13:25:29
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 SAMSUNG_ rev.2AJ1 298,09GB
Running: Gmer-19357.exe; Driver: C:\Users\andreas\AppData\Local\Temp\uwtiqfob.sys


---- Kernel code sections - GMER 2.1 ----

INITKDBG  C:\windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528                                                                                                                                                       fffff800045f8000 45 bytes [00, 00, 49, 00, 4E, 76, 4C, ...]
INITKDBG  C:\windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 575                                                                                                                                                       fffff800045f802f 16 bytes [00, 00, 00, 00, 00, 00, 00, ...]

---- User code sections - GMER 2.1 ----

.text     C:\windows\SysWOW64\svchost.exe[1720] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                                                                            00000000753a1465 2 bytes [3A, 75]
.text     C:\windows\SysWOW64\svchost.exe[1720] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                                                                           00000000753a14bb 2 bytes [3A, 75]
.text     ...                                                                                                                                                                                                                      * 2
.text     C:\Users\andreas\AppData\Local\Akamai\netsession_win.exe[3664] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                                                   00000000753a1465 2 bytes [3A, 75]
.text     C:\Users\andreas\AppData\Local\Akamai\netsession_win.exe[3664] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                                                  00000000753a14bb 2 bytes [3A, 75]
.text     ...                                                                                                                                                                                                                      * 2
.text     C:\Users\andreas\AppData\Local\Workspace\workspaceupdate.exe[3704] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                                               00000000753a1465 2 bytes [3A, 75]
.text     C:\Users\andreas\AppData\Local\Workspace\workspaceupdate.exe[3704] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                                              00000000753a14bb 2 bytes [3A, 75]
.text     ...                                                                                                                                                                                                                      * 2
.text     C:\Program Files (x86)\Skype\Phone\Skype.exe[3768] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                                                               00000000753a1465 2 bytes [3A, 75]
.text     C:\Program Files (x86)\Skype\Phone\Skype.exe[3768] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                                                              00000000753a14bb 2 bytes [3A, 75]
.text     ...                                                                                                                                                                                                                      * 2
.text     C:\Users\andreas\AppData\Roaming\Dropbox\bin\Dropbox.exe[3784] C:\windows\syswow64\Psapi.dll!GetModuleInformation + 69                                                                                                   00000000753a1465 2 bytes [3A, 75]
.text     C:\Users\andreas\AppData\Roaming\Dropbox\bin\Dropbox.exe[3784] C:\windows\syswow64\Psapi.dll!GetModuleInformation + 155                                                                                                  00000000753a14bb 2 bytes [3A, 75]
.text     ...                                                                                                                                                                                                                      * 2
.text     C:\Users\andreas\AppData\Local\Akamai\netsession_win.exe[1576] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                                                   00000000753a1465 2 bytes [3A, 75]
.text     C:\Users\andreas\AppData\Local\Akamai\netsession_win.exe[1576] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                                                  00000000753a14bb 2 bytes [3A, 75]
.text     ...                                                                                                                                                                                                                      * 2
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[588] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                                            00000000753a1465 2 bytes [3A, 75]
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[588] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                                           00000000753a14bb 2 bytes [3A, 75]
.text     ...                                                                                                                                                                                                                      * 2
.text     C:\Users\andreas\Desktop\Defogger.exe[3952] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                                                                      00000000753a1465 2 bytes [3A, 75]
.text     C:\Users\andreas\Desktop\Defogger.exe[3952] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                                                                     00000000753a14bb 2 bytes [3A, 75]
.text     ...                                                                                                                                                                                                                      * 2
---- Processes - GMER 2.1 ----

Library   C:\Users\andreas\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll (*** suspicious ***) @ C:\Users\andreas\AppData\Roaming\Dropbox\bin\Dropbox.exe [3784](2013-12-18 02:25:54)                                                0000000003be0000
Library   c:\users\andreas\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmphck9ey.dll (*** suspicious ***) @ C:\Users\andreas\AppData\Roaming\Dropbox\bin\Dropbox.exe [3784](2014-03-28 08:20:22)  0000000004450000
Library   C:\Users\andreas\AppData\Roaming\Dropbox\bin\libcef.dll (*** suspicious ***) @ C:\Users\andreas\AppData\Roaming\Dropbox\bin\Dropbox.exe [3784](2013-10-18 23:55:02)                                                      000000006a830000
Library   C:\Users\andreas\AppData\Roaming\Dropbox\bin\icudt.dll (*** suspicious ***) @ C:\Users\andreas\AppData\Roaming\Dropbox\bin\Dropbox.exe [3784] (ICU Data DLL/The ICU Project)(2013-10-18 23:55:00)                        0000000069b80000

---- Registry - GMER 2.1 ----

Reg       HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\000272c42243                                                                                                                                              
Reg       HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0009dd501a52                                                                                                                                              
Reg       HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0026b654eb87                                                                                                                                              
Reg       HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0026b654edff                                                                                                                                              
Reg       HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0026b654f56e                                                                                                                                              
Reg       HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0026b654f652                                                                                                                                              
Reg       HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0026b66b6864                                                                                                                                              
Reg       HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0026b66b6982                                                                                                                                              
Reg       HKLM\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Linkage@Export                                                                                                                                                  ????????@machine.inf,%intel_mfg%;Intel????????????????????????????????????????8??????????????????????????F??FF????`??????????????????????????????????????????????????????????????????????????????????????????e???????????????????????????????????????u??disk.inf?G??????????????USB\VID_0529&PID_0620\7&1e2b8449&0&2?7???????????p??r???\??\USB#VID_0A5C&PID_219B#0026B66B6864#{a5dcbf10-6530-11d2-901f-00c04fb951ed}????????????????????????????????e??Microsoft???\??\USB#VID_04E8&PID_6860#0019328a05222f#{a5dcbf10-6530-11d2-901f-00c04fb951ed}?????????????????????wpdbusenum\fs???????????????????? ??????????????????????????????????????????WILL'S USB??????WUDFCoInstaller.dll?????????????????????)???volume.inf:MSFT.NTamd64:volume_install:6.1.7601.17514:storage\volume?A????????????????????????????????,?????????????@disk.inf,%genmanufacturer%;(Standard disk drives)??????????????????????????????USB Flash Disk  ?devicename%;WPD FileSystem Volume Driver????????????a??????????????????????????????????????????? ??????? ?????????????????
Reg       HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\000272c42243 (not active ControlSet)                                                                                                                          
Reg       HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0009dd501a52 (not active ControlSet)                                                                                                                          
Reg       HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0026b654eb87 (not active ControlSet)                                                                                                                          
Reg       HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0026b654edff (not active ControlSet)                                                                                                                          
Reg       HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0026b654f56e (not active ControlSet)                                                                                                                          
Reg       HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0026b654f652 (not active ControlSet)                                                                                                                          
Reg       HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0026b66b6864 (not active ControlSet)                                                                                                                          
Reg       HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0026b66b6982 (not active ControlSet)                                                                                                                          

---- Disk sectors - GMER 2.1 ----

Disk      \Device\Harddisk0\DR0                                                                                                                                                                                                    unknown MBR code

---- EOF - GMER 2.1 ----
         
--- --- ---


Schon mal vielen Dank für jede Hilfestellung.

Gruß
Andi

Geändert von Andi64 (28.03.2014 um 13:20 Uhr)

Alt 28.03.2014, 13:28   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Spam Mails werden von yahoo account verschickt - auch nach Passwortänderung - Standard

Spam Mails werden von yahoo account verschickt - auch nach Passwortänderung



hi,

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________

__________________

Alt 28.03.2014, 18:57   #3
Andi64
 
Spam Mails werden von yahoo account verschickt - auch nach Passwortänderung - Standard

Spam Mails werden von yahoo account verschickt - auch nach Passwortänderung



Hi Schrauber,

hier das combofix log file

Combofix Logfile:
Code:
ATTFilter
ComboFix 14-03-24.01 - andreas 28.03.2014  15:07:41.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1033.18.3957.2046 [GMT 1:00]
ausgeführt von:: c:\users\andreas\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Desktop *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\BFlix\BFLIx.dll
c:\users\andreas\AppData\Roaming\convert\convert.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2014-02-28 bis 2014-03-28  ))))))))))))))))))))))))))))))
.
.
2014-03-28 14:18 . 2014-03-28 14:18	--------	d-----w-	c:\users\Default\AppData\Local\temp
2014-03-28 12:10 . 2014-03-28 12:11	--------	d-----w-	C:\FRST
2014-03-20 22:19 . 2014-03-20 22:19	--------	d-----w-	c:\users\Guest
2014-03-13 20:25 . 2014-03-01 22:02	235224	----a-w-	c:\program files (x86)\Internet Explorer\sqmapi.dll
2014-03-13 20:24 . 2014-02-04 02:32	624128	----a-w-	c:\windows\system32\qedit.dll
2014-03-13 20:24 . 2014-02-04 02:04	509440	----a-w-	c:\windows\SysWow64\qedit.dll
2014-03-13 20:24 . 2014-02-04 02:32	1424384	----a-w-	c:\windows\system32\WindowsCodecs.dll
2014-03-13 20:24 . 2014-02-04 02:04	1230336	----a-w-	c:\windows\SysWow64\WindowsCodecs.dll
2014-02-28 15:55 . 2014-02-28 15:55	--------	d-----w-	c:\users\andreas\AppData\Local\Skype
2014-02-28 15:55 . 2014-02-28 15:55	--------	d-----w-	c:\program files (x86)\Common Files\Skype
2014-02-28 15:46 . 2014-02-28 15:46	--------	d-----w-	c:\users\andreas\AppData\Local\join.me
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-03-17 22:41 . 2011-03-19 09:57	90015360	----a-w-	c:\windows\system32\MRT.exe
2014-01-22 08:00 . 2014-01-22 08:00	692616	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2014-01-22 08:00 . 2011-08-07 18:08	71048	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-01-15 16:46 . 2014-01-15 16:46	96168	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54	131248	----a-w-	c:\users\andreas\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54	131248	----a-w-	c:\users\andreas\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54	131248	----a-w-	c:\users\andreas\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Akamai NetSession Interface"="c:\users\andreas\AppData\Local\Akamai\netsession_win.exe" [2013-06-04 4489472]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-08-06 39408]
"Starfield Updater"="c:\users\andreas\AppData\Local\Workspace\WorkspaceUpdate.exe" [2013-05-26 35008]
"Workspace Status"="c:\users\andreas\AppData\Local\Workspace\workspacestatus.exe" [2013-07-26 694760]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2014-02-10 20922016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl8"="c:\program files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe" [2009-04-15 91432]
"PDVD8LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD8\Language\Language.exe" [2009-04-15 50472]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"Ad-Aware Browsing Protection"="c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe" [2011-10-21 198032]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2014-02-20 689744]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2013-05-30 96056]
.
c:\users\andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\andreas\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-1-3 33508336]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 AKSUP;AKSUP;c:\windows\system32\drivers\aksup.sys;c:\windows\SYSNATIVE\drivers\aksup.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbnet.sys [x]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbdev.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
R3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
R3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
R3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
R3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]
R4 AntiVirWebService;Avira Web Protection;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys;c:\windows\SYSNATIVE\Drivers\SABI.sys [x]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 avnetflt;avnetflt;c:\windows\system32\DRIVERS\avnetflt.sys;c:\windows\SYSNATIVE\DRIVERS\avnetflt.sys [x]
S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]
S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x]
S2 File Backup;File Backup Service;c:\program files (x86)\Workspace\offSyncService.exe;c:\program files (x86)\Workspace\offSyncService.exe [x]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x]
S2 Rezip;Rezip;c:\windows\SysWOW64\Rezip.exe;c:\windows\SysWOW64\Rezip.exe [x]
S2 SACSrv;SACSrv;c:\program files\SafeNet\Authentication\SAC\x64\SACSrv.exe;c:\program files\SafeNet\Authentication\SAC\x64\SACSrv.exe [x]
S3 iKeyEnum;Rainbow iKey Enumerator;c:\windows\system32\DRIVERS\ikeyenum.sys;c:\windows\SYSNATIVE\DRIVERS\ikeyenum.sys [x]
S3 iKeyIFD;Rainbow iKey Virtual Reader;c:\windows\system32\DRIVERS\ikeyifd.sys;c:\windows\SYSNATIVE\DRIVERS\ikeyifd.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai	REG_MULTI_SZ   	Akamai
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-03-15 18:27	1150280	----a-w-	c:\program files (x86)\Google\Chrome\Application\33.0.1750.154\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2014-03-28 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-01-22 08:00]
.
2014-03-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-09 13:39]
.
2014-03-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-09 13:39]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\off0]
@="{8E33AEC3-C5F2-43C4-B048-9E3EB19B1DD5}"
[HKEY_CLASSES_ROOT\CLSID\{8E33AEC3-C5F2-43C4-B048-9E3EB19B1DD5}]
2013-05-26 16:59	1308432	----a-w-	c:\program files (x86)\Workspace\offsyncext64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\off1]
@="{8E33AEC4-C5F2-43C4-B048-9E3EB19B1DD5}"
[HKEY_CLASSES_ROOT\CLSID\{8E33AEC4-C5F2-43C4-B048-9E3EB19B1DD5}]
2013-05-26 16:59	1308432	----a-w-	c:\program files (x86)\Workspace\offsyncext64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-02-09 16413288]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:Tabs
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{011E7012-FCC3-417B-B375-8A252ADD8B30}: NameServer = 193.189.244.206 193.189.244.225
TCP: Interfaces\{708DB8B2-E39B-4BEE-842B-07EC99E3E497}: NameServer = 193.189.244.206 193.189.244.225
TCP: Interfaces\{8B8CA7B7-057C-43EE-9A22-091EB0577D86}: NameServer = 193.189.244.206 193.189.244.225
FF - ProfilePath - c:\users\andreas\AppData\Roaming\Mozilla\Firefox\Profiles\f3er6lil.default\
FF - prefs.js: browser.startup.homepage - hxxp://yahoo.de/
FF - prefs.js: network.proxy.type - 0
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=108760
FF - user.js: extensions.BabylonToolbar_i.babExt - 
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - c641592b0000000000001ef46a98bd77
FF - user.js: extensions.BabylonToolbar_i.hardId - c641592b0000000000001ef46a98bd77
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15365
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1722:20
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
FF - user.js: extensions.zonealarm_i.hmpg - true
FF - user.js: extensions.zonealarm.keyWordUrl - hxxp://search.zonealarm.com/search?Source=Browser&oemCode=ZLN116337476042057-1001&toolbarId=base&affiliateId=1001&Lan=de&utid=c641592b0000000000001ef46a98bd77&q={searchTerms}
FF - user.js: extensions.zonealarm_i.dnsErr - true
FF - user.js: extensions.zonealarm_i.newTab - true
FF - user.js: extensions.zonealarm_i.vrsnTs - 1.6.7.415:41
FF - user.js: extensions.zonealarm_i.smplGrp - none
FF - user.js: extensions.zonealarm.hpOld0 - about:home
FF - user.js: extensions.zonealarm.hmpg - true
FF - user.js: extensions.zonealarm.hmpgUrl - hxxp://search.zonealarm.com/?src=hp&tbid=base2013&Lan=de&gu=386d05aab96640798e6ea6ac9f50f5fc&tu=10GX0007f1B000v&sku=&tstsId=&ver=&
FF - user.js: extensions.zonealarm.newTabUrl - hxxp://search.zonealarm.com/?src=nt&tbid=base2013&Lan=de&gu=386d05aab96640798e6ea6ac9f50f5fc&tu=10GX0007f1B000v&sku=&tstsId=&ver=&
FF - user.js: extensions.zonealarm.tlbrSrchUrl - hxxp://search.zonealarm.com/search?src=tb&tbid=goughGA&Lan={dfltLng}&gu=386d05aab96640798e6ea6ac9f50f5fc&tu=10GXz00Au1C01g0&sku=&tstsId=&ver=&&q=
FF - user.js: extensions.zonealarm.id - c641592b00000000000018f46a98bd77
FF - user.js: extensions.zonealarm.appId - {C56C48A0-DA4E-46F6-9859-1553DC865F84}
FF - user.js: extensions.zonealarm.instlDay - 16016
FF - user.js: extensions.zonealarm.vrsn - 1.8.22.0
FF - user.js: extensions.zonealarm.vrsni - 1.8.22.0
FF - user.js: extensions.zonealarm.vrsnTs - 1.8.22.09:30
FF - user.js: extensions.zonealarm.prtnrId - checkpoint
FF - user.js: extensions.zonealarm.prdct - zonealarm
FF - user.js: extensions.zonealarm.aflt - 1025
FF - user.js: extensions.zonealarm.smplGrp - none
FF - user.js: extensions.zonealarm.tlbrId - goughGA
FF - user.js: extensions.zonealarm.instlRef - ZLN116337476042057-1001
FF - user.js: extensions.zonealarm.dfltLng - de
FF - user.js: extensions.zonealarm.excTlbr - false
FF - user.js: extensions.zonealarm.ffxUnstlRst - false
FF - user.js: extensions.zonealarm.admin - false
FF - user.js: extensions.zonealarm.autoRvrt - false
FF - user.js: extensions.zonealarm.rvrt - false
FF - user.js: extensions.zonealarm.dfltSrch - true
FF - user.js: extensions.zonealarm.srchPrvdr - Search By ZoneAlarm
FF - user.js: extensions.zonealarm.kw_url - hxxp://search.zonealarm.com/search?src=sp&tbid=goughGA&Lan=de&gu=386d05aab96640798e6ea6ac9f50f5fc&tu=10GXz00Au1C01g0&sku=&tstsId=&ver=&&q=
FF - user.js: extensions.zonealarm.dnsErr - true
FF - user.js: extensions.zonealarm.newTab - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{0C9F4179-6CE2-4c6a-A3E5-67FF3592A12E} - c:\program files (x86)\BFlix\BFlix.dll
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Notify-ScCertProp - (no file)
SafeBoot-MCODS
Toolbar-Locked - (no file)
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - c:\users\andreas\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - c:\users\andreas\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - c:\users\andreas\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - c:\users\andreas\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Kroatisch 100 - c:\users\andreas\Desktop\Strokes 3.0\CRO100geruninstall.exe
AddRemove-Kroatisch 101 - c:\users\andreas\Desktop\Strokes 3.0\CRO101geruninstall.exe
AddRemove-MSC - c:\program files (x86)\McAfee\MSC\mcuninst.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_8fa3539.dll"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-522234228-4192544273-3428825822-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.download\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariDownload"
.
[HKEY_USERS\S-1-5-21-522234228-4192544273-3428825822-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (S-1-5-21-522234228-4192544273-3428825822-1001)
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-522234228-4192544273-3428825822-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (S-1-5-21-522234228-4192544273-3428825822-1001)
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-522234228-4192544273-3428825822-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.safariextz\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariExtension"
.
[HKEY_USERS\S-1-5-21-522234228-4192544273-3428825822-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (S-1-5-21-522234228-4192544273-3428825822-1001)
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-522234228-4192544273-3428825822-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.svg\UserChoice]
@Denied: (2) (S-1-5-21-522234228-4192544273-3428825822-1001)
@Denied: (2) (LocalSystem)
"Progid"="IE.AssocFile.SVG"
.
[HKEY_USERS\S-1-5-21-522234228-4192544273-3428825822-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.webarchive\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariHTML"
.
[HKEY_USERS\S-1-5-21-522234228-4192544273-3428825822-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (S-1-5-21-522234228-4192544273-3428825822-1001)
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-522234228-4192544273-3428825822-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (S-1-5-21-522234228-4192544273-3428825822-1001)
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-522234228-4192544273-3428825822-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariHTML"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_38_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_38_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_38_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_38_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_38.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_38.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_38.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_38.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2014-03-28  15:29:58
ComboFix-quarantined-files.txt  2014-03-28 14:29
.
Vor Suchlauf: 13.143.986.176 bytes free
Nach Suchlauf: 12.961.144.832 bytes free
.
- - End Of File - - 107ECD29CF538465D3DD03AAF7542BB7
         
--- --- ---


Danke.

Gruß,
Andi
__________________

Alt 29.03.2014, 09:06   #4
schrauber
/// the machine
/// TB-Ausbilder
 

Spam Mails werden von yahoo account verschickt - auch nach Passwortänderung - Standard

Spam Mails werden von yahoo account verschickt - auch nach Passwortänderung



Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 30.03.2014, 17:41   #5
Andi64
 
Spam Mails werden von yahoo account verschickt - auch nach Passwortänderung - Standard

Spam Mails werden von yahoo account verschickt - auch nach Passwortänderung



Hi,

hier die neuen Log files:

Malwarebytes

Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 30.03.2014
Suchlauf-Zeit: 17:55:40
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.0.1000
Malware Datenbank: v2014.03.30.03
Rootkit Datenbank: v2014.03.27.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Chameleon: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: andreas

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 313719
Verstrichene Zeit: 36 Min, 29 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Shuriken: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 0
(No malicious items detected)

Registrierungswerte: 0
(No malicious items detected)

Registrierungsdaten: 0
(No malicious items detected)

Ordner: 0
(No malicious items detected)

Dateien: 17
PUP.Optional.Babylon.A, C:\Users\andreas\AppData\Roaming\Mozilla\Firefox\Profiles\f3er6lil.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar_i.aflt", "babsst");), Ersetzt,[ad53b14fee12a0600308a29450b4a858]
PUP.Optional.Babylon.A, C:\Users\andreas\AppData\Roaming\Mozilla\Firefox\Profiles\f3er6lil.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar_i.babExt", "");), Ersetzt,[07f949b7f60a52ae36d535018d7724dc]
PUP.Optional.Babylon.A, C:\Users\andreas\AppData\Roaming\Mozilla\Firefox\Profiles\f3er6lil.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar_i.babTrack", "affID=108760");), Ersetzt,[42be11ef6a96847c23e843f3d33157a9]
PUP.Optional.Babylon.A, C:\Users\andreas\AppData\Roaming\Mozilla\Firefox\Profiles\f3er6lil.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar_i.hardId", "c641592b0000000000001ef46a98bd77");), Ersetzt,[649c6d937a86eb156aa187af59ab20e0]
PUP.Optional.Babylon.A, C:\Users\andreas\AppData\Roaming\Mozilla\Firefox\Profiles\f3er6lil.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar_i.id", "c641592b0000000000001ef46a98bd77");), Ersetzt,[af5109f79c648c74907bef479b698080]
PUP.Optional.Babylon.A, C:\Users\andreas\AppData\Roaming\Mozilla\Firefox\Profiles\f3er6lil.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar_i.instlDay", "15365");), Ersetzt,[d62af9071be5e0206f9cb383ca3aeb15]
PUP.Optional.Babylon.A, C:\Users\andreas\AppData\Roaming\Mozilla\Firefox\Profiles\f3er6lil.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar_i.instlRef", "sst");), Ersetzt,[000028d8837d946c6aa136006f95df21]
PUP.Optional.Babylon.A, C:\Users\andreas\AppData\Roaming\Mozilla\Firefox\Profiles\f3er6lil.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar_i.newTab", true);), Ersetzt,[6d93ab55649c669a22e93ef8d430bf41]
PUP.Optional.Babylon.A, C:\Users\andreas\AppData\Roaming\Mozilla\Firefox\Profiles\f3er6lil.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://search.babylon.com/?AF=108760&babsrc=NT_ss&mntrId=c641592b0000000000001ef46a98bd77");), Ersetzt,[9769946cce32e818f8138aac58ac6c94]
PUP.Optional.Babylon.A, C:\Users\andreas\AppData\Roaming\Mozilla\Firefox\Profiles\f3er6lil.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");), Ersetzt,[69979e6249b7ab5563a8181e6b99d729]
PUP.Optional.Babylon.A, C:\Users\andreas\AppData\Roaming\Mozilla\Firefox\Profiles\f3er6lil.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");), Ersetzt,[768ab848639d8b75a7641c1aa75de020]
PUP.Optional.Babylon.A, C:\Users\andreas\AppData\Roaming\Mozilla\Firefox\Profiles\f3er6lil.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar_i.smplGrp", "none");), Ersetzt,[04fc926e4eb214ecf81362d4669e28d8]
PUP.Optional.Babylon.A, C:\Users\andreas\AppData\Roaming\Mozilla\Firefox\Profiles\f3er6lil.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar_i.srcExt", "ss");), Ersetzt,[ec14877988780df3af5c82b4e4208f71]
PUP.Optional.Babylon.A, C:\Users\andreas\AppData\Roaming\Mozilla\Firefox\Profiles\f3er6lil.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar_i.tlbrId", "base");), Ersetzt,[5da3ae5223ddf50b1af137ff35cfc23e]
PUP.Optional.Babylon.A, C:\Users\andreas\AppData\Roaming\Mozilla\Firefox\Profiles\f3er6lil.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");), Ersetzt,[10f0877911ef827e43c8c86e0df75da3]
PUP.Optional.Babylon.A, C:\Users\andreas\AppData\Roaming\Mozilla\Firefox\Profiles\f3er6lil.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1722:20:54");), Ersetzt,[2ad6a85844bc45bb66a53204de265aa6]
PUP.Optional.Babylon.A, C:\Users\andreas\AppData\Roaming\Mozilla\Firefox\Profiles\f3er6lil.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");), Ersetzt,[ed13728ec8380df37299fe385aaa5da3]

Physische Sektoren: 0
(No malicious items detected)


(end)
         

AdwCleaner

AdwCleaner Logfile:
Code:
ATTFilter
# AdwCleaner v3.022 - Report created 30/03/2014 at 18:12:26
# Updated 13/03/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : andreas - ANDREAS-PC
# Running from : C:\Users\andreas\Desktop\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\boost_interprocess
Folder Deleted : C:\ProgramData\Premium
Folder Deleted : C:\Program Files (x86)\adawaretb
Folder Deleted : C:\Program Files (x86)\iMesh Applications
Folder Deleted : C:\Program Files (x86)\Toolbar Cleaner
Folder Deleted : C:\windows\SysWOW64\AI_RecycleBin
Folder Deleted : C:\Users\andreas\AppData\Local\Babylon
Folder Deleted : C:\Users\andreas\AppData\Roaming\Babylon
Folder Deleted : C:\Users\andreas\AppData\Roaming\CheckPoint\ZoneAlarm LTD Toolbar
Folder Deleted : C:\Users\andreas\AppData\Roaming\Mozilla\Firefox\Profiles\f3er6lil.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
Folder Deleted : C:\Users\andreas\AppData\Roaming\Mozilla\Firefox\Profiles\f3er6lil.default\Extensions\software@loadtubes.com
File Deleted : C:\Users\andreas\AppData\Roaming\Mozilla\Firefox\Profiles\f3er6lil.default\user.js

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\WLXQuickTimeShellExt.DLL
Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr
Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Classes\speedupmypc
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\adawarebp_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\adawarebp_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@checkpoint.com/FFApi
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Starfield Updater]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C2178B36-2955-479B-818C-A2AE8E500454}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0C9F4179-6CE2-4C6A-A3E5-67FF3592A12E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{19D2F415-D58B-46BC-9390-C03DCBC21EB2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{22B0769F-794B-4422-AC84-47B123C8986D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{255E0B2A-D747-4EEF-B7CE-159D73A3656D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{28ED590D-F5ED-4E05-A87F-1D759F1C6169}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{45D5B93F-E2ED-4AF2-915E-DCDDBDA8C33C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{771B99AB-636F-4A11-9039-8DFEB927B061}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A8321AA2-2227-40C7-8525-6C2F4E1B0EBE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AA41A731-6814-4A70-A6F1-C0A20FBBFBD5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ABBB8A9E-D8AF-40D1-94BE-5175077465FC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BF737694-56F6-46FA-9FDC-FA99A5B25FAD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CFCD164E-8AC9-478E-9ECC-B616A932016C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D5961CC0-B442-4567-8030-67E241EF4CC2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E450067F-1C93-41A7-928E-07E5C2EEC680}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F977D9F2-4BDC-44A6-B508-7C0284C61EED}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{48C9C8B0-A546-46C1-A81F-47A31E623E9D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{99DF8440-814E-497F-BDDD-FB93E9E9DF96}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0C9F4179-6CE2-4C6A-A3E5-67FF3592A12E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{83CAD530-387D-40FD-82EA-B9E863D92A9B}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{22B0769F-794B-4422-AC84-47B123C8986D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{255E0B2A-D747-4EEF-B7CE-159D73A3656D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{28ED590D-F5ED-4E05-A87F-1D759F1C6169}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{45D5B93F-E2ED-4AF2-915E-DCDDBDA8C33C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{771B99AB-636F-4A11-9039-8DFEB927B061}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A8321AA2-2227-40C7-8525-6C2F4E1B0EBE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{AA41A731-6814-4A70-A6F1-C0A20FBBFBD5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{ABBB8A9E-D8AF-40D1-94BE-5175077465FC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{BF737694-56F6-46FA-9FDC-FA99A5B25FAD}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{CFCD164E-8AC9-478E-9ECC-B616A932016C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D5961CC0-B442-4567-8030-67E241EF4CC2}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E450067F-1C93-41A7-928E-07E5C2EEC680}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F977D9F2-4BDC-44A6-B508-7C0284C61EED}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\WEDLMNGR
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\Software\BFlix
Key Deleted : HKLM\Software\Toolbar Cleaner
Key Deleted : HKLM\Software\Uniblue
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BFlix
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZoneAlarm LTD Toolbar

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16521


-\\ Mozilla Firefox v27.0.1 (de)

[ File : C:\Users\andreas\AppData\Roaming\Mozilla\Firefox\Profiles\f3er6lil.default\prefs.js ]

Line Deleted : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");

-\\ Google Chrome v33.0.1750.154

[ File : C:\Users\andreas\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [9050 octets] - [30/03/2014 18:05:21]
AdwCleaner[S0].txt - [8589 octets] - [30/03/2014 18:12:26]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [8649 octets] ##########
         
--- --- ---

[/CODE]


JRT

Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.3 (03.23.2014:1)
OS: Windows 7 Home Premium x64
Ran by andreas on 30.03.2014 at 18:19:55,74
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Program Files (x86)\coupons"



~~~ FireFox

Successfully deleted: [File] C:\user.js
Successfully deleted: [Folder] C:\Users\andreas\AppData\Roaming\mozilla\firefox\profiles\f3er6lil.default\extensions\info@thebflix.com



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 30.03.2014 at 18:26:16,26
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         

FRST


FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by andreas (administrator) on ANDREAS-PC on 30-03-2014 18:34:26
Running from C:\Users\andreas\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\windows\system32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Microsoft Corporation) C:\windows\SysWOW64\svchost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Starfield Technologies) C:\Program Files (x86)\Workspace\offSyncService.exe
() C:\windows\SysWOW64\Rezip.exe
(SafeNet, Inc.) C:\Program Files\SafeNet\Authentication\SAC\x64\SACSrv.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe
(SEC) C:\Program Files (x86)\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
(SAMSUNG Electronics) C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(Akamai Technologies, Inc.) C:\Users\andreas\AppData\Local\Akamai\netsession_win.exe
(Starfield Technologies) C:\Users\andreas\AppData\Local\Workspace\workspacestatus.exe
(Akamai Technologies, Inc.) C:\Users\andreas\AppData\Local\Akamai\netsession_win.exe
(Starfield Technologies) C:\Users\andreas\AppData\Local\Workspace\WorkspaceUpdate.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Dropbox, Inc.) C:\Users\andreas\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Avira Operations GmbH & Co. KG) C:\program files (x86)\avira\antivir desktop\ipmGui.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Thisisu) C:\Users\andreas\Desktop\JRT.exe
(Microsoft Corporation) C:\windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\windows\SysWOW64\notepad.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2074408 2010-02-26] (Synaptics Incorporated)
HKLM\...\Run: [NvCplDaemon] - C:\windows\system32\NvCpl.dll [16413288 2010-02-10] (NVIDIA Corporation)
HKLM\...\Run: [Windows Mobile Device Center] - C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM-x32\...\Run: [RemoteControl8] - C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe [91432 2009-04-15] (CyberLink Corp.)
HKLM-x32\...\Run: [PDVD8LanguageShortcut] - C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe [50472 2009-04-15] (CyberLink Corp.)
HKLM-x32\...\Run: [GrooveMonitor] - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [Ad-Aware Browsing Protection] - C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe [198032 2011-10-21] (Lavasoft)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-20] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] - [X]
HKU\S-1-5-21-522234228-4192544273-3428825822-1001\...\Run: [Akamai NetSession Interface] - C:\Users\andreas\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.)
HKU\S-1-5-21-522234228-4192544273-3428825822-1001\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-08-06] (Google Inc.)
HKU\S-1-5-21-522234228-4192544273-3428825822-1001\...\Run: [Workspace Status] - C:\Users\andreas\AppData\Local\Workspace\workspacestatus.exe [694760 2013-07-26] (Starfield Technologies)
HKU\S-1-5-21-522234228-4192544273-3428825822-1001\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20922016 2014-02-10] (Skype Technologies S.A.)
HKU\S-1-5-21-522234228-4192544273-3428825822-1001\...\Run: [Starfield Updater] - C:\Users\andreas\AppData\Local\Workspace\WorkspaceUpdate.exe [35008 2013-05-26] (Starfield Technologies)
Startup: C:\Users\andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\andreas\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - {92C33D4D-06C3-49C7-9BDC-3A342E3899AD} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=chr-yie9
SearchScopes: HKCU - {AD20EAA2-12B9-46B5-BBB3-32A3A31661D2} URL = hxxp://www.flickr.com/search/?q={searchTerms}
SearchScopes: HKCU - {F3EC1F04-D859-491B-921C-C994A33669CD} URL = hxxp://search.zonealarm.com/search?src=sp&tbid=goughGA&Lan=de&q={searchTerms}&gu=386d05aab96640798e6ea6ac9f50f5fc&tu=10GXz00Au1C01g0&sku=&tstsId=&ver=&&r=334
BHO: Windows Live Family Safety Browser Helper Class - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{011E7012-FCC3-417B-B375-8A252ADD8B30}: [NameServer]193.189.244.206 193.189.244.225
Tcpip\..\Interfaces\{708DB8B2-E39B-4BEE-842B-07EC99E3E497}: [NameServer]193.189.244.206 193.189.244.225
Tcpip\..\Interfaces\{8B8CA7B7-057C-43EE-9A22-091EB0577D86}: [NameServer]193.189.244.206 193.189.244.225

FireFox:
========
FF ProfilePath: C:\Users\andreas\AppData\Roaming\Mozilla\Firefox\Profiles\f3er6lil.default
FF Homepage: hxxp://yahoo.de/
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @starfield.com/off - C:\Users\andreas\AppData\Roaming\Mozilla\Plugins\npoff.dll ( Starfield Technologies, LLC.)
FF Plugin HKCU: @starfield.com/off64 - C:\Users\andreas\AppData\Roaming\Mozilla\Plugins\npoff64.dll ( Starfield Technologies, LLC.)
FF Plugin HKCU: @starfield.com/wbe - C:\Users\andreas\AppData\Roaming\Mozilla\Plugins\npwbe.dll (Starfield Technology, LLC)
FF Plugin HKCU: @starfield.com/wbe64 - C:\Users\andreas\AppData\Roaming\Mozilla\Plugins\npwbe64.dll (Starfield Technology, LLC)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\andreas\AppData\Roaming\mozilla\plugins\npoff.dll ( Starfield Technologies, LLC.)
FF Plugin ProgramFiles/Appdata: C:\Users\andreas\AppData\Roaming\mozilla\plugins\npoff64.dll ( Starfield Technologies, LLC.)
FF Plugin ProgramFiles/Appdata: C:\Users\andreas\AppData\Roaming\mozilla\plugins\npwbe.dll (Starfield Technology, LLC)
FF Plugin ProgramFiles/Appdata: C:\Users\andreas\AppData\Roaming\mozilla\plugins\npwbe64.dll (Starfield Technology, LLC)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: WBE Paste - C:\Users\andreas\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\wbepaste@starfield [2013-05-26]
FF Extension: Workspace Email Zoom - C:\Users\andreas\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\zoomext@starfield [2013-05-26]
FF Extension: Bluhell Firewall - C:\Users\andreas\AppData\Roaming\Mozilla\Firefox\Profiles\f3er6lil.default\Extensions\{6BB5760D-F97E-421B-AF5B-8457A90C3CED}.xpi [2013-12-15]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\KavAntiBanner@Kaspersky.ru [2014-02-28]
FF Extension: Anti-Banner - C:\Program Files (x86)\Mozilla Firefox\extensions\KavAntiBanner@kaspersky.ru_bak [2014-02-28]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru [2014-02-28]
FF Extension: Modul zur Link-Untersuchung - C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak [2014-02-28]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-03-03]
FF HKLM-x32\...\Firefox\Extensions: [{000a9d1c-beef-4f90-9363-039d445309b8}] - C:\Program Files (x86)\Google\Google Gears\Firefox\
FF Extension: Google Gears - C:\Program Files (x86)\Google\Google Gears\Firefox\ []
FF HKLM-x32\...\Firefox\Extensions: [virtualKeyboard@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\virtualKeyboard@kaspersky.ru
FF HKLM-x32\...\Firefox\Extensions: [KavAntiBanner@Kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\KavAntiBanner@kaspersky.ru
FF HKLM-x32\...\Firefox\Extensions: [linkfilter@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\linkfilter@kaspersky.ru
FF HKLM-x32\...\Firefox\Extensions: [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}] - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker

Chrome: 
=======
CHR DefaultSearchURL: hxxp://www.google.de/search?hl=de&source=hp&q={searchTerms}
CHR DefaultNewTabURL: 
CHR Extension: (Google Docs) - C:\Users\andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-12-13]
CHR Extension: (Google Drive) - C:\Users\andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-12-13]
CHR Extension: (YouTube) - C:\Users\andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-12-13]
CHR Extension: (Google Search) - C:\Users\andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-12-13]
CHR Extension: (Bflix extension) - C:\Users\andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlfihafpijfdgmojeeigcldgchhojpfp [2014-03-04]
CHR Extension: (Skype Click to Call) - C:\Users\andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-03-04]
CHR Extension: (Google Wallet) - C:\Users\andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR Extension: (Gmail) - C:\Users\andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-12-13]
CHR HKLM-x32\...\Chrome\Extension: [jlfihafpijfdgmojeeigcldgchhojpfp] - C:\Program Files (x86)\BFlix\BFlix.crx [2011-12-19]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-03-03]

==================== Services (Whitelisted) =================

R2 Akamai; c:\program files (x86)\common files\akamai/netsession_win_8fa3539.dll [4569856 2013-07-01] (Akamai Technologies, Inc.)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1017424 2014-02-20] (Avira Operations GmbH & Co. KG)
S3 Autodesk Licensing Service; C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe [77944 2011-03-08] (Autodesk)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1363584 2014-03-03] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1748608 2014-03-03] (Microsoft Corporation)
R2 File Backup; C:\Program Files (x86)\Workspace\offSyncService.exe [1187040 2013-07-22] (Starfield Technologies)
R2 Rezip; C:\windows\SysWOW64\Rezip.exe [311296 2009-03-05] ()
R2 SACSrv; C:\Program Files\SafeNet\Authentication\SAC\x64\SACSrv.exe [10712 2011-10-02] (SafeNet, Inc.)
S4 mcmscsvc; C:\PROGRA~2\McAfee\MSC\mcmscsvc.exe [X]
S4 McNASvc; "c:\PROGRA~2\COMMON~1\mcafee\mna\mcnasvc.exe" [X]
S4 McProxy; c:\PROGRA~2\COMMON~1\mcafee\mcproxy\mcproxy.exe [X]
S4 MpfService; "C:\Program Files (x86)\McAfee\MPF\MPFSrv.exe" [X]
S2 MSK80Service; "C:\Program Files (x86)\McAfee\MSK\MskSrver.exe" [X]

==================== Drivers (Whitelisted) ====================

R3 AKSIFDH; C:\Windows\System32\DRIVERS\aksifdh.sys [62632 2008-07-30] (Aladdin Knowledge Systems, Ltd.)
S3 AKSUP; C:\Windows\System32\drivers\aksup.sys [44712 2008-07-30] (Aladdin Knowledge Systems, Ltd.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-09] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-09] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-12-09] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [84720 2013-12-09] (Avira Operations GmbH & Co. KG)
S3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [243200 2009-10-21] (Huawei Technologies Co., Ltd.)
S3 hwusbdev; C:\Windows\System32\DRIVERS\ewusbdev.sys [114304 2009-10-12] (Huawei Technologies Co., Ltd.)
R3 iKeyEnum; C:\Windows\System32\DRIVERS\ikeyenum.sys [16160 2010-07-08] (SafeNet, Inc.)
R3 iKeyIFD; C:\Windows\System32\DRIVERS\ikeyifd.sys [22304 2010-07-08] (SafeNet, Inc.)
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [89944 2013-02-21] (Kaspersky Lab)
S4 MPFP; C:\Windows\System32\Drivers\Mpfp.sys [176144 2010-07-15] (McAfee, Inc.)
U5 RnbToken; C:\Windows\System32\Drivers\RnbToken.sys [24352 2010-07-08] (SafeNet, Inc.)
S3 rtport; C:\windows\SysWOW64\drivers\rtport.sys [15144 2010-11-05] (Windows (R) 2003 DDK 3790 provider)
S4 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
S3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [395264 2009-09-28] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-30 18:26 - 2014-03-30 18:26 - 00001041 _____ () C:\Users\andreas\Desktop\JRT.txt
2014-03-30 18:19 - 2014-03-30 18:19 - 00000000 ____D () C:\windows\ERUNT
2014-03-30 18:18 - 2014-03-30 18:18 - 01038974 _____ (Thisisu) C:\Users\andreas\Downloads\JRT.exe
2014-03-30 18:18 - 2014-03-30 18:18 - 01038974 _____ (Thisisu) C:\Users\andreas\Desktop\JRT.exe
2014-03-30 18:05 - 2014-03-30 18:12 - 00000000 ____D () C:\AdwCleaner
2014-03-30 18:02 - 2014-03-30 18:02 - 01950720 _____ () C:\Users\andreas\Downloads\adwcleaner.exe
2014-03-30 18:02 - 2014-03-30 18:02 - 01950720 _____ () C:\Users\andreas\Desktop\adwcleaner.exe
2014-03-30 17:59 - 2014-03-30 17:59 - 00005242 _____ () C:\Users\andreas\Desktop\mbam.txt
2014-03-30 17:14 - 2014-03-30 17:19 - 00119512 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-03-30 17:14 - 2014-03-30 17:16 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-03-30 17:14 - 2014-03-30 17:14 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\andreas\Desktop\mbam-setup-2.0.0.1000.exe
2014-03-30 17:14 - 2014-03-05 09:26 - 00088280 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-03-30 17:14 - 2014-03-05 09:26 - 00063192 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-03-30 17:13 - 2014-03-30 17:14 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\andreas\Downloads\mbam-setup-2.0.0.1000.exe
2014-03-28 20:52 - 2014-03-28 20:52 - 00026370 _____ () C:\ComboFix.txt
2014-03-28 16:05 - 2011-06-26 08:45 - 00256000 _____ () C:\windows\PEV.exe
2014-03-28 16:05 - 2010-11-07 19:20 - 00208896 _____ () C:\windows\MBR.exe
2014-03-28 16:05 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe
2014-03-28 16:05 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe
2014-03-28 16:05 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe
2014-03-28 16:05 - 2000-08-31 02:00 - 00098816 _____ () C:\windows\sed.exe
2014-03-28 16:05 - 2000-08-31 02:00 - 00080412 _____ () C:\windows\grep.exe
2014-03-28 16:05 - 2000-08-31 02:00 - 00068096 _____ () C:\windows\zip.exe
2014-03-28 16:04 - 2014-03-28 20:53 - 00000000 ____D () C:\Qoobox
2014-03-28 16:04 - 2014-03-28 16:26 - 00000000 ____D () C:\windows\erdnt
2014-03-28 16:03 - 2014-03-28 16:03 - 05192353 ____R (Swearware) C:\Users\andreas\Desktop\ComboFix.exe
2014-03-28 16:03 - 2014-03-28 16:03 - 05192353 _____ (Swearware) C:\Users\andreas\Downloads\ComboFix.exe
2014-03-28 14:25 - 2014-03-28 14:25 - 00013270 _____ () C:\Users\andreas\Desktop\GMER.log
2014-03-28 14:14 - 2014-03-28 14:13 - 00380416 _____ () C:\Users\andreas\Desktop\Gmer-19357.exe
2014-03-28 14:13 - 2014-03-28 14:13 - 00380416 _____ () C:\Users\andreas\Downloads\Gmer-19357.exe
2014-03-28 14:11 - 2014-03-28 14:11 - 00039459 _____ () C:\Users\andreas\Desktop\Addition.txt
2014-03-28 14:10 - 2014-03-30 18:34 - 00021403 _____ () C:\Users\andreas\Desktop\FRST.txt
2014-03-28 14:10 - 2014-03-30 18:34 - 00000000 ____D () C:\FRST
2014-03-28 14:09 - 2014-03-28 14:09 - 02157056 _____ (Farbar) C:\Users\andreas\Desktop\FRST64.exe
2014-03-28 14:08 - 2014-03-28 14:09 - 02157056 _____ (Farbar) C:\Users\andreas\Downloads\FRST64.exe
2014-03-28 14:07 - 2014-03-28 14:07 - 01145856 _____ (Farbar) C:\Users\andreas\Downloads\FRST.exe
2014-03-28 14:06 - 2014-03-28 14:06 - 00000476 _____ () C:\Users\andreas\Desktop\defogger_disable.log
2014-03-28 14:06 - 2014-03-28 14:06 - 00000000 _____ () C:\Users\andreas\defogger_reenable
2014-03-28 14:05 - 2014-03-28 14:05 - 00050477 _____ () C:\Users\andreas\Downloads\Defogger.exe
2014-03-28 14:05 - 2014-03-28 14:05 - 00050477 _____ () C:\Users\andreas\Desktop\Defogger.exe
2014-03-28 11:00 - 2014-03-28 11:00 - 00167424 _____ () C:\Users\andreas\Downloads\OBRASCI ZAVRSNI 2013 - SEMNONES (2).xls
2014-03-28 10:59 - 2014-03-28 10:59 - 00167424 _____ () C:\Users\andreas\Downloads\OBRASCI ZAVRSNI 2013 - SEMNONES (1).xls
2014-03-28 10:57 - 2014-03-28 10:57 - 00167424 _____ () C:\Users\andreas\Downloads\OBRASCI ZAVRSNI 2013 - SEMNONES.xls
2014-03-22 15:26 - 2014-03-22 15:33 - 00064000 ____H () C:\Users\Guest\Desktop\~WRL3555.tmp
2014-03-22 14:25 - 2014-03-22 14:34 - 00009169 _____ () C:\Users\andreas\Documents\Bieter.xlsx
2014-03-22 10:03 - 2014-03-22 10:03 - 00000000 ____D () C:\Users\Guest\AppData\Local\Adobe
2014-03-22 10:02 - 2014-03-22 10:02 - 00000000 ____D () C:\Users\Guest\AppData\Local\Google
2014-03-22 09:35 - 2014-03-22 09:35 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Avira
2014-03-22 09:29 - 2014-03-22 09:29 - 00000000 ____H () C:\windows\system32\Drivers\Msft_User_wpdcomp_01_09_00.Wdf
2014-03-22 07:45 - 2014-03-22 07:45 - 00000000 ____D () C:\Users\Guest\Desktop\Bieterregistrierungen
2014-03-21 17:09 - 2014-03-30 17:14 - 00003942 _____ () C:\windows\System32\Tasks\User_Feed_Synchronization-{92299EF7-1E5C-417C-864B-B520F20C2A67}
2014-03-21 00:33 - 2014-03-22 16:21 - 00000000 ____D () C:\Users\Guest\Desktop\forms
2014-03-21 00:33 - 2014-03-21 00:33 - 00000000 ____D () C:\Users\Guest\Desktop\logo avus
2014-03-21 00:20 - 2014-03-21 00:20 - 00000000 ____D () C:\Users\Guest\AppData\Local\adaware
2014-03-21 00:19 - 2014-03-25 11:52 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite
2014-03-21 00:19 - 2014-03-22 10:03 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Adobe
2014-03-21 00:19 - 2014-03-21 00:20 - 00000000 ___RD () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-21 00:19 - 2014-03-21 00:20 - 00000000 ___RD () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-03-21 00:19 - 2014-03-21 00:20 - 00000000 ____D () C:\Users\Guest\AppData\Local\VirtualStore
2014-03-21 00:19 - 2014-03-21 00:19 - 00001413 _____ () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-03-21 00:19 - 2014-03-21 00:19 - 00000020 ___SH () C:\Users\Guest\ntuser.ini
2014-03-21 00:19 - 2014-03-21 00:19 - 00000000 ____D () C:\Users\Guest\AppData\Local\offsync
2014-03-21 00:19 - 2014-03-21 00:19 - 00000000 ____D () C:\Users\Guest
2014-03-21 00:19 - 2011-03-10 17:30 - 00000000 ____D () C:\Users\Guest\AppData\Local\Microsoft Help
2014-03-21 00:19 - 2011-03-06 20:34 - 00001135 _____ () C:\Users\Guest\Desktop\CyberLink YouCam.lnk
2014-03-21 00:19 - 2011-03-06 20:34 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink YouCam
2014-03-21 00:19 - 2010-08-04 04:37 - 00001190 _____ () C:\Users\Guest\Desktop\CyberLink DVD Suite.lnk
2014-03-21 00:19 - 2009-07-14 06:54 - 00000000 ___RD () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-03-21 00:19 - 2009-07-14 06:49 - 00000000 ___RD () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-03-13 22:26 - 2014-03-01 07:17 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-03-13 22:26 - 2014-03-01 07:16 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-03-13 22:26 - 2014-03-01 06:58 - 02765824 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-03-13 22:26 - 2014-03-01 06:52 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-03-13 22:26 - 2014-03-01 06:51 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-03-13 22:26 - 2014-03-01 06:40 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-03-13 22:26 - 2014-03-01 06:30 - 17074688 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-03-13 22:26 - 2014-03-01 06:17 - 00218624 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-03-13 22:26 - 2014-03-01 06:11 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-03-13 22:26 - 2014-03-01 05:52 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-03-13 22:26 - 2014-03-01 05:51 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-03-13 22:26 - 2014-03-01 05:47 - 02168320 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-03-13 22:26 - 2014-03-01 05:43 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-03-13 22:26 - 2014-03-01 05:43 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-03-13 22:26 - 2014-03-01 05:42 - 00627200 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-03-13 22:26 - 2014-03-01 05:40 - 00440832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-03-13 22:26 - 2014-03-01 05:38 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-03-13 22:26 - 2014-03-01 05:37 - 00553472 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-03-13 22:26 - 2014-03-01 05:35 - 02041856 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-03-13 22:26 - 2014-03-01 05:14 - 04244480 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-03-13 22:26 - 2014-03-01 05:03 - 00524288 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-03-13 22:26 - 2014-03-01 05:00 - 01964032 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-03-13 22:26 - 2014-03-01 04:57 - 11266048 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-03-13 22:26 - 2014-03-01 04:38 - 01393664 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-03-13 22:26 - 2014-03-01 04:27 - 01156096 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-03-13 22:26 - 2014-02-07 03:23 - 03156480 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-03-13 22:26 - 2014-01-29 04:32 - 00484864 _____ (Microsoft Corporation) C:\windows\system32\wer.dll
2014-03-13 22:26 - 2014-01-29 04:06 - 00381440 _____ (Microsoft Corporation) C:\windows\SysWOW64\wer.dll
2014-03-13 22:26 - 2014-01-28 04:32 - 00228864 _____ (Microsoft Corporation) C:\windows\system32\wwansvc.dll
2014-03-13 22:25 - 2014-03-01 08:05 - 23133696 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-03-13 22:25 - 2014-03-01 06:42 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-03-13 22:25 - 2014-03-01 06:37 - 00574976 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-03-13 22:25 - 2014-03-01 06:33 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-03-13 22:25 - 2014-03-01 06:33 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-03-13 22:25 - 2014-03-01 06:32 - 00708608 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-03-13 22:25 - 2014-03-01 06:23 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-03-13 22:25 - 2014-03-01 06:02 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-03-13 22:25 - 2014-03-01 05:54 - 05768704 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-03-13 22:25 - 2014-03-01 05:18 - 13051904 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-03-13 22:25 - 2014-03-01 05:16 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-03-13 22:25 - 2014-03-01 05:10 - 02334208 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-03-13 22:25 - 2014-03-01 04:32 - 01820160 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-03-13 22:25 - 2014-03-01 04:25 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-03-13 22:25 - 2014-03-01 04:25 - 00703488 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-03-13 22:24 - 2014-02-04 04:32 - 01424384 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll
2014-03-13 22:24 - 2014-02-04 04:32 - 00624128 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll
2014-03-13 22:24 - 2014-02-04 04:04 - 01230336 _____ (Microsoft Corporation) C:\windows\SysWOW64\WindowsCodecs.dll
2014-03-13 22:24 - 2014-02-04 04:04 - 00509440 _____ (Microsoft Corporation) C:\windows\SysWOW64\qedit.dll
2014-03-04 10:46 - 2014-03-04 10:46 - 00001109 _____ () C:\Users\andreas\Desktop\desktoptools.lnk
2014-02-28 17:55 - 2014-02-28 17:55 - 00002699 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-02-28 17:55 - 2014-02-28 17:55 - 00000000 ____D () C:\Users\andreas\AppData\Local\Skype
2014-02-28 17:46 - 2014-02-28 17:46 - 00001074 _____ () C:\Users\andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\join.me.lnk
2014-02-28 17:46 - 2014-02-28 17:46 - 00000000 ____D () C:\Users\andreas\AppData\Local\join.me
2014-02-28 16:14 - 2014-02-28 16:14 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

==================== One Month Modified Files and Folders =======

2014-03-30 18:35 - 2014-03-28 14:10 - 00021403 _____ () C:\Users\andreas\Desktop\FRST.txt
2014-03-30 18:34 - 2014-03-28 14:10 - 00000000 ____D () C:\FRST
2014-03-30 18:26 - 2014-03-30 18:26 - 00001041 _____ () C:\Users\andreas\Desktop\JRT.txt
2014-03-30 18:23 - 2011-03-06 20:52 - 00000000 ____D () C:\Users\andreas\AppData\Roaming\Skype
2014-03-30 18:23 - 2009-07-14 06:45 - 00014144 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-30 18:23 - 2009-07-14 06:45 - 00014144 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-30 18:19 - 2014-03-30 18:19 - 00000000 ____D () C:\windows\ERUNT
2014-03-30 18:18 - 2014-03-30 18:18 - 01038974 _____ (Thisisu) C:\Users\andreas\Downloads\JRT.exe
2014-03-30 18:18 - 2014-03-30 18:18 - 01038974 _____ (Thisisu) C:\Users\andreas\Desktop\JRT.exe
2014-03-30 18:18 - 2009-07-14 07:13 - 00801824 _____ () C:\windows\system32\PerfStringBackup.INI
2014-03-30 18:16 - 2014-01-15 21:44 - 00000000 ___RD () C:\Users\andreas\Desktop\Dropbox
2014-03-30 18:16 - 2014-01-15 21:25 - 00000000 ____D () C:\Users\andreas\AppData\Roaming\Dropbox
2014-03-30 18:15 - 2011-03-06 20:21 - 00000000 ____D () C:\Users\andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite
2014-03-30 18:14 - 2011-03-09 15:40 - 00001108 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-30 18:13 - 2013-12-14 14:12 - 00019260 _____ () C:\windows\setupact.log
2014-03-30 18:13 - 2010-08-04 04:27 - 01490285 _____ () C:\windows\WindowsUpdate.log
2014-03-30 18:13 - 2009-07-14 07:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-03-30 18:12 - 2014-03-30 18:05 - 00000000 ____D () C:\AdwCleaner
2014-03-30 18:03 - 2014-01-22 10:00 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-03-30 18:02 - 2014-03-30 18:02 - 01950720 _____ () C:\Users\andreas\Downloads\adwcleaner.exe
2014-03-30 18:02 - 2014-03-30 18:02 - 01950720 _____ () C:\Users\andreas\Desktop\adwcleaner.exe
2014-03-30 17:59 - 2014-03-30 17:59 - 00005242 _____ () C:\Users\andreas\Desktop\mbam.txt
2014-03-30 17:41 - 2011-03-09 15:40 - 00001112 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-30 17:19 - 2014-03-30 17:14 - 00119512 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-03-30 17:16 - 2014-03-30 17:14 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-03-30 17:16 - 2014-01-23 16:33 - 00001102 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-03-30 17:14 - 2014-03-30 17:14 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\andreas\Desktop\mbam-setup-2.0.0.1000.exe
2014-03-30 17:14 - 2014-03-30 17:13 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\andreas\Downloads\mbam-setup-2.0.0.1000.exe
2014-03-30 17:14 - 2014-03-21 17:09 - 00003942 _____ () C:\windows\System32\Tasks\User_Feed_Synchronization-{92299EF7-1E5C-417C-864B-B520F20C2A67}
2014-03-30 17:14 - 2013-01-10 13:46 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-30 17:06 - 2013-12-15 10:46 - 00571470 _____ () C:\windows\PFRO.log
2014-03-28 20:53 - 2014-03-28 16:04 - 00000000 ____D () C:\Qoobox
2014-03-28 20:52 - 2014-03-28 20:52 - 00026370 _____ () C:\ComboFix.txt
2014-03-28 20:52 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2014-03-28 16:26 - 2014-03-28 16:04 - 00000000 ____D () C:\windows\erdnt
2014-03-28 16:18 - 2009-07-14 04:34 - 00000215 _____ () C:\windows\system.ini
2014-03-28 16:15 - 2012-07-13 13:34 - 00000000 ____D () C:\Users\andreas\AppData\Roaming\convert
2014-03-28 16:15 - 2012-01-26 23:21 - 00000000 ____D () C:\Program Files (x86)\BFlix
2014-03-28 16:03 - 2014-03-28 16:03 - 05192353 ____R (Swearware) C:\Users\andreas\Desktop\ComboFix.exe
2014-03-28 16:03 - 2014-03-28 16:03 - 05192353 _____ (Swearware) C:\Users\andreas\Downloads\ComboFix.exe
2014-03-28 14:25 - 2014-03-28 14:25 - 00013270 _____ () C:\Users\andreas\Desktop\GMER.log
2014-03-28 14:13 - 2014-03-28 14:14 - 00380416 _____ () C:\Users\andreas\Desktop\Gmer-19357.exe
2014-03-28 14:13 - 2014-03-28 14:13 - 00380416 _____ () C:\Users\andreas\Downloads\Gmer-19357.exe
2014-03-28 14:11 - 2014-03-28 14:11 - 00039459 _____ () C:\Users\andreas\Desktop\Addition.txt
2014-03-28 14:09 - 2014-03-28 14:09 - 02157056 _____ (Farbar) C:\Users\andreas\Desktop\FRST64.exe
2014-03-28 14:09 - 2014-03-28 14:08 - 02157056 _____ (Farbar) C:\Users\andreas\Downloads\FRST64.exe
2014-03-28 14:07 - 2014-03-28 14:07 - 01145856 _____ (Farbar) C:\Users\andreas\Downloads\FRST.exe
2014-03-28 14:06 - 2014-03-28 14:06 - 00000476 _____ () C:\Users\andreas\Desktop\defogger_disable.log
2014-03-28 14:06 - 2014-03-28 14:06 - 00000000 _____ () C:\Users\andreas\defogger_reenable
2014-03-28 14:06 - 2011-03-06 20:21 - 00000000 ____D () C:\Users\andreas
2014-03-28 14:05 - 2014-03-28 14:05 - 00050477 _____ () C:\Users\andreas\Downloads\Defogger.exe
2014-03-28 14:05 - 2014-03-28 14:05 - 00050477 _____ () C:\Users\andreas\Desktop\Defogger.exe
2014-03-28 13:25 - 2013-08-06 14:09 - 00000000 ____D () C:\Users\andreas\Desktop\Classic Car Auction
2014-03-28 11:00 - 2014-03-28 11:00 - 00167424 _____ () C:\Users\andreas\Downloads\OBRASCI ZAVRSNI 2013 - SEMNONES (2).xls
2014-03-28 10:59 - 2014-03-28 10:59 - 00167424 _____ () C:\Users\andreas\Downloads\OBRASCI ZAVRSNI 2013 - SEMNONES (1).xls
2014-03-28 10:57 - 2014-03-28 10:57 - 00167424 _____ () C:\Users\andreas\Downloads\OBRASCI ZAVRSNI 2013 - SEMNONES.xls
2014-03-25 11:52 - 2014-03-21 00:19 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite
2014-03-24 17:06 - 2014-02-22 15:14 - 00000000 ____D () C:\Users\andreas\Desktop\semnones jdoo
2014-03-22 16:21 - 2014-03-21 00:33 - 00000000 ____D () C:\Users\Guest\Desktop\forms
2014-03-22 15:33 - 2014-03-22 15:26 - 00064000 ____H () C:\Users\Guest\Desktop\~WRL3555.tmp
2014-03-22 14:34 - 2014-03-22 14:25 - 00009169 _____ () C:\Users\andreas\Documents\Bieter.xlsx
2014-03-22 10:03 - 2014-03-22 10:03 - 00000000 ____D () C:\Users\Guest\AppData\Local\Adobe
2014-03-22 10:03 - 2014-03-21 00:19 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Adobe
2014-03-22 10:02 - 2014-03-22 10:02 - 00000000 ____D () C:\Users\Guest\AppData\Local\Google
2014-03-22 09:35 - 2014-03-22 09:35 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Avira
2014-03-22 09:29 - 2014-03-22 09:29 - 00000000 ____H () C:\windows\system32\Drivers\Msft_User_wpdcomp_01_09_00.Wdf
2014-03-22 07:45 - 2014-03-22 07:45 - 00000000 ____D () C:\Users\Guest\Desktop\Bieterregistrierungen
2014-03-21 18:48 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\system32\NDF
2014-03-21 00:33 - 2014-03-21 00:33 - 00000000 ____D () C:\Users\Guest\Desktop\logo avus
2014-03-21 00:20 - 2014-03-21 00:20 - 00000000 ____D () C:\Users\Guest\AppData\Local\adaware
2014-03-21 00:20 - 2014-03-21 00:19 - 00000000 ___RD () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-21 00:20 - 2014-03-21 00:19 - 00000000 ___RD () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-03-21 00:20 - 2014-03-21 00:19 - 00000000 ____D () C:\Users\Guest\AppData\Local\VirtualStore
2014-03-21 00:19 - 2014-03-21 00:19 - 00001413 _____ () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-03-21 00:19 - 2014-03-21 00:19 - 00000020 ___SH () C:\Users\Guest\ntuser.ini
2014-03-21 00:19 - 2014-03-21 00:19 - 00000000 ____D () C:\Users\Guest\AppData\Local\offsync
2014-03-21 00:19 - 2014-03-21 00:19 - 00000000 ____D () C:\Users\Guest
2014-03-20 22:52 - 2011-07-21 12:47 - 00000000 ____D () C:\Users\andreas\Desktop\james
2014-03-18 19:17 - 2011-04-06 11:41 - 00000000 ____D () C:\Users\andreas\Desktop\Roccadoro
2014-03-18 00:43 - 2013-08-15 08:57 - 00000000 ____D () C:\windows\system32\MRT
2014-03-18 00:41 - 2011-03-19 11:57 - 90015360 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-03-17 10:16 - 2011-03-08 22:20 - 00000000 ____D () C:\Users\andreas\Desktop\THE VIEW Villas doo
2014-03-16 21:04 - 2011-06-04 11:26 - 00000000 ____D () C:\Users\andreas\Desktop\Inntal Montenegro
2014-03-16 20:12 - 2011-03-06 20:43 - 00000000 ___RD () C:\Users\andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-16 16:17 - 2011-03-20 19:43 - 00000000 ____D () C:\Users\andreas\Desktop\montague stein
2014-03-15 20:29 - 2011-04-05 15:32 - 00002175 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-03-14 13:57 - 2014-02-14 10:37 - 00000000 ____D () C:\Users\andreas\Desktop\Photos portals
2014-03-14 10:32 - 2010-08-04 04:29 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-03-14 08:36 - 2009-07-14 06:45 - 00426592 _____ () C:\windows\system32\FNTCACHE.DAT
2014-03-14 08:34 - 2013-03-14 00:27 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-14 08:34 - 2013-03-14 00:27 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-03-14 03:16 - 2011-03-08 19:36 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-03-14 01:06 - 2013-05-26 18:55 - 00000000 ____D () C:\Users\andreas\AppData\Local\Workspace
2014-03-05 09:26 - 2014-03-30 17:14 - 00088280 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-03-05 09:26 - 2014-03-30 17:14 - 00063192 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-03-05 09:26 - 2014-01-23 16:33 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-03-04 10:46 - 2014-03-04 10:46 - 00001109 _____ () C:\Users\andreas\Desktop\desktoptools.lnk
2014-03-01 08:05 - 2014-03-13 22:25 - 23133696 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-03-01 07:17 - 2014-03-13 22:26 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-03-01 07:16 - 2014-03-13 22:26 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-03-01 06:58 - 2014-03-13 22:26 - 02765824 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-03-01 06:52 - 2014-03-13 22:26 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-03-01 06:51 - 2014-03-13 22:26 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-03-01 06:42 - 2014-03-13 22:25 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-03-01 06:40 - 2014-03-13 22:26 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-03-01 06:37 - 2014-03-13 22:25 - 00574976 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-03-01 06:33 - 2014-03-13 22:25 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-03-01 06:33 - 2014-03-13 22:25 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-03-01 06:32 - 2014-03-13 22:25 - 00708608 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-03-01 06:30 - 2014-03-13 22:26 - 17074688 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-03-01 06:23 - 2014-03-13 22:25 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-03-01 06:17 - 2014-03-13 22:26 - 00218624 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-03-01 06:11 - 2014-03-13 22:26 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-03-01 06:02 - 2014-03-13 22:25 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-03-01 05:54 - 2014-03-13 22:25 - 05768704 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-03-01 05:52 - 2014-03-13 22:26 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-03-01 05:51 - 2014-03-13 22:26 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-03-01 05:47 - 2014-03-13 22:26 - 02168320 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-03-01 05:43 - 2014-03-13 22:26 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-03-01 05:43 - 2014-03-13 22:26 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-03-01 05:42 - 2014-03-13 22:26 - 00627200 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-03-01 05:40 - 2014-03-13 22:26 - 00440832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-03-01 05:38 - 2014-03-13 22:26 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-03-01 05:37 - 2014-03-13 22:26 - 00553472 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-03-01 05:35 - 2014-03-13 22:26 - 02041856 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-03-01 05:18 - 2014-03-13 22:25 - 13051904 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-03-01 05:16 - 2014-03-13 22:25 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-03-01 05:14 - 2014-03-13 22:26 - 04244480 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-03-01 05:10 - 2014-03-13 22:25 - 02334208 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-03-01 05:03 - 2014-03-13 22:26 - 00524288 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-03-01 05:00 - 2014-03-13 22:26 - 01964032 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-03-01 04:57 - 2014-03-13 22:26 - 11266048 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-03-01 04:38 - 2014-03-13 22:26 - 01393664 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-03-01 04:32 - 2014-03-13 22:25 - 01820160 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-03-01 04:27 - 2014-03-13 22:26 - 01156096 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-03-01 04:25 - 2014-03-13 22:25 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-03-01 04:25 - 2014-03-13 22:25 - 00703488 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-02-28 17:55 - 2014-02-28 17:55 - 00002699 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-02-28 17:55 - 2014-02-28 17:55 - 00000000 ____D () C:\Users\andreas\AppData\Local\Skype
2014-02-28 17:55 - 2010-08-04 04:29 - 00000000 ____D () C:\ProgramData\Skype
2014-02-28 17:51 - 2014-01-21 21:49 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-02-28 17:46 - 2014-02-28 17:46 - 00001074 _____ () C:\Users\andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\join.me.lnk
2014-02-28 17:46 - 2014-02-28 17:46 - 00000000 ____D () C:\Users\andreas\AppData\Local\join.me
2014-02-28 16:14 - 2014-02-28 16:14 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

Some content of TEMP:
====================
C:\Users\andreas\AppData\Local\Temp\avgnt.exe
C:\Users\andreas\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmputjrjb.dll
C:\Users\andreas\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-03-20 10:45

==================== End Of Log ============================
         
--- --- ---


Dankeschön.

Gruß,
Andi


Alt 31.03.2014, 12:48   #6
schrauber
/// the machine
/// TB-Ausbilder
 

Spam Mails werden von yahoo account verschickt - auch nach Passwortänderung - Standard

Spam Mails werden von yahoo account verschickt - auch nach Passwortänderung




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?
__________________
--> Spam Mails werden von yahoo account verschickt - auch nach Passwortänderung

Alt 31.03.2014, 21:35   #7
Andi64
 
Spam Mails werden von yahoo account verschickt - auch nach Passwortänderung - Standard

Spam Mails werden von yahoo account verschickt - auch nach Passwortänderung



Hi,

hab jetzt ein neues Problem. Jetzt erscheinen ganz viele Sachen in Texten grün unterstrichen. Und ständig öffnen sich jetzt Werbebanner usw. Ich drücke z.B. hier im Forum auf Antworten und es öffnet sich eine ganz andere Seite mit dem Hinweis, das System sei veraltet und man müsste ein update machen oder sonst was runterladen

Hier jetzt trotzdem schon mal das ESET Logfile

Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=7066e9d656ce8e4f86a6a74847b6be78
# engine=17691
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-03-31 08:11:31
# local_time=2014-03-31 10:11:31 (+0100, W. Europe Daylight Time)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 94 45869 9714853 38640 0
# compatibility_mode=5893 16776574 100 94 9281290 147926541 0 0
# scanned=222487
# found=9
# cleaned=0
# scan_time=25453
sh=9E50EC17198DA4BEEFA3C1BEF347EE9996908CD5 ft=1 fh=c71c00110735cd47 vn="a variant of Win32/AdWare.AddLyrics.AI application" ac=I fn="C:\Program Files (x86)\Re-Markable Corp\ReMar.exe"
sh=6B307FFD9A36A748A38782F77DA9C36E74BC6787 ft=1 fh=39b8107e0a2101ba vn="a variant of Win32/AdWare.AddLyrics.AH application" ac=I fn="C:\Program Files (x86)\Re-Markable Corp\Uninstall.exe"
sh=B85EA2F6DCB36DE3AA938C56C13463582AE92043 ft=1 fh=c73bfdccdb739175 vn="a variant of MSIL/Adware.PullUpdate.D application" ac=I fn="C:\ProgramData\Radsteroids\Radsteroids.exe"
sh=0664AC25EF94602CC130BFD8138256ABEF676F46 ft=1 fh=2831b17f5ec51586 vn="a variant of MSIL/Adware.PullUpdate.A application" ac=I fn="C:\ProgramData\Radsteroids\RadsteroidsService.exe"
sh=B85EA2F6DCB36DE3AA938C56C13463582AE92043 ft=1 fh=c73bfdccdb739175 vn="a variant of MSIL/Adware.PullUpdate.D application" ac=I fn="C:\Users\All Users\Radsteroids\Radsteroids.exe"
sh=0664AC25EF94602CC130BFD8138256ABEF676F46 ft=1 fh=2831b17f5ec51586 vn="a variant of MSIL/Adware.PullUpdate.A application" ac=I fn="C:\Users\All Users\Radsteroids\RadsteroidsService.exe"
sh=A9B34FFF631A93427E25A5F56B26057EEE6AF32F ft=1 fh=362623e17ed43977 vn="a variant of MSIL/Adware.PullUpdate.C application" ac=I fn="C:\Windows\System32\Radsteroids.33AABCF1AD13.dll"
sh=A9B34FFF631A93427E25A5F56B26057EEE6AF32F ft=1 fh=362623e17ed43977 vn="a variant of MSIL/Adware.PullUpdate.C application" ac=I fn="C:\Windows\SysWOW64\Radsteroids.33AABCF1AD13.dll"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="multiple threats" ac=I fn="${Memory}"
         
Security Check funktioniert nicht. Wirft folgende Mitteilung aus:
UNSUPPORTED OPERATING SYSTEM! ABORTED!

Was nun?

Geändert von Andi64 (31.03.2014 um 21:41 Uhr)

Alt 01.04.2014, 12:45   #8
schrauber
/// the machine
/// TB-Ausbilder
 

Spam Mails werden von yahoo account verschickt - auch nach Passwortänderung - Standard

Spam Mails werden von yahoo account verschickt - auch nach Passwortänderung



Frst öffnen, Haken setzen bei Additional und scannen, poste bitte beide Logfiles. In welchem Browser hast du jetzt die Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 02.04.2014, 14:02   #9
Andi64
 
Spam Mails werden von yahoo account verschickt - auch nach Passwortänderung - Standard

Spam Mails werden von yahoo account verschickt - auch nach Passwortänderung



Hi Schrauber,

eigentlich benutze ich Google Chrom. Habe jetzt Firefox und Internet Explorer ausprobiert und da besteht das gleiche Problem. Zusätzlich läuft jetzt im Hintergrund noch Werbung und Musik :-(

Hier die LogFiles:


FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by andreas (administrator) on ANDREAS-PC on 02-04-2014 14:39:51
Running from C:\Users\andreas\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\windows\system32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Microsoft Corporation) C:\windows\SysWOW64\svchost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Starfield Technologies) C:\Program Files (x86)\Workspace\offSyncService.exe
(Deals Interactive Media, LLC) C:\ProgramData\Radsteroids\RadsteroidsService.exe
() C:\Program Files (x86)\Re-Markable Corp\Re-Markable_wd.exe
() C:\Program Files (x86)\Re-Markable Corp\ReMar.exe
(SEC) C:\Program Files (x86)\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe
(SAMSUNG Electronics) C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Program Files (x86)\Re-Markable Corp\Re-Markable158.exe
() C:\windows\SysWOW64\Rezip.exe
(SafeNet, Inc.) C:\Program Files\SafeNet\Authentication\SAC\x64\SACSrv.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(Akamai Technologies, Inc.) C:\Users\andreas\AppData\Local\Akamai\netsession_win.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Starfield Technologies) C:\Users\andreas\AppData\Local\Workspace\workspacestatus.exe
(Akamai Technologies, Inc.) C:\Users\andreas\AppData\Local\Akamai\netsession_win.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Starfield Technologies) C:\Users\andreas\AppData\Local\Workspace\workspaceupdate.exe
(Dropbox, Inc.) C:\Users\andreas\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe
(Lavasoft) C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Deals Interactive Media, LLC) C:\ProgramData\Radsteroids\Radsteroids.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2074408 2010-02-26] (Synaptics Incorporated)
HKLM\...\Run: [NvCplDaemon] - C:\windows\system32\NvCpl.dll [16413288 2010-02-10] (NVIDIA Corporation)
HKLM\...\Run: [Windows Mobile Device Center] - C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM-x32\...\Run: [RemoteControl8] - C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe [91432 2009-04-15] (CyberLink Corp.)
HKLM-x32\...\Run: [PDVD8LanguageShortcut] - C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe [50472 2009-04-15] (CyberLink Corp.)
HKLM-x32\...\Run: [GrooveMonitor] - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [Ad-Aware Browsing Protection] - C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe [198032 2011-10-21] (Lavasoft)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-20] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] - [X]
HKU\S-1-5-21-522234228-4192544273-3428825822-1001\...\Run: [Akamai NetSession Interface] - C:\Users\andreas\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.)
HKU\S-1-5-21-522234228-4192544273-3428825822-1001\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-08-06] (Google Inc.)
HKU\S-1-5-21-522234228-4192544273-3428825822-1001\...\Run: [Workspace Status] - C:\Users\andreas\AppData\Local\Workspace\workspacestatus.exe [694760 2013-07-26] (Starfield Technologies)
HKU\S-1-5-21-522234228-4192544273-3428825822-1001\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20922016 2014-02-10] (Skype Technologies S.A.)
HKU\S-1-5-21-522234228-4192544273-3428825822-1001\...\Run: [Starfield Updater] - C:\Users\andreas\AppData\Local\Workspace\WorkspaceUpdate.exe [35008 2013-05-26] (Starfield Technologies)
Startup: C:\Users\andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\andreas\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

ProxyEnable: Internet Explorer proxy is enabled.
ProxyServer: http=127.0.0.1:13828
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - {92C33D4D-06C3-49C7-9BDC-3A342E3899AD} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=chr-yie9
SearchScopes: HKCU - {AD20EAA2-12B9-46B5-BBB3-32A3A31661D2} URL = hxxp://www.flickr.com/search/?q={searchTerms}
SearchScopes: HKCU - {F3EC1F04-D859-491B-921C-C994A33669CD} URL = hxxp://search.zonealarm.com/search?src=sp&tbid=goughGA&Lan=de&q={searchTerms}&gu=386d05aab96640798e6ea6ac9f50f5fc&tu=10GXz00Au1C01g0&sku=&tstsId=&ver=&&r=334
BHO: Windows Live Family Safety Browser Helper Class - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\..\Interfaces\{011E7012-FCC3-417B-B375-8A252ADD8B30}: [NameServer]193.189.244.206 193.189.244.225
Tcpip\..\Interfaces\{708DB8B2-E39B-4BEE-842B-07EC99E3E497}: [NameServer]193.189.244.206 193.189.244.225
Tcpip\..\Interfaces\{8B8CA7B7-057C-43EE-9A22-091EB0577D86}: [NameServer]193.189.244.206 193.189.244.225

FireFox:
========
FF ProfilePath: C:\Users\andreas\AppData\Roaming\Mozilla\Firefox\Profiles\f3er6lil.default
FF Homepage: hxxp://yahoo.de/
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @starfield.com/off - C:\Users\andreas\AppData\Roaming\Mozilla\Plugins\npoff.dll ( Starfield Technologies, LLC.)
FF Plugin HKCU: @starfield.com/off64 - C:\Users\andreas\AppData\Roaming\Mozilla\Plugins\npoff64.dll ( Starfield Technologies, LLC.)
FF Plugin HKCU: @starfield.com/wbe - C:\Users\andreas\AppData\Roaming\Mozilla\Plugins\npwbe.dll (Starfield Technology, LLC)
FF Plugin HKCU: @starfield.com/wbe64 - C:\Users\andreas\AppData\Roaming\Mozilla\Plugins\npwbe64.dll (Starfield Technology, LLC)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\andreas\AppData\Roaming\mozilla\plugins\npoff.dll ( Starfield Technologies, LLC.)
FF Plugin ProgramFiles/Appdata: C:\Users\andreas\AppData\Roaming\mozilla\plugins\npoff64.dll ( Starfield Technologies, LLC.)
FF Plugin ProgramFiles/Appdata: C:\Users\andreas\AppData\Roaming\mozilla\plugins\npwbe.dll (Starfield Technology, LLC)
FF Plugin ProgramFiles/Appdata: C:\Users\andreas\AppData\Roaming\mozilla\plugins\npwbe64.dll (Starfield Technology, LLC)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: WBE Paste - C:\Users\andreas\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\wbepaste@starfield [2013-05-26]
FF Extension: Workspace Email Zoom - C:\Users\andreas\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\zoomext@starfield [2013-05-26]
FF Extension: Bluhell Firewall - C:\Users\andreas\AppData\Roaming\Mozilla\Firefox\Profiles\f3er6lil.default\Extensions\{6BB5760D-F97E-421B-AF5B-8457A90C3CED}.xpi [2013-12-15]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\KavAntiBanner@Kaspersky.ru [2014-02-28]
FF Extension: Anti-Banner - C:\Program Files (x86)\Mozilla Firefox\extensions\KavAntiBanner@kaspersky.ru_bak [2014-02-28]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru [2014-02-28]
FF Extension: Modul zur Link-Untersuchung - C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak [2014-02-28]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-03-03]
FF HKLM-x32\...\Firefox\Extensions: [{000a9d1c-beef-4f90-9363-039d445309b8}] - C:\Program Files (x86)\Google\Google Gears\Firefox\
FF Extension: Google Gears - C:\Program Files (x86)\Google\Google Gears\Firefox\ []
FF HKLM-x32\...\Firefox\Extensions: [virtualKeyboard@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\virtualKeyboard@kaspersky.ru
FF HKLM-x32\...\Firefox\Extensions: [KavAntiBanner@Kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\KavAntiBanner@kaspersky.ru
FF HKLM-x32\...\Firefox\Extensions: [linkfilter@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\linkfilter@kaspersky.ru
FF HKLM-x32\...\Firefox\Extensions: [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}] - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker
FF HKCU\...\Firefox\Extensions: [{36ee80e3-92ec-4efb-b105-85435187eb87}] - C:\Program Files (x86)\Re-Markable Corp\158.xpi
FF Extension: No Name - C:\Program Files (x86)\Re-Markable Corp\158.xpi [2014-03-31]

Chrome: 
=======
CHR DefaultSearchURL: hxxp://www.google.de/search?hl=de&source=hp&q={searchTerms}
CHR DefaultNewTabURL: 
CHR Extension: (Google Docs) - C:\Users\andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-12-13]
CHR Extension: (Google Drive) - C:\Users\andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-12-13]
CHR Extension: (YouTube) - C:\Users\andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-12-13]
CHR Extension: (Google Search) - C:\Users\andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-12-13]
CHR Extension: (Re-Markable) - C:\Users\andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejdfidgapfiokiphmcjpmmjbdndepoja [2014-03-31]
CHR Extension: (Bflix extension) - C:\Users\andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlfihafpijfdgmojeeigcldgchhojpfp [2014-03-04]
CHR Extension: (Skype Click to Call) - C:\Users\andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-03-04]
CHR Extension: (Google Wallet) - C:\Users\andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR Extension: (Gmail) - C:\Users\andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-12-13]
CHR HKLM-x32\...\Chrome\Extension: [jlfihafpijfdgmojeeigcldgchhojpfp] - C:\Program Files (x86)\BFlix\BFlix.crx [2011-12-19]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-03-03]

==================== Services (Whitelisted) =================

R2 Akamai; c:\program files (x86)\common files\akamai/netsession_win_8fa3539.dll [4569856 2013-07-01] (Akamai Technologies, Inc.)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1017424 2014-02-20] (Avira Operations GmbH & Co. KG)
S3 Autodesk Licensing Service; C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe [77944 2011-03-08] (Autodesk)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1363584 2014-03-03] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1748608 2014-03-03] (Microsoft Corporation)
R2 File Backup; C:\Program Files (x86)\Workspace\offSyncService.exe [1187040 2013-07-22] (Starfield Technologies)
R2 Radsteroids; C:\ProgramData\Radsteroids\Radsteroids.exe [151416 2014-03-21] (Deals Interactive Media, LLC)
R2 Re-Markable; C:\Program Files (x86)\Re-Markable Corp\Re-Markable158.exe [142336 2014-03-31] ()
R2 Rezip; C:\windows\SysWOW64\Rezip.exe [311296 2009-03-05] ()
R2 SACSrv; C:\Program Files\SafeNet\Authentication\SAC\x64\SACSrv.exe [10712 2011-10-02] (SafeNet, Inc.)
S4 mcmscsvc; C:\PROGRA~2\McAfee\MSC\mcmscsvc.exe [X]
S4 McNASvc; "c:\PROGRA~2\COMMON~1\mcafee\mna\mcnasvc.exe" [X]
S4 McProxy; c:\PROGRA~2\COMMON~1\mcafee\mcproxy\mcproxy.exe [X]
S4 MpfService; "C:\Program Files (x86)\McAfee\MPF\MPFSrv.exe" [X]
S2 MSK80Service; "C:\Program Files (x86)\McAfee\MSK\MskSrver.exe" [X]
S2 WinkHandler; C:\Program Files (x86)\Iminent\WinkHandler.exe [X]

==================== Drivers (Whitelisted) ====================

R3 AKSIFDH; C:\Windows\System32\DRIVERS\aksifdh.sys [62632 2008-07-30] (Aladdin Knowledge Systems, Ltd.)
S3 AKSUP; C:\Windows\System32\drivers\aksup.sys [44712 2008-07-30] (Aladdin Knowledge Systems, Ltd.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-09] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-09] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-12-09] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [84720 2013-12-09] (Avira Operations GmbH & Co. KG)
S3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [243200 2009-10-21] (Huawei Technologies Co., Ltd.)
S3 hwusbdev; C:\Windows\System32\DRIVERS\ewusbdev.sys [114304 2009-10-12] (Huawei Technologies Co., Ltd.)
R3 iKeyEnum; C:\Windows\System32\DRIVERS\ikeyenum.sys [16160 2010-07-08] (SafeNet, Inc.)
R3 iKeyIFD; C:\Windows\System32\DRIVERS\ikeyifd.sys [22304 2010-07-08] (SafeNet, Inc.)
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [89944 2013-02-21] (Kaspersky Lab)
S3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-03-31] (Malwarebytes Corporation)
S4 MPFP; C:\Windows\System32\Drivers\Mpfp.sys [176144 2010-07-15] (McAfee, Inc.)
U5 RnbToken; C:\Windows\System32\Drivers\RnbToken.sys [24352 2010-07-08] (SafeNet, Inc.)
S3 rtport; C:\windows\SysWOW64\drivers\rtport.sys [15144 2010-11-05] (Windows (R) 2003 DDK 3790 provider)
S4 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
S3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [395264 2009-09-28] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-02 14:39 - 2014-04-02 14:42 - 00022217 _____ () C:\Users\andreas\Desktop\FRST.txt
2014-03-31 22:25 - 2014-03-31 22:25 - 00987442 _____ () C:\Users\andreas\Downloads\SecurityCheck.exe
2014-03-31 22:25 - 2014-03-31 22:25 - 00987442 _____ () C:\Users\andreas\Desktop\SecurityCheck.exe
2014-03-31 15:04 - 2014-03-31 15:04 - 02347384 _____ (ESET) C:\Users\andreas\Downloads\esetsmartinstaller_enu.exe
2014-03-31 15:01 - 2014-03-31 15:01 - 00000627 _____ () C:\Users\andreas\Desktop\JRT.txt
2014-03-31 14:52 - 2014-03-31 14:51 - 01038974 _____ (Thisisu) C:\Users\andreas\Desktop\JRT (1).exe
2014-03-31 14:51 - 2014-03-31 14:51 - 01038974 _____ (Thisisu) C:\Users\andreas\Downloads\JRT (1).exe
2014-03-31 14:42 - 2014-03-31 14:42 - 00025045 _____ () C:\ComboFix.txt
2014-03-31 11:22 - 2014-04-02 14:40 - 00000404 _____ () C:\windows\Tasks\Re-Markable Update.job
2014-03-31 11:22 - 2014-04-02 14:37 - 00000406 _____ () C:\windows\Tasks\Re-Markable_wd.job
2014-03-31 11:22 - 2014-03-31 14:46 - 00000258 __RSH () C:\ProgramData\ntuser.pol
2014-03-31 11:22 - 2014-03-31 11:22 - 00003056 _____ () C:\windows\System32\Tasks\Re-Markable Update
2014-03-31 11:22 - 2014-03-31 11:22 - 00002998 _____ () C:\windows\System32\Tasks\Re-Markable_wd
2014-03-31 11:22 - 2014-03-31 11:22 - 00000000 ____D () C:\Program Files (x86)\Re-Markable Corp
2014-03-31 11:22 - 2014-03-31 11:22 - 00000000 ____D () C:\Program Files (x86)\7-Zip
2014-03-31 11:20 - 2014-04-01 09:23 - 00000000 ____D () C:\Users\andreas\AppData\Local\Radsteroids
2014-03-31 11:20 - 2014-03-31 11:20 - 00000000 ____D () C:\ProgramData\Radsteroids
2014-03-31 11:19 - 2014-03-31 11:19 - 00376256 _____ () C:\Users\andreas\Downloads\7zip.exe
2014-03-30 18:19 - 2014-03-30 18:19 - 00000000 ____D () C:\windows\ERUNT
2014-03-30 18:18 - 2014-03-30 18:18 - 01038974 _____ (Thisisu) C:\Users\andreas\Downloads\JRT.exe
2014-03-30 18:05 - 2014-03-31 13:20 - 00000000 ____D () C:\AdwCleaner
2014-03-30 18:02 - 2014-03-30 18:02 - 01950720 _____ () C:\Users\andreas\Downloads\adwcleaner.exe
2014-03-30 18:02 - 2014-03-30 18:02 - 01950720 _____ () C:\Users\andreas\Desktop\adwcleaner.exe
2014-03-30 17:14 - 2014-03-31 13:33 - 00119512 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-03-30 17:14 - 2014-03-30 17:16 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-03-30 17:14 - 2014-03-05 09:26 - 00088280 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-03-30 17:14 - 2014-03-05 09:26 - 00063192 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-03-30 17:13 - 2014-03-30 17:14 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\andreas\Downloads\mbam-setup-2.0.0.1000.exe
2014-03-28 16:05 - 2011-06-26 08:45 - 00256000 _____ () C:\windows\PEV.exe
2014-03-28 16:05 - 2010-11-07 19:20 - 00208896 _____ () C:\windows\MBR.exe
2014-03-28 16:05 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe
2014-03-28 16:05 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe
2014-03-28 16:05 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe
2014-03-28 16:05 - 2000-08-31 02:00 - 00098816 _____ () C:\windows\sed.exe
2014-03-28 16:05 - 2000-08-31 02:00 - 00080412 _____ () C:\windows\grep.exe
2014-03-28 16:05 - 2000-08-31 02:00 - 00068096 _____ () C:\windows\zip.exe
2014-03-28 16:04 - 2014-03-31 14:42 - 00000000 ____D () C:\Qoobox
2014-03-28 16:04 - 2014-03-28 16:26 - 00000000 ____D () C:\windows\erdnt
2014-03-28 16:03 - 2014-03-28 16:03 - 05192353 ____R (Swearware) C:\Users\andreas\Desktop\ComboFix.exe
2014-03-28 16:03 - 2014-03-28 16:03 - 05192353 _____ (Swearware) C:\Users\andreas\Downloads\ComboFix.exe
2014-03-28 14:14 - 2014-03-28 14:13 - 00380416 _____ () C:\Users\andreas\Desktop\Gmer-19357.exe
2014-03-28 14:13 - 2014-03-28 14:13 - 00380416 _____ () C:\Users\andreas\Downloads\Gmer-19357.exe
2014-03-28 14:10 - 2014-04-02 14:39 - 00000000 ____D () C:\FRST
2014-03-28 14:09 - 2014-03-28 14:09 - 02157056 _____ (Farbar) C:\Users\andreas\Desktop\FRST64.exe
2014-03-28 14:08 - 2014-03-28 14:09 - 02157056 _____ (Farbar) C:\Users\andreas\Downloads\FRST64.exe
2014-03-28 14:07 - 2014-03-28 14:07 - 01145856 _____ (Farbar) C:\Users\andreas\Downloads\FRST.exe
2014-03-28 14:06 - 2014-03-28 14:06 - 00000000 _____ () C:\Users\andreas\defogger_reenable
2014-03-28 14:05 - 2014-03-28 14:05 - 00050477 _____ () C:\Users\andreas\Downloads\Defogger.exe
2014-03-28 14:05 - 2014-03-28 14:05 - 00050477 _____ () C:\Users\andreas\Desktop\Defogger.exe
2014-03-28 11:00 - 2014-03-28 11:00 - 00167424 _____ () C:\Users\andreas\Downloads\OBRASCI ZAVRSNI 2013 - SEMNONES (2).xls
2014-03-28 10:59 - 2014-03-28 10:59 - 00167424 _____ () C:\Users\andreas\Downloads\OBRASCI ZAVRSNI 2013 - SEMNONES (1).xls
2014-03-28 10:57 - 2014-03-28 10:57 - 00167424 _____ () C:\Users\andreas\Downloads\OBRASCI ZAVRSNI 2013 - SEMNONES.xls
2014-03-22 15:26 - 2014-03-22 15:33 - 00064000 ____H () C:\Users\Guest\Desktop\~WRL3555.tmp
2014-03-22 14:25 - 2014-03-22 14:34 - 00009169 _____ () C:\Users\andreas\Documents\Bieter.xlsx
2014-03-22 10:03 - 2014-03-22 10:03 - 00000000 ____D () C:\Users\Guest\AppData\Local\Adobe
2014-03-22 10:02 - 2014-03-22 10:02 - 00000000 ____D () C:\Users\Guest\AppData\Local\Google
2014-03-22 09:35 - 2014-03-22 09:35 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Avira
2014-03-22 09:29 - 2014-03-22 09:29 - 00000000 ____H () C:\windows\system32\Drivers\Msft_User_wpdcomp_01_09_00.Wdf
2014-03-22 07:45 - 2014-03-22 07:45 - 00000000 ____D () C:\Users\Guest\Desktop\Bieterregistrierungen
2014-03-21 17:09 - 2014-04-02 14:40 - 00003942 _____ () C:\windows\System32\Tasks\User_Feed_Synchronization-{92299EF7-1E5C-417C-864B-B520F20C2A67}
2014-03-21 12:16 - 2014-03-21 12:16 - 01161080 _____ () C:\windows\SysWOW64\Radsteroids.33AABCF1AD13.dll
2014-03-21 00:33 - 2014-03-22 16:21 - 00000000 ____D () C:\Users\Guest\Desktop\forms
2014-03-21 00:33 - 2014-03-21 00:33 - 00000000 ____D () C:\Users\Guest\Desktop\logo avus
2014-03-21 00:20 - 2014-03-21 00:20 - 00000000 ____D () C:\Users\Guest\AppData\Local\adaware
2014-03-21 00:19 - 2014-03-25 11:52 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite
2014-03-21 00:19 - 2014-03-22 10:03 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Adobe
2014-03-21 00:19 - 2014-03-21 00:20 - 00000000 ___RD () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-21 00:19 - 2014-03-21 00:20 - 00000000 ___RD () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-03-21 00:19 - 2014-03-21 00:20 - 00000000 ____D () C:\Users\Guest\AppData\Local\VirtualStore
2014-03-21 00:19 - 2014-03-21 00:19 - 00001413 _____ () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-03-21 00:19 - 2014-03-21 00:19 - 00000020 ___SH () C:\Users\Guest\ntuser.ini
2014-03-21 00:19 - 2014-03-21 00:19 - 00000000 ____D () C:\Users\Guest\AppData\Local\offsync
2014-03-21 00:19 - 2014-03-21 00:19 - 00000000 ____D () C:\Users\Guest
2014-03-21 00:19 - 2011-03-10 17:30 - 00000000 ____D () C:\Users\Guest\AppData\Local\Microsoft Help
2014-03-21 00:19 - 2011-03-06 20:34 - 00001135 _____ () C:\Users\Guest\Desktop\CyberLink YouCam.lnk
2014-03-21 00:19 - 2011-03-06 20:34 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink YouCam
2014-03-21 00:19 - 2010-08-04 04:37 - 00001190 _____ () C:\Users\Guest\Desktop\CyberLink DVD Suite.lnk
2014-03-21 00:19 - 2009-07-14 06:54 - 00000000 ___RD () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-03-21 00:19 - 2009-07-14 06:49 - 00000000 ___RD () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-03-13 22:26 - 2014-03-01 07:17 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-03-13 22:26 - 2014-03-01 07:16 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-03-13 22:26 - 2014-03-01 06:58 - 02765824 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-03-13 22:26 - 2014-03-01 06:52 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-03-13 22:26 - 2014-03-01 06:51 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-03-13 22:26 - 2014-03-01 06:40 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-03-13 22:26 - 2014-03-01 06:30 - 17074688 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-03-13 22:26 - 2014-03-01 06:17 - 00218624 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-03-13 22:26 - 2014-03-01 06:11 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-03-13 22:26 - 2014-03-01 05:52 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-03-13 22:26 - 2014-03-01 05:51 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-03-13 22:26 - 2014-03-01 05:47 - 02168320 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-03-13 22:26 - 2014-03-01 05:43 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-03-13 22:26 - 2014-03-01 05:43 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-03-13 22:26 - 2014-03-01 05:42 - 00627200 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-03-13 22:26 - 2014-03-01 05:40 - 00440832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-03-13 22:26 - 2014-03-01 05:38 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-03-13 22:26 - 2014-03-01 05:37 - 00553472 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-03-13 22:26 - 2014-03-01 05:35 - 02041856 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-03-13 22:26 - 2014-03-01 05:14 - 04244480 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-03-13 22:26 - 2014-03-01 05:03 - 00524288 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-03-13 22:26 - 2014-03-01 05:00 - 01964032 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-03-13 22:26 - 2014-03-01 04:57 - 11266048 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-03-13 22:26 - 2014-03-01 04:38 - 01393664 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-03-13 22:26 - 2014-03-01 04:27 - 01156096 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-03-13 22:26 - 2014-02-07 03:23 - 03156480 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-03-13 22:26 - 2014-01-29 04:32 - 00484864 _____ (Microsoft Corporation) C:\windows\system32\wer.dll
2014-03-13 22:26 - 2014-01-29 04:06 - 00381440 _____ (Microsoft Corporation) C:\windows\SysWOW64\wer.dll
2014-03-13 22:26 - 2014-01-28 04:32 - 00228864 _____ (Microsoft Corporation) C:\windows\system32\wwansvc.dll
2014-03-13 22:25 - 2014-03-01 08:05 - 23133696 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-03-13 22:25 - 2014-03-01 06:42 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-03-13 22:25 - 2014-03-01 06:37 - 00574976 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-03-13 22:25 - 2014-03-01 06:33 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-03-13 22:25 - 2014-03-01 06:33 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-03-13 22:25 - 2014-03-01 06:32 - 00708608 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-03-13 22:25 - 2014-03-01 06:23 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-03-13 22:25 - 2014-03-01 06:02 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-03-13 22:25 - 2014-03-01 05:54 - 05768704 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-03-13 22:25 - 2014-03-01 05:18 - 13051904 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-03-13 22:25 - 2014-03-01 05:16 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-03-13 22:25 - 2014-03-01 05:10 - 02334208 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-03-13 22:25 - 2014-03-01 04:32 - 01820160 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-03-13 22:25 - 2014-03-01 04:25 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-03-13 22:25 - 2014-03-01 04:25 - 00703488 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-03-13 22:24 - 2014-02-04 04:32 - 01424384 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll
2014-03-13 22:24 - 2014-02-04 04:32 - 00624128 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll
2014-03-13 22:24 - 2014-02-04 04:04 - 01230336 _____ (Microsoft Corporation) C:\windows\SysWOW64\WindowsCodecs.dll
2014-03-13 22:24 - 2014-02-04 04:04 - 00509440 _____ (Microsoft Corporation) C:\windows\SysWOW64\qedit.dll
2014-03-04 10:46 - 2014-03-04 10:46 - 00001109 _____ () C:\Users\andreas\Desktop\desktoptools.lnk

==================== One Month Modified Files and Folders =======

2014-04-02 14:42 - 2014-04-02 14:39 - 00022217 _____ () C:\Users\andreas\Desktop\FRST.txt
2014-04-02 14:41 - 2010-08-04 04:27 - 01555686 _____ () C:\windows\WindowsUpdate.log
2014-04-02 14:40 - 2014-03-31 11:22 - 00000404 _____ () C:\windows\Tasks\Re-Markable Update.job
2014-04-02 14:40 - 2014-03-21 17:09 - 00003942 _____ () C:\windows\System32\Tasks\User_Feed_Synchronization-{92299EF7-1E5C-417C-864B-B520F20C2A67}
2014-04-02 14:40 - 2014-01-15 21:44 - 00000000 ___RD () C:\Users\andreas\Desktop\Dropbox
2014-04-02 14:40 - 2014-01-15 21:25 - 00000000 ____D () C:\Users\andreas\AppData\Roaming\Dropbox
2014-04-02 14:40 - 2011-03-09 15:40 - 00001112 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-02 14:40 - 2011-03-06 20:52 - 00000000 ____D () C:\Users\andreas\AppData\Roaming\Skype
2014-04-02 14:39 - 2014-03-28 14:10 - 00000000 ____D () C:\FRST
2014-04-02 14:37 - 2014-03-31 11:22 - 00000406 _____ () C:\windows\Tasks\Re-Markable_wd.job
2014-04-02 14:37 - 2011-03-09 15:40 - 00001108 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-02 14:37 - 2011-03-06 20:21 - 00000000 ____D () C:\Users\andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite
2014-04-02 14:36 - 2013-12-14 14:12 - 00019596 _____ () C:\windows\setupact.log
2014-04-02 14:36 - 2009-07-14 07:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-04-01 10:21 - 2014-01-22 10:00 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-04-01 09:23 - 2014-03-31 11:20 - 00000000 ____D () C:\Users\andreas\AppData\Local\Radsteroids
2014-04-01 08:56 - 2009-07-14 06:45 - 00014144 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-01 08:56 - 2009-07-14 06:45 - 00014144 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-01 08:46 - 2013-12-15 10:46 - 00573230 _____ () C:\windows\PFRO.log
2014-03-31 22:25 - 2014-03-31 22:25 - 00987442 _____ () C:\Users\andreas\Downloads\SecurityCheck.exe
2014-03-31 22:25 - 2014-03-31 22:25 - 00987442 _____ () C:\Users\andreas\Desktop\SecurityCheck.exe
2014-03-31 15:04 - 2014-03-31 15:04 - 02347384 _____ (ESET) C:\Users\andreas\Downloads\esetsmartinstaller_enu.exe
2014-03-31 15:01 - 2014-03-31 15:01 - 00000627 _____ () C:\Users\andreas\Desktop\JRT.txt
2014-03-31 14:51 - 2014-03-31 14:52 - 01038974 _____ (Thisisu) C:\Users\andreas\Desktop\JRT (1).exe
2014-03-31 14:51 - 2014-03-31 14:51 - 01038974 _____ (Thisisu) C:\Users\andreas\Downloads\JRT (1).exe
2014-03-31 14:46 - 2014-03-31 11:22 - 00000258 __RSH () C:\ProgramData\ntuser.pol
2014-03-31 14:42 - 2014-03-31 14:42 - 00025045 _____ () C:\ComboFix.txt
2014-03-31 14:42 - 2014-03-28 16:04 - 00000000 ____D () C:\Qoobox
2014-03-31 14:37 - 2009-07-14 04:34 - 00000215 _____ () C:\windows\system.ini
2014-03-31 13:33 - 2014-03-30 17:14 - 00119512 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-03-31 13:20 - 2014-03-30 18:05 - 00000000 ____D () C:\AdwCleaner
2014-03-31 11:22 - 2014-03-31 11:22 - 00003056 _____ () C:\windows\System32\Tasks\Re-Markable Update
2014-03-31 11:22 - 2014-03-31 11:22 - 00002998 _____ () C:\windows\System32\Tasks\Re-Markable_wd
2014-03-31 11:22 - 2014-03-31 11:22 - 00000000 ____D () C:\Program Files (x86)\Re-Markable Corp
2014-03-31 11:22 - 2014-03-31 11:22 - 00000000 ____D () C:\Program Files (x86)\7-Zip
2014-03-31 11:22 - 2009-07-14 05:20 - 00000000 ___HD () C:\windows\system32\GroupPolicy
2014-03-31 11:22 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\SysWOW64\GroupPolicy
2014-03-31 11:20 - 2014-03-31 11:20 - 00000000 ____D () C:\ProgramData\Radsteroids
2014-03-31 11:19 - 2014-03-31 11:19 - 00376256 _____ () C:\Users\andreas\Downloads\7zip.exe
2014-03-31 09:27 - 2009-07-14 07:13 - 00801824 _____ () C:\windows\system32\PerfStringBackup.INI
2014-03-30 22:56 - 2013-08-06 14:09 - 00000000 ____D () C:\Users\andreas\Desktop\Classic Car Auction
2014-03-30 18:19 - 2014-03-30 18:19 - 00000000 ____D () C:\windows\ERUNT
2014-03-30 18:18 - 2014-03-30 18:18 - 01038974 _____ (Thisisu) C:\Users\andreas\Downloads\JRT.exe
2014-03-30 18:12 - 2013-01-10 16:46 - 00000000 ____D () C:\Users\andreas\AppData\Roaming\CheckPoint
2014-03-30 18:02 - 2014-03-30 18:02 - 01950720 _____ () C:\Users\andreas\Downloads\adwcleaner.exe
2014-03-30 18:02 - 2014-03-30 18:02 - 01950720 _____ () C:\Users\andreas\Desktop\adwcleaner.exe
2014-03-30 17:16 - 2014-03-30 17:14 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-03-30 17:16 - 2014-01-23 16:33 - 00001102 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-03-30 17:14 - 2014-03-30 17:13 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\andreas\Downloads\mbam-setup-2.0.0.1000.exe
2014-03-30 17:14 - 2013-01-10 13:46 - 00000000 ____D () C:\Users\andreas\AppData\Roaming\Malwarebytes
2014-03-30 17:14 - 2013-01-10 13:46 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-28 20:52 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2014-03-28 16:26 - 2014-03-28 16:04 - 00000000 ____D () C:\windows\erdnt
2014-03-28 16:15 - 2012-07-13 13:34 - 00000000 ____D () C:\Users\andreas\AppData\Roaming\convert
2014-03-28 16:15 - 2012-01-26 23:21 - 00000000 ____D () C:\Program Files (x86)\BFlix
2014-03-28 16:03 - 2014-03-28 16:03 - 05192353 ____R (Swearware) C:\Users\andreas\Desktop\ComboFix.exe
2014-03-28 16:03 - 2014-03-28 16:03 - 05192353 _____ (Swearware) C:\Users\andreas\Downloads\ComboFix.exe
2014-03-28 14:13 - 2014-03-28 14:14 - 00380416 _____ () C:\Users\andreas\Desktop\Gmer-19357.exe
2014-03-28 14:13 - 2014-03-28 14:13 - 00380416 _____ () C:\Users\andreas\Downloads\Gmer-19357.exe
2014-03-28 14:09 - 2014-03-28 14:09 - 02157056 _____ (Farbar) C:\Users\andreas\Desktop\FRST64.exe
2014-03-28 14:09 - 2014-03-28 14:08 - 02157056 _____ (Farbar) C:\Users\andreas\Downloads\FRST64.exe
2014-03-28 14:07 - 2014-03-28 14:07 - 01145856 _____ (Farbar) C:\Users\andreas\Downloads\FRST.exe
2014-03-28 14:06 - 2014-03-28 14:06 - 00000000 _____ () C:\Users\andreas\defogger_reenable
2014-03-28 14:06 - 2011-03-06 20:21 - 00000000 ____D () C:\Users\andreas
2014-03-28 14:05 - 2014-03-28 14:05 - 00050477 _____ () C:\Users\andreas\Downloads\Defogger.exe
2014-03-28 14:05 - 2014-03-28 14:05 - 00050477 _____ () C:\Users\andreas\Desktop\Defogger.exe
2014-03-28 11:00 - 2014-03-28 11:00 - 00167424 _____ () C:\Users\andreas\Downloads\OBRASCI ZAVRSNI 2013 - SEMNONES (2).xls
2014-03-28 10:59 - 2014-03-28 10:59 - 00167424 _____ () C:\Users\andreas\Downloads\OBRASCI ZAVRSNI 2013 - SEMNONES (1).xls
2014-03-28 10:57 - 2014-03-28 10:57 - 00167424 _____ () C:\Users\andreas\Downloads\OBRASCI ZAVRSNI 2013 - SEMNONES.xls
2014-03-25 11:52 - 2014-03-21 00:19 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite
2014-03-24 17:06 - 2014-02-22 15:14 - 00000000 ____D () C:\Users\andreas\Desktop\semnones jdoo
2014-03-22 16:21 - 2014-03-21 00:33 - 00000000 ____D () C:\Users\Guest\Desktop\forms
2014-03-22 15:33 - 2014-03-22 15:26 - 00064000 ____H () C:\Users\Guest\Desktop\~WRL3555.tmp
2014-03-22 14:34 - 2014-03-22 14:25 - 00009169 _____ () C:\Users\andreas\Documents\Bieter.xlsx
2014-03-22 10:03 - 2014-03-22 10:03 - 00000000 ____D () C:\Users\Guest\AppData\Local\Adobe
2014-03-22 10:03 - 2014-03-21 00:19 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Adobe
2014-03-22 10:02 - 2014-03-22 10:02 - 00000000 ____D () C:\Users\Guest\AppData\Local\Google
2014-03-22 09:35 - 2014-03-22 09:35 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Avira
2014-03-22 09:29 - 2014-03-22 09:29 - 00000000 ____H () C:\windows\system32\Drivers\Msft_User_wpdcomp_01_09_00.Wdf
2014-03-22 07:45 - 2014-03-22 07:45 - 00000000 ____D () C:\Users\Guest\Desktop\Bieterregistrierungen
2014-03-21 18:48 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\system32\NDF
2014-03-21 12:16 - 2014-03-21 12:16 - 01161080 _____ () C:\windows\SysWOW64\Radsteroids.33AABCF1AD13.dll
2014-03-21 00:33 - 2014-03-21 00:33 - 00000000 ____D () C:\Users\Guest\Desktop\logo avus
2014-03-21 00:20 - 2014-03-21 00:20 - 00000000 ____D () C:\Users\Guest\AppData\Local\adaware
2014-03-21 00:20 - 2014-03-21 00:19 - 00000000 ___RD () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-21 00:20 - 2014-03-21 00:19 - 00000000 ___RD () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-03-21 00:20 - 2014-03-21 00:19 - 00000000 ____D () C:\Users\Guest\AppData\Local\VirtualStore
2014-03-21 00:19 - 2014-03-21 00:19 - 00001413 _____ () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-03-21 00:19 - 2014-03-21 00:19 - 00000020 ___SH () C:\Users\Guest\ntuser.ini
2014-03-21 00:19 - 2014-03-21 00:19 - 00000000 ____D () C:\Users\Guest\AppData\Local\offsync
2014-03-21 00:19 - 2014-03-21 00:19 - 00000000 ____D () C:\Users\Guest
2014-03-20 22:52 - 2011-07-21 12:47 - 00000000 ____D () C:\Users\andreas\Desktop\james
2014-03-18 19:17 - 2011-04-06 11:41 - 00000000 ____D () C:\Users\andreas\Desktop\Roccadoro
2014-03-18 00:43 - 2013-08-15 08:57 - 00000000 ____D () C:\windows\system32\MRT
2014-03-18 00:41 - 2011-03-19 11:57 - 90015360 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-03-17 10:16 - 2011-03-08 22:20 - 00000000 ____D () C:\Users\andreas\Desktop\THE VIEW Villas doo
2014-03-16 21:04 - 2011-06-04 11:26 - 00000000 ____D () C:\Users\andreas\Desktop\Inntal Montenegro
2014-03-16 20:12 - 2011-03-06 20:43 - 00000000 ___RD () C:\Users\andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-16 16:17 - 2011-03-20 19:43 - 00000000 ____D () C:\Users\andreas\Desktop\montague stein
2014-03-15 20:29 - 2011-04-05 15:32 - 00002175 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-03-14 13:57 - 2014-02-14 10:37 - 00000000 ____D () C:\Users\andreas\Desktop\Photos portals
2014-03-14 10:32 - 2010-08-04 04:29 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-03-14 08:36 - 2009-07-14 06:45 - 00426592 _____ () C:\windows\system32\FNTCACHE.DAT
2014-03-14 08:34 - 2013-03-14 00:27 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-14 08:34 - 2013-03-14 00:27 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-03-14 03:16 - 2011-03-08 19:36 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-03-14 01:06 - 2013-05-26 18:55 - 00000000 ____D () C:\Users\andreas\AppData\Local\Workspace
2014-03-05 09:26 - 2014-03-30 17:14 - 00088280 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-03-05 09:26 - 2014-03-30 17:14 - 00063192 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-03-05 09:26 - 2014-01-23 16:33 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-03-04 10:46 - 2014-03-04 10:46 - 00001109 _____ () C:\Users\andreas\Desktop\desktoptools.lnk

Some content of TEMP:
====================
C:\Users\andreas\AppData\Local\Temp\avgnt.exe
C:\Users\andreas\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmplakqpg.dll


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-03-31 09:45

==================== End Of Log ============================
         
--- --- ---

--- --- ---



Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014
Ran by andreas at 2014-04-02 14:43:33
Running from C:\Users\andreas\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

 Update for Microsoft Office 2007 (KB2508958) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version:  - Microsoft)
64 Bit HP CIO Components Installer (Version: 8.2.2 - Hewlett-Packard) Hidden
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
Ad-Aware Browsing Protection (HKLM-x32\...\Ad-Aware Browsing Protection) (Version: 0.9.0.2 - Lavasoft)
Adobe Flash Player 11 Plugin 64-bit (HKLM\...\Adobe Flash Player Plugin) (Version: 11.1.102.55 - Adobe Systems Incorporated)
Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.38 - Adobe Systems Incorporated)
Adobe Reader X (10.1.9) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)
Adobe SVG Viewer 3.0 (HKLM-x32\...\Adobe SVG Viewer) (Version:  3.0 - Adobe Systems, Inc.)
Akamai NetSession Interface (HKCU\...\Akamai) (Version:  - Akamai Technologies, Inc)
Akamai NetSession Interface Service (HKLM-x32\...\Akamai) (Version:  - )
Atheros Client Installation Program (HKLM-x32\...\{D1434266-0486-4469-B338-A60082CC04E1}) (Version: 1.0.5.0621 - Atheros)
Autodesk Backburner 2012.0.0 (HKLM-x32\...\{3D347E6D-5A03-4342-B5BA-6A771885F379}) (Version: 2012.0.0 - Autodesk, Inc.)
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.3.350 - Avira)
BatteryLifeExtender (HKLM-x32\...\{74A579FB-EB06-497D-B194-01590D6FE51A}) (Version: 1.0.5 - Samsung)
Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.0.0) (Version: 5.0.0.0 - Coupons.com Incorporated) <==== ATTENTION
CyberLink DVD Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 6.0.2806 - CyberLink Corp.)
CyberLink DVD Suite (x32 Version: 6.0.2806 - CyberLink Corp.) Hidden
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.3108a - CyberLink Corp.)
CyberLink Power2Go (x32 Version: 6.0.3108a - CyberLink Corp.) Hidden
CyberLink PowerDVD 8 (HKLM-x32\...\InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}) (Version: 8.0.2815b - CyberLink Corp.)
CyberLink PowerDVD 8 (x32 Version: 8.0.2815b - CyberLink Corp.) Hidden
CyberLink PowerProducer (HKLM-x32\...\InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}) (Version: 5.0.1.1812 - CyberLink Corp.)
CyberLink PowerProducer (x32 Version: 5.0.1.1812 - CyberLink Corp.) Hidden
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 2.0.3911 - CyberLink Corp.)
CyberLink YouCam (x32 Version: 2.0.3911 - CyberLink Corp.) Hidden
Dropbox (HKCU\...\Dropbox) (Version: 2.6.2 - Dropbox, Inc.)
Easy Display Manager (HKLM-x32\...\{17283B95-21A8-4996-97DA-547A48DB266F}) (Version: 3.2 - Samsung Electronics Co., Ltd.)
Easy Network Manager (HKLM-x32\...\{F9557866-B4C8-4CE5-8508-0E386BDC20B2}) (Version: 4.3.3 - Samsung)
Easy SpeedUp Manager (HKLM-x32\...\{EF367AA4-070B-493C-9575-85BE59D789C9}) (Version: 3.0.0.5 - Samsung Electronics Co.,Ltd.)
EasyBatteryManager (HKLM-x32\...\{4A331D24-A9E8-484F-835E-1BA7B139689C}) (Version: 4.0.0.4 - Samsung)
Engel & Völkers ML Regular Font for Windows (HKLM-x32\...\{0C8457C5-6388-4C7B-97E7-3D6A9B5A516F}) (Version: 1.0.0 - Engel & Völkers)
Free RAR Extract Frog (HKLM-x32\...\Free RAR Extract Frog) (Version: 2.70 - Philipp Winterberg)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 33.0.1750.154 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Gears (HKLM-x32\...\{2FA41EBB-3F5A-35C3-85D6-51EC72A11FBD}) (Version: 0.5.3600 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.22.5 - Google Inc.) Hidden
HP Deskjet 2050 J510 series Basic Device Software (HKLM\...\{F2C07BE3-0F88-4D0C-957B-3557699981E9}) (Version: 22.50.231.0 - Hewlett-Packard Co.)
HP Deskjet 2050 J510 series Help (HKLM-x32\...\{7A3DF2E2-CF13-44FB-A93E-F71D5381DB3F}) (Version: 140.0.61.61 - Hewlett Packard)
HP Deskjet 2050 J510 series Product Improvement Study (HKLM\...\{EF48631A-7F45-430A-8AD3-B41CFB1D7596}) (Version: 22.50.231.0 - Hewlett-Packard Co.)
HP Deskjet 2540 series Basic Device Software (HKLM\...\{7AF1A318-2914-41CC-9B24-041C2D4AAAD7}) (Version: 32.0.1180.44630 - Hewlett-Packard Co.)
HP Deskjet 2540 series Help (HKLM-x32\...\{4539575D-C09D-4E71-B207-0F2D6BD74DA2}) (Version: 30.0.0 - Hewlett Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.3781 - HP Photo Creations Powered by RocketLife)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
Intel PROSet Wireless (Version:  - ) Hidden
Intel(R) PROSet/Wireless WiFi Software (HKLM\...\{1A8BA6CE-822D-4888-89E2-ACBF4308F271}) (Version: 13.02.0000 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.3.1001 - Intel Corporation)
Intel(R) Turbo Boost Technology Driver (HKLM-x32\...\{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}) (Version: 01.02.00.1002 - Intel Corporation)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
join.me (HKCU\...\JoinMe) (Version: 1.14.0.132 - LogMeIn, Inc.)
Junk Mail filter update (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Kroatisch 100 (HKLM-x32\...\Kroatisch 100) (Version:  - )
Kroatisch 101 (HKLM-x32\...\Kroatisch 101) (Version:  - )
Malwarebytes Anti-Malware Version 2.00.0.1000 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.00.0.1000 - Malwarebytes Corporation)
McAfee SecurityCenter (HKLM-x32\...\MSC) (Version:  - McAfee, Inc.)
Microsoft – Speichern als PDF oder XPS – Add-In für 2007 Microsoft Office-Programme (HKLM-x32\...\{90120000-00B2-0407-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Choice Guard (x32 Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Access MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Groove MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Publisher MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mobile Partner (HKLM-x32\...\Mobile Partner) (Version: 11.302.06.07.40 - Huawei Technologies Co.,Ltd)
Mozilla Firefox 27.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 27.0.1 (x86 de)) (Version: 27.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 27.0.1 - Mozilla)
MSVCRT (x32 Version: 14.0.1468.721 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero BurnLite 10 (HKLM-x32\...\{842BEE12-CCCB-43F4-ABAF-CBA6DFE2583D}) (Version: 10.0.10600 - Nero AG)
Nero BurnLite 10 (HKLM-x32\...\{AB627AF2-9C7E-4DBD-816B-3B2646B81E89}) (Version: 10.0.10500.5.100 - Nero AG)
Nero Control Center 10 (x32 Version: 10.0.13100.3.1 - Nero AG) Hidden
Nero ControlCenter 10 Help (CHM) (x32 Version: 1.0.10700 - Nero AG) Hidden
Nero Core Components 10 (x32 Version: 2.0.15100.0.1 - Nero AG) Hidden
Nero Update (HKLM-x32\...\{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}) (Version: 1.0.0018 - Nero AG)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.4 - NVIDIA Corporation)
PBZ SmartCard Management 6.2 (HKLM-x32\...\{EAF87E76-821E-436C-BAEA-2E94643AA803}) (Version: 6.2.0 - PBZ)
PDF-XChange 4 (HKLM\...\{EA08048C-3823-4DC8-B169-1D5D11FFC19F}_is1) (Version: 4.0.194.0 - Tracker Software Products Ltd)
Product Improvement Study for HP Deskjet 2540 series (HKLM\...\{446CCB22-B632-4A1D-BF84-DA8DB0575F98}) (Version: 32.0.1180.44630 - Hewlett-Packard Co.)
Radsteroids (HKLM-x32\...\Radsteroids) (Version: 2.6.71 - Deals Interactive Media, LLC)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6003 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Software (HKLM-x32\...\{0F796312-289C-40CA-856C-9FBCF5E83342}) (Version: 0133.09.1202 - REALTEK Semiconductor Corp.)
Re-Markable (HKLM-x32\...\efbeffb6-b24d-4c4f-8cc2-06b93e00c194) (Version:  - ReMarkable) <==== ATTENTION
SafeNet Authentication Client 8.1 SP1 (HKLM\...\{4DFE8ACE-8652-4CCE-A2C1-DB23C7D4F4AA}) (Version: 8.1.245.0 - SafeNet, Inc.)
Samsung Recovery Solution 4 (HKLM-x32\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 4.0.0.6 - Samsung)
Samsung R-Series (HKLM-x32\...\{3EED7541-55F8-4DC6-B9CD-28762D71310E}) (Version: 1.0 - Samsung)
Samsung Support Center (HKLM-x32\...\{F687E657-F636-44DF-8125-9FEEA2C362F5}) (Version: 1.0.2 - Samsung)
Samsung Update Plus (HKLM-x32\...\{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}) (Version: 2.0 - Samsung Electronics Co., Ltd.)
Skype Click to Call (HKLM-x32\...\{BB285C9F-C821-4770-8970-56C4AB52C87E}) (Version: 7.1.15383.6004 - Microsoft Corporation)
Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
SolidWorks eDrawings 2013 (HKLM-x32\...\{4C0B98D1-4A16-4C80-9E80-DB2E617A6DAC}) (Version: 13.1.127 - Dassault Systèmes SolidWorks Corp.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.10.0 - Synaptics Incorporated)
Torrent Video Cutter 1.93 (HKLM-x32\...\{3BC7513B-BFBC-45EE-9D72-8E3132A4883A}_is1) (Version:  - TorrentRockyou, Inc.)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6FAA03BD-2B51-4029-9AD9-64A3B8E3C84C}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office Access 2007 Help (KB963663) (HKLM-x32\...\{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{6B76A18A-AA1E-42AB-A7AD-6C84BBB43987}) (Version:  - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version:  - Microsoft)
Update for Microsoft Office Infopath 2007 Help (KB963662) (HKLM-x32\...\{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{716B81B8-B13C-41DF-8EAC-7A2F656CAB63}) (Version:  - Microsoft)
Update for Microsoft Office OneNote 2007 Help (KB963670) (HKLM-x32\...\{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2744EF05-38E1-4D5D-B333-E021EDAEA245}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{ED38F8A3-4F61-494E-8BCA-E3AC7760C924}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{0451F231-E3E3-4943-AB9F-58EB96171784}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2878234) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{EC1934B0-AE0F-4BBD-8955-54BB3247ED9E}) (Version:  - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version:  - Microsoft)
Update for Microsoft Office Publisher 2007 Help (KB963667) (HKLM-x32\...\{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2E40DE55-B289-4C8B-8901-5D369B16814F}) (Version:  - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version:  - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version:  - Microsoft)
User Guide (HKLM-x32\...\{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}) (Version: 1.0 - )
Windows Live Call (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 14.0.8118.427 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
Windows Live Mail (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM-x32\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Live Writer (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Mobile Device Center (HKLM\...\{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}) (Version: 6.1.6965.0 - Microsoft Corporation)
Workspace Desktop (HKCU\...\workspacedesktop) (Version:  - Starfield Technologies)
Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version:  - )
Youtube Downloader HD v. 2.5 (HKLM-x32\...\Youtube Downloader HD_is1) (Version:  - YoutubeDownloaderHD.com)

==================== Restore Points  =========================

21-03-2014 16:27:14 Restore Operation
23-03-2014 18:01:00 Windows Backup
28-03-2014 14:05:08 ComboFix created restore point
30-03-2014 17:00:59 Windows Backup

==================== Hosts content: ==========================

2009-07-14 04:34 - 2014-03-28 16:18 - 00000027 ____A C:\windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {05FACB47-A91F-420D-BCEC-FF600F302C99} - System32\Tasks\SUPBackground => C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe
Task: {0B7DFB6C-E4D1-48B8-898B-4C7912F97612} - System32\Tasks\EasyBatteryManager => C:\Program Files (x86)\Samsung\EasyBatteryManager\EasyBatteryMgr4.exe [2010-03-29] (SAMSUNG Electronics co., LTD.)
Task: {226CBEF3-C14B-4D3E-9085-AAEF8FF18D69} - System32\Tasks\BatteryLifeExtender => C:\Program Files (x86)\Samsung\BatteryLifeExtender\BatteryLifeExtender.exe [2010-06-01] (Samsung Electronics. Co. Ltd.)
Task: {5BE0D17C-76F2-4E3D-B09E-6D4EE3D925FC} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-01-22] (Adobe Systems Incorporated)
Task: {653FEC7F-8ED0-41BD-AB56-2AF118229ACE} - System32\Tasks\advSRS4 => C:\Program Files (x86)\Samsung\Samsung Recovery Solution 4\WCScheduler.exe [2010-01-19] (SEC)
Task: {6EED5B53-C9A0-42FA-AE46-8BEEAB054DAE} - System32\Tasks\EasyPartitionManager => C:\Windows\MSetup\BA46-05053A92\EPM.exe
Task: {72F0AD20-9062-4249-8F89-F350BC828D5B} - System32\Tasks\HPCustParticipation HP Deskjet 2050 J510 series => C:\Program Files\HP\HP Deskjet 2050 J510 series\Bin\HPCustPartic.exe [2010-11-16] (Hewlett-Packard Co.)
Task: {886F123B-D25A-4AEB-A115-32CE07A5D0F9} - System32\Tasks\EasySpeedUpManager => C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe [2009-10-13] (Samsung Electronics Co., Ltd.)
Task: {89FF33A2-F3FC-4C8D-9CF4-B2CD28DF9072} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-03-09] (Google Inc.)
Task: {A470B1C0-BFE2-4AF9-86A9-EE0053D35B0C} - System32\Tasks\HPCustParticipation HP Deskjet 2540 series => C:\Program Files\HP\HP Deskjet 2540 series\Bin\HPCustPartic.exe [2013-08-13] (Hewlett-Packard Co.)
Task: {ADFA7B18-9DAA-4834-8DB3-BBB723E7A643} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {D04BE3F9-8A77-465B-9FD3-EE169B863AFB} - System32\Tasks\SidebarExecute => C:\Program Files (x86)\Windows Sidebar\sidebar.exe [2010-11-20] (Microsoft Corporation)
Task: {DC6A9C4F-A5CB-4CD0-A21F-3EBC70F6B9D3} - System32\Tasks\Re-Markable Update => C:\Program Files (x86)\Re-Markable Corp\ReMar.exe [2014-03-31] ()
Task: {EE0D84EC-1E2F-4BBA-88E9-1E856F1124F1} - System32\Tasks\Re-Markable_wd => C:\Program Files (x86)\Re-Markable Corp\Re-Markable_wd.exe [2014-03-31] ()
Task: {EEB22DF6-0F59-47F0-AACB-71529433DA01} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-03-09] (Google Inc.)
Task: {F254D32B-1775-4D89-B685-49A7F1085082} - System32\Tasks\Ad-Aware Update (Weekly) => C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Task: {F61F6EF1-4B7D-4235-A63E-9D1A37BD484D} - System32\Tasks\EasyDisplayMgr => C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe [2010-06-08] (Samsung Electronics Co., Ltd.)
Task: {FC8801BB-D0C9-48A7-B692-FE243C37E441} - System32\Tasks\SamsungSupportCenter => C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe [2010-05-06] (SAMSUNG Electronics)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\Re-Markable Update.job => C:\Program Files (x86)\Re-Markable Corp\ReMar.exe
Task: C:\windows\Tasks\Re-Markable_wd.job => C:\Program Files (x86)\Re-Markable Corp\Re-Markable_wd.exe

==================== Loaded Modules (whitelisted) =============

2014-03-31 11:22 - 2014-03-31 11:22 - 00077312 _____ () C:\Program Files (x86)\Re-Markable Corp\Re-Markable_wd.exe
2014-03-31 11:22 - 2014-03-31 11:22 - 00322048 _____ () C:\Program Files (x86)\Re-Markable Corp\ReMar.exe
2014-03-31 11:22 - 2014-03-31 11:22 - 00142336 _____ () C:\Program Files (x86)\Re-Markable Corp\Re-Markable158.exe
2010-08-04 04:27 - 2009-03-05 11:54 - 00311296 _____ () C:\windows\SysWOW64\Rezip.exe
2013-12-15 00:12 - 2013-12-09 12:37 - 00394808 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2010-08-04 04:39 - 2006-08-12 05:48 - 00049152 _____ () C:\Program Files (x86)\Samsung\Easy Display Manager\HookDllPS2.dll
2014-03-31 11:22 - 2014-03-31 11:22 - 00133120 _____ () C:\Program Files (x86)\Re-Markable Corp\Re-Markable158.dll
2014-04-02 14:38 - 2014-04-02 14:38 - 00041984 _____ () c:\users\andreas\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmplakqpg.dll
2013-10-19 01:55 - 2013-10-19 01:55 - 25100288 _____ () C:\Users\andreas\AppData\Roaming\Dropbox\bin\libcef.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcmscsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service"

==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============

Name: Ethernet Controller
Description: Ethernet Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (04/01/2014 10:22:29 AM) (Source: Application Error) (User: )
Description: Faulting application name: Re-Markable158.exe, version: 1.158.0.0, time stamp: 0x53335215
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18229, time stamp: 0x51fb1116
Exception code: 0xe06d7363
Fault offset: 0x0000c41f
Faulting process id: 0xf74
Faulting application start time: 0xRe-Markable158.exe0
Faulting application path: Re-Markable158.exe1
Faulting module path: Re-Markable158.exe2
Report Id: Re-Markable158.exe3

Error: (04/01/2014 09:52:59 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1".Error in manifest or policy file "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" on line WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Please use sxstrace.exe for detailed diagnosis.

Error: (03/31/2014 10:22:22 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.


System errors:
=============
Error: (04/02/2014 02:38:12 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Schedule service.

Error: (04/02/2014 02:37:18 PM) (Source: Service Control Manager) (User: )
Description: The WinkHandler service failed to start due to the following error: 
%%2

Error: (04/02/2014 02:36:55 PM) (Source: Service Control Manager) (User: )
Description: The McAfee Anti-Spam Service service failed to start due to the following error: 
%%2

Error: (04/01/2014 10:22:09 AM) (Source: DCOM) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (04/01/2014 08:46:44 AM) (Source: Service Control Manager) (User: )
Description: The WinkHandler service failed to start due to the following error: 
%%2

Error: (04/01/2014 08:46:39 AM) (Source: Service Control Manager) (User: )
Description: The McAfee Anti-Spam Service service failed to start due to the following error: 
%%2

Error: (03/31/2014 11:14:49 PM) (Source: DCOM) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (03/31/2014 07:29:38 PM) (Source: DCOM) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (03/31/2014 03:15:13 PM) (Source: BROWSER) (User: )
Description: The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{A25F54B9-8F0C-4985-A3AC-809B758CDD91}.
The backup browser is stopping.


Microsoft Office Sessions:
=========================
Error: (03/30/2014 08:13:40 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6690.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 24 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (06/27/2011 03:50:33 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 164 seconds with 60 seconds of active time.  This session ended with a crash.


CodeIntegrity Errors:
===================================
  Date: 2014-03-28 15:15:42.895
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-03-28 15:15:42.725
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-08-27 09:24:49.525
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-08-27 08:55:07.869
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-08-26 23:04:40.842
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-08-26 19:28:05.170
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-08-26 18:33:42.839
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-08-26 17:48:15.556
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-08-26 17:33:51.106
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-08-26 16:28:57.528
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info =========================== 

Percentage of memory in use: 49%
Total physical RAM: 3956.55 MB
Available physical RAM: 1983.49 MB
Total Pagefile: 7911.28 MB
Available Pagefile: 5872.9 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:112 GB) (Free:11.49 GB) NTFS
Drive d: () (Fixed) (Total:165.99 GB) (Free:32.58 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298 GB) (Disk ID: 8C0FBFDC)
Partition 1: (Not Active) - (Size=20 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=112 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=166 GB) - (Type=OF Extended)

==================== End Of Log ============================
         
Vielen Dank für Deine Hilfe.

Gruß
Andi

Alt 03.04.2014, 09:29   #10
schrauber
/// the machine
/// TB-Ausbilder
 

Spam Mails werden von yahoo account verschickt - auch nach Passwortänderung - Standard

Spam Mails werden von yahoo account verschickt - auch nach Passwortänderung



Vor dem ESET scan war das FRST log fast sauber, jetzt sieht es aus wie sau. Was genau haste angestellt?

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
ProxyEnable: Internet Explorer proxy is enabled.
ProxyServer: http=127.0.0.1:13828
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.





Revo Uninstaller - Download - Filepony
Damit alles deinstallieren was Du in der Additional.txt findest mit dem Zusatz <== ATTENTION

Mit Revo auch Moderat die Reste entfernen lassen.




Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 03.04.2014, 12:24   #11
Andi64
 
Spam Mails werden von yahoo account verschickt - auch nach Passwortänderung - Standard

Spam Mails werden von yahoo account verschickt - auch nach Passwortänderung



Hi,

ja, sorry, weiß auch nicht was da passiert ist :-( Bin ja eigentlich schon sehr vorsichtig mit wo ich rauf klicke.

Geändert von Andi64 (03.04.2014 um 12:36 Uhr) Grund: aus versehen 2x der gleiche Beitrag

Alt 03.04.2014, 12:29   #12
Andi64
 
Spam Mails werden von yahoo account verschickt - auch nach Passwortänderung - Standard

Spam Mails werden von yahoo account verschickt - auch nach Passwortänderung



Hi,

ja, sorry, weiß auch nicht was da passiert ist :-( Bin ja eigentlich schon sehr vorsichtig mit wo ich rauf klicke.

Also hier die Log Files:

FixLog
Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-03-2014
Ran by andreas at 2014-04-03 11:09:52 Run:1
Running from C:\Users\andreas\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
ProxyEnable: Internet Explorer proxy is enabled.
ProxyServer: http=127.0.0.1:13828
*****************

C:\windows\system32\GroupPolicy\Machine => Moved successfully.
C:\windows\system32\GroupPolicy\GPT.ini => Moved successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => Value deleted successfully.


The system needed a reboot. 

==== End of Fixlog ====
         
Malewarebytes
Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 03.04.2014
Suchlauf-Zeit: 12:18:08
Logdatei: mbam neu.txt
Administrator: Ja

Version: 2.00.0.1000
Malware Datenbank: v2014.04.03.02
Rootkit Datenbank: v2014.03.27.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Chameleon: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: andreas

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 315679
Verstrichene Zeit: 39 Min, 35 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Shuriken: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 4
PUP.Optional.Radsteroids.A, C:\ProgramData\Radsteroids\RadsteroidsService.exe, 1048, Löschen bei Neustart, [5fa13ec26c94b7494661c7929869de22]
PUP.Optional.Radsteroids.A, C:\ProgramData\Radsteroids\Radsteroids.exe, 3316, Löschen bei Neustart, [43bda35d27d924dc46615efb0af7ab55]
PUP.Optional.ReMarkable.A, C:\Program Files (x86)\Re-Markable Corp\Re-Markable158.exe, 3732, Löschen bei Neustart, [ea16b8486a96877931120654729027d9]
PUP.Optional.ReMarkable.A, C:\Program Files (x86)\Re-Markable Corp\Re-Markable_wd.exe, 4032, Löschen bei Neustart, [ea16b8486a96877931120654729027d9]

Module: 1
PUP.Optional.ReMarkable.A, C:\Program Files (x86)\Re-Markable Corp\Re-Markable158.dll, Löschen bei Neustart, [ea16b8486a96877931120654729027d9], 

Registrierungsschlüssel: 11
PUP.Optional.Radsteroids.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Radsteroids, In Quarantäne, [5fa13ec26c94b7494661c7929869de22], 
PUP.Optional.WebSteroids.A, HKLM\SOFTWARE\CLASSES\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}, In Quarantäne, [0bf516ea16ea649c9b998488ea1848b8], 
PUP.Optional.WebSteroids.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}, In Quarantäne, [0bf516ea16ea649c9b998488ea1848b8], 
PUP.Optional.DynConIE.A, HKLM\SOFTWARE\CLASSES\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}, In Quarantäne, [26daea16a25e936d8b77f61613ef34cc], 
PUP.Optional.DynConIE.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}, In Quarantäne, [26daea16a25e936d8b77f61613ef34cc], 
PUP.Optional.Iminent.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\WinkHandler, In Quarantäne, [9769c7397f81916fac380d5f1ae803fd], 
PUP.Optional.ReMarkable.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Re_Markable, Löschen bei Neustart, [8d730df3b9474eb243f593cbf01229d7], 
PUP.Optional.ReMarkable.A, HKU\S-1-5-21-522234228-4192544273-3428825822-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Re_Markable, Löschen bei Neustart, [7987ee12946c709058e0ca9434ceb34d], 
PUP.Optional.Radsteroids.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Radsteroids, In Quarantäne, [c53b9a669967619fa13a4710ac56f010], 
PUP.Optional.ReMarkable.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Re-Markable, In Quarantäne, [ea16b8486a96877931120654729027d9], 
PUP.Optional.ReMarkable.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\efbeffb6-b24d-4c4f-8cc2-06b93e00c194, In Quarantäne, [ea16b8486a96877931120654729027d9], 

Registrierungswerte: 1
PUM.Bad.Proxy, HKU\S-1-5-21-522234228-4192544273-3428825822-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|ProxyServer, http=127.0.0.1:13828, Löschen bei Neustart, [659bf010a55b827e9294831847bc06fa]

Registrierungsdaten: 0
(No malicious items detected)

Ordner: 3
PUP.Optional.Radsteroids.A, C:\Users\andreas\AppData\Local\Radsteroids, In Quarantäne, [5ca40ef218e8ef11ce0c95c2aa583dc3], 
PUP.Optional.Radsteroids.A, C:\ProgramData\Radsteroids, Löschen bei Neustart, [c53b9a669967619fa13a4710ac56f010], 
PUP.Optional.ReMarkable.A, C:\Program Files (x86)\Re-Markable Corp, Löschen bei Neustart, [ea16b8486a96877931120654729027d9], 

Dateien: 23
PUP.Optional.Radsteroids.A, C:\ProgramData\Radsteroids\RadsteroidsService.exe, Löschen bei Neustart, [5fa13ec26c94b7494661c7929869de22], 
PUP.Optional.Radsteroids.A, C:\ProgramData\Radsteroids\Radsteroids.exe, Löschen bei Neustart, [43bda35d27d924dc46615efb0af7ab55], 
PUP.Optional.ReMarkable.A, C:\Windows\Tasks\Re-Markable Update.job, In Quarantäne, [28d86a96e02033cd89ac91cd6f938f71], 
PUP.Optional.Radsteroids.A, C:\Users\andreas\AppData\Local\Radsteroids\data2.dat, In Quarantäne, [5ca40ef218e8ef11ce0c95c2aa583dc3], 
PUP.Optional.Radsteroids.A, C:\ProgramData\Radsteroids\app.dat, In Quarantäne, [c53b9a669967619fa13a4710ac56f010], 
PUP.Optional.Radsteroids.A, C:\ProgramData\Radsteroids\data.dat, In Quarantäne, [c53b9a669967619fa13a4710ac56f010], 
PUP.Optional.Radsteroids.A, C:\ProgramData\Radsteroids\Radsteroids.exe.config, In Quarantäne, [c53b9a669967619fa13a4710ac56f010], 
PUP.Optional.Radsteroids.A, C:\ProgramData\Radsteroids\Radsteroids.ico, In Quarantäne, [c53b9a669967619fa13a4710ac56f010], 
PUP.Optional.Radsteroids.A, C:\ProgramData\Radsteroids\RadsteroidsService.exe.config, In Quarantäne, [c53b9a669967619fa13a4710ac56f010], 
PUP.Optional.Radsteroids.A, C:\ProgramData\Radsteroids\Uninstall.exe, In Quarantäne, [c53b9a669967619fa13a4710ac56f010], 
PUP.Optional.ReMarkable.A, C:\Program Files (x86)\Re-Markable Corp\158.crx, In Quarantäne, [ea16b8486a96877931120654729027d9], 
PUP.Optional.ReMarkable.A, C:\Program Files (x86)\Re-Markable Corp\158.dat, In Quarantäne, [ea16b8486a96877931120654729027d9], 
PUP.Optional.ReMarkable.A, C:\Program Files (x86)\Re-Markable Corp\158.xpi, In Quarantäne, [ea16b8486a96877931120654729027d9], 
PUP.Optional.ReMarkable.A, C:\Program Files (x86)\Re-Markable Corp\a.db, In Quarantäne, [ea16b8486a96877931120654729027d9], 
PUP.Optional.ReMarkable.A, C:\Program Files (x86)\Re-Markable Corp\b.db, In Quarantäne, [ea16b8486a96877931120654729027d9], 
PUP.Optional.ReMarkable.A, C:\Program Files (x86)\Re-Markable Corp\Re-Markable158.bin, In Quarantäne, [ea16b8486a96877931120654729027d9], 
PUP.Optional.ReMarkable.A, C:\Program Files (x86)\Re-Markable Corp\Re-Markable158.dll, Löschen bei Neustart, [ea16b8486a96877931120654729027d9], 
PUP.Optional.ReMarkable.A, C:\Program Files (x86)\Re-Markable Corp\Re-Markable158.exe, Löschen bei Neustart, [ea16b8486a96877931120654729027d9], 
PUP.Optional.ReMarkable.A, C:\Program Files (x86)\Re-Markable Corp\Re-Markable158.ini, In Quarantäne, [ea16b8486a96877931120654729027d9], 
PUP.Optional.ReMarkable.A, C:\Program Files (x86)\Re-Markable Corp\Re-Markable_wd.exe, Löschen bei Neustart, [ea16b8486a96877931120654729027d9], 
PUP.Optional.ReMarkable.A, C:\Program Files (x86)\Re-Markable Corp\ReMar.exe, In Quarantäne, [ea16b8486a96877931120654729027d9], 
PUP.Optional.ReMarkable.A, C:\Program Files (x86)\Re-Markable Corp\Sqlite3.dll, In Quarantäne, [ea16b8486a96877931120654729027d9], 
PUP.Optional.ReMarkable.A, C:\Program Files (x86)\Re-Markable Corp\Uninstall.exe, In Quarantäne, [ea16b8486a96877931120654729027d9], 

Physische Sektoren: 0
(No malicious items detected)


(end)
         
AdwareCleaner
AdwCleaner Logfile:
Code:
ATTFilter
# AdwCleaner v3.023 - Report created 03/04/2014 at 12:36:51
# Updated 01/04/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : andreas - ANDREAS-PC
# Running from : C:\Users\andreas\Desktop\adwcleaner (1).exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Users\andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejdfidgapfiokiphmcjpmmjbdndepoja
File Deleted : C:\windows\Tasks\Re-Markable_wd.job
File Deleted : C:\windows\System32\Tasks\Re-Markable_wd

***** [ Shortcuts ] *****


***** [ Registry ] *****

Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Starfield Updater]

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16521


-\\ Mozilla Firefox v27.0.1 (de)

[ File : C:\Users\andreas\AppData\Roaming\Mozilla\Firefox\Profiles\f3er6lil.default\prefs.js ]


-\\ Google Chrome v33.0.1750.154

[ File : C:\Users\andreas\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [9050 octets] - [30/03/2014 18:05:21]
AdwCleaner[R1].txt - [4403 octets] - [31/03/2014 13:14:46]
AdwCleaner[R2].txt - [1465 octets] - [03/04/2014 12:33:05]
AdwCleaner[S0].txt - [8797 octets] - [30/03/2014 18:12:26]
AdwCleaner[S1].txt - [4513 octets] - [31/03/2014 13:18:37]
AdwCleaner[S2].txt - [1394 octets] - [03/04/2014 12:36:51]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1454 octets] ##########
         
--- --- ---

[/CODE]

AdwCleaner Logfile:
Code:
ATTFilter
# AdwCleaner v3.023 - Report created 03/04/2014 at 12:33:05
# Updated 01/04/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : andreas - ANDREAS-PC
# Running from : C:\Users\andreas\Desktop\adwcleaner (1).exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

File Found : C:\windows\System32\Tasks\Re-Markable_wd
File Found : C:\windows\Tasks\Re-Markable_wd.job
Folder Found : C:\Users\andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejdfidgapfiokiphmcjpmmjbdndepoja

***** [ Shortcuts ] *****


***** [ Registry ] *****

Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Starfield Updater]

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16521


-\\ Mozilla Firefox v27.0.1 (de)

[ File : C:\Users\andreas\AppData\Roaming\Mozilla\Firefox\Profiles\f3er6lil.default\prefs.js ]


-\\ Google Chrome v33.0.1750.154

[ File : C:\Users\andreas\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [9050 octets] - [30/03/2014 18:05:21]
AdwCleaner[R1].txt - [4403 octets] - [31/03/2014 13:14:46]
AdwCleaner[R2].txt - [1205 octets] - [03/04/2014 12:33:05]
AdwCleaner[S0].txt - [8797 octets] - [30/03/2014 18:12:26]
AdwCleaner[S1].txt - [4513 octets] - [31/03/2014 13:18:37]

########## EOF - C:\AdwCleaner\AdwCleaner[R2].txt - [1385 octets] ##########
         
--- --- ---

[/CODE]

JRT
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.3 (03.23.2014:1)
OS: Windows 7 Home Premium x64
Ran by andreas on 03.04.2014 at 12:59:33,65
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 03.04.2014 at 13:07:16,43
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
Und ein frisches FRST

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by andreas (administrator) on ANDREAS-PC on 03-04-2014 13:12:05
Running from C:\Users\andreas\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\windows\system32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Microsoft Corporation) C:\windows\SysWOW64\svchost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Starfield Technologies) C:\Program Files (x86)\Workspace\offSyncService.exe
() C:\windows\SysWOW64\Rezip.exe
(SafeNet, Inc.) C:\Program Files\SafeNet\Authentication\SAC\x64\SACSrv.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(Akamai Technologies, Inc.) C:\Users\andreas\AppData\Local\Akamai\netsession_win.exe
(Starfield Technologies) C:\Users\andreas\AppData\Local\Workspace\workspacestatus.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Starfield Technologies) C:\Users\andreas\AppData\Local\Workspace\workspaceupdate.exe
(Dropbox, Inc.) C:\Users\andreas\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe
(SAMSUNG Electronics) C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
(SEC) C:\Program Files (x86)\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Akamai Technologies, Inc.) C:\Users\andreas\AppData\Local\Akamai\netsession_win.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler64.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Microsoft Corporation) C:\windows\SysWOW64\notepad.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2074408 2010-02-26] (Synaptics Incorporated)
HKLM\...\Run: [NvCplDaemon] - C:\windows\system32\NvCpl.dll [16413288 2010-02-10] (NVIDIA Corporation)
HKLM\...\Run: [Windows Mobile Device Center] - C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM-x32\...\Run: [RemoteControl8] - C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe [91432 2009-04-15] (CyberLink Corp.)
HKLM-x32\...\Run: [PDVD8LanguageShortcut] - C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe [50472 2009-04-15] (CyberLink Corp.)
HKLM-x32\...\Run: [GrooveMonitor] - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [Ad-Aware Browsing Protection] - C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe [198032 2011-10-21] (Lavasoft)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-20] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] - [X]
HKU\S-1-5-21-522234228-4192544273-3428825822-1001\...\Run: [Akamai NetSession Interface] - C:\Users\andreas\AppData\Local\Akamai\netsession_win.exe [4672920 2014-03-06] (Akamai Technologies, Inc.)
HKU\S-1-5-21-522234228-4192544273-3428825822-1001\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-08-06] (Google Inc.)
HKU\S-1-5-21-522234228-4192544273-3428825822-1001\...\Run: [Workspace Status] - C:\Users\andreas\AppData\Local\Workspace\workspacestatus.exe [694760 2013-07-26] (Starfield Technologies)
HKU\S-1-5-21-522234228-4192544273-3428825822-1001\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20922016 2014-02-10] (Skype Technologies S.A.)
HKU\S-1-5-21-522234228-4192544273-3428825822-1001\...\Run: [Starfield Updater] - C:\Users\andreas\AppData\Local\Workspace\workspaceupdate.exe [35008 2013-05-26] (Starfield Technologies)
Startup: C:\Users\andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\andreas\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - {92C33D4D-06C3-49C7-9BDC-3A342E3899AD} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=chr-yie9
SearchScopes: HKCU - {AD20EAA2-12B9-46B5-BBB3-32A3A31661D2} URL = hxxp://www.flickr.com/search/?q={searchTerms}
SearchScopes: HKCU - {F3EC1F04-D859-491B-921C-C994A33669CD} URL = hxxp://search.zonealarm.com/search?src=sp&tbid=goughGA&Lan=de&q={searchTerms}&gu=386d05aab96640798e6ea6ac9f50f5fc&tu=10GXz00Au1C01g0&sku=&tstsId=&ver=&&r=334
BHO: Windows Live Family Safety Browser Helper Class - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\..\Interfaces\{011E7012-FCC3-417B-B375-8A252ADD8B30}: [NameServer]193.189.244.206 193.189.244.225
Tcpip\..\Interfaces\{708DB8B2-E39B-4BEE-842B-07EC99E3E497}: [NameServer]193.189.244.206 193.189.244.225
Tcpip\..\Interfaces\{8B8CA7B7-057C-43EE-9A22-091EB0577D86}: [NameServer]193.189.244.206 193.189.244.225

FireFox:
========
FF ProfilePath: C:\Users\andreas\AppData\Roaming\Mozilla\Firefox\Profiles\f3er6lil.default
FF Homepage: hxxp://yahoo.de/
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @starfield.com/off - C:\Users\andreas\AppData\Roaming\Mozilla\Plugins\npoff.dll ( Starfield Technologies, LLC.)
FF Plugin HKCU: @starfield.com/off64 - C:\Users\andreas\AppData\Roaming\Mozilla\Plugins\npoff64.dll ( Starfield Technologies, LLC.)
FF Plugin HKCU: @starfield.com/wbe - C:\Users\andreas\AppData\Roaming\Mozilla\Plugins\npwbe.dll (Starfield Technology, LLC)
FF Plugin HKCU: @starfield.com/wbe64 - C:\Users\andreas\AppData\Roaming\Mozilla\Plugins\npwbe64.dll (Starfield Technology, LLC)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\andreas\AppData\Roaming\mozilla\plugins\npoff.dll ( Starfield Technologies, LLC.)
FF Plugin ProgramFiles/Appdata: C:\Users\andreas\AppData\Roaming\mozilla\plugins\npoff64.dll ( Starfield Technologies, LLC.)
FF Plugin ProgramFiles/Appdata: C:\Users\andreas\AppData\Roaming\mozilla\plugins\npwbe.dll (Starfield Technology, LLC)
FF Plugin ProgramFiles/Appdata: C:\Users\andreas\AppData\Roaming\mozilla\plugins\npwbe64.dll (Starfield Technology, LLC)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: WBE Paste - C:\Users\andreas\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\wbepaste@starfield [2013-05-26]
FF Extension: Workspace Email Zoom - C:\Users\andreas\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\zoomext@starfield [2013-05-26]
FF Extension: Bluhell Firewall - C:\Users\andreas\AppData\Roaming\Mozilla\Firefox\Profiles\f3er6lil.default\Extensions\{6BB5760D-F97E-421B-AF5B-8457A90C3CED}.xpi [2013-12-15]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\KavAntiBanner@Kaspersky.ru [2014-02-28]
FF Extension: Anti-Banner - C:\Program Files (x86)\Mozilla Firefox\extensions\KavAntiBanner@kaspersky.ru_bak [2014-02-28]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru [2014-02-28]
FF Extension: Modul zur Link-Untersuchung - C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak [2014-02-28]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-03-03]
FF HKLM-x32\...\Firefox\Extensions: [{000a9d1c-beef-4f90-9363-039d445309b8}] - C:\Program Files (x86)\Google\Google Gears\Firefox\
FF Extension: Google Gears - C:\Program Files (x86)\Google\Google Gears\Firefox\ []
FF HKLM-x32\...\Firefox\Extensions: [virtualKeyboard@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\virtualKeyboard@kaspersky.ru
FF HKLM-x32\...\Firefox\Extensions: [KavAntiBanner@Kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\KavAntiBanner@kaspersky.ru
FF HKLM-x32\...\Firefox\Extensions: [linkfilter@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\linkfilter@kaspersky.ru
FF HKLM-x32\...\Firefox\Extensions: [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}] - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker
FF HKCU\...\Firefox\Extensions: [{36ee80e3-92ec-4efb-b105-85435187eb87}] - C:\Program Files (x86)\Re-Markable Corp\158.xpi

Chrome: 
=======
CHR DefaultSearchURL: hxxp://www.google.de/search?hl=de&source=hp&q={searchTerms}
CHR DefaultNewTabURL: 
CHR Extension: (Google Docs) - C:\Users\andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-12-13]
CHR Extension: (Google Drive) - C:\Users\andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-12-13]
CHR Extension: (YouTube) - C:\Users\andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-12-13]
CHR Extension: (Google Search) - C:\Users\andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-12-13]
CHR Extension: (Re-Markable) - C:\Users\andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejdfidgapfiokiphmcjpmmjbdndepoja [2014-03-31]
CHR Extension: (Bflix extension) - C:\Users\andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlfihafpijfdgmojeeigcldgchhojpfp [2014-03-04]
CHR Extension: (Skype Click to Call) - C:\Users\andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-03-04]
CHR Extension: (Google Wallet) - C:\Users\andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR Extension: (Gmail) - C:\Users\andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-12-13]
CHR HKLM-x32\...\Chrome\Extension: [jlfihafpijfdgmojeeigcldgchhojpfp] - C:\Program Files (x86)\BFlix\BFlix.crx [2011-12-19]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-03-03]

==================== Services (Whitelisted) =================

R2 Akamai; c:\program files (x86)\common files\akamai/netsession_win_8fa3539.dll [4569856 2013-07-01] (Akamai Technologies, Inc.)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1017424 2014-02-20] (Avira Operations GmbH & Co. KG)
S3 Autodesk Licensing Service; C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe [77944 2011-03-08] (Autodesk)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1363584 2014-03-03] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1748608 2014-03-03] (Microsoft Corporation)
R2 File Backup; C:\Program Files (x86)\Workspace\offSyncService.exe [1187040 2013-07-22] (Starfield Technologies)
R2 Rezip; C:\windows\SysWOW64\Rezip.exe [311296 2009-03-05] ()
R2 SACSrv; C:\Program Files\SafeNet\Authentication\SAC\x64\SACSrv.exe [10712 2011-10-02] (SafeNet, Inc.)
S4 mcmscsvc; C:\PROGRA~2\McAfee\MSC\mcmscsvc.exe [X]
S4 McNASvc; "c:\PROGRA~2\COMMON~1\mcafee\mna\mcnasvc.exe" [X]
S4 McProxy; c:\PROGRA~2\COMMON~1\mcafee\mcproxy\mcproxy.exe [X]
S4 MpfService; "C:\Program Files (x86)\McAfee\MPF\MPFSrv.exe" [X]
S2 MSK80Service; "C:\Program Files (x86)\McAfee\MSK\MskSrver.exe" [X]

==================== Drivers (Whitelisted) ====================

R3 AKSIFDH; C:\Windows\System32\DRIVERS\aksifdh.sys [62632 2008-07-30] (Aladdin Knowledge Systems, Ltd.)
S3 AKSUP; C:\Windows\System32\drivers\aksup.sys [44712 2008-07-30] (Aladdin Knowledge Systems, Ltd.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-09] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-09] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-12-09] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [84720 2013-12-09] (Avira Operations GmbH & Co. KG)
S3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [243200 2009-10-21] (Huawei Technologies Co., Ltd.)
S3 hwusbdev; C:\Windows\System32\DRIVERS\ewusbdev.sys [114304 2009-10-12] (Huawei Technologies Co., Ltd.)
R3 iKeyEnum; C:\Windows\System32\DRIVERS\ikeyenum.sys [16160 2010-07-08] (SafeNet, Inc.)
R3 iKeyIFD; C:\Windows\System32\DRIVERS\ikeyifd.sys [22304 2010-07-08] (SafeNet, Inc.)
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [89944 2013-02-21] (Kaspersky Lab)
S4 MPFP; C:\Windows\System32\Drivers\Mpfp.sys [176144 2010-07-15] (McAfee, Inc.)
U5 RnbToken; C:\Windows\System32\Drivers\RnbToken.sys [24352 2010-07-08] (SafeNet, Inc.)
S3 rtport; C:\windows\SysWOW64\drivers\rtport.sys [15144 2010-11-05] (Windows (R) 2003 DDK 3790 provider)
S4 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
S3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [395264 2009-09-28] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-03 13:07 - 2014-04-03 13:07 - 00000627 _____ () C:\Users\andreas\Desktop\JRT.txt
2014-04-03 12:32 - 2014-04-03 12:32 - 01426178 _____ () C:\Users\andreas\Downloads\adwcleaner (1).exe
2014-04-03 12:32 - 2014-04-03 12:32 - 01426178 _____ () C:\Users\andreas\Desktop\adwcleaner (1).exe
2014-04-03 12:30 - 2014-04-03 12:30 - 00007128 _____ () C:\Users\andreas\Desktop\mbam neu.txt
2014-04-03 11:21 - 2014-04-03 11:28 - 00001264 _____ () C:\Users\andreas\Desktop\Revo Uninstaller.lnk
2014-04-03 11:21 - 2014-04-03 11:28 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-04-03 11:21 - 2014-04-03 11:18 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\andreas\Desktop\revosetup95.exe
2014-04-03 11:18 - 2014-04-03 11:18 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\andreas\Downloads\revosetup95.exe
2014-04-02 14:43 - 2014-04-02 14:44 - 00035940 _____ () C:\Users\andreas\Desktop\Addition.txt
2014-04-02 14:39 - 2014-04-03 13:12 - 00021566 _____ () C:\Users\andreas\Desktop\FRST.txt
2014-03-31 22:25 - 2014-03-31 22:25 - 00987442 _____ () C:\Users\andreas\Downloads\SecurityCheck.exe
2014-03-31 22:25 - 2014-03-31 22:25 - 00987442 _____ () C:\Users\andreas\Desktop\SecurityCheck.exe
2014-03-31 15:04 - 2014-03-31 15:04 - 02347384 _____ (ESET) C:\Users\andreas\Downloads\esetsmartinstaller_enu.exe
2014-03-31 14:52 - 2014-03-31 14:51 - 01038974 _____ (Thisisu) C:\Users\andreas\Desktop\JRT (1).exe
2014-03-31 14:51 - 2014-03-31 14:51 - 01038974 _____ (Thisisu) C:\Users\andreas\Downloads\JRT (1).exe
2014-03-31 14:42 - 2014-03-31 14:42 - 00025045 _____ () C:\ComboFix.txt
2014-03-31 11:22 - 2014-04-03 11:11 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2014-03-31 11:22 - 2014-03-31 11:22 - 00000000 ____D () C:\Program Files (x86)\7-Zip
2014-03-31 11:19 - 2014-03-31 11:19 - 00376256 _____ () C:\Users\andreas\Downloads\7zip.exe
2014-03-30 18:19 - 2014-03-30 18:19 - 00000000 ____D () C:\windows\ERUNT
2014-03-30 18:18 - 2014-03-30 18:18 - 01038974 _____ (Thisisu) C:\Users\andreas\Downloads\JRT.exe
2014-03-30 18:05 - 2014-04-03 12:36 - 00000000 ____D () C:\AdwCleaner
2014-03-30 18:02 - 2014-03-30 18:02 - 01950720 _____ () C:\Users\andreas\Downloads\adwcleaner.exe
2014-03-30 17:14 - 2014-04-03 12:27 - 00119512 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-03-30 17:14 - 2014-03-30 17:16 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-03-30 17:14 - 2014-03-05 09:26 - 00088280 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-03-30 17:14 - 2014-03-05 09:26 - 00063192 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-03-30 17:13 - 2014-03-30 17:14 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\andreas\Downloads\mbam-setup-2.0.0.1000.exe
2014-03-28 16:05 - 2011-06-26 08:45 - 00256000 _____ () C:\windows\PEV.exe
2014-03-28 16:05 - 2010-11-07 19:20 - 00208896 _____ () C:\windows\MBR.exe
2014-03-28 16:05 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe
2014-03-28 16:05 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe
2014-03-28 16:05 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe
2014-03-28 16:05 - 2000-08-31 02:00 - 00098816 _____ () C:\windows\sed.exe
2014-03-28 16:05 - 2000-08-31 02:00 - 00080412 _____ () C:\windows\grep.exe
2014-03-28 16:05 - 2000-08-31 02:00 - 00068096 _____ () C:\windows\zip.exe
2014-03-28 16:04 - 2014-03-31 14:42 - 00000000 ____D () C:\Qoobox
2014-03-28 16:04 - 2014-03-28 16:26 - 00000000 ____D () C:\windows\erdnt
2014-03-28 16:03 - 2014-03-28 16:03 - 05192353 ____R (Swearware) C:\Users\andreas\Desktop\ComboFix.exe
2014-03-28 16:03 - 2014-03-28 16:03 - 05192353 _____ (Swearware) C:\Users\andreas\Downloads\ComboFix.exe
2014-03-28 14:14 - 2014-03-28 14:13 - 00380416 _____ () C:\Users\andreas\Desktop\Gmer-19357.exe
2014-03-28 14:13 - 2014-03-28 14:13 - 00380416 _____ () C:\Users\andreas\Downloads\Gmer-19357.exe
2014-03-28 14:10 - 2014-04-03 13:12 - 00000000 ____D () C:\FRST
2014-03-28 14:09 - 2014-03-28 14:09 - 02157056 _____ (Farbar) C:\Users\andreas\Desktop\FRST64.exe
2014-03-28 14:08 - 2014-03-28 14:09 - 02157056 _____ (Farbar) C:\Users\andreas\Downloads\FRST64.exe
2014-03-28 14:07 - 2014-03-28 14:07 - 01145856 _____ (Farbar) C:\Users\andreas\Downloads\FRST.exe
2014-03-28 14:06 - 2014-03-28 14:06 - 00000000 _____ () C:\Users\andreas\defogger_reenable
2014-03-28 14:05 - 2014-03-28 14:05 - 00050477 _____ () C:\Users\andreas\Downloads\Defogger.exe
2014-03-28 14:05 - 2014-03-28 14:05 - 00050477 _____ () C:\Users\andreas\Desktop\Defogger.exe
2014-03-28 11:00 - 2014-03-28 11:00 - 00167424 _____ () C:\Users\andreas\Downloads\OBRASCI ZAVRSNI 2013 - SEMNONES (2).xls
2014-03-28 10:59 - 2014-03-28 10:59 - 00167424 _____ () C:\Users\andreas\Downloads\OBRASCI ZAVRSNI 2013 - SEMNONES (1).xls
2014-03-28 10:57 - 2014-03-28 10:57 - 00167424 _____ () C:\Users\andreas\Downloads\OBRASCI ZAVRSNI 2013 - SEMNONES.xls
2014-03-22 15:26 - 2014-03-22 15:33 - 00064000 ____H () C:\Users\Guest\Desktop\~WRL3555.tmp
2014-03-22 14:25 - 2014-03-22 14:34 - 00009169 _____ () C:\Users\andreas\Documents\Bieter.xlsx
2014-03-22 10:03 - 2014-03-22 10:03 - 00000000 ____D () C:\Users\Guest\AppData\Local\Adobe
2014-03-22 10:02 - 2014-03-22 10:02 - 00000000 ____D () C:\Users\Guest\AppData\Local\Google
2014-03-22 09:35 - 2014-03-22 09:35 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Avira
2014-03-22 09:29 - 2014-03-22 09:29 - 00000000 ____H () C:\windows\system32\Drivers\Msft_User_wpdcomp_01_09_00.Wdf
2014-03-22 07:45 - 2014-03-22 07:45 - 00000000 ____D () C:\Users\Guest\Desktop\Bieterregistrierungen
2014-03-21 17:09 - 2014-04-02 14:40 - 00003942 _____ () C:\windows\System32\Tasks\User_Feed_Synchronization-{92299EF7-1E5C-417C-864B-B520F20C2A67}
2014-03-21 12:16 - 2014-03-21 12:16 - 01161080 _____ () C:\windows\SysWOW64\Radsteroids.33AABCF1AD13.dll
2014-03-21 00:33 - 2014-03-22 16:21 - 00000000 ____D () C:\Users\Guest\Desktop\forms
2014-03-21 00:33 - 2014-03-21 00:33 - 00000000 ____D () C:\Users\Guest\Desktop\logo avus
2014-03-21 00:20 - 2014-03-21 00:20 - 00000000 ____D () C:\Users\Guest\AppData\Local\adaware
2014-03-21 00:19 - 2014-03-25 11:52 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite
2014-03-21 00:19 - 2014-03-22 10:03 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Adobe
2014-03-21 00:19 - 2014-03-21 00:20 - 00000000 ___RD () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-21 00:19 - 2014-03-21 00:20 - 00000000 ___RD () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-03-21 00:19 - 2014-03-21 00:20 - 00000000 ____D () C:\Users\Guest\AppData\Local\VirtualStore
2014-03-21 00:19 - 2014-03-21 00:19 - 00001413 _____ () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-03-21 00:19 - 2014-03-21 00:19 - 00000020 ___SH () C:\Users\Guest\ntuser.ini
2014-03-21 00:19 - 2014-03-21 00:19 - 00000000 ____D () C:\Users\Guest\AppData\Local\offsync
2014-03-21 00:19 - 2014-03-21 00:19 - 00000000 ____D () C:\Users\Guest
2014-03-21 00:19 - 2011-03-10 17:30 - 00000000 ____D () C:\Users\Guest\AppData\Local\Microsoft Help
2014-03-21 00:19 - 2011-03-06 20:34 - 00001135 _____ () C:\Users\Guest\Desktop\CyberLink YouCam.lnk
2014-03-21 00:19 - 2011-03-06 20:34 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink YouCam
2014-03-21 00:19 - 2010-08-04 04:37 - 00001190 _____ () C:\Users\Guest\Desktop\CyberLink DVD Suite.lnk
2014-03-21 00:19 - 2009-07-14 06:54 - 00000000 ___RD () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-03-21 00:19 - 2009-07-14 06:49 - 00000000 ___RD () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-03-13 22:26 - 2014-03-01 07:17 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-03-13 22:26 - 2014-03-01 07:16 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-03-13 22:26 - 2014-03-01 06:58 - 02765824 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-03-13 22:26 - 2014-03-01 06:52 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-03-13 22:26 - 2014-03-01 06:51 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-03-13 22:26 - 2014-03-01 06:40 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-03-13 22:26 - 2014-03-01 06:30 - 17074688 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-03-13 22:26 - 2014-03-01 06:17 - 00218624 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-03-13 22:26 - 2014-03-01 06:11 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-03-13 22:26 - 2014-03-01 05:52 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-03-13 22:26 - 2014-03-01 05:51 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-03-13 22:26 - 2014-03-01 05:47 - 02168320 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-03-13 22:26 - 2014-03-01 05:43 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-03-13 22:26 - 2014-03-01 05:43 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-03-13 22:26 - 2014-03-01 05:42 - 00627200 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-03-13 22:26 - 2014-03-01 05:40 - 00440832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-03-13 22:26 - 2014-03-01 05:38 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-03-13 22:26 - 2014-03-01 05:37 - 00553472 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-03-13 22:26 - 2014-03-01 05:35 - 02041856 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-03-13 22:26 - 2014-03-01 05:14 - 04244480 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-03-13 22:26 - 2014-03-01 05:03 - 00524288 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-03-13 22:26 - 2014-03-01 05:00 - 01964032 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-03-13 22:26 - 2014-03-01 04:57 - 11266048 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-03-13 22:26 - 2014-03-01 04:38 - 01393664 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-03-13 22:26 - 2014-03-01 04:27 - 01156096 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-03-13 22:26 - 2014-02-07 03:23 - 03156480 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-03-13 22:26 - 2014-01-29 04:32 - 00484864 _____ (Microsoft Corporation) C:\windows\system32\wer.dll
2014-03-13 22:26 - 2014-01-29 04:06 - 00381440 _____ (Microsoft Corporation) C:\windows\SysWOW64\wer.dll
2014-03-13 22:26 - 2014-01-28 04:32 - 00228864 _____ (Microsoft Corporation) C:\windows\system32\wwansvc.dll
2014-03-13 22:25 - 2014-03-01 08:05 - 23133696 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-03-13 22:25 - 2014-03-01 06:42 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-03-13 22:25 - 2014-03-01 06:37 - 00574976 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-03-13 22:25 - 2014-03-01 06:33 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-03-13 22:25 - 2014-03-01 06:33 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-03-13 22:25 - 2014-03-01 06:32 - 00708608 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-03-13 22:25 - 2014-03-01 06:23 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-03-13 22:25 - 2014-03-01 06:02 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-03-13 22:25 - 2014-03-01 05:54 - 05768704 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-03-13 22:25 - 2014-03-01 05:18 - 13051904 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-03-13 22:25 - 2014-03-01 05:16 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-03-13 22:25 - 2014-03-01 05:10 - 02334208 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-03-13 22:25 - 2014-03-01 04:32 - 01820160 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-03-13 22:25 - 2014-03-01 04:25 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-03-13 22:25 - 2014-03-01 04:25 - 00703488 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-03-13 22:24 - 2014-02-04 04:32 - 01424384 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll
2014-03-13 22:24 - 2014-02-04 04:32 - 00624128 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll
2014-03-13 22:24 - 2014-02-04 04:04 - 01230336 _____ (Microsoft Corporation) C:\windows\SysWOW64\WindowsCodecs.dll
2014-03-13 22:24 - 2014-02-04 04:04 - 00509440 _____ (Microsoft Corporation) C:\windows\SysWOW64\qedit.dll
2014-03-04 10:46 - 2014-03-04 10:46 - 00001109 _____ () C:\Users\andreas\Desktop\desktoptools.lnk

==================== One Month Modified Files and Folders =======

2014-04-03 13:12 - 2014-04-02 14:39 - 00021566 _____ () C:\Users\andreas\Desktop\FRST.txt
2014-04-03 13:12 - 2014-03-28 14:10 - 00000000 ____D () C:\FRST
2014-04-03 13:07 - 2014-04-03 13:07 - 00000627 _____ () C:\Users\andreas\Desktop\JRT.txt
2014-04-03 13:03 - 2014-01-22 10:00 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-04-03 13:00 - 2009-07-14 06:45 - 00014144 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-03 13:00 - 2009-07-14 06:45 - 00014144 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-03 12:54 - 2014-01-15 21:25 - 00000000 ____D () C:\Users\andreas\AppData\Roaming\Dropbox
2014-04-03 12:54 - 2011-03-06 20:21 - 00000000 ____D () C:\Users\andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite
2014-04-03 12:53 - 2011-03-09 15:40 - 00001108 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-03 12:53 - 2009-07-14 07:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-04-03 12:52 - 2013-12-14 14:12 - 00019876 _____ () C:\windows\setupact.log
2014-04-03 12:43 - 2014-01-15 21:44 - 00000000 ___RD () C:\Users\andreas\Desktop\Dropbox
2014-04-03 12:42 - 2011-03-06 20:52 - 00000000 ____D () C:\Users\andreas\AppData\Roaming\Skype
2014-04-03 12:42 - 2010-08-04 04:27 - 01599228 _____ () C:\windows\WindowsUpdate.log
2014-04-03 12:40 - 2011-03-09 15:40 - 00001112 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-03 12:37 - 2013-12-15 10:46 - 00579758 _____ () C:\windows\PFRO.log
2014-04-03 12:36 - 2014-03-30 18:05 - 00000000 ____D () C:\AdwCleaner
2014-04-03 12:32 - 2014-04-03 12:32 - 01426178 _____ () C:\Users\andreas\Downloads\adwcleaner (1).exe
2014-04-03 12:32 - 2014-04-03 12:32 - 01426178 _____ () C:\Users\andreas\Desktop\adwcleaner (1).exe
2014-04-03 12:30 - 2014-04-03 12:30 - 00007128 _____ () C:\Users\andreas\Desktop\mbam neu.txt
2014-04-03 12:27 - 2014-03-30 17:14 - 00119512 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-03 12:12 - 2011-11-10 09:54 - 00000000 ____D () C:\Users\andreas\AppData\Local\Akamai
2014-04-03 11:28 - 2014-04-03 11:21 - 00001264 _____ () C:\Users\andreas\Desktop\Revo Uninstaller.lnk
2014-04-03 11:28 - 2014-04-03 11:21 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-04-03 11:18 - 2014-04-03 11:21 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\andreas\Desktop\revosetup95.exe
2014-04-03 11:18 - 2014-04-03 11:18 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\andreas\Downloads\revosetup95.exe
2014-04-03 11:11 - 2014-03-31 11:22 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2014-04-03 11:09 - 2009-07-14 05:20 - 00000000 ___HD () C:\windows\system32\GroupPolicy
2014-04-02 14:44 - 2014-04-02 14:43 - 00035940 _____ () C:\Users\andreas\Desktop\Addition.txt
2014-04-02 14:40 - 2014-03-21 17:09 - 00003942 _____ () C:\windows\System32\Tasks\User_Feed_Synchronization-{92299EF7-1E5C-417C-864B-B520F20C2A67}
2014-03-31 22:25 - 2014-03-31 22:25 - 00987442 _____ () C:\Users\andreas\Downloads\SecurityCheck.exe
2014-03-31 22:25 - 2014-03-31 22:25 - 00987442 _____ () C:\Users\andreas\Desktop\SecurityCheck.exe
2014-03-31 15:04 - 2014-03-31 15:04 - 02347384 _____ (ESET) C:\Users\andreas\Downloads\esetsmartinstaller_enu.exe
2014-03-31 14:51 - 2014-03-31 14:52 - 01038974 _____ (Thisisu) C:\Users\andreas\Desktop\JRT (1).exe
2014-03-31 14:51 - 2014-03-31 14:51 - 01038974 _____ (Thisisu) C:\Users\andreas\Downloads\JRT (1).exe
2014-03-31 14:42 - 2014-03-31 14:42 - 00025045 _____ () C:\ComboFix.txt
2014-03-31 14:42 - 2014-03-28 16:04 - 00000000 ____D () C:\Qoobox
2014-03-31 14:37 - 2009-07-14 04:34 - 00000215 _____ () C:\windows\system.ini
2014-03-31 11:22 - 2014-03-31 11:22 - 00000000 ____D () C:\Program Files (x86)\7-Zip
2014-03-31 11:22 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\SysWOW64\GroupPolicy
2014-03-31 11:19 - 2014-03-31 11:19 - 00376256 _____ () C:\Users\andreas\Downloads\7zip.exe
2014-03-31 09:27 - 2009-07-14 07:13 - 00801824 _____ () C:\windows\system32\PerfStringBackup.INI
2014-03-30 22:56 - 2013-08-06 14:09 - 00000000 ____D () C:\Users\andreas\Desktop\Classic Car Auction
2014-03-30 18:19 - 2014-03-30 18:19 - 00000000 ____D () C:\windows\ERUNT
2014-03-30 18:18 - 2014-03-30 18:18 - 01038974 _____ (Thisisu) C:\Users\andreas\Downloads\JRT.exe
2014-03-30 18:12 - 2013-01-10 16:46 - 00000000 ____D () C:\Users\andreas\AppData\Roaming\CheckPoint
2014-03-30 18:02 - 2014-03-30 18:02 - 01950720 _____ () C:\Users\andreas\Downloads\adwcleaner.exe
2014-03-30 17:16 - 2014-03-30 17:14 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-03-30 17:16 - 2014-01-23 16:33 - 00001102 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-03-30 17:14 - 2014-03-30 17:13 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\andreas\Downloads\mbam-setup-2.0.0.1000.exe
2014-03-30 17:14 - 2013-01-10 13:46 - 00000000 ____D () C:\Users\andreas\AppData\Roaming\Malwarebytes
2014-03-30 17:14 - 2013-01-10 13:46 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-28 20:52 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2014-03-28 16:26 - 2014-03-28 16:04 - 00000000 ____D () C:\windows\erdnt
2014-03-28 16:15 - 2012-07-13 13:34 - 00000000 ____D () C:\Users\andreas\AppData\Roaming\convert
2014-03-28 16:15 - 2012-01-26 23:21 - 00000000 ____D () C:\Program Files (x86)\BFlix
2014-03-28 16:03 - 2014-03-28 16:03 - 05192353 ____R (Swearware) C:\Users\andreas\Desktop\ComboFix.exe
2014-03-28 16:03 - 2014-03-28 16:03 - 05192353 _____ (Swearware) C:\Users\andreas\Downloads\ComboFix.exe
2014-03-28 14:13 - 2014-03-28 14:14 - 00380416 _____ () C:\Users\andreas\Desktop\Gmer-19357.exe
2014-03-28 14:13 - 2014-03-28 14:13 - 00380416 _____ () C:\Users\andreas\Downloads\Gmer-19357.exe
2014-03-28 14:09 - 2014-03-28 14:09 - 02157056 _____ (Farbar) C:\Users\andreas\Desktop\FRST64.exe
2014-03-28 14:09 - 2014-03-28 14:08 - 02157056 _____ (Farbar) C:\Users\andreas\Downloads\FRST64.exe
2014-03-28 14:07 - 2014-03-28 14:07 - 01145856 _____ (Farbar) C:\Users\andreas\Downloads\FRST.exe
2014-03-28 14:06 - 2014-03-28 14:06 - 00000000 _____ () C:\Users\andreas\defogger_reenable
2014-03-28 14:06 - 2011-03-06 20:21 - 00000000 ____D () C:\Users\andreas
2014-03-28 14:05 - 2014-03-28 14:05 - 00050477 _____ () C:\Users\andreas\Downloads\Defogger.exe
2014-03-28 14:05 - 2014-03-28 14:05 - 00050477 _____ () C:\Users\andreas\Desktop\Defogger.exe
2014-03-28 11:00 - 2014-03-28 11:00 - 00167424 _____ () C:\Users\andreas\Downloads\OBRASCI ZAVRSNI 2013 - SEMNONES (2).xls
2014-03-28 10:59 - 2014-03-28 10:59 - 00167424 _____ () C:\Users\andreas\Downloads\OBRASCI ZAVRSNI 2013 - SEMNONES (1).xls
2014-03-28 10:57 - 2014-03-28 10:57 - 00167424 _____ () C:\Users\andreas\Downloads\OBRASCI ZAVRSNI 2013 - SEMNONES.xls
2014-03-25 11:52 - 2014-03-21 00:19 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite
2014-03-24 17:06 - 2014-02-22 15:14 - 00000000 ____D () C:\Users\andreas\Desktop\semnones jdoo
2014-03-22 16:21 - 2014-03-21 00:33 - 00000000 ____D () C:\Users\Guest\Desktop\forms
2014-03-22 15:33 - 2014-03-22 15:26 - 00064000 ____H () C:\Users\Guest\Desktop\~WRL3555.tmp
2014-03-22 14:34 - 2014-03-22 14:25 - 00009169 _____ () C:\Users\andreas\Documents\Bieter.xlsx
2014-03-22 10:03 - 2014-03-22 10:03 - 00000000 ____D () C:\Users\Guest\AppData\Local\Adobe
2014-03-22 10:03 - 2014-03-21 00:19 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Adobe
2014-03-22 10:02 - 2014-03-22 10:02 - 00000000 ____D () C:\Users\Guest\AppData\Local\Google
2014-03-22 09:35 - 2014-03-22 09:35 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Avira
2014-03-22 09:29 - 2014-03-22 09:29 - 00000000 ____H () C:\windows\system32\Drivers\Msft_User_wpdcomp_01_09_00.Wdf
2014-03-22 07:45 - 2014-03-22 07:45 - 00000000 ____D () C:\Users\Guest\Desktop\Bieterregistrierungen
2014-03-21 18:48 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\system32\NDF
2014-03-21 12:16 - 2014-03-21 12:16 - 01161080 _____ () C:\windows\SysWOW64\Radsteroids.33AABCF1AD13.dll
2014-03-21 00:33 - 2014-03-21 00:33 - 00000000 ____D () C:\Users\Guest\Desktop\logo avus
2014-03-21 00:20 - 2014-03-21 00:20 - 00000000 ____D () C:\Users\Guest\AppData\Local\adaware
2014-03-21 00:20 - 2014-03-21 00:19 - 00000000 ___RD () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-21 00:20 - 2014-03-21 00:19 - 00000000 ___RD () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-03-21 00:20 - 2014-03-21 00:19 - 00000000 ____D () C:\Users\Guest\AppData\Local\VirtualStore
2014-03-21 00:19 - 2014-03-21 00:19 - 00001413 _____ () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-03-21 00:19 - 2014-03-21 00:19 - 00000020 ___SH () C:\Users\Guest\ntuser.ini
2014-03-21 00:19 - 2014-03-21 00:19 - 00000000 ____D () C:\Users\Guest\AppData\Local\offsync
2014-03-21 00:19 - 2014-03-21 00:19 - 00000000 ____D () C:\Users\Guest
2014-03-20 22:52 - 2011-07-21 12:47 - 00000000 ____D () C:\Users\andreas\Desktop\james
2014-03-18 19:17 - 2011-04-06 11:41 - 00000000 ____D () C:\Users\andreas\Desktop\Roccadoro
2014-03-18 00:43 - 2013-08-15 08:57 - 00000000 ____D () C:\windows\system32\MRT
2014-03-18 00:41 - 2011-03-19 11:57 - 90015360 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-03-17 10:16 - 2011-03-08 22:20 - 00000000 ____D () C:\Users\andreas\Desktop\THE VIEW Villas doo
2014-03-16 21:04 - 2011-06-04 11:26 - 00000000 ____D () C:\Users\andreas\Desktop\Inntal Montenegro
2014-03-16 20:12 - 2011-03-06 20:43 - 00000000 ___RD () C:\Users\andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-16 16:17 - 2011-03-20 19:43 - 00000000 ____D () C:\Users\andreas\Desktop\montague stein
2014-03-15 20:29 - 2011-04-05 15:32 - 00002175 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-03-14 13:57 - 2014-02-14 10:37 - 00000000 ____D () C:\Users\andreas\Desktop\Photos portals
2014-03-14 10:32 - 2010-08-04 04:29 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-03-14 08:36 - 2009-07-14 06:45 - 00426592 _____ () C:\windows\system32\FNTCACHE.DAT
2014-03-14 08:34 - 2013-03-14 00:27 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-14 08:34 - 2013-03-14 00:27 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-03-14 03:16 - 2011-03-08 19:36 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-03-14 01:06 - 2013-05-26 18:55 - 00000000 ____D () C:\Users\andreas\AppData\Local\Workspace
2014-03-05 09:26 - 2014-03-30 17:14 - 00088280 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-03-05 09:26 - 2014-03-30 17:14 - 00063192 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-03-05 09:26 - 2014-01-23 16:33 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-03-04 10:46 - 2014-03-04 10:46 - 00001109 _____ () C:\Users\andreas\Desktop\desktoptools.lnk

Some content of TEMP:
====================
C:\Users\andreas\AppData\Local\Temp\avgnt.exe
C:\Users\andreas\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpshcvvm.dll
C:\Users\andreas\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-03-31 09:45

==================== End Of Log ============================
         
--- --- ---


Gruß,
Andi

Alt 04.04.2014, 09:32   #13
schrauber
/// the machine
/// TB-Ausbilder
 

Spam Mails werden von yahoo account verschickt - auch nach Passwortänderung - Standard

Spam Mails werden von yahoo account verschickt - auch nach Passwortänderung




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 04.04.2014, 19:55   #14
Andi64
 
Spam Mails werden von yahoo account verschickt - auch nach Passwortänderung - Standard

Spam Mails werden von yahoo account verschickt - auch nach Passwortänderung



Hi,

also, es scheint wieder alles richtig zu funktionieren. Das mit dem versenden von SPAM Mails von meiner E-Mail kann ich natürlich jetzt nicht überprüfen ;-)

Hier noch die Log-Files:

ESET
Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=7066e9d656ce8e4f86a6a74847b6be78
# engine=17751
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-04-04 09:24:19
# local_time=2014-04-04 11:24:19 (+0100, W. Europe Daylight Time)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 94 479 10021621 0 0
# compatibility_mode=5893 16776574 100 94 9584458 148233309 0 0
# scanned=1162
# found=0
# cleaned=0
# scan_time=91
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=7066e9d656ce8e4f86a6a74847b6be78
# engine=17751
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-04-04 12:32:42
# local_time=2014-04-04 02:32:42 (+0100, W. Europe Daylight Time)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 94 11782 10032924 4512 0
# compatibility_mode=5893 16776574 100 94 9599361 148244612 0 0
# scanned=223565
# found=2
# cleaned=0
# scan_time=11243
sh=A9B34FFF631A93427E25A5F56B26057EEE6AF32F ft=1 fh=362623e17ed43977 vn="a variant of MSIL/Adware.PullUpdate.C application" ac=I fn="C:\Windows\System32\Radsteroids.33AABCF1AD13.dll"
sh=A9B34FFF631A93427E25A5F56B26057EEE6AF32F ft=1 fh=362623e17ed43977 vn="a variant of MSIL/Adware.PullUpdate.C application" ac=I fn="C:\Windows\SysWOW64\Radsteroids.33AABCF1AD13.dll"
         
security check
Code:
ATTFilter
 Results of screen317's Security Check version 0.99.80  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Avira Desktop   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Ad-Aware 
 Java 7 Update 51  
  Adobe Flash Player 11.1.102.55 Flash Player out of Date!  
 Adobe Reader 10.1.9 Adobe Reader out of Date!  
 Mozilla Firefox (27.0.1) 
 Google Chrome 33.0.1750.146  
 Google Chrome 33.0.1750.154  
````````Process Check: objlist.exe by Laurent````````  
 Ad-Aware AAWService.exe is disabled! 
 Ad-Aware AAWTray.exe is disabled! 
 Avira Antivir avgnt.exe 
 Avira Antivir avguard.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 0% 
````````````````````End of Log``````````````````````
         
Vielen, vielen Dank für die Unterstützung und Hilfe.

Herzliche Grüße
Andi

Geändert von Andi64 (04.04.2014 um 20:02 Uhr)

Alt 05.04.2014, 11:03   #15
schrauber
/// the machine
/// TB-Ausbilder
 

Spam Mails werden von yahoo account verschickt - auch nach Passwortänderung - Standard

Spam Mails werden von yahoo account verschickt - auch nach Passwortänderung



Flash und ADobe updaten. Passwort zum Email Account auf jeden Fall ändern.


Fertig

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.



Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun

Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu Spam Mails werden von yahoo account verschickt - auch nach Passwortänderung
ad-aware, administrator, akamai, browser, firewall, flash player, home, monte, mozilla, msil/adware.pullupdate.a, msil/adware.pullupdate.c, msil/adware.pullupdate.d, pup.optional.babylon.a, registry, scan, services.exe, spam, win32/adware.addlyrics.ah, win32/adware.addlyrics.ai, winlogon.exe



Ähnliche Themen: Spam Mails werden von yahoo account verschickt - auch nach Passwortänderung


  1. Von Strato E-Mail-Account werden ungewollt Spam-Mails verschickt
    Plagegeister aller Art und deren Bekämpfung - 01.10.2015 (28)
  2. Windows 7, von meinem Yahoo Account werden scheinbar Spam-Mails verschickt
    Plagegeister aller Art und deren Bekämpfung - 13.11.2014 (11)
  3. Yahoo-Mail Account verschickt Spam, hinterlässt keine Spuren im Verschickt-Ordner Win8
    Plagegeister aller Art und deren Bekämpfung - 16.07.2014 (11)
  4. Yahoo Account sendet Spam, auch nach einigen Maßnahmen
    Plagegeister aller Art und deren Bekämpfung - 24.06.2014 (13)
  5. Windows 7: Spam-Mails von meinem Yahoo Account verschickt
    Log-Analyse und Auswertung - 28.04.2014 (7)
  6. Aus Yahoo Account werden Spam Mails versandt
    Überwachung, Datenschutz und Spam - 30.01.2014 (21)
  7. PC langsam und yahoo account verschickt SPAM mails
    Plagegeister aller Art und deren Bekämpfung - 27.04.2013 (3)
  8. Yahoo Mailkonto verschickt Spam-Mails
    Log-Analyse und Auswertung - 11.03.2013 (7)
  9. Yahoo Mail Account verschickt Spam Mails
    Log-Analyse und Auswertung - 16.12.2012 (29)
  10. Trojaner verschickt Spam-Mails aus meinem yahoo-Account
    Plagegeister aller Art und deren Bekämpfung - 24.06.2012 (3)
  11. Spam E-Mails werden automatisch über GMX-Account verschickt
    Plagegeister aller Art und deren Bekämpfung - 19.06.2012 (1)
  12. Yahoo Mail Account verschickt Spam mit Links. Bot?
    Log-Analyse und Auswertung - 18.06.2012 (3)
  13. Über meinen GMX Account werden Spam E-Mails verschickt
    Plagegeister aller Art und deren Bekämpfung - 08.05.2012 (1)
  14. von meinem WEB.DE Account werden Spam-Mails verschickt
    Plagegeister aller Art und deren Bekämpfung - 16.02.2012 (23)
  15. Yahoo E-Mail Account verschickt Spam
    Plagegeister aller Art und deren Bekämpfung - 20.10.2011 (3)
  16. Yahoo verschickt Spam-Mails
    Log-Analyse und Auswertung - 01.10.2011 (1)
  17. Spam Mails werden automatisch vom Yahoo Account verschickt
    Log-Analyse und Auswertung - 28.08.2011 (2)

Zum Thema Spam Mails werden von yahoo account verschickt - auch nach Passwortänderung - Hallo, mein Problem ist folgendes: Ende letzten Jahres wurden von meinem Yahoo account SPAM Mails verschickt. Daraufhin habe ich das Passwort geändert, Virenscanner hat seiner Zeit keinen Befall feststellen können. - Spam Mails werden von yahoo account verschickt - auch nach Passwortänderung...
Archiv
Du betrachtest: Spam Mails werden von yahoo account verschickt - auch nach Passwortänderung auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.