Hallo,
seit ein paar Wochen erhalte ich beim Start immer die Meldung "Regsvr32 zum Registrieren eines Moduls muss der Name einer Binärdatei angegeben werden!"

Weiss jetzt nicht was zu tun ist. Könnt ihr mir da helfen bitte??

LG
Bilo

hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

• Starte jetzt FRST.
• Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
• Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
• Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

Hallo,

habe versucht den Scan durchzuführen, aber dieser bleibt bei einer gewissen Stelle immer stehen und geht nicht mehr weiter.

Hab mal einen Screenhot angehängt. Ab hier gehts nicht mehr weiter.

Abbrechen, Haken raus bei Addition, nochmal scannen lassen.

FRST Logfile:

FRST Logfile:

Code: Alles auswählenAufklappen

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 06-09-2014
Ran by Nabil (administrator) on NABIL-PC on 07-09-2014 05:39:15
Running from C:\Users\Nabil\Desktop
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(APN LLC.) C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(COMPANYVERS_NAME) C:\Program Files\FromDocToPDF_65\bar\1.bin\65barsvc.exe
(Teruten) C:\Windows\System32\FsUsbExService.Exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(pdfforge GmbH) C:\Program Files\PDF Architect\HelperService.exe
() C:\Windows\SMINST\BLService.exe
() C:\Program Files\CyberLink\Shared Files\RichVideo.exe
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(CyberLink Corp.) C:\Program Files\HP\QuickPlay\QPService.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(APN) C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(Dropbox, Inc.) C:\Users\Nabil\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.bin
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
() C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe
(Farbar) C:\Users\Nabil\Desktop\FRST(1).exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1049896 2008-04-17] (Synaptics, Inc.)
HKLM\...\Run: [QPService] => C:\Program Files\HP\QuickPlay\QPService.exe [468264 2008-06-11] (CyberLink Corp.)
HKLM\...\Run: [QlbCtrl.exe] => C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [202032 2008-05-12] ( Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [hpWirelessAssistant] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [488752 2008-04-15] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [YouCam Mirage] => "C:\Program Files\CyberLink\YouCam\YCMMirage.exe"
HKLM\...\Run: [YouCam Tray] => "C:\Program Files\CyberLink\YouCam\YouCamTray.exe" /s
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2011-09-27] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [421736 2011-10-09] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [vProt] => "C:\Program Files\AVG Secure Search\vprot.exe"
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [FromDocToPDF Search Scope Monitor] => C:\Program Files\FromDocToPDF_65\bar\1.bin\65SrchMn.exe [44784 2013-05-06] (MindSpark)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [751184 2014-07-30] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [ApnTBMon] => C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1942424 2014-08-22] (APN)
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-844390190-3209963648-2143926772-1000\...\Run: [LightScribe Control Panel] => C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2289664 2008-02-26] (Hewlett-Packard Company)
HKU\S-1-5-21-844390190-3209963648-2143926772-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-844390190-3209963648-2143926772-1000\...\Run: [AutoStartNPSAgent] => C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe [102400 2009-04-02] (Samsung Electronics Co., Ltd.)
HKU\S-1-5-21-844390190-3209963648-2143926772-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)
HKU\S-1-5-21-844390190-3209963648-2143926772-1000\...\Run: [URmedia] => regsvr32.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\Nabil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Nabil\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Nabil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Nabil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk
ShortcutTarget: OpenOffice.org 3.1.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
ShellIconOverlayIdentifiers: "DropboxExt1" -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nabil\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt2" -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nabil\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt3" -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: "DropboxExt4" -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: "DropboxExt5" -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nabil\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt6" -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: "DropboxExt7" -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nabil\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt8" -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} =>  No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=Presario&pf=cnnb
HKCU\Software\Microsoft\Internet Explorer\Main,ICQ Search = hxxp://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=Presario&pf=cnnb
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=Presario&pf=cnnb
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO: PDF Architect Helper -> {3A2D5EBA-F86D-4BD3-A177-019765996711} -> C:\Program Files\PDF Architect\PDFIEHelper.dll (pdfforge GmbH)
BHO: Avira SearchFree Toolbar -> {41564952-412D-5637-00A7-7A786E7484D7} -> C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - PDF Architect Toolbar - {25A3A431-30BB-47C8-AD6A-E1063801134F} - C:\Program Files\PDF Architect\PDFIEPlugin.dll (pdfforge GmbH)
Toolbar: HKLM - Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.)
Toolbar: HKCU - &Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\system32\ieframe.dll (Microsoft Corporation)
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} hxxp://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
DPF: {5D6F45B3-9043-443D-A792-115447494D24} hxxp://messenger.zone.msn.com/DE-DE/a-UNO1/GAME_UNO1.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler: qvp - {4BA78E3D-CA25-4BFF-B8F0-8A3359E4B520} - C:\Program Files\QlikView\QvProtocol\qvp.dll (QlikTech AB)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Winsock: Catalog9 01 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 02 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 03 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 04 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 05 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 06 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 07 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 08 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 19 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Nabil\AppData\Roaming\Mozilla\Firefox\Profiles\tbad4eys.default
FF Homepage: hxxp://www.google.de/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_179.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF Plugin: @divx.com/DivX Player Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF Plugin: @FromDocToPDF_65.com/Plugin -> C:\Program Files\FromDocToPDF_65\bar\1.bin\NP65Stub.dll (MindSpark)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.7.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll No File
FF Plugin: @java.com/JavaPlugin,version=10.7.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdivx32.dll (DivX,Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npDivxPlayerPlugin.dll (DivX, Inc)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Nabil\AppData\Roaming\mozilla\plugins\np-mswmp.dll (Microsoft Corporation)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: FromDocToPDF - C:\Users\Nabil\AppData\Roaming\Mozilla\Firefox\Profiles\tbad4eys.default\Extensions\65ffxtbr@FromDocToPDF_65.com [2013-06-07]
FF Extension: YouTube Unblocker - C:\Users\Nabil\AppData\Roaming\Mozilla\Firefox\Profiles\tbad4eys.default\Extensions\youtubeunblocker@unblocker.yt [2014-09-01]
FF Extension: Windows Desktop Search Map Plugin - C:\Users\Nabil\AppData\Roaming\Mozilla\Firefox\Profiles\tbad4eys.default\Extensions\{707493E3-2737-5F82-F274-31BDD2C356F3} [2014-02-13]
FF Extension: Avira SearchFree Toolbar plus Web Protection - C:\Users\Nabil\AppData\Roaming\Mozilla\Firefox\Profiles\tbad4eys.default\Extensions\toolbar_AVIRA-V7@apn.ask.com.xpi [2013-07-26]
FF Extension: {36851813-8faa-431d-9741-03ba4a6abc59} - C:\Users\Nabil\AppData\Roaming\Mozilla\Firefox\Profiles\tbad4eys.default\Extensions\{36851813-8faa-431d-9741-03ba4a6abc59}.xpi [2014-06-06]
FF Extension: Real Player Addon - C:\Users\Nabil\AppData\Roaming\Mozilla\Firefox\Profiles\tbad4eys.default\Extensions\{57974fbf-2132-488e-a573-d34af543c802}.xpi [2014-06-10]
FF Extension: Adblock Plus - C:\Users\Nabil\AppData\Roaming\Mozilla\Firefox\Profiles\tbad4eys.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-11-27]
FF Extension: ICQ Toolbar - C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2014-06-18]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-08-22]
FF HKLM\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files\PDF Architect\FFPDFArchitectExt [2013-05-06]
FF HKLM\...\Firefox\Extensions: [65ffxtbr@FromDocToPDF_65.com] - C:\Program Files\FromDocToPDF_65\bar\1.bin
FF Extension: FromDocToPDF - C:\Program Files\FromDocToPDF_65\bar\1.bin [2013-05-06]
FF HKCU\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]

Chrome: 
=======
CHR DefaultSearchKeyword: Default -> isearch.avg.com
CHR DefaultSearchProvider: Default -> AVG Secure Search
CHR DefaultSearchURL: Default -> hxxp://isearch.avg.com/search?cid={619CC635-8BDD-420C-BF2F-A6E0CD7DC0BB}&mid=ff306da0c29647d094add15650a707b4-3e9a3aa20498aca0676339c741a3e6568b770302&lang=en&ds=pp011&pr=sa&d=2012-07-13 03:40:54&v=11.1.0.12&sap=dsp&q={searchTerms}
CHR DefaultSuggestURL: Default -> hxxp://clients5.google.com/complete/search?hl={language}&q={searchTerms}&client=ie8&inputencoding={inputEncoding}&outputencoding={outputEncoding}
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\36.0.1985.143\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\36.0.1985.143\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\36.0.1985.143\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft® Windows Media Player Firefox Plugin) - C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (DivX Web Player) - C:\Program Files\Mozilla Firefox\plugins\npdivx32.dll (DivX,Inc.)
CHR Plugin: (DivX Player Netscape Plugin) - C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll (DivX, Inc)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U7) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (Windows Live® Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.70.11) - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR CustomProfile: C:\Users\Nabil\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Avira SearchFree Toolbar plus Web Protection) - C:\Users\Nabil\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaacalgebmfelllfiaoknifldpngjh [2014-02-21]
CHR Extension: (Google Wallet) - C:\Users\Nabil\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-21]
CHR Extension: (Windows Desktop Search Map Plugin) - C:\Users\Nabil\AppData\Local\Google\Chrome\User Data\Default\odjdhehadhchicfppchedblnncmdfgpd\4.0.0 [2014-02-13]
CHR HKLM\...\Chrome\Extension: [aaaaacalgebmfelllfiaoknifldpngjh] - C:\ProgramData\AskPartnerNetwork\Toolbar\AVIRA-V7\CRX\ToolbarCR.crx [2014-09-03]
CHR HKLM\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\ProgramData\AVG Secure Search\ChromeExt\12.2.5.32\avg.crx [2014-09-03]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [430160 2014-07-30] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [430160 2014-07-30] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [1021008 2014-07-30] (Avira Operations GmbH & Co. KG)
R2 APNMCP; C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe [166296 2014-08-22] (APN LLC.)
R2 ezSharedSvc; C:\Windows\System32\ezsvc7.dll [129992 2008-02-03] (EasyBits Sofware AS) [File not signed]
R2 FromDocToPDF_65Service; C:\Program Files\FromDocToPDF_65\bar\1.bin\65barsvc.exe [42504 2013-05-06] (COMPANYVERS_NAME)
R2 FsUsbExService; C:\Windows\system32\FsUsbExService.Exe [233472 2009-03-31] (Teruten) [File not signed]
R2 HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [94208 2008-04-15] (Hewlett-Packard) [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [73728 2008-02-26] (Hewlett-Packard Company) [File not signed]
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [235696 2014-04-09] (McAfee, Inc.)
R2 PDF Architect Helper Service; C:\Program Files\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
S2 PDF Architect Service; C:\Program Files\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
R2 Recovery Service for Windows; C:\Windows\SMINST\BLService.exe [361808 2008-04-26] ()
R2 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [272024 2007-01-09] ()
S3 ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [430592 2008-04-07] (Nokia.) [File not signed]
S2 vToolbarUpdater12.2.6; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [97648 2014-06-24] (Avira Operations GmbH & Co. KG)
R1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [27496 2012-08-30] (AVG Technologies)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2014-06-05] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-11-25] (Avira Operations GmbH & Co. KG)
R2 enodpl; C:\Windows\System32\drivers\enodpl.sys [7552 2003-03-02] () [File not signed]
R3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [36608 2009-03-31] () [File not signed]
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [691696 2010-03-10] () [File not signed]
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-08-08] (Avira GmbH)
S3 ss_bbus; C:\Windows\System32\DRIVERS\ss_bbus.sys [90112 2009-03-20] (MCCI)
S3 ss_bmdfl; C:\Windows\System32\DRIVERS\ss_bmdfl.sys [14976 2009-03-20] (MCCI Corporation)
S3 ss_bmdm; C:\Windows\System32\DRIVERS\ss_bmdm.sys [121856 2009-03-20] (MCCI Corporation)
R2 tandpl; C:\Windows\System32\drivers\tandpl.sys [4736 2003-04-19] () [File not signed]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-06 12:29 - 2014-09-06 12:37 - 00030665 _____ () C:\Users\Nabil\Desktop\Addition.txt
2014-09-06 12:27 - 2014-09-07 05:39 - 00027247 _____ () C:\Users\Nabil\Desktop\FRST.txt
2014-09-06 12:25 - 2014-09-06 12:25 - 01096704 _____ (Farbar) C:\Users\Nabil\Desktop\FRST(1).exe
2014-08-29 03:00 - 2014-08-23 03:03 - 00297984 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-29 03:00 - 2014-08-23 01:26 - 02054656 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-19 01:38 - 2014-08-19 01:38 - 00041963 _____ () C:\Users\Nabil\Desktop\detail.htm
2014-08-19 01:37 - 2014-08-19 01:37 - 00030613 _____ () C:\Users\Nabil\Desktop\EBSCOhost.htm
2014-08-19 00:36 - 2014-08-19 00:36 - 00000000 ____D () C:\Users\Nabil\AppData\Local\Adobe
2014-08-14 03:14 - 2014-06-27 00:17 - 00619664 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-14 03:14 - 2014-06-27 00:17 - 00099480 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-14 03:14 - 2014-06-27 00:17 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-14 03:14 - 2014-06-06 06:28 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-14 00:44 - 2014-07-24 19:58 - 01810432 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-14 00:44 - 2014-07-24 19:51 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-14 00:44 - 2014-07-24 19:49 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-08-14 00:44 - 2014-07-24 19:49 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-14 00:44 - 2014-07-24 19:48 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-14 00:44 - 2014-07-24 19:48 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-14 00:44 - 2014-07-24 19:48 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-14 00:44 - 2014-07-24 19:47 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-14 00:44 - 2014-07-08 02:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-14 00:44 - 2014-06-14 02:44 - 00638400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-14 00:44 - 2014-06-14 02:33 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2014-08-14 00:44 - 2014-06-02 12:31 - 02263552 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-14 00:44 - 2014-06-02 12:31 - 00332800 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-14 00:44 - 2014-06-02 12:30 - 01993728 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-14 00:44 - 2014-06-02 12:30 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2014-08-14 00:44 - 2014-06-02 10:56 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-14 00:43 - 2014-07-24 20:07 - 12356608 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-14 00:43 - 2014-07-24 19:57 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-14 00:43 - 2014-07-24 19:52 - 01137664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-14 00:43 - 2014-07-24 19:51 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-14 00:43 - 2014-07-24 19:50 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-08-14 00:43 - 2014-07-24 19:50 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-14 00:43 - 2014-07-24 19:49 - 01802240 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-14 00:43 - 2014-07-24 19:49 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-14 00:43 - 2014-07-24 19:49 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-14 00:43 - 2014-07-24 19:48 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-14 00:43 - 2014-07-24 19:48 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-08-14 00:43 - 2014-07-24 19:48 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-08-14 00:43 - 2014-07-24 19:48 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-07 05:40 - 2014-09-06 12:27 - 00027247 _____ () C:\Users\Nabil\Desktop\FRST.txt
2014-09-07 05:39 - 2014-01-30 05:39 - 00000000 ____D () C:\FRST
2014-09-07 05:15 - 2012-02-02 12:20 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-07 05:14 - 2012-06-13 13:55 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-07 05:14 - 2008-10-15 14:23 - 00251965 _____ () C:\ProgramData\nvModes.001
2014-09-07 05:14 - 2008-10-15 14:22 - 00251965 _____ () C:\ProgramData\nvModes.dat
2014-09-07 05:14 - 2008-10-15 13:45 - 01459072 _____ () C:\Windows\WindowsUpdate.log
2014-09-06 17:19 - 2012-02-02 12:20 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-06 16:36 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\tracing
2014-09-06 13:55 - 2006-11-02 14:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-06 13:55 - 2006-11-02 14:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-06 12:37 - 2014-09-06 12:29 - 00030665 _____ () C:\Users\Nabil\Desktop\Addition.txt
2014-09-06 12:25 - 2014-09-06 12:25 - 01096704 _____ (Farbar) C:\Users\Nabil\Desktop\FRST(1).exe
2014-09-06 11:58 - 2013-05-09 18:42 - 00000000 ___RD () C:\Users\Nabil\Dropbox
2014-09-06 11:58 - 2013-05-09 18:37 - 00000000 ____D () C:\Users\Nabil\AppData\Roaming\Dropbox
2014-09-06 11:56 - 2008-10-15 14:33 - 00000249 _____ () C:\Users\Public\Documents\hpqp.ini
2014-09-06 11:55 - 2008-11-15 00:36 - 00065536 _____ () C:\Windows\system32\Ikeext.etl
2014-09-06 11:55 - 2006-11-02 15:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-06 01:24 - 2006-11-02 15:01 - 00032636 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-09-05 16:38 - 2008-11-28 17:21 - 00000052 _____ () C:\Windows\system32\DOErrors.log
2014-08-29 12:08 - 2006-11-02 14:47 - 00319400 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-23 13:05 - 2010-01-29 22:26 - 00000000 ____D () C:\Users\Nabil\Desktop\Bilder
2014-08-23 03:03 - 2014-08-29 03:00 - 00297984 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-23 01:26 - 2014-08-29 03:00 - 02054656 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-20 22:15 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-08-19 01:38 - 2014-08-19 01:38 - 00041963 _____ () C:\Users\Nabil\Desktop\detail.htm
2014-08-19 01:37 - 2014-08-19 01:37 - 00030613 _____ () C:\Users\Nabil\Desktop\EBSCOhost.htm
2014-08-19 00:36 - 2014-08-19 00:36 - 00000000 ____D () C:\Users\Nabil\AppData\Local\Adobe
2014-08-18 13:31 - 2012-06-13 13:55 - 00699568 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-08-18 13:31 - 2011-05-25 21:32 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-08-15 02:00 - 2013-05-09 18:42 - 00000919 _____ () C:\Users\Nabil\Desktop\Dropbox.lnk
2014-08-15 02:00 - 2013-05-09 18:39 - 00000000 ____D () C:\Users\Nabil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-08-14 11:53 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\rescache
2014-08-14 11:39 - 2006-11-02 12:33 - 01565124 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-14 11:31 - 2014-07-03 11:33 - 00001044 _____ () C:\Windows\PFRO.log
2014-08-14 03:24 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\system32\de-DE
2014-08-14 03:23 - 2008-07-08 06:37 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-08-14 03:17 - 2013-08-15 03:10 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-14 03:17 - 2006-11-02 12:24 - 96303304 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-08-14 00:19 - 2013-05-06 12:22 - 00000000 ____D () C:\Users\Nabil\AppData\Roaming\Skype

Some content of TEMP:
====================
C:\Users\Nabil\AppData\Local\Temp\avgnt.exe
C:\Users\Nabil\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpc9lm8z.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-09-06 12:02

==================== End Of Log ============================
         

--- --- ---

--- --- ---

hi,

Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

• WICHTIG: Speichere Combofix auf deinem Desktop.
• Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
• Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
• Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
• Wenn Combofix fertig ist, wird es ein Logfile erstellen.
• Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

starte den Rechner einfach neu. Dies sollte das Problem beheben.

hi,
der scan lief sauber.

hier ist die logfile:

Code: Alles auswählenAufklappen

ATTFilter

ComboFix 14-09-05.01 - Nabil 08.09.2014   0:31.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.3068.1698 [GMT 2:00]
ausgeführt von:: c:\users\Nabil\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\IsUn0407.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2014-08-07 bis 2014-09-07  ))))))))))))))))))))))))))))))
.
.
2014-09-07 22:44 . 2014-09-07 22:44	--------	d-----w-	c:\users\Default\AppData\Local\temp
2014-08-29 01:00 . 2014-08-23 01:03	297984	----a-w-	c:\windows\system32\gdi32.dll
2014-08-29 01:00 . 2014-08-22 23:26	2054656	----a-w-	c:\windows\system32\win32k.sys
2014-08-18 22:36 . 2014-08-18 22:36	--------	d-----w-	c:\users\Nabil\AppData\Local\Adobe
2014-08-14 01:14 . 2014-06-26 22:17	99480	----a-w-	c:\windows\system32\infocardapi.dll
2014-08-14 01:14 . 2014-06-26 22:17	8856	----a-w-	c:\windows\system32\icardres.dll
2014-08-14 01:14 . 2014-06-26 22:17	619664	----a-w-	c:\windows\system32\icardagt.exe
2014-08-14 01:14 . 2014-06-06 04:28	35480	----a-w-	c:\windows\system32\TsWpfWrp.exe
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-08-18 11:31 . 2012-06-13 11:55	699568	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2014-08-18 11:31 . 2011-05-25 19:32	71344	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2014-06-24 09:35 . 2013-08-08 07:58	97648	----a-w-	c:\windows\system32\drivers\avgntflt.sys
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{41564952-412D-5637-00A7-7A786E7484D7}]
2014-08-22 21:56	12184	----a-w-	c:\program files\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{41564952-412D-5637-00A7-7A786E7484D7}"= "c:\program files\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll" [2014-08-22 12184]
.
[HKEY_CLASSES_ROOT\clsid\{41564952-412d-5637-00a7-7a786e7484d7}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54	131248	----a-w-	c:\users\Nabil\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54	131248	----a-w-	c:\users\Nabil\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54	131248	----a-w-	c:\users\Nabil\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54	131248	----a-w-	c:\users\Nabil\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-10 1233920]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-02-26 2289664]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"AutoStartNPSAgent"="c:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe" [2009-04-02 102400]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2013-11-14 20584608]
"URmedia"="regsvr32.exe" [2006-11-02 14336]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-17 1049896]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2008-06-11 468264]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-05-12 202032]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-10-09 421736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-10-03 13826664]
"FromDocToPDF Search Scope Monitor"="c:\progra~1\FROMDO~2\bar\1.bin\65srchmn.exe" [2013-05-06 44784]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2014-07-30 751184]
"ApnTBMon"="c:\program files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe" [2014-08-22 1942424]
.
c:\users\Nabil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Nabil\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-7-30 36414496]
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680]
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-8-18 384000]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.8.150\SSScheduler.exe [2014-4-9 279456]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-21 02:23	1008184	----a-w-	c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"HP Health Check Scheduler"=c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
"HP Software Update"=c:\program files\Hp\HP Software Update\HPWuSchd2.exe
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - FSUSBEXDISK
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
ezSharedSvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-02-26 12:06	451872	----a-w-	c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-09-04 16:54	1096520	----a-w-	c:\program files\Google\Chrome\Application\37.0.2062.103\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2014-09-07 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-13 11:31]
.
2014-09-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-22 20:02]
.
2014-09-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-22 20:02]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=Presario&pf=cnnb
uSearchURL,(Default) = hxxp://go.web.de/suchbox/webdesuche?su=%s
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Nabil\AppData\Roaming\Mozilla\Firefox\Profiles\tbad4eys.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - ExtSQL: !HIDDEN! 1970-05-29 12:03; {707493E3-2737-5F82-F274-31BDD2C356F3}; - 
FF - ExtSQL: !HIDDEN! 2013-05-06 23:45; 65ffxtbr@FromDocToPDF_65.com; c:\program files\FromDocToPDF_65\bar\1.bin
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
ShellIconOverlayIdentifiers-{FB314EDD-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDE-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDF-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EE0-A251-47B7-93E1-CDD82E34AF8B} - (no file)
HKLM-Run-YouCam Mirage - c:\program files\CyberLink\YouCam\YCMMirage.exe
HKLM-Run-YouCam Tray - c:\program files\CyberLink\YouCam\YouCamTray.exe
HKLM-Run-vProt - c:\program files\AVG Secure Search\vprot.exe
SafeBoot-WudfPf
SafeBoot-WudfRd
MSConfigStartUp-HF_G_Jul - c:\program files\AVG Secure Search\HF_G_Jul.exe
MSConfigStartUp-ROC_ROC_JULY_P1 - c:\program files\AVG Secure Search\ROC_ROC_JULY_P1.exe
AddRemove-Uninstall_is1 - c:\program files\Common Files\DVDVideoSoft\unins000.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2014-09-08 00:45
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2014-09-08  00:48:43
ComboFix-quarantined-files.txt  2014-09-07 22:48
.
Vor Suchlauf: 18 Verzeichnis(se), 136.122.892.288 Bytes frei
Nach Suchlauf: 25 Verzeichnis(se), 136.378.916.864 Bytes frei
.
- - End Of File - - DC01D351FD07D57714F65A8724D2E67B
85D751F0E41B8E520AEE8C07A8DA777B
         

Downloade Dir bitte Malwarebytes Anti-Malware

• Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
• Starte Malwarebytes' Anti-Malware (MBAM).
• Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
• Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
• Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
• Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
• Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
• Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Downloade Dir bitte AdwCleaner auf deinen Desktop.

• Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
• Starte die AdwCleaner.exe mit einem Doppelklick.
• Stimme den Nutzungsbedingungen zu.
• Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
  • "Tracing" Schlüssel löschen
  • Winsock Einstellungen zurücksetzen
  • Proxy Einstellungen zurücksetzen
  • Internet Explorer Richtlinien zurücksetzen
  • Chrome Richtlinien zurücksetzen
  • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
• Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
• Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
• Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
• Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

• Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
• Drücke eine beliebige Taste, um das Tool zu starten.
• Je nach System kann der Scan eine Weile dauern.
• Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
• Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

und ein frisches FRST log bitte.

hi,
hier sind die logs. Beim FRST hats wieder bei der gleichen Stelle gehangen, daher hab ich den Haken bei Addition wieder rausgenommen.

Code: Alles auswählenAufklappen

ATTFilter

 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 08.09.2014
Suchlauf-Zeit: 20:54:22
Logdatei: nnnn.txt
Administrator: Ja

Version: 2.00.2.1012
Malware Datenbank: v2014.09.08.06
Rootkit Datenbank: v2014.08.21.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Self-protection: Deaktiviert

Betriebssystem: Windows Vista Service Pack 2
CPU: x86
Dateisystem: NTFS
Benutzer: Nabil

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 307099
Verstrichene Zeit: 26 Min, 57 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristics: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 0
(No malicious items detected)

Registrierungswerte: 0
(No malicious items detected)

Registrierungsdaten: 0
(No malicious items detected)

Ordner: 0
(No malicious items detected)

Dateien: 0
(No malicious items detected)

Physische Sektoren: 0
(No malicious items detected)


(end)
         

Code: Alles auswählenAufklappen

ATTFilter

# AdwCleaner v3.309 - Bericht erstellt am 08/09/2014 um 21:42:29
# Aktualisiert 02/09/2014 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzername : Nabil - NABIL-PC
# Gestartet von : C:\Users\Nabil\Desktop\adwcleaner_3.309.exe
# Option : Löschen

***** [ Dienste ] *****

Dienst Gelöscht : FromDocToPDF_65Service

***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\ICQ\ICQToolbar
Ordner Gelöscht : C:\Program Files\FromDocToPDF_65
[/!\] Nicht Gelöscht ( Junction ) : C:\Program Files\Gemeinsame Dateien
Ordner Gelöscht : C:\Program Files\ICQ6Toolbar
Ordner Gelöscht : C:\Program Files\iMesh Applications
Ordner Gelöscht : C:\Users\Nabil\AppData\Local\FromDocToPDF_65
Ordner Gelöscht : C:\Users\Nabil\AppData\Local\iMesh
Ordner Gelöscht : C:\Users\Nabil\AppData\Local\PackageAware
Ordner Gelöscht : C:\Users\Nabil\AppData\LocalLow\FromDocToPDF_65
Ordner Gelöscht : C:\Users\Nabil\AppData\Roaming\pdfforge
Ordner Gelöscht : C:\Users\Nabil\Documents\iMesh
Ordner Gelöscht : C:\Program Files\Mozilla Firefox\Extensions\{800B5000-A755-47E1-992B-48A1C1357F07}
Ordner Gelöscht : C:\Users\Nabil\AppData\Roaming\Mozilla\Firefox\Profiles\tbad4eys.default\Extensions\65ffxtbr@FromDocToPDF_65.com

***** [ Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\ICQ\ICQToolBar
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{E3CDDB72-3ADC-4920-B42B-68A8C29FA942}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D97143C2-4282-496B-BDC4-7EC852F1497C}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{25A3A431-30BB-47C8-AD6A-E1063801134F}]
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\iMeshMediabarTb
Schlüssel Gelöscht : HKLM\SOFTWARE\ICQ\ICQToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4

***** [ Browser ] *****

-\\ Internet Explorer v9.0.8112.16563

Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]

-\\ Mozilla Firefox v31.0 (x86 de)

[ Datei : C:\Users\Nabil\AppData\Roaming\Mozilla\Firefox\Profiles\tbad4eys.default\prefs.js ]

Zeile gelöscht : user_pref("extensions.toolbar.mindspark._65Members_.homepage", "hxxp://home.mywebsearch.com/index.jhtml?ptb=DCD39F4F-7BB2-41E0-9268-EC24782EA39D&n=77fcb75d&p2=^Y6^xdm010^YY^de&si=CNaT9sC5grcCFRLLtAodX[...]
Zeile gelöscht : user_pref("extensions.toolbar.mindspark._65Members_.initialized", true);
Zeile gelöscht : user_pref("extensions.toolbar.mindspark._65Members_.installation.contextKey", "");
Zeile gelöscht : user_pref("extensions.toolbar.mindspark._65Members_.installation.installDate", "2013050717");
Zeile gelöscht : user_pref("extensions.toolbar.mindspark._65Members_.installation.partnerId", "^Y6^xdm010^YY^de");
Zeile gelöscht : user_pref("extensions.toolbar.mindspark._65Members_.installation.partnerSubId", "CNaT9sC5grcCFRLLtAodXh4ASg");
Zeile gelöscht : user_pref("extensions.toolbar.mindspark._65Members_.installation.success", true);
Zeile gelöscht : user_pref("extensions.toolbar.mindspark._65Members_.installation.toolbarId", "DCD39F4F-7BB2-41E0-9268-EC24782EA39D");
Zeile gelöscht : user_pref("extensions.toolbar.mindspark._65Members_.lastActivePing", "1410196240496");
Zeile gelöscht : user_pref("extensions.toolbar.mindspark._65Members_.options.defaultSearch", false);
Zeile gelöscht : user_pref("extensions.toolbar.mindspark._65Members_.options.homePageEnabled", false);
Zeile gelöscht : user_pref("extensions.toolbar.mindspark._65Members_.options.keywordEnabled", false);
Zeile gelöscht : user_pref("extensions.toolbar.mindspark._65Members_.options.tabEnabled", false);
Zeile gelöscht : user_pref("extensions.toolbar.mindspark._65Members_.searchHistory", "logged||The International Accounting Standards Committee (IASC) was formed in 1973 through an agreement made by professional accoun[...]
Zeile gelöscht : user_pref("extensions.toolbar.mindspark._65Members_.weather.location", "10001");
Zeile gelöscht : user_pref("extensions.toolbar.mindspark.lastInstalled", "fromdoctopdf@mindspark.com");

-\\ Google Chrome v37.0.2062.103

[ Datei : C:\Users\Nabil\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Gelöscht [Extension] : bopakagnckmlgajfccecajhnimjiiedh

*************************

AdwCleaner[R0].txt - [5579 octets] - [08/09/2014 21:39:18]
AdwCleaner[S0].txt - [5461 octets] - [08/09/2014 21:42:31]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5521 octets] ##########
         

Code: Alles auswählenAufklappen

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows Vista (TM) Home Premium x86
Ran by Nabil on 09.09.2014 at  0:30:21,01
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\apntbmon
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{13119113-0854-469D-807A-171568457991}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{33119133-0854-469D-807A-171568457991}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{41564952-412D-5637-00A7-7A786E7484D7}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{23119123-0854-469D-807A-171568457991}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{03119103-0854-469D-807A-171568457991}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\softonic
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\yahoopartnertoolbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-844390190-3209963648-2143926772-1000\Software\sweetim



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\apn"
Successfully deleted: [Folder] "C:\Users\Nabil\AppData\Roaming\opencandy"
Successfully deleted: [Folder] "C:\Program Files\icq6toolbar"



~~~ FireFox

Successfully deleted: [File] C:\Users\Nabil\AppData\Roaming\mozilla\firefox\profiles\tbad4eys.default\extensions\toolbar_avira-v7@apn.ask.com.xpi
Successfully deleted the following from C:\Users\Nabil\AppData\Roaming\mozilla\firefox\profiles\tbad4eys.default\prefs.js

user_pref("extensions.toolbar.mindspark._65Members_.homepage", "hxxp://home.mywebsearch.com/index.jhtml?ptb=DCD39F4F-7BB2-41E0-9268-EC24782EA39D&n=77fcb75d&p2=^Y6^xdm010^YY^de
user_pref("extensions.toolbar.mindspark._65Members_.initialized", true);
user_pref("extensions.toolbar.mindspark._65Members_.installation.contextKey", "");
user_pref("extensions.toolbar.mindspark._65Members_.installation.installDate", "2013050717");
user_pref("extensions.toolbar.mindspark._65Members_.installation.partnerId", "^Y6^xdm010^YY^de");
user_pref("extensions.toolbar.mindspark._65Members_.installation.partnerSubId", "CNaT9sC5grcCFRLLtAodXh4ASg");
user_pref("extensions.toolbar.mindspark._65Members_.installation.success", true);
user_pref("extensions.toolbar.mindspark._65Members_.installation.toolbarId", "DCD39F4F-7BB2-41E0-9268-EC24782EA39D");
user_pref("extensions.toolbar.mindspark._65Members_.lastActivePing", "1409873297304");
user_pref("extensions.toolbar.mindspark._65Members_.options.defaultSearch", false);
user_pref("extensions.toolbar.mindspark._65Members_.options.homePageEnabled", false);
user_pref("extensions.toolbar.mindspark._65Members_.options.keywordEnabled", false);
user_pref("extensions.toolbar.mindspark._65Members_.options.tabEnabled", false);
user_pref("extensions.toolbar.mindspark._65Members_.searchHistory", "logged||The International Accounting Standards Committee (IASC) was formed in 1973 through an agreement ma
user_pref("extensions.toolbar.mindspark._65Members_.weather.location", "10001");
user_pref("extensions.toolbar.mindspark.lastInstalled", "fromdoctopdf@mindspark.com");
Emptied folder: C:\Users\Nabil\AppData\Roaming\mozilla\firefox\profiles\tbad4eys.default\minidumps [416 files]



~~~ Chrome

Successfully deleted: [Folder] C:\Users\Nabil\appdata\local\Google\Chrome\User Data\Default\Extensions\aaaaacalgebmfelllfiaoknifldpngjh
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\aaaaacalgebmfelllfiaoknifldpngjh



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 09.09.2014 at  0:37:04,52
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         

FRST Logfile:

FRST Logfile:

Code: Alles auswählenAufklappen

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 07-09-2014
Ran by Nabil (administrator) on NABIL-PC on 09-09-2014 00:45:40
Running from C:\Users\Nabil\Desktop
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(APN LLC.) C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Teruten) C:\Windows\System32\FsUsbExService.Exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(pdfforge GmbH) C:\Program Files\PDF Architect\HelperService.exe
() C:\Windows\SMINST\BLService.exe
() C:\Program Files\CyberLink\Shared Files\RichVideo.exe
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(CyberLink Corp.) C:\Program Files\HP\QuickPlay\QPService.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(APN) C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(Dropbox, Inc.) C:\Users\Nabil\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.bin
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
() C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Farbar) C:\Users\Nabil\Desktop\FRST(1).exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1049896 2008-04-17] (Synaptics, Inc.)
HKLM\...\Run: [QPService] => C:\Program Files\HP\QuickPlay\QPService.exe [468264 2008-06-11] (CyberLink Corp.)
HKLM\...\Run: [QlbCtrl.exe] => C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [202032 2008-05-12] ( Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [hpWirelessAssistant] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [488752 2008-04-15] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [YouCam Mirage] => "C:\Program Files\CyberLink\YouCam\YCMMirage.exe"
HKLM\...\Run: [YouCam Tray] => "C:\Program Files\CyberLink\YouCam\YouCamTray.exe" /s
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2011-09-27] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [421736 2011-10-09] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [vProt] => "C:\Program Files\AVG Secure Search\vprot.exe"
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [FromDocToPDF Search Scope Monitor] => "C:\PROGRA~1\FROMDO~2\bar\1.bin\65srchmn.exe" /m=2 /w /h
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [751184 2014-07-30] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-844390190-3209963648-2143926772-1000\...\Run: [LightScribe Control Panel] => C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2289664 2008-02-26] (Hewlett-Packard Company)
HKU\S-1-5-21-844390190-3209963648-2143926772-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-844390190-3209963648-2143926772-1000\...\Run: [AutoStartNPSAgent] => C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe [102400 2009-04-02] (Samsung Electronics Co., Ltd.)
HKU\S-1-5-21-844390190-3209963648-2143926772-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)
HKU\S-1-5-21-844390190-3209963648-2143926772-1000\...\Run: [URmedia] => regsvr32.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\Nabil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Nabil\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Nabil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Nabil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk
ShortcutTarget: OpenOffice.org 3.1.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
ShellIconOverlayIdentifiers: "DropboxExt1" -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nabil\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt2" -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nabil\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt3" -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: "DropboxExt4" -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: "DropboxExt5" -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nabil\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt6" -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: "DropboxExt7" -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nabil\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt8" -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} =>  No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,ICQ Search = hxxp://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO: PDF Architect Helper -> {3A2D5EBA-F86D-4BD3-A177-019765996711} -> C:\Program Files\PDF Architect\PDFIEHelper.dll (pdfforge GmbH)
BHO: No Name -> {41564952-412D-5637-00A7-7A786E7484D7} ->  No File
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - PDF Architect Toolbar - {25A3A431-30BB-47C8-AD6A-E1063801134F} - C:\Program Files\PDF Architect\PDFIEPlugin.dll (pdfforge GmbH)
Toolbar: HKLM - No Name - {41564952-412D-5637-00A7-7A786E7484D7} -  No File
Toolbar: HKCU - &Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\system32\ieframe.dll (Microsoft Corporation)
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} hxxp://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
DPF: {5D6F45B3-9043-443D-A792-115447494D24} hxxp://messenger.zone.msn.com/DE-DE/a-UNO1/GAME_UNO1.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler: qvp - {4BA78E3D-CA25-4BFF-B8F0-8A3359E4B520} - C:\Program Files\QlikView\QvProtocol\qvp.dll (QlikTech AB)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Winsock: Catalog9 01 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 02 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 03 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 04 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 05 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 06 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 07 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 08 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 19 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Nabil\AppData\Roaming\Mozilla\Firefox\Profiles\tbad4eys.default
FF Homepage: hxxp://www.google.de/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_179.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF Plugin: @divx.com/DivX Player Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF Plugin: @FromDocToPDF_65.com/Plugin -> C:\Program Files\FromDocToPDF_65\bar\1.bin\NP65Stub.dll No File
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.7.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll No File
FF Plugin: @java.com/JavaPlugin,version=10.7.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdivx32.dll (DivX,Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npDivxPlayerPlugin.dll (DivX, Inc)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Nabil\AppData\Roaming\mozilla\plugins\np-mswmp.dll (Microsoft Corporation)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: YouTube Unblocker - C:\Users\Nabil\AppData\Roaming\Mozilla\Firefox\Profiles\tbad4eys.default\Extensions\youtubeunblocker@unblocker.yt [2014-09-01]
FF Extension: Windows Desktop Search Map Plugin - C:\Users\Nabil\AppData\Roaming\Mozilla\Firefox\Profiles\tbad4eys.default\Extensions\{707493E3-2737-5F82-F274-31BDD2C356F3} [2014-02-13]
FF Extension: {36851813-8faa-431d-9741-03ba4a6abc59} - C:\Users\Nabil\AppData\Roaming\Mozilla\Firefox\Profiles\tbad4eys.default\Extensions\{36851813-8faa-431d-9741-03ba4a6abc59}.xpi [2014-06-06]
FF Extension: Real Player Addon - C:\Users\Nabil\AppData\Roaming\Mozilla\Firefox\Profiles\tbad4eys.default\Extensions\{57974fbf-2132-488e-a573-d34af543c802}.xpi [2014-06-10]
FF Extension: Adblock Plus - C:\Users\Nabil\AppData\Roaming\Mozilla\Firefox\Profiles\tbad4eys.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-11-27]
FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2014-06-18]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-08-22]
FF HKLM\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files\PDF Architect\FFPDFArchitectExt [2013-05-06]
FF HKLM\...\Firefox\Extensions: [65ffxtbr@FromDocToPDF_65.com] - C:\Program Files\FromDocToPDF_65\bar\1.bin
FF Extension: No Name - C:\Program Files\FromDocToPDF_65\bar\1.bin [2013-05-06]
FF HKCU\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]

Chrome: 
=======
CHR HomePage: Default -> 
CHR DefaultSearchKeyword: Default -> isearch.avg.com
CHR DefaultSearchURL: Default -> hxxp://isearch.avg.com/search?cid={619CC635-8BDD-420C-BF2F-A6E0CD7DC0BB}&mid=ff306da0c29647d094add15650a707b4-3e9a3aa20498aca0676339c741a3e6568b770302&lang=en&ds=pp011&pr=sa&d=2012-07-13 03:40:54&v=11.1.0.12&sap=dsp&q={searchTerms}
CHR DefaultSuggestURL: Default -> hxxp://clients5.google.com/complete/search?hl={language}&q={searchTerms}&client=ie8&inputencoding={inputEncoding}&outputencoding={outputEncoding}
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\36.0.1985.143\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\36.0.1985.143\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\36.0.1985.143\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft® Windows Media Player Firefox Plugin) - C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (DivX Web Player) - C:\Program Files\Mozilla Firefox\plugins\npdivx32.dll (DivX,Inc.)
CHR Plugin: (DivX Player Netscape Plugin) - C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll (DivX, Inc)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U7) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (Windows Live® Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.70.11) - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR CustomProfile: C:\Users\Nabil\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Wallet) - C:\Users\Nabil\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-21]
CHR Extension: (Windows Desktop Search Map Plugin) - C:\Users\Nabil\AppData\Local\Google\Chrome\User Data\Default\odjdhehadhchicfppchedblnncmdfgpd\4.0.0 [2014-02-13]
CHR HKLM\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\ProgramData\AVG Secure Search\ChromeExt\12.2.5.32\avg.crx []

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [430160 2014-07-30] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [430160 2014-07-30] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [1021008 2014-07-30] (Avira Operations GmbH & Co. KG)
R2 APNMCP; C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe [166296 2014-08-22] (APN LLC.)
R2 ezSharedSvc; C:\Windows\System32\ezsvc7.dll [129992 2008-02-03] (EasyBits Sofware AS) [File not signed]
R2 FsUsbExService; C:\Windows\system32\FsUsbExService.Exe [233472 2009-03-31] (Teruten) [File not signed]
R2 HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [94208 2008-04-15] (Hewlett-Packard) [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [73728 2008-02-26] (Hewlett-Packard Company) [File not signed]
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [235696 2014-04-09] (McAfee, Inc.)
R2 PDF Architect Helper Service; C:\Program Files\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
S2 PDF Architect Service; C:\Program Files\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
R2 Recovery Service for Windows; C:\Windows\SMINST\BLService.exe [361808 2008-04-26] ()
R2 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [272024 2007-01-09] ()
S3 ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [430592 2008-04-07] (Nokia.) [File not signed]
S2 FromDocToPDF_65Service; C:\PROGRA~1\FROMDO~2\bar\1.bin\65barsvc.exe [X]
S2 vToolbarUpdater12.2.6; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [97648 2014-06-24] (Avira Operations GmbH & Co. KG)
R1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [27496 2012-08-30] (AVG Technologies)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2014-06-05] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-11-25] (Avira Operations GmbH & Co. KG)
R2 enodpl; C:\Windows\System32\drivers\enodpl.sys [7552 2003-03-02] () [File not signed]
R3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [36608 2009-03-31] () [File not signed]
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [691696 2010-03-10] () [File not signed]
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-08-08] (Avira GmbH)
S3 ss_bbus; C:\Windows\System32\DRIVERS\ss_bbus.sys [90112 2009-03-20] (MCCI)
S3 ss_bmdfl; C:\Windows\System32\DRIVERS\ss_bmdfl.sys [14976 2009-03-20] (MCCI Corporation)
S3 ss_bmdm; C:\Windows\System32\DRIVERS\ss_bmdm.sys [121856 2009-03-20] (MCCI Corporation)
R2 tandpl; C:\Windows\System32\drivers\tandpl.sys [4736 2003-04-19] () [File not signed]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-09 00:38 - 2014-09-09 00:38 - 01097728 _____ (Farbar) C:\Users\Nabil\Desktop\FRST(1).exe
2014-09-09 00:37 - 2014-09-09 00:37 - 00004763 _____ () C:\Users\Nabil\Desktop\JRT.txt
2014-09-09 00:30 - 2014-09-09 00:30 - 00000000 ____D () C:\Windows\ERUNT
2014-09-09 00:29 - 2014-09-09 00:29 - 01016261 _____ (Thisisu) C:\Users\Nabil\Desktop\JRT.exe
2014-09-08 21:39 - 2014-09-08 21:45 - 00000000 ____D () C:\AdwCleaner
2014-09-08 21:36 - 2014-09-08 21:36 - 00001163 _____ () C:\Users\Nabil\Desktop\mbam.txt
2014-09-08 21:34 - 2014-09-08 21:34 - 00001252 _____ () C:\nnn.Xml
2014-09-08 20:46 - 2014-09-08 20:46 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2014-09-08 00:48 - 2014-09-08 00:48 - 00011716 _____ () C:\ComboFix.txt
2014-09-08 00:48 - 2014-09-08 00:48 - 00000000 __SHD () C:\$RECYCLE(0).BIN
2014-09-08 00:26 - 2014-09-08 00:48 - 00000000 ____D () C:\Qoobox
2014-09-08 00:26 - 2014-09-08 00:48 - 00000000 ____D () C:\ComboFix
2014-09-06 12:29 - 2014-09-09 00:45 - 00029004 _____ () C:\Users\Nabil\Desktop\Addition.txt
2014-09-06 12:27 - 2014-09-09 00:45 - 00025350 _____ () C:\Users\Nabil\Desktop\FRST.txt
2014-08-29 03:00 - 2014-08-23 03:03 - 00297984 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-29 03:00 - 2014-08-23 01:26 - 02054656 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-19 01:38 - 2014-08-19 01:38 - 00041963 _____ () C:\Users\Nabil\Desktop\detail.htm
2014-08-19 01:37 - 2014-08-19 01:37 - 00030613 _____ () C:\Users\Nabil\Desktop\EBSCOhost.htm
2014-08-19 00:36 - 2014-08-19 00:36 - 00000000 ____D () C:\Users\Nabil\AppData\Local\Adobe
2014-08-14 03:14 - 2014-06-27 00:17 - 00619664 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-14 03:14 - 2014-06-27 00:17 - 00099480 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-14 03:14 - 2014-06-27 00:17 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-14 03:14 - 2014-06-06 06:28 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-14 00:44 - 2014-07-24 19:58 - 01810432 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-14 00:44 - 2014-07-24 19:51 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-14 00:44 - 2014-07-24 19:49 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-08-14 00:44 - 2014-07-24 19:49 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-14 00:44 - 2014-07-24 19:48 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-14 00:44 - 2014-07-24 19:48 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-14 00:44 - 2014-07-24 19:48 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-14 00:44 - 2014-07-24 19:47 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-14 00:44 - 2014-07-08 02:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-14 00:44 - 2014-06-14 02:44 - 00638400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-14 00:44 - 2014-06-14 02:33 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2014-08-14 00:44 - 2014-06-02 12:31 - 02263552 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-14 00:44 - 2014-06-02 12:31 - 00332800 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-14 00:44 - 2014-06-02 12:30 - 01993728 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-14 00:44 - 2014-06-02 12:30 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2014-08-14 00:44 - 2014-06-02 10:56 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-14 00:43 - 2014-07-24 20:07 - 12356608 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-14 00:43 - 2014-07-24 19:57 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-14 00:43 - 2014-07-24 19:52 - 01137664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-14 00:43 - 2014-07-24 19:51 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-14 00:43 - 2014-07-24 19:50 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-08-14 00:43 - 2014-07-24 19:50 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-14 00:43 - 2014-07-24 19:49 - 01802240 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-14 00:43 - 2014-07-24 19:49 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-14 00:43 - 2014-07-24 19:49 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-14 00:43 - 2014-07-24 19:48 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-14 00:43 - 2014-07-24 19:48 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-08-14 00:43 - 2014-07-24 19:48 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-08-14 00:43 - 2014-07-24 19:48 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-09 01:17 - 2013-05-09 18:39 - 00000000 ____D () C:\Users\Nabil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-09-09 01:17 - 2013-05-06 12:22 - 00000000 ____D () C:\Users\Nabil\AppData\Roaming\Skype
2014-09-09 01:17 - 2011-12-18 17:56 - 00000000 ____D () C:\Users\Nabil\Desktop\Trojaner-Board
2014-09-09 01:17 - 2011-03-22 21:10 - 00000000 ____D () C:\Users\Nabil\Desktop\Booba - Lunatic (Retail)
2014-09-09 01:17 - 2010-03-30 13:22 - 00000000 ____D () C:\Users\Nabil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-09-09 01:17 - 2010-02-09 19:37 - 00000000 ____D () C:\Users\Nabil\AppData\Local\PokerStars.EU
2014-09-09 01:17 - 2009-11-30 19:20 - 00000000 ____D () C:\Users\Nabil\AppData\Local\PokerStars.NET
2014-09-09 01:17 - 2009-11-13 21:23 - 00000000 ____D () C:\Users\Nabil\Desktop\David Guetta - One Love Album 2009
2014-09-09 01:17 - 2009-10-22 14:53 - 00000000 ____D () C:\Users\Nabil\Desktop\OpenOffice.org 3.1 (de) Installation Files
2014-09-09 01:17 - 2009-04-21 00:54 - 00000000 ____D () C:\Users\Nabil\Documents\Nabil
2014-09-09 01:17 - 2009-01-30 21:17 - 00000000 ____D () C:\Users\Nabil\AppData\Local\Microsoft Help
2014-09-09 01:17 - 2008-11-10 19:26 - 00000000 ____D () C:\Users\Nabil\AppData\Local\QuickPlay
2014-09-09 01:17 - 2008-11-10 17:38 - 00000000 ___RD () C:\Users\Nabil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-09-09 01:17 - 2008-11-10 17:38 - 00000000 ___RD () C:\Users\Nabil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-09-09 01:17 - 2008-11-10 17:38 - 00000000 ____D () C:\Users\Nabil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite
2014-09-09 01:17 - 2008-11-10 17:38 - 00000000 ____D () C:\Users\Nabil
2014-09-09 01:17 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\system32\spool
2014-09-09 01:17 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\system32\Msdtc
2014-09-09 01:17 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\system32\de-DE
2014-09-09 01:17 - 2006-11-02 12:22 - 53215232 _____ () C:\Windows\system32\config\software_previous
2014-09-09 01:17 - 2006-11-02 12:22 - 21495808 _____ () C:\Windows\system32\config\system_previous
2014-09-09 01:16 - 2012-08-23 12:10 - 00000000 ____D () C:\ProgramData\McAfee Security Scan
2014-09-09 01:16 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\registration
2014-09-09 01:14 - 2013-05-06 23:44 - 00000000 ____D () C:\Program Files\FromDocToPDF_65
2014-09-09 01:11 - 2006-11-02 12:22 - 44302336 _____ () C:\Windows\system32\config\components_previous
2014-09-09 01:11 - 2006-11-02 12:22 - 00262144 _____ () C:\Windows\system32\config\sam_previous
2014-09-09 00:46 - 2014-09-06 12:27 - 00025350 _____ () C:\Users\Nabil\Desktop\FRST.txt
2014-09-09 00:45 - 2014-09-06 12:29 - 00029004 _____ () C:\Users\Nabil\Desktop\Addition.txt
2014-09-09 00:45 - 2014-01-30 05:39 - 00000000 ____D () C:\FRST
2014-09-09 00:38 - 2014-09-09 00:38 - 01097728 _____ (Farbar) C:\Users\Nabil\Desktop\FRST(1).exe
2014-09-09 00:37 - 2014-09-09 00:37 - 00004763 _____ () C:\Users\Nabil\Desktop\JRT.txt
2014-09-09 00:30 - 2014-09-09 00:30 - 00000000 ____D () C:\Windows\ERUNT
2014-09-09 00:29 - 2014-09-09 00:29 - 01016261 _____ (Thisisu) C:\Users\Nabil\Desktop\JRT.exe
2014-09-09 00:28 - 2008-10-15 13:45 - 01509365 _____ () C:\Windows\WindowsUpdate.log
2014-09-09 00:22 - 2013-05-09 18:42 - 00000000 ___RD () C:\Users\Nabil\Dropbox
2014-09-09 00:22 - 2013-05-09 18:37 - 00000000 ____D () C:\Users\Nabil\AppData\Roaming\Dropbox
2014-09-09 00:19 - 2012-02-02 12:20 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-09 00:19 - 2008-10-15 14:33 - 00000249 _____ () C:\Users\Public\Documents\hpqp.ini
2014-09-09 00:19 - 2008-10-15 14:23 - 00251965 _____ () C:\ProgramData\nvModes.001
2014-09-09 00:19 - 2008-10-15 14:22 - 00251965 _____ () C:\ProgramData\nvModes.dat
2014-09-09 00:18 - 2008-11-15 00:36 - 00065536 _____ () C:\Windows\system32\Ikeext.etl
2014-09-09 00:18 - 2006-11-02 15:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-09 00:18 - 2006-11-02 14:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-09 00:18 - 2006-11-02 14:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-08 21:47 - 2014-07-03 11:33 - 00001900 _____ () C:\Windows\PFRO.log
2014-09-08 21:46 - 2006-11-02 12:22 - 00524288 _____ () C:\Windows\system32\config\default_previous
2014-09-08 21:46 - 2006-11-02 12:22 - 00262144 _____ () C:\Windows\system32\config\security_previous
2014-09-08 21:45 - 2014-09-08 21:39 - 00000000 ____D () C:\AdwCleaner
2014-09-08 21:42 - 2009-03-03 03:09 - 00000000 ____D () C:\ProgramData\ICQ
2014-09-08 21:36 - 2014-09-08 21:36 - 00001163 _____ () C:\Users\Nabil\Desktop\mbam.txt
2014-09-08 21:34 - 2014-09-08 21:34 - 00001252 _____ () C:\nnn.Xml
2014-09-08 20:46 - 2014-09-08 20:46 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2014-09-08 20:46 - 2011-12-18 14:30 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-08 18:34 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\tracing
2014-09-08 00:48 - 2014-09-08 00:48 - 00011716 _____ () C:\ComboFix.txt
2014-09-08 00:48 - 2014-09-08 00:48 - 00000000 __SHD () C:\$RECYCLE(0).BIN
2014-09-08 00:48 - 2014-09-08 00:26 - 00000000 ____D () C:\Qoobox
2014-09-08 00:48 - 2014-09-08 00:26 - 00000000 ____D () C:\ComboFix
2014-09-08 00:48 - 2006-11-02 13:18 - 00000000 __RHD () C:\Users\Default
2014-09-08 00:48 - 2006-11-02 13:18 - 00000000 ___RD () C:\Users\Public
2014-09-05 16:38 - 2008-11-28 17:21 - 00000052 _____ () C:\Windows\system32\DOErrors.log
2014-09-05 01:27 - 2012-06-13 13:55 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-05 00:54 - 2012-02-02 12:20 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-04 01:55 - 2006-11-02 15:01 - 00032636 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-08-29 12:08 - 2006-11-02 14:47 - 00319400 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-23 13:05 - 2010-01-29 22:26 - 00000000 ____D () C:\Users\Nabil\Desktop\Bilder
2014-08-23 03:03 - 2014-08-29 03:00 - 00297984 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-23 01:26 - 2014-08-29 03:00 - 02054656 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-20 22:15 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-08-19 01:38 - 2014-08-19 01:38 - 00041963 _____ () C:\Users\Nabil\Desktop\detail.htm
2014-08-19 01:37 - 2014-08-19 01:37 - 00030613 _____ () C:\Users\Nabil\Desktop\EBSCOhost.htm
2014-08-19 00:36 - 2014-08-19 00:36 - 00000000 ____D () C:\Users\Nabil\AppData\Local\Adobe
2014-08-18 13:31 - 2012-06-13 13:55 - 00699568 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-08-18 13:31 - 2011-05-25 21:32 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-08-15 02:00 - 2013-05-09 18:42 - 00000919 _____ () C:\Users\Nabil\Desktop\Dropbox.lnk
2014-08-14 11:53 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\rescache
2014-08-14 11:39 - 2006-11-02 12:33 - 01565124 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-14 03:23 - 2008-07-08 06:37 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-08-14 03:17 - 2013-08-15 03:10 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-14 03:17 - 2006-11-02 12:24 - 96303304 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe

Some content of TEMP:
====================
C:\Users\Nabil\AppData\Local\Temp\avgnt.exe
C:\Users\Nabil\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp6zhhqc.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-09-09 00:29

==================== End Of Log ============================
         

--- --- ---

--- --- ---

ESET Online Scanner

• Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
• Lade und starte Eset Online Scanner
• Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
• Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
• Klicke auf Starten.
• Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
• Klicke am Ende des Suchlaufs auf Fertig stellen.
• Schließe das Fenster von ESET.
• Explorer öffnen.
• C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
• Logfile hier posten.
• Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
• Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Downloade Dir bitte SecurityCheck und:

• Speichere es auf dem Desktop.
• Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
• Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?

Hi,
hier sind die logs. Beim FRST log hats an der gleichen Stelle wieder gehangen.
Die Meldung "Fehler beim Laden des Moduls RegSvr32...." erscheint weiterhin nach jedem Systemstart.

Code: Alles auswählenAufklappen

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=c7ce27f517c0314bb291a7e8a0301479
# engine=20082
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-09-10 06:12:48
# local_time=2014-09-10 08:12:48 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode_1='Avira Desktop'
# compatibility_mode=1810 16777213 100 100 0 117708617 0 0
# compatibility_mode_1=''
# compatibility_mode=5892 16776638 100 100 85767547 247862296 0 0
# scanned=237065
# found=2
# cleaned=0
# scan_time=9020
sh=8ACE75F6C2417666AD9D60837B72D78B394C3944 ft=1 fh=ae6d89138faf571c vn="Win32/Toolbar.MyWebSearch.W evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files\FromDocToPDF_65\bar\1.bin\65SrchMn.exe"
sh=D0B7A9D4C5684168DA3C1E4DE6A297BD7C3591CA ft=0 fh=0000000000000000 vn="Java/Exploit.Agent.QYP Trojaner" ac=I fn="C:\Users\Nabil\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57\2e9fda39-355cc4ac"
         

Code: Alles auswählenAufklappen

ATTFilter

 Results of screen317's Security Check version 0.99.87  
 Windows Vista Service Pack 2 x86 (UAC is enabled)  
 Internet Explorer 9  
 Internet Explorer 8  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Security Center service is not running! This report may not be accurate! 
 WMI entry may not exist for antivirus; attempting automatic update. 
 Avira successfully updated! 
`````````Anti-malware/Other Utilities Check:````````` 
 TuneUp Utilities Language Pack (de-DE) 
 CCleaner     
 Java 7 Update 7  
 Java version out of Date! 
 Adobe Flash Player 	15.0.0.152  
 Adobe Reader 10.1.10 Adobe Reader out of Date!  
 Mozilla Firefox (31.0) 
 Google Chrome 36.0.1985.143  
 Google Chrome 37.0.2062.103  
````````Process Check: objlist.exe by Laurent````````  
 Avira Antivir avgnt.exe 
 Avira Antivir avguard.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log``````````````````````
         

FRST Logfile:

FRST Logfile:

FRST Logfile:

Code: Alles auswählenAufklappen

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 07-09-2014
Ran by Nabil (administrator) on NABIL-PC on 10-09-2014 08:31:12
Running from C:\Users\Nabil\Desktop
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(APN LLC.) C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Teruten) C:\Windows\System32\FsUsbExService.Exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(pdfforge GmbH) C:\Program Files\PDF Architect\HelperService.exe
() C:\Windows\SMINST\BLService.exe
() C:\Program Files\CyberLink\Shared Files\RichVideo.exe
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(CyberLink Corp.) C:\Program Files\HP\QuickPlay\QPService.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(Dropbox, Inc.) C:\Users\Nabil\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.bin
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
() C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Farbar) C:\Users\Nabil\Desktop\FRST(1).exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1049896 2008-04-17] (Synaptics, Inc.)
HKLM\...\Run: [QPService] => C:\Program Files\HP\QuickPlay\QPService.exe [468264 2008-06-11] (CyberLink Corp.)
HKLM\...\Run: [QlbCtrl.exe] => C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [202032 2008-05-12] ( Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [hpWirelessAssistant] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [488752 2008-04-15] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [YouCam Mirage] => "C:\Program Files\CyberLink\YouCam\YCMMirage.exe"
HKLM\...\Run: [YouCam Tray] => "C:\Program Files\CyberLink\YouCam\YouCamTray.exe" /s
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2011-09-27] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [421736 2011-10-09] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [vProt] => "C:\Program Files\AVG Secure Search\vprot.exe"
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [FromDocToPDF Search Scope Monitor] => "C:\PROGRA~1\FROMDO~2\bar\1.bin\65srchmn.exe" /m=2 /w /h
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [751184 2014-07-30] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-844390190-3209963648-2143926772-1000\...\Run: [LightScribe Control Panel] => C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2289664 2008-02-26] (Hewlett-Packard Company)
HKU\S-1-5-21-844390190-3209963648-2143926772-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-844390190-3209963648-2143926772-1000\...\Run: [AutoStartNPSAgent] => C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe [102400 2009-04-02] (Samsung Electronics Co., Ltd.)
HKU\S-1-5-21-844390190-3209963648-2143926772-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)
HKU\S-1-5-21-844390190-3209963648-2143926772-1000\...\Run: [URmedia] => regsvr32.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\Nabil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Nabil\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Nabil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Nabil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk
ShortcutTarget: OpenOffice.org 3.1.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
ShellIconOverlayIdentifiers: "DropboxExt1" -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nabil\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt2" -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nabil\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt3" -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: "DropboxExt4" -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: "DropboxExt5" -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nabil\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt6" -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: "DropboxExt7" -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nabil\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt8" -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} =>  No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,ICQ Search = hxxp://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO: PDF Architect Helper -> {3A2D5EBA-F86D-4BD3-A177-019765996711} -> C:\Program Files\PDF Architect\PDFIEHelper.dll (pdfforge GmbH)
BHO: No Name -> {41564952-412D-5637-00A7-7A786E7484D7} ->  No File
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - PDF Architect Toolbar - {25A3A431-30BB-47C8-AD6A-E1063801134F} - C:\Program Files\PDF Architect\PDFIEPlugin.dll (pdfforge GmbH)
Toolbar: HKLM - No Name - {41564952-412D-5637-00A7-7A786E7484D7} -  No File
Toolbar: HKCU - &Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\system32\ieframe.dll (Microsoft Corporation)
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} hxxp://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
DPF: {5D6F45B3-9043-443D-A792-115447494D24} hxxp://messenger.zone.msn.com/DE-DE/a-UNO1/GAME_UNO1.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler: qvp - {4BA78E3D-CA25-4BFF-B8F0-8A3359E4B520} - C:\Program Files\QlikView\QvProtocol\qvp.dll (QlikTech AB)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Winsock: Catalog9 01 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 02 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 03 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 04 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 05 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 06 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 07 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 08 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 19 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Nabil\AppData\Roaming\Mozilla\Firefox\Profiles\tbad4eys.default
FF Homepage: hxxp://www.google.de/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF Plugin: @divx.com/DivX Player Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF Plugin: @FromDocToPDF_65.com/Plugin -> C:\Program Files\FromDocToPDF_65\bar\1.bin\NP65Stub.dll No File
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.7.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll No File
FF Plugin: @java.com/JavaPlugin,version=10.7.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdivx32.dll (DivX,Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npDivxPlayerPlugin.dll (DivX, Inc)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Nabil\AppData\Roaming\mozilla\plugins\np-mswmp.dll (Microsoft Corporation)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: YouTube Unblocker - C:\Users\Nabil\AppData\Roaming\Mozilla\Firefox\Profiles\tbad4eys.default\Extensions\youtubeunblocker@unblocker.yt [2014-09-01]
FF Extension: Windows Desktop Search Map Plugin - C:\Users\Nabil\AppData\Roaming\Mozilla\Firefox\Profiles\tbad4eys.default\Extensions\{707493E3-2737-5F82-F274-31BDD2C356F3} [2014-02-13]
FF Extension: {36851813-8faa-431d-9741-03ba4a6abc59} - C:\Users\Nabil\AppData\Roaming\Mozilla\Firefox\Profiles\tbad4eys.default\Extensions\{36851813-8faa-431d-9741-03ba4a6abc59}.xpi [2014-06-06]
FF Extension: Real Player Addon - C:\Users\Nabil\AppData\Roaming\Mozilla\Firefox\Profiles\tbad4eys.default\Extensions\{57974fbf-2132-488e-a573-d34af543c802}.xpi [2014-06-10]
FF Extension: Adblock Plus - C:\Users\Nabil\AppData\Roaming\Mozilla\Firefox\Profiles\tbad4eys.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-11-27]
FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2014-06-18]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-08-22]
FF HKLM\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files\PDF Architect\FFPDFArchitectExt [2013-05-06]
FF HKLM\...\Firefox\Extensions: [65ffxtbr@FromDocToPDF_65.com] - C:\Program Files\FromDocToPDF_65\bar\1.bin
FF Extension: No Name - C:\Program Files\FromDocToPDF_65\bar\1.bin [2013-05-06]
FF HKCU\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]

Chrome: 
=======
CHR HomePage: Default -> 
CHR DefaultSearchKeyword: Default -> isearch.avg.com
CHR DefaultSearchURL: Default -> hxxp://isearch.avg.com/search?cid={619CC635-8BDD-420C-BF2F-A6E0CD7DC0BB}&mid=ff306da0c29647d094add15650a707b4-3e9a3aa20498aca0676339c741a3e6568b770302&lang=en&ds=pp011&pr=sa&d=2012-07-13 03:40:54&v=11.1.0.12&sap=dsp&q={searchTerms}
CHR DefaultSuggestURL: Default -> hxxp://clients5.google.com/complete/search?hl={language}&q={searchTerms}&client=ie8&inputencoding={inputEncoding}&outputencoding={outputEncoding}
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\36.0.1985.143\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\36.0.1985.143\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\36.0.1985.143\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft® Windows Media Player Firefox Plugin) - C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (DivX Web Player) - C:\Program Files\Mozilla Firefox\plugins\npdivx32.dll (DivX,Inc.)
CHR Plugin: (DivX Player Netscape Plugin) - C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll (DivX, Inc)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U7) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (Windows Live® Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.70.11) - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR CustomProfile: C:\Users\Nabil\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Wallet) - C:\Users\Nabil\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-21]
CHR Extension: (Windows Desktop Search Map Plugin) - C:\Users\Nabil\AppData\Local\Google\Chrome\User Data\Default\odjdhehadhchicfppchedblnncmdfgpd\4.0.0 [2014-02-13]
CHR HKLM\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\ProgramData\AVG Secure Search\ChromeExt\12.2.5.32\avg.crx []

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [430160 2014-07-30] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [430160 2014-07-30] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [1021008 2014-07-30] (Avira Operations GmbH & Co. KG)
R2 APNMCP; C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe [166296 2014-08-22] (APN LLC.)
R2 ezSharedSvc; C:\Windows\System32\ezsvc7.dll [129992 2008-02-03] (EasyBits Sofware AS) [File not signed]
R2 FsUsbExService; C:\Windows\system32\FsUsbExService.Exe [233472 2009-03-31] (Teruten) [File not signed]
R2 HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [94208 2008-04-15] (Hewlett-Packard) [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [73728 2008-02-26] (Hewlett-Packard Company) [File not signed]
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [235696 2014-04-09] (McAfee, Inc.)
R2 PDF Architect Helper Service; C:\Program Files\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
S2 PDF Architect Service; C:\Program Files\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
R2 Recovery Service for Windows; C:\Windows\SMINST\BLService.exe [361808 2008-04-26] ()
R2 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [272024 2007-01-09] ()
S3 ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [430592 2008-04-07] (Nokia.) [File not signed]
S2 FromDocToPDF_65Service; C:\PROGRA~1\FROMDO~2\bar\1.bin\65barsvc.exe [X]
S2 vToolbarUpdater12.2.6; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [97648 2014-06-24] (Avira Operations GmbH & Co. KG)
R1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [27496 2012-08-30] (AVG Technologies)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2014-06-05] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-11-25] (Avira Operations GmbH & Co. KG)
R2 enodpl; C:\Windows\System32\drivers\enodpl.sys [7552 2003-03-02] () [File not signed]
R3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [36608 2009-03-31] () [File not signed]
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [691696 2010-03-10] () [File not signed]
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-08-08] (Avira GmbH)
S3 ss_bbus; C:\Windows\System32\DRIVERS\ss_bbus.sys [90112 2009-03-20] (MCCI)
S3 ss_bmdfl; C:\Windows\System32\DRIVERS\ss_bmdfl.sys [14976 2009-03-20] (MCCI Corporation)
S3 ss_bmdm; C:\Windows\System32\DRIVERS\ss_bmdm.sys [121856 2009-03-20] (MCCI Corporation)
R2 tandpl; C:\Windows\System32\drivers\tandpl.sys [4736 2003-04-19] () [File not signed]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-10 08:31 - 2014-09-10 08:31 - 00025277 _____ () C:\Users\Nabil\Desktop\FRST.txt
2014-09-10 08:30 - 2014-09-10 08:30 - 00001166 _____ () C:\Users\Nabil\Desktop\checkup.txt
2014-09-10 08:22 - 2014-09-10 08:22 - 00854417 _____ () C:\Users\Nabil\Desktop\SecurityCheck.exe
2014-09-10 08:20 - 2014-09-10 08:12 - 00001195 _____ () C:\Users\Nabil\Desktop\ESET.txt
2014-09-10 05:34 - 2014-09-10 05:34 - 02347384 _____ (ESET) C:\Users\Nabil\Downloads\esetsmartinstaller_deu.exe
2014-09-10 03:40 - 2014-08-15 16:51 - 12363264 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-10 03:40 - 2014-08-15 16:42 - 09739776 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-10 03:40 - 2014-08-15 16:42 - 01810432 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-10 03:40 - 2014-08-15 16:37 - 01137664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-10 03:40 - 2014-08-15 16:37 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-10 03:40 - 2014-08-15 16:36 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-10 03:40 - 2014-08-15 16:35 - 01802240 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-10 03:40 - 2014-08-15 16:35 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-09-10 03:40 - 2014-08-15 16:35 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-10 03:40 - 2014-08-15 16:35 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-10 03:40 - 2014-08-15 16:35 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-10 03:40 - 2014-08-15 16:35 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-09-10 03:40 - 2014-08-15 16:35 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-10 03:40 - 2014-08-15 16:35 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-10 03:40 - 2014-08-15 16:35 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-10 03:40 - 2014-08-15 16:35 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-09-10 03:40 - 2014-08-15 16:34 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-10 03:40 - 2014-08-15 16:34 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-10 03:40 - 2014-08-15 16:34 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-10 03:40 - 2014-08-15 16:34 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-09-10 03:40 - 2014-08-15 16:34 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-09-09 00:38 - 2014-09-09 00:38 - 01097728 _____ (Farbar) C:\Users\Nabil\Desktop\FRST(1).exe
2014-09-09 00:30 - 2014-09-09 00:30 - 00000000 ____D () C:\Windows\ERUNT
2014-09-09 00:29 - 2014-09-09 00:29 - 01016261 _____ (Thisisu) C:\Users\Nabil\Desktop\JRT.exe
2014-09-08 21:39 - 2014-09-08 21:45 - 00000000 ____D () C:\AdwCleaner
2014-09-08 21:34 - 2014-09-08 21:34 - 00001252 _____ () C:\nnn.Xml
2014-09-08 20:46 - 2014-09-08 20:46 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2014-09-08 00:48 - 2014-09-08 00:48 - 00011716 _____ () C:\ComboFix.txt
2014-09-08 00:48 - 2014-09-08 00:48 - 00000000 __SHD () C:\$RECYCLE(0).BIN
2014-09-08 00:26 - 2014-09-08 00:48 - 00000000 ____D () C:\Qoobox
2014-09-08 00:26 - 2014-09-08 00:48 - 00000000 ____D () C:\ComboFix
2014-08-29 03:00 - 2014-08-23 03:03 - 00297984 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-29 03:00 - 2014-08-23 01:26 - 02054656 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-19 01:38 - 2014-08-19 01:38 - 00041963 _____ () C:\Users\Nabil\Desktop\detail.htm
2014-08-19 01:37 - 2014-08-19 01:37 - 00030613 _____ () C:\Users\Nabil\Desktop\EBSCOhost.htm
2014-08-19 00:36 - 2014-08-19 00:36 - 00000000 ____D () C:\Users\Nabil\AppData\Local\Adobe
2014-08-14 03:14 - 2014-06-27 00:17 - 00619664 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-14 03:14 - 2014-06-27 00:17 - 00099480 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-14 03:14 - 2014-06-27 00:17 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-14 03:14 - 2014-06-06 06:28 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-14 00:44 - 2014-07-08 02:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-14 00:44 - 2014-06-14 02:44 - 00638400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-14 00:44 - 2014-06-14 02:33 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2014-08-14 00:44 - 2014-06-02 12:31 - 02263552 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-14 00:44 - 2014-06-02 12:31 - 00332800 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-14 00:44 - 2014-06-02 12:30 - 01993728 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-14 00:44 - 2014-06-02 12:30 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2014-08-14 00:44 - 2014-06-02 10:56 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-10 08:33 - 2014-09-10 08:31 - 00025277 _____ () C:\Users\Nabil\Desktop\FRST.txt
2014-09-10 08:31 - 2014-01-30 05:39 - 00000000 ____D () C:\FRST
2014-09-10 08:30 - 2014-09-10 08:30 - 00001166 _____ () C:\Users\Nabil\Desktop\checkup.txt
2014-09-10 08:22 - 2014-09-10 08:22 - 00854417 _____ () C:\Users\Nabil\Desktop\SecurityCheck.exe
2014-09-10 08:13 - 2012-06-13 13:55 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-10 08:12 - 2014-09-10 08:20 - 00001195 _____ () C:\Users\Nabil\Desktop\ESET.txt
2014-09-10 07:54 - 2012-02-02 12:20 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-10 07:25 - 2006-11-02 14:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-10 07:25 - 2006-11-02 14:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-10 06:00 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-09-10 05:55 - 2008-10-15 13:45 - 01629458 _____ () C:\Windows\WindowsUpdate.log
2014-09-10 05:34 - 2014-09-10 05:34 - 02347384 _____ (ESET) C:\Users\Nabil\Downloads\esetsmartinstaller_deu.exe
2014-09-10 05:31 - 2013-05-09 18:42 - 00000000 ___RD () C:\Users\Nabil\Dropbox
2014-09-10 05:31 - 2013-05-09 18:37 - 00000000 ____D () C:\Users\Nabil\AppData\Roaming\Dropbox
2014-09-10 05:29 - 2008-10-15 14:33 - 00000249 _____ () C:\Users\Public\Documents\hpqp.ini
2014-09-10 05:29 - 2008-10-15 14:23 - 00251965 _____ () C:\ProgramData\nvModes.001
2014-09-10 05:28 - 2012-02-02 12:20 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-10 05:28 - 2008-10-15 14:22 - 00251965 _____ () C:\ProgramData\nvModes.dat
2014-09-10 05:25 - 2008-11-15 00:36 - 00065536 _____ () C:\Windows\system32\Ikeext.etl
2014-09-10 05:25 - 2006-11-02 15:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-10 03:41 - 2006-11-02 15:01 - 00032636 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-09-10 03:13 - 2012-06-13 13:55 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-09-10 03:13 - 2011-05-25 21:32 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-09-10 03:10 - 2013-08-15 03:10 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-10 03:09 - 2006-11-02 12:24 - 98758480 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-09-10 03:04 - 2006-11-02 12:33 - 01541636 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-09 14:14 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\tracing
2014-09-09 01:17 - 2013-05-09 18:39 - 00000000 ____D () C:\Users\Nabil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-09-09 01:17 - 2013-05-06 12:22 - 00000000 ____D () C:\Users\Nabil\AppData\Roaming\Skype
2014-09-09 01:17 - 2011-12-18 17:56 - 00000000 ____D () C:\Users\Nabil\Desktop\Trojaner-Board
2014-09-09 01:17 - 2011-03-22 21:10 - 00000000 ____D () C:\Users\Nabil\Desktop\Booba - Lunatic (Retail)
2014-09-09 01:17 - 2010-03-30 13:22 - 00000000 ____D () C:\Users\Nabil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-09-09 01:17 - 2010-02-09 19:37 - 00000000 ____D () C:\Users\Nabil\AppData\Local\PokerStars.EU
2014-09-09 01:17 - 2009-11-30 19:20 - 00000000 ____D () C:\Users\Nabil\AppData\Local\PokerStars.NET
2014-09-09 01:17 - 2009-11-13 21:23 - 00000000 ____D () C:\Users\Nabil\Desktop\David Guetta - One Love Album 2009
2014-09-09 01:17 - 2009-10-22 14:53 - 00000000 ____D () C:\Users\Nabil\Desktop\OpenOffice.org 3.1 (de) Installation Files
2014-09-09 01:17 - 2009-04-21 00:54 - 00000000 ____D () C:\Users\Nabil\Documents\Nabil
2014-09-09 01:17 - 2009-01-30 21:17 - 00000000 ____D () C:\Users\Nabil\AppData\Local\Microsoft Help
2014-09-09 01:17 - 2008-11-10 19:26 - 00000000 ____D () C:\Users\Nabil\AppData\Local\QuickPlay
2014-09-09 01:17 - 2008-11-10 17:38 - 00000000 ___RD () C:\Users\Nabil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-09-09 01:17 - 2008-11-10 17:38 - 00000000 ___RD () C:\Users\Nabil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-09-09 01:17 - 2008-11-10 17:38 - 00000000 ____D () C:\Users\Nabil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite
2014-09-09 01:17 - 2008-11-10 17:38 - 00000000 ____D () C:\Users\Nabil
2014-09-09 01:17 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\system32\spool
2014-09-09 01:17 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\system32\Msdtc
2014-09-09 01:17 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\system32\de-DE
2014-09-09 01:17 - 2006-11-02 12:22 - 53215232 _____ () C:\Windows\system32\config\software_previous
2014-09-09 01:17 - 2006-11-02 12:22 - 21495808 _____ () C:\Windows\system32\config\system_previous
2014-09-09 01:16 - 2012-08-23 12:10 - 00000000 ____D () C:\ProgramData\McAfee Security Scan
2014-09-09 01:16 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\registration
2014-09-09 01:14 - 2013-05-06 23:44 - 00000000 ____D () C:\Program Files\FromDocToPDF_65
2014-09-09 01:11 - 2006-11-02 12:22 - 44302336 _____ () C:\Windows\system32\config\components_previous
2014-09-09 01:11 - 2006-11-02 12:22 - 00262144 _____ () C:\Windows\system32\config\sam_previous
2014-09-09 00:38 - 2014-09-09 00:38 - 01097728 _____ (Farbar) C:\Users\Nabil\Desktop\FRST(1).exe
2014-09-09 00:30 - 2014-09-09 00:30 - 00000000 ____D () C:\Windows\ERUNT
2014-09-09 00:29 - 2014-09-09 00:29 - 01016261 _____ (Thisisu) C:\Users\Nabil\Desktop\JRT.exe
2014-09-08 21:47 - 2014-07-03 11:33 - 00001900 _____ () C:\Windows\PFRO.log
2014-09-08 21:46 - 2006-11-02 12:22 - 00524288 _____ () C:\Windows\system32\config\default_previous
2014-09-08 21:46 - 2006-11-02 12:22 - 00262144 _____ () C:\Windows\system32\config\security_previous
2014-09-08 21:45 - 2014-09-08 21:39 - 00000000 ____D () C:\AdwCleaner
2014-09-08 21:42 - 2009-03-03 03:09 - 00000000 ____D () C:\ProgramData\ICQ
2014-09-08 21:34 - 2014-09-08 21:34 - 00001252 _____ () C:\nnn.Xml
2014-09-08 20:46 - 2014-09-08 20:46 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2014-09-08 20:46 - 2011-12-18 14:30 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-08 00:48 - 2014-09-08 00:48 - 00011716 _____ () C:\ComboFix.txt
2014-09-08 00:48 - 2014-09-08 00:48 - 00000000 __SHD () C:\$RECYCLE(0).BIN
2014-09-08 00:48 - 2014-09-08 00:26 - 00000000 ____D () C:\Qoobox
2014-09-08 00:48 - 2014-09-08 00:26 - 00000000 ____D () C:\ComboFix
2014-09-08 00:48 - 2006-11-02 13:18 - 00000000 __RHD () C:\Users\Default
2014-09-08 00:48 - 2006-11-02 13:18 - 00000000 ___RD () C:\Users\Public
2014-09-05 16:38 - 2008-11-28 17:21 - 00000052 _____ () C:\Windows\system32\DOErrors.log
2014-08-29 12:08 - 2006-11-02 14:47 - 00319400 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-23 13:05 - 2010-01-29 22:26 - 00000000 ____D () C:\Users\Nabil\Desktop\Bilder
2014-08-23 03:03 - 2014-08-29 03:00 - 00297984 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-23 01:26 - 2014-08-29 03:00 - 02054656 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-19 01:38 - 2014-08-19 01:38 - 00041963 _____ () C:\Users\Nabil\Desktop\detail.htm
2014-08-19 01:37 - 2014-08-19 01:37 - 00030613 _____ () C:\Users\Nabil\Desktop\EBSCOhost.htm
2014-08-19 00:36 - 2014-08-19 00:36 - 00000000 ____D () C:\Users\Nabil\AppData\Local\Adobe
2014-08-15 16:51 - 2014-09-10 03:40 - 12363264 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-15 16:42 - 2014-09-10 03:40 - 09739776 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-15 16:42 - 2014-09-10 03:40 - 01810432 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-15 16:37 - 2014-09-10 03:40 - 01137664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-15 16:37 - 2014-09-10 03:40 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-15 16:36 - 2014-09-10 03:40 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-15 16:35 - 2014-09-10 03:40 - 01802240 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-15 16:35 - 2014-09-10 03:40 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-08-15 16:35 - 2014-09-10 03:40 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-15 16:35 - 2014-09-10 03:40 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-15 16:35 - 2014-09-10 03:40 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-15 16:35 - 2014-09-10 03:40 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-08-15 16:35 - 2014-09-10 03:40 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-15 16:35 - 2014-09-10 03:40 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-15 16:35 - 2014-09-10 03:40 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-15 16:35 - 2014-09-10 03:40 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-08-15 16:34 - 2014-09-10 03:40 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-15 16:34 - 2014-09-10 03:40 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-15 16:34 - 2014-09-10 03:40 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-15 16:34 - 2014-09-10 03:40 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-08-15 16:34 - 2014-09-10 03:40 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-08-15 02:00 - 2013-05-09 18:42 - 00000919 _____ () C:\Users\Nabil\Desktop\Dropbox.lnk
2014-08-14 11:53 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\rescache
2014-08-14 03:23 - 2008-07-08 06:37 - 00000000 ____D () C:\ProgramData\Microsoft Help

Some content of TEMP:
====================
C:\Users\Nabil\AppData\Local\Temp\avgnt.exe
C:\Users\Nabil\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpuycssw.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-09-10 05:33

==================== End Of Log ============================
         

--- --- ---

--- --- ---

--- --- ---


LG
Bilo

Java und Adobe updaten.

Downloade Dir bitte TFC ( von Oldtimer ) und speichere die Datei auf dem Desktop.
Schließe nun alle offenen Programme und trenne Dich von dem Internet.
Doppelklick auf die TFC.exe und drücke auf Start.
Sollte TFC nicht alle Dateien löschen können wird es einen Neustart verlangen. Dies bitte zulassen.


Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code: Alles auswählenAufklappen

ATTFilter

HKU\S-1-5-21-844390190-3209963648-2143926772-1000\...\Run: [URmedia] => regsvr32.exe
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

• Starte nun FRST erneut und klicke den Entfernen Button.
• Das Tool erstellt eine Fixlog.txt.
• Poste mir deren Inhalt.

Downloade dir bitte Farbar Service Scanner

• Starte das Tool mit Doppelklick auf die FSS.exe
• Gehe sicher, dass folgende Optionen angehakt sind.
  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center/Action Center
  • Windows Update
  • Windows Defender
  • Other Services
• Klicke auf Scan.
• Wenn das Tool fertig ist, wird es eine FSS.txt in dem Verzeichnis erstellen, wo das Tool gelaufen ist.

Poste bitte den Inhalt hier.

Hi,
hier sind die logs.

Code: Alles auswählenAufklappen

ATTFilter

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 07-09-2014
Ran by Nabil at 2014-09-10 23:17:45 Run:1
Running from C:\Users\Nabil\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
HKU\S-1-5-21-844390190-3209963648-2143926772-1000\...\Run: [URmedia] => regsvr32.exe
*****************

HKU\S-1-5-21-844390190-3209963648-2143926772-1000\Software\Microsoft\Windows\CurrentVersion\Run\\URmedia => value deleted successfully.

==== End of Fixlog ====
         

Code: Alles auswählenAufklappen

ATTFilter

Farbar Service Scanner Version: 21-07-2014
Ran by Nabil (administrator) on 10-09-2014 at 23:20:02
Running from "C:\Users\Nabil\Downloads"
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy: 
==================


System Restore:
============

System Restore Disabled Policy: 
========================


Security Center:
============

wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is set to Disabled. The default start type is Auto.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.


Windows Update:
============

Windows Autoupdate Disabled Policy: 
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Disabled. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy: 
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\system32\nsisvc.dll => File is digitally signed
C:\Windows\system32\Drivers\nsiproxy.sys => File is digitally signed
C:\Windows\system32\dhcpcsvc.dll => File is digitally signed
C:\Windows\system32\Drivers\afd.sys => File is digitally signed
C:\Windows\system32\Drivers\tdx.sys => File is digitally signed
C:\Windows\system32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\system32\dnsrslvr.dll => File is digitally signed
C:\Windows\system32\mpssvc.dll => File is digitally signed
C:\Windows\system32\bfe.dll => File is digitally signed
C:\Windows\system32\Drivers\mpsdrv.sys => File is digitally signed
C:\Windows\system32\SDRSVC.dll => File is digitally signed
C:\Windows\system32\vssvc.exe => File is digitally signed
C:\Windows\system32\wscsvc.dll => File is digitally signed
C:\Windows\system32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\system32\wuaueng.dll => File is digitally signed
C:\Windows\system32\qmgr.dll => File is digitally signed
C:\Windows\system32\es.dll => File is digitally signed
C:\Windows\system32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\system32\ipnathlp.dll => File is digitally signed
C:\Windows\system32\iphlpsvc.dll => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed


**** End of log ****
         

LG
Bilo

Ist die Meldung weg?

• Lade Dir bitte Windows Repair - All in one von tweaking.com hier herunter und installiere es.
• Deaktiviere bitte (wenn möglich) Dein Antivirusprogramm.
• Bedenke, dass die einzelnen Reparaturen einige Zeit benötigen. Starte keine anderen Anwendungen in dieser Zeit.
• Starte das Programm und führe die Punkte 1-5 durch. (Siehe Bildanleitung)
• Achte darauf, dass bei Dir die Häkchen so gesetzt sind wie unter Punkt 4.
• Setze auch ein Häkchen bei "Restart/Shutdown System" und klicke "Restart System" an bevor Du Punkt 5 durchführst.

Hi,
ja die Meldung ist jetzt weg. Danke dir. Habe Windows Repair wie in der Bildbeschreibung durchgeführt.

Hier ist der Log, falls du ihn brauchst

Code: Alles auswählenAufklappen

ATTFilter

Tweaking.com - Windows Repair v2.8.9
--------------------------------------------------------------------------------

System Variables
--------------------------------------------------------------------------------
OS: Windows Vista (TM) Home Premium
OS Architecture: 32-bit
OS Version: 6.0.6002
OS Service Pack: Service Pack 2
Computer Name: NABIL-PC
Windows Drive: C:\
Windows Path: C:\Windows
Program Files: C:\Program Files
Current Profile: C:\Users\Nabil
Current Profile SID: S-1-5-21-844390190-3209963648-2143926772-1000
Current Profile Classes: S-1-5-21-844390190-3209963648-2143926772-1000_Classes
Profiles Location: C:\Users
Profiles Location 2: C:\Windows\ServiceProfiles
Local Settings AppData: C:\Users\Nabil\AppData\Local
--------------------------------------------------------------------------------

System Information
--------------------------------------------------------------------------------
System Up Time: 0 Days 00:07:48

Process Count: 76
Commit Total: 1,30 GB
Commit Limit: 6,22 GB
Commit Peak: 1,29 GB
Handle Count: 17103
Kernel Total: 184,57 MB
Kernel Paged: 144,99 MB
Kernel Non Paged: 39,57 MB
System Cache: 1,89 GB
Thread Count: 834
--------------------------------------------------------------------------------

Memory Before Cleaning with CleanMem
--------------------------------------------------------------------------------
Memory Total: 3,00 GB
Memory Used: 1,35 GB(45,0842%)
Memory Avail.: 1,65 GB
--------------------------------------------------------------------------------

Cleaning Memory Before Starting Repairs...

Memory After Cleaning with CleanMem
--------------------------------------------------------------------------------
Memory Total: 3,00 GB
Memory Used: 1,08 GB(35,9254%)
Memory Avail.: 1,92 GB
--------------------------------------------------------------------------------

Starting Repairs...
   Started at (11.09.2014 21:43:18)

01 - Reset Registry Permissions 01/03
   HKEY_CURRENT_USER & Sub Keys
   Start (11.09.2014 21:43:22)
   Running Repair Under Current User Account
   Done (11.09.2014 21:44:11)

01 - Reset Registry Permissions 02/03
   HKEY_LOCAL_MACHINE & Sub Keys
   Start (11.09.2014 21:44:11)
   Running Repair Under System Account
   Done (11.09.2014 22:09:06)

01 - Reset Registry Permissions 03/03
   HKEY_CLASSES_ROOT & Sub Keys
   Start (11.09.2014 22:09:06)
   Running Repair Under System Account
   Done (11.09.2014 22:13:20)

03 - Reset Service Permissions
   Start (11.09.2014 22:13:20)
   Running Repair Under System Account
   Done (11.09.2014 22:14:19)

04 - Register System Files
   Start (11.09.2014 22:14:19)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (11.09.2014 22:15:09)

05 - Repair WMI
   Start (11.09.2014 22:15:09)

   Starting Security Center So We Can Export The Security Info.

   Exporting Antivirus Info...
   No Antivirus Products Reported.

   Exporting AntiSpyware Info...
   Windows Defender Exported.

   Exporting 3rd Party Firewall Info...
   No Firewall Products Reported.

   Running Repair Under Current User Account
   Done (11.09.2014 22:22:23)

06 - Repair Windows Firewall
   Start (11.09.2014 22:22:23)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (11.09.2014 22:23:07)

07 - Repair Internet Explorer
   Start (11.09.2014 22:23:07)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (11.09.2014 22:23:53)

08 - Repair MDAC/MS Jet
   Start (11.09.2014 22:23:53)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (11.09.2014 22:24:19)

09 - Repair Hosts File
   Start (11.09.2014 22:24:19)
   Running Repair Under System Account
   Done (11.09.2014 22:24:21)

10 - Remove Policies Set By Infections
   Start (11.09.2014 22:24:21)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (11.09.2014 22:24:25)

12 - Repair Icons
   Start (11.09.2014 22:24:25)
   Running Repair Under Current User Account
   Done (11.09.2014 22:24:27)

13 - Repair Winsock & DNS Cache
   Start (11.09.2014 22:24:27)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (11.09.2014 22:24:53)

15 - Repair Proxy Settings
   Start (11.09.2014 22:24:53)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (11.09.2014 22:24:57)

17 - Repair Windows Updates
   Start (11.09.2014 22:24:57)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Setting Windows Updates Files That Are In Use To Be Removed At Next Boot.
   Done (11.09.2014 22:26:53)

18 - Repair CD/DVD Missing/Not Working
   Start (11.09.2014 22:26:54)
   iTunes was found, adding UpperFilters for iTunes Reg Key
   UpperFilters added?: Wahr
   Done (11.09.2014 22:26:54)

19 - Repair Volume Shadow Copy Service
   Start (11.09.2014 22:26:54)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (11.09.2014 22:27:40)

21 - Repair MSI (Windows Installer)
   Start (11.09.2014 22:27:40)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (11.09.2014 22:28:10)

23.01 - Repair bat Association
   Start (11.09.2014 22:28:10)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (11.09.2014 22:28:14)

23.02 - Repair cmd Association
   Start (11.09.2014 22:28:14)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (11.09.2014 22:28:17)

23.03 - Repair com Association
   Start (11.09.2014 22:28:17)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (11.09.2014 22:28:21)

23.04 - Repair Directory Association
   Start (11.09.2014 22:28:21)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (11.09.2014 22:28:24)

23.05 - Repair Drive Association
   Start (11.09.2014 22:28:24)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (11.09.2014 22:28:28)

23.06 - Repair exe Association
   Start (11.09.2014 22:28:28)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (11.09.2014 22:28:31)

23.07 - Repair Folder Association
   Start (11.09.2014 22:28:31)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (11.09.2014 22:28:34)

23.08 - Repair inf Association
   Start (11.09.2014 22:28:35)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (11.09.2014 22:28:38)

23.09 - Repair lnk (Shortcuts) Association
   Start (11.09.2014 22:28:38)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (11.09.2014 22:28:41)

23.10 - Repair msc Association
   Start (11.09.2014 22:28:41)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (11.09.2014 22:28:45)

23.11 - Repair reg Association
   Start (11.09.2014 22:28:45)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (11.09.2014 22:28:48)

23.12 - Repair scr Association
   Start (11.09.2014 22:28:48)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (11.09.2014 22:28:52)

24 - Repair Windows Safe Mode
   Start (11.09.2014 22:28:52)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (11.09.2014 22:28:55)

25 - Repair Print Spooler
   Start (11.09.2014 22:28:55)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (11.09.2014 22:29:21)

26 - Restore Important Windows Services
   Start (11.09.2014 22:29:21)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (11.09.2014 22:29:46)

27 - Set Windows Services To Default Startup
   Start (11.09.2014 22:29:46)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (11.09.2014 22:30:01)

   Skipping Repair.
   Repair is for Windows v6.2 (Windows 8 & Newer) or higher.
   Current version: 6.0

   Skipping Repair.
   Repair is for Windows v6.2 (Windows 8 & Newer) or higher.
   Current version: 6.0

   Skipping Repair.
   Repair is for Windows v6.2 (Windows 8 & Newer) or higher.
   Current version: 6.0

31 - Repair Windows 'New' Submenu
   Start (11.09.2014 22:30:01)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (11.09.2014 22:30:05)

Cleaning up empty logs...

All Selected Repairs Done.
   Done at (11.09.2014 22:30:05)
   Total Repair Time: 00:46:49


...YOU MUST RESTART YOUR SYSTEM...
         

LG
Bilo