Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: lpcloudbox329.com _ newall.com leiten permanent um

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 15.05.2014, 21:49   #1
lyci
 
lpcloudbox329.com _ newall.com leiten permanent um - Standard

lpcloudbox329.com _ newall.com leiten permanent um



Hi @,

beim surfen im Internet werde ich permanent unterbrochen oder umgeleitet. Es erscheint in der Adresszeile des Browsers:

hxxp://www.lpcloudbox329.com/404920596A753B7D7B343E7938274D2CDC2C7DA5E5BF04C76ED90DE0F3EBB8F64936D0FA767B4C323BC55D978FDE63AA?tgu_src_lp_domain=www.newallsoft.com&PubID=79_1731_33 52&ClickID=5762970359

Dort soll ich den Firefox updaten. Über den Rückpfeil komme ich zwar wieder auf die letzte Seite, aber es nervt tierisch.

Wer kennt sich damit aus, kann und möchte mir helfen?

Vielen Dank

Lyci

Alt 15.05.2014, 22:16   #2
schrauber
/// the machine
/// TB-Ausbilder
 

lpcloudbox329.com _ newall.com leiten permanent um - Standard

lpcloudbox329.com _ newall.com leiten permanent um



hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________

__________________

Alt 16.05.2014, 01:23   #3
lyci
 
lpcloudbox329.com _ newall.com leiten permanent um - Standard

lpcloudbox329.com _ newall.com leiten permanent um



Hi Schrauber,

vielen Dank für deine schnelle Hilfe.

Hier die FRST.txt

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-05-2014
Ran by nett-marketing (administrator) on NETT-MARKETING1 on 16-05-2014 01:17:15
Running from C:\Users\nett-marketing\Desktop
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apache Software Foundation) C:\xampp\apache\bin\httpd.exe
() C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
() C:\xampp\mysql\bin\mysqld.exe
(Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Apache Software Foundation) C:\xampp\apache\bin\httpd.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(NVIDIA Corporation) C:\Windows\System32\nvraidservice.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
(Dropbox, Inc.) C:\Users\nett-marketing\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Apple Computer, Inc.) C:\Program Files (x86)\QuickTime\qttask.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(CANON INC.) C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
() C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(CANON INC.) C:\Program Files (x86)\Canon\Solution Menu EX\CNSEUPDT.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Great Beard) C:\Program Files (x86)\Pyramids v1.0\Pyramids.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Users\nettmarketing\AppData\Local\Mozilla Thunderbird\thunderbird.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10135584 2010-03-26] (Realtek Semiconductor)
HKLM\...\Run: [NVRaidService] => C:\Windows\system32\nvraidservice.exe [291872 2009-06-30] (NVIDIA Corporation)
HKLM\...\Run: [CanonSolutionMenu] => C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe [644696 2007-05-15] (CANON INC.)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2779024 2011-03-14] (CANON INC.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-18] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [CanonSolutionMenuEx] => C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [1612920 2011-08-04] (CANON INC.)
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-13] (Logitech Inc.)
HKU\S-1-5-21-1304805427-2328156682-2798200666-1000\...\Run: [] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [844656 2013-07-26] (Samsung)
AppInit_DLLs: C:\PROGRA~2\SN_X64~1.BO~ => C:\Program Files (x86)\SN_x64.Booster [4210176 2014-05-01] ()
Startup: C:\Users\nett-marketing\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk
ShortcutTarget: Logitech . Produktregistrierung.lnk -> C:\Program Files (x86)\Logitech\Ereg\eReg.exe (Leader Technologies/Logitech)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xE0631527FB34CB01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\..\Interfaces\{DDFB34AE-F807-4974-AF8E-758837A55731}: [NameServer]62.220.18.8 89.246.64.8

FireFox:
========
FF ProfilePath: C:\Users\nett-marketing\AppData\Roaming\Mozilla\Firefox\Profiles\m8tbqzhj.default
FF SearchEngineOrder.1: Google
FF Homepage: about:home
FF NetworkProxy: "no_proxies_on", ""
FF Plugin-x32: @canon.com/EPPEX - C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin-x32: @java.com/DTPlugin,version=10.5.1 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\deployJava1.dll (Oracle Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\msvcr100.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll (Oracle Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npdeploytk.dll (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npDivxPlayerPlugin.dll (DivX, Inc)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npjp2.dll (Oracle Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Computer, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Computer, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Computer, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Computer, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Computer, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll (Apple Computer, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll (Apple Computer, Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: ProxTube - Unblock YouTube - C:\Users\nett-marketing\AppData\Roaming\Mozilla\Firefox\Profiles\m8tbqzhj.default\Extensions\{2541D29A-DB9E-4c1e-949A-31EFB4AEF4E7} [2013-12-05]
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru [2010-03-22]
FF HKCU\...\Firefox\Extensions: [{78D3E302-AEE0-40BB-B866-28A0139E12C8}] - C:\Users\nett-marketing\AppData\Local\{78D3E302-AEE0-40BB-B866-28A0139E12C8}
FF Extension: XULRunner - C:\Users\nett-marketing\AppData\Local\{78D3E302-AEE0-40BB-B866-28A0139E12C8} [2011-02-23]
FF HKCU\...\Firefox\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\nett-marketing\AppData\Roaming\IDM\idmmzcc3

Chrome: 
=======
CHR HomePage: chrome://newtab
CHR RestoreOnStartup: "hxxp://www.giga.de/"
CHR Extension: (Google Docs) - C:\Users\nett-marketing\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-11-20]
CHR Extension: (Google Drive) - C:\Users\nett-marketing\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-11-20]
CHR Extension: (No Name) - C:\Users\nett-marketing\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgobkgfjhllehahjkppdildejhlckcaf [2014-05-01]
CHR Extension: (YouTube) - C:\Users\nett-marketing\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-11-20]
CHR Extension: (Google-Suche) - C:\Users\nett-marketing\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-11-20]
CHR Extension: (Zhongwen A Chinese English Popup Dictionary) - C:\Users\nett-marketing\AppData\Local\Google\Chrome\User Data\Default\Extensions\kkmlkkjojmombglmlpbpapmhcaljjkde [2014-05-01]
CHR Extension: (Google Wallet) - C:\Users\nett-marketing\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-20]
CHR Extension: (No Name) - C:\Users\nett-marketing\AppData\Local\Google\Chrome\User Data\Default\Extensions\odajaaboifmknjnggkgmfamdebbhbfji [2014-05-01]
CHR Extension: (Google Mail) - C:\Users\nett-marketing\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-11-20]
CHR HKLM-x32\...\Chrome\Extension: [obcjlnjgjjgghcedkcohaeboelbblehc] - C:\Program Files (x86)\1clickmoviedownloader.com\clickmoviedownloader10.crx [2013-11-20]
CHR HKLM-x32\...\Chrome\Extension: [ohlfohjgijhjlpidbbnmcdooegafnnnm] - C:\Program Files (x86)\SockshareDownloader\SockshareDownloader10.crx [2012-11-15]

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-18] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-18] (Avira Operations GmbH & Co. KG)
R2 Apache2.2; c:\xampp\apache\bin\httpd.exe [18432 2011-09-10] (Apache Software Foundation)
R2 DTSRVC; C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe [80496 2010-01-28] ()
S3 FileZilla Server; c:\xampp\FileZillaFTP\FileZillaServer.exe [630272 2011-06-07] (FileZilla Project)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [177144 2012-07-17] (McAfee, Inc.)
R2 mysql; c:\xampp\mysql\bin\mysqld.exe [8158720 2011-09-09] ()

==================== Drivers (Whitelisted) ====================

S2 ASPI32; No ImagePath
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-17] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-17] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-25] (Avira Operations GmbH & Co. KG)
S1 cdrbsdrv; C:\Windows\SysWow64\Drivers\cdrbsdrv.sys [33408 2011-01-16] (B.H.A Corporation)
S3 mfeapfk; C:\Windows\system32\drivers\mfeapfk.sys [169320 2012-07-17] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [752672 2012-07-17] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [335784 2012-07-17] (McAfee, Inc.)
R0 nvrd64; C:\Windows\System32\DRIVERS\nvrd64.sys [175648 2009-08-04] (NVIDIA Corporation)
R3 PdiPorts; C:\Windows\System32\DRIVERS\PdiPorts.sys [20592 2009-12-17] (Portrait Displays, Inc.)
S3 s115bus; C:\Windows\System32\DRIVERS\s115bus.sys [108296 2007-04-23] (MCCI Corporation)
S3 s115mdfl; C:\Windows\System32\DRIVERS\s115mdfl.sys [19720 2007-04-23] (MCCI Corporation)
S3 s115mdm; C:\Windows\System32\DRIVERS\s115mdm.sys [144648 2007-04-23] (MCCI Corporation)
S3 s115mgmt; C:\Windows\System32\DRIVERS\s115mgmt.sys [126216 2007-04-23] (MCCI Corporation)
S3 s115obex; C:\Windows\System32\DRIVERS\s115obex.sys [123656 2007-04-23] (MCCI Corporation)
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
S1 SBRE; \??\C:\Windows\system32\drivers\SBREdrv.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-16 01:17 - 2014-05-16 01:17 - 00016071 _____ () C:\Users\nett-marketing\Desktop\FRST.txt
2014-05-16 01:17 - 2014-05-16 01:17 - 00000000 ____D () C:\Users\nett-marketing\Desktop\FRST-OlderVersion
2014-05-15 21:31 - 2014-05-15 21:31 - 00000000 ____D () C:\Users\nett-marketing\AppData\Roaming\VSRevoGroup
2014-05-15 21:29 - 2014-05-15 21:29 - 00001271 _____ () C:\Users\nett-marketing\Desktop\Revo Uninstaller.lnk
2014-05-15 21:28 - 2014-05-15 21:28 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\nett-marketing\Desktop\revosetup95.exe
2014-05-15 21:27 - 2014-05-16 01:17 - 02067456 _____ (Farbar) C:\Users\nett-marketing\Desktop\FRST64.exe
2014-05-15 10:48 - 2014-05-15 10:50 - 00000000 ____D () C:\Users\nett-marketing\AppData\Roaming\GlarySoft
2014-05-15 10:48 - 2014-05-15 10:48 - 00001113 _____ () C:\Users\nett-marketing\Desktop\Absolute Uninstaller.lnk
2014-05-15 00:18 - 2014-05-15 00:18 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-05-15 00:17 - 2014-05-15 00:35 - 00001222 _____ () C:\sc-cleaner.txt
2014-05-14 23:51 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-05-14 23:27 - 2014-05-14 23:28 - 00001116 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-05-14 23:27 - 2014-05-14 23:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
2014-05-14 23:26 - 2014-05-14 23:28 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-05-14 23:26 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-14 22:43 - 2014-05-14 22:43 - 00441592 _____ (Bleeping Computer, LLC) C:\Users\nett-marketing\Desktop\sc-cleaner.exe
2014-05-06 16:39 - 2014-05-06 16:39 - 00629906 _____ () C:\Users\nett-marketing\Desktop\Vertrag_MKS.jpeg
2014-05-06 16:39 - 2014-05-06 16:39 - 00587211 _____ () C:\Users\nett-marketing\Desktop\Vertag_MKS_3.jpeg
2014-05-06 16:39 - 2014-05-06 16:39 - 00576745 _____ () C:\Users\nett-marketing\Desktop\Vertrag_MKS_2.jpeg
2014-05-06 12:36 - 2014-05-06 12:36 - 00000000 ____D () C:\Users\nettmarketing\AppData\Local\Logitech® Webcam-Software
2014-05-06 12:34 - 2014-05-06 12:34 - 00000000 ____D () C:\Users\nettmarketing\AppData\Roaming\Canon
2014-05-06 12:33 - 2014-05-06 12:33 - 00000000 ____D () C:\Users\nettmarketing\AppData\Roaming\Malwarebytes
2014-05-01 23:29 - 2014-05-01 23:29 - 00000206 _____ () C:\Users\Public\Desktop\Deutschland Digital.url
2014-05-01 16:24 - 2014-05-01 17:59 - 00000000 ____D () C:\Users\nettmarketing\AppData\Local\Mozilla Thunderbird
2014-05-01 04:20 - 2014-05-01 04:20 - 04210176 _____ () C:\Program Files (x86)\SN_x64.Booster
2014-05-01 04:19 - 2014-05-01 19:47 - 00000000 ____D () C:\ProgramData\2a2b7f30380e2ce0
2014-05-01 04:19 - 2014-05-01 04:19 - 00000000 ____D () C:\Users\UpdatusUser\AppData\Local\Google
2014-05-01 04:19 - 2014-05-01 04:19 - 00000000 ____D () C:\Users\UpdatusUser\AppData\Local\Comodo
2014-05-01 04:19 - 2014-05-01 04:19 - 00000000 ____D () C:\Users\UpdatusUser\AppData\Local\Chromatic Browser
2014-05-01 04:19 - 2014-05-01 04:19 - 00000000 ____D () C:\Users\nett-marketing\AppData\Local\Packages
2014-05-01 04:19 - 2014-05-01 04:19 - 00000000 ____D () C:\Users\nett-marketing\AppData\Local\Comodo
2014-05-01 04:19 - 2014-05-01 04:19 - 00000000 ____D () C:\Users\nettmarketing\AppData\Local\Comodo
2014-05-01 04:19 - 2014-05-01 04:19 - 00000000 ____D () C:\Users\nett-marketing\AppData\Local\Chromatic Browser
2014-05-01 04:19 - 2014-05-01 04:19 - 00000000 ____D () C:\Users\nettmarketing\AppData\Local\Chromatic Browser
2014-05-01 04:19 - 2014-05-01 04:19 - 00000000 ____D () C:\Users\mcafee\AppData\Local\Google
2014-05-01 04:19 - 2014-05-01 04:19 - 00000000 ____D () C:\Users\mcafee\AppData\Local\Comodo
2014-05-01 04:19 - 2014-05-01 04:19 - 00000000 ____D () C:\Users\mcafee\AppData\Local\Chromatic Browser
2014-05-01 04:19 - 2014-05-01 04:19 - 00000000 ____D () C:\Users\Guest\AppData\Local\Google
2014-05-01 04:19 - 2014-05-01 04:19 - 00000000 ____D () C:\Users\Guest\AppData\Local\Comodo
2014-05-01 04:19 - 2014-05-01 04:19 - 00000000 ____D () C:\Users\Guest\AppData\Local\Chromatic Browser
2014-05-01 04:19 - 2014-05-01 04:19 - 00000000 ____D () C:\Users\Guest
2014-05-01 04:19 - 2014-05-01 04:19 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-05-01 04:19 - 2014-05-01 04:19 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo
2014-05-01 04:19 - 2014-05-01 04:19 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Chromatic Browser
2014-05-01 04:19 - 2014-05-01 04:19 - 00000000 ____D () C:\Users\Administrator
2014-05-01 04:05 - 2014-05-14 23:46 - 00000000 ____D () C:\ProgramData\MiniApp
2014-05-01 04:05 - 2014-05-01 04:21 - 00000000 ____D () C:\ProgramData\InstallMate
2014-04-28 00:08 - 2014-04-28 01:49 - 00000000 ____D () C:\Users\nett-marketing\Desktop\AusgelaufeneLangzeitverträge
2014-04-23 23:29 - 2014-04-24 02:42 - 00000000 ____D () C:\Users\nett-marketing\Desktop\neckermann 11
2014-04-22 23:44 - 2014-04-24 02:45 - 00427102 _____ () C:\Users\nett-marketing\Desktop\Kundenliste Nacharbeit und Auftraege bis 13.02.2014.xlsx
2014-04-17 00:54 - 2014-04-21 23:48 - 00042496 _____ () C:\Users\nett-marketing\Desktop\14.3.2014.xls
2014-04-16 19:46 - 2014-04-23 23:30 - 00000000 ____D () C:\Users\nett-marketing\Desktop\Leslie
2014-04-16 19:41 - 2014-04-28 01:17 - 00000000 ____D () C:\Users\nett-marketing\Desktop\Kundeneingabe Neckermann 16.04.2014

==================== One Month Modified Files and Folders =======

2014-05-16 01:17 - 2014-05-16 01:17 - 00016071 _____ () C:\Users\nett-marketing\Desktop\FRST.txt
2014-05-16 01:17 - 2014-05-16 01:17 - 00000000 ____D () C:\Users\nett-marketing\Desktop\FRST-OlderVersion
2014-05-16 01:17 - 2014-05-15 21:27 - 02067456 _____ (Farbar) C:\Users\nett-marketing\Desktop\FRST64.exe
2014-05-16 01:17 - 2013-08-24 23:57 - 00000000 ____D () C:\FRST
2014-05-16 01:15 - 2014-01-19 02:00 - 00000284 _____ () C:\Windows\Tasks\FF Watcher {9896ED89-C434-4C56-BFDB-EB80ED609BB4}.job
2014-05-15 21:32 - 2009-07-14 06:45 - 00014016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-15 21:32 - 2009-07-14 06:45 - 00014016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-15 21:31 - 2014-05-15 21:31 - 00000000 ____D () C:\Users\nett-marketing\AppData\Roaming\VSRevoGroup
2014-05-15 21:31 - 2010-03-21 18:36 - 00000000 ___RD () C:\Users\nett-marketing\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-15 21:29 - 2014-05-15 21:29 - 00001271 _____ () C:\Users\nett-marketing\Desktop\Revo Uninstaller.lnk
2014-05-15 21:29 - 2013-03-22 14:40 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-05-15 21:28 - 2014-05-15 21:28 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\nett-marketing\Desktop\revosetup95.exe
2014-05-15 20:14 - 2010-05-26 19:48 - 00000000 ____D () C:\Program Files (x86)\ElsterFormular
2014-05-15 18:56 - 2013-10-09 21:41 - 00000000 ____D () C:\Users\nett-marketing\AppData\Roaming\Dropbox
2014-05-15 18:54 - 2010-03-22 02:17 - 01571458 _____ () C:\Windows\WindowsUpdate.log
2014-05-15 18:50 - 2010-03-21 19:20 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-05-15 18:50 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-15 18:49 - 2013-06-29 16:46 - 00075457 _____ () C:\Windows\setupact.log
2014-05-15 10:52 - 2013-03-22 20:26 - 00000000 ____D () C:\Users\nett-marketing\Desktop\Hijackthis
2014-05-15 10:50 - 2014-05-15 10:48 - 00000000 ____D () C:\Users\nett-marketing\AppData\Roaming\GlarySoft
2014-05-15 10:48 - 2014-05-15 10:48 - 00001113 _____ () C:\Users\nett-marketing\Desktop\Absolute Uninstaller.lnk
2014-05-15 00:35 - 2014-05-15 00:17 - 00001222 _____ () C:\sc-cleaner.txt
2014-05-15 00:18 - 2014-05-15 00:18 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-05-14 23:53 - 2013-07-07 14:45 - 00045252 _____ () C:\Windows\PFRO.log
2014-05-14 23:52 - 2013-08-25 15:29 - 00000000 ____D () C:\AdwCleaner
2014-05-14 23:52 - 2013-03-24 00:14 - 00001068 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-05-14 23:52 - 2010-03-21 18:36 - 00001044 _____ () C:\Users\nett-marketing\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-05-14 23:52 - 2010-03-21 18:36 - 00001044 _____ () C:\Users\nett-marketing\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2014-05-14 23:46 - 2014-05-01 04:05 - 00000000 ____D () C:\ProgramData\MiniApp
2014-05-14 23:28 - 2014-05-14 23:27 - 00001116 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-05-14 23:28 - 2014-05-14 23:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
2014-05-14 23:28 - 2014-05-14 23:26 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-05-14 23:27 - 2012-07-26 02:55 - 00000000 ____D () C:\Users\nett-marketing\AppData\Roaming\Malwarebytes
2014-05-14 23:26 - 2014-02-26 17:49 - 00000000 ____D () C:\Users\nett-marketing\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-05-14 23:26 - 2013-08-25 15:16 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-14 22:43 - 2014-05-14 22:43 - 00441592 _____ (Bleeping Computer, LLC) C:\Users\nett-marketing\Desktop\sc-cleaner.exe
2014-05-14 22:42 - 2012-01-03 20:07 - 00000000 ____D () C:\Users\nett-marketing\Desktop\Download
2014-05-14 15:02 - 2013-09-29 00:02 - 00000038 _____ () C:\Users\nett-marketing\AppData\Roaming\WB.CFG
2014-05-11 21:23 - 2010-03-21 19:47 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-10 17:19 - 2013-03-24 00:14 - 00001056 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-05-06 16:39 - 2014-05-06 16:39 - 00629906 _____ () C:\Users\nett-marketing\Desktop\Vertrag_MKS.jpeg
2014-05-06 16:39 - 2014-05-06 16:39 - 00587211 _____ () C:\Users\nett-marketing\Desktop\Vertag_MKS_3.jpeg
2014-05-06 16:39 - 2014-05-06 16:39 - 00576745 _____ () C:\Users\nett-marketing\Desktop\Vertrag_MKS_2.jpeg
2014-05-06 12:36 - 2014-05-06 12:36 - 00000000 ____D () C:\Users\nettmarketing\AppData\Local\Logitech® Webcam-Software
2014-05-06 12:34 - 2014-05-06 12:34 - 00000000 ____D () C:\Users\nettmarketing\AppData\Roaming\Canon
2014-05-06 12:34 - 2011-03-16 00:26 - 00185720 _____ () C:\Users\nettmarketing\AppData\Local\GDIPFONTCACHEV1.DAT
2014-05-06 12:33 - 2014-05-06 12:33 - 00000000 ____D () C:\Users\nettmarketing\AppData\Roaming\Malwarebytes
2014-05-02 00:55 - 2010-08-28 19:42 - 00000000 ____D () C:\Users\nett-marketing\AppData\Roaming\vlc
2014-05-02 00:54 - 2011-08-02 21:26 - 00000000 ____D () C:\Users\nett-marketing\AppData\Roaming\dvdcss
2014-05-02 00:19 - 2010-03-21 19:38 - 00694526 _____ () C:\Windows\system32\perfh007.dat
2014-05-02 00:19 - 2010-03-21 19:38 - 00147650 _____ () C:\Windows\system32\perfc007.dat
2014-05-02 00:19 - 2009-07-14 07:13 - 01612752 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-01 23:32 - 2011-08-02 21:39 - 00000000 ____D () C:\Users\nett-marketing\AppData\Roaming\Ashampoo
2014-05-01 23:29 - 2014-05-01 23:29 - 00000206 _____ () C:\Users\Public\Desktop\Deutschland Digital.url
2014-05-01 23:28 - 2011-08-02 21:39 - 00000000 ____D () C:\ProgramData\ashampoo
2014-05-01 19:47 - 2014-05-01 04:19 - 00000000 ____D () C:\ProgramData\2a2b7f30380e2ce0
2014-05-01 17:59 - 2014-05-01 16:24 - 00000000 ____D () C:\Users\nettmarketing\AppData\Local\Mozilla Thunderbird
2014-05-01 17:02 - 2010-04-07 19:40 - 00000000 ____D () C:\Program Files (x86)\OXXOGames
2014-05-01 16:04 - 2013-11-11 20:10 - 00000000 ____D () C:\Users\nett-marketing\Desktop\Neuer Ordner
2014-05-01 04:21 - 2014-05-01 04:05 - 00000000 ____D () C:\ProgramData\InstallMate
2014-05-01 04:20 - 2014-05-01 04:20 - 04210176 _____ () C:\Program Files (x86)\SN_x64.Booster
2014-05-01 04:19 - 2014-05-01 04:19 - 00000000 ____D () C:\Users\UpdatusUser\AppData\Local\Google
2014-05-01 04:19 - 2014-05-01 04:19 - 00000000 ____D () C:\Users\UpdatusUser\AppData\Local\Comodo
2014-05-01 04:19 - 2014-05-01 04:19 - 00000000 ____D () C:\Users\UpdatusUser\AppData\Local\Chromatic Browser
2014-05-01 04:19 - 2014-05-01 04:19 - 00000000 ____D () C:\Users\nett-marketing\AppData\Local\Packages
2014-05-01 04:19 - 2014-05-01 04:19 - 00000000 ____D () C:\Users\nett-marketing\AppData\Local\Comodo
2014-05-01 04:19 - 2014-05-01 04:19 - 00000000 ____D () C:\Users\nettmarketing\AppData\Local\Comodo
2014-05-01 04:19 - 2014-05-01 04:19 - 00000000 ____D () C:\Users\nett-marketing\AppData\Local\Chromatic Browser
2014-05-01 04:19 - 2014-05-01 04:19 - 00000000 ____D () C:\Users\nettmarketing\AppData\Local\Chromatic Browser
2014-05-01 04:19 - 2014-05-01 04:19 - 00000000 ____D () C:\Users\mcafee\AppData\Local\Google
2014-05-01 04:19 - 2014-05-01 04:19 - 00000000 ____D () C:\Users\mcafee\AppData\Local\Comodo
2014-05-01 04:19 - 2014-05-01 04:19 - 00000000 ____D () C:\Users\mcafee\AppData\Local\Chromatic Browser
2014-05-01 04:19 - 2014-05-01 04:19 - 00000000 ____D () C:\Users\Guest\AppData\Local\Google
2014-05-01 04:19 - 2014-05-01 04:19 - 00000000 ____D () C:\Users\Guest\AppData\Local\Comodo
2014-05-01 04:19 - 2014-05-01 04:19 - 00000000 ____D () C:\Users\Guest\AppData\Local\Chromatic Browser
2014-05-01 04:19 - 2014-05-01 04:19 - 00000000 ____D () C:\Users\Guest
2014-05-01 04:19 - 2014-05-01 04:19 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-05-01 04:19 - 2014-05-01 04:19 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo
2014-05-01 04:19 - 2014-05-01 04:19 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Chromatic Browser
2014-05-01 04:19 - 2014-05-01 04:19 - 00000000 ____D () C:\Users\Administrator
2014-05-01 04:19 - 2011-03-26 20:06 - 00000000 ____D () C:\Users\nettmarketing\AppData\Local\Google
2014-05-01 04:19 - 2011-03-26 20:03 - 00000000 ____D () C:\Users\nett-marketing\AppData\Local\Google
2014-04-30 01:12 - 2011-10-16 17:57 - 00000000 ____D () C:\Users\nett-marketing\AppData\Roaming\Skype
2014-04-28 15:21 - 2010-03-22 21:06 - 00000000 ____D () C:\Users\nett-marketing\AppData\Roaming\FileZilla
2014-04-28 01:49 - 2014-04-28 00:08 - 00000000 ____D () C:\Users\nett-marketing\Desktop\AusgelaufeneLangzeitverträge
2014-04-28 01:17 - 2014-04-16 19:41 - 00000000 ____D () C:\Users\nett-marketing\Desktop\Kundeneingabe Neckermann 16.04.2014
2014-04-26 18:12 - 2012-08-29 23:30 - 00069202 _____ () C:\Users\nett-marketing\Desktop\Postkonto Abbuchungen.xlsx
2014-04-24 02:45 - 2014-04-22 23:44 - 00427102 _____ () C:\Users\nett-marketing\Desktop\Kundenliste Nacharbeit und Auftraege bis 13.02.2014.xlsx
2014-04-24 02:42 - 2014-04-23 23:29 - 00000000 ____D () C:\Users\nett-marketing\Desktop\neckermann 11
2014-04-23 23:31 - 2013-12-20 23:24 - 00000000 ____D () C:\Users\nett-marketing\Desktop\Gesundheit alternative Sichten
2014-04-23 23:30 - 2014-04-16 19:46 - 00000000 ____D () C:\Users\nett-marketing\Desktop\Leslie
2014-04-23 14:49 - 2012-07-18 19:48 - 00000000 ____D () C:\Users\nett-marketing\Desktop\diverse
2014-04-22 15:06 - 2013-11-06 01:41 - 00000000 ____D () C:\Users\nett-marketing\Desktop\Neckermann Strom
2014-04-21 23:48 - 2014-04-17 00:54 - 00042496 _____ () C:\Users\nett-marketing\Desktop\14.3.2014.xls
2014-04-16 19:44 - 2013-05-09 16:49 - 00000000 ____D () C:\Users\nett-marketing\Desktop\Pädagogik

Files to move or delete:
====================
C:\ProgramData\actvxcom_2012_02_09_201714.reg
C:\ProgramData\asm64.dat
C:\ProgramData\ext_2012_02_09_201714.reg
C:\ProgramData\paths_2012_02_09_201714.reg
C:\ProgramData\runs_2012_02_09_201714.reg
C:\ProgramData\shrdlls_2012_02_09_201714.reg
C:\ProgramData\softempt_2012_02_09_201714.reg


Some content of TEMP:
====================
C:\Users\mcafee\AppData\Local\Temp\avgnt.exe
C:\Users\nett-marketing\AppData\Local\Temp\7z920.exe
C:\Users\nett-marketing\AppData\Local\Temp\avgnt.exe
C:\Users\nett-marketing\AppData\Local\Temp\BackupSetup.exe
C:\Users\nett-marketing\AppData\Local\Temp\bi_cleaner.exe
C:\Users\nett-marketing\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpfddtbd.dll
C:\Users\nett-marketing\AppData\Local\Temp\jre_setup.exe
C:\Users\nett-marketing\AppData\Local\Temp\MSETUP4.EXE
C:\Users\nett-marketing\AppData\Local\Temp\Quarantine.exe
C:\Users\nett-marketing\AppData\Local\Temp\sdanircmdc.exe
C:\Users\nett-marketing\AppData\Local\Temp\sdapskill.exe
C:\Users\nett-marketing\AppData\Local\Temp\ShoppinHelper2new2.exe
C:\Users\nett-marketing\AppData\Local\Temp\SHSetup.exe
C:\Users\nett-marketing\AppData\Local\Temp\SkypeSetup.exe
C:\Users\nett-marketing\AppData\Local\Temp\v-bates.exe
C:\Users\nettmarketing\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-05-09 01:07

==================== End Of Log ============================
         
--- --- ---


Die additional.txt habe ich danach als 2. Scan laufen lassen. War das richtig so?

Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-05-2014
Ran by nett-marketing at 2014-05-16 01:20:54
Running from C:\Users\nett-marketing\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

 Update for Microsoft Office 2007 (KB2508958) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version:  - Microsoft)
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
Absolute Uninstaller 2.9.0.722 (HKLM-x32\...\Absolute Uninstaller_is1) (Version:  - Glarysoft.com)
Ad-Aware Browsing Protection (HKLM-x32\...\Ad-Aware Browsing Protection) (Version: 1.0.0.5 - )
Adobe Reader X (10.1.3) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.3 - Adobe Systems Incorporated)
Amazon Kindle (HKCU\...\Amazon Kindle) (Version:  - Amazon)
Audacity 2.0.3 (HKLM-x32\...\Audacity_is1) (Version: 2.0.3 - Audacity Team)
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.3.350 - Avira)
bl (x32 Version: 1.0.0 - Your Company Name) Hidden
calibre (HKLM-x32\...\{B54AA1A2-4450-428D-A01D-E7B2DC7840B5}) (Version: 0.9.17 - Kovid Goyal)
CameraHelperMsi (x32 Version: 13.51.815.0 - Logitech) Hidden
Camtasia Studio 7 (HKLM-x32\...\{DE042823-C359-4B87-B66B-308057E8B6AF}) (Version: 7.0.1 - TechSmith Corporation)
Canon Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version:  - )
Canon MG5300 series Benutzerregistrierung (HKLM-x32\...\Canon MG5300 series Benutzerregistrierung) (Version:  - )
Canon MG5300 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5300_series) (Version:  - Canon Inc.)
Canon MP Navigator EX 5.0 (HKLM-x32\...\MP Navigator EX 5.0) (Version:  - )
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version:  - )
Canon Solution Menu EX (HKLM-x32\...\CanonSolutionMenuEX) (Version:  - )
Canon Utilities Solution Menu (HKLM-x32\...\CanonSolutionMenu) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 3.14 - Piriform)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.2.4478 - CDBurnerXP)
Color Lines Classic (HKLM-x32\...\Color Lines Classic) (Version:  - )
Compatibility Pack für 2007 Office System (HKLM-x32\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAO 3.5/3.6 (HKLM-x32\...\DAO) (Version:  - )
Dropbox (HKCU\...\Dropbox) (Version: 2.6.33 - Dropbox, Inc.)
easy Whiteboard (HKLM-x32\...\easy Whiteboard) (Version:  - )
ElsterFormular (HKLM-x32\...\ElsterFormular 13.2.0.8623p) (Version: 15.1.13904 - Landesfinanzdirektion Thüringen)
ElsterFormular (HKLM-x32\...\ElsterFormular) (Version: 15.2.13992 - Landesfinanzdirektion Thüringen)
erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
FileZilla Client 3.8.0 (HKLM-x32\...\FileZilla Client) (Version: 3.8.0 - Tim Kosse)
FormatFactory 3.0.1 (HKLM-x32\...\FormatFactory) (Version: 3.0.1 - Free Time)
Free PDF to Word Doc Converter v1.1 (HKLM-x32\...\Free PDF to Word Doc Converter_is1) (Version: 1.1 - www.hellopdf.com)
Free Video Converter V 3.2 (HKLM-x32\...\Free Video Converter_is1) (Version: 3.2.0.0 - Koyote Soft)
Free YouTube Download version 3.2.20.1230 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.2.20.1230 - DVDVideoSoft Ltd.)
IsoBuster 2.8.5 (HKLM-x32\...\IsoBuster_is1) (Version: 2.8.5 - Smart Projects)
Java 7 Update 17 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417017FF}) (Version: 7.0.170 - Oracle)
Logitech Webcam-Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.51 - Logitech Inc.)
Luxor Amun Rising with Luxor (HKLM-x32\...\Luxor Amun Rising with Luxor) (Version:  - MumboJumbo, LLC)
LWS Facebook (x32 Version: 13.50.854.0 - Logitech) Hidden
LWS Gallery (x32 Version: 13.51.827.0 - Logitech) Hidden
LWS Help_main (x32 Version: 13.51.828.0 - Logitech) Hidden
LWS Launcher (x32 Version: 13.51.828.0 - Logitech) Hidden
LWS Pictures And Video (x32 Version: 13.51.815.0 - Logitech) Hidden
LWS Twitter (x32 Version: 13.30.1346.0 - Logitech) Hidden
LWS Webcam Software (x32 Version: 13.51.815.0 - Logitech) Hidden
LWS WLM Plugin (x32 Version: 1.30.1201.0 - Logitech) Hidden
LWS YouTube Plugin (x32 Version: 13.31.1038.0 - Logitech) Hidden
Malwarebytes Anti-Malware Version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30320 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30320 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30320 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30320 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30320 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30320 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Extended DEU Language Pack) (Version: 4.0.30320 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30320 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Access MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Groove MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint 2003 Template Pack 1 (HKLM-x32\...\{90AB0407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.5614.0 - Microsoft Corporation)
Microsoft Office PowerPoint 2003 Template Pack 2 (HKLM-x32\...\{90AC0407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.5614.0 - Microsoft Corporation)
Microsoft Office PowerPoint 2003 Template Pack 3 (HKLM-x32\...\{90AD0407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.5614.0 - Microsoft Corporation)
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Publisher MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ Run Time  Lib Setup (HKLM-x32\...\{AAF4238F-7C29-451D-9925-C753271A5728}) (Version: 1.0.0 - Microsoft)
Microsoft_VC80_ATL_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053 - Adobe) Hidden
Microsoft_VC90_ATL_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFCLOC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Mozilla Firefox 29.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 29.0.1 (x86 de)) (Version: 29.0.1 - Mozilla)
Mozilla Thunderbird 24.5.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 24.5.0 (x86 de)) (Version: 24.5.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
NVIDIA 3D Vision Driver 306.97 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 306.97 - NVIDIA Corporation)
NVIDIA Control Panel 306.97 (Version: 306.97 - NVIDIA Corporation) Hidden
NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 1.10 - NVIDIA Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.7 - NVIDIA Corporation)
NVIDIA Graphics Driver 306.97 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 306.97 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.85.551 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.0697 - NVIDIA Corporation) Hidden
NVIDIA Update 1.10.8 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.10.8 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.10.8 - NVIDIA Corporation) Hidden
ph (x32 Version: 1.0.0 - Your Company Name) Hidden
Phase 5 HTML-Editor (HKLM-x32\...\{20B1B020-DEAE-48D1-9960-D4C3185D758B}) (Version: 5.6.2.3 - Systemberatung Schommer)
Pivot Software (x32 Version: 9.03.004 - Portrait Displays, Inc.) Hidden
PVSonyDll (Version: 1.00.0001 - NVIDIA Corporation) Hidden
Pyramids (HKLM-x32\...\Pyramids) (Version:  - )
QuarkXPress Passport 4.0 (HKLM-x32\...\QuarkXPress Passport) (Version:  - )
QuickTime (HKLM-x32\...\InstallShield_{929408E6-D265-4174-805F-81D1D914E2A4}) (Version: 7.0.4 - Apple Computer, Inc.)
QuickTime (x32 Version: 7.0.4 - Apple Computer, Inc.) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6077 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.0.13074_14 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.6.0.13074_14 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.29.0 - SAMSUNG Electronics Co., Ltd.)
SDK (x32 Version: 2.20.009 - Portrait Displays, Inc.) Hidden
Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
SmartControl (HKLM-x32\...\{F4EF231A-7218-41B1-AB84-F5B48B74C50A}) (Version: 2.00.021 - Portrait Displays, Inc.)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.24951 - TeamViewer)
Tweet Adder 3 (HKLM-x32\...\{2E92BEE2-9D81-426D-9B6C-B96B6673C51F}) (Version: 3.0.42 - TweetAdder.com)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{620E77C0-CDFE-4C14-AAEB-830ABB65864C}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{8153EC80-C988-4336-8DAF-6D99C0D26E0C}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{EA54F104-79D2-48CC-9ABC-91A63C43D353}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{5DB2894C-2DA4-4DEF-A051-795AE799964A}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2760413) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{9832AED0-6A0C-4311-9227-FC9CB54F87DD}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
VLC media player 1.1.4 (HKLM-x32\...\VLC media player) (Version: 1.1.4 - VideoLAN)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
Windows Movie Maker 2.6 (HKLM-x32\...\{B3DAF54F-DB25-4586-9EF1-96D24BB14088}) (Version: 2.6.4037.0 - Microsoft Corporation)
WinRAR (HKLM-x32\...\WinRAR archiver) (Version:  - )
XAMPP 1.7.7 (HKLM-x32\...\xampp) (Version:  - )
Xilisoft PowerPoint to Video Converter Free (HKLM-x32\...\Xilisoft PowerPoint to Video Converter Free) (Version: 1.1.0.20120228 - Xilisoft)

==================== Restore Points  =========================

02-11-2013 18:27:14 Scheduled Checkpoint
03-11-2013 21:16:00 Installed Safari
11-11-2013 15:14:55 Scheduled Checkpoint
19-11-2013 15:30:35 Scheduled Checkpoint
23-11-2013 21:56:13 SF-Visitenkarte 12.01 wird entfernt
23-11-2013 22:02:04 Removed Safari
03-12-2013 20:59:18 Scheduled Checkpoint
10-12-2013 21:14:25 Scheduled Checkpoint
18-12-2013 21:01:11 Scheduled Checkpoint
25-12-2013 18:57:43 Removed Citrix Online Launcher
01-01-2014 19:58:08 Scheduled Checkpoint
08-01-2014 18:25:14 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727
08-01-2014 18:26:36 Installed X-Lite 4
16-01-2014 01:22:58 Scheduled Checkpoint
25-01-2014 16:19:40 Scheduled Checkpoint
02-02-2014 18:36:01 Scheduled Checkpoint
09-02-2014 19:31:52 Scheduled Checkpoint
19-02-2014 21:09:14 Scheduled Checkpoint
26-02-2014 23:33:44 Scheduled Checkpoint
06-03-2014 10:38:26 Scheduled Checkpoint
13-03-2014 16:12:08 Scheduled Checkpoint
20-03-2014 16:35:49 Scheduled Checkpoint
24-03-2014 21:19:50 Removed X-Lite 4
24-03-2014 21:20:52 Removed X-Lite 4
24-03-2014 21:30:20 Removed Apple Software Update
02-04-2014 13:17:23 Scheduled Checkpoint
09-04-2014 13:37:23 Scheduled Checkpoint
20-04-2014 22:49:21 Scheduled Checkpoint
28-04-2014 12:37:24 Scheduled Checkpoint
07-05-2014 19:45:54 Scheduled Checkpoint
15-05-2014 20:38:42 Scheduled Checkpoint

==================== Hosts content: ==========================

2009-07-14 04:34 - 2013-03-08 20:24 - 00000975 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1            localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {183120D3-95D3-4703-95A5-C9297CF04990} - System32\Tasks\{68071FDD-8966-4151-8735-5667D735A9D0} => S:\QuarkXPress Passport.exe [2013-09-18] (Quark, Inc.)
Task: {1AC8A344-2292-48DA-8D3A-F619E76D1427} - \Desk 365 RunAsStdUser No Task File <==== ATTENTION
Task: {23ECB008-8358-42A8-9BFE-EF1E13C2E1D5} - \Omiga Plus RunAsStdUser No Task File <==== ATTENTION
Task: {3114477E-A213-4E2C-919A-A1DAF8148E33} - System32\Tasks\{21C46933-229A-4F13-A7CB-242DFF87EB8F} => C:\Users\nett-marketing\Desktop\DosSpiele\Warcraft\WARCRAFT\SETUP.EXE
Task: {33A296F7-CEDE-4901-96E3-F89990D5BF34} - System32\Tasks\Ad-Aware Antivirus Scheduled Scan => C:\PROGRA~2\AD-AWA~1\AdAwareLauncher.exe
Task: {3421AE3C-EAAA-49DA-B285-DF4E06B79A5F} - System32\Tasks\{0F9B666D-8123-4FE5-B5C4-10F1A41AFD42} => S:\QuarkXPress Passport.exe [2013-09-18] (Quark, Inc.)
Task: {37D09DC2-7430-44EB-BF39-F659E733F1C6} - System32\Tasks\{923E20A4-1F2A-48A6-BDCA-E8E736BF2787} => S:\QuarkXPress Passport.exe [2013-09-18] (Quark, Inc.)
Task: {4679066F-36DD-4241-9D38-E67EF1F356DD} - System32\Tasks\{361C21D3-2798-466D-B2A5-0E517C5F9680} => Chrome.exe hxxp://ui.skype.com/ui/0/5.3.0.111/de/eula
Task: {5634CF20-9951-41C5-8701-ADD1A5522CEF} - System32\Tasks\{C00C613E-CFD6-4D29-87BE-F40381FBD645} => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [2009-09-16] (Tonec Inc.)
Task: {5CA6D9AC-4293-48E9-B0D1-AD330E76DF3C} - System32\Tasks\{E3FA2E35-FABC-4B3B-8F4E-DE7ED7591635} => Chrome.exe hxxp://ui.skype.com/ui/0/5.3.0.111/de/eula
Task: {7925DFB6-DA63-418D-8BEE-596930B079BE} - System32\Tasks\{0D955565-D8D3-400F-8F4F-6862F818B0A0} => C:\Titans of Steel\progs\tcc.exe
Task: {88C4B498-D66D-4743-88E6-7F65411555DE} - \Digital Sites No Task File <==== ATTENTION
Task: {9016F65A-FE0C-4395-A1AB-AD012A6E6D7E} - \DigitalSite No Task File <==== ATTENTION
Task: {94A48838-4266-44B7-B889-47BD98D8972B} - System32\Tasks\{7A5650FF-7BC0-4782-A9AD-28DD807A8FDA} => Chrome.exe hxxp://ui.skype.com/ui/0/5.3.0.111/de/eula
Task: {96478002-DABD-4CAE-B746-15875B5222B5} - System32\Tasks\{A70E83A0-64E8-4D3B-9B86-74D55304DBAD} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2014-02-10] (Skype Technologies S.A.)
Task: {A86DB796-D466-49D0-9085-40083C75519D} - System32\Tasks\FF Watcher {9896ED89-C434-4C56-BFDB-EB80ED609BB4} => C:\Program Files\V-bates\PrefHelper.exe
Task: {B35A6282-3B5B-4594-AE74-BF5BBAD3ADC1} - System32\Tasks\{6FC2701E-B741-4883-9FA0-F7FAC88C4938} => Firefox.exe hxxp://ui.skype.com/ui/0/6.10.0.104/de/abandoninstall?page=tsProgressBar
Task: {C53A9118-DFE0-44EE-A0AA-91B7DCED8D76} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-1304805427-2328156682-2798200666-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {C6E1414A-6494-4024-B21D-E61BA171142C} - System32\Tasks\{3A7DE6F3-090D-4252-8968-6083674D3A2A} => C:\Users\nett-marketing\Desktop\DosSpiele\Warcraft\WARCRAFT\SETUP.EXE
Task: {D6CCD25D-7725-4C7C-931E-ABE8C19F32FC} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-1304805427-2328156682-2798200666-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {E8D8DE26-B5AE-4499-AA66-4BC062FE77F6} - \66b7b150 No Task File <==== ATTENTION
Task: C:\Windows\Tasks\FF Watcher {9896ED89-C434-4C56-BFDB-EB80ED609BB4}.job => C:\Program Files\V-bates\PrefHelper.exe

==================== Loaded Modules (whitelisted) =============

2012-10-19 02:33 - 2012-10-02 21:51 - 00086888 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2011-07-15 21:29 - 2010-01-28 15:31 - 00080496 _____ () C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe
2011-09-09 19:46 - 2011-09-09 19:46 - 08158720 _____ () c:\xampp\mysql\bin\mysqld.exe
2010-01-02 16:42 - 2010-01-02 16:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2010-05-01 09:01 - 2010-03-15 11:28 - 00052224 _____ () C:\Program Files (x86)\WinRAR\rarext64.dll
2012-09-13 01:38 - 2012-09-13 01:38 - 00264040 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
2013-05-31 20:22 - 2013-05-31 20:18 - 00397704 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2014-05-15 18:51 - 2014-05-15 18:51 - 00041984 _____ () C:\Users\nett-marketing\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpfddtbd.dll
2013-10-19 01:55 - 2013-10-19 01:55 - 25100288 _____ () C:\Users\nett-marketing\AppData\Roaming\Dropbox\bin\libcef.dll
2014-03-28 11:35 - 2014-03-28 11:35 - 00093696 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
2012-09-13 01:38 - 2012-09-13 01:38 - 02144104 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtCore4.dll
2012-09-13 01:38 - 2012-09-13 01:38 - 07955304 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtGui4.dll
2012-09-13 01:38 - 2012-09-13 01:38 - 00341352 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtXml4.dll
2012-09-13 01:38 - 2012-09-13 01:38 - 00028008 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QGif4.dll
2012-09-13 01:38 - 2012-09-13 01:38 - 00127336 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll
2012-09-13 01:39 - 2012-09-13 01:39 - 00336232 _____ () C:\Program Files (x86)\Common Files\logishrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll
2013-03-24 00:14 - 2014-05-11 21:23 - 03839088 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-05-01 16:24 - 2014-05-01 16:24 - 03019888 _____ () C:\Users\nettmarketing\AppData\Local\Mozilla Thunderbird\mozjs.dll
2014-05-01 16:24 - 2014-05-01 16:24 - 00158832 _____ () C:\Users\nettmarketing\AppData\Local\Mozilla Thunderbird\NSLDAP32V60.dll
2014-05-01 16:24 - 2014-05-01 16:24 - 00023152 _____ () C:\Users\nettmarketing\AppData\Local\Mozilla Thunderbird\NSLDAPPR32V60.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Users\nett-marketing:zylomtest
AlternateDataStreams: C:\Users\nett-marketing:zylomtr{000HQ7FF-AD7A-3FG6-OKQM-24KG7RVO4VUQ}

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"

==================== EXE Association (whitelisted) =============


==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============

Name: SBRE
Description: SBRE
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: SBRE
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Standardtastatur (PS/2)
Description: Standardtastatur (PS/2)
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standardtastaturen)
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (05/15/2014 00:35:59 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (05/15/2014 00:18:51 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.


System errors:
=============
Error: (05/15/2014 11:16:13 PM) (Source: Microsoft-Windows-HAL) (EventID: 12) (User: )
Description: Der Speicher wurde beim letzten Leistungsübergang des Systems von der Plattformfirmware beschädigt. Überprüfen Sie, ob für Ihr System aktualisierte Firmware verfügbar ist.

Error: (05/15/2014 06:51:27 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
SBRE

Error: (05/15/2014 06:50:10 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "ASPI32" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (05/15/2014 06:49:43 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\cdrbsdrv.SYS nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.

Error: (05/15/2014 06:49:42 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\cdrbsdrv.SYS nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.

Error: (05/15/2014 11:14:06 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Der Dienst "Apache2.2" wurde mit folgendem dienstspezifischem Fehler beendet: %%1.

Error: (05/15/2014 10:39:27 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
SBRE

Error: (05/15/2014 10:38:46 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "ASPI32" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (05/15/2014 10:38:19 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\cdrbsdrv.SYS nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.

Error: (05/15/2014 10:38:17 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\cdrbsdrv.SYS nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.


Microsoft Office Sessions:
=========================
Error: (04/16/2014 06:18:52 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6662.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 683 seconds with 180 seconds of active time.  This session ended with a crash.

Error: (04/15/2014 07:08:58 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6662.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 27 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (04/08/2014 09:43:06 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6662.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 234 seconds with 180 seconds of active time.  This session ended with a crash.

Error: (04/03/2014 01:35:08 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 290 seconds with 120 seconds of active time.  This session ended with a crash.

Error: (04/03/2014 01:32:44 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6662.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 185 seconds with 120 seconds of active time.  This session ended with a crash.

Error: (03/23/2014 04:04:12 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6662.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 19 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (03/17/2014 07:57:32 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6662.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 4 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (03/13/2014 03:14:13 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6662.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 5639 seconds with 120 seconds of active time.  This session ended with a crash.

Error: (03/12/2014 02:33:53 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6662.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 510 seconds with 420 seconds of active time.  This session ended with a crash.

Error: (03/10/2014 00:59:20 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6662.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 3611 seconds with 1620 seconds of active time.  This session ended with a crash.


CodeIntegrity Errors:
===================================
  Date: 2012-07-31 20:41:34.664
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2012-07-31 20:41:34.617
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2012-07-28 22:22:41.761
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2012-07-28 22:22:41.714
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2012-07-27 18:33:59.752
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows.old\Windows\winsxs\wow64_microsoft-windows-tpm-driver-wmi_31bf3856ad364e35_6.0.6001.18000_none_d6005436ad01f9a3\Win32_Tpm.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-07-27 18:33:59.674
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows.old\Windows\winsxs\wow64_microsoft-windows-tpm-driver-wmi_31bf3856ad364e35_6.0.6001.18000_none_d6005436ad01f9a3\Win32_Tpm.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-07-27 18:33:59.580
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows.old\Windows\winsxs\wow64_microsoft-windows-tpm-driver-wmi_31bf3856ad364e35_6.0.6001.18000_none_d6005436ad01f9a3\Win32_Tpm.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-07-27 18:33:39.456
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows.old\Windows\winsxs\wow64_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6001.18000_none_54ffd942dc23dbc0\bcrypt.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-07-27 18:33:39.378
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows.old\Windows\winsxs\wow64_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6001.18000_none_54ffd942dc23dbc0\bcrypt.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-07-27 18:33:39.269
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows.old\Windows\winsxs\wow64_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6001.18000_none_54ffd942dc23dbc0\bcrypt.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Percentage of memory in use: 38%
Total physical RAM: 4095.23 MB
Available physical RAM: 2526.37 MB
Total Pagefile: 8188.64 MB
Available Pagefile: 5555.29 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:919.79 GB) (Free:421.58 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (TIAN_GONG) (CDROM) (Total:1.99 GB) (Free:0 GB) UDF
Drive s: () (Fixed) (Total:931.51 GB) (Free:804.79 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 932 GB) (Disk ID: 038480CF)
Partition 1: (Not Active) - (Size=932 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 7046A4E4)
Partition 1: (Not Active) - (Size=12 GB) - (Type=27)
Partition 2: (Active) - (Size=920 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         
Ich wünsche dir einen schönen Tag.

Lyci
__________________

Alt 16.05.2014, 13:58   #4
schrauber
/// the machine
/// TB-Ausbilder
 

lpcloudbox329.com _ newall.com leiten permanent um - Standard

lpcloudbox329.com _ newall.com leiten permanent um



hi,

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 16.05.2014, 21:48   #5
lyci
 
lpcloudbox329.com _ newall.com leiten permanent um - Standard

lpcloudbox329.com _ newall.com leiten permanent um



Hi Schrauber,

hier die gewünschte Info:

Code:
ATTFilter
ComboFix 14-05-16.01 - nett-marketing 16.05.2014  20:54:08.4.4 - x64
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.49.1033.18.4095.3325 [GMT 2:00]
ausgeführt von:: c:\users\nett-marketing\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Desktop *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\nett-marketing\AppData\Local\Microsoft\Windows\Temporary Internet Files\Whilokii_iels
c:\windows\IsUn0407.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2014-04-16 bis 2014-05-16  ))))))))))))))))))))))))))))))
.
.
2014-05-16 19:01 . 2014-05-16 19:01	--------	d-----w-	c:\users\UpdatusUser\AppData\Local\temp
2014-05-15 19:31 . 2014-05-15 19:31	--------	d-----w-	c:\users\nett-marketing\AppData\Roaming\VSRevoGroup
2014-05-15 08:48 . 2014-05-15 08:50	--------	d-----w-	c:\users\nett-marketing\AppData\Roaming\GlarySoft
2014-05-15 08:48 . 2014-05-15 08:48	--------	d-----w-	c:\program files (x86)\Absolute Uninstaller
2014-05-14 22:18 . 2014-05-14 22:18	--------	d-----w-	c:\program files (x86)\ESET
2014-05-14 21:51 . 2010-08-30 06:34	536576	----a-w-	c:\windows\SysWow64\sqlite3.dll
2014-05-14 21:26 . 2014-05-14 21:28	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2014-05-14 21:26 . 2013-04-04 12:50	25928	----a-w-	c:\windows\system32\drivers\mbam.sys
2014-05-11 19:23 . 2014-05-11 19:23	10594416	----a-w-	c:\program files (x86)\Mozilla Firefox\icudt52.dll
2014-05-11 19:23 . 2014-05-11 19:23	965232	----a-w-	c:\program files (x86)\Mozilla Firefox\icuuc52.dll
2014-05-11 19:23 . 2014-05-11 19:23	1266800	----a-w-	c:\program files (x86)\Mozilla Firefox\icuin52.dll
2014-05-06 10:36 . 2014-05-06 10:36	--------	d-----w-	c:\users\nettmarketing\AppData\Local\Logitech® Webcam-Software
2014-05-06 10:34 . 2014-05-06 10:34	--------	d-----w-	c:\users\mcafee\AppData\Local\Programs
2014-05-06 10:34 . 2014-05-06 10:34	--------	d-----w-	c:\users\nettmarketing\AppData\Roaming\Canon
2014-05-06 10:33 . 2014-05-06 10:33	--------	d-----w-	c:\users\nettmarketing\AppData\Roaming\Malwarebytes
2014-05-01 14:24 . 2014-05-01 15:59	--------	d-----w-	c:\users\nettmarketing\AppData\Local\Mozilla Thunderbird
2014-05-01 02:20 . 2014-05-01 02:20	4210176	----a-w-	c:\program files (x86)\SN_x64.Booster
2014-05-01 02:05 . 2014-05-14 21:46	--------	d-----w-	c:\programdata\MiniApp
2014-05-01 02:05 . 2014-05-01 02:21	--------	d-----w-	c:\programdata\InstallMate
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09	131248	----a-w-	c:\users\nett-marketing\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09	131248	----a-w-	c:\users\nett-marketing\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09	131248	----a-w-	c:\users\nett-marketing\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09	131248	----a-w-	c:\users\nett-marketing\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2014-02-18 689744]
"CanonSolutionMenuEx"="c:\program files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE" [2011-08-04 1612920]
"LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2012-09-12 204136]
.
c:\users\nett-marketing\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech . Produktregistrierung.lnk - c:\program files (x86)\Logitech\Ereg\eReg.exe /remind /language=DEU /_WFM="." [2009-11-16 517384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"RequireSignedAppInit_DLLs"=0 (0x0)
"LoadAppInit_DLLs"=1 (0x1)
.
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys;c:\windows\SYSNATIVE\drivers\SBREdrv.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys;c:\windows\SYSNATIVE\Drivers\ANDROIDUSB.sys [x]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 s115bus;Sony Ericsson Device 115 driver (WDM);c:\windows\system32\DRIVERS\s115bus.sys;c:\windows\SYSNATIVE\DRIVERS\s115bus.sys [x]
R3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s115mdfl.sys;c:\windows\SYSNATIVE\DRIVERS\s115mdfl.sys [x]
R3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s115mdm.sys;c:\windows\SYSNATIVE\DRIVERS\s115mdm.sys [x]
R3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s115mgmt.sys;c:\windows\SYSNATIVE\DRIVERS\s115mgmt.sys [x]
R3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s115obex.sys;c:\windows\SYSNATIVE\DRIVERS\s115obex.sys [x]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;tsusbhub [x]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys;c:\windows\SYSNATIVE\drivers\mfewfpk.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 Apache2.2;Apache2.2;c:\xampp\apache\bin\httpd.exe;c:\xampp\apache\bin\httpd.exe [x]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe;c:\windows\SYSNATIVE\mfevtps.exe [x]
S2 PdiService;Portrait Displays SDK Service;c:\program files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe;c:\program files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 TeamViewer9;TeamViewer 9;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09	164016	----a-w-	c:\users\nett-marketing\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09	164016	----a-w-	c:\users\nett-marketing\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09	164016	----a-w-	c:\users\nett-marketing\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09	164016	----a-w-	c:\users\nett-marketing\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-03-26 10135584]
"NVRaidService"="c:\windows\system32\nvraidservice.exe" [2009-06-30 291872]
"CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-15 644696]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2011-03-14 2779024]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SYSTEM32\blank.htm
mDefault_Page_URL = hxxp://www.google.com
uSearchAssistant = hxxp://www.google.com
mCustomizeSearch = hxxp://www.google.com/
mSearchAssistant = hxxp://www.google.com/
IE: Free YouTube Download - c:\program files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm
TCP: DhcpNameServer = 192.168.254.254
FF - ProfilePath - c:\users\nett-marketing\AppData\Roaming\Mozilla\Firefox\Profiles\m8tbqzhj.default\
FF - prefs.js: Keyword.Enabled - true
FF - prefs.js: browser.search.defaulturl - 
FF - prefs.js: browser.startup.homepage - about:home
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-DAO - c:\windows\IsUn0407.exe
AddRemove-Free Video Converter_is1 - c:\program files (x86)\Free Video Converter\uninstall.exe
AddRemove-Pyramids - c:\windows\system32\msinfhlp.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1304805427-2328156682-2798200666-1000_Classes\Wow6432Node\CLSID\{42edf80a-5931-47cc-9f47-312476b0f514}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:0000010d
"Therad"=dword:0000001d
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
   38,95,44,85,b1,12,f9,90,dd,23,a1,69,93,bb,24,22,74,13,4c,66,a8,b1,e0,92,ab,\
.
[HKEY_USERS\S-1-5-21-1304805427-2328156682-2798200666-1000_Classes\Wow6432Node\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):3b,52,0b,c5,59,28,b6,be,6e,02,7a,46,8f,8f,c8,ac,6a,d8,c7,2a,ee,
   b8,b4,24,b1,8c,d1,a4,10,70,7b,c2,a2,18,db,29,80,38,c8,95,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-1304805427-2328156682-2798200666-1000_Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):6e,8c,14,15,b2,06,59,a9,75,e6,4f,b4,72,c8,8c,a4,34,09,8f,fc,f9,
   fd,86,70,72,53,94,ef,bc,a0,e2,b0,3c,fe,af,ee,05,7d,c2,b1,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-1304805427-2328156682-2798200666-1000_Classes\Wow6432Node\CLSID\{e81c3f0a-0596-491f-bf82-8f5b7fe7509b}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:0000001f
"Therad"=dword:0000001e
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
   38,95,44,c3,4d,9e,47,61,a7,8f,c3,2f,e9,ec,3d,5a,92,05,e8,0f,8a,ad,5e,c4,ee,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2014-05-16  21:04:25
ComboFix-quarantined-files.txt  2014-05-16 19:04
.
Vor Suchlauf: 36 Verzeichnis(se), 481.055.232.000 Bytes frei
Nach Suchlauf: 38 Verzeichnis(se), 485.831.229.440 Bytes frei
.
- - End Of File - - 44B046F8F9226A5E257EBB8D4C4C9E75
5C616939100B85E558DA92B899A0FC36
         
Vielen Dank

Lyci


Alt 17.05.2014, 20:45   #6
schrauber
/// the machine
/// TB-Ausbilder
 

lpcloudbox329.com _ newall.com leiten permanent um - Standard

lpcloudbox329.com _ newall.com leiten permanent um



Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________
--> lpcloudbox329.com _ newall.com leiten permanent um

Alt 20.05.2014, 23:47   #7
lyci
 
lpcloudbox329.com _ newall.com leiten permanent um - Standard

lpcloudbox329.com _ newall.com leiten permanent um



Hi Schrauber,

hier die gewünschten Dateien:

Code:
ATTFilter
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2014.05.14.09

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
nett-marketing :: NETT-MARKETING1 [Administrator]

20.05.2014 21:14:51
mbam-log-2014-05-20 (21-14-51).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 360275
Laufzeit: 7 Minute(n), 24 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         
und:

Code:
ATTFilter
# AdwCleaner v3.210 - Report created 20/05/2014 at 22:45:21
# Updated 19/05/2014 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
# Username : nett-marketing - NETT-MARKETING1
# Running from : C:\Users\nett-marketing\Desktop\adwcleaner_3.210.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Users\Administrator\AppData\Local\Chromatic Browser
Folder Deleted : C:\Users\Guest\AppData\Local\Chromatic Browser
Folder Deleted : C:\Users\mcafee\AppData\Local\Chromatic Browser
Folder Deleted : C:\Users\nett-marketing\AppData\Local\Chromatic Browser
Folder Deleted : C:\Users\nettmarketing\AppData\Local\Chromatic Browser
Folder Deleted : C:\Users\UpdatusUser\AppData\Local\Chromatic Browser
Folder Deleted : C:\Users\nettmarketing\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljmibnagodajacnnbifpamhggcohblip

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\biclient_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\biclient_RASMANCS

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16455


-\\ Mozilla Firefox v29.0.1 (de)

[ File : C:\Users\mcafee\AppData\Roaming\Mozilla\Firefox\Profiles\6pq9z67b.default\prefs.js ]


[ File : C:\Users\nett-marketing\AppData\Roaming\Mozilla\Firefox\Profiles\m8tbqzhj.default\prefs.js ]

Line Deleted : user_pref("browser.uiCustomization.state", "{\"placements\":{\"PanelUI-contents\":[\"edit-controls\",\"zoom-controls\",\"new-window-button\",\"privatebrowsing-button\",\"save-page-button\",\"print-but[...]

[ File : C:\Users\nettmarketing\AppData\Roaming\Mozilla\Firefox\Profiles\q5sbmr4i.default\prefs.js ]


-\\ Google Chrome v

[ File : C:\Users\nett-marketing\AppData\Local\Google\Chrome\User Data\Default\preferences ]


[ File : C:\Users\nettmarketing\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [5086 octets] - [25/08/2013 15:29:27]
AdwCleaner[R1].txt - [14469 octets] - [14/05/2014 23:50:19]
AdwCleaner[R2].txt - [2357 octets] - [20/05/2014 22:05:01]
AdwCleaner[S0].txt - [3696 octets] - [25/08/2013 15:30:22]
AdwCleaner[S1].txt - [13358 octets] - [14/05/2014 23:51:58]
AdwCleaner[S2].txt - [2298 octets] - [20/05/2014 22:45:21]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [2358 octets] ##########
         
und

JRT Logfile:
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Ultimate x64
Ran by nett-marketing on 20.05.2014 at 23:18:09,62
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Successfully deleted the following from C:\Users\nett-marketing\AppData\Roaming\mozilla\firefox\profiles\m8tbqzhj.default\prefs.js

user_pref("browser.uiCustomization.state", "{\"placements\":{\"PanelUI-contents\":[\"edit-controls\",\"zoom-controls\",\"new-window-button\",\"privatebrowsing-button\",\"save-



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 20.05.2014 at 23:25:34,41
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
--- --- ---


und dann noch:


FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-05-2014
Ran by nett-marketing (administrator) on NETT-MARKETING1 on 20-05-2014 23:40:56
Running from C:\Users\nett-marketing\Desktop
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apache Software Foundation) C:\xampp\apache\bin\httpd.exe
() C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
() C:\xampp\mysql\bin\mysqld.exe
(Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Apache Software Foundation) C:\xampp\apache\bin\httpd.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(NVIDIA Corporation) C:\Windows\System32\nvraidservice.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(CANON INC.) C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
(Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
() C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(CANON INC.) C:\Program Files (x86)\Canon\Solution Menu EX\CNSEUPDT.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Users\nettmarketing\AppData\Local\Mozilla Thunderbird\thunderbird.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10135584 2010-03-26] (Realtek Semiconductor)
HKLM\...\Run: [NVRaidService] => C:\Windows\system32\nvraidservice.exe [291872 2009-06-30] (NVIDIA Corporation)
HKLM\...\Run: [CanonSolutionMenu] => C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe [644696 2007-05-15] (CANON INC.)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2779024 2011-03-14] (CANON INC.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-18] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [CanonSolutionMenuEx] => C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [1612920 2011-08-04] (CANON INC.)
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-13] (Logitech Inc.)
Startup: C:\Users\nett-marketing\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk
ShortcutTarget: Logitech . Produktregistrierung.lnk -> C:\Program Files (x86)\Logitech\Ereg\eReg.exe (Leader Technologies/Logitech)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xE0631527FB34CB01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.254.254
Tcpip\..\Interfaces\{DDFB34AE-F807-4974-AF8E-758837A55731}: [NameServer]62.220.18.8 89.246.64.8

FireFox:
========
FF ProfilePath: C:\Users\nett-marketing\AppData\Roaming\Mozilla\Firefox\Profiles\m8tbqzhj.default
FF SearchEngineOrder.1: Google
FF Homepage: about:home
FF NetworkProxy: "no_proxies_on", ""
FF Plugin-x32: @canon.com/EPPEX - C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin-x32: @java.com/DTPlugin,version=10.5.1 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\deployJava1.dll (Oracle Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\msvcr100.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll (Oracle Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npdeploytk.dll (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npDivxPlayerPlugin.dll (DivX, Inc)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npjp2.dll (Oracle Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Computer, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Computer, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Computer, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Computer, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Computer, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll (Apple Computer, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll (Apple Computer, Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: ProxTube - Unblock YouTube - C:\Users\nett-marketing\AppData\Roaming\Mozilla\Firefox\Profiles\m8tbqzhj.default\Extensions\{2541D29A-DB9E-4c1e-949A-31EFB4AEF4E7} [2013-12-05]
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru [2010-03-22]
FF HKCU\...\Firefox\Extensions: [{78D3E302-AEE0-40BB-B866-28A0139E12C8}] - C:\Users\nett-marketing\AppData\Local\{78D3E302-AEE0-40BB-B866-28A0139E12C8}
FF Extension: XULRunner - C:\Users\nett-marketing\AppData\Local\{78D3E302-AEE0-40BB-B866-28A0139E12C8} [2011-02-23]
FF HKCU\...\Firefox\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\nett-marketing\AppData\Roaming\IDM\idmmzcc3

Chrome: 
=======
CHR HomePage: chrome://newtab
CHR RestoreOnStartup: "hxxp://www.giga.de/"
CHR Extension: (Google Docs) - C:\Users\nett-marketing\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-11-20]
CHR Extension: (Google Drive) - C:\Users\nett-marketing\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-11-20]
CHR Extension: (No Name) - C:\Users\nett-marketing\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgobkgfjhllehahjkppdildejhlckcaf [2014-05-01]
CHR Extension: (YouTube) - C:\Users\nett-marketing\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-11-20]
CHR Extension: (Google-Suche) - C:\Users\nett-marketing\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-11-20]
CHR Extension: (Zhongwen A Chinese English Popup Dictionary) - C:\Users\nett-marketing\AppData\Local\Google\Chrome\User Data\Default\Extensions\kkmlkkjojmombglmlpbpapmhcaljjkde [2014-05-01]
CHR Extension: (Google Wallet) - C:\Users\nett-marketing\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-20]
CHR Extension: (No Name) - C:\Users\nett-marketing\AppData\Local\Google\Chrome\User Data\Default\Extensions\odajaaboifmknjnggkgmfamdebbhbfji [2014-05-01]
CHR Extension: (Google Mail) - C:\Users\nett-marketing\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-11-20]
CHR HKLM-x32\...\Chrome\Extension: [obcjlnjgjjgghcedkcohaeboelbblehc] - C:\Program Files (x86)\1clickmoviedownloader.com\clickmoviedownloader10.crx [2013-11-20]
CHR HKLM-x32\...\Chrome\Extension: [ohlfohjgijhjlpidbbnmcdooegafnnnm] - C:\Program Files (x86)\SockshareDownloader\SockshareDownloader10.crx [2012-11-15]

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-18] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-18] (Avira Operations GmbH & Co. KG)
R2 Apache2.2; c:\xampp\apache\bin\httpd.exe [18432 2011-09-10] (Apache Software Foundation)
R2 DTSRVC; C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe [80496 2010-01-28] ()
S3 FileZilla Server; c:\xampp\FileZillaFTP\FileZillaServer.exe [630272 2011-06-07] (FileZilla Project)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [177144 2012-07-17] (McAfee, Inc.)
R2 mysql; c:\xampp\mysql\bin\mysqld.exe [8158720 2011-09-09] ()

==================== Drivers (Whitelisted) ====================

S2 ASPI32; No ImagePath
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-17] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-17] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-25] (Avira Operations GmbH & Co. KG)
S1 cdrbsdrv; C:\Windows\SysWow64\Drivers\cdrbsdrv.sys [33408 2011-01-16] (B.H.A Corporation)
S3 mfeapfk; C:\Windows\system32\drivers\mfeapfk.sys [169320 2012-07-17] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [752672 2012-07-17] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [335784 2012-07-17] (McAfee, Inc.)
R0 nvrd64; C:\Windows\System32\DRIVERS\nvrd64.sys [175648 2009-08-04] (NVIDIA Corporation)
R3 PdiPorts; C:\Windows\System32\DRIVERS\PdiPorts.sys [20592 2009-12-17] (Portrait Displays, Inc.)
S3 s115bus; C:\Windows\System32\DRIVERS\s115bus.sys [108296 2007-04-23] (MCCI Corporation)
S3 s115mdfl; C:\Windows\System32\DRIVERS\s115mdfl.sys [19720 2007-04-23] (MCCI Corporation)
S3 s115mdm; C:\Windows\System32\DRIVERS\s115mdm.sys [144648 2007-04-23] (MCCI Corporation)
S3 s115mgmt; C:\Windows\System32\DRIVERS\s115mgmt.sys [126216 2007-04-23] (MCCI Corporation)
S3 s115obex; C:\Windows\System32\DRIVERS\s115obex.sys [123656 2007-04-23] (MCCI Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
S1 SBRE; \??\C:\Windows\system32\drivers\SBREdrv.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-20 23:25 - 2014-05-20 23:25 - 00000962 _____ () C:\Users\nett-marketing\Desktop\JRT.txt
2014-05-20 22:04 - 2014-05-20 22:04 - 01326389 _____ () C:\Users\nett-marketing\Desktop\adwcleaner_3.210.exe
2014-05-18 19:11 - 2014-05-18 19:11 - 01069776 _____ (Solid State Networks) C:\Users\nett-marketing\Desktop\install_flashplayer13x32_mssd_aaa_aih.exe
2014-05-16 21:45 - 2014-05-16 21:45 - 00014340 _____ () C:\Users\nett-marketing\Desktop\16_05_2014.txt
2014-05-16 21:04 - 2014-05-16 21:04 - 00014340 _____ () C:\ComboFix.txt
2014-05-16 20:51 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-05-16 20:51 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-05-16 20:51 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-05-16 20:51 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-05-16 20:51 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-05-16 20:51 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-05-16 20:51 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-05-16 20:51 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-05-16 19:53 - 2014-05-16 21:04 - 00000000 ____D () C:\Qoobox
2014-05-16 19:51 - 2014-05-16 19:52 - 05200990 ____R (Swearware) C:\Users\nett-marketing\Desktop\ComboFix.exe
2014-05-16 01:20 - 2014-05-16 01:21 - 00043666 _____ () C:\Users\nett-marketing\Desktop\Addition.txt
2014-05-16 01:17 - 2014-05-20 23:40 - 00015522 _____ () C:\Users\nett-marketing\Desktop\FRST.txt
2014-05-16 01:17 - 2014-05-16 01:17 - 00000000 ____D () C:\Users\nett-marketing\Desktop\FRST-OlderVersion
2014-05-15 21:31 - 2014-05-15 21:31 - 00000000 ____D () C:\Users\nett-marketing\AppData\Roaming\VSRevoGroup
2014-05-15 21:29 - 2014-05-15 21:29 - 00001271 _____ () C:\Users\nett-marketing\Desktop\Revo Uninstaller.lnk
2014-05-15 21:28 - 2014-05-15 21:28 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\nett-marketing\Desktop\revosetup95.exe
2014-05-15 21:27 - 2014-05-16 01:17 - 02067456 _____ (Farbar) C:\Users\nett-marketing\Desktop\FRST64.exe
2014-05-15 10:48 - 2014-05-15 10:50 - 00000000 ____D () C:\Users\nett-marketing\AppData\Roaming\GlarySoft
2014-05-15 10:48 - 2014-05-15 10:48 - 00001113 _____ () C:\Users\nett-marketing\Desktop\Absolute Uninstaller.lnk
2014-05-15 00:18 - 2014-05-15 00:18 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-05-15 00:17 - 2014-05-15 00:35 - 00001222 _____ () C:\sc-cleaner.txt
2014-05-14 23:51 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-05-14 23:27 - 2014-05-14 23:28 - 00001116 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-05-14 23:27 - 2014-05-14 23:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
2014-05-14 23:26 - 2014-05-14 23:28 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-05-14 23:26 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-14 22:43 - 2014-05-14 22:43 - 00441592 _____ (Bleeping Computer, LLC) C:\Users\nett-marketing\Desktop\sc-cleaner.exe
2014-05-06 16:39 - 2014-05-06 16:39 - 00629906 _____ () C:\Users\nett-marketing\Desktop\Vertrag_MKS.jpeg
2014-05-06 16:39 - 2014-05-06 16:39 - 00587211 _____ () C:\Users\nett-marketing\Desktop\Vertag_MKS_3.jpeg
2014-05-06 16:39 - 2014-05-06 16:39 - 00576745 _____ () C:\Users\nett-marketing\Desktop\Vertrag_MKS_2.jpeg
2014-05-06 12:36 - 2014-05-06 12:36 - 00000000 ____D () C:\Users\nettmarketing\AppData\Local\Logitech® Webcam-Software
2014-05-06 12:34 - 2014-05-06 12:34 - 00000000 ____D () C:\Users\nettmarketing\AppData\Roaming\Canon
2014-05-06 12:33 - 2014-05-06 12:33 - 00000000 ____D () C:\Users\nettmarketing\AppData\Roaming\Malwarebytes
2014-05-01 23:29 - 2014-05-01 23:29 - 00000206 _____ () C:\Users\Public\Desktop\Deutschland Digital.url
2014-05-01 16:24 - 2014-05-01 17:59 - 00000000 ____D () C:\Users\nettmarketing\AppData\Local\Mozilla Thunderbird
2014-05-01 04:20 - 2014-05-01 04:20 - 04210176 _____ () C:\Program Files (x86)\SN_x64.Booster
2014-05-01 04:19 - 2014-05-01 19:47 - 00000000 ____D () C:\ProgramData\2a2b7f30380e2ce0
2014-05-01 04:19 - 2014-05-01 04:19 - 00000000 ____D () C:\Users\UpdatusUser\AppData\Local\Google
2014-05-01 04:19 - 2014-05-01 04:19 - 00000000 ____D () C:\Users\UpdatusUser\AppData\Local\Comodo
2014-05-01 04:19 - 2014-05-01 04:19 - 00000000 ____D () C:\Users\nett-marketing\AppData\Local\Packages
2014-05-01 04:19 - 2014-05-01 04:19 - 00000000 ____D () C:\Users\nett-marketing\AppData\Local\Comodo
2014-05-01 04:19 - 2014-05-01 04:19 - 00000000 ____D () C:\Users\nettmarketing\AppData\Local\Comodo
2014-05-01 04:19 - 2014-05-01 04:19 - 00000000 ____D () C:\Users\mcafee\AppData\Local\Google
2014-05-01 04:19 - 2014-05-01 04:19 - 00000000 ____D () C:\Users\mcafee\AppData\Local\Comodo
2014-05-01 04:19 - 2014-05-01 04:19 - 00000000 ____D () C:\Users\Guest\AppData\Local\Google
2014-05-01 04:19 - 2014-05-01 04:19 - 00000000 ____D () C:\Users\Guest\AppData\Local\Comodo
2014-05-01 04:19 - 2014-05-01 04:19 - 00000000 ____D () C:\Users\Guest
2014-05-01 04:19 - 2014-05-01 04:19 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-05-01 04:19 - 2014-05-01 04:19 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo
2014-05-01 04:19 - 2014-05-01 04:19 - 00000000 ____D () C:\Users\Administrator
2014-05-01 04:05 - 2014-05-14 23:46 - 00000000 ____D () C:\ProgramData\MiniApp
2014-05-01 04:05 - 2014-05-01 04:21 - 00000000 ____D () C:\ProgramData\InstallMate
2014-04-28 00:08 - 2014-04-28 01:49 - 00000000 ____D () C:\Users\nett-marketing\Desktop\AusgelaufeneLangzeitverträge
2014-04-23 23:29 - 2014-04-24 02:42 - 00000000 ____D () C:\Users\nett-marketing\Desktop\neckermann 11
2014-04-22 23:44 - 2014-04-24 02:45 - 00427102 _____ () C:\Users\nett-marketing\Desktop\Kundenliste Nacharbeit und Auftraege bis 13.02.2014.xlsx

==================== One Month Modified Files and Folders =======

2014-05-20 23:41 - 2014-05-16 01:17 - 00015522 _____ () C:\Users\nett-marketing\Desktop\FRST.txt
2014-05-20 23:40 - 2013-08-24 23:57 - 00000000 ____D () C:\FRST
2014-05-20 23:35 - 2013-08-25 15:29 - 00000000 ____D () C:\AdwCleaner
2014-05-20 23:25 - 2014-05-20 23:25 - 00000962 _____ () C:\Users\nett-marketing\Desktop\JRT.txt
2014-05-20 22:52 - 2009-07-14 06:45 - 00014016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-20 22:52 - 2009-07-14 06:45 - 00014016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-20 22:46 - 2013-07-07 14:45 - 00048748 _____ () C:\Windows\PFRO.log
2014-05-20 22:46 - 2013-06-29 16:46 - 00076017 _____ () C:\Windows\setupact.log
2014-05-20 22:46 - 2010-03-21 19:20 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-05-20 22:46 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-20 22:45 - 2010-03-22 02:17 - 01912982 _____ () C:\Windows\WindowsUpdate.log
2014-05-20 22:04 - 2014-05-20 22:04 - 01326389 _____ () C:\Users\nett-marketing\Desktop\adwcleaner_3.210.exe
2014-05-20 22:04 - 2013-03-22 20:26 - 00000000 ____D () C:\Users\nett-marketing\Desktop\Hijackthis
2014-05-18 19:11 - 2014-05-18 19:11 - 01069776 _____ (Solid State Networks) C:\Users\nett-marketing\Desktop\install_flashplayer13x32_mssd_aaa_aih.exe
2014-05-18 16:59 - 2014-04-16 19:46 - 00000000 ____D () C:\Users\nett-marketing\Desktop\Leslie
2014-05-16 21:45 - 2014-05-16 21:45 - 00014340 _____ () C:\Users\nett-marketing\Desktop\16_05_2014.txt
2014-05-16 21:04 - 2014-05-16 21:04 - 00014340 _____ () C:\ComboFix.txt
2014-05-16 21:04 - 2014-05-16 19:53 - 00000000 ____D () C:\Qoobox
2014-05-16 21:01 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-05-16 19:52 - 2014-05-16 19:51 - 05200990 ____R (Swearware) C:\Users\nett-marketing\Desktop\ComboFix.exe
2014-05-16 01:21 - 2014-05-16 01:20 - 00043666 _____ () C:\Users\nett-marketing\Desktop\Addition.txt
2014-05-16 01:17 - 2014-05-16 01:17 - 00000000 ____D () C:\Users\nett-marketing\Desktop\FRST-OlderVersion
2014-05-16 01:17 - 2014-05-15 21:27 - 02067456 _____ (Farbar) C:\Users\nett-marketing\Desktop\FRST64.exe
2014-05-15 21:31 - 2014-05-15 21:31 - 00000000 ____D () C:\Users\nett-marketing\AppData\Roaming\VSRevoGroup
2014-05-15 21:31 - 2010-03-21 18:36 - 00000000 ___RD () C:\Users\nett-marketing\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-15 21:29 - 2014-05-15 21:29 - 00001271 _____ () C:\Users\nett-marketing\Desktop\Revo Uninstaller.lnk
2014-05-15 21:29 - 2013-03-22 14:40 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-05-15 21:28 - 2014-05-15 21:28 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\nett-marketing\Desktop\revosetup95.exe
2014-05-15 20:14 - 2010-05-26 19:48 - 00000000 ____D () C:\Program Files (x86)\ElsterFormular
2014-05-15 18:56 - 2013-10-09 21:41 - 00000000 ____D () C:\Users\nett-marketing\AppData\Roaming\Dropbox
2014-05-15 10:50 - 2014-05-15 10:48 - 00000000 ____D () C:\Users\nett-marketing\AppData\Roaming\GlarySoft
2014-05-15 10:48 - 2014-05-15 10:48 - 00001113 _____ () C:\Users\nett-marketing\Desktop\Absolute Uninstaller.lnk
2014-05-15 00:35 - 2014-05-15 00:17 - 00001222 _____ () C:\sc-cleaner.txt
2014-05-15 00:18 - 2014-05-15 00:18 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-05-14 23:52 - 2013-03-24 00:14 - 00001068 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-05-14 23:52 - 2010-03-21 18:36 - 00001044 _____ () C:\Users\nett-marketing\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-05-14 23:52 - 2010-03-21 18:36 - 00001044 _____ () C:\Users\nett-marketing\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2014-05-14 23:46 - 2014-05-01 04:05 - 00000000 ____D () C:\ProgramData\MiniApp
2014-05-14 23:28 - 2014-05-14 23:27 - 00001116 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-05-14 23:28 - 2014-05-14 23:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
2014-05-14 23:28 - 2014-05-14 23:26 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-05-14 23:27 - 2012-07-26 02:55 - 00000000 ____D () C:\Users\nett-marketing\AppData\Roaming\Malwarebytes
2014-05-14 23:26 - 2014-02-26 17:49 - 00000000 ____D () C:\Users\nett-marketing\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-05-14 23:26 - 2013-08-25 15:16 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-14 22:43 - 2014-05-14 22:43 - 00441592 _____ (Bleeping Computer, LLC) C:\Users\nett-marketing\Desktop\sc-cleaner.exe
2014-05-14 22:42 - 2012-01-03 20:07 - 00000000 ____D () C:\Users\nett-marketing\Desktop\Download
2014-05-14 15:02 - 2013-09-29 00:02 - 00000038 _____ () C:\Users\nett-marketing\AppData\Roaming\WB.CFG
2014-05-11 21:23 - 2010-03-21 19:47 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-10 17:19 - 2013-03-24 00:14 - 00001056 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-05-06 16:39 - 2014-05-06 16:39 - 00629906 _____ () C:\Users\nett-marketing\Desktop\Vertrag_MKS.jpeg
2014-05-06 16:39 - 2014-05-06 16:39 - 00587211 _____ () C:\Users\nett-marketing\Desktop\Vertag_MKS_3.jpeg
2014-05-06 16:39 - 2014-05-06 16:39 - 00576745 _____ () C:\Users\nett-marketing\Desktop\Vertrag_MKS_2.jpeg
2014-05-06 12:36 - 2014-05-06 12:36 - 00000000 ____D () C:\Users\nettmarketing\AppData\Local\Logitech® Webcam-Software
2014-05-06 12:34 - 2014-05-06 12:34 - 00000000 ____D () C:\Users\nettmarketing\AppData\Roaming\Canon
2014-05-06 12:34 - 2011-03-16 00:26 - 00185720 _____ () C:\Users\nettmarketing\AppData\Local\GDIPFONTCACHEV1.DAT
2014-05-06 12:33 - 2014-05-06 12:33 - 00000000 ____D () C:\Users\nettmarketing\AppData\Roaming\Malwarebytes
2014-05-02 00:55 - 2010-08-28 19:42 - 00000000 ____D () C:\Users\nett-marketing\AppData\Roaming\vlc
2014-05-02 00:54 - 2011-08-02 21:26 - 00000000 ____D () C:\Users\nett-marketing\AppData\Roaming\dvdcss
2014-05-02 00:19 - 2010-03-21 19:38 - 00694526 _____ () C:\Windows\system32\perfh007.dat
2014-05-02 00:19 - 2010-03-21 19:38 - 00147650 _____ () C:\Windows\system32\perfc007.dat
2014-05-02 00:19 - 2009-07-14 07:13 - 01612752 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-01 23:32 - 2011-08-02 21:39 - 00000000 ____D () C:\Users\nett-marketing\AppData\Roaming\Ashampoo
2014-05-01 23:29 - 2014-05-01 23:29 - 00000206 _____ () C:\Users\Public\Desktop\Deutschland Digital.url
2014-05-01 23:28 - 2011-08-02 21:39 - 00000000 ____D () C:\ProgramData\ashampoo
2014-05-01 19:47 - 2014-05-01 04:19 - 00000000 ____D () C:\ProgramData\2a2b7f30380e2ce0
2014-05-01 17:59 - 2014-05-01 16:24 - 00000000 ____D () C:\Users\nettmarketing\AppData\Local\Mozilla Thunderbird
2014-05-01 17:02 - 2010-04-07 19:40 - 00000000 ____D () C:\Program Files (x86)\OXXOGames
2014-05-01 16:04 - 2013-11-11 20:10 - 00000000 ____D () C:\Users\nett-marketing\Desktop\Neuer Ordner
2014-05-01 04:21 - 2014-05-01 04:05 - 00000000 ____D () C:\ProgramData\InstallMate
2014-05-01 04:20 - 2014-05-01 04:20 - 04210176 _____ () C:\Program Files (x86)\SN_x64.Booster
2014-05-01 04:19 - 2014-05-01 04:19 - 00000000 ____D () C:\Users\UpdatusUser\AppData\Local\Google
2014-05-01 04:19 - 2014-05-01 04:19 - 00000000 ____D () C:\Users\UpdatusUser\AppData\Local\Comodo
2014-05-01 04:19 - 2014-05-01 04:19 - 00000000 ____D () C:\Users\nett-marketing\AppData\Local\Packages
2014-05-01 04:19 - 2014-05-01 04:19 - 00000000 ____D () C:\Users\nett-marketing\AppData\Local\Comodo
2014-05-01 04:19 - 2014-05-01 04:19 - 00000000 ____D () C:\Users\nettmarketing\AppData\Local\Comodo
2014-05-01 04:19 - 2014-05-01 04:19 - 00000000 ____D () C:\Users\mcafee\AppData\Local\Google
2014-05-01 04:19 - 2014-05-01 04:19 - 00000000 ____D () C:\Users\mcafee\AppData\Local\Comodo
2014-05-01 04:19 - 2014-05-01 04:19 - 00000000 ____D () C:\Users\Guest\AppData\Local\Google
2014-05-01 04:19 - 2014-05-01 04:19 - 00000000 ____D () C:\Users\Guest\AppData\Local\Comodo
2014-05-01 04:19 - 2014-05-01 04:19 - 00000000 ____D () C:\Users\Guest
2014-05-01 04:19 - 2014-05-01 04:19 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-05-01 04:19 - 2014-05-01 04:19 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo
2014-05-01 04:19 - 2014-05-01 04:19 - 00000000 ____D () C:\Users\Administrator
2014-05-01 04:19 - 2011-03-26 20:06 - 00000000 ____D () C:\Users\nettmarketing\AppData\Local\Google
2014-05-01 04:19 - 2011-03-26 20:03 - 00000000 ____D () C:\Users\nett-marketing\AppData\Local\Google
2014-04-30 01:12 - 2011-10-16 17:57 - 00000000 ____D () C:\Users\nett-marketing\AppData\Roaming\Skype
2014-04-28 15:21 - 2010-03-22 21:06 - 00000000 ____D () C:\Users\nett-marketing\AppData\Roaming\FileZilla
2014-04-28 01:49 - 2014-04-28 00:08 - 00000000 ____D () C:\Users\nett-marketing\Desktop\AusgelaufeneLangzeitverträge
2014-04-28 01:17 - 2014-04-16 19:41 - 00000000 ____D () C:\Users\nett-marketing\Desktop\Kundeneingabe Neckermann 16.04.2014
2014-04-26 18:12 - 2012-08-29 23:30 - 00069202 _____ () C:\Users\nett-marketing\Desktop\Postkonto Abbuchungen.xlsx
2014-04-24 02:45 - 2014-04-22 23:44 - 00427102 _____ () C:\Users\nett-marketing\Desktop\Kundenliste Nacharbeit und Auftraege bis 13.02.2014.xlsx
2014-04-24 02:42 - 2014-04-23 23:29 - 00000000 ____D () C:\Users\nett-marketing\Desktop\neckermann 11
2014-04-23 23:31 - 2013-12-20 23:24 - 00000000 ____D () C:\Users\nett-marketing\Desktop\Gesundheit alternative Sichten
2014-04-23 14:49 - 2012-07-18 19:48 - 00000000 ____D () C:\Users\nett-marketing\Desktop\diverse
2014-04-22 15:06 - 2013-11-06 01:41 - 00000000 ____D () C:\Users\nett-marketing\Desktop\Neckermann Strom
2014-04-21 23:48 - 2014-04-17 00:54 - 00042496 _____ () C:\Users\nett-marketing\Desktop\14.3.2014.xls

Files to move or delete:
====================
C:\ProgramData\actvxcom_2012_02_09_201714.reg
C:\ProgramData\asm64.dat
C:\ProgramData\ext_2012_02_09_201714.reg
C:\ProgramData\paths_2012_02_09_201714.reg
C:\ProgramData\runs_2012_02_09_201714.reg
C:\ProgramData\shrdlls_2012_02_09_201714.reg
C:\ProgramData\softempt_2012_02_09_201714.reg


Some content of TEMP:
====================
C:\Users\mcafee\AppData\Local\Temp\avgnt.exe
C:\Users\nett-marketing\AppData\Local\Temp\avgnt.exe
C:\Users\nett-marketing\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-05-19 00:14

==================== End Of Log ============================
         
--- --- ---


plus:

Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-05-2014
Ran by nett-marketing at 2014-05-20 23:43:21
Running from C:\Users\nett-marketing\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

 Update for Microsoft Office 2007 (KB2508958) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version:  - Microsoft)
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
Absolute Uninstaller 2.9.0.722 (HKLM-x32\...\Absolute Uninstaller_is1) (Version:  - Glarysoft.com)
Ad-Aware Browsing Protection (HKLM-x32\...\Ad-Aware Browsing Protection) (Version: 1.0.0.5 - )
Adobe Reader X (10.1.3) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.3 - Adobe Systems Incorporated)
Amazon Kindle (HKCU\...\Amazon Kindle) (Version:  - Amazon)
Audacity 2.0.3 (HKLM-x32\...\Audacity_is1) (Version: 2.0.3 - Audacity Team)
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.3.350 - Avira)
bl (x32 Version: 1.0.0 - Your Company Name) Hidden
calibre (HKLM-x32\...\{B54AA1A2-4450-428D-A01D-E7B2DC7840B5}) (Version: 0.9.17 - Kovid Goyal)
CameraHelperMsi (x32 Version: 13.51.815.0 - Logitech) Hidden
Camtasia Studio 7 (HKLM-x32\...\{DE042823-C359-4B87-B66B-308057E8B6AF}) (Version: 7.0.1 - TechSmith Corporation)
Canon Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version:  - )
Canon MG5300 series Benutzerregistrierung (HKLM-x32\...\Canon MG5300 series Benutzerregistrierung) (Version:  - )
Canon MG5300 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5300_series) (Version:  - Canon Inc.)
Canon MP Navigator EX 5.0 (HKLM-x32\...\MP Navigator EX 5.0) (Version:  - )
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version:  - )
Canon Solution Menu EX (HKLM-x32\...\CanonSolutionMenuEX) (Version:  - )
Canon Utilities Solution Menu (HKLM-x32\...\CanonSolutionMenu) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 3.14 - Piriform)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.2.4478 - CDBurnerXP)
Color Lines Classic (HKLM-x32\...\Color Lines Classic) (Version:  - )
Compatibility Pack für 2007 Office System (HKLM-x32\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAO 3.5/3.6 (HKLM-x32\...\DAO) (Version:  - )
Dropbox (HKCU\...\Dropbox) (Version: 2.6.33 - Dropbox, Inc.)
easy Whiteboard (HKLM-x32\...\easy Whiteboard) (Version:  - )
ElsterFormular (HKLM-x32\...\ElsterFormular 13.2.0.8623p) (Version: 15.1.13904 - Landesfinanzdirektion Thüringen)
ElsterFormular (HKLM-x32\...\ElsterFormular) (Version: 15.2.13992 - Landesfinanzdirektion Thüringen)
erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
FileZilla Client 3.8.0 (HKLM-x32\...\FileZilla Client) (Version: 3.8.0 - Tim Kosse)
FormatFactory 3.0.1 (HKLM-x32\...\FormatFactory) (Version: 3.0.1 - Free Time)
Free PDF to Word Doc Converter v1.1 (HKLM-x32\...\Free PDF to Word Doc Converter_is1) (Version: 1.1 - www.hellopdf.com)
Free Video Converter V 3.2 (HKLM-x32\...\Free Video Converter_is1) (Version: 3.2.0.0 - Koyote Soft)
Free YouTube Download version 3.2.20.1230 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.2.20.1230 - DVDVideoSoft Ltd.)
IsoBuster 2.8.5 (HKLM-x32\...\IsoBuster_is1) (Version: 2.8.5 - Smart Projects)
Java 7 Update 17 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417017FF}) (Version: 7.0.170 - Oracle)
Logitech Webcam-Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.51 - Logitech Inc.)
Luxor Amun Rising with Luxor (HKLM-x32\...\Luxor Amun Rising with Luxor) (Version:  - MumboJumbo, LLC)
LWS Facebook (x32 Version: 13.50.854.0 - Logitech) Hidden
LWS Gallery (x32 Version: 13.51.827.0 - Logitech) Hidden
LWS Help_main (x32 Version: 13.51.828.0 - Logitech) Hidden
LWS Launcher (x32 Version: 13.51.828.0 - Logitech) Hidden
LWS Pictures And Video (x32 Version: 13.51.815.0 - Logitech) Hidden
LWS Twitter (x32 Version: 13.30.1346.0 - Logitech) Hidden
LWS Webcam Software (x32 Version: 13.51.815.0 - Logitech) Hidden
LWS WLM Plugin (x32 Version: 1.30.1201.0 - Logitech) Hidden
LWS YouTube Plugin (x32 Version: 13.31.1038.0 - Logitech) Hidden
Malwarebytes Anti-Malware Version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30320 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30320 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30320 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30320 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30320 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30320 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Extended DEU Language Pack) (Version: 4.0.30320 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30320 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Access MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Groove MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint 2003 Template Pack 1 (HKLM-x32\...\{90AB0407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.5614.0 - Microsoft Corporation)
Microsoft Office PowerPoint 2003 Template Pack 2 (HKLM-x32\...\{90AC0407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.5614.0 - Microsoft Corporation)
Microsoft Office PowerPoint 2003 Template Pack 3 (HKLM-x32\...\{90AD0407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.5614.0 - Microsoft Corporation)
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Publisher MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ Run Time  Lib Setup (HKLM-x32\...\{AAF4238F-7C29-451D-9925-C753271A5728}) (Version: 1.0.0 - Microsoft)
Microsoft_VC80_ATL_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053 - Adobe) Hidden
Microsoft_VC90_ATL_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFCLOC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Mozilla Firefox 29.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 29.0.1 (x86 de)) (Version: 29.0.1 - Mozilla)
Mozilla Thunderbird 24.5.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 24.5.0 (x86 de)) (Version: 24.5.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
NVIDIA 3D Vision Driver 306.97 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 306.97 - NVIDIA Corporation)
NVIDIA Control Panel 306.97 (Version: 306.97 - NVIDIA Corporation) Hidden
NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 1.10 - NVIDIA Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.7 - NVIDIA Corporation)
NVIDIA Graphics Driver 306.97 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 306.97 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.85.551 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.0697 - NVIDIA Corporation) Hidden
NVIDIA Update 1.10.8 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.10.8 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.10.8 - NVIDIA Corporation) Hidden
ph (x32 Version: 1.0.0 - Your Company Name) Hidden
Phase 5 HTML-Editor (HKLM-x32\...\{20B1B020-DEAE-48D1-9960-D4C3185D758B}) (Version: 5.6.2.3 - Systemberatung Schommer)
Pivot Software (x32 Version: 9.03.004 - Portrait Displays, Inc.) Hidden
PVSonyDll (Version: 1.00.0001 - NVIDIA Corporation) Hidden
Pyramids (HKLM-x32\...\Pyramids) (Version:  - )
QuarkXPress Passport 4.0 (HKLM-x32\...\QuarkXPress Passport) (Version:  - )
QuickTime (HKLM-x32\...\InstallShield_{929408E6-D265-4174-805F-81D1D914E2A4}) (Version: 7.0.4 - Apple Computer, Inc.)
QuickTime (x32 Version: 7.0.4 - Apple Computer, Inc.) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6077 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.0.13074_14 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.6.0.13074_14 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.29.0 - SAMSUNG Electronics Co., Ltd.)
SDK (x32 Version: 2.20.009 - Portrait Displays, Inc.) Hidden
Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
SmartControl (HKLM-x32\...\{F4EF231A-7218-41B1-AB84-F5B48B74C50A}) (Version: 2.00.021 - Portrait Displays, Inc.)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.24951 - TeamViewer)
Tweet Adder 3 (HKLM-x32\...\{2E92BEE2-9D81-426D-9B6C-B96B6673C51F}) (Version: 3.0.42 - TweetAdder.com)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{620E77C0-CDFE-4C14-AAEB-830ABB65864C}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{8153EC80-C988-4336-8DAF-6D99C0D26E0C}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{EA54F104-79D2-48CC-9ABC-91A63C43D353}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{5DB2894C-2DA4-4DEF-A051-795AE799964A}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2760413) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{9832AED0-6A0C-4311-9227-FC9CB54F87DD}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
VLC media player 1.1.4 (HKLM-x32\...\VLC media player) (Version: 1.1.4 - VideoLAN)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
Windows Movie Maker 2.6 (HKLM-x32\...\{B3DAF54F-DB25-4586-9EF1-96D24BB14088}) (Version: 2.6.4037.0 - Microsoft Corporation)
WinRAR (HKLM-x32\...\WinRAR archiver) (Version:  - )
XAMPP 1.7.7 (HKLM-x32\...\xampp) (Version:  - )
Xilisoft PowerPoint to Video Converter Free (HKLM-x32\...\Xilisoft PowerPoint to Video Converter Free) (Version: 1.1.0.20120228 - Xilisoft)

==================== Restore Points  =========================

02-11-2013 18:27:14 Scheduled Checkpoint
03-11-2013 21:16:00 Installed Safari
11-11-2013 15:14:55 Scheduled Checkpoint
19-11-2013 15:30:35 Scheduled Checkpoint
23-11-2013 21:56:13 SF-Visitenkarte 12.01 wird entfernt
23-11-2013 22:02:04 Removed Safari
03-12-2013 20:59:18 Scheduled Checkpoint
10-12-2013 21:14:25 Scheduled Checkpoint
18-12-2013 21:01:11 Scheduled Checkpoint
25-12-2013 18:57:43 Removed Citrix Online Launcher
01-01-2014 19:58:08 Scheduled Checkpoint
08-01-2014 18:25:14 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727
08-01-2014 18:26:36 Installed X-Lite 4
16-01-2014 01:22:58 Scheduled Checkpoint
25-01-2014 16:19:40 Scheduled Checkpoint
02-02-2014 18:36:01 Scheduled Checkpoint
09-02-2014 19:31:52 Scheduled Checkpoint
19-02-2014 21:09:14 Scheduled Checkpoint
26-02-2014 23:33:44 Scheduled Checkpoint
06-03-2014 10:38:26 Scheduled Checkpoint
13-03-2014 16:12:08 Scheduled Checkpoint
20-03-2014 16:35:49 Scheduled Checkpoint
24-03-2014 21:19:50 Removed X-Lite 4
24-03-2014 21:20:52 Removed X-Lite 4
24-03-2014 21:30:20 Removed Apple Software Update
02-04-2014 13:17:23 Scheduled Checkpoint
09-04-2014 13:37:23 Scheduled Checkpoint
20-04-2014 22:49:21 Scheduled Checkpoint
28-04-2014 12:37:24 Scheduled Checkpoint
07-05-2014 19:45:54 Scheduled Checkpoint
15-05-2014 20:38:42 Scheduled Checkpoint

==================== Hosts content: ==========================

2009-07-14 04:34 - 2014-05-16 21:01 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {183120D3-95D3-4703-95A5-C9297CF04990} - System32\Tasks\{68071FDD-8966-4151-8735-5667D735A9D0} => S:\QuarkXPress Passport.exe [2013-09-18] (Quark, Inc.)
Task: {1AC8A344-2292-48DA-8D3A-F619E76D1427} - \Desk 365 RunAsStdUser No Task File <==== ATTENTION
Task: {23ECB008-8358-42A8-9BFE-EF1E13C2E1D5} - \Omiga Plus RunAsStdUser No Task File <==== ATTENTION
Task: {3114477E-A213-4E2C-919A-A1DAF8148E33} - System32\Tasks\{21C46933-229A-4F13-A7CB-242DFF87EB8F} => C:\Users\nett-marketing\Desktop\DosSpiele\Warcraft\WARCRAFT\SETUP.EXE
Task: {33A296F7-CEDE-4901-96E3-F89990D5BF34} - System32\Tasks\Ad-Aware Antivirus Scheduled Scan => C:\PROGRA~2\AD-AWA~1\AdAwareLauncher.exe
Task: {3421AE3C-EAAA-49DA-B285-DF4E06B79A5F} - System32\Tasks\{0F9B666D-8123-4FE5-B5C4-10F1A41AFD42} => S:\QuarkXPress Passport.exe [2013-09-18] (Quark, Inc.)
Task: {37D09DC2-7430-44EB-BF39-F659E733F1C6} - System32\Tasks\{923E20A4-1F2A-48A6-BDCA-E8E736BF2787} => S:\QuarkXPress Passport.exe [2013-09-18] (Quark, Inc.)
Task: {4679066F-36DD-4241-9D38-E67EF1F356DD} - System32\Tasks\{361C21D3-2798-466D-B2A5-0E517C5F9680} => Chrome.exe hxxp://ui.skype.com/ui/0/5.3.0.111/de/eula
Task: {5634CF20-9951-41C5-8701-ADD1A5522CEF} - System32\Tasks\{C00C613E-CFD6-4D29-87BE-F40381FBD645} => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [2009-09-16] (Tonec Inc.)
Task: {5CA6D9AC-4293-48E9-B0D1-AD330E76DF3C} - System32\Tasks\{E3FA2E35-FABC-4B3B-8F4E-DE7ED7591635} => Chrome.exe hxxp://ui.skype.com/ui/0/5.3.0.111/de/eula
Task: {7925DFB6-DA63-418D-8BEE-596930B079BE} - System32\Tasks\{0D955565-D8D3-400F-8F4F-6862F818B0A0} => C:\Titans of Steel\progs\tcc.exe
Task: {88C4B498-D66D-4743-88E6-7F65411555DE} - \Digital Sites No Task File <==== ATTENTION
Task: {9016F65A-FE0C-4395-A1AB-AD012A6E6D7E} - \DigitalSite No Task File <==== ATTENTION
Task: {94A48838-4266-44B7-B889-47BD98D8972B} - System32\Tasks\{7A5650FF-7BC0-4782-A9AD-28DD807A8FDA} => Chrome.exe hxxp://ui.skype.com/ui/0/5.3.0.111/de/eula
Task: {96478002-DABD-4CAE-B746-15875B5222B5} - System32\Tasks\{A70E83A0-64E8-4D3B-9B86-74D55304DBAD} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2014-02-10] (Skype Technologies S.A.)
Task: {B35A6282-3B5B-4594-AE74-BF5BBAD3ADC1} - System32\Tasks\{6FC2701E-B741-4883-9FA0-F7FAC88C4938} => Firefox.exe hxxp://ui.skype.com/ui/0/6.10.0.104/de/abandoninstall?page=tsProgressBar
Task: {C53A9118-DFE0-44EE-A0AA-91B7DCED8D76} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-1304805427-2328156682-2798200666-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {C6E1414A-6494-4024-B21D-E61BA171142C} - System32\Tasks\{3A7DE6F3-090D-4252-8968-6083674D3A2A} => C:\Users\nett-marketing\Desktop\DosSpiele\Warcraft\WARCRAFT\SETUP.EXE
Task: {D6CCD25D-7725-4C7C-931E-ABE8C19F32FC} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-1304805427-2328156682-2798200666-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {E8D8DE26-B5AE-4499-AA66-4BC062FE77F6} - \66b7b150 No Task File <==== ATTENTION

==================== Loaded Modules (whitelisted) =============

2012-10-19 02:33 - 2012-10-02 21:51 - 00086888 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2011-07-15 21:29 - 2010-01-28 15:31 - 00080496 _____ () C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe
2011-09-09 19:46 - 2011-09-09 19:46 - 08158720 _____ () c:\xampp\mysql\bin\mysqld.exe
2012-09-13 01:38 - 2012-09-13 01:38 - 00264040 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
2010-01-02 16:42 - 2010-01-02 16:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2010-05-01 09:01 - 2010-03-15 11:28 - 00052224 _____ () C:\Program Files (x86)\WinRAR\rarext64.dll
2013-05-31 20:22 - 2013-05-31 20:18 - 00397704 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2012-09-13 01:38 - 2012-09-13 01:38 - 02144104 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtCore4.dll
2012-09-13 01:38 - 2012-09-13 01:38 - 07955304 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtGui4.dll
2012-09-13 01:38 - 2012-09-13 01:38 - 00341352 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtXml4.dll
2012-09-13 01:38 - 2012-09-13 01:38 - 00028008 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QGif4.dll
2012-09-13 01:38 - 2012-09-13 01:38 - 00127336 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll
2012-09-13 01:39 - 2012-09-13 01:39 - 00336232 _____ () C:\Program Files (x86)\Common Files\logishrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll
2013-03-24 00:14 - 2014-05-11 21:23 - 03839088 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-05-01 16:24 - 2014-05-01 16:24 - 03019888 _____ () C:\Users\nettmarketing\AppData\Local\Mozilla Thunderbird\mozjs.dll
2014-05-01 16:24 - 2014-05-01 16:24 - 00158832 _____ () C:\Users\nettmarketing\AppData\Local\Mozilla Thunderbird\NSLDAP32V60.dll
2014-05-01 16:24 - 2014-05-01 16:24 - 00023152 _____ () C:\Users\nettmarketing\AppData\Local\Mozilla Thunderbird\NSLDAPPR32V60.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Users\nett-marketing:zylomtest
AlternateDataStreams: C:\Users\nett-marketing:zylomtr{000HQ7FF-AD7A-3FG6-OKQM-24KG7RVO4VUQ}

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"

==================== EXE Association (whitelisted) =============


==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============

Name: SBRE
Description: SBRE
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: SBRE
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Standardtastatur (PS/2)
Description: Standardtastatur (PS/2)
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standardtastaturen)
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============
Error: (05/20/2014 11:31:48 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}


Microsoft Office Sessions:
=========================
Error: (04/16/2014 06:18:52 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6662.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 683 seconds with 180 seconds of active time.  This session ended with a crash.

Error: (04/15/2014 07:08:58 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6662.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 27 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (04/08/2014 09:43:06 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6662.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 234 seconds with 180 seconds of active time.  This session ended with a crash.

Error: (04/03/2014 01:35:08 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 290 seconds with 120 seconds of active time.  This session ended with a crash.

Error: (04/03/2014 01:32:44 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6662.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 185 seconds with 120 seconds of active time.  This session ended with a crash.

Error: (03/23/2014 04:04:12 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6662.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 19 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (03/17/2014 07:57:32 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6662.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 4 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (03/13/2014 03:14:13 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6662.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 5639 seconds with 120 seconds of active time.  This session ended with a crash.

Error: (03/12/2014 02:33:53 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6662.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 510 seconds with 420 seconds of active time.  This session ended with a crash.

Error: (03/10/2014 00:59:20 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6662.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 3611 seconds with 1620 seconds of active time.  This session ended with a crash.


CodeIntegrity Errors:
===================================
  Date: 2014-05-16 21:00:54.579
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-05-16 21:00:54.486
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2012-07-31 20:41:34.664
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2012-07-31 20:41:34.617
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2012-07-28 22:22:41.761
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2012-07-28 22:22:41.714
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2012-07-27 18:33:59.752
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows.old\Windows\winsxs\wow64_microsoft-windows-tpm-driver-wmi_31bf3856ad364e35_6.0.6001.18000_none_d6005436ad01f9a3\Win32_Tpm.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-07-27 18:33:59.674
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows.old\Windows\winsxs\wow64_microsoft-windows-tpm-driver-wmi_31bf3856ad364e35_6.0.6001.18000_none_d6005436ad01f9a3\Win32_Tpm.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-07-27 18:33:59.580
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows.old\Windows\winsxs\wow64_microsoft-windows-tpm-driver-wmi_31bf3856ad364e35_6.0.6001.18000_none_d6005436ad01f9a3\Win32_Tpm.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-07-27 18:33:39.456
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows.old\Windows\winsxs\wow64_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6001.18000_none_54ffd942dc23dbc0\bcrypt.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Percentage of memory in use: 41%
Total physical RAM: 4095.23 MB
Available physical RAM: 2394.7 MB
Total Pagefile: 8188.64 MB
Available Pagefile: 6210.71 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:919.79 GB) (Free:450.77 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (TIAN_GONG) (CDROM) (Total:1.99 GB) (Free:0 GB) UDF
Drive s: () (Fixed) (Total:931.51 GB) (Free:804.82 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 932 GB) (Disk ID: 038480CF)
Partition 1: (Not Active) - (Size=932 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 7046A4E4)
Partition 1: (Not Active) - (Size=12 GB) - (Type=27)
Partition 2: (Active) - (Size=920 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         
Vielen Dank.

Lyci

Alt 21.05.2014, 11:44   #8
schrauber
/// the machine
/// TB-Ausbilder
 

lpcloudbox329.com _ newall.com leiten permanent um - Standard

lpcloudbox329.com _ newall.com leiten permanent um




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 01.06.2014, 18:50   #9
lyci
 
lpcloudbox329.com _ newall.com leiten permanent um - Standard

lpcloudbox329.com _ newall.com leiten permanent um



Hi Schrauber,

hier das Logfile von eset:

Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=12
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=4cadd1ca6b81534bb9436c7b7795f658
# engine=18267
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-05-14 10:34:25
# local_time=2014-05-15 12:34:25 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 96 12128 30082740 0 0
# compatibility_mode=5893 16776574 100 94 38261112 151736715 0 0
# scanned=315
# found=0
# cleaned=0
# scan_time=728
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=4cadd1ca6b81534bb9436c7b7795f658
# engine=18267
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-05-14 10:39:02
# local_time=2014-05-15 12:39:02 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 96 12405 30083017 0 0
# compatibility_mode=5893 16776574 100 94 38257789 151736992 0 0
# scanned=302
# found=0
# cleaned=0
# scan_time=156
ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=12
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7587
# api_version=3.0.2
# EOSSerial=4cadd1ca6b81534bb9436c7b7795f658
# engine=18498
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-06-01 03:42:35
# local_time=2014-06-01 05:42:35 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Avira Desktop'
# compatibility_mode=1810 16777213 100 100 81822 31613230 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 39788002 153267205 0 0
# scanned=29868
# found=18
# cleaned=0
# scan_time=10910
sh=BEFC0099864AA52ABB0A3B99793A5A1BF525401D ft=1 fh=64b34719c3735e0d vn="Variante von Win32/ELEX.Y evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\WinZipper\winzipersvc.exe.vir"
sh=8C25727D3A2A6A463727B5153CD2318021B10C1A ft=1 fh=da1644ddde48f4f3 vn="Variante von Win32/MediaGet.AB evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\nett-marketing\AppData\Local\Media Get LLC\MediaGet2\update.exe.vir"
sh=16068B8977B4DC562AE782D91BC009472667E331 ft=1 fh=c3b5a87b7d152749 vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\NETT-M~1\AppData\Local\Temp\OCS\ocs_v71a.exe.vir"
sh=73F787914238DA6511F592FBB5E351B71362C4DF ft=1 fh=4c96566c331089ad vn="Win32/Adware.1ClickDownload.AN Anwendung" ac=I fn="C:\Dokumente und Einstellungen\nett-marketing\Desktop\diverse\gu102bg216.exe"
sh=9F00A7F659F4D2DB7EC0E81EB3736FF7A71C7DCF ft=1 fh=5783ae762a436e55 vn="Win32/Somoto.A evtl. unerwünschte Anwendung" ac=I fn="C:\Dokumente und Einstellungen\nett-marketing\Desktop\Download\7ZipSetup.exe"
sh=5CE951D6844E09BD65F6B5E1F79BD2E2C3339C59 ft=1 fh=b126f8f7a8c98d66 vn="Variante von Win32/LoadTubes.A evtl. unerwünschte Anwendung" ac=I fn="C:\Dokumente und Einstellungen\nett-marketing\Desktop\Download\DivxUpdate_de.exe"
sh=C494AF50A983AC4AC8A26C71A5878C022CAFB164 ft=1 fh=c4ad9b87a2073125 vn="Win32/Adware.1ClickDownload.AO Anwendung" ac=I fn="C:\Dokumente und Einstellungen\nett-marketing\Desktop\Download\gu10rizzi404.exe"
sh=A52044F648E591C4CDED3B13FB76F4C9994626F7 ft=1 fh=0e8dfe6acb6c6b4d vn="Win32/InstallCore.DA evtl. unerwünschte Anwendung" ac=I fn="C:\Dokumente und Einstellungen\nett-marketing\Desktop\Download\ImageEditorSetup(1).exe"
sh=A52044F648E591C4CDED3B13FB76F4C9994626F7 ft=1 fh=0e8dfe6acb6c6b4d vn="Win32/InstallCore.DA evtl. unerwünschte Anwendung" ac=I fn="C:\Dokumente und Einstellungen\nett-marketing\Desktop\Download\ImageEditorSetup.exe"
sh=874A10CC9604BE5DA85B8EB8C8D20215C3C670D2 ft=1 fh=a34abeafa999e2b4 vn="Variante von MSIL/DomaIQ.X evtl. unerwünschte Anwendung" ac=I fn="C:\Dokumente und Einstellungen\nett-marketing\Desktop\Download\Java.exe"
sh=D8580988D59073CF827BD563C5CE363BAC7D7484 ft=1 fh=6c04f1bfb83d0b35 vn="Variante von Win32/AdWare.iBryte.Q Anwendung" ac=I fn="C:\Dokumente und Einstellungen\nett-marketing\Desktop\Download\Setup.exe"
sh=8AFAFBBA3D3761AF638B56CAF9FDFAF4F903A3C5 ft=1 fh=e67707db8e54094f vn="Variante von Win32/SoftonicDownloader.F evtl. unerwünschte Anwendung" ac=I fn="C:\Dokumente und Einstellungen\nett-marketing\Desktop\Download\SoftonicDownloader_fuer_konigreiche-der-lufte.exe"
sh=551B44E4CD3EF312AB1DD2752625B24648415A82 ft=1 fh=2b4ab2319dc831f7 vn="Variante von Win32/SoftonicDownloader.F evtl. unerwünschte Anwendung" ac=I fn="C:\Dokumente und Einstellungen\nett-marketing\Desktop\Download\SoftonicDownloader_fuer_logitech-hd-webcam-software.exe"
sh=C0ED6C5AFC4B623A73A0043DCA4627DF568079D7 ft=1 fh=8a349defbf6a839d vn="Variante von Win32/SoftonicDownloader.F evtl. unerwünschte Anwendung" ac=I fn="C:\Dokumente und Einstellungen\nett-marketing\Desktop\Download\SoftonicDownloader_fuer_luxor-3.exe"
sh=1CACF178998119F0D0A7225AD3131148107C5580 ft=1 fh=95b21955ed35038d vn="Win32/Systweak.B evtl. unerwünschte Anwendung" ac=I fn="C:\Dokumente und Einstellungen\nett-marketing\Desktop\Download\sysrc_trial_9407.exe"
sh=D272C566E91F6A1CF278127DA2BE4B8FBA4ADB87 ft=1 fh=1c5841f5f892b49d vn="Variante von Win32/InstallBrain.AS evtl. unerwünschte Anwendung" ac=I fn="C:\Dokumente und Einstellungen\nett-marketing\Desktop\Download\UPDFSetup.exe"
sh=07DF1F0C7817B014C4C349290591CCD0D2B8B096 ft=1 fh=bc2d89fa491ecdf5 vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="C:\Dokumente und Einstellungen\nett-marketing\Desktop\Download\Vollversion Ashampoo Burning Studio 2014 - CHIP-Downloader(1).exe"
sh=D20AEBE4AB0179AEADDDC3D3B846F52058BADDDB ft=1 fh=837c4b01240512f5 vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="C:\Dokumente und Einstellungen\nett-marketing\Desktop\Download\Vollversion Ashampoo Burning Studio 2014 - CHIP-Downloader.exe"
ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7587
# api_version=3.0.2
# EOSSerial=4cadd1ca6b81534bb9436c7b7795f658
# engine=18501
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-06-01 04:00:45
# local_time=2014-06-01 06:00:45 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Avira Desktop'
# compatibility_mode=1810 16777213 100 100 82912 31614320 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 39792692 153268295 0 0
# scanned=22377
# found=3
# cleaned=0
# scan_time=789
sh=BEFC0099864AA52ABB0A3B99793A5A1BF525401D ft=1 fh=64b34719c3735e0d vn="Variante von Win32/ELEX.Y evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\WinZipper\winzipersvc.exe.vir"
sh=8C25727D3A2A6A463727B5153CD2318021B10C1A ft=1 fh=da1644ddde48f4f3 vn="Variante von Win32/MediaGet.AB evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\nett-marketing\AppData\Local\Media Get LLC\MediaGet2\update.exe.vir"
sh=16068B8977B4DC562AE782D91BC009472667E331 ft=1 fh=c3b5a87b7d152749 vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\NETT-M~1\AppData\Local\Temp\OCS\ocs_v71a.exe.vir"
         
und noch von secure:

Code:
ATTFilter
 Results of screen317's Security Check version 0.99.83  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
Avira Desktop   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Ad-Aware 
 Malwarebytes Anti-Malware Version 1.75.0.1300  
 Adobe Flash Player 13.0.0.214  
 Adobe Reader 10.1.3 Adobe Reader out of Date!  
 Mozilla Firefox (29.0.1) 
 Mozilla Thunderbird (24.5.0) 
````````Process Check: objlist.exe by Laurent````````  
 Ad-Aware AAWService.exe is disabled! 
 Ad-Aware AAWTray.exe is disabled! 
 Avira Antivir avgnt.exe 
 Avira Antivir avguard.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````
         
Vielen Dank für deine Hilfe

Lyci

Alt 02.06.2014, 19:27   #10
schrauber
/// the machine
/// TB-Ausbilder
 

lpcloudbox329.com _ newall.com leiten permanent um - Standard

lpcloudbox329.com _ newall.com leiten permanent um



Zitat:
und ein frisches FRST log bitte. Noch Probleme?
.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu lpcloudbox329.com _ newall.com leiten permanent um
.com, adresszeile, applaus, domain, erschein, erscheint, firefox, inter, interne, internet, leiten, lpcloudbox, nervt, permanent, seite, surfe, surfen, unterbrochen, update



Ähnliche Themen: lpcloudbox329.com _ newall.com leiten permanent um


  1. weiter leiten auf seektoexplore.com
    Plagegeister aller Art und deren Bekämpfung - 09.02.2015 (7)
  2. Googlelinks leiten Falsch
    Plagegeister aller Art und deren Bekämpfung - 07.05.2013 (16)
  3. Suchmaschinen leiten auf falsche Seite weiter
    Plagegeister aller Art und deren Bekämpfung - 31.10.2012 (10)
  4. Googelergebnisse leiten auf falsche Seiten
    Log-Analyse und Auswertung - 24.10.2012 (21)
  5. Suchmaschinenanfragen leiten auf andere Seiten weiter
    Log-Analyse und Auswertung - 23.10.2012 (5)
  6. Google Suchergebnisse leiten ständig auf Werbeseiten etc. um
    Plagegeister aller Art und deren Bekämpfung - 06.09.2012 (7)
  7. Google Links leiten falsch (adseiten)
    Plagegeister aller Art und deren Bekämpfung - 13.01.2012 (6)
  8. Google Links leiten auf Werbeseiten um
    Plagegeister aller Art und deren Bekämpfung - 11.01.2012 (6)
  9. google suchfragen leiten weiter (gomeo)
    Plagegeister aller Art und deren Bekämpfung - 04.05.2011 (25)
  10. Goole Suchergebnisse leiten auf search.pro um
    Alles rund um Windows - 12.11.2010 (17)
  11. Browser stürzen ab, leiten auf unbekannte Seiten um
    Log-Analyse und Auswertung - 09.07.2010 (10)
  12. Firefox und andere i-Browser Leiten mich um
    Plagegeister aller Art und deren Bekämpfung - 05.02.2010 (61)
  13. Suchmaschinen leiten auf windowsclick...
    Plagegeister aller Art und deren Bekämpfung - 22.08.2009 (42)
  14. programm versucht explorer um zu leiten..
    Mülltonne - 29.10.2008 (0)
  15. Suchmaschinen leiten auf die falsche Website um.
    Log-Analyse und Auswertung - 03.10.2008 (11)
  16. Suchmaschinen leiten mich falsch weiter!
    Log-Analyse und Auswertung - 30.04.2007 (8)
  17. Google-Treffer leiten auf Werbeseite um!
    Log-Analyse und Auswertung - 08.10.2006 (2)

Zum Thema lpcloudbox329.com _ newall.com leiten permanent um - Hi @, beim surfen im Internet werde ich permanent unterbrochen oder umgeleitet. Es erscheint in der Adresszeile des Browsers: hxxp://www.lpcloudbox329.com/404920596A753B7D7B343E7938274D2CDC2C7DA5E5BF04C76ED90DE0F3EBB8F64936D0FA767B4C323BC55D978FDE63AA?tgu_src_lp_domain=www.newallsoft.com&PubID=79_1731_33 52&ClickID=5762970359 Dort soll ich den Firefox updaten. Über den Rückpfeil - lpcloudbox329.com _ newall.com leiten permanent um...
Archiv
Du betrachtest: lpcloudbox329.com _ newall.com leiten permanent um auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.