Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Bundespolizei-Trojaner eingefangen? (Vista)

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 06.11.2014, 19:20   #1
Lena86
 
Bundespolizei-Trojaner eingefangen? (Vista) - Standard

Bundespolizei-Trojaner eingefangen? (Vista)



Hallo,

zuallererst: ich habe, was Computer angeht, so gar keine Ahnung. Seid bitte geduldig mit mir, wenn ich viel nachfragen muss! Ich weiß bei dem einen oder anderen nicht, wie das funktioniert.

Und nun zu meinem Anliegen:

ich bin heute Nachmittag beim Surfen auf eine Website gelangt, die offensichtlich durch irgendwas befallen ist. Jedenfalls öffnete sich ein weiteres Fenster mit einer angeblichen Mitteilung durch die Bundespolizei, wo stand, dass mein Computer gesperrt wurde und ich angewiesen wurde, $ 100 zu bezahlen und irgendeinen Code einzugeben. Ich hab das einfach mal gegoogelt und fand raus, dass es sich dabei um einen Virus oder Trojaner handelt. Als ich das Fenster schließen wollte, öffnete es sich noch weitere 2-3x, bevor ich es komplett schließen konnte. Hab schon etwas Panik bekommen!

Jedenfalls hab ich, als ich danach googelte, lediglich SpyHunter heruntergeladen, aber nicht installiert und auch keine weiteren Tipps befolgt, weil ich mir nicht sicher war, ob die sinnvoll sind.

Mein Computer läuft seitdem, bis auf ein paar kleine Schnelligkeitsaussetzer zwischendurch, so, als wäre nie etwas geschehen.

Ich hab 2x AVG (nutze die kostenlose Variante) durch das gesamte System durchgejagt. Er hat beide Male nichts gefunden. Irgendwann hab ich mal aufgeschnappt, dass auch Virenprogramme nicht 100 %ig sicher seien. Deshalb weiß ich nicht, ob ich mir nicht doch diesen Trojaner eingefangen habe. Wenn die AVG-Berichte helfen, stelle ich sie gerne hier rein.

Seitdem traue ich mich nicht mehr, Facebook, Bank, etc. zu öffnen, da ich mir durchaus darüber im Klaren bin, was so ein Trojaner anrichten kann.

Ich hoffe, ihr steigt durch und könnt mir helfen?!

Zur Info noch:
Ich verwende einen 5 Jahre alten Computer - Betriebssystem Vista, 64bit.

Vielen herzlichen Dank schonmal im Voraus!!

Lena

Alt 06.11.2014, 19:55   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Bundespolizei-Trojaner eingefangen? (Vista) - Standard

Bundespolizei-Trojaner eingefangen? (Vista)



hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________

__________________

Alt 07.11.2014, 06:29   #3
Lena86
 
Bundespolizei-Trojaner eingefangen? (Vista) - Standard

Bundespolizei-Trojaner eingefangen? (Vista)



Danke für deine Antwort

Allerdings meldet sich AVG.


AVG-Erkennung

Bedrohung: MalSign.Generic.DE7 gefunden

Soll ich die Bedrohung ignorieren und somit trotzdem downloaden?

Hey,

sorry, wer lesen kann, ist klar im Vorteil

Hier FRST


FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-11-2014
Ran by Lena (administrator) on LENA-PC on 07-11-2014 06:22:35
Running from C:\Users\Lena\Desktop
Loaded Profiles: Lena & UpdatusUser (Available profiles: Lena & UpdatusUser)
Platform: Windows Vista (TM) Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 8
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
(Eastman Kodak Company) C:\Program Files (x86)\Kodak\AiO\Center\ekdiscovery.exe
(Nero AG) C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe
(Fujitsu Siemens Computers) C:\Program Files (x86)\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\3.2.0\ToolbarUpdater.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\3.2.0\loggingserver.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Eastman Kodak Company) C:\Windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Sidebar\sidebar.exe
(Google Inc.) C:\Program Files (x86)\Picasa2\PicasaMediaDetector.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Broadcom Corporation.) C:\BTTray.exe
(Dropbox, Inc.) C:\Users\Lena\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
(Fujitsu Siemens Computers GmbH) C:\Program Files (x86)\Fujitsu Siemens Computers\Energy Settings\EnergySettings.exe
(Google) C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(DivX, LLC) C:\Program Files (x86)\DivX\DivX Plus Web Player\DDMService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgui.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(AimerSoft) C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
() C:\Program Files (x86)\AVG Web TuneUp\vprot.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Microsoft Corporation) C:\Windows\ehome\ehsched.exe
(Microsoft Corporation) C:\Windows\ehome\ehrecvr.exe
(Microsoft Corporation) C:\Windows\SysWOW64\conime.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1584184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [6962720 2009-01-06] (Realtek Semiconductor)
HKLM\...\Run: [Skytel] => C:\Program Files\Realtek\Audio\HDA\Skytel.exe [1833504 2009-01-06] (Realtek Semiconductor Corp.)
HKLM\...\Run: [EKIJ5000StatusMonitor] => C:\Windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe [2045440 2010-09-02] (Eastman Kodak Company)
HKLM-x32\...\Run: [EnergySettings] => C:\Program Files (x86)\Fujitsu Siemens Computers\Energy Settings\EnergySettings.exe [113664 2008-09-19] (Fujitsu Siemens Computers GmbH)
HKLM-x32\...\Run: [Google Desktop Search] => C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe [30192 2010-06-27] (Google)
HKLM-x32\...\Run: [Google EULA Launcher] => c:\Program Files\Google\Google EULA\GoogleEULALauncher.exe [20480 2008-05-28] ( )
HKLM-x32\...\Run: [Conime] => %windir%\system32\conime.exe
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2010-03-18] (Apple Inc.)
HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe [202256 2010-07-18] (RealNetworks, Inc.)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1226608 2010-12-08] ()
HKLM-x32\...\Run: [DivX Download Manager] => C:\Program Files (x86)\DivX\DivX Plus Web Player\DDmService.exe [63360 2010-12-08] (DivX, LLC)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2013\avgui.exe [4411952 2014-01-21] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [Aimersoft Helper Compact.exe] => C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe [2001920 2014-04-04] (AimerSoft)
HKLM-x32\...\Run: [DelaypluginInstall] => C:\ProgramData\Aimersoft\Video Converter Ultimate\DelayPluginI.exe [1953792 2014-05-16] ()
HKLM-x32\...\Run: [EKIJ5000StatusMonitor] => C:\Windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-08-01] (Apple Inc.)
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG Web TuneUp\vprot.exe [2662424 2014-10-06] ()
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-662861082-124019279-1587897540-1000\...\Run: [Picasa Media Detector] => C:\Program Files (x86)\Picasa2\PicasaMediaDetector.exe [443968 2008-02-26] (Google Inc.)
HKU\S-1-5-21-662861082-124019279-1587897540-1000\...\Run: [fsc-reg] => C:\fsc-reg\fscreg.exe [380688 2008-08-01] (Fujitsu Siemens)
HKU\S-1-5-21-662861082-124019279-1587897540-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [152064 2008-07-03] (Microsoft Corporation)
HKU\S-1-5-21-662861082-124019279-1587897540-1000\...\Run: [AVG-Secure-Search-Update_0913b] => C:\Users\Lena\AppData\Roaming\AVG 0913b Campaign\AVG-Secure-Search-Update-0913b.exe /PROMPT --mid f7856e20126e47d0b550d15048e84afc-85d9f63c14a6e4e4159275d82929a531b0d3970f --CMPID 0913b
HKU\S-1-5-21-662861082-124019279-1587897540-1001\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-18\...\Run: [Picasa Media Detector] => C:\Program Files (x86)\Picasa2\PicasaMediaDetector.exe [443968 2008-02-26] (Google Inc.)
HKU\S-1-5-18\...\Run: [fsc-reg] => c:\fsc-reg\fscreg.exe [380688 2008-08-01] (Fujitsu Siemens)
AppInit_DLLs-x32: C:\PROGRA~2\Google\GOOGLE~2\GOEC62~1.DLL => C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktopNetwork3.dll [123392 2010-06-27] (Google)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\BTTray.lnk
ShortcutTarget: BTTray.lnk -> C:\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\Lena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Lena\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Lena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snap.do/?publisher=QuickObrw&dpid=QuickObrw&co=DE&userid=e47832a2-7293-46f6-94ae-5aca454b281b&searchtype=ds&q={searchTerms}&installDate=21/10/2013
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snap.do/?publisher=QuickObrw&dpid=QuickObrw&co=DE&userid=e47832a2-7293-46f6-94ae-5aca454b281b&searchtype=ds&q={searchTerms}&installDate=21/10/2013
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=FUJD&bmod=FUJD
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
SearchScopes: HKCU - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snap.do/?publisher=QuickObrw&dpid=QuickObrw&co=DE&userid=e47832a2-7293-46f6-94ae-5aca454b281b&searchtype=ds&q={searchTerms}&installDate=21/10/2013
SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snap.do/?publisher=QuickObrw&dpid=QuickObrw&co=DE&userid=e47832a2-7293-46f6-94ae-5aca454b281b&searchtype=ds&q={searchTerms}&installDate=21/10/2013
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
BHO-x32: DivX Plus Web Player HTML5 <video> -> {326E768D-4182-46FD-9C16-1449A49795F4} -> C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
BHO-x32: DivX HiQ -> {593DDEC6-7468-4cdd-90E1-42DADAA222E9} -> C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Aimersoft Video Converter Ultimate 6.1.0 -> {D879895E-2124-4ED0-BDDF-F8F8BBC98A6F} -> C:\PROGRA~3\AIMERS~1\VIDEOC~1\WSBROW~1.DLL No File
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
Toolbar: HKLM-x32 - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\3.2.0\ViProtocol.dll (AVG Secure Search)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Lena\AppData\Roaming\Mozilla\Firefox\Profiles\qqfrjwnd.default
FF NewTab: about:blank
FF DefaultSearchEngine: AVG Secure Search
FF SelectedSearchEngine: AVG Secure Search
FF Homepage: hxxp://www.arche-gemeinde.de/
FF Keyword.URL: 
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\3.2.0\\npsitesafety.dll No File
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @divx.com/DivX OVS Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin -> C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll No File
FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin-x32: @nosltd.com/getPlus+(R),version=1.6.2.90 -> C:\Program Files (x86)\NOS\bin\np_gp.dll (NOS Microsystems Ltd.)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @real.com/nppl3260;version=6.0.12.775 -> C:\Users\Lena\Desktop\PC Programme\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprjplug;version=1.0.3.775 -> C:\Users\Lena\Desktop\PC Programme\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprphtml5videoshim;version=1.0.0.0 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpjplug;version=6.0.12.775 -> C:\Users\Lena\Desktop\PC Programme\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101727.dll (Amazon.com, Inc.)
FF user.js: detected! => C:\Users\Lena\AppData\Roaming\Mozilla\Firefox\Profiles\qqfrjwnd.default\user.js
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nprjplug.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np_gp.dll (NOS Microsystems Ltd.)
FF SearchPlugin: C:\Users\Lena\AppData\Roaming\Mozilla\Firefox\Profiles\qqfrjwnd.default\searchplugins\avg-secure-search.xml
FF SearchPlugin: C:\Users\Lena\AppData\Roaming\Mozilla\Firefox\Profiles\qqfrjwnd.default\searchplugins\Web Search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\wtu-secure-search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: AVG Web TuneUp - C:\Users\Lena\AppData\Roaming\Mozilla\Firefox\Profiles\qqfrjwnd.default\Extensions\avg@toolbar [2014-08-30]
FF Extension: No Name - C:\Users\Lena\AppData\Roaming\Mozilla\Firefox\Profiles\qqfrjwnd.default\Extensions\nostmp [2011-05-02]
FF Extension: WiseConvert 1.3  - C:\Users\Lena\AppData\Roaming\Mozilla\Firefox\Profiles\qqfrjwnd.default\Extensions\{213c8ed6-1d78-4d8f-8729-25006aa86a76} [2014-05-29]
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2010-06-26]
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video
FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2010-12-10]
FF HKLM-x32\...\Firefox\Extensions: [{6904342A-8307-11DF-A508-4AE2DFD72085}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa
FF Extension: DivX HiQ - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2010-12-10]
FF HKLM-x32\...\Firefox\Extensions: [AMVCU@Aimersoft.com] - C:\ProgramData\Aimersoft\Video Converter Ultimate\AMVCU@Aimersoft.com
FF Extension: Aimersoft Video Converter Ultimate - C:\ProgramData\Aimersoft\Video Converter Ultimate\AMVCU@Aimersoft.com [2014-07-03]
FF Extension: No Name - {20a82645-c095-46ed-80e3-08825760534b} [Not Found]

Chrome: 
=======
CHR HKLM-x32\...\Chrome\Extension: [fnjbmmemklcjgepojigaapkoodmkgbae] - C:\Program Files (x86)\DivX\DivX Plus Web Player\google_chrome\wpa\wpa.crx [2010-12-08]
CHR HKLM-x32\...\Chrome\Extension: [nmapfhedmiiikmeicmclonepdhjgmlcn] - C:\ProgramData\Aimersoft\Video Converter Ultimate\AMVCU@Aimersoft.com.crx [2014-07-03]
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\google_chrome\html5video\html5video.crx [2010-12-08]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [4939312 2013-07-04] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [283136 2013-11-20] (AVG Technologies CZ, s.r.o.)
R2 Fabs; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [1253376 2009-08-27] (MAGIX AG) [File not signed]
S3 FirebirdServerMAGIXInstance; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [3276800 2008-08-07] (MAGIX®) [File not signed]
S3 GoogleDesktopManager-051210-111108; C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe [30192 2010-06-27] (Google)
R2 Nero BackItUp Scheduler 3; C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe [836904 2007-08-08] (Nero AG)
S3 NMIndexingService; C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe [382248 2007-08-16] (Nero AG)
S3 nosGetPlusHelper; C:\Program Files (x86)\NOS\bin\getPlus_Helper_3004.dll [66112 2010-08-13] (NOS Microsystems Ltd.)
R2 TestHandler; C:\Program Files (x86)\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe [303104 2008-04-25] (Fujitsu Siemens Computers) [File not signed]
S3 UPnPService; C:\Program Files (x86)\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [544768 2006-12-14] (Magix AG) [File not signed]
R2 vToolbarUpdater3.2.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\3.2.0\ToolbarUpdater.exe [1843736 2014-08-30] (AVG Secure Search)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [246072 2013-11-25] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [71480 2013-07-20] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [206648 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [311608 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [116536 2013-07-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [45880 2013-10-23] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [240952 2014-04-15] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50976 2014-08-30] (AVG Technologies)
U5 GEARAspiWDM; C:\Windows\System32\Drivers\GEARAspiWDM.sys [33240 2012-08-21] (GEAR Software Inc.)
R3 WsAudio_Device; C:\Windows\System32\drivers\VirtualAudio.sys [31080 2013-03-25] (Wondershare)
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-07 06:22 - 2014-11-07 06:23 - 00022503 _____ () C:\Users\Lena\Desktop\FRST.txt
2014-11-07 06:22 - 2014-11-07 06:22 - 00000000 ____D () C:\FRST
2014-11-07 06:21 - 2014-11-07 06:21 - 02114560 _____ (Farbar) C:\Users\Lena\Desktop\FRST64.exe
2014-11-06 15:24 - 2014-11-06 15:25 - 02998656 _____ (Enigma Software Group USA, LLC.) C:\Users\Lena\Desktop\SpyHunter-Installer.exe
2014-10-31 23:21 - 2014-10-31 23:21 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-10-09 19:09 - 2014-10-09 19:16 - 601104933 _____ () C:\Users\Lena\Desktop\80991_Under_the_Dome_14.10.08_20-15_pro7_110_TVOON_DE.mpg.HQ.cut.mp4

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-07 06:20 - 2006-11-02 16:22 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-07 06:20 - 2006-11-02 16:22 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-07 06:01 - 2009-03-07 14:19 - 02014385 _____ () C:\Windows\WindowsUpdate.log
2014-11-07 02:52 - 2013-03-21 14:39 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-06 23:25 - 2014-09-25 22:17 - 00002862 _____ () C:\Windows\System32\Tasks\ReclaimerUpdateXML_Lena
2014-11-06 23:25 - 2014-09-25 22:17 - 00000362 _____ () C:\Windows\Tasks\ReclaimerUpdateXML_Lena.job
2014-11-06 21:14 - 2009-12-12 17:22 - 00000000 ____D () C:\Users\Lena\AppData\Roaming\vlc
2014-11-06 18:29 - 2012-10-22 15:20 - 00000000 ____D () C:\ProgramData\MFAData
2014-11-06 13:32 - 2014-09-25 22:17 - 00000372 _____ () C:\Windows\Tasks\RNUpgradeHelperLogonPrompt_Lena.job
2014-11-06 13:32 - 2011-11-01 20:13 - 00000000 ____D () C:\Users\Lena\AppData\Roaming\Dropbox
2014-11-06 13:32 - 2006-11-02 16:07 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-11-06 13:28 - 2009-12-27 14:24 - 00000000 ____D () C:\ProgramData\Kodak
2014-11-06 13:28 - 2006-11-02 16:42 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-06 13:27 - 2009-01-26 11:49 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-11-06 06:55 - 2012-02-09 14:55 - 00000012 _____ () C:\Windows\bthservsdp.dat
2014-11-06 06:55 - 2006-11-02 16:42 - 00032510 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-11-05 17:28 - 2013-12-21 23:27 - 00001464 _____ () C:\Windows\setupact.log
2014-11-05 11:29 - 2014-09-25 22:17 - 00002866 _____ () C:\Windows\System32\Tasks\ReclaimerUpdateFiles_Lena
2014-11-05 11:29 - 2014-09-25 22:17 - 00000366 _____ () C:\Windows\Tasks\ReclaimerUpdateFiles_Lena.job
2014-11-02 17:42 - 2009-03-07 15:56 - 00210944 _____ () C:\Users\Lena\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-11-02 07:41 - 2012-05-07 18:19 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-10-09 13:55 - 2013-10-04 05:26 - 00000732 _____ () C:\Users\Lena\AppData\Local\d3d9caps64.dat

Files to move or delete:
====================
C:\Users\Lena\avira_free_antivirus_de.exe
C:\Users\Public\AlexaNSISPlugin.5520.dll


Some content of TEMP:
====================
C:\Users\Lena\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpwho0zo.dll
C:\Users\Lena\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Lena\AppData\Local\Temp\SHSetup.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-11-07 01:38

==================== End Of Log ============================
         
--- --- ---

--- --- ---

--- --- ---

--- --- ---

Und hier Addition:

Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-11-2014
Ran by Lena at 2014-11-07 06:23:18
Running from C:\Users\Lena\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG AntiVirus Free Edition 2013 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2013 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Download Manager (HKLM-x32\...\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}) (Version: 1.6.2.90 - NOS Microsystems Ltd.)
Adobe Flash Player 10 ActiveX (HKLM-x32\...\{2BD2FA21-B51D-4F01-94A7-AC16737B2163}) (Version: 10.0.12.36 - Adobe Systems, Inc.)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Flash Player ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 9.0.124.0 - Adobe Systems Incorporated)
Adobe Reader X (10.1.12) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.12 - Adobe Systems Incorporated)
Advertising Center (x32 Version: 0.0.0.1 - Nero AG) Hidden
Aimersoft Video Converter Ultimate(Build 6.1.3.0) (HKLM-x32\...\Aimersoft Video Converter Ultimate_is1) (Version: 6.1.3.0 - Aimersoft Software)
aiofw (x32 Version: 4.2.6.0 - Eastman Kodak Company) Hidden
aioprnt (Version: 5.3.1.0 - Eastman Kodak Company) Hidden
aioscnnr (x32 Version: 4.2.6.0 - Your Company Name) Hidden
Amazon MP3-Downloader 1.0.17 (HKLM-x32\...\Amazon MP3-Downloader) (Version: 1.0.17 - Amazon Services LLC)
Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Ashampoo Slideshow Studio 2010 (HKLM-x32\...\Ashampoo Slideshow Studio 2010_is1) (Version: 1.0.0 - ashampoo GmbH & Co. KG)
AVG 2013 (HKLM\...\AVG) (Version: 2013.0.3485 - AVG Technologies)
AVG 2013 (Version: 13.0.3485 - AVG Technologies) Hidden
AVG 2013 (Version: 13.0.4189 - AVG Technologies) Hidden
AVG Web TuneUp (HKLM-x32\...\AVG Web TuneUp) (Version: 3.2.0.18 - AVG Technologies)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Brockhaus multimedial 2008 (HKLM-x32\...\{50D69C54-6963-49A6-B762-A9FF8F56AF0F}) (Version: 10.00.0000 - Brockhaus AG)
C4USelfUpdater (x32 Version: 1.00.0000 - Your Company Name) Hidden
center (x32 Version: 5.0.0.0 - Eastman Kodak Company) Hidden
Corel Home Office 5.0.36 (HKLM-x32\...\{080FE95E-5A89-4A54-BAAA-D769971B7C2D}) (Version: 5 - Corel)
DivX-Setup (HKLM-x32\...\DivX Setup.divx.com) (Version: 2.2.0.24 - DivX, LLC)
Dream Aquarium (HKLM-x32\...\DreamAqua) (Version:  - )
Dropbox (HKCU\...\Dropbox) (Version: 2.10.30 - Dropbox, Inc.)
Energy Settings (HKLM-x32\...\{7613592F-B20C-4E1B-B2DD-67F0784D4373}) (Version: 1.0.7 - Fujitsu Siemens Computers)
Firebird SQL Server - MAGIX Edition (HKLM-x32\...\{34EB6245-C8D0-4D8A-B8D8-EEBFF7A91485}) (Version: 2.1.27.0 - MAGIX AG)
Google Desktop (HKLM-x32\...\Google Desktop) (Version: 5.9.1005.12335 - Google)
iTunes (HKLM\...\{77DE5105-D05E-448C-96CB-7FA381903753}) (Version: 11.3.1.2 - Apple Inc.)
Java 7 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.450 - Oracle)
KODAK Home Center Software (HKLM-x32\...\{E0F274B7-592B-4669-8FB8-8D9825A09858}) (Version: 5.4.6.4 - Eastman Kodak Company)
ksDIP (x32 Version: 3.20.0000.0000 - Eastman Kodak Company) Hidden
MAGIX Foto Manager 2008 5.0.3.351 (D) (HKLM-x32\...\MAGIX Foto Manager 2008 D) (Version: 5.0.3.351 - MAGIX AG)
MAGIX Fotos auf CD & DVD 10 (HKLM-x32\...\MAGIX_MSI_Fotos_auf_CD_DVD_10) (Version: 10.0.1.12 - MAGIX AG)
MAGIX Fotos auf CD & DVD 10 (x32 Version: 10.0.1.12 - MAGIX AG) Hidden
MAGIX Media Suite 1.12.0.89 (D) (HKLM-x32\...\MAGIX Media Suite D) (Version: 1.12.0.89 - MAGIX AG)
MAGIX Music Manager 2007 8.2.0.76 (D) (HKLM-x32\...\MAGIX Music Manager 2007 D) (Version: 8.2.0.76 - MAGIX AG)
MAGIX Online Druck Service (HKLM-x32\...\{EFBE9C17-FD67-41AF-B4BE-4D44CA689549}) (Version: 3.4.3.0 - MAGIX AG)
MAGIX Online Druck Service 2.3.2.0 (D) (HKLM-x32\...\MAGIX Online Druck Service D) (Version: 2.3.2.0 - MAGIX AG)
MAGIX Ringtone Maker SE 3.1.0.4 (D) (HKLM-x32\...\MAGIX Ringtone Maker SE D) (Version: 3.1.0.4 - MAGIX AG)
MAGIX Screenshare (HKLM-x32\...\{E0793645-DD5B-4D44-8E8D-86114908A994}) (Version: 4.3.6.1987 - MAGIX AG)
MAGIX Speed burnR (MSI) (HKLM-x32\...\{3990B044-D0CC-43FE-991B-981C516A174B}) (Version: 7.0.2.6 - MAGIX AG)
Microsoft – Speichern als PDF – Add-In für 2007 Microsoft Office-Programme (HKLM-x32\...\{90120000-00B0-0407-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Picture It! Foto Premium 10 (HKLM-x32\...\PictureItPrem_v10) (Version: 10.0.0715 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Moorhuhn Remake (HKLM-x32\...\{52210D57-0B1F-4681-90DD-8659DF4BCC40}) (Version: 1.00.0000 - )
Mozilla Firefox 33.0.2 (x86 de) (HKLM-x32\...\Mozilla Firefox 33.0.2 (x86 de)) (Version: 33.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Mozilla Thunderbird 17.0.8 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 17.0.8 (x86 de)) (Version: 17.0.8 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero 8 Essentials (HKLM-x32\...\{6803A6E6-48FF-48AB-B558-7B651BBE1031}) (Version: 8.0.287 - Nero AG)
Nero Move it Essentials (HKLM-x32\...\{cb81e976-5ca7-40c1-be3e-28c6e9e98528}) (Version:  - Nero AG)
NVIDIA 3D Vision Treiber 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 311.06 - NVIDIA Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version:  - NVIDIA Corporation)
NVIDIA Grafiktreiber 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 311.06 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{8AAB4176-A747-493A-A42C-B63CFADFD8E3}) (Version: 9.09.0010 - NVIDIA Corporation)
NVIDIA Update 1.11.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.11.3 - NVIDIA Corporation)
Picasa 2 (HKLM-x32\...\Picasa2) (Version: 2.0 - Google, Inc.)
PreReq (x32 Version: 6.0.5.2 - Eastman Kodak Company) Hidden
QuickTime (HKLM-x32\...\{3D9892BB-A751-4E48-ADC8-E4289956CE1D}) (Version: 7.66.73.0 - Apple Inc.)
ratDVD 0.78.1444 (HKLM-x32\...\ratDVD) (Version: 0.78.1444 - ratDVD)
RealPlayer (HKLM-x32\...\RealPlayer 12.0) (Version:  - RealNetworks)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5772 - Realtek Semiconductor Corp.)
RealUpgrade 1.0 (x32 Version: 1.0.0 - RealNetworks, Inc.) Hidden
Rossmann Fotowelt Software 4.9 (HKLM-x32\...\Rossmann Fotowelt Software) (Version: 4.9 - ORWO Net)
Serif PagePlus X2 (HKLM-x32\...\{B00B1355-DD54-4314-90B1-161C6A7D3FD3}) (Version: 12.0.2.015 - Serif (Europe) Ltd)
Serif PhotoPlus X2 (HKLM-x32\...\{FC935397-C56E-4EE3-B9BC-1F7F3EA6CE41}) (Version: 12.0.2.011 - Serif (Europe) Ltd)
Sweet Home 3D version 3.1 (HKLM-x32\...\Sweet Home 3D_is1) (Version:  - eTeks)
SystemDiagnostics (HKLM-x32\...\{2F04C9DA-94DA-4361-8B34-02CD8187861F}) (Version: 2.02.0002 - Fujitsu Siemens Computers       )
VC80CRTRedist - 8.0.50727.4053 (x32 Version: 1.1.0 - DivX, Inc) Hidden
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
VLC media player 2.1.0 (HKLM\...\VLC media player) (Version: 2.1.0 - VideoLAN)
WIDCOMM Bluetooth Software 6.0.1.6300 (HKLM\...\{03D1988F-469F-4843-8E6E-E5FE9D17889D}) (Version: 6.0.1.6300 - Broadcom Corporation)
Windows Vista Demo Screen Saver (HKLM-x32\...\{9605D5C2-F545-40F2-B39A-0462E4CD3811}) (Version: 1.1.5 - Ventuz Technology)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-662861082-124019279-1587897540-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lena\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-662861082-124019279-1587897540-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lena\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-662861082-124019279-1587897540-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lena\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-662861082-124019279-1587897540-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lena\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-662861082-124019279-1587897540-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lena\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-662861082-124019279-1587897540-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lena\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-662861082-124019279-1587897540-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lena\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-662861082-124019279-1587897540-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lena\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

==================== Restore Points  =========================

23-09-2014 10:55:10 Geplanter Prüfpunkt
24-09-2014 09:41:51 Geplanter Prüfpunkt
25-09-2014 11:57:45 Geplanter Prüfpunkt
26-09-2014 10:43:04 Geplanter Prüfpunkt
27-09-2014 10:09:55 Geplanter Prüfpunkt
28-09-2014 17:22:14 Geplanter Prüfpunkt
29-09-2014 14:43:32 Geplanter Prüfpunkt
03-10-2014 11:54:53 Geplanter Prüfpunkt
04-10-2014 07:38:48 Geplanter Prüfpunkt
05-10-2014 08:11:57 Geplanter Prüfpunkt
11-10-2014 07:39:00 Geplanter Prüfpunkt
22-10-2014 19:07:38 Geplanter Prüfpunkt
25-10-2014 10:05:14 Geplanter Prüfpunkt
26-10-2014 08:19:22 Geplanter Prüfpunkt
27-10-2014 18:40:58 Geplanter Prüfpunkt
29-10-2014 18:07:36 Geplanter Prüfpunkt
30-10-2014 20:39:59 Geplanter Prüfpunkt
01-11-2014 08:52:08 Geplanter Prüfpunkt
03-11-2014 21:42:33 Geplanter Prüfpunkt
05-11-2014 18:17:33 Geplanter Prüfpunkt
06-11-2014 20:50:51 Geplanter Prüfpunkt

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 13:34 - 2006-09-18 22:37 - 00000761 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {092FEC82-AE6E-4645-B7D6-B9DFAF3F20B5} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-662861082-124019279-1587897540-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2010-06-03] (RealNetworks, Inc.)
Task: {19698CC2-0B7D-4744-BC01-9B5ECC47CF1F} - System32\Tasks\RNUpgradeHelperLogonPrompt_Lena => C:\Users\Lena\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.02\agent\rnupgagent.exe [2014-09-25] (RealNetworks, Inc.)
Task: {3A72E906-BED6-4D13-9EE9-F52CF786E1F7} - System32\Tasks\ReclaimerUpdateFiles_Lena => C:\Users\Lena\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.02\agent\rnupgagent.exe [2014-09-25] (RealNetworks, Inc.)
Task: {53DB0CB9-F057-4C24-BE11-7FBE5DE4FA5C} - System32\Tasks\ReclaimerUpdateXML_Lena => C:\Users\Lena\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.02\agent\rnupgagent.exe [2014-09-25] (RealNetworks, Inc.)
Task: {610749AC-C763-46F1-AE83-7B9E8A30F685} - System32\Tasks\ROC_REG_JAN_DELETE => C:\ProgramData\AVG January 2013 Campaign\ROC.exe [2013-01-17] ()
Task: {75928AFD-9824-4B56-86AD-9F056C1E025F} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Lena => C:\Program Files\Windows Calendar\WinCal.exe [2008-01-21] (Microsoft Corporation)
Task: {A0B964AA-54D7-4E53-BA08-02646A9F5F9E} - System32\Tasks\RNUpgradeHelperResumePrompt_Lena => C:\Users\Lena\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.02\agent\rnupgagent.exe [2014-09-25] (RealNetworks, Inc.)
Task: {CCA329E3-551F-4D38-BBD1-E0451DD12667} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-662861082-124019279-1587897540-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2010-06-03] (RealNetworks, Inc.)
Task: {D1FD7240-3A04-4AFD-A601-6A74D968B9D0} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-10] (Adobe Systems Incorporated)
Task: {F9833510-1203-4756-95EA-A66196ABA4C4} - System32\Tasks\GoforFilesUpdate => C:\Program Files (x86)\GoforFiles\GFFUpdater.exe <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\ReclaimerUpdateFiles_Lena.job => C:\Users\Lena\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.02\agent\rnupgagent.exe
Task: C:\Windows\Tasks\ReclaimerUpdateXML_Lena.job => C:\Users\Lena\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.02\agent\rnupgagent.exe
Task: C:\Windows\Tasks\RNUpgradeHelperLogonPrompt_Lena.job => C:\Users\Lena\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.02\agent\rnupgagent.exe
Task: C:\Windows\Tasks\ROC_REG_JAN_DELETE.job => C:\ProgramData\AVG January 2013 Campaign\ROC.exe

==================== Loaded Modules (whitelisted) =============

2014-08-30 08:51 - 2014-08-30 08:51 - 00159768 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\3.2.0\loggingserver.exe
2014-07-03 15:18 - 2013-08-23 12:36 - 00721263 _____ () C:\Windows\SysWOW64\AiCM64.dll
2008-02-12 13:55 - 2008-02-12 13:55 - 00167936 _____ () C:\btkeyind.dll
2010-12-08 20:17 - 2010-12-08 20:17 - 01226608 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
2014-08-30 08:51 - 2014-10-06 13:53 - 02662424 _____ () C:\Program Files (x86)\AVG Web TuneUp\vprot.exe
2014-07-31 11:16 - 2014-07-31 11:16 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-07-31 11:16 - 2014-07-31 11:16 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-08-30 08:51 - 2014-08-30 08:51 - 00519704 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\3.2.0\log4cplusU.dll
2014-11-06 13:32 - 2014-11-06 13:32 - 00043008 _____ () c:\users\lena\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpwho0zo.dll
2013-08-23 20:01 - 2013-08-23 20:01 - 25100288 _____ () C:\Users\Lena\AppData\Roaming\Dropbox\bin\libcef.dll
2009-03-07 14:21 - 2010-06-27 19:13 - 00034816 _____ () C:\Program Files (x86)\Google\Google Desktop Search\gzlib.dll
2010-12-08 20:18 - 2010-12-08 20:18 - 00096112 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
2014-07-03 15:18 - 2014-04-04 10:26 - 00371712 _____ () C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\DAQExp.dll
2014-07-03 15:18 - 2013-07-24 08:24 - 00137728 _____ () C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\CBSCreateVC.dll
2014-10-31 23:21 - 2014-10-31 23:21 - 03649648 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-662861082-124019279-1587897540-500 - Administrator - Disabled)
Gast (S-1-5-21-662861082-124019279-1587897540-501 - Limited - Disabled)
Lena (S-1-5-21-662861082-124019279-1587897540-1000 - Administrator - Enabled) => C:\Users\Lena
UpdatusUser (S-1-5-21-662861082-124019279-1587897540-1001 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (11/06/2014 03:54:08 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlerhafte Anwendung plugin-container.exe, Version 33.0.2.5413, Zeitstempel 0x544ef530, fehlerhaftes Modul mozalloc.dll, Version 33.0.2.5413, Zeitstempel 0x544ed089, Ausnahmecode 0x80000003, Fehleroffset 0x00001425,
Prozess-ID 0xea8, Anwendungsstartzeit plugin-container.exe0.

Error: (11/06/2014 03:53:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlerhafte Anwendung plugin-container.exe, Version 33.0.2.5413, Zeitstempel 0x544ef530, fehlerhaftes Modul mozalloc.dll, Version 33.0.2.5413, Zeitstempel 0x544ed089, Ausnahmecode 0x80000003, Fehleroffset 0x00001425,
Prozess-ID 0x14f8, Anwendungsstartzeit plugin-container.exe0.

Error: (11/06/2014 01:33:31 PM) (Source: LoadPerf) (EventID: 3001) (User: )
Description: 16

Error: (11/06/2014 01:32:22 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_15302f0af3bbd1ec.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_15302f0af3bbd1ec.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_15302f0af3bbd1ec.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen bereits aktiven Komponentenversion.
Die widersprüchlichen Komponenten sind:
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_15302f0af3bbd1ec.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2.manifest.

Error: (11/06/2014 01:29:16 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/06/2014 03:02:13 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9080

Error: (11/06/2014 03:02:13 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9080

Error: (11/06/2014 03:02:13 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/06/2014 03:02:12 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 8019

Error: (11/06/2014 03:02:12 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 8019


System errors:
=============
Error: (11/06/2014 01:28:04 PM) (Source: HTTP) (EventID: 15016) (User: )
Description: \Device\Http\ReqQueueKerberos

Error: (11/06/2014 06:55:30 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: ScRegSetValueExWFailureActions%%5

Error: (11/05/2014 06:21:48 AM) (Source: HTTP) (EventID: 15016) (User: )
Description: \Device\Http\ReqQueueKerberos

Error: (11/04/2014 09:50:49 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: ScRegSetValueExWFailureActions%%5

Error: (11/04/2014 08:47:26 PM) (Source: HTTP) (EventID: 15016) (User: )
Description: \Device\Http\ReqQueueKerberos

Error: (11/04/2014 06:50:29 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: ScRegSetValueExWFailureActions%%5

Error: (11/04/2014 06:15:20 AM) (Source: HTTP) (EventID: 15016) (User: )
Description: \Device\Http\ReqQueueKerberos

Error: (11/03/2014 10:52:31 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: ScRegSetValueExWFailureActions%%5

Error: (11/03/2014 06:13:37 AM) (Source: HTTP) (EventID: 15016) (User: )
Description: \Device\Http\ReqQueueKerberos

Error: (11/02/2014 09:08:55 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: ScRegSetValueExWFailureActions%%5


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2014-11-07 06:22:56.409
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-11-07 06:22:56.335
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-11-07 06:22:56.260
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-11-07 06:22:56.186
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-11-07 06:22:56.073
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-11-07 06:22:55.999
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-11-07 06:22:55.894
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-11-07 06:22:55.810
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-11-07 06:22:41.937
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\avgidsha.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-11-07 06:22:41.852
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\avgidsha.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM)2 Quad CPU Q8200 @ 2.33GHz
Percentage of memory in use: 36%
Total physical RAM: 4094.32 MB
Available physical RAM: 2619.23 MB
Total Pagefile: 8403.95 MB
Available Pagefile: 6035.25 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (SYSTEM) (Fixed) (Total:327.54 GB) (Free:81.52 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive e: (DATA) (Fixed) (Total:592.25 GB) (Free:83.84 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 931.5 GB) (Disk ID: C347115F)
Partition 1: (Not Active) - (Size=11.7 GB) - (Type=27)
Partition 2: (Active) - (Size=327.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=592.3 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         

Vielen herzlichen Dank nochmal!
__________________

Alt 07.11.2014, 19:39   #4
schrauber
/// the machine
/// TB-Ausbilder
 

Bundespolizei-Trojaner eingefangen? (Vista) - Standard

Bundespolizei-Trojaner eingefangen? (Vista)



hi,

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 07.11.2014, 22:12   #5
Lena86
 
Bundespolizei-Trojaner eingefangen? (Vista) - Standard

Bundespolizei-Trojaner eingefangen? (Vista)



Hallo Schrauber,

du batest darum, informiert zu werden, wenn Combofix meckert.

Combofix meckert tatsächlich, wie du gesagt hast.

Es schreibt:

Combofix hat festgestellt, dass folgende Real-Time-Scanner aktiv sind:

antivirus: AVG AntiVirus Free Edition 2013
antispyware: AVG AntiVirus Free Edition 2013


Ich soll diese Scanner deaktivieren, bevor ich auf "ok" klicke, weil sie die Arbeit von Combofix behindern können.

Irgendwie seltsam, weil ich AVG bereits vorher deaktiviert hatte - gemäß deiner Anleitung. Ich habs jetzt einfach nochmal deaktiviert und werde jetzt fortfahren.

Lena

mir erscheint der Editor sehr lang, deswegen werde ich ihn teilen. Ich hoffe, es ist okay so?!

Code:
ATTFilter
ComboFix 14-11-03.01 - Lena 07.11.2014  21:52:26.1.4 - x64
ausgeführt von:: c:\users\Lena\Desktop\ComboFix.exe
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Lena\AppData\Roaming\Local
c:\users\Lena\AppData\Roaming\Local\Temp\DDM\Settings\.ddr
c:\users\Lena\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\.ddp
.
---- Vorheriger Suchlauf -------
.
c:\users\Lena\AppData\Roaming\Local\Temp\DDM\Settings\0.ddi
c:\users\Lena\AppData\Roaming\Local\Temp\DDM\Settings\settings.ddi
c:\users\Lena\avira_free_antivirus_de.exe
c:\users\Public\AlexaNSISPlugin.5520.dll
.
.
(((((((((((((((((((((((   Dateien erstellt von 2014-10-07 bis 2014-11-07  ))))))))))))))))))))))))))))))
.
.
2014-11-07 21:00 . 2014-11-07 21:00	--------	d-----w-	c:\users\UpdatusUser\AppData\Local\temp
2014-11-07 21:00 . 2014-11-07 21:00	--------	d-----w-	c:\users\Default\AppData\Local\temp
2014-11-07 19:38 . 2014-11-07 20:51	--------	d-----w-	C:\32788R22FWJFW
2014-11-07 05:22 . 2014-11-07 05:23	--------	d-----w-	C:\FRST
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-11-07 20:20 . 2008-01-21 02:49	79672	----a-w-	c:\windows\system32\drivers\WS2IFSL.SYS
2014-09-10 16:52 . 2013-03-21 13:39	701104	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2014-09-10 16:52 . 2011-11-29 12:35	71344	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-08-30 07:51 . 2014-08-30 07:51	50976	----a-w-	c:\windows\system32\drivers\avgtpx64.sys
2008-08-28 11:15 . 2008-08-28 11:15	10798368	----a-r-	c:\program files (x86)\ABWordImpEx.dll
2008-08-28 11:11 . 2008-08-28 11:11	127264	----a-w-	c:\program files (x86)\xmllite.dll
2008-08-28 11:10 . 2008-08-28 11:10	58656	----a-w-	c:\program files (x86)\Wfwce.dll
2008-08-28 11:10 . 2008-08-28 11:10	1336608	----a-w-	c:\program files (x86)\WriteFX.dll
2008-08-28 11:10 . 2008-08-28 11:10	54048	----a-w-	c:\program files (x86)\W349f32w.dll
2008-08-28 11:10 . 2008-08-28 11:10	164640	----a-w-	c:\program files (x86)\W111F32W.DLL
2008-08-28 11:10 . 2008-08-28 11:10	269088	----a-w-	c:\program files (x86)\W049f32w.dll
2008-08-28 11:10 . 2008-08-28 11:10	219936	----a-w-	c:\program files (x86)\W049t32w.dll
2008-08-28 11:10 . 2008-08-28 11:10	264480	----a-w-	c:\program files (x86)\W048f32w.dll
2008-08-28 11:10 . 2008-08-28 11:10	242976	----a-w-	c:\program files (x86)\W048t32w.dll
2008-08-28 11:10 . 2008-08-28 11:10	215328	----a-w-	c:\program files (x86)\W044t32w.dll
2008-08-28 11:10 . 2008-08-28 11:10	216352	----a-w-	c:\program files (x86)\W044f32w.dll
2008-08-28 11:10 . 2008-08-28 11:10	143648	----a-w-	c:\program files (x86)\W043t32w.dll
2008-08-28 11:10 . 2008-08-28 11:10	148768	----a-w-	c:\program files (x86)\W039f32w.dll
2008-08-28 11:10 . 2008-08-28 11:10	133408	----a-w-	c:\program files (x86)\W043f32w.dll
2008-08-28 11:10 . 2008-08-28 11:10	171808	----a-w-	c:\program files (x86)\W033f32w.dll
2008-08-28 11:10 . 2008-08-28 11:10	170272	----a-w-	c:\program files (x86)\W033t32w.dll
2008-08-28 11:10 . 2008-08-28 11:10	208672	----a-w-	c:\program files (x86)\W019t32w.dll
2008-08-28 11:10 . 2008-08-28 11:10	224544	----a-w-	c:\program files (x86)\W019f32w.dll
2008-08-28 11:10 . 2008-08-28 11:10	191264	----a-w-	c:\program files (x86)\W007t32w.dll
2008-08-28 11:10 . 2008-08-28 11:10	95520	----a-w-	c:\program files (x86)\W006t32w.dll
2008-08-28 11:10 . 2008-08-28 11:10	180000	----a-w-	c:\program files (x86)\W007f32w.dll
2008-08-28 11:10 . 2008-08-28 11:10	87840	----a-w-	c:\program files (x86)\W006f32w.dll
2008-08-28 11:10 . 2008-08-28 11:10	124192	----a-w-	c:\program files (x86)\W005f32w.dll
2008-08-28 11:10 . 2008-08-28 11:10	120096	----a-w-	c:\program files (x86)\W005t32w.dll
2008-08-28 11:10 . 2008-08-28 11:10	99104	----a-w-	c:\program files (x86)\Vsw97.dll
2008-08-28 11:10 . 2008-08-28 11:10	107808	----a-w-	c:\program files (x86)\Vexx.dll
2008-08-28 11:10 . 2008-08-28 11:10	267040	----a-w-	c:\program files (x86)\Tool32w.dll
2008-08-28 11:10 . 2008-08-28 11:10	66848	----a-w-	c:\program files (x86)\Thxx.dll
2008-08-28 11:10 . 2008-08-28 11:10	185632	----a-w-	c:\program files (x86)\SSCE5332.dll
2008-08-28 11:10 . 2008-08-28 11:10	6004000	----a-w-	c:\program files (x86)\SpanishGrammarLib.dll
2008-08-28 11:10 . 2008-08-28 11:10	3738912	----a-w-	c:\program files (x86)\SFGLib.dll
2008-08-28 11:10 . 2008-08-28 11:10	99616	----a-w-	c:\program files (x86)\Sccut.dll
2008-08-28 11:10 . 2008-08-28 11:10	72480	----a-w-	c:\program files (x86)\Scclo.dll
2008-08-28 11:10 . 2008-08-28 11:10	80160	----a-w-	c:\program files (x86)\Sccfi.dll
2008-08-28 11:10 . 2008-08-28 11:10	86816	----a-w-	c:\program files (x86)\Sccfa.dll
2008-08-28 11:10 . 2008-08-28 11:10	23840	----a-w-	c:\program files (x86)\Sccex.dll
2008-08-28 11:10 . 2008-08-28 11:10	22304	----a-w-	c:\program files (x86)\Sccda.dll
2008-08-28 11:10 . 2008-08-28 11:10	106920	----a-w-	c:\program files (x86)\Sccch.dll
2008-08-28 11:10 . 2008-08-28 11:10	79136	----a-w-	c:\program files (x86)\RWUXThemeSU.dll
2008-08-28 11:10 . 2008-08-28 11:10	628000	----a-w-	c:\program files (x86)\ppt8flt.dll
2008-08-28 11:10 . 2008-08-28 11:10	185632	----a-w-	c:\program files (x86)\phtmlexp.dll
2008-08-28 11:10 . 2008-08-28 11:10	268576	----a-w-	c:\program files (x86)\Office2007Silver.dll
2008-08-28 11:10 . 2008-08-28 11:10	1672480	----a-w-	c:\program files (x86)\og10asu.dll
2008-08-28 11:10 . 2008-08-28 11:10	279328	----a-w-	c:\program files (x86)\Office2007Black.dll
2008-08-28 11:10 . 2008-08-28 11:10	266016	----a-w-	c:\program files (x86)\Office2007Blue.dll
2008-08-28 11:10 . 2008-08-28 11:10	241440	----a-w-	c:\program files (x86)\Office2007Aqua.dll
2008-08-28 11:09 . 2008-08-28 11:09	1572640	----a-w-	c:\program files (x86)\LWPAPIN.DLL
2008-08-28 11:09 . 2008-08-28 11:09	110880	----a-w-	c:\program files (x86)\LTSCSN10.DLL
2008-08-28 11:09 . 2008-08-28 11:09	226592	----a-w-	c:\program files (x86)\Install.exe
2008-08-28 11:09 . 2008-08-28 11:09	136480	----a-w-	c:\program files (x86)\Lektor52.dll
2008-08-28 11:09 . 2008-08-28 11:09	255264	----a-w-	c:\program files (x86)\image.dll
2008-08-28 11:09 . 2008-08-28 11:09	16280352	----a-w-	c:\program files (x86)\GermanGrammarLib.dll
2008-08-28 11:09 . 2008-08-28 11:09	247072	----a-w-	c:\program files (x86)\G699t32w.dll
2008-08-28 11:09 . 2008-08-28 11:09	245536	----a-w-	c:\program files (x86)\G610t32w.dll
2008-08-28 11:09 . 2008-08-28 11:09	115488	----a-w-	c:\program files (x86)\G622f32w.dll
2008-08-28 11:09 . 2008-08-28 11:09	97056	----a-w-	c:\program files (x86)\G610f32w.dll
2008-08-28 11:09 . 2008-08-28 11:09	259872	----a-w-	c:\program files (x86)\G521t32w.dll
2008-08-28 11:09 . 2008-08-28 11:09	136480	----a-w-	c:\program files (x86)\G504f32w.dll
2008-08-28 11:09 . 2008-08-28 11:09	129312	----a-w-	c:\program files (x86)\G521f32w.dll
2008-08-28 11:09 . 2008-08-28 11:09	320800	----a-w-	c:\program files (x86)\FormEdit.exe
2008-08-28 11:09 . 2008-08-28 11:09	538400	----a-w-	c:\program files (x86)\Exicf.dll
2008-08-28 11:09 . 2008-08-28 11:09	3188000	----a-w-	c:\program files (x86)\CorelWrite.exe
2008-08-28 11:09 . 2008-08-28 11:09	3536160	----a-w-	c:\program files (x86)\CorelCalc.exe
2008-08-28 11:09 . 2008-08-28 11:09	2012448	----a-w-	c:\program files (x86)\CorelShow.exe
2008-08-28 11:09 . 2008-08-28 11:09	3720480	----a-w-	c:\program files (x86)\cdintf.dll
2008-08-28 11:09 . 2008-08-28 11:09	71968	----a-w-	c:\program files (x86)\Auto32w.dll
2008-08-28 11:09 . 2008-08-28 11:09	56608	----a-w-	c:\program files (x86)\Autorec.dll
2008-08-28 11:09 . 2008-08-28 11:09	496928	----a-w-	c:\program files (x86)\acpdfcrext.dll
2008-08-28 11:09 . 2008-08-28 11:09	353568	----a-w-	c:\program files (x86)\acpdfcrdb.dll
2008-08-28 11:09 . 2008-08-28 11:09	409888	----a-w-	c:\program files (x86)\acfpdfuiamd64.dll
2008-08-28 11:09 . 2008-08-28 11:09	388344	----a-w-	c:\program files (x86)\acfpdfui.dll
2008-08-28 11:09 . 2008-08-28 11:09	541472	----a-w-	c:\program files (x86)\acfpdfuamd64.dll
2008-08-28 11:09 . 2008-08-28 11:09	435576	----a-w-	c:\program files (x86)\acfpdfu.dll
2008-08-28 11:09 . 2008-08-28 11:09	247880	----a-w-	c:\program files (x86)\acfpdf.dll
2008-08-28 11:09 . 2008-08-28 11:09	4879648	----a-w-	c:\program files (x86)\ABTool.dll
2008-08-28 11:09 . 2008-08-28 11:09	111904	----a-w-	c:\program files (x86)\ABViewForms.dll
2008-08-28 11:09 . 2008-08-28 11:09	12453152	----a-w-	c:\program files (x86)\abswed.dll
2008-08-28 11:09 . 2008-08-28 11:09	152864	----a-w-	c:\program files (x86)\ABSpel.dll
2008-08-28 11:09 . 2008-08-28 11:09	12588320	----a-w-	c:\program files (x86)\abspan.dll
2008-08-28 11:09 . 2008-08-28 11:09	808224	----a-w-	c:\program files (x86)\abshare.dll
2008-08-28 11:09 . 2008-08-28 11:09	230688	----a-w-	c:\program files (x86)\abpivot.dll
2008-08-28 11:09 . 2008-08-28 11:09	787744	----a-w-	c:\program files (x86)\abow.dll
2008-08-28 11:09 . 2008-08-28 11:09	36640	----a-w-	c:\program files (x86)\abom.dll
2008-08-28 11:09 . 2008-08-28 11:09	267552	----a-w-	c:\program files (x86)\abolepages.dll
2008-08-28 11:09 . 2008-08-28 11:09	980256	----a-w-	c:\program files (x86)\abo.dll
2008-08-28 11:09 . 2008-08-28 11:09	378144	----a-w-	c:\program files (x86)\ABMCmn.dll
2008-08-28 11:09 . 2008-08-28 11:09	161056	----a-w-	c:\program files (x86)\abimgsrc.dll
2008-08-28 11:09 . 2008-08-28 11:09	12526880	----a-w-	c:\program files (x86)\abitl.dll
2008-08-28 11:09 . 2008-08-28 11:09	517408	----a-w-	c:\program files (x86)\ABImgFmt.dll
2008-08-28 11:09 . 2008-08-28 11:09	443680	----a-w-	c:\program files (x86)\abifxdll.dll
2008-08-28 11:09 . 2008-08-28 11:09	185632	----a-w-	c:\program files (x86)\ABImageX.dll
2008-08-28 11:09 . 2008-08-28 11:09	242976	----a-w-	c:\program files (x86)\abgfx.dll
2008-08-28 11:09 . 2008-08-28 11:09	12563744	----a-w-	c:\program files (x86)\abgerman.dll
2008-08-28 11:09 . 2008-08-28 11:09	136480	----a-w-	c:\program files (x86)\Abfield.ocx
2008-08-28 11:09 . 2008-08-28 11:09	12592416	----a-w-	c:\program files (x86)\abfrench.dll
.
.
         


Code:
ATTFilter
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04	131480	----a-w-	c:\users\Lena\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04	131480	----a-w-	c:\users\Lena\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04	131480	----a-w-	c:\users\Lena\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files (x86)\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"Picasa Media Detector"="c:\program files (x86)\Picasa2\PicasaMediaDetector.exe" [2008-02-26 443968]
"fsc-reg"="c:\fsc-reg\fscreg.exe" [2008-08-01 380688]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-07-03 152064]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"EnergySettings"="c:\program files (x86)\Fujitsu Siemens Computers\Energy Settings\EnergySettings.exe" [2008-09-19 113664]
"Google Desktop Search"="c:\program files (x86)\Google\Google Desktop Search\GoogleDesktop.exe" [2010-06-27 30192]
"Google EULA Launcher"="c:\program files\Google\Google EULA\GoogleEULALauncher.exe" [2008-05-28 20480]
"Conime"="c:\windows\system32\conime.exe" [2008-01-21 69120]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-03-18 421888]
"TkBellExe"="c:\program files (x86)\Common Files\Real\Update_OB\realsched.exe" [2010-07-18 202256]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2010-12-08 1226608]
"DivX Download Manager"="c:\program files (x86)\DivX\DivX Plus Web Player\DDmService.exe" [2010-12-08 63360]
"AVG_UI"="c:\program files (x86)\AVG\AVG2013\avgui.exe" [2014-01-20 4411952]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-08-21 959176]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-07-31 43816]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"Aimersoft Helper Compact.exe"="c:\program files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe" [2014-04-04 2001920]
"DelaypluginInstall"="c:\programdata\Aimersoft\Video Converter Ultimate\DelayPluginI.exe" [2014-05-16 1953792]
"EKIJ5000StatusMonitor"="c:\windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe" [2010-09-02 2045440]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-08-01 152392]
"vProt"="c:\program files (x86)\AVG Web TuneUp\vprot.exe" [2014-10-06 2662424]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="c:\program files (x86)\Picasa2\PicasaMediaDetector.exe" [2008-02-26 443968]
"fsc-reg"="c:\fsc-reg\fscreg.exe" [2008-08-01 380688]
.
c:\users\Lena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Lena\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-9-13 36414624]
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2006-10-26 98632]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BTTray.lnk - C:\BTTray.exe [2008-2-12 994856]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~2\Google\GOOGLE~2\GOEC62~1.DLL
"LoadAppInit_DLLs"=1 (0x1)
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - IPNAT
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
nosGetPlusHelper	REG_MULTI_SZ   	nosGetPlusHelper
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
Themes
.
Inhalt des "geplante Tasks" Ordners
.
2014-11-07 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-03-21 16:52]
.
2014-11-07 c:\windows\Tasks\ReclaimerUpdateFiles_Lena.job
- c:\users\Lena\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.02\agent\rnupgagent.exe [2014-09-25 18:16]
.
2014-11-06 c:\windows\Tasks\ReclaimerUpdateXML_Lena.job
- c:\users\Lena\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.02\agent\rnupgagent.exe [2014-09-25 18:16]
.
2014-11-07 c:\windows\Tasks\RNUpgradeHelperLogonPrompt_Lena.job
- c:\users\Lena\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.02\agent\rnupgagent.exe [2014-09-25 18:16]
.
2013-01-24 c:\windows\Tasks\ROC_REG_JAN_DELETE.job
- c:\programdata\AVG January 2013 Campaign\ROC.exe [2013-01-23 21:16]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04	164760	----a-w-	c:\users\Lena\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04	164760	----a-w-	c:\users\Lena\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04	164760	----a-w-	c:\users\Lena\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04	164760	----a-w-	c:\users\Lena\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-01-06 6962720]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-01-06 1833504]
"EKIJ5000StatusMonitor"="c:\windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe" [2010-09-02 2045440]
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://feed.snap.do/?publisher=QuickObrw&dpid=QuickObrw&co=DE&userid=e47832a2-7293-46f6-94ae-5aca454b281b&searchtype=ds&q={searchTerms}&installDate=21/10/2013
IE: Bild an &Bluetooth-Gerät senden... - C:\btsendto_ie_ctx.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - C:\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.1.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\3.2.0\ViProtocol.dll
FF - ProfilePath - c:\users\Lena\AppData\Roaming\Mozilla\Firefox\Profiles\qqfrjwnd.default\
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://www.arche-gemeinde.de/
FF - prefs.js: keyword.URL - 
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{D879895E-2124-4ED0-BDDF-F8F8BBC98A6F} - c:\progra~3\AIMERS~1\VIDEOC~1\WSBROW~1.DLL
Wow6432Node-HKCU-Run-AVG-Secure-Search-Update_0913b - c:\users\Lena\AppData\Roaming\AVG 0913b Campaign\AVG-Secure-Search-Update-0913b.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-662861082-124019279-1587897540-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*%F*Z%]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-662861082-124019279-1587897540-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*%F*Z%\OpenWithList]
@Class="Shell"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.9"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil9f.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil9f.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}]
@Denied: (A 2) (Everyone)
@="IFlashBroker"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2014-11-07  22:03:45
ComboFix-quarantined-files.txt  2014-11-07 21:03
.
Vor Suchlauf: 22 Verzeichnis(se), 87.765.372.928 Bytes frei
Nach Suchlauf: 29 Verzeichnis(se), 87.659.646.976 Bytes frei
.
- - End Of File - - 6F420FFA30B940CCEF9A754F096DFAB0
5C616939100B85E558DA92B899A0FC36
         

Danke nochmal fürs Kümmern, Schrauber!


Alt 08.11.2014, 20:06   #6
schrauber
/// the machine
/// TB-Ausbilder
 

Bundespolizei-Trojaner eingefangen? (Vista) - Standard

Bundespolizei-Trojaner eingefangen? (Vista)



Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________
--> Bundespolizei-Trojaner eingefangen? (Vista)

Alt 08.11.2014, 21:36   #7
Lena86
 
Bundespolizei-Trojaner eingefangen? (Vista) - Standard

Bundespolizei-Trojaner eingefangen? (Vista)



Hey Schrauber,

ich habe erstmal MBAM gedownloaded.

In der Anleitung steht:

Lasse vor dem Lauf die Datenbanken aktualisieren

Ist mit Datenbanken eine externe Festplatte gemeint?


Soll ich nach dem Scannen mit MBAM mit ADW und Junkware fortfahren, also nacheinander, oder soll ich alles gleichzeitig laufen lassen?

Lena

Alt 09.11.2014, 08:30   #8
schrauber
/// the machine
/// TB-Ausbilder
 

Bundespolizei-Trojaner eingefangen? (Vista) - Standard

Bundespolizei-Trojaner eingefangen? (Vista)



Damit ist gemeint einfach MBAM upzudaten. Ja, ein Tool nach dem anderen, dann alle Logs posten.

Du musst nicht erst ein Tool machen und dann auf das OK warten, gleich alles abarbeiten was im Post steht
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 09.11.2014, 14:59   #9
Lena86
 
Bundespolizei-Trojaner eingefangen? (Vista) - Standard

Bundespolizei-Trojaner eingefangen? (Vista)



Die Anzahl der Bedrohungen wurde immer größer...! Und bei dem MBAM-Ergebnis sah, dachte ich erstmal nur Häh?!

MBAM

Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 09.11.2014
Suchlauf-Zeit: 13:39:27
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.3.1025
Malware Datenbank: v2014.11.09.03
Rootkit Datenbank: v2014.11.08.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows Vista Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Lena

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 368631
Verstrichene Zeit: 9 Min, 31 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente erkannt)

Module: 0
(Keine schädliche Elemente erkannt)

Registrierungsschlüssel: 0
(Keine schädliche Elemente erkannt)

Registrierungswerte: 0
(Keine schädliche Elemente erkannt)

Registrierungsdaten: 0
(Keine schädliche Elemente erkannt)

Ordner: 0
(Keine schädliche Elemente erkannt)

Dateien: 0
(Keine schädliche Elemente erkannt)

Physische Sektoren: 0
(Keine schädliche Elemente erkannt)


(end)
         

ADW Cleaner

Code:
ATTFilter
# AdwCleaner v4.100 - Bericht erstellt am 09/11/2014 um 14:10:53
# DB v2014-11-07.1
# Aktualisiert 08/11/2014 von Xplode
# Betriebssystem : Windows (TM) Vista Home Premium Service Pack 1 (64 bits)
# Benutzername : Lena - LENA-PC
# Gestartet von : C:\Users\Lena\Desktop\AdwCleaner_4.100.exe
# Option : Löschen

***** [ Dienste ] *****

Dienst Gelöscht : vToolbarUpdater3.2.0

***** [ Dateien / Ordner ] *****

[!] Ordner Gelöscht : C:\ProgramData\Aimersoft Video Converter Ultimate
[!] Ordner Gelöscht : C:\ProgramData\AVG Secure Search
[!] Ordner Gelöscht : C:\ProgramData\AVG Security Toolbar
[!] Ordner Gelöscht : C:\Program Files (x86)\Common Files\AVG Secure Search
[!] Ordner Gelöscht : C:\Users\Lena\AppData\Roaming\goforfiles
[!] Ordner Gelöscht : C:\Users\Lena\AppData\Roaming\Systweak
[!] Ordner Gelöscht : C:\Users\Lena\Documents\Aimersoft Video Converter Ultimate
[!] Ordner Gelöscht : C:\Users\Lena\AppData\Roaming\Mozilla\Firefox\Profiles\qqfrjwnd.default\Extensions\Avg@toolbar
Datei Gelöscht : C:\Users\Lena\AppData\Roaming\Mozilla\Firefox\Profiles\qqfrjwnd.default\searchplugins\avg-secure-search.xml
Datei Gelöscht : C:\Users\Lena\AppData\Roaming\Mozilla\Firefox\Profiles\qqfrjwnd.default\user.js

***** [ Tasks ] *****

Task Gelöscht : GoforFilesUpdate

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1663C10B-0D55-438D-8496-19A3DBAEC0E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A43DE495-3D00-47D4-9D2C-303115707939}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gelöscht : HKCU\Software\AVG Nation toolbar
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\distromatic
Schlüssel Gelöscht : HKCU\Software\GoforFiles
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gelöscht : HKLM\SOFTWARE\AVG Nation toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\AVG Secure Search
Schlüssel Gelöscht : HKLM\SOFTWARE\AVG Security Toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\GoforFiles
Schlüssel Gelöscht : HKLM\SOFTWARE\systweak
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{AF860F85-54A3-4A28-879B-BF9E6E325776}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\RegClean Pro_is1
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536

***** [ Browser ] *****

-\\ Internet Explorer v8.0.6001.19088

Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default]

-\\ Mozilla Firefox v33.0.3 (x86 de)

[qqfrjwnd.default\prefs.js] - Zeile gelöscht : user_pref("CT3242337.1000082.isPlayDisplay", "true");
[qqfrjwnd.default\prefs.js] - Zeile gelöscht : user_pref("CT3242337.1000082.muteState", "off");
[qqfrjwnd.default\prefs.js] - Zeile gelöscht : user_pref("CT3242337.1000082.state", "{\"state\":\"stopped\",\"text\":\"Californi...\",\"description\":\"California Rock\",\"url\":\"hxxp://feedlive.net/california.asx\"}");
[qqfrjwnd.default\prefs.js] - Zeile gelöscht : user_pref("CT3242337.1000234.TWC_TMP_city", "HAMBURG");
[qqfrjwnd.default\prefs.js] - Zeile gelöscht : user_pref("CT3242337.1000234.TWC_TMP_country", "DE");
[qqfrjwnd.default\prefs.js] - Zeile gelöscht : user_pref("CT3242337.129498282976856742.isToggled_item0_11", "true");
[qqfrjwnd.default\prefs.js] - Zeile gelöscht : user_pref("CT3242337.CBOpenMAMSettings.enc", "MA==");
[qqfrjwnd.default\prefs.js] - Zeile gelöscht : user_pref("CT3242337.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"false\"}");
[qqfrjwnd.default\prefs.js] - Zeile gelöscht : user_pref("CT3242337.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
[qqfrjwnd.default\prefs.js] - Zeile gelöscht : user_pref("CT3242337.FirstTime", "true");
[qqfrjwnd.default\prefs.js] - Zeile gelöscht : user_pref("CT3242337.FirstTimeFF3", "true");
[qqfrjwnd.default\prefs.js] - Zeile gelöscht : user_pref("CT3242337.LoginRevertSettingsEnabled", true);
[qqfrjwnd.default\prefs.js] - Zeile gelöscht : user_pref("CT3242337.RestartDialogFirstTime", "false");
[qqfrjwnd.default\prefs.js] - Zeile gelöscht : user_pref("CT3242337.RestartDialogShouldDisplay", "false");
[qqfrjwnd.default\prefs.js] - Zeile gelöscht : user_pref("CT3242337.RevertSettingsEnabled", true);
[qqfrjwnd.default\prefs.js] - Zeile gelöscht : user_pref("CT3242337.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3242337&SearchSource=2&q=");
[qqfrjwnd.default\prefs.js] - Zeile gelöscht : user_pref("CT3242337.UserID", "UN31375267828829840");
[qqfrjwnd.default\prefs.js] - Zeile gelöscht : user_pref("CT3242337.addressBarTakeOverEnabledInHidden", "true");
[qqfrjwnd.default\prefs.js] - Zeile gelöscht : user_pref("CT3242337.browser.search.defaultthis.engineName", true);
[qqfrjwnd.default\prefs.js] - Zeile gelöscht : user_pref("CT3242337.cb_experience_000.enc", "NQ==");
[qqfrjwnd.default\prefs.js] - Zeile gelöscht : user_pref("CT3242337.cb_firstuse0100.enc", "MQ==");
[qqfrjwnd.default\prefs.js] - Zeile gelöscht : user_pref("CT3242337.cbcountry_001.enc", "REU=");
[qqfrjwnd.default\prefs.js] - Zeile gelöscht : user_pref("CT3242337.cbfirsttime.enc", "VGh1IERlYyAwNiAyMDEyIDE3OjE3OjQ0IEdNVCswMTAw");
[qqfrjwnd.default\prefs.js] - Zeile gelöscht : user_pref("CT3242337.countryCode", "DE");
[qqfrjwnd.default\prefs.js] - Zeile gelöscht : user_pref("CT3242337.enableAlerts", "always");
[qqfrjwnd.default\prefs.js] - Zeile gelöscht : user_pref("CT3242337.enableFix404ByUser", "FALSE");
[qqfrjwnd.default\prefs.js] - Zeile gelöscht : user_pref("CT3242337.event_data.enc", "JTVCJTVE");
[qqfrjwnd.default\prefs.js] - Zeile gelöscht : user_pref("CT3242337.fired_events.enc", "AA==");
[qqfrjwnd.default\prefs.js] - Zeile gelöscht : user_pref("CT3242337.firstTimeDialogOpened", "true");
[qqfrjwnd.default\prefs.js] - Zeile gelöscht : user_pref("CT3242337.fixPageNotFoundErrorByUser", "TRUE");
[qqfrjwnd.default\prefs.js] - Zeile gelöscht : user_pref("CT3242337.fixPageNotFoundErrorInHidden", "true");
[qqfrjwnd.default\prefs.js] - Zeile gelöscht : user_pref("CT3242337.fixUrls", true);
[qqfrjwnd.default\prefs.js] - Zeile gelöscht : user_pref("CT3242337.fullUserID", "UN31375267828829840.UP.20130626173256");
[qqfrjwnd.default\prefs.js] - Zeile gelöscht : user_pref("CT3242337.homepageuserchanged", true);
[qqfrjwnd.default\prefs.js] - Zeile gelöscht : user_pref("CT3242337.hxxp___www_socialgrowthtechnologies_com_couponbuddy_v001.APP_WIN_FEATURES.enc", "b3BlbnBvc2l0aW9uPW9mZnNldDo1MDs1MCxzYXZlbG9jYXRpb249MCxyZXNpemFibGU9bm8sc2Nyb2xsYmFycz1ubyx0aXRsZW[...]
[qqfrjwnd.default\prefs.js] - Zeile gelöscht : user_pref("CT3242337.isCheckedStartAsHidden", true);
[qqfrjwnd.default\prefs.js] - Zeile gelöscht : user_pref("CT3242337.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"false\"}");
[qqfrjwnd.default\prefs.js] - Zeile gelöscht : user_pref("CT3242337.isFirstTimeToolbarLoading", "false");
[qqfrjwnd.default\prefs.js] - Zeile gelöscht : user_pref("CT3242337.isNewTabEnabled", false);
[qqfrjwnd.default\prefs.js] - Zeile gelöscht : user_pref("CT3242337.isPerformedSmartBarTransition", "true");
[qqfrjwnd.default\prefs.js] - Zeile gelöscht : user_pref("CT3242337.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"true\"}");
[qqfrjwnd.default\prefs.js] - Zeile gelöscht : user_pref("CT3242337.isWelcomPage", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
[qqfrjwnd.default\prefs.js] - Zeile gelöscht : user_pref("CT3242337.key_date.enc", "Ng==");
[qqfrjwnd.default\prefs.js] - Zeile gelöscht : user_pref("CT3242337.keyword", false);
[qqfrjwnd.default\prefs.js] - Zeile gelöscht : user_pref("CT3242337.lastNewTabSettings", "{\"isEnabled\":false,\"newTabUrl\":\"hxxp://www.trovigo.com/?gd=&ctid=CT3242337&octid=CT3242337&ISID=ISID_ID&SearchSource=15&CUI=UN31375267828829840&Lay=1&UM[...]
[qqfrjwnd.default\prefs.js] - Zeile gelöscht : user_pref("CT3242337.lastVersion", "10.31.2.501");
[qqfrjwnd.default\prefs.js] - Zeile gelöscht : user_pref("CT3242337.migrateAppsAndComponents", true);
[qqfrjwnd.default\prefs.js] - Zeile gelöscht : user_pref("CT3242337.navigationAliasesJson", "{\"EB_MAIN_FRAME_URL\":\"hxxp%3A%2F%2Fwww.trojaner-board.de%2Flogin.php%3Fdo%3Dlogout%26logouthash%3D1415536417-c01427fda2ad8080d4010f13a1300fe1d5b5f349\"[...]
[qqfrjwnd.default\prefs.js] - Zeile gelöscht : user_pref("CT3242337.newSettings", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
[qqfrjwnd.default\prefs.js] - Zeile gelöscht : user_pref("CT3242337.performedDomainChangesMigration", "true");
[qqfrjwnd.default\prefs.js] - Zeile gelöscht : user_pref("CT3242337.price-gong.bornDate", "{\"dataType\":\"string\",\"data\":\"{\\\"Response\\\":\\\"12\\\\/06\\\\/2012 20\\\"}\"}");
[qqfrjwnd.default\prefs.js] - Zeile gelöscht : user_pref("CT3242337.search.searchAppId", "129888260050636624");
[qqfrjwnd.default\prefs.js] - Zeile gelöscht : user_pref("CT3242337.search.searchCount", "2");
[qqfrjwnd.default\prefs.js] - Zeile gelöscht : user_pref("CT3242337.searchInNewTabEnabled", "false");
[qqfrjwnd.default\prefs.js] - Zeile gelöscht : user_pref("CT3242337.searchInNewTabEnabledByUser", "false");
[qqfrjwnd.default\prefs.js] - Zeile gelöscht : user_pref("CT3242337.searchInNewTabEnabledInHidden", "true");
[qqfrjwnd.default\prefs.js] - Zeile gelöscht : user_pref("CT3242337.searchProtector.notifyChanges", "{\"dataType\":\"string\",\"data\":\"false\"}");
[qqfrjwnd.default\prefs.js] - Zeile gelöscht : user_pref("CT3242337.searchSuggestEnabledByUser", "false");
[qqfrjwnd.default\prefs.js] - Zeile gelöscht : user_pref("CT3242337.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
[qqfrjwnd.default\prefs.js] - Zeile gelöscht : user_pref("CT3242337.sendUsageEnabled", "false");
[qqfrjwnd.default\prefs.js] - Zeile gelöscht : user_pref("CT3242337.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
[qqfrjwnd.default\prefs.js] - Zeile gelöscht : user_pref("CT3242337.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\"}");
[qqfrjwnd.default\prefs.js] - Zeile gelöscht : user_pref("CT3242337.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT3242337\"}");
[qqfrjwnd.default\prefs.js] - Zeile gelöscht : user_pref("CT3242337.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"hxxp://WiseConvert13.OurToolbar.com//xpi\"}");
[qqfrjwnd.default\prefs.js] - Zeile gelöscht : user_pref("CT3242337.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"WiseConvert 1.3 \"}");
[qqfrjwnd.default\prefs.js] - Zeile gelöscht : user_pref("CT3242337.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
[qqfrjwnd.default\prefs.js] - Zeile gelöscht : user_pref("CT3242337.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data\":\"2\"}");
[qqfrjwnd.default\prefs.js] - Zeile gelöscht : user_pref("CT3242337.serviceLayer_services_Configuration_lastUpdate", "1415478212719");
[qqfrjwnd.default\prefs.js] - Zeile gelöscht : user_pref("CT3242337.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1354644987678");
[qqfrjwnd.default\prefs.js] - Zeile gelöscht : user_pref("CT3242337.serviceLayer_services_appTracking_lastUpdate", "1354644987788");
[qqfrjwnd.default\prefs.js] - Zeile gelöscht : user_pref("CT3242337.serviceLayer_services_appsMetadata_lastUpdate", "1354802768498");
[qqfrjwnd.default\prefs.js] - Zeile gelöscht : user_pref("CT3242337.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1354468508883");
[qqfrjwnd.default\prefs.js] - Zeile gelöscht : user_pref("CT3242337.serviceLayer_services_location_lastUpdate", "1372259575697");
[qqfrjwnd.default\prefs.js] - Zeile gelöscht : user_pref("CT3242337.serviceLayer_services_login_10.10.27.6_lastUpdate", "1352787164515");
[qqfrjwnd.default\prefs.js] - Zeile gelöscht : user_pref("CT3242337.serviceLayer_services_login_10.13.40.15_lastUpdate", "1358367387735");
[qqfrjwnd.default\prefs.js] - Zeile gelöscht : user_pref("CT3242337.serviceLayer_services_login_10.14.40.128_lastUpdate", "1359394703165");
[qqfrjwnd.default\prefs.js] - Zeile gelöscht : user_pref("CT3242337.serviceLayer_services_login_10.14.42.7_lastUpdate", "1360934418042");
[qqfrjwnd.default\prefs.js] - Zeile gelöscht : user_pref("CT3242337.serviceLayer_services_login_10.14.65.43_lastUpdate", "1364214400562");
[qqfrjwnd.default\prefs.js] - Zeile gelöscht : user_pref("CT3242337.serviceLayer_services_login_10.15.0.562_lastUpdate", "1366303230523");
[qqfrjwnd.default\prefs.js] - Zeile gelöscht : user_pref("CT3242337.serviceLayer_services_login_10.15.2.523_lastUpdate", "1372259575410");
[qqfrjwnd.default\prefs.js] - Zeile gelöscht : user_pref("CT3242337.serviceLayer_services_login_10.16.4.519_lastUpdate", "1374603328976");
[qqfrjwnd.default\prefs.js] - Zeile gelöscht : user_pref("CT3242337.serviceLayer_services_login_10.16.70.505_lastUpdate", "1377877087448");
[qqfrjwnd.default\prefs.js] - Zeile gelöscht : user_pref("CT3242337.serviceLayer_services_login_10.19.2.505_lastUpdate", "1378750047015");
[qqfrjwnd.default\prefs.js] - Zeile gelöscht : user_pref("CT3242337.serviceLayer_services_login_10.20.0.513_lastUpdate", "1380317487244");
[qqfrjwnd.default\prefs.js] - Zeile gelöscht : user_pref("CT3242337.serviceLayer_services_login_10.20.1.508_lastUpdate", "1382398489067");
[qqfrjwnd.default\prefs.js] - Zeile gelöscht : user_pref("CT3242337.serviceLayer_services_login_10.21.1.507_lastUpdate", "1384601155230");
[qqfrjwnd.default\prefs.js] - Zeile gelöscht : user_pref("CT3242337.serviceLayer_services_login_10.22.3.518_lastUpdate", "1385140794259");
[qqfrjwnd.default\prefs.js] - Zeile gelöscht : user_pref("CT3242337.serviceLayer_services_login_10.22.5.510_lastUpdate", "1386855956427");
[qqfrjwnd.default\prefs.js] - Zeile gelöscht : user_pref("CT3242337.serviceLayer_services_login_10.23.0.822_lastUpdate", "1396452509623");
[qqfrjwnd.default\prefs.js] - Zeile gelöscht : user_pref("CT3242337.serviceLayer_services_login_10.29.0.520_lastUpdate", "1399291516301");
[qqfrjwnd.default\prefs.js] - Zeile gelöscht : user_pref("CT3242337.serviceLayer_services_login_10.30.1.502_lastUpdate", "1400775125272");
[qqfrjwnd.default\prefs.js] - Zeile gelöscht : user_pref("CT3242337.serviceLayer_services_login_10.31.0.526_lastUpdate", "1401370265345");
[qqfrjwnd.default\prefs.js] - Zeile gelöscht : user_pref("CT3242337.serviceLayer_services_login_10.31.2.501_lastUpdate", "1415536334493");
[qqfrjwnd.default\prefs.js] - Zeile gelöscht : user_pref("CT3242337.serviceLayer_services_menu_769c590835a76d075fe33b9a87a87786_lastUpdate", "1354819110825");
[qqfrjwnd.default\prefs.js] - Zeile gelöscht : user_pref("CT3242337.serviceLayer_services_menu_d32f45618f5a02bd965c56155a643855_lastUpdate", "1354819109609");
[qqfrjwnd.default\prefs.js] - Zeile gelöscht : user_pref("CT3242337.serviceLayer_services_optimizer_lastUpdate", "1352785494256");
[qqfrjwnd.default\prefs.js] - Zeile gelöscht : user_pref("CT3242337.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1354468509110");
[qqfrjwnd.default\prefs.js] - Zeile gelöscht : user_pref("CT3242337.serviceLayer_services_searchAPI_lastUpdate", "1415478212621");
[qqfrjwnd.default\prefs.js] - Zeile gelöscht : user_pref("CT3242337.serviceLayer_services_serviceMap_lastUpdate", "1415478212422");
[qqfrjwnd.default\prefs.js] - Zeile gelöscht : user_pref("CT3242337.serviceLayer_services_toolbarContextMenu_lastUpdate", "1354468508787");
[qqfrjwnd.default\prefs.js] - Zeile gelöscht : user_pref("CT3242337.serviceLayer_services_toolbarSettings_lastUpdate", "1415536334437");
[qqfrjwnd.default\prefs.js] - Zeile gelöscht : user_pref("CT3242337.serviceLayer_services_translation_lastUpdate", "1415478212435");
[qqfrjwnd.default\prefs.js] - Zeile gelöscht : user_pref("CT3242337.serviceLayer_services_userApps_lastUpdate", "1354816344298");
[qqfrjwnd.default\prefs.js] - Zeile gelöscht : user_pref("CT3242337.settingsINI", true);
[qqfrjwnd.default\prefs.js] - Zeile gelöscht : user_pref("CT3242337.showToolbarPermission", "false");
[qqfrjwnd.default\prefs.js] - Zeile gelöscht : user_pref("CT3242337.smartbar.CTID", "CT3242337");
[qqfrjwnd.default\prefs.js] - Zeile gelöscht : user_pref("CT3242337.smartbar.Uninstall", "0");
[qqfrjwnd.default\prefs.js] - Zeile gelöscht : user_pref("CT3242337.smartbar.homepage", true);
[qqfrjwnd.default\prefs.js] - Zeile gelöscht : user_pref("CT3242337.smartbar.isHidden", true);
[qqfrjwnd.default\prefs.js] - Zeile gelöscht : user_pref("CT3242337.smartbar.toolbarName", "WiseConvert 1.3 ");
[qqfrjwnd.default\prefs.js] - Zeile gelöscht : user_pref("CT3242337.startPage", "userChanged");
[qqfrjwnd.default\prefs.js] - Zeile gelöscht : user_pref("CT3242337.toolbarBornServerTime", "26-8-2012");
[qqfrjwnd.default\prefs.js] - Zeile gelöscht : user_pref("CT3242337.toolbarCurrentServerTime", "9-11-2014");
[qqfrjwnd.default\prefs.js] - Zeile gelöscht : user_pref("CT3242337.toolbarLoginClientTime", "Mon Mar 25 2013 13:50:52 GMT+0100");
[qqfrjwnd.default\prefs.js] - Zeile gelöscht : user_pref("CT3242337.upgradeFromClearSBVersion", true);
[qqfrjwnd.default\prefs.js] - Zeile gelöscht : user_pref("CT3242337.url_history0001.enc", "aHR0cDovL3d3dy5ob2VyenUuZGUvdHYtcHJvZ3JhbW0vI2Nsb3NlOjo6Y2xpY2toYW5kbGVyOjo6MTM1NDgyNDAzOTU5OSwsLGh0dHA6Ly93d3cuaG9lcnp1LmRlL3R2LXByb2dyYW1tLyNjbG9zZTo6OmNs[...]
[qqfrjwnd.default\prefs.js] - Zeile gelöscht : user_pref("CT3242337_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1415536329984,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
[qqfrjwnd.default\prefs.js] - Zeile gelöscht : user_pref("Smartbar.ConduitHomepagesList", "");
[qqfrjwnd.default\prefs.js] - Zeile gelöscht : user_pref("Smartbar.ConduitSearchEngineList", "");
[qqfrjwnd.default\prefs.js] - Zeile gelöscht : user_pref("Smartbar.ConduitSearchUrlList", "");
[qqfrjwnd.default\prefs.js] - Zeile gelöscht : user_pref("Smartbar.TBHomepagesList", "");
[qqfrjwnd.default\prefs.js] - Zeile gelöscht : user_pref("Smartbar.TBSearchEngineList", "");
[qqfrjwnd.default\prefs.js] - Zeile gelöscht : user_pref("Smartbar.TBSearchUrlList", "");
[qqfrjwnd.default\prefs.js] - Zeile gelöscht : user_pref("Smartbar.keywordURLSelectedCTID", "");
[qqfrjwnd.default\prefs.js] - Zeile gelöscht : user_pref("browser.search.defaultenginename", "AVG Secure Search");
[qqfrjwnd.default\prefs.js] - Zeile gelöscht : user_pref("browser.search.selectedEngine", "AVG Secure Search");
[qqfrjwnd.default\prefs.js] - Zeile gelöscht : user_pref("extensions.helperbar.Country", "Germany");
[qqfrjwnd.default\prefs.js] - Zeile gelöscht : user_pref("extensions.helperbar.DockingPositionDown", false);
[qqfrjwnd.default\prefs.js] - Zeile gelöscht : user_pref("extensions.helperbar.SmartbarDisabled", false);
[qqfrjwnd.default\prefs.js] - Zeile gelöscht : user_pref("extensions.helperbar.SmartbarStateMinimaized", false);
[qqfrjwnd.default\prefs.js] - Zeile gelöscht : user_pref("extensions.helperbar.UserID", "e47832a2-7293-46f6-94ae-5aca454b281b");
[qqfrjwnd.default\prefs.js] - Zeile gelöscht : user_pref("extensions.helperbar.Visibility", false);
[qqfrjwnd.default\prefs.js] - Zeile gelöscht : user_pref("extensions.helperbar.countryiso", "de");
[qqfrjwnd.default\prefs.js] - Zeile gelöscht : user_pref("extensions.helperbar.downloadprovider", "quickobrw");
[qqfrjwnd.default\prefs.js] - Zeile gelöscht : user_pref("extensions.helperbar.installationid", "e47832a2-7293-46f6-94ae-5aca454b281b");
[qqfrjwnd.default\prefs.js] - Zeile gelöscht : user_pref("extensions.helperbar.installdate", "24/03/2013");
[qqfrjwnd.default\prefs.js] - Zeile gelöscht : user_pref("extensions.helperbar.publisher", "quickobrw");
[qqfrjwnd.default\prefs.js] - Zeile gelöscht : user_pref("plugin.state.npconduitfirefoxplugin", 2);
[qqfrjwnd.default\prefs.js] - Zeile gelöscht : user_pref("smartbar.machineId", "ULWCPP88BDBKSUVQTY9WTBJLCKKD+OVAXODBQLRZGW+NPXELJ3BDILBI4Y//ZED2+UGE2VUBD3OWORTKRJZEAA");
[qqfrjwnd.default\prefs.js] - Zeile gelöscht : user_pref("valueApps.CT3242337.mam_gk_currentVersion", "312E31332E302E3137");
[qqfrjwnd.default\prefs.js] - Zeile gelöscht : user_pref("valueApps.CT3242337.mam_gk_currentVersion.storedInFile", false);
[qqfrjwnd.default\prefs.js] - Zeile gelöscht : user_pref("valueApps.CT3242337.mam_gk_globalKeysMigratedToLocalStorage", "31");
[qqfrjwnd.default\prefs.js] - Zeile gelöscht : user_pref("valueApps.CT3242337.mam_gk_globalKeysMigratedToLocalStorage.storedInFile", false);
[qqfrjwnd.default\prefs.js] - Zeile gelöscht : user_pref("valueApps.CT3242337.mam_gk_migrated_from_ls", "31");
[qqfrjwnd.default\prefs.js] - Zeile gelöscht : user_pref("valueApps.CT3242337.mam_gk_migrated_from_ls.storedInFile", false);
[qqfrjwnd.default\prefs.js] - Zeile gelöscht : user_pref("valueApps.CT3242337.mam_gk_userBornDate", "4E2F41");
[qqfrjwnd.default\prefs.js] - Zeile gelöscht : user_pref("valueApps.CT3242337.mam_gk_userBornDate.storedInFile", false);

*************************

AdwCleaner[R0].txt - [23628 octets] - [09/11/2014 14:07:54]
AdwCleaner[S0].txt - [23903 octets] - [09/11/2014 14:10:56]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [23964 octets] ##########
         

JRT:

Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.7 (11.08.2014:1)
OS: Windows (TM) Vista Home Premium x64
Ran by Lena on 09.11.2014 at 14:26:08,12
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL



~~~ Registry Keys



~~~ Files

Successfully deleted: [File] C:\Windows\prefetch\TOOLBARUPDATER.EXE-E365199B.pf



~~~ Folders



~~~ FireFox

Successfully deleted: [Folder] C:\Users\Lena\AppData\Roaming\mozilla\firefox\profiles\qqfrjwnd.default\smartbar
Successfully deleted the following from C:\Users\Lena\AppData\Roaming\mozilla\firefox\profiles\qqfrjwnd.default\prefs.js

user_pref("extensions.AMAZONNEW_NS_PH.searchconf", "{\n  \"google\" : {\n    \"urlexp\" : \"hxxp(s)?:\\\\/\\\\/www\\\\.google\\\\..*\\\\/.*[?#&]q=([^&]+)\",\n    \"rankometer\
user_pref("extensions.AMAZONNEW_NS_PH.toolbarXMLText", "<?xml version=\"1.0\" encoding=\"utf-8\"?>\n<toolbar>\n  <replacements>\n    <replacement>\n      <key><![CDATA[__REGIO
user_pref("valueApps.storage.mam_gk_userId", "30316164366239342D613362612D346637332D383336622D303039353063303234373361");
Emptied folder: C:\Users\Lena\AppData\Roaming\mozilla\firefox\profiles\qqfrjwnd.default\minidumps [96 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 09.11.2014 at 14:30:32,09
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         

Frisches FRST-Log:


FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-11-2014
Ran by Lena (administrator) on LENA-PC on 09-11-2014 14:34:56
Running from C:\Users\Lena\Desktop
Loaded Profiles: Lena & UpdatusUser (Available profiles: Lena & UpdatusUser)
Platform: Windows Vista (TM) Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 8
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
(Eastman Kodak Company) C:\Program Files (x86)\Kodak\AiO\Center\ekdiscovery.exe
(Nero AG) C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe
(Fujitsu Siemens Computers) C:\Program Files (x86)\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Sidebar\sidebar.exe
(Google Inc.) C:\Program Files (x86)\Picasa2\PicasaMediaDetector.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Broadcom Corporation.) C:\BTTray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Dropbox, Inc.) C:\Users\Lena\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
(Google) C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(DivX, LLC) C:\Program Files (x86)\DivX\DivX Plus Web Player\DDMService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgui.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(AimerSoft) C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe
(Microsoft Corporation) C:\Windows\ehome\ehsched.exe
(Eastman Kodak Company) C:\Windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\ehome\ehrecvr.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Microsoft Corporation) C:\Windows\SysWOW64\conime.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [6962720 2009-01-06] (Realtek Semiconductor)
HKLM\...\Run: [Skytel] => C:\Program Files\Realtek\Audio\HDA\Skytel.exe [1833504 2009-01-06] (Realtek Semiconductor Corp.)
HKLM\...\Run: [EKIJ5000StatusMonitor] => C:\Windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe [2045440 2010-09-02] (Eastman Kodak Company)
HKLM-x32\...\Run: [EnergySettings] => C:\Program Files (x86)\Fujitsu Siemens Computers\Energy Settings\EnergySettings.exe [113664 2008-09-19] (Fujitsu Siemens Computers GmbH)
HKLM-x32\...\Run: [Google Desktop Search] => C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe [30192 2010-06-27] (Google)
HKLM-x32\...\Run: [Google EULA Launcher] => c:\Program Files\Google\Google EULA\GoogleEULALauncher.exe [20480 2008-05-28] ( )
HKLM-x32\...\Run: [Conime] => %windir%\system32\conime.exe
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2010-03-18] (Apple Inc.)
HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe [202256 2010-07-18] (RealNetworks, Inc.)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1226608 2010-12-08] ()
HKLM-x32\...\Run: [DivX Download Manager] => C:\Program Files (x86)\DivX\DivX Plus Web Player\DDmService.exe [63360 2010-12-08] (DivX, LLC)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2013\avgui.exe [4411952 2014-01-21] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [Aimersoft Helper Compact.exe] => C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe [2001920 2014-04-04] (AimerSoft)
HKLM-x32\...\Run: [DelaypluginInstall] => C:\ProgramData\Aimersoft\Video Converter Ultimate\DelayPluginI.exe [1953792 2014-05-16] ()
HKLM-x32\...\Run: [EKIJ5000StatusMonitor] => C:\Windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-08-01] (Apple Inc.)
HKU\S-1-5-21-662861082-124019279-1587897540-1000\...\Run: [Picasa Media Detector] => C:\Program Files (x86)\Picasa2\PicasaMediaDetector.exe [443968 2008-02-26] (Google Inc.)
HKU\S-1-5-21-662861082-124019279-1587897540-1000\...\Run: [fsc-reg] => C:\fsc-reg\fscreg.exe [380688 2008-08-01] (Fujitsu Siemens)
HKU\S-1-5-21-662861082-124019279-1587897540-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [152064 2008-07-03] (Microsoft Corporation)
HKU\S-1-5-21-662861082-124019279-1587897540-1001\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-18\...\Run: [Picasa Media Detector] => C:\Program Files (x86)\Picasa2\PicasaMediaDetector.exe [443968 2008-02-26] (Google Inc.)
HKU\S-1-5-18\...\Run: [fsc-reg] => c:\fsc-reg\fscreg.exe [380688 2008-08-01] (Fujitsu Siemens)
AppInit_DLLs-x32: C:\PROGRA~2\Google\GOOGLE~2\GOEC62~1.DLL => C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktopNetwork3.dll [123392 2010-06-27] (Google)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\BTTray.lnk
ShortcutTarget: BTTray.lnk -> C:\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\Lena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Lena\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Lena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=FUJD&bmod=FUJD
HKU\S-1-5-21-662861082-124019279-1587897540-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search
BHO-x32: DivX Plus Web Player HTML5 <video> -> {326E768D-4182-46FD-9C16-1449A49795F4} -> C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
BHO-x32: DivX HiQ -> {593DDEC6-7468-4cdd-90E1-42DADAA222E9} -> C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Aimersoft Video Converter Ultimate 6.1.0 -> {D879895E-2124-4ED0-BDDF-F8F8BBC98A6F} -> C:\PROGRA~3\AIMERS~1\VIDEOC~1\WSBROW~1.DLL No File
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Lena\AppData\Roaming\Mozilla\Firefox\Profiles\qqfrjwnd.default
FF NewTab: about:blank
FF Homepage: hxxp://www.arche-gemeinde.de/
FF Keyword.URL: 
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @divx.com/DivX OVS Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin -> C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll No File
FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin-x32: @nosltd.com/getPlus+(R),version=1.6.2.90 -> C:\Program Files (x86)\NOS\bin\np_gp.dll (NOS Microsystems Ltd.)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @real.com/nppl3260;version=6.0.12.775 -> C:\Users\Lena\Desktop\PC Programme\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprjplug;version=1.0.3.775 -> C:\Users\Lena\Desktop\PC Programme\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprphtml5videoshim;version=1.0.0.0 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpjplug;version=6.0.12.775 -> C:\Users\Lena\Desktop\PC Programme\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101727.dll (Amazon.com, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nprjplug.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np_gp.dll (NOS Microsystems Ltd.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\wtu-secure-search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: No Name - C:\Users\Lena\AppData\Roaming\Mozilla\Firefox\Profiles\qqfrjwnd.default\Extensions\nostmp [2011-05-02]
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2010-06-26]
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video
FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2010-12-10]
FF HKLM-x32\...\Firefox\Extensions: [{6904342A-8307-11DF-A508-4AE2DFD72085}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa
FF Extension: DivX HiQ - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2010-12-10]
FF HKLM-x32\...\Firefox\Extensions: [AMVCU@Aimersoft.com] - C:\ProgramData\Aimersoft\Video Converter Ultimate\AMVCU@Aimersoft.com
FF Extension: Aimersoft Video Converter Ultimate - C:\ProgramData\Aimersoft\Video Converter Ultimate\AMVCU@Aimersoft.com [2014-07-03]
FF Extension: No Name - {20a82645-c095-46ed-80e3-08825760534b} [Not Found]

Chrome: 
=======
CHR HKLM-x32\...\Chrome\Extension: [fnjbmmemklcjgepojigaapkoodmkgbae] - C:\Program Files (x86)\DivX\DivX Plus Web Player\google_chrome\wpa\wpa.crx [2010-12-08]
CHR HKLM-x32\...\Chrome\Extension: [nmapfhedmiiikmeicmclonepdhjgmlcn] - C:\ProgramData\Aimersoft\Video Converter Ultimate\AMVCU@Aimersoft.com.crx [2014-07-03]
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\google_chrome\html5video\html5video.crx [2010-12-08]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [4939312 2013-07-04] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [283136 2013-11-20] (AVG Technologies CZ, s.r.o.)
R2 Fabs; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [1253376 2009-08-27] (MAGIX AG) [File not signed]
S3 FirebirdServerMAGIXInstance; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [3276800 2008-08-07] (MAGIX®) [File not signed]
S3 GoogleDesktopManager-051210-111108; C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe [30192 2010-06-27] (Google)
R2 Nero BackItUp Scheduler 3; C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe [836904 2007-08-08] (Nero AG)
S3 NMIndexingService; C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe [382248 2007-08-16] (Nero AG)
S3 nosGetPlusHelper; C:\Program Files (x86)\NOS\bin\getPlus_Helper_3004.dll [66112 2010-08-13] (NOS Microsystems Ltd.)
R2 TestHandler; C:\Program Files (x86)\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe [303104 2008-04-25] (Fujitsu Siemens Computers) [File not signed]
S3 UPnPService; C:\Program Files (x86)\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [544768 2006-12-14] (Magix AG) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27648 2008-01-21] (Microsoft Corporation)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [246072 2013-11-25] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [71480 2013-07-20] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [206648 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [311608 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [116536 2013-07-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [45880 2013-10-23] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [240952 2014-04-15] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50976 2014-08-30] (AVG Technologies)
S1 Beep; No ImagePath
U5 GEARAspiWDM; C:\Windows\System32\Drivers\GEARAspiWDM.sys [33240 2012-08-21] (GEAR Software Inc.)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-11-09] (Malwarebytes Corporation)
U5 MSIServer; C:\Windows\System32\msiexec.exe [125440 2008-11-06] (Microsoft Corporation)
R3 WsAudio_Device; C:\Windows\System32\drivers\VirtualAudio.sys [31080 2013-03-25] (Wondershare)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-09 14:33 - 2014-11-09 14:33 - 00000000 ____D () C:\Users\Lena\Desktop\FRST-OlderVersion
2014-11-09 14:30 - 2014-11-09 14:30 - 00002193 _____ () C:\Users\Lena\Desktop\JRT.txt
2014-11-09 14:26 - 2014-11-09 14:26 - 00000000 ____D () C:\Windows\ERUNT
2014-11-09 14:24 - 2014-11-09 14:24 - 01706808 _____ (Thisisu) C:\Users\Lena\Desktop\JRT.exe
2014-11-09 14:16 - 2014-11-09 14:16 - 00024069 _____ () C:\Users\Lena\Desktop\AdwCleaner[S0].txt
2014-11-09 14:07 - 2014-11-09 14:11 - 00000000 ____D () C:\AdwCleaner
2014-11-09 13:58 - 2014-11-09 13:58 - 02145792 _____ () C:\Users\Lena\Desktop\AdwCleaner_4.100.exe
2014-11-09 13:53 - 2014-11-09 13:53 - 00001205 _____ () C:\Users\Lena\Desktop\mbam.txt
2014-11-09 13:38 - 2014-11-09 13:38 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-08 21:36 - 2014-11-08 21:36 - 00000947 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-11-08 21:36 - 2014-11-08 21:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-11-08 21:36 - 2014-11-08 21:36 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-11-08 21:36 - 2014-11-08 21:36 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-11-08 21:36 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-11-08 21:36 - 2014-10-01 11:11 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-11-08 21:36 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-11-08 21:28 - 2014-11-08 21:28 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\Lena\Desktop\mbam-setup-2.0.3.1025.exe
2014-11-07 22:03 - 2014-11-07 22:03 - 00024356 _____ () C:\ComboFix.txt
2014-11-07 21:51 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-11-07 21:51 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-11-07 21:51 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-11-07 21:51 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-11-07 21:51 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-11-07 21:51 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2014-11-07 21:51 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2014-11-07 21:51 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2014-11-07 21:46 - 2014-11-07 21:46 - 05593178 ____R (Swearware) C:\Users\Lena\Desktop\ComboFix.exe
2014-11-07 20:39 - 2014-11-07 22:03 - 00000000 ____D () C:\Qoobox
2014-11-07 20:38 - 2014-11-07 22:02 - 00000000 ____D () C:\Windows\erdnt
2014-11-07 20:38 - 2014-11-07 22:01 - 00000000 ____D () C:\32788R22FWJFW
2014-11-07 06:31 - 2014-11-07 06:32 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-11-07 06:23 - 2014-11-07 06:23 - 00026457 _____ () C:\Users\Lena\Desktop\Addition.txt
2014-11-07 06:22 - 2014-11-09 14:35 - 00019786 _____ () C:\Users\Lena\Desktop\FRST.txt
2014-11-07 06:22 - 2014-11-09 14:35 - 00000000 ____D () C:\FRST
2014-11-07 06:21 - 2014-11-09 14:33 - 02115584 _____ (Farbar) C:\Users\Lena\Desktop\FRST64.exe
2014-11-06 15:24 - 2014-11-06 15:25 - 02998656 _____ (Enigma Software Group USA, LLC.) C:\Users\Lena\Desktop\SpyHunter-Installer.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-09 14:17 - 2009-03-07 14:19 - 02068656 _____ () C:\Windows\WindowsUpdate.log
2014-11-09 14:15 - 2011-11-01 20:13 - 00000000 ____D () C:\Users\Lena\AppData\Roaming\Dropbox
2014-11-09 14:14 - 2006-11-02 16:07 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-11-09 14:13 - 2014-09-25 22:17 - 00000372 _____ () C:\Windows\Tasks\RNUpgradeHelperLogonPrompt_Lena.job
2014-11-09 14:13 - 2013-11-20 06:23 - 00002182 _____ () C:\Windows\PFRO.log
2014-11-09 14:13 - 2009-12-27 14:24 - 00000000 ____D () C:\ProgramData\Kodak
2014-11-09 14:13 - 2009-01-26 11:49 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-11-09 14:13 - 2006-11-02 16:42 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-09 14:13 - 2006-11-02 16:22 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-09 14:13 - 2006-11-02 16:22 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-09 14:12 - 2012-02-09 14:55 - 00000012 _____ () C:\Windows\bthservsdp.dat
2014-11-09 14:12 - 2006-11-02 16:42 - 00032510 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-11-09 13:52 - 2013-03-21 14:39 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-09 13:35 - 2012-10-22 15:20 - 00000000 ____D () C:\ProgramData\MFAData
2014-11-07 23:26 - 2014-09-25 22:17 - 00002862 _____ () C:\Windows\System32\Tasks\ReclaimerUpdateXML_Lena
2014-11-07 23:26 - 2014-09-25 22:17 - 00000362 _____ () C:\Windows\Tasks\ReclaimerUpdateXML_Lena.job
2014-11-07 22:03 - 2006-11-02 14:33 - 00000000 __RHD () C:\Users\Default
2014-11-07 22:01 - 2006-11-02 13:34 - 00000215 _____ () C:\Windows\system.ini
2014-11-07 21:20 - 2012-05-07 18:19 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-11-07 21:20 - 2008-01-21 03:49 - 00079672 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\WS2IFSL.SYS
2014-11-07 21:14 - 2006-11-02 16:07 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-11-07 21:11 - 2009-03-07 14:22 - 00000000 ____D () C:\Users\Lena
2014-11-07 20:35 - 2009-12-12 17:22 - 00000000 ____D () C:\Users\Lena\AppData\Roaming\vlc
2014-11-07 18:39 - 2009-03-07 15:56 - 00215040 _____ () C:\Users\Lena\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-11-07 10:30 - 2014-09-25 22:17 - 00002866 _____ () C:\Windows\System32\Tasks\ReclaimerUpdateFiles_Lena
2014-11-07 10:30 - 2014-09-25 22:17 - 00000366 _____ () C:\Windows\Tasks\ReclaimerUpdateFiles_Lena.job
2014-11-05 17:28 - 2013-12-21 23:27 - 00001464 _____ () C:\Windows\setupact.log

Some content of TEMP:
====================
C:\Users\Lena\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpv9bsd7.dll
C:\Users\Lena\AppData\Local\Temp\Quarantine.exe
C:\Users\Lena\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-11-09 14:19

==================== End Of Log ============================
         
--- --- ---




Alt 10.11.2014, 10:20   #10
schrauber
/// the machine
/// TB-Ausbilder
 

Bundespolizei-Trojaner eingefangen? (Vista) - Standard

Bundespolizei-Trojaner eingefangen? (Vista)




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 11.11.2014, 20:28   #11
Lena86
 
Bundespolizei-Trojaner eingefangen? (Vista) - Standard

Bundespolizei-Trojaner eingefangen? (Vista)



Puh! Bei den vielen USB-Sticks und den externen Festplatten wartet offenbar ne menge Arbeit auf mich...! Aber wie heißt es so schön: Wer ans Ziel will, muss auch den Weg gehen wollen.

Ich werde mich morgen mal ransetzen. Heute hab ich es nicht mehr geschafft.

Alt 12.11.2014, 19:05   #12
schrauber
/// the machine
/// TB-Ausbilder
 

Bundespolizei-Trojaner eingefangen? (Vista) - Standard

Bundespolizei-Trojaner eingefangen? (Vista)



Kannst die Externen auch im Nachgang mit deinem AV oder MBAM scannen
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 13.11.2014, 06:30   #13
Lena86
 
Bundespolizei-Trojaner eingefangen? (Vista) - Standard

Bundespolizei-Trojaner eingefangen? (Vista)



Guten Morgen

Sorry, deinen Eintrag hab ich erst jetzt gelesen.

Hier das Log:

Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=d859f8c693c29549a787e0f7bdf3049c
# engine=21059
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-11-13 01:29:59
# local_time=2014-11-13 02:29:59 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.0.6001 NT Service Pack 1
# compatibility_mode_1='AVG AntiVirus Free Edition 2013'
# compatibility_mode=1044 16777213 100 87 32851 102976183 0 0
# compatibility_mode_1=''
# compatibility_mode=5892 16776638 100 100 116147678 253366105 0 0
# scanned=1059537
# found=24
# cleaned=0
# scan_time=26662
sh=C5DB8386C3A901DD6D4FB8B66685B889FA1099F9 ft=0 fh=0000000000000000 vn="JS/SecurityDisabler.A.Gen evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Lena\AppData\Roaming\Mozilla\Firefox\Profiles\qqfrjwnd.default\user.js.vir"
sh=BEE96291323D129CF104D0FA8ECBE8AAB5E4BCA5 ft=1 fh=c71c001156299171 vn="Win32/Toolbar.AskSBar evtl. unerwünschte Anwendung" ac=I fn="C:\Nero_Move_it_Essentials\Nero Move it Essentials\unit_app_75\Toolbar.exe"
sh=1DC9245DF8305C902BDE14A5E13C857536553762 ft=0 fh=0000000000000000 vn="JS/SecurityDisabler.A.Gen evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Lena\AppData\Roaming\Mozilla\Firefox\Profiles\qqfrjwnd.default\prefs.js"
sh=0C7DF2E439574DDECA97DF33E2146B22A36F51B9 ft=0 fh=0000000000000000 vn="JS/SecurityDisabler.A.Gen evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Lena\AppData\Roaming\Mozilla\Firefox\Profiles\qqfrjwnd.default\prefs.js.BAK"
sh=9C860E0B0EAFF9D2912642BC3940BA098C00BBCE ft=1 fh=41f2b86635803f1b vn="NSIS/StartPage.CC Trojaner" ac=I fn="C:\Users\Lena\Filme\Neuer Ordner (2)\vlc-2.1.0-win64.exe"
sh=BEE96291323D129CF104D0FA8ECBE8AAB5E4BCA5 ft=1 fh=c71c001156299171 vn="Win32/Toolbar.AskSBar evtl. unerwünschte Anwendung" ac=I fn="D:\Laufwerk E\Nero_Move_it_Essentials\Nero Move it Essentials\unit_app_75\Toolbar.exe"
sh=BEE96291323D129CF104D0FA8ECBE8AAB5E4BCA5 ft=1 fh=c71c001156299171 vn="Win32/Toolbar.AskSBar evtl. unerwünschte Anwendung" ac=I fn="D:\System C\Nero_Move_it_Essentials\Nero Move it Essentials\unit_app_75\Toolbar.exe"
sh=C5DB8386C3A901DD6D4FB8B66685B889FA1099F9 ft=0 fh=0000000000000000 vn="JS/SecurityDisabler.A.Gen evtl. unerwünschte Anwendung" ac=I fn="D:\System C\Users\Lena\AppData\Roaming\Mozilla\Firefox\Profiles\qqfrjwnd.default\user.js"
sh=BEE96291323D129CF104D0FA8ECBE8AAB5E4BCA5 ft=1 fh=c71c001156299171 vn="Win32/Toolbar.AskSBar evtl. unerwünschte Anwendung" ac=I fn="E:\Nero_Move_it_Essentials\Nero Move it Essentials\unit_app_75\Toolbar.exe"
sh=BEE96291323D129CF104D0FA8ECBE8AAB5E4BCA5 ft=1 fh=c71c001156299171 vn="Win32/Toolbar.AskSBar evtl. unerwünschte Anwendung" ac=I fn="L:\Data E\Nero_Move_it_Essentials\Nero Move it Essentials\unit_app_75\Toolbar.exe"
sh=BEE96291323D129CF104D0FA8ECBE8AAB5E4BCA5 ft=1 fh=c71c001156299171 vn="Win32/Toolbar.AskSBar evtl. unerwünschte Anwendung" ac=I fn="L:\System C\Nero_Move_it_Essentials\Nero Move it Essentials\unit_app_75\Toolbar.exe"
sh=6AEFC486CA51524E62A86A6E501E30D727B4F837 ft=0 fh=0000000000000000 vn="Variante von Win32/Conduit.SearchProtect.N evtl. unerwünschte Anwendung" ac=I fn="L:\System C\Users\Lena\AppData\Local\Mozilla\Firefox\Profiles\qqfrjwnd.default\Cache\0\C8\B4589d01"
sh=0F738150EECB4F63BCE6767B06611D14EF844B61 ft=1 fh=e5128818cc333dd4 vn="MSIL/DomaIQ.B evtl. unerwünschte Anwendung" ac=I fn="L:\System C\Users\Lena\AppData\Local\Temp\JF+Zt1tu.exe.part"
sh=EA85B097011332E7CC79A8771A56708785CA6D1E ft=1 fh=49ce9251f0855f14 vn="Win32/AdWare.1ClickDownload.AT Anwendung" ac=I fn="L:\System C\Users\Lena\AppData\Local\Temp\Rxf2U+kT.exe.part"
sh=7D9F9C9E906BA53C1F7FB76D1DD8AD4B831B8EBB ft=1 fh=c71c0011bae07be8 vn="Variante von Win32/InstallCore.CH evtl. unerwünschte Anwendung" ac=I fn="L:\System C\Users\Lena\AppData\Local\Temp\un02+QDI.exe.part"
sh=B55611A90C4E11D1768B1217895DC1700DCD0E11 ft=1 fh=c71c0011bae07be8 vn="Variante von Win32/InstallCore.CH evtl. unerwünschte Anwendung" ac=I fn="L:\System C\Users\Lena\AppData\Local\Temp\VQNr1wEJ.exe.part"
sh=5812B45AA29282A4EF870E8C704CE9298A4A84FE ft=1 fh=8a85eada74f69ca2 vn="Variante von Win32/iLivid.A evtl. unerwünschte Anwendung" ac=I fn="L:\System C\Users\Lena\AppData\Local\Temp\Wi9i__ye.exe.part"
sh=AFFE6E9713E9A978FB02DDE2DC7B140AE7D49EEC ft=1 fh=ddacea57b1eca302 vn="Win32/Toolbar.SearchSuite evtl. unerwünschte Anwendung" ac=I fn="L:\System C\Users\Lena\AppData\Local\Temp\ZoS_5DiX.exe.part"
sh=C73A5ADD1FE18EA2C36CC1A04FD7C9C2529C11CE ft=0 fh=0000000000000000 vn="JS/SecurityDisabler.A.Gen evtl. unerwünschte Anwendung" ac=I fn="L:\System C\Users\Lena\AppData\Roaming\Mozilla\Firefox\Profiles\qqfrjwnd.default\prefs.js"
sh=C5DB8386C3A901DD6D4FB8B66685B889FA1099F9 ft=0 fh=0000000000000000 vn="JS/SecurityDisabler.A.Gen evtl. unerwünschte Anwendung" ac=I fn="L:\System C\Users\Lena\AppData\Roaming\Mozilla\Firefox\Profiles\qqfrjwnd.default\user.js"
sh=9EA2EC35286E8B152E1B0FB0F7CB45ECE5DD1E94 ft=1 fh=1d1710bbc0b94508 vn="Variante von Win32/Conduit.SearchProtect.N evtl. unerwünschte Anwendung" ac=I fn="L:\System C\Users\Lena\AppData\Roaming\Mozilla\Firefox\Profiles\qqfrjwnd.default\extensions\{213c8ed6-1d78-4d8f-8729-25006aa86a76}\ctypes\FirefoxCtype.dll"
sh=E5893674EB5035340F082FF31ABEA60C87BC26E7 ft=1 fh=4a5efe03ccdce2f0 vn="Variante von Win32/Conduit.SearchProtect.N evtl. unerwünschte Anwendung" ac=I fn="L:\System C\Users\Lena\AppData\Roaming\Mozilla\Firefox\Profiles\qqfrjwnd.default\extensions\{213c8ed6-1d78-4d8f-8729-25006aa86a76}\Plugins\npFirefoxPlugin.dll"
sh=29942034E2D05EFAD480026DA16439D5BAC74C1B ft=1 fh=910b754cc94d0b29 vn="Win32/Systweak evtl. unerwünschte Anwendung" ac=I fn="L:\System C\Users\Lena\Filme\Neuer Ordner\rcpsetup_ad_de_10217_ad_de_10217.exe"
sh=9C860E0B0EAFF9D2912642BC3940BA098C00BBCE ft=1 fh=41f2b86635803f1b vn="NSIS/StartPage.CC Trojaner" ac=I fn="L:\System C\Users\Lena\Filme\Neuer Ordner (2)\vlc-2.1.0-win64.exe"
         

Hab ich das so richtig gemacht? In der Anleitung steht, ich solle noch das Logfile posten. Ist das hier nicht schon das Logfile? Wenn nicht, wie mache ich das?

nochmal

Mich wundert es, dass Eset den VLC-Player als Trojaner erkannt hat. Offenbar war das keine sichere HP, von wo ich mir das heruntergeladen hab

Alt 13.11.2014, 17:24   #14
schrauber
/// the machine
/// TB-Ausbilder
 

Bundespolizei-Trojaner eingefangen? (Vista) - Standard

Bundespolizei-Trojaner eingefangen? (Vista)



ja du hast ihn von der falschen geladen.

Bitte noch den Rest von obiger Anleitung machen
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 13.11.2014, 18:43   #15
Lena86
 
Bundespolizei-Trojaner eingefangen? (Vista) - Standard

Bundespolizei-Trojaner eingefangen? (Vista)



Security Check sagt:

Code:
ATTFilter
 Results of screen317's Security Check version 0.99.89  
 Windows Vista Service Pack 1 x64   
 Out of date service pack!! 
 Internet Explorer 8 Out of date! 
 Internet Explorer 8  
``````````````Antivirus/Firewall Check:`````````````` 
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 AVG Web TuneUp   
 Java 7 Update 45  
 Java version out of Date! 
 Adobe Flash Player 10 Flash Player out of Date! 
 Adobe Flash Player 	15.0.0.223  
 Adobe Reader 10.1.12 Adobe Reader out of Date!  
 Mozilla Firefox (33.1) 
 Mozilla Thunderbird (17.0.8) 
````````Process Check: objlist.exe by Laurent````````  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log``````````````````````
         
Frisches FRST log:


FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-11-2014
Ran by Lena (administrator) on LENA-PC on 13-11-2014 18:39:59
Running from C:\Users\Lena\Desktop
Loaded Profiles: Lena & UpdatusUser (Available profiles: Lena & UpdatusUser)
Platform: Windows Vista (TM) Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 8
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
(Eastman Kodak Company) C:\Program Files (x86)\Kodak\AiO\Center\ekdiscovery.exe
(Nero AG) C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe
(Fujitsu Siemens Computers) C:\Program Files (x86)\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.10\ToolbarUpdater.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.10\loggingserver.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Eastman Kodak Company) C:\Windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Sidebar\sidebar.exe
(Google Inc.) C:\Program Files (x86)\Picasa2\PicasaMediaDetector.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Microsoft Corporation) C:\Windows\ehome\ehsched.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Broadcom Corporation.) C:\BTTray.exe
(Dropbox, Inc.) C:\Users\Lena\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
(Google) C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(DivX, LLC) C:\Program Files (x86)\DivX\DivX Plus Web Player\DDMService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgui.exe
(Microsoft Corporation) C:\Windows\ehome\ehrecvr.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(AimerSoft) C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
() C:\Program Files (x86)\AVG Web TuneUp\vprot.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Microsoft Corporation) C:\Windows\SysWOW64\conime.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunes.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [6962720 2009-01-06] (Realtek Semiconductor)
HKLM\...\Run: [Skytel] => C:\Program Files\Realtek\Audio\HDA\Skytel.exe [1833504 2009-01-06] (Realtek Semiconductor Corp.)
HKLM\...\Run: [EKIJ5000StatusMonitor] => C:\Windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe [2045440 2010-09-02] (Eastman Kodak Company)
HKLM-x32\...\Run: [EnergySettings] => C:\Program Files (x86)\Fujitsu Siemens Computers\Energy Settings\EnergySettings.exe [113664 2008-09-19] (Fujitsu Siemens Computers GmbH)
HKLM-x32\...\Run: [Google Desktop Search] => C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe [30192 2010-06-27] (Google)
HKLM-x32\...\Run: [Google EULA Launcher] => c:\Program Files\Google\Google EULA\GoogleEULALauncher.exe [20480 2008-05-28] ( )
HKLM-x32\...\Run: [Conime] => %windir%\system32\conime.exe
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2010-03-18] (Apple Inc.)
HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe [202256 2010-07-18] (RealNetworks, Inc.)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1226608 2010-12-08] ()
HKLM-x32\...\Run: [DivX Download Manager] => C:\Program Files (x86)\DivX\DivX Plus Web Player\DDmService.exe [63360 2010-12-08] (DivX, LLC)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2013\avgui.exe [4411952 2014-01-21] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [Aimersoft Helper Compact.exe] => C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe [2001920 2014-04-04] (AimerSoft)
HKLM-x32\...\Run: [DelaypluginInstall] => C:\ProgramData\Aimersoft\Video Converter Ultimate\DelayPluginI.exe [1953792 2014-05-16] ()
HKLM-x32\...\Run: [EKIJ5000StatusMonitor] => C:\Windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-08-01] (Apple Inc.)
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG Web TuneUp\vprot.exe [3060248 2014-11-09] ()
HKU\S-1-5-21-662861082-124019279-1587897540-1000\...\Run: [Picasa Media Detector] => C:\Program Files (x86)\Picasa2\PicasaMediaDetector.exe [443968 2008-02-26] (Google Inc.)
HKU\S-1-5-21-662861082-124019279-1587897540-1000\...\Run: [fsc-reg] => C:\fsc-reg\fscreg.exe [380688 2008-08-01] (Fujitsu Siemens)
HKU\S-1-5-21-662861082-124019279-1587897540-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [152064 2008-07-03] (Microsoft Corporation)
HKU\S-1-5-21-662861082-124019279-1587897540-1001\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-18\...\Run: [Picasa Media Detector] => C:\Program Files (x86)\Picasa2\PicasaMediaDetector.exe [443968 2008-02-26] (Google Inc.)
HKU\S-1-5-18\...\Run: [fsc-reg] => c:\fsc-reg\fscreg.exe [380688 2008-08-01] (Fujitsu Siemens)
AppInit_DLLs-x32: C:\PROGRA~2\Google\GOOGLE~2\GOEC62~1.DLL => C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktopNetwork3.dll [123392 2010-06-27] (Google)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\BTTray.lnk
ShortcutTarget: BTTray.lnk -> C:\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\Lena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Lena\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Lena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=FUJD&bmod=FUJD
HKU\S-1-5-21-662861082-124019279-1587897540-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = https://mysearch.avg.com/search?cid={242BF937-EFAF-41E1-A8F7-16F5B3319BD9}&mid=f7856e20126e47d0b550d15048e84afc-85d9f63c14a6e4e4159275d82929a531b0d3970f&lang=de&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-08-30 09:51:30&v=4.0.0.19&pid=wtu&sg=&sap=dsp&q={searchTerms}
BHO-x32: DivX Plus Web Player HTML5 <video> -> {326E768D-4182-46FD-9C16-1449A49795F4} -> C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
BHO-x32: DivX HiQ -> {593DDEC6-7468-4cdd-90E1-42DADAA222E9} -> C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files (x86)\AVG Web TuneUp\4.0.0.19\AVG Web TuneUp.dll (AVG)
BHO-x32: Aimersoft Video Converter Ultimate 6.1.0 -> {D879895E-2124-4ED0-BDDF-F8F8BBC98A6F} -> C:\PROGRA~3\AIMERS~1\VIDEOC~1\WSBROW~1.DLL No File
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.10\ViProtocol.dll (AVG Secure Search)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Lena\AppData\Roaming\Mozilla\Firefox\Profiles\qqfrjwnd.default
FF NewTab: about:blank
FF Homepage: hxxp://www.arche-gemeinde.de/
FF Keyword.URL: 
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_223.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.1.10\\npsitesafety.dll No File
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @divx.com/DivX OVS Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin -> C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll No File
FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin-x32: @nosltd.com/getPlus+(R),version=1.6.2.90 -> C:\Program Files (x86)\NOS\bin\np_gp.dll (NOS Microsystems Ltd.)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @real.com/nppl3260;version=6.0.12.775 -> C:\Users\Lena\Desktop\PC Programme\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprjplug;version=1.0.3.775 -> C:\Users\Lena\Desktop\PC Programme\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprphtml5videoshim;version=1.0.0.0 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpjplug;version=6.0.12.775 -> C:\Users\Lena\Desktop\PC Programme\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-662861082-124019279-1587897540-1000: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101727.dll (Amazon.com, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nprjplug.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np_gp.dll (NOS Microsystems Ltd.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\ddg.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\wtu-secure-search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: No Name - C:\Users\Lena\AppData\Roaming\Mozilla\Firefox\Profiles\qqfrjwnd.default\Extensions\nostmp [2011-05-02]
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2010-06-26]
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video
FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2010-12-10]
FF HKLM-x32\...\Firefox\Extensions: [{6904342A-8307-11DF-A508-4AE2DFD72085}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa
FF Extension: DivX HiQ - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2010-12-10]
FF HKLM-x32\...\Firefox\Extensions: [AMVCU@Aimersoft.com] - C:\ProgramData\Aimersoft\Video Converter Ultimate\AMVCU@Aimersoft.com
FF Extension: Aimersoft Video Converter Ultimate - C:\ProgramData\Aimersoft\Video Converter Ultimate\AMVCU@Aimersoft.com [2014-07-03]
FF Extension: No Name - {20a82645-c095-46ed-80e3-08825760534b} [Not Found]

Chrome: 
=======
CHR HKLM-x32\...\Chrome\Extension: [fnjbmmemklcjgepojigaapkoodmkgbae] - C:\Program Files (x86)\DivX\DivX Plus Web Player\google_chrome\wpa\wpa.crx [2010-12-08]
CHR HKLM-x32\...\Chrome\Extension: [nmapfhedmiiikmeicmclonepdhjgmlcn] - C:\ProgramData\Aimersoft\Video Converter Ultimate\AMVCU@Aimersoft.com.crx [2014-07-03]
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\google_chrome\html5video\html5video.crx [2010-12-08]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [4939312 2013-07-04] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [283136 2013-11-20] (AVG Technologies CZ, s.r.o.)
R2 Fabs; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [1253376 2009-08-27] (MAGIX AG) [File not signed]
S3 FirebirdServerMAGIXInstance; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [3276800 2008-08-07] (MAGIX®) [File not signed]
S3 GoogleDesktopManager-051210-111108; C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe [30192 2010-06-27] (Google)
R2 Nero BackItUp Scheduler 3; C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe [836904 2007-08-08] (Nero AG)
S3 NMIndexingService; C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe [382248 2007-08-16] (Nero AG)
S3 nosGetPlusHelper; C:\Program Files (x86)\NOS\bin\getPlus_Helper_3004.dll [66112 2010-08-13] (NOS Microsystems Ltd.)
R2 TestHandler; C:\Program Files (x86)\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe [303104 2008-04-25] (Fujitsu Siemens Computers) [File not signed]
S3 UPnPService; C:\Program Files (x86)\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [544768 2006-12-14] (Magix AG) [File not signed]
R2 vToolbarUpdater18.1.10; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.10\ToolbarUpdater.exe [1849368 2014-11-09] (AVG Secure Search)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27648 2008-01-21] (Microsoft Corporation)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [246072 2013-11-25] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [71480 2013-07-20] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [206648 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [311608 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [116536 2013-07-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [45880 2013-10-23] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [240952 2014-04-15] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50976 2014-08-30] (AVG Technologies)
S1 Beep; No ImagePath
U5 GEARAspiWDM; C:\Windows\System32\Drivers\GEARAspiWDM.sys [33240 2012-08-21] (GEAR Software Inc.)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-11-09] (Malwarebytes Corporation)
U5 MSIServer; C:\Windows\System32\msiexec.exe [125440 2008-11-06] (Microsoft Corporation)
R3 WsAudio_Device; C:\Windows\System32\drivers\VirtualAudio.sys [31080 2013-03-25] (Wondershare)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-13 18:32 - 2014-11-13 18:32 - 00854448 _____ () C:\Users\Lena\Desktop\SecurityCheck.exe
2014-11-12 18:37 - 2014-11-12 18:37 - 02347384 _____ (ESET) C:\Users\Lena\Desktop\esetsmartinstaller_deu.exe
2014-11-11 15:46 - 2014-11-11 15:47 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-11-10 06:19 - 2014-11-13 03:00 - 00000000 ____D () C:\Windows\system32\MRT
2014-11-09 19:00 - 2014-11-10 14:30 - 00000000 ____D () C:\ProgramData\AVG Security Toolbar
2014-11-09 18:59 - 2014-11-09 18:59 - 00000000 ____D () C:\ProgramData\AVG Secure Search
2014-11-09 18:59 - 2014-11-09 18:59 - 00000000 ____D () C:\Program Files (x86)\AVG Web TuneUp
2014-11-09 15:11 - 2014-11-09 15:11 - 29889068 _____ () C:\Users\Lena\Desktop\Fotos Lena.zip
2014-11-09 15:11 - 2014-11-09 15:11 - 00000000 ____D () C:\Users\Lena\Desktop\Fotos Lena
2014-11-09 14:42 - 2014-11-09 14:42 - 00027420 _____ () C:\Users\Lena\Desktop\FRST_update.txt
2014-11-09 14:33 - 2014-11-13 18:39 - 00000000 ____D () C:\Users\Lena\Desktop\FRST-OlderVersion
2014-11-09 14:30 - 2014-11-09 14:30 - 00002193 _____ () C:\Users\Lena\Desktop\JRT.txt
2014-11-09 14:26 - 2014-11-09 14:26 - 00000000 ____D () C:\Windows\ERUNT
2014-11-09 14:24 - 2014-11-09 14:24 - 01706808 _____ (Thisisu) C:\Users\Lena\Desktop\JRT.exe
2014-11-09 14:16 - 2014-11-09 14:16 - 00024069 _____ () C:\Users\Lena\Desktop\AdwCleaner[S0].txt
2014-11-09 14:07 - 2014-11-09 14:11 - 00000000 ____D () C:\AdwCleaner
2014-11-09 13:58 - 2014-11-09 13:58 - 02145792 _____ () C:\Users\Lena\Desktop\AdwCleaner_4.100.exe
2014-11-09 13:53 - 2014-11-09 13:53 - 00001205 _____ () C:\Users\Lena\Desktop\mbam.txt
2014-11-09 13:38 - 2014-11-09 13:38 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-08 21:36 - 2014-11-08 21:36 - 00000947 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-11-08 21:36 - 2014-11-08 21:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-11-08 21:36 - 2014-11-08 21:36 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-11-08 21:36 - 2014-11-08 21:36 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-11-08 21:36 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-11-08 21:36 - 2014-10-01 11:11 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-11-08 21:36 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-11-08 21:28 - 2014-11-08 21:28 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\Lena\Desktop\mbam-setup-2.0.3.1025.exe
2014-11-07 22:03 - 2014-11-07 22:03 - 00024356 _____ () C:\ComboFix.txt
2014-11-07 21:51 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-11-07 21:51 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-11-07 21:51 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-11-07 21:51 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-11-07 21:51 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-11-07 21:51 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2014-11-07 21:51 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2014-11-07 21:51 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2014-11-07 21:46 - 2014-11-07 21:46 - 05593178 ____R (Swearware) C:\Users\Lena\Desktop\ComboFix.exe
2014-11-07 20:39 - 2014-11-07 22:03 - 00000000 ____D () C:\Qoobox
2014-11-07 20:38 - 2014-11-07 22:02 - 00000000 ____D () C:\Windows\erdnt
2014-11-07 20:38 - 2014-11-07 22:01 - 00000000 ____D () C:\32788R22FWJFW
2014-11-07 06:23 - 2014-11-07 06:23 - 00026457 _____ () C:\Users\Lena\Desktop\Addition.txt
2014-11-07 06:22 - 2014-11-13 18:40 - 00000000 ____D () C:\FRST
2014-11-07 06:22 - 2014-11-13 18:39 - 00021677 _____ () C:\Users\Lena\Desktop\FRST.txt
2014-11-07 06:21 - 2014-11-13 18:39 - 02116608 _____ (Farbar) C:\Users\Lena\Desktop\FRST64.exe
2014-11-06 15:24 - 2014-11-06 15:25 - 02998656 _____ (Enigma Software Group USA, LLC.) C:\Users\Lena\Desktop\SpyHunter-Installer.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-13 18:30 - 2009-03-07 15:56 - 00216064 _____ () C:\Users\Lena\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-11-13 18:22 - 2012-10-22 15:20 - 00000000 ____D () C:\ProgramData\MFAData
2014-11-13 17:52 - 2013-03-21 14:39 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-13 17:08 - 2006-11-02 16:22 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-13 17:08 - 2006-11-02 16:22 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-13 15:08 - 2009-03-07 14:19 - 01123564 _____ () C:\Windows\WindowsUpdate.log
2014-11-13 03:00 - 2006-11-02 13:35 - 103374192 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-11-12 16:52 - 2013-03-21 14:39 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-11-12 16:52 - 2013-03-21 14:39 - 00003738 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-11-12 16:52 - 2011-11-29 13:35 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-12 13:49 - 2011-11-01 20:13 - 00000000 ____D () C:\Users\Lena\AppData\Roaming\Dropbox
2014-11-12 13:47 - 2012-05-07 18:19 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-11-12 13:47 - 2009-12-27 14:24 - 00000000 ____D () C:\ProgramData\Kodak
2014-11-12 13:47 - 2009-01-26 11:49 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-11-12 13:47 - 2006-11-02 16:42 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-12 13:47 - 2006-11-02 16:07 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-11-12 07:01 - 2012-02-09 14:55 - 00000012 _____ () C:\Windows\bthservsdp.dat
2014-11-12 07:01 - 2006-11-02 16:42 - 00032510 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-11-11 19:11 - 2009-12-12 17:22 - 00000000 ____D () C:\Users\Lena\AppData\Roaming\vlc
2014-11-09 19:00 - 2014-08-30 08:51 - 00000000 ____D () C:\Users\Lena\AppData\Local\AVG Web TuneUp
2014-11-09 19:00 - 2014-08-30 08:51 - 00000000 ____D () C:\ProgramData\AVG Web TuneUp
2014-11-09 14:13 - 2013-11-20 06:23 - 00002182 _____ () C:\Windows\PFRO.log
2014-11-07 22:03 - 2006-11-02 14:33 - 00000000 __RHD () C:\Users\Default
2014-11-07 22:01 - 2006-11-02 13:34 - 00000215 _____ () C:\Windows\system.ini
2014-11-07 21:20 - 2008-01-21 03:49 - 00079672 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\WS2IFSL.SYS
2014-11-07 21:14 - 2006-11-02 16:07 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-11-07 21:11 - 2009-03-07 14:22 - 00000000 ____D () C:\Users\Lena
2014-11-05 17:28 - 2013-12-21 23:27 - 00001464 _____ () C:\Windows\setupact.log

Some content of TEMP:
====================
C:\Users\Lena\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpa2_lyc.dll
C:\Users\Lena\AppData\Local\Temp\Quarantine.exe
C:\Users\Lena\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-11-13 01:54

==================== End Of Log ============================
         
--- --- ---

--- --- ---

Antwort

Themen zu Bundespolizei-Trojaner eingefangen? (Vista)
betriebssystem, bundespolizei trojaner, conduit.search, conduit.search entfernen, conduitsearch, conduitsearch entfernen, fehlercode 0x0, fehlercode 0x80004002, fehlercode windows, fenster schließen, js/securitydisabler.a.gen, msil/domaiq.b, nsis/startpage.cc, spyhunter, spyhunter entfernen, vista 64 bit, win32/adware.1clickdownload.at, win32/conduit.searchprotect.n, win32/ilivid.a, win32/installcore.ch, win32/toolbar.asksbar, win32/toolbar.searchsuite



Ähnliche Themen: Bundespolizei-Trojaner eingefangen? (Vista)


  1. Windows Vista - Bundespolizei Trojaner
    Plagegeister aller Art und deren Bekämpfung - 04.12.2013 (3)
  2. Bundespolizei-/Ukash-Trojaner eingefangen
    Plagegeister aller Art und deren Bekämpfung - 25.11.2012 (10)
  3. Bundespolizei-/Ukash-Trojaner eingefangen
    Plagegeister aller Art und deren Bekämpfung - 20.10.2012 (3)
  4. GVU/Bundespolizei Trojaner - Windows Vista Home Version
    Log-Analyse und Auswertung - 15.10.2012 (3)
  5. Bundespolizei Trojaner 1.13 eingefangen
    Plagegeister aller Art und deren Bekämpfung - 08.10.2012 (1)
  6. bundespolizei trojaner auf Vista Rechner ;(
    Plagegeister aller Art und deren Bekämpfung - 08.10.2012 (2)
  7. Bundespolizei Trojaner eingefangen
    Plagegeister aller Art und deren Bekämpfung - 07.10.2012 (8)
  8. Bundespolizei Trojaner Windows Vista
    Plagegeister aller Art und deren Bekämpfung - 01.10.2012 (25)
  9. Bundespolizei-Trojaner auf Vista-PC
    Plagegeister aller Art und deren Bekämpfung - 26.09.2012 (5)
  10. Bundespolizei Trojaner/ Vista
    Plagegeister aller Art und deren Bekämpfung - 26.03.2012 (21)
  11. Bundespolizei-Trojaner eingefangen
    Plagegeister aller Art und deren Bekämpfung - 29.01.2012 (32)
  12. Bundespolizei Trojaner eingefangen
    Plagegeister aller Art und deren Bekämpfung - 26.12.2011 (5)
  13. Bundespolizei Trojaner eingefangen Windows XP
    Plagegeister aller Art und deren Bekämpfung - 04.12.2011 (3)
  14. Trojaner Bundespolizei Windows Vista
    Plagegeister aller Art und deren Bekämpfung - 18.10.2011 (6)
  15. Bundespolizei Trojaner (Vista 32bit)
    Plagegeister aller Art und deren Bekämpfung - 11.10.2011 (5)
  16. Bundespolizei-Trojaner Windows Vista
    Plagegeister aller Art und deren Bekämpfung - 18.08.2011 (1)
  17. Bundespolizei-Trojaner eingefangen!
    Plagegeister aller Art und deren Bekämpfung - 09.08.2011 (4)

Zum Thema Bundespolizei-Trojaner eingefangen? (Vista) - Hallo, zuallererst: ich habe, was Computer angeht, so gar keine Ahnung. Seid bitte geduldig mit mir, wenn ich viel nachfragen muss! Ich weiß bei dem einen oder anderen nicht, wie - Bundespolizei-Trojaner eingefangen? (Vista)...
Archiv
Du betrachtest: Bundespolizei-Trojaner eingefangen? (Vista) auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.