Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Flackernde Bilder bei Mozilla firefox

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 13.03.2015, 18:39   #1
WolfHoffmann
 
Flackernde Bilder bei Mozilla firefox - Standard

Flackernde Bilder bei Mozilla firefox



Hallo zusammen,
ich hatte beim Herunterladen von "Free YouTube Download" mir warscheinlich unerwünschte Werbung eingefangen. Diese schob sich von allen Seiten in meinen Bildschirm. Ich habe mir dann Kaspersky Total security und Malwarebytes ur Hilfe genommen um dieses Problem zu beseitigen. Unvorsichtigerweise habe ich auch probiert, die Werbung mittels Debugger und Inspektor zu beseitigen, obwohl ich gar keine Ahnung davon habe, sondern nur ein Anwender bin. Jetzt flackert bei Firefox bei Spielen im Normalmodus, also kleines Bild, sowie auch die Werbung am Rand. Egal welche Spiele, auch Videos bei Facebook und auch die Spiele dort sind betroffen. Beim Internet-Explorer sind die Bilder aber alle normal. Ich hatte angenommen, das es eine Einstellungssache bei Firefox ist und habe diesen mit allen Ordnern komplett gelöscht und dann nochmals neu installiert. Das Ergebnis hat sich leider nicht verändert. Kann mir jemand einen guten Rat geben, außer in Zukunft die Finger von Selbstversuchen zu lassen.
Übrigens ist wenigstens die nervige Werbung weg.

Alt 13.03.2015, 18:43   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Flackernde Bilder bei Mozilla firefox - Standard

Flackernde Bilder bei Mozilla firefox



hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________

__________________

Alt 14.03.2015, 12:37   #3
WolfHoffmann
 
Flackernde Bilder bei Mozilla firefox - Standard

Flackernde Bilder bei Mozilla firefox




FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-03-2015
Ran by user (administrator) on USER-PC on 14-03-2015 13:27:18
Running from C:\Users\user\Downloads
Loaded Profiles: user & UpdatusUser (Available profiles: user & UpdatusUser)
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Total Security 15.0.2\avp.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(The Nielsen Company) C:\Program Files\NetRatingsNetSight\NetSight\NielsenUpdate.exe
(TomTom) C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(The Nielsen Company) C:\Program Files\NetRatingsNetSight\NetSight\nielsenonline.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(The Nielsen Company) C:\Program Files\NetRatingsNetSight\NetSight\nielsenonline.exe
(1und1 Mail und Media GmbH) C:\Program Files\GMX MailCheck\IE\GMX_MailCheck_Broker.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Syntek Ltd.) C:\Windows\STK02N\STK02NM.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Total Security 15.0.2\avpui.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Total Security 15.0.2\avp.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [NielsenOnline] => C:\Program Files\NetRatingsNetSight\NetSight\NielsenOnline.exe [91872 2015-01-16] (The Nielsen Company)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM\...\Run: [MailCheck IE Broker] => C:\Program Files\GMX MailCheck\IE\GMX_MailCheck_Broker.exe [2096192 2014-11-17] (1und1 Mail und Media GmbH)
HKU\S-1-5-21-3327119800-673721398-2511221915-1000\...\Run: [1und1DispatcherCorp] => C:\Users\user\AppData\Local\1und1UpdaterCorpE\SchedDispatcher.exe [213640 2013-05-29] (1&1 Mail & Media GmbH)
HKU\S-1-5-21-3327119800-673721398-2511221915-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-3327119800-673721398-2511221915-1000\...\Run: [1und1Dispatcher] => C:\Users\user\AppData\Local\1und1UpdaterCorpE\SchedDispatcher.exe [213640 2013-05-29] (1&1 Mail & Media GmbH)
HKU\S-1-5-21-3327119800-673721398-2511221915-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-3327119800-673721398-2511221915-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [31087200 2015-01-23] (Skype Technologies S.A.)
HKU\S-1-5-21-3327119800-673721398-2511221915-1000\...\Policies\Explorer: [DisallowRun] 1
HKU\S-1-5-21-3327119800-673721398-2511221915-1000\...\MountPoints2: {23345f57-9607-11e2-aa59-001b385790db} - F:\autorun.exe
HKU\S-1-5-21-3327119800-673721398-2511221915-1000\...\MountPoints2: {36599347-00e3-11e2-8900-806e6f6e6963} - F:\AutoRun.exe
HKU\S-1-5-21-3327119800-673721398-2511221915-1000\...\MountPoints2: {365993a1-00e3-11e2-8900-001b385790db} - F:\AutoRun.exe
HKU\S-1-5-21-3327119800-673721398-2511221915-1000\...\MountPoints2: {5d60579f-b796-11e2-82dd-001b385790db} - F:\AutoRun.exe
HKU\S-1-5-21-3327119800-673721398-2511221915-1000\...\MountPoints2: {5d6057a1-b796-11e2-82dd-001b385790db} - F:\AutoRun.exe
HKU\S-1-5-21-3327119800-673721398-2511221915-1000\...\MountPoints2: {e6358003-75f9-11e2-9f8e-001b385790db} - F:\AutoRun.exe
HKU\S-1-5-21-3327119800-673721398-2511221915-1000\...\MountPoints2: {e6358004-75f9-11e2-9f8e-001b385790db} - F:\AutoRun.exe
HKU\S-1-5-21-3327119800-673721398-2511221915-1000\...\MountPoints2: {f437cf70-3adf-11e2-8bab-001b385790db} - F:\AutoRun.exe
HKU\S-1-5-21-3327119800-673721398-2511221915-1000\...\MountPoints2: {f437cf79-3adf-11e2-8bab-001b385790db} - F:\AutoRun.exe
HKU\S-1-5-21-3327119800-673721398-2511221915-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\PROGRA~1\PURPLE~1\VOODOO~1\VOODOO~1.SCR
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\STK02N 2.3 PNP Monitor.lnk
ShortcutTarget: STK02N 2.3 PNP Monitor.lnk -> C:\Windows\STK02N\STK02NM.exe (Syntek Ltd.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3327119800-673721398-2511221915-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3327119800-673721398-2511221915-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.gmx.net/
HKU\S-1-5-21-3327119800-673721398-2511221915-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.gmx.net/br/ie9_startpage
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3327119800-673721398-2511221915-1000 -> DefaultScope {E8A9DC1C-8C29-465E-8CEC-B1A314F405B2} URL = hxxp://go.gmx.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8
SearchScopes: HKU\S-1-5-21-3327119800-673721398-2511221915-1000 -> {18FF90D1-7785-4AF0-9D4D-3E89E3191F84} URL = hxxp://go.web.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8
SearchScopes: HKU\S-1-5-21-3327119800-673721398-2511221915-1000 -> {5C95FD2B-06B2-48E5-95F1-B8B23DBC23F1} URL = hxxp://tv.seznam.cz/hledej?w={searchTerms}&sourceid=QuickSearch_16194
SearchScopes: HKU\S-1-5-21-3327119800-673721398-2511221915-1000 -> {7E9008BF-E68F-4DA8-93CF-5BAF677E6405} URL = hxxp://go.1und1.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8
SearchScopes: HKU\S-1-5-21-3327119800-673721398-2511221915-1000 -> {91E21A2D-9289-4733-8323-5AF4BFC3BB6B} URL = hxxp://search.gmx.com/web?q={searchTerms}&origin=tb_splugin_ie
SearchScopes: HKU\S-1-5-21-3327119800-673721398-2511221915-1000 -> {BDF61FAE-9D19-40F0-8F34-688DEB334CA9} URL = hxxp://securedsearch.lavasoft.com/results.php?pr=vmn&id=webcompa&ent=ch_WCYID10088_chipde_150309&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3327119800-673721398-2511221915-1000 -> {C0C3A6C6-03BC-4195-8FCB-AEA091301353} URL = https://search.yahoo.com/search?fr=vmn&type=vmn__webcompa__1_0__ya__ch_WCYID10099_swoc_campaign_150307__yaie&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3327119800-673721398-2511221915-1000 -> {E8A9DC1C-8C29-465E-8CEC-B1A314F405B2} URL = hxxp://go.gmx.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8
SearchScopes: HKU\S-1-5-21-3327119800-673721398-2511221915-1000 -> {FEB9F5EF-80C9-42A4-9D0F-FF2AF0BD55CF} URL = hxxp://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=402027&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3327119800-673721398-2511221915-1000 -> {FEDA6C16-6DF4-45CF-A058-EF194B94AA2B} URL = hxxp://go.mail.com/tb/en-us/ie_searchplugin/?q={searchTerms}&enc=UTF-8
BHO: Virtual Keyboard Plugin -> {4A66AD60-A03D-4D01-86F0-5F0F7C0EF1AD} -> C:\Program Files\Kaspersky Lab\Kaspersky Total Security 15.0.2\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-01-25] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Content Blocker Plugin -> {93BC2EA7-2F17-4729-948A-D2E03FFB2412} -> C:\Program Files\Kaspersky Lab\Kaspersky Total Security 15.0.2\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
BHO: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files\Windows Live\Companion\companioncore.dll [2012-03-08] (Microsoft Corporation)
BHO: Safe Money Plugin -> {AB379017-4C03-4E00-8EDF-E6D6AF7CCF82} -> C:\Program Files\Kaspersky Lab\Kaspersky Total Security 15.0.2\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
BHO: GMX MailCheck BHO -> {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} -> C:\Program Files\GMX MailCheck\IE\GMX_MailCheck.dll [2014-11-17] (1und1 Mail und Media GmbH)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-25] (Oracle Corporation)
BHO: DVDVideoSoft IE Extension -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll [2015-03-01] (DVDVideoSoft Ltd.)
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: gmx - {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Program Files\GMX MailCheck\IE\GMX_MailCheck.dll [2014-11-17] (1und1 Mail und Media GmbH)
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation)
Handler: livecall - No CLSID Value -  []
Handler: msnim - No CLSID Value -  []
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\iescwgz0.default
FF NewTab: chrome://unitedtb/content/newtab/newtab-page.xhtml
FF Homepage: hxxp://www.gmx.net/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-03-11] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1216156.dll [2015-01-09] (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin: @canon.com/MycameraPlugin -> C:\Program Files\Canon\MyCamera Download Plugin\NPCIG.dll [2008-10-15] (CANON INC.)
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-25] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-25] (Oracle Corporation)
FF Plugin: @kaspersky.com/content_blocker_663BE84DBCC949E88C7600F63CA7F098 -> C:\Program Files\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\content_blocker@kaspersky.com [2015-03-02] ()
FF Plugin: @kaspersky.com/online_banking_08806E753BE44495B44E90AA2513BDC5 -> C:\Program Files\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\online_banking@kaspersky.com [2015-03-02] ()
FF Plugin: @kaspersky.com/virtual_keyboard_07402848C2F6470194F131B0F3DE025E -> C:\Program Files\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com [2015-03-02] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @nielsen/FirefoxTracker -> C:\Program Files\NetRatingsNetSight\NetSight\meter5\FirefoxAddOns\npfirefoxtracker.dll [2015-03-14] (Nielsen)
FF Plugin: @videolan.org/vlc,version=1.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin: @zylom.com/ZylomGamesPlayer -> C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll [2009-10-23] (Zylom)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2013-05-10] (Adobe Systems Inc.)
FF user.js: detected! => C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\iescwgz0.default\user.js [2015-03-13]
FF Extension: GMX MailCheck - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\iescwgz0.default\Extensions\toolbar@gmx.net [2015-03-14]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2010-11-26]
FF HKLM\...\Firefox\Extensions: [content_blocker_663BE84DBCC949E88C7600F63CA7F098@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\content_blocker@kaspersky.com
FF Extension: Modul zum Sperren von gefährlichen Webseiten - C:\Program Files\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\content_blocker@kaspersky.com [2015-03-02]
FF HKLM\...\Firefox\Extensions: [virtual_keyboard_07402848C2F6470194F131B0F3DE025E@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtuelle Tastatur - C:\Program Files\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com [2015-03-02]
FF HKLM\...\Firefox\Extensions: [online_banking_08806E753BE44495B44E90AA2513BDC5@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\online_banking@kaspersky.com
FF Extension: Sicherer Zahlungsverkehr - C:\Program Files\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\online_banking@kaspersky.com [2015-03-02]
FF HKLM\...\Firefox\Extensions: [netsight@nielsen.com] - C:\Program Files\NetRatingsNetSight\NetSight\meter5\FirefoxAddOns\netsight@nielsen.xpi
FF Extension: Nielsen NetSight - C:\Program Files\NetRatingsNetSight\NetSight\meter5\FirefoxAddOns\netsight@nielsen.xpi [2015-03-14]
FF HKU\S-1-5-21-3327119800-673721398-2511221915-1000\...\Firefox\Extensions: [{184AA5E6-741D-464a-820E-94B3ABC2F3B4}] - C:\Users\user\AppData\Roaming\5042
FF Extension: Java String Helper - C:\Users\user\AppData\Roaming\5042 [2011-11-17]

Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [Not Found]
CHR HKLM\...\Chrome\Extension: [mkcedibhemacmilmkpndpkoidlnmgngg] - C:\Users\user\ChromeExtensions\mkcedibhemacmilmkpndpkoidlnmgngg\amazon.crx [2013-12-19]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVP15.0.2; C:\Program Files\Kaspersky Lab\Kaspersky Total Security 15.0.2\avp.exe [193400 2014-12-23] (Kaspersky Lab ZAO)
R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [61440 2006-10-19] (Hewlett-Packard Company) [File not signed]
R2 NielsenUpdate; C:\Program Files\NetRatingsNetSight\NetSight\NielsenUpdate.exe [2934496 2015-01-16] (The Nielsen Company)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-21] (Microsoft Corporation)
S4 AntiVirWebService; "C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE" [X]
S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 Afc; C:\Windows\System32\drivers\Afc.sys [18688 2006-11-10] (Arcsoft, Inc.)
R0 cm_km_w; C:\Windows\System32\DRIVERS\cm_km_w.sys [189136 2013-01-14] (Kaspersky Lab UK Ltd)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [143968 2014-03-31] (Kaspersky Lab ZAO)
R2 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [37896 2014-08-19] (Kaspersky Lab ZAO)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [120008 2014-11-28] (Kaspersky Lab ZAO)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [36040 2014-10-22] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [699576 2014-12-13] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [25800 2014-10-10] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [26824 2014-10-30] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [25696 2013-08-08] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [14432 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdf; C:\Windows\System32\DRIVERS\kltdf.sys [68808 2014-11-06] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [46152 2014-10-09] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [148296 2014-11-10] (Kaspersky Lab ZAO)
R1 nnfwdk; C:\Program Files\NetRatingsNetSight\NetSight\meter5\nnfwdk.sys [23264 2015-01-16] (The Nielsen Company)
R2 NPF; C:\Windows\System32\drivers\npf.sys [50704 2009-10-20] (CACE Technologies, Inc.)
R3 NTIDrvr; C:\Windows\System32\DRIVERS\NTIDrvr.sys [6144 2012-11-21] (NewTech Infosystems, Inc.) [File not signed]
S3 optousb; C:\Windows\System32\DRIVERS\optousb.sys [18432 2009-08-26] (OPTO ELECTRONICS CO.,LTD.)
S3 optovcm; C:\Windows\System32\DRIVERS\optovcm.sys [26368 2009-08-26] (OPTO ELECTRONICS CO.,LTD.)
S3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1749376 2007-08-02] ()
R0 UBHelper; C:\Windows\system32\Drivers\UBHelper.sys [13952 2007-02-25] () [File not signed]
S3 avchv; system32\DRIVERS\avchv.sys [X]
S3 cmnsusbser; system32\DRIVERS\cmnsusbser.sys [X]
U5 ewusbnet; C:\Windows\System32\Drivers\ewusbnet.sys [113664 2009-12-08] (Huawei Technologies Co., Ltd.)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
U4 klkbdflt2; system32\DRIVERS\klkbdflt2.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-14 13:27 - 2015-03-14 13:29 - 00021654 _____ () C:\Users\user\Downloads\FRST.txt
2015-03-14 13:26 - 2015-03-14 13:27 - 00000000 ____D () C:\FRST
2015-03-14 13:25 - 2015-03-14 13:25 - 01135104 _____ (Farbar) C:\Users\user\Downloads\FRST.exe
2015-03-13 16:23 - 2015-03-13 16:23 - 00000818 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-03-13 16:23 - 2015-03-13 16:23 - 00000806 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-03-13 16:23 - 2015-03-13 16:23 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-03-13 16:20 - 2015-03-13 16:20 - 00243528 _____ () C:\Users\user\Downloads\Firefox Setup Stub 36.0.1.exe
2015-03-12 16:13 - 2015-03-12 16:13 - 00000020 ___SH () C:\Users\UpdatusUser\ntuser.ini
2015-03-12 16:13 - 2015-03-12 16:13 - 00000000 _SHDL () C:\Users\UpdatusUser\Startmenü
2015-03-12 16:13 - 2015-03-12 16:13 - 00000000 _SHDL () C:\Users\UpdatusUser\Netzwerkumgebung
2015-03-12 16:13 - 2015-03-12 16:13 - 00000000 _SHDL () C:\Users\UpdatusUser\Druckumgebung
2015-03-12 16:13 - 2015-03-12 16:13 - 00000000 _SHDL () C:\Users\UpdatusUser\Documents\Eigene Musik
2015-03-12 16:13 - 2015-03-12 16:13 - 00000000 _SHDL () C:\Users\UpdatusUser\Documents\Eigene Bilder
2015-03-12 16:13 - 2015-03-12 16:13 - 00000000 _SHDL () C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2015-03-12 16:13 - 2015-03-12 16:13 - 00000000 _SHDL () C:\Users\UpdatusUser\AppData\Local\Verlauf
2015-03-12 16:13 - 2013-02-27 17:45 - 00000000 ____D () C:\Users\UpdatusUser\AppData\Local\Microsoft Help
2015-03-12 16:13 - 2012-02-02 11:58 - 00000000 ____D () C:\Users\UpdatusUser\AppData\Roaming\Macromedia
2015-03-12 16:13 - 2008-01-21 03:42 - 00000000 ___RD () C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-03-12 16:13 - 2008-01-21 03:42 - 00000000 ___RD () C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-03-12 16:12 - 2015-03-12 16:13 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-03-12 16:11 - 2012-12-29 09:26 - 04129720 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2015-03-12 16:11 - 2012-12-29 09:26 - 03001272 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc.dll
2015-03-12 16:11 - 2012-12-29 09:25 - 02557880 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2015-03-12 16:11 - 2012-12-29 09:25 - 00639928 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2015-03-12 16:11 - 2012-12-29 09:25 - 00108984 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2015-03-12 16:11 - 2012-12-29 09:25 - 00062904 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2015-03-12 16:10 - 2012-12-29 11:26 - 00053176 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2015-03-12 16:09 - 2015-03-12 16:09 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2015-03-12 16:05 - 2012-12-29 11:26 - 20450232 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv32.dll
2015-03-12 16:05 - 2012-12-29 11:26 - 17560504 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2015-03-12 16:05 - 2012-12-29 11:26 - 15129064 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dum.dll
2015-03-12 16:05 - 2012-12-29 11:26 - 12641120 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2um.dll
2015-03-12 16:05 - 2012-12-29 11:26 - 08904632 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2015-03-12 16:05 - 2012-12-29 11:26 - 07931896 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2015-03-12 16:05 - 2012-12-29 11:26 - 06263784 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2015-03-12 16:05 - 2012-12-29 11:26 - 02720696 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2015-03-12 16:05 - 2012-12-29 11:26 - 02504248 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi.dll
2015-03-12 16:05 - 2012-12-29 11:26 - 01985976 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2015-03-12 16:05 - 2012-12-29 11:26 - 01017272 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco32.dll
2015-03-12 16:05 - 2012-12-29 11:26 - 00889784 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco32.dll
2015-03-12 16:05 - 2012-12-29 11:26 - 00013153 _____ () C:\Windows\system32\nvinfo.pb
2015-03-12 15:54 - 2015-03-12 16:02 - 174957352 _____ (NVIDIA Corporation) C:\Users\user\Downloads\310.90-notebook-win8-win7-winvista-32bit-international-whql(1).exe
2015-03-11 19:42 - 2015-03-11 19:42 - 01055936 _____ (Adobe) C:\Users\user\Downloads\install_flashplayer16x32_mssd_aaa_aih.exe
2015-03-10 20:54 - 2015-01-29 02:35 - 00369664 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-03-10 20:53 - 2015-01-29 02:35 - 00975360 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-03-10 20:51 - 2015-02-26 01:18 - 02064384 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-03-10 20:42 - 2015-02-20 03:03 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-03-10 20:42 - 2015-02-20 01:28 - 00296960 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-03-10 20:41 - 2015-02-26 03:01 - 03604408 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-03-10 20:41 - 2015-02-26 03:01 - 03552184 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-03-10 20:41 - 2015-01-09 03:04 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-03-10 20:41 - 2015-01-09 01:18 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-03-10 20:40 - 2015-03-06 05:01 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-03-10 20:40 - 2015-01-21 03:02 - 00807936 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-03-10 20:39 - 2014-10-13 02:12 - 02264064 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-03-10 20:38 - 2015-02-18 03:02 - 11587584 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-03-10 19:50 - 2015-02-21 18:37 - 12375040 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-03-10 19:50 - 2015-02-21 18:34 - 00367104 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-03-10 19:50 - 2015-02-21 18:29 - 09747968 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-03-10 19:50 - 2015-02-21 18:28 - 01810944 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-03-10 19:50 - 2015-02-21 18:22 - 01139200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-03-10 19:50 - 2015-02-21 18:21 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-03-10 19:50 - 2015-02-21 18:21 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-03-10 19:50 - 2015-02-21 18:20 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-03-10 19:50 - 2015-02-21 18:20 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-03-10 19:50 - 2015-02-21 18:19 - 01803264 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-03-10 19:50 - 2015-02-21 18:19 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-03-10 19:50 - 2015-02-21 18:19 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-03-10 19:50 - 2015-02-21 18:19 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-03-10 19:50 - 2015-02-21 18:19 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-03-10 19:50 - 2015-02-21 18:18 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-03-10 19:50 - 2015-02-21 18:18 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-03-10 19:50 - 2015-02-21 18:18 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-03-10 19:50 - 2015-02-21 18:18 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-03-10 19:50 - 2015-02-21 18:18 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-03-10 19:50 - 2015-02-21 18:18 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-03-10 19:50 - 2015-02-21 18:18 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-03-10 19:50 - 2015-02-21 18:17 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-03-09 18:03 - 2015-03-09 18:26 - 00000000 ____D () C:\ProgramData\SecTaskMan
2015-03-09 18:03 - 2015-03-09 18:03 - 00000000 ____D () C:\Users\user\AppData\Local\SecTaskMan
2015-03-09 14:34 - 2015-03-09 14:34 - 00000000 ____D () C:\Users\user\AppData\Roaming\LavasoftStatistics
2015-03-09 14:29 - 2015-03-09 14:29 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_avchv_01009.Wdf
2015-03-07 19:18 - 2015-03-07 19:19 - 00000000 ____D () C:\Users\user\AppData\Roaming\Lenovo
2015-03-07 19:18 - 2015-03-07 19:18 - 00000000 ____D () C:\Users\user\SHAREit
2015-03-07 19:15 - 2015-03-02 18:02 - 00325944 _____ (Lavasoft Limited) C:\Windows\system32\LavasoftTcpService.dll
2015-03-07 19:10 - 2015-03-07 19:10 - 00000994 _____ () C:\Users\Public\Desktop\DVDVideoSoft Free Studio.lnk
2015-03-07 19:08 - 2015-03-07 19:08 - 00000000 ____D () C:\Users\user\AppData\Roaming\RHEng
2015-03-07 19:06 - 2015-03-07 19:06 - 03313192 _____ (DVDVideoSoft Ltd. ) C:\Users\user\Downloads\FreeYouTubeToMP3Converter.exe
2015-03-02 18:38 - 2015-03-02 18:38 - 00002044 _____ () C:\Users\user\Desktop\Sicherer Zahlungsverkehr.lnk
2015-03-02 18:36 - 2015-03-02 18:36 - 00001890 _____ () C:\Users\Public\Desktop\Kaspersky Total Security.lnk
2015-03-02 18:36 - 2015-03-02 18:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Total Security
2015-03-02 18:29 - 2015-03-02 18:29 - 00000000 ____D () C:\Program Files\Kaspersky Lab
2015-03-02 18:27 - 2014-12-13 18:21 - 00699576 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys
2015-03-02 18:27 - 2014-11-28 18:19 - 00120008 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klflt.sys
2015-03-02 18:27 - 2014-10-22 21:13 - 00036040 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klhk.sys
2015-03-02 17:31 - 2015-03-02 17:35 - 197116024 _____ (Kaspersky Lab) C:\Users\user\Downloads\kts15.0.2.361de-de.exe
2015-03-01 17:20 - 2015-03-01 17:20 - 00782544 _____ (Installer Program ) C:\Users\user\Downloads\FreeFileViewerDMSetup.exe
2015-02-17 16:04 - 2015-02-17 16:04 - 01202848 _____ (Microsoft Corporation) C:\Windows\system32\FM20.DLL
2015-02-13 19:13 - 2015-02-13 19:13 - 00000000 ____D () C:\Users\user\AppData\Roaming\QuickScan
2015-02-13 18:51 - 2015-02-13 18:51 - 00000000 ____D () C:\Users\user\AppData\Roaming\dlg
2015-02-13 18:42 - 2015-02-13 18:42 - 00659936 _____ () C:\Users\user\Downloads\adobe-shockwave-player.exe
2015-02-13 17:38 - 2015-02-13 17:38 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\4DFB7E33.sys

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-14 13:25 - 2013-09-20 15:58 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2015-03-14 13:17 - 2011-06-28 16:41 - 01343713 _____ () C:\Windows\WindowsUpdate.log
2015-03-14 13:16 - 2012-03-29 15:03 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-14 13:08 - 2013-07-15 18:51 - 00000434 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2015-03-14 13:08 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-14 13:08 - 2006-11-02 13:47 - 00005008 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-14 13:08 - 2006-11-02 13:47 - 00005008 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-13 19:57 - 2006-11-02 14:01 - 00032610 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-03-13 16:57 - 2014-06-23 12:26 - 00000000 ____D () C:\Users\user\AppData\Local\Adobe
2015-03-13 16:55 - 2012-03-29 15:03 - 00778928 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-03-13 16:55 - 2011-05-17 06:45 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-03-13 16:23 - 2015-01-26 17:54 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-03-13 16:23 - 2010-12-18 07:53 - 00000000 ____D () C:\Users\user\AppData\Roaming\Mozilla
2015-03-13 16:23 - 2010-12-18 07:53 - 00000000 ____D () C:\Users\user\AppData\Local\Mozilla
2015-03-12 16:13 - 2010-11-26 09:57 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2015-03-12 16:12 - 2011-02-08 18:06 - 00000000 ____D () C:\temp
2015-03-12 16:11 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\Help
2015-03-11 18:36 - 2006-11-02 13:47 - 00381952 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-10 20:54 - 2013-02-01 17:17 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-03-10 20:51 - 2013-07-16 19:14 - 00000000 ____D () C:\Windows\system32\MRT
2015-03-10 20:44 - 2006-11-02 11:24 - 119837696 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2015-03-10 18:47 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\Msdtc
2015-03-10 18:46 - 2006-11-02 11:22 - 61341696 _____ () C:\Windows\system32\config\software_previous
2015-03-10 18:46 - 2006-11-02 11:22 - 41943040 _____ () C:\Windows\system32\config\components_previous
2015-03-10 18:46 - 2006-11-02 11:22 - 35913728 _____ () C:\Windows\system32\config\system_previous
2015-03-10 18:46 - 2006-11-02 11:22 - 00524288 _____ () C:\Windows\system32\config\default_previous
2015-03-10 18:46 - 2006-11-02 11:22 - 00262144 _____ () C:\Windows\system32\config\security_previous
2015-03-10 18:46 - 2006-11-02 11:22 - 00262144 _____ () C:\Windows\system32\config\sam_previous
2015-03-10 18:45 - 2015-02-03 20:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-03-10 18:45 - 2015-02-03 20:09 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2015-03-10 18:45 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\spool
2015-03-10 18:45 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\registration
2015-03-08 21:56 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system
2015-03-08 18:39 - 2015-02-03 20:10 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-08 08:45 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\nap
2015-03-07 21:33 - 2013-07-05 17:42 - 00000000 ____D () C:\Windows\Minidump
2015-03-07 19:49 - 2006-11-02 11:33 - 01567488 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-07 19:10 - 2013-12-21 22:22 - 00002067 _____ () C:\Users\Public\Desktop\Free YouTube to MP3 Converter.lnk
2015-03-07 19:10 - 2011-02-01 11:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2015-03-07 19:10 - 2011-02-01 11:36 - 00000000 ____D () C:\Program Files\DVDVideoSoft
2015-03-07 19:09 - 2015-01-31 14:18 - 00000000 ____D () C:\Program Files\Free Codec Pack
2015-03-07 19:09 - 2011-02-01 11:36 - 00000000 ____D () C:\Program Files\Common Files\DVDVideoSoft
2015-03-07 19:08 - 2011-10-28 21:29 - 00000000 ____D () C:\Users\user\AppData\Roaming\DVDVideoSoft
2015-03-07 17:57 - 2013-12-20 11:59 - 00000000 ____D () C:\Users\user\Documents\Sprüche
2015-03-02 17:59 - 2012-03-19 17:32 - 00000000 ____D () C:\ProgramData\Avira
2015-02-25 04:40 - 2013-07-17 04:18 - 00000000 ____D () C:\Users\user\AppData\Roaming\Skype
2015-02-24 03:23 - 2010-11-26 08:52 - 00246920 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-02-14 12:36 - 2013-10-16 19:33 - 00000000 ____D () C:\Program Files\Seznam.cz
2015-02-14 12:36 - 2013-10-16 19:32 - 00000000 ____D () C:\Users\user\AppData\Roaming\Seznam.cz

==================== Files in the root of some directories =======

2011-11-07 09:38 - 2011-11-17 09:01 - 0000065 _____ () C:\Users\user\AppData\Roaming\AcroIEHelpe.txt
2011-02-01 11:32 - 2014-05-05 18:15 - 0000020 _____ () C:\Users\user\AppData\Roaming\AVSDVDPlayer.m3u
2011-11-07 09:38 - 2011-11-18 05:24 - 0000090 _____ () C:\Users\user\AppData\Roaming\blckdom.res
2011-11-07 09:38 - 2011-11-07 09:38 - 0000136 _____ () C:\Users\user\AppData\Roaming\srvblck2.tmp
2010-11-25 19:39 - 2010-11-26 09:11 - 0000680 _____ () C:\Users\user\AppData\Local\d3d9caps.dat
2011-01-16 17:58 - 2015-02-01 19:24 - 0026112 _____ () C:\Users\user\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-02-01 11:40 - 2012-01-06 17:43 - 0019456 _____ () C:\Users\user\AppData\Local\WebpageIcons.db
2013-12-19 18:00 - 2013-12-19 18:00 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-14 13:18

==================== End Of Log ============================
         
--- --- ---
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 11-03-2015
Ran by user at 2015-03-14 13:30:48
Running from C:\Users\user\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Kaspersky Total Security (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
AS: Kaspersky Total Security (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Total Security (Enabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 4.65 (HKLM\...\7-Zip) (Version: - )
Acer Crystal Eye webcam (HKLM\...\{399C37FB-08AF-493B-BFED-20FBD85EDF7F}) (Version: 5.7.31.400-1.0 - Sonix)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 17 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 17.0.0.134 - Adobe Systems Incorporated)
Adobe Reader X (10.1.7) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.7 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM\...\Adobe Shockwave Player) (Version: 12.1.6.156 - Adobe Systems, Inc.)
Apple Application Support (HKLM\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{235EBB33-3DA1-46DF-AADE-9955123409CB}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArcSoft PhotoImpression 5 (HKLM\...\{BBF71276-E8DF-4D5E-8869-3397BF04CF1C}) (Version: - ArcSoft)
ArcSoft VideoImpression 2 (HKLM\...\{40727DD3-9679-4D09-81D0-25F0017DF61C}) (Version: - ArcSoft)
Ashampoo Burning Studio 2010 Advanced (HKLM\...\Ashampoo Burning Studio 2010 Advanced_is1) (Version: 9.2.4 - ashampoo GmbH & Co. KG)
Atheros for Acer Driver v7.3.1.73_Foxconn Installation Program (HKLM\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 7.3.1.73 - Atheros)
Auslogics Disk Defrag (HKLM\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: version 3.1 - Auslogics Software Pty Ltd)
AVS DVD Player version 2.4 (HKLM\...\AVS DVD Player_is1) (Version: - Online Media Technologies Ltd.)
Big Fish Games: Game Manager (HKLM\...\BFGC) (Version: 3.0.1.60 - )
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Brother MFL-Pro Suite (HKLM\...\{A3FEC306-FBFF-4B0D-95B9-F9C67C65079E}) (Version: 1.00 - Brother Industries, Ltd.)
CANON iMAGE GATEWAY MyCamera Download Plugin (HKLM\...\MyCamera Download Plugin) (Version: 3.1.0.1 - Canon Inc.)
CANON iMAGE GATEWAY Task for ZoomBrowser EX (HKLM\...\CANON iMAGE GATEWAY Task) (Version: 1.8.0.1 - Canon Inc.)
Canon Internet Library for ZoomBrowser EX (HKLM\...\Canon Internet Library for ZoomBrowser EX) (Version: 1.7.0.1 - Canon Inc.)
Canon MOV Decoder (HKLM\...\Canon MOV Decoder) (Version: 1.7.0.6 - Canon Inc.)
Canon MOV Encoder (HKLM\...\Canon MOV Encoder) (Version: 1.5.0.3 - Canon Inc.)
Canon MovieEdit Task for ZoomBrowser EX (HKLM\...\MovieEditTask) (Version: 3.6.0.5 - Canon Inc.)
Canon RAW Codec (HKLM\...\Canon RAW Codec) (Version: 1.8.0.68 - Canon Inc.)
Canon Utilities Digital Photo Professional 3.9 (HKLM\...\DPP) (Version: 3.9.1.0 - Canon Inc.)
Canon Utilities EOS Utility (HKLM\...\EOS Utility) (Version: 2.9.0.0 - Canon Inc.)
Canon Utilities Original Data Security Tools (HKLM\...\Original Data Security Tools) (Version: 1.9.0.1 - Canon Inc.)
Canon Utilities PhotoStitch (HKLM\...\PhotoStitch) (Version: 3.1.22.46 - Canon Inc.)
Canon Utilities Picture Style Editor (HKLM\...\Picture Style Editor) (Version: 1.8.0.0 - Canon Inc.)
Canon Utilities WFT Utility (HKLM\...\WFTK) (Version: 3.5.1.1 - Canon Inc.)
Canon Utilities ZoomBrowser EX (HKLM\...\ZoomBrowser EX) (Version: 6.6.0.23 - Canon Inc.)
Canon ZoomBrowser EX Memory Card Utility (HKLM\...\ZoomBrowser EX Memory Card Utility) (Version: 1.4.0.4 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 3.01 - Piriform)
CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.3.8.2474 - CDBurnerXP)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Die Sage von Kolossus (HKLM\...\Die Sage von Kolossus) (Version: - )
EPSON-Drucker-Software (HKLM\...\EPSON Printer and Utilities) (Version: - SEIKO EPSON Corporation)
Free Audio CD Burner version 1.4.7 (HKLM\...\Free Audio CD Burner_is1) (Version: - DVDVideoSoft Limited.)
Free YouTube Download version 3.2.53.128 (HKLM\...\Free YouTube Download_is1) (Version: 3.2.53.128 - DVDVideoSoft Ltd.)
Free YouTube to MP3 Converter version 3.12.56.301 (HKLM\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.56.301 - DVDVideoSoft Ltd.)
GMX Desktop Icons (HKLM\...\1&1 Mail & Media GmbH 1und1DesktopIconsInstaller) (Version: 3.0.3.0 - 1&1 Mail & Media GmbH)
GMX MailCheck für Internet Explorer (HKLM\...\1&1 Mail & Media GmbH Toolbar IE8) (Version: 2.6.0.4 - 1&1 Mail & Media GmbH)
GMX MediaCenter 1.5.2192.0 (HKU\S-1-5-21-3327119800-673721398-2511221915-1000\...\GMX Application {sync-000021}) (Version: 1.5.2192.0 - 1&1 Mail & Media GmbH)
GMX Softwareaktualisierung (HKLM\...\1&1 Mail & Media GmbH 1und1Softwareaktualisierung) (Version: 3.0.1.0 - 1&1 Mail & Media GmbH)
GMX Softwareaktualisierung CE (HKU\S-1-5-21-3327119800-673721398-2511221915-1000\...\1&1 Mail & Media GmbH 1und1Softwareaktualisierung) (Version: 3.0.1.0 - 1&1 Mail & Media GmbH)
Goldfinger V (HKLM\...\{22520D56-126C-4D09-97E8-43AB2B31D33F}) (Version: - )
HDAUDIO Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118) (Version: - )
HP Deskjet 2050 J510 series - Grundlegende Software für das Gerät (HKLM\...\{9FAAE06C-DEDD-4299-B88D-1F9AD5E1547F}) (Version: 22.0.334.0 - Hewlett-Packard Co.)
HP Deskjet 2050 J510 series Hilfe (HKLM\...\{7A3DF2E2-CF13-44FB-A93E-F71D5381DB3F}) (Version: 140.0.61.61 - Hewlett Packard)
HP Photo Creations (HKLM\...\HP Photo Creations) (Version: 1.0.0.3341 - HP Photo Creations Powered by RocketLife)
HP Update (HKLM\...\{787D1A33-A97B-4245-87C0-7174609A540C}) (Version: 5.002.005.003 - Hewlett-Packard)
iTunes (HKLM\...\{5D928931-D1D2-4A93-A82D-BF60D0E7CFA5}) (Version: 12.0.1.26 - Apple Inc.)
Java 7 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217017FF}) (Version: 7.0.510 - Oracle)
Java 8 Update 31 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
JavaFX 2.0.3 (HKLM\...\{1111706F-666A-4037-7777-203328764D10}) (Version: 2.0.3 - Oracle Corporation)
Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kaspersky Total Security (HKLM\...\InstallWIX_{02FECEE0-16B2-43DB-BC3B-C844477FC142}) (Version: 15.0.2.361 - Kaspersky Lab)
Kaspersky Total Security (Version: 15.0.2.361 - Kaspersky Lab) Hidden
LightScribe 1.4.124.1 (Version: 1.4.124.1 - hxxp://www.lightscribe.com) Hidden
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Mesh Runtime (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 97, Professional Edition (HKLM\...\Office8.0) (Version: - )
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Web Apps Browser Plugin (HKLM\...\{95140000-1148-0407-0000-0000000FF1CE}) (Version: 14.0.5568.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 36.0.1 (x86 de) (HKLM\...\Mozilla Firefox 36.0.1 (x86 de)) (Version: 36.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 36.0.1 - Mozilla)
MSXML 4.0 SP2 (KB927978) (HKLM\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Natomi Bottle Rockets Extreme (HKLM\...\Natomi Bottle Rockets Extreme) (Version: - )
Nielsen (HKLM\...\NetSight) (Version: - )
NTI Backup NOW! 4.7 (HKLM\...\{67ADE9AF-5CD9-4089-8825-55DE4B366799}) (Version: 4 - NewTech Infosystems)
NTI CD & DVD-Maker (HKU\S-1-5-21-3327119800-673721398-2511221915-1000\...\InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}) (Version: 7 - NewTech Infosystems)
NTI CD & DVD-Maker (Version: 7 - NewTech Infosystems) Hidden
NVIDIA Grafiktreiber 310.90 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 310.90 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 260.99 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 260.99 - NVIDIA Corporation)
NVIDIA Update 1.11.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.11.3 - NVIDIA Corporation)
Opticon USB Drivers Installer (HKLM\...\Opticon USB Installer) (Version: - )
Paint.NET v3.5.7 (HKLM\...\{45212F71-750F-4B98-8931-2F35DBE6B661}) (Version: 3.57.0 - dotPDN LLC)
PaperPort Image Printer (HKLM\...\{332CC6BF-E6C7-48EE-BA3D-435E576AD67F}) (Version: 1.00.0000 - Nuance Communications, Inc.)
QuickTime 3.0 (HKLM\...\QuickTime 3.0) (Version: - )
QuickTime 7 (HKLM\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7083 - Realtek Semiconductor Corp.)
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.52.02 (HKLM\...\{59F6A514-9813-47A3-948C-8A155460CC2A}) (Version: 3.52.02 - )
ScanSoft PaperPort 11 (HKLM\...\{B6C89654-A6A2-477C-873B-724EC1C56407}) (Version: 11.1.0000 - Nuance Communications, Inc.)
Segoe UI (Version: 15.4.2271.0615 - Microsoft Corp) Hidden
Skype™ 7.1 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.1.105 - Skype Technologies S.A.)
STK02N 2.3 (HKLM\...\{E42E07F5-5A90-4BA9-B55A-79FCF9EAF9B5}) (Version: 2.3 - Syntek)
Studie zur Verbesserung von HP Deskjet 2050 J510 series Produkten (HKLM\...\{B23B43B5-DDDC-41DA-9700-F334744E694E}) (Version: 22.0.334.0 - Hewlett-Packard Co.)
Surf & E-Mail-Stick (HKLM\...\Surf & E-Mail-Stick) (Version: 16.001.06.02.35 - Huawei Technologies Co.,Ltd)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 9.1.16.0 - Synaptics)
System Requirements Lab (HKLM\...\SystemRequirementsLab) (Version: - )
TomTom HOME (HKLM\...\{7A2BB1C8-903D-4585-9F3B-CADD67D07D37}) (Version: 2.9.8 - Ihr Firmenname)
TomTom HOME Visual Studio Merge Modules (HKLM\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version: - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh ActiveX control for remote connections (HKLM\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows SideShow Managed Runtime 1.0 (HKLM\...\{3516C69A-024D-42A8-B948-FFAA7B9CC49A}) (Version: 1.0.1.0 - Microsoft Corporation)
WinPcap 4.1.1 (HKLM\...\WinPcapInst) (Version: 4.1.0.1753 - CACE Technologies)
Zattoo4 4.0.5 (HKLM\...\Zattoo4) (Version: 4.0.5 - Zattoo Inc.)
Zylom Games Player Plugin (HKLM\...\Zylom Games Player Plugin) (Version: - Zylom Games)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points =========================

10-03-2015 18:40:26 Wiederherstellungsvorgang
10-03-2015 19:10:30 AA11
10-03-2015 19:40:22 Windows Update
10-03-2015 20:34:42 Windows Update
12-03-2015 16:08:47 Gerätetreiber-Paketinstallation: NVIDIA Grafikkarte
13-03-2015 17:53:44 Geplanter Prüfpunkt

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 11:23 - 2006-09-18 22:41 - 00000761 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0C887B79-889A-4878-9A0D-DFEC9B002906} - System32\Tasks\Registration 1und1 Task => C:\Program Files\1und1Softwareaktualisierung\cdsupdclient.exe [2014-03-31] (1&1 Mail & Media GmbH)
Task: {0F74144B-A678-40D3-9466-A5671633EC27} - System32\Tasks\{4D39B2A2-7A36-43DD-98D2-734E1E78EFFE} => pcalua.exe -a C:\Users\user\Downloads\gamesplayerinstall(2).exe -d "C:\Program Files\Mozilla Firefox"
Task: {2544B7BF-A80F-4E74-BE4E-F59C3E1404CC} - System32\Tasks\SuperEasyDriverUpdaterRunAtStartup => C:\Program Files\SuperEasy Software\Driver Updater\supereasydu.exe
Task: {29F5EBF0-E596-4722-9E7E-C809576104A3} - System32\Tasks\{E341A6F1-D145-4AEE-9D00-6B39822930A7} => pcalua.exe -a E:\install.exe -d E:\
Task: {3003797B-FBE6-4528-81EA-D0EFF582E76C} - System32\Tasks\{C7801F90-0AA8-4939-8055-791B82761805} => pcalua.exe -a E:\!INSTALL\_ISDEL.EXE -d E:\!INSTALL
Task: {4248E31D-8D13-4833-A460-A519D1F11A78} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - user => C:\Program Files\Windows Calendar\wincal.exe [2009-04-11] (Microsoft Corporation)
Task: {66AF7E81-9C59-4DD7-BD1E-232ECFB07124} - System32\Tasks\{CEECBA99-CE1D-48EB-B6DB-45819A7D01D2} => pcalua.exe -a C:\Users\user\Desktop\Setup.exe -d C:\Users\user\Desktop
Task: {6B163BFE-7B19-4669-9406-5FF53DFA0CB6} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {78606EC1-5D33-4BA9-8CFA-658CB8C9C1B6} - System32\Tasks\Microsoft\Windows\RestartManager\{DB9B5AFB-2279-475f-B5A2-3EC7DD7CB60F} => C:\Windows\system32\rmclient.exe [2006-11-02] (Microsoft Corporation)
Task: {786723A0-26E0-4AD8-A5C4-EC582FBE7F50} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Signature Update => c:\program files\windows defender\MpCmdRun.exe [2008-01-21] (Microsoft Corporation)
Task: {916AB034-A5F0-4406-BE40-46ED42F16745} - System32\Tasks\{C62BDB75-9994-4F36-8F63-27FA11228BBF} => pcalua.exe -a E:\install.EXE -d E:\
Task: {952C94DA-A014-4517-BAD5-7DCADDE85019} - System32\Tasks\{0E72CE11-706C-4468-A4EA-14A10B139530} => pcalua.exe -a "C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XPAZOV0W\solutoinstaller.exe" -d C:\Users\user\Desktop
Task: {A64C8F0E-E140-4756-B747-3BB2F32A3663} - System32\Tasks\{A6513186-03ED-49CF-95E2-7AA29EE40F89} => pcalua.exe -a E:\KOCHBUCH\MASTER\SETUP.EXE -d E:\KOCHBUCH\MASTER
Task: {AF0D22A0-19D2-4C33-8131-CC72000C9071} - System32\Tasks\{91BAEAA6-2C81-4F00-AFD3-C68EC56474FB} => pcalua.exe -a E:\Setup.exe -d E:\
Task: {AFA65ED6-92CB-469D-841C-84DEFED115DC} - System32\Tasks\{F4C6BD79-8329-485E-ABD0-F088AAA8C9BE} => pcalua.exe -a E:\_ISDEL.EXE -d E:\
Task: {C18EA995-42C1-4605-882A-DAA49BE56F7C} - System32\Tasks\HPCustParticipation HP Deskjet 2050 J510 series => C:\Program Files\HP\HP Deskjet 2050 J510 series\Bin\HPCustPartic.exe [2010-06-14] (Hewlett-Packard Co.)
Task: {EF1D33F2-3471-4774-A984-DA0F89FA1DF1} - System32\Tasks\{EA49F263-7BA4-47D8-87E0-7EA3E9EDB4E4} => pcalua.exe -a H:\InstallationTimanfaya\Setup.exe -d H:\InstallationTimanfaya
Task: {F2E7B126-2D36-4ED3-B42C-837474CA6B99} - System32\Tasks\{1152D8CB-910B-41E0-9124-6E5E23973F7F} => pcalua.exe -a "C:\Users\user\Desktop\Treiber\Neuer Ordner\install.exe" -d "C:\Users\user\Desktop\Treiber\Neuer Ordner"
Task: {F42C08CA-0D54-4A73-977E-3D5B684F7881} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-03-13] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) ==============

2015-02-11 18:15 - 2015-01-16 09:34 - 00505344 _____ () C:\Program Files\NetRatingsNetSight\NetSight\meter5\communication.dll
2014-04-26 15:56 - 2015-01-16 09:40 - 00504832 _____ () C:\Program Files\NetRatingsNetSight\NetSight\nsmmc.dll
2014-02-06 00:52 - 2014-02-06 00:52 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 12:05 - 2014-10-11 12:05 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-12-23 16:54 - 2014-12-23 16:54 - 01272616 _____ () C:\Program Files\Kaspersky Lab\Kaspersky Total Security 15.0.2\kpcengine.2.3.dll
2015-02-11 18:16 - 2015-01-16 09:35 - 00595968 _____ () C:\Program Files\NetRatingsNetSight\NetSight\meter5\npchromeinstaller.dll
2015-02-11 18:16 - 2015-01-16 09:35 - 00851968 _____ () C:\Program Files\NetRatingsNetSight\NetSight\meter5\npfirefoxprocessor.dll
2015-02-11 18:16 - 2015-01-16 09:37 - 00150528 _____ () C:\Program Files\NetRatingsNetSight\NetSight\meter5\npsp1.dll
2015-02-11 18:16 - 2015-01-16 09:34 - 00228864 _____ () C:\Program Files\NetRatingsNetSight\NetSight\meter5\npsurvey.dll
2015-02-11 18:16 - 2015-01-16 09:34 - 00224768 _____ () C:\Program Files\NetRatingsNetSight\NetSight\meter5\npwmi.dll
2014-12-23 16:54 - 2014-12-23 16:54 - 00502056 _____ () C:\Program Files\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\content_blocker@kaspersky.com\npcontentblocker.dll
2014-12-23 16:54 - 2014-12-23 16:54 - 00608040 _____ () C:\Program Files\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com\npvkplugin.dll
2014-12-23 16:54 - 2014-12-23 16:54 - 00338216 _____ () C:\Program Files\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\online_banking@kaspersky.com\nponlinebanking.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\user:zylomtest
AlternateDataStreams: C:\Users\user:zylomtr{000HQ7FF-AD7A-3FG4-5TO3-2831TOKLCVUL}
AlternateDataStreams: C:\ProgramData\TEMP:07BF512B
AlternateDataStreams: C:\ProgramData\TEMP:3086B95F
AlternateDataStreams: C:\ProgramData\TEMP:4F7FE589
AlternateDataStreams: C:\ProgramData\TEMP:5133A494
AlternateDataStreams: C:\ProgramData\TEMP:774A0E14
AlternateDataStreams: C:\ProgramData\TEMP:8836A712
AlternateDataStreams: C:\ProgramData\TEMP:9BB8C675
AlternateDataStreams: C:\ProgramData\TEMP:A02025CE
AlternateDataStreams: C:\ProgramData\TEMP:A819A132
AlternateDataStreams: C:\ProgramData\TEMP6D084A5
AlternateDataStreams: C:\ProgramData\TEMP:F9689B72

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsmon => ""="Service"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3327119800-673721398-2511221915-1000\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\Wallpaper\img20.jpg
HKU\S-1-5-21-3327119800-673721398-2511221915-1006\Control Panel\Desktop\\Wallpaper -> C:\windows\Web\Wallpaper\img24.jpg
DNS Servers: 192.168.1.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Audible Download Manager.lnk => C:\Windows\pss\Audible Download Manager.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WinZip Quick Pick.lnk => C:\Windows\pss\WinZip Quick Pick.lnk.CommonStartup
MSCONFIG\startupreg: 1und1Dispatcher => "C:\Users\user\AppData\Local\1und1UpdaterCorpE\SchedDispatcher.exe" xp
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: BrMfcWnd => C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
MSCONFIG\startupreg: ControlCenter3 => C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
MSCONFIG\startupreg: dvd43 => C:\Program Files\dvd43\dvd43_tray.exe
MSCONFIG\startupreg: ehTray.exe => C:\Windows\ehome\ehTray.exe
MSCONFIG\startupreg: EPSON Stylus DX4400 Series => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU "C:\Users\user\AppData\Local\Temp\E_SC12E.tmp" /EF "HKCU"
MSCONFIG\startupreg: GMX Application {sync-000021} => "C:\Users\user\AppData\Local\GMX Application {sync-000021}\gmx_mediacenter.exe" /autostart
MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
MSCONFIG\startupreg: HP Software Update => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: IndexSearch => "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: PaperPort PTD => "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
MSCONFIG\startupreg: PLFSetL => C:\Windows\PLFSetL.exe
MSCONFIG\startupreg: PPort11reminder => "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: Sidebar => C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: SSBkgdUpdate => "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SynTPEnh => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
MSCONFIG\startupreg: TomTomHOME.exe => "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"
MSCONFIG\startupreg: WMPNSCFG => C:\Program Files\Windows Media Player\WMPNSCFG.exe

==================== Accounts: =============================

Administrator (S-1-5-21-3327119800-673721398-2511221915-500 - Administrator - Disabled)
Gast (S-1-5-21-3327119800-673721398-2511221915-501 - Limited - Disabled)
UpdatusUser (S-1-5-21-3327119800-673721398-2511221915-1006 - Limited - Enabled) => C:\Users\UpdatusUser
user (S-1-5-21-3327119800-673721398-2511221915-1000 - Administrator - Enabled) => C:\Users\user

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (03/14/2015 01:10:25 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\USER\APPDATA\LOCAL\SKYPE\APPS\LOGIN\LANGUAGES> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext: Anwendung, SystemIndex Katalog


Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)

Error: (03/14/2015 01:10:25 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\USER\APPDATA\LOCAL\SKYPE\APPS\LOGIN\LANGUAGES> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext: Anwendung, SystemIndex Katalog


Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)

Error: (03/14/2015 01:10:24 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\USER\APPDATA\LOCAL\SKYPE\APPS\LOGIN\JS> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext: Anwendung, SystemIndex Katalog


Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)

Error: (03/14/2015 01:10:24 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\USER\APPDATA\LOCAL\SKYPE\APPS\LOGIN\JS> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext: Anwendung, SystemIndex Katalog


Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)

Error: (03/14/2015 01:10:23 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\USER\APPDATA\LOCAL\SKYPE\APPS\LOGIN\IMAGES> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext: Anwendung, SystemIndex Katalog


Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)

Error: (03/14/2015 01:10:23 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\USER\APPDATA\LOCAL\SKYPE\APPS\LOGIN\IMAGES> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext: Anwendung, SystemIndex Katalog


Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)

Error: (03/14/2015 01:10:22 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\USER\APPDATA\LOCAL\SKYPE\APPS\LOGIN\FONTS> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext: Anwendung, SystemIndex Katalog


Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)

Error: (03/14/2015 01:10:22 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\USER\APPDATA\LOCAL\SKYPE\APPS\LOGIN\FONTS> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext: Anwendung, SystemIndex Katalog


Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)

Error: (03/14/2015 01:10:22 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\USER\APPDATA\LOCAL\SKYPE\APPS\LOGIN\CSS> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext: Anwendung, SystemIndex Katalog


Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)

Error: (03/14/2015 01:10:22 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\USER\APPDATA\LOCAL\SKYPE\APPS\LOGIN\CSS> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext: Anwendung, SystemIndex Katalog


Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)


System errors:
=============
Error: (03/14/2015 01:11:00 PM) (Source: Microsoft-Windows-LanguagePackSetup) (EventID: 1001) (User: NT-AUTORITÄT)
Description: 0x80070032

Error: (03/13/2015 04:54:05 PM) (Source: Microsoft-Windows-LanguagePackSetup) (EventID: 1001) (User: NT-AUTORITÄT)
Description: 0x80070032

Error: (03/13/2015 03:19:49 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {752073A1-23F2-4396-85F0-8FDB879ED0ED}

Error: (03/13/2015 03:11:43 PM) (Source: Microsoft-Windows-LanguagePackSetup) (EventID: 1001) (User: NT-AUTORITÄT)
Description: 0x80070032

Error: (03/12/2015 03:05:08 PM) (Source: Microsoft-Windows-LanguagePackSetup) (EventID: 1001) (User: NT-AUTORITÄT)
Description: 0x80070032

Error: (03/11/2015 08:04:43 PM) (Source: Microsoft-Windows-LanguagePackSetup) (EventID: 1001) (User: NT-AUTORITÄT)
Description: 0x80070032

Error: (03/11/2015 06:40:32 PM) (Source: Microsoft-Windows-LanguagePackSetup) (EventID: 1001) (User: NT-AUTORITÄT)
Description: 0x80070032

Error: (03/10/2015 08:54:11 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Windows Search%%1053

Error: (03/10/2015 08:54:11 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: 30000Windows Search

Error: (03/10/2015 08:53:00 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Windows Search%%1053


Microsoft Office Sessions:
=========================
Error: (02/18/2013 04:51:38 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1226 seconds with 60 seconds of active time. This session ended with a crash.


CodeIntegrity Errors:
===================================
Date: 2015-03-14 13:29:58.174
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\klif.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

Date: 2015-03-14 13:29:57.519
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\klif.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

Date: 2015-03-14 13:29:56.864
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\klif.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

Date: 2015-03-14 13:29:56.207
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\klif.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

Date: 2015-03-14 13:29:55.522
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\klhk.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

Date: 2015-03-14 13:29:54.864
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\klhk.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

Date: 2015-03-14 13:29:54.203
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\klhk.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

Date: 2015-03-14 13:29:53.548
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\klhk.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

Date: 2015-03-14 13:29:52.865
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\klflt.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

Date: 2015-03-14 13:29:52.208
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\klflt.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info ===========================

Processor: Intel(R) Pentium(R) Dual CPU T2310 @ 1.46GHz
Percentage of memory in use: 71%
Total physical RAM: 2045.24 MB
Available physical RAM: 581.72 MB
Total Pagefile: 4329.72 MB
Available Pagefile: 2501.88 MB
Total Virtual: 2047.88 MB
Available Virtual: 1881.07 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:69.64 GB) (Free:13.15 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:69.64 GB) (Free:68.34 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 149.1 GB) (Disk ID: B57917F9)
Partition 1: (Not Active) - (Size=9.8 GB) - (Type=27)
Partition 2: (Active) - (Size=69.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=69.6 GB) - (Type=07 NTFS)

==================== End Of Log ============================Hallo Schrauber, habe ich alles richtig gemacht oder fehlt noch was?
LG Wolfgang
__________________

Alt 14.03.2015, 17:06   #4
schrauber
/// the machine
/// TB-Ausbilder
 

Flackernde Bilder bei Mozilla firefox - Standard

Flackernde Bilder bei Mozilla firefox



hi,

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 15.03.2015, 08:21   #5
WolfHoffmann
 
Flackernde Bilder bei Mozilla firefox - Standard

Flackernde Bilder bei Mozilla firefox



Hallo, isses so recht, oder möchtest Du noch was anderes?
LG Wolfgang

Combofix Logfile:
Code:
ATTFilter
ComboFix 15-03-14.03 - user 15.03.2015   8:48.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.2045.678 [GMT 1:00]
ausgeführt von:: c:\users\user\Downloads\ComboFix.exe
AV: Kaspersky Total Security *Disabled/Updated* {179979E8-273D-D14E-0543-2861940E4886}
FW: Kaspersky Total Security *Disabled* {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}
SP: Kaspersky Total Security *Disabled/Updated* {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\user\AppData\Local\1und1UpdaterCorpE\SchedDispatcher.exe
c:\users\user\AppData\Local\assembly\tmp
c:\users\user\AppData\Roaming\AcroIEHelpe.txt
c:\users\user\AppData\Roaming\srvblck2.tmp
c:\users\user\Documents\~WRL1639.tmp
c:\users\user\Documents\~WRL3195.tmp
c:\windows\IsUn0407.exe
c:\windows\msdownld.tmp
c:\windows\unin0407.exe
c:\program files\Kaspersky Lab\Kaspersky Total Security 15.0.2\IEExt\ie_plugin.dll . . . . Nicht in der Lage zu löschen
.
.
(((((((((((((((((((((((   Dateien erstellt von 2015-02-15 bis 2015-03-15  ))))))))))))))))))))))))))))))
.
.
2015-03-14 12:26 . 2015-03-14 12:32	--------	d-----w-	C:\FRST
2015-03-13 15:47 . 2015-03-14 15:12	62576	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{EEA236B5-F924-44EA-9A2A-9B03FDD5A784}\offreg.dll
2015-03-13 14:23 . 2015-01-29 09:49	9041640	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{EEA236B5-F924-44EA-9A2A-9B03FDD5A784}\mpengine.dll
2015-03-12 15:13 . 2015-03-12 15:13	--------	d-----w-	c:\users\UpdatusUser
2015-03-12 15:12 . 2015-03-12 15:13	--------	d-----w-	c:\programdata\NVIDIA
2015-03-12 15:11 . 2012-12-29 08:26	4129720	----a-w-	c:\windows\system32\nvcpl.dll
2015-03-12 15:11 . 2012-12-29 08:26	3001272	----a-w-	c:\windows\system32\nvsvc.dll
2015-03-12 15:11 . 2012-12-29 08:25	639928	----a-w-	c:\windows\system32\nvvsvc.exe
2015-03-12 15:11 . 2012-12-29 08:25	62904	----a-w-	c:\windows\system32\nvshext.dll
2015-03-12 15:11 . 2012-12-29 08:25	2557880	----a-w-	c:\windows\system32\nvsvcr.dll
2015-03-12 15:11 . 2012-12-29 08:25	108984	----a-w-	c:\windows\system32\nvmctray.dll
2015-03-12 15:10 . 2012-12-29 10:26	53176	----a-w-	c:\windows\system32\OpenCL.dll
2015-03-12 15:09 . 2015-03-12 15:09	--------	d-----w-	c:\programdata\NVIDIA Corporation
2015-03-12 15:05 . 2012-12-29 10:26	889784	----a-w-	c:\windows\system32\nvdispgenco32.dll
2015-03-12 15:05 . 2012-12-29 10:26	1017272	----a-w-	c:\windows\system32\nvdispco32.dll
2015-03-12 15:05 . 2012-12-29 10:26	12641120	----a-w-	c:\windows\system32\nvwgf2um.dll
2015-03-12 15:05 . 2012-12-29 10:26	8904632	----a-w-	c:\windows\system32\drivers\nvlddmkm.sys
2015-03-12 15:05 . 2012-12-29 10:26	6263784	----a-w-	c:\windows\system32\nvopencl.dll
2015-03-12 15:05 . 2012-12-29 10:26	20450232	----a-w-	c:\windows\system32\nvoglv32.dll
2015-03-12 15:05 . 2012-12-29 10:26	7931896	----a-w-	c:\windows\system32\nvcuda.dll
2015-03-12 15:05 . 2012-12-29 10:26	15129064	----a-w-	c:\windows\system32\nvd3dum.dll
2015-03-12 15:05 . 2012-12-29 10:26	2720696	----a-w-	c:\windows\system32\nvcuvid.dll
2015-03-12 15:05 . 2012-12-29 10:26	2504248	----a-w-	c:\windows\system32\nvapi.dll
2015-03-12 15:05 . 2012-12-29 10:26	1985976	----a-w-	c:\windows\system32\nvcuvenc.dll
2015-03-12 15:05 . 2012-12-29 10:26	17560504	----a-w-	c:\windows\system32\nvcompiler.dll
2015-03-10 19:54 . 2015-01-29 01:35	369664	----a-w-	c:\windows\system32\WMPhoto.dll
2015-03-10 19:53 . 2015-01-29 01:35	975360	----a-w-	c:\windows\system32\WindowsCodecs.dll
2015-03-10 19:51 . 2015-02-26 00:18	2064384	----a-w-	c:\windows\system32\win32k.sys
2015-03-10 19:42 . 2015-02-20 02:03	34304	----a-w-	c:\windows\system32\atmlib.dll
2015-03-10 19:42 . 2015-02-20 00:28	296960	----a-w-	c:\windows\system32\atmfd.dll
2015-03-10 19:41 . 2015-02-26 02:01	3604408	----a-w-	c:\windows\system32\ntkrnlpa.exe
2015-03-10 19:41 . 2015-01-09 02:04	49152	----a-w-	c:\windows\system32\csrsrv.dll
2015-03-10 19:41 . 2015-01-09 00:18	64000	----a-w-	c:\windows\system32\smss.exe
2015-03-10 19:41 . 2015-02-26 02:01	3552184	----a-w-	c:\windows\system32\ntoskrnl.exe
2015-03-10 19:40 . 2015-01-21 02:02	807936	----a-w-	c:\windows\system32\msctf.dll
2015-03-10 19:40 . 2015-03-06 04:01	279040	----a-w-	c:\windows\system32\schannel.dll
2015-03-10 19:39 . 2014-10-13 01:12	2264064	----a-w-	c:\windows\system32\msi.dll
2015-03-09 17:03 . 2015-03-09 17:03	--------	d-----w-	c:\users\user\AppData\Local\SecTaskMan
2015-03-09 17:03 . 2015-03-09 17:26	--------	d-----w-	c:\programdata\SecTaskMan
2015-03-09 13:34 . 2015-03-09 13:34	--------	d-----w-	c:\users\user\AppData\Roaming\LavasoftStatistics
2015-03-07 18:18 . 2015-03-07 18:19	--------	d-----w-	c:\users\user\AppData\Roaming\Lenovo
2015-03-07 18:18 . 2015-03-07 18:18	--------	d-----w-	c:\users\user\SHAREit
2015-03-07 18:15 . 2015-03-02 17:02	325944	----a-w-	c:\windows\system32\LavasoftTcpService.dll
2015-03-07 18:08 . 2015-03-07 18:08	--------	d-----w-	c:\users\user\AppData\Roaming\RHEng
2015-03-02 17:29 . 2015-03-02 17:29	--------	d-----w-	c:\program files\Kaspersky Lab
2015-03-02 17:27 . 2014-11-28 17:19	120008	----a-w-	c:\windows\system32\drivers\klflt.sys
2015-03-02 17:27 . 2014-10-22 20:13	36040	----a-w-	c:\windows\system32\drivers\klhk.sys
2015-02-18 08:47 . 2015-02-18 08:47	17323192	----a-w-	c:\program files\Common Files\Microsoft Shared\OFFICE12\MSO.DLL
2015-02-17 15:04 . 2015-02-17 15:04	1202848	----a-w-	c:\windows\system32\FM20.DLL
2015-02-13 18:13 . 2015-02-13 18:13	--------	d-----w-	c:\users\user\AppData\Roaming\QuickScan
2015-02-13 17:51 . 2015-02-13 17:51	--------	d-----w-	c:\users\user\AppData\Roaming\dlg
2015-02-13 16:38 . 2015-02-13 16:38	114904	----a-w-	c:\windows\system32\drivers\4DFB7E33.sys
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-03-13 15:55 . 2012-03-29 14:03	778928	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2015-03-13 15:55 . 2011-05-17 05:45	142512	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2015-03-08 17:39 . 2015-02-03 19:10	114904	----a-w-	c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-02-24 02:23 . 2010-11-26 07:52	246920	------w-	c:\windows\system32\MpSigStub.exe
2015-01-25 09:53 . 2014-03-11 19:04	96680	----a-w-	c:\windows\system32\WindowsAccessBridge.dll
2015-01-15 04:13 . 2015-02-11 21:48	440760	----a-w-	c:\windows\system32\drivers\ksecdd.sys
2014-12-19 00:25 . 2015-01-13 19:13	115200	----a-w-	c:\windows\system32\drivers\mrxdav.sys
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{4A66AD60-A03D-4D01-86F0-5F0F7C0EF1AD}]
2015-03-15 08:00	1699112	----a-w-	c:\program files\Kaspersky Lab\Kaspersky Total Security 15.0.2\IEExt\ie_plugin.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{93BC2EA7-2F17-4729-948A-D2E03FFB2412}]
2015-03-15 08:00	1699112	----a-w-	c:\program files\Kaspersky Lab\Kaspersky Total Security 15.0.2\IEExt\ie_plugin.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{AB379017-4C03-4E00-8EDF-E6D6AF7CCF82}]
2015-03-15 08:00	1699112	----a-w-	c:\program files\Kaspersky Lab\Kaspersky Total Security 15.0.2\IEExt\ie_plugin.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}]
2015-03-01 16:33	297128	----a-w-	c:\program files\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2015-01-23 31087200]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NielsenOnline"="c:\program files\NetRatingsNetSight\NetSight\NielsenOnline.exe" [2015-01-16 91872]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2014-10-15 157480]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2014-10-02 421888]
"MailCheck IE Broker"="c:\program files\GMX MailCheck\IE\GMX_MailCheck_Broker.exe" [2014-11-17 2096192]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
STK02N 2.3 PNP Monitor.lnk - c:\windows\STK02N\STK02NM.exe [2012-11-11 163840]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Audible Download Manager.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Audible Download Manager.lnk
backup=c:\windows\pss\Audible Download Manager.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=c:\windows\pss\WinZip Quick Pick.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-04-04 21:06	958576	----a-w-	c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2013-05-10 07:57	37960	----a-w-	c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2014-10-11 11:05	60712	----a-w-	c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrMfcWnd]
2007-03-12 13:51	663552	------w-	c:\program files\Brother\Brmfcmon\BrMfcWnd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter3]
2007-01-26 14:58	65536	------w-	c:\program files\Brother\ControlCenter3\BrCtrCen.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-21 02:25	125952	----a-w-	c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus DX4400 Series]
2007-03-01 06:01	180736	----a-w-	c:\windows\System32\spool\drivers\w32x86\3\E_FATICAE.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GMX Application {sync-000021}]
2013-11-08 10:43	874496	----a-w-	c:\users\user\AppData\Local\GMX Application {sync-000021}\gmx_mediacenter.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2009-02-26 17:36	30040	----a-w-	c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2010-03-12 11:08	49208	----a-w-	c:\program files\HP\HP Software Update\hpwuschd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
2007-01-29 20:10	46632	----a-w-	c:\program files\ScanSoft\PaperPort\IndexSearch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2014-10-15 03:42	157480	----a-w-	c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
2007-01-29 20:12	30248	----a-w-	c:\program files\ScanSoft\PaperPort\pptd40nt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PLFSetL]
2007-07-05 11:35	94208	----a-w-	c:\windows\PLFSetL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PPort11reminder]
2007-02-01 12:46	255528	----a-w-	c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2014-10-02 12:23	421888	----a-w-	c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2009-04-11 06:28	1233920	----a-w-	c:\program files\Windows Sidebar\sidebar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2015-01-23 13:40	31087200	----a-r-	c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
2006-10-25 08:03	210472	----a-w-	c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2014-12-17 21:12	508800	----a-w-	c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2010-11-26 09:08	845360	----a-w-	c:\program files\Synaptics\SynTP\SynTPEnh.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
2014-06-05 02:19	248176	----a-w-	c:\program files\TomTom HOME 2\TomTomHOMERunner.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-21 02:25	202240	----a-w-	c:\program files\Windows Media Player\wmpnscfg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
.
Inhalt des "geplante Tasks" Ordners
.
2015-03-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 15:56]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.gmx.net/
mStart Page = about:blank
IE: Free YouTube Download - c:\program files\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm
IE: Free YouTube to MP3 Converter - c:\program files\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{5547CE1F-74E9-41E5-9CBF-5211ECC37341} - {BB7DC12B-C59D-4138-AD28-BBB65DE62A3B} - c:\program files\Kaspersky Lab\Kaspersky Total Security 15.0.2\IEExt\ie_plugin.dll
IE: {{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - c:\program files\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
TCP: DhcpNameServer = 192.168.1.1
Handler: gmx - {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - c:\program files\GMX MailCheck\IE\GMX_MailCheck.dll
FF - ProfilePath - c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\iescwgz0.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.gmx.net/
FF - user.js: plugin.state.npcontentblocker - 2
FF - user.js: plugin.state.nponlinebanking - 2
FF - user.js: plugin.state.npvkplugin - 2
FF - user.js: plugin.state.npcontentblocker - 2
FF - user.js: plugin.state.nponlinebanking - 2
FF - user.js: plugin.state.npvkplugin - 2
FF - user.js: plugin.state.npcontentblocker - 2
FF - user.js: plugin.state.nponlinebanking - 2
FF - user.js: plugin.state.npvkplugin - 2
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-10 - (no file)
HKCU-Run-1und1DispatcherCorp - c:\users\user\AppData\Local\1und1UpdaterCorpE\SchedDispatcher.exe
HKCU-Run-1und1Dispatcher - c:\users\user\AppData\Local\1und1UpdaterCorpE\SchedDispatcher.exe
SafeBoot-WudfPf
SafeBoot-WudfRd
MSConfigStartUp-1und1Dispatcher - c:\users\user\AppData\Local\1und1UpdaterCorpE\SchedDispatcher.exe
MSConfigStartUp-dvd43 - c:\program files\dvd43\dvd43_tray.exe
AddRemove-QuickTime 3.0 - c:\windows\unin0407.exe
AddRemove-Free FLV Converter - c:\program files\Free FLV Converter\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2015-03-15 09:06
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(1336)
c:\program files\NetRatingsNetSight\NetSight\nsmmc.dll
c:\program files\ArcSoft\PhotoImpression 5\share\pihook.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\NVIDIA Corporation\Display\nvxdsync.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\NetRatingsNetSight\NetSight\NielsenUpdate.exe
c:\program files\TomTom HOME 2\TomTomHOMEService.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\system32\conime.exe
c:\program files\NVIDIA Corporation\Display\nvtray.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2015-03-15  09:12:32 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2015-03-15 08:12
.
Vor Suchlauf: 20 Verzeichnis(se), 13.454.766.080 Bytes frei
Nach Suchlauf: 24 Verzeichnis(se), 12.901.105.664 Bytes frei
.
- - End Of File - - 7D3898C7140EA00A126E38E994A8936F
         
--- --- ---
5C616939100B85E558DA92B899A0FC36


Alt 15.03.2015, 12:55   #6
schrauber
/// the machine
/// TB-Ausbilder
 

Flackernde Bilder bei Mozilla firefox - Standard

Flackernde Bilder bei Mozilla firefox



Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________
--> Flackernde Bilder bei Mozilla firefox

Alt 16.03.2015, 17:43   #7
WolfHoffmann
 
Flackernde Bilder bei Mozilla firefox - Standard

Flackernde Bilder bei Mozilla firefox



FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-03-2015
Ran by user (administrator) on USER-PC on 16-03-2015 18:12:51
Running from C:\Users\user\Downloads
Loaded Profiles: user & UpdatusUser (Available profiles: user & UpdatusUser)
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Total Security 15.0.2\avp.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(The Nielsen Company) C:\Program Files\NetRatingsNetSight\NetSight\NielsenUpdate.exe
(TomTom) C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Total Security 15.0.2\avpui.exe
(The Nielsen Company) C:\Program Files\NetRatingsNetSight\NetSight\nielsenonline.exe
(The Nielsen Company) C:\Program Files\NetRatingsNetSight\NetSight\nielsenonline.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(1und1 Mail und Media GmbH) C:\Program Files\GMX MailCheck\IE\GMX_MailCheck_Broker.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Syntek Ltd.) C:\Windows\STK02N\STK02NM.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbam.exe
(Farbar) C:\Users\user\Downloads\FRST(1).exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NielsenOnline] => C:\Program Files\NetRatingsNetSight\NetSight\NielsenOnline.exe [91872 2015-01-16] (The Nielsen Company)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM\...\Run: [MailCheck IE Broker] => C:\Program Files\GMX MailCheck\IE\GMX_MailCheck_Broker.exe [2096192 2014-11-17] (1und1 Mail und Media GmbH)
HKU\S-1-5-21-3327119800-673721398-2511221915-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-3327119800-673721398-2511221915-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [31087200 2015-01-23] (Skype Technologies S.A.)
HKU\S-1-5-21-3327119800-673721398-2511221915-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-3327119800-673721398-2511221915-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\PROGRA~1\PURPLE~1\VOODOO~1\VOODOO~1.SCR
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\STK02N 2.3 PNP Monitor.lnk
ShortcutTarget: STK02N 2.3 PNP Monitor.lnk -> C:\Windows\STK02N\STK02NM.exe (Syntek Ltd.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3327119800-673721398-2511221915-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3327119800-673721398-2511221915-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3327119800-673721398-2511221915-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.gmx.net/
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3327119800-673721398-2511221915-1000 -> {18FF90D1-7785-4AF0-9D4D-3E89E3191F84} URL = hxxp://go.web.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8
SearchScopes: HKU\S-1-5-21-3327119800-673721398-2511221915-1000 -> {5C95FD2B-06B2-48E5-95F1-B8B23DBC23F1} URL = hxxp://tv.seznam.cz/hledej?w={searchTerms}&sourceid=QuickSearch_16194
SearchScopes: HKU\S-1-5-21-3327119800-673721398-2511221915-1000 -> {7E9008BF-E68F-4DA8-93CF-5BAF677E6405} URL = hxxp://go.1und1.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8
SearchScopes: HKU\S-1-5-21-3327119800-673721398-2511221915-1000 -> {91E21A2D-9289-4733-8323-5AF4BFC3BB6B} URL = hxxp://search.gmx.com/web?q={searchTerms}&origin=tb_splugin_ie
SearchScopes: HKU\S-1-5-21-3327119800-673721398-2511221915-1000 -> {E8A9DC1C-8C29-465E-8CEC-B1A314F405B2} URL = hxxp://go.gmx.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8
SearchScopes: HKU\S-1-5-21-3327119800-673721398-2511221915-1000 -> {FEB9F5EF-80C9-42A4-9D0F-FF2AF0BD55CF} URL = hxxp://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=402027&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3327119800-673721398-2511221915-1000 -> {FEDA6C16-6DF4-45CF-A058-EF194B94AA2B} URL = hxxp://go.mail.com/tb/en-us/ie_searchplugin/?q={searchTerms}&enc=UTF-8
SearchScopes: HKU\S-1-5-21-3327119800-673721398-2511221915-1006 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Virtual Keyboard Plugin -> {4A66AD60-A03D-4D01-86F0-5F0F7C0EF1AD} -> C:\Program Files\Kaspersky Lab\Kaspersky Total Security 15.0.2\IEExt\ie_plugin.dll [2015-03-15] ()
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-01-25] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Content Blocker Plugin -> {93BC2EA7-2F17-4729-948A-D2E03FFB2412} -> C:\Program Files\Kaspersky Lab\Kaspersky Total Security 15.0.2\IEExt\ie_plugin.dll [2015-03-15] ()
BHO: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files\Windows Live\Companion\companioncore.dll [2012-03-08] (Microsoft Corporation)
BHO: Safe Money Plugin -> {AB379017-4C03-4E00-8EDF-E6D6AF7CCF82} -> C:\Program Files\Kaspersky Lab\Kaspersky Total Security 15.0.2\IEExt\ie_plugin.dll [2015-03-15] ()
BHO: GMX MailCheck BHO -> {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} -> C:\Program Files\GMX MailCheck\IE\GMX_MailCheck.dll [2014-11-17] (1und1 Mail und Media GmbH)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-25] (Oracle Corporation)
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: gmx - {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Program Files\GMX MailCheck\IE\GMX_MailCheck.dll [2014-11-17] (1und1 Mail und Media GmbH)
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation)
Handler: livecall - No CLSID Value -  []
Handler: msnim - No CLSID Value -  []
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\iescwgz0.default
FF NewTab: chrome://unitedtb/content/newtab/newtab-page.xhtml
FF Homepage: hxxp://www.gmx.net/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-03-11] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1216156.dll [2015-01-09] (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin: @canon.com/MycameraPlugin -> C:\Program Files\Canon\MyCamera Download Plugin\NPCIG.dll [2008-10-15] (CANON INC.)
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-25] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-25] (Oracle Corporation)
FF Plugin: @kaspersky.com/content_blocker_663BE84DBCC949E88C7600F63CA7F098 -> C:\Program Files\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\content_blocker@kaspersky.com [2015-03-02] ()
FF Plugin: @kaspersky.com/online_banking_08806E753BE44495B44E90AA2513BDC5 -> C:\Program Files\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\online_banking@kaspersky.com [2015-03-02] ()
FF Plugin: @kaspersky.com/virtual_keyboard_07402848C2F6470194F131B0F3DE025E -> C:\Program Files\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com [2015-03-02] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @nielsen/FirefoxTracker -> C:\Program Files\NetRatingsNetSight\NetSight\meter5\FirefoxAddOns\npfirefoxtracker.dll [2015-03-16] (Nielsen)
FF Plugin: @videolan.org/vlc,version=1.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin: @zylom.com/ZylomGamesPlayer -> C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll [2009-10-23] (Zylom)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2013-05-10] (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2010-11-26]
FF HKLM\...\Firefox\Extensions: [content_blocker_663BE84DBCC949E88C7600F63CA7F098@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\content_blocker@kaspersky.com
FF Extension: Modul zum Sperren von gefährlichen Webseiten - C:\Program Files\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\content_blocker@kaspersky.com [2015-03-02]
FF HKLM\...\Firefox\Extensions: [virtual_keyboard_07402848C2F6470194F131B0F3DE025E@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtuelle Tastatur - C:\Program Files\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com [2015-03-02]
FF HKLM\...\Firefox\Extensions: [online_banking_08806E753BE44495B44E90AA2513BDC5@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\online_banking@kaspersky.com
FF Extension: Sicherer Zahlungsverkehr - C:\Program Files\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\online_banking@kaspersky.com [2015-03-02]
FF HKLM\...\Firefox\Extensions: [netsight@nielsen.com] - C:\Program Files\NetRatingsNetSight\NetSight\meter5\FirefoxAddOns\netsight@nielsen.xpi
FF Extension: Nielsen NetSight - C:\Program Files\NetRatingsNetSight\NetSight\meter5\FirefoxAddOns\netsight@nielsen.xpi [2015-03-16]

Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [Not Found]
CHR HKLM\...\Chrome\Extension: [mkcedibhemacmilmkpndpkoidlnmgngg] - C:\Users\user\ChromeExtensions\mkcedibhemacmilmkpndpkoidlnmgngg\amazon.crx [2013-12-19]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVP15.0.2; C:\Program Files\Kaspersky Lab\Kaspersky Total Security 15.0.2\avp.exe [193400 2014-12-23] (Kaspersky Lab ZAO)
R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [61440 2006-10-19] (Hewlett-Packard Company) [File not signed]
R2 NielsenUpdate; C:\Program Files\NetRatingsNetSight\NetSight\NielsenUpdate.exe [2934496 2015-01-16] (The Nielsen Company)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-21] (Microsoft Corporation)
S4 AntiVirWebService; "C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE" [X]
S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 Afc; C:\Windows\System32\drivers\Afc.sys [18688 2006-11-10] (Arcsoft, Inc.)
R0 cm_km_w; C:\Windows\System32\DRIVERS\cm_km_w.sys [189136 2013-01-14] (Kaspersky Lab UK Ltd)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [143968 2014-03-31] (Kaspersky Lab ZAO)
R2 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [37896 2014-08-19] (Kaspersky Lab ZAO)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [120008 2014-11-28] (Kaspersky Lab ZAO)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [36040 2014-10-22] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [699576 2014-12-13] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [25800 2014-10-10] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [26824 2014-10-30] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [25696 2013-08-08] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [14432 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdf; C:\Windows\System32\DRIVERS\kltdf.sys [68808 2014-11-06] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [46152 2014-10-09] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [148296 2014-11-10] (Kaspersky Lab ZAO)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2015-03-16] (Malwarebytes Corporation)
R1 nnfwdk; C:\Program Files\NetRatingsNetSight\NetSight\meter5\nnfwdk.sys [23264 2015-01-16] (The Nielsen Company)
R2 NPF; C:\Windows\System32\drivers\npf.sys [50704 2009-10-20] (CACE Technologies, Inc.)
R3 NTIDrvr; C:\Windows\System32\DRIVERS\NTIDrvr.sys [6144 2012-11-21] (NewTech Infosystems, Inc.) [File not signed]
S3 optousb; C:\Windows\System32\DRIVERS\optousb.sys [18432 2009-08-26] (OPTO ELECTRONICS CO.,LTD.)
S3 optovcm; C:\Windows\System32\DRIVERS\optovcm.sys [26368 2009-08-26] (OPTO ELECTRONICS CO.,LTD.)
S3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1749376 2007-08-02] ()
R0 UBHelper; C:\Windows\system32\Drivers\UBHelper.sys [13952 2007-02-25] () [File not signed]
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
S3 avchv; system32\DRIVERS\avchv.sys [X]
S3 catchme; \??\C:\Users\user\AppData\Local\Temp\catchme.sys [X]
S3 cmnsusbser; system32\DRIVERS\cmnsusbser.sys [X]
U5 ewusbnet; C:\Windows\System32\Drivers\ewusbnet.sys [113664 2009-12-08] (Huawei Technologies Co., Ltd.)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
U4 klkbdflt2; system32\DRIVERS\klkbdflt2.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-16 18:12 - 2015-03-16 18:12 - 01135104 _____ (Farbar) C:\Users\user\Downloads\FRST(1).exe
2015-03-16 18:08 - 2015-03-16 18:08 - 00001203 _____ () C:\Users\user\Desktop\mbam.txt
2015-03-16 17:28 - 2015-03-16 17:28 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\user\Downloads\mbam-setup-2.0.4.1028(1).exe
2015-03-16 16:58 - 2015-03-16 16:58 - 00188786 _____ () C:\Users\user\Desktop\JRT.txt
2015-03-16 16:53 - 2015-03-16 16:53 - 01388333 _____ (Thisisu) C:\Users\user\Downloads\JRT.exe
2015-03-16 15:58 - 2015-03-16 15:58 - 02171392 _____ () C:\Users\user\Downloads\AdwCleaner_4.112.exe
2015-03-15 09:12 - 2015-03-15 09:12 - 00019723 _____ () C:\ComboFix.txt
2015-03-15 09:03 - 2015-03-15 09:03 - 00000540 _____ () C:\Windows\PFRO.log
2015-03-15 08:43 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-03-15 08:43 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-03-15 08:43 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-03-15 08:43 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-03-15 08:43 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-03-15 08:43 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2015-03-15 08:43 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2015-03-15 08:43 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2015-03-15 08:40 - 2015-03-15 09:12 - 00000000 ____D () C:\Qoobox
2015-03-15 08:38 - 2015-03-15 09:10 - 00000000 ____D () C:\Windows\erdnt
2015-03-15 08:37 - 2015-03-15 08:37 - 05615380 ____R (Swearware) C:\Users\user\Downloads\ComboFix.exe
2015-03-15 07:49 - 2015-03-15 07:49 - 00408787 _____ (AChat Animation Studios ) C:\Users\user\Downloads\AChat_German_setup.exe
2015-03-14 13:30 - 2015-03-14 13:32 - 00035761 _____ () C:\Users\user\Downloads\Addition.txt
2015-03-14 13:27 - 2015-03-16 18:12 - 00019338 _____ () C:\Users\user\Downloads\FRST.txt
2015-03-14 13:26 - 2015-03-16 18:12 - 00000000 ____D () C:\FRST
2015-03-14 13:25 - 2015-03-14 13:25 - 01135104 _____ (Farbar) C:\Users\user\Downloads\FRST.exe
2015-03-13 16:23 - 2015-03-13 16:23 - 00000818 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-03-13 16:23 - 2015-03-13 16:23 - 00000806 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-03-13 16:23 - 2015-03-13 16:23 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-03-13 16:20 - 2015-03-13 16:20 - 00243528 _____ () C:\Users\user\Downloads\Firefox Setup Stub 36.0.1.exe
2015-03-12 16:13 - 2015-03-12 16:13 - 00000020 ___SH () C:\Users\UpdatusUser\ntuser.ini
2015-03-12 16:13 - 2015-03-12 16:13 - 00000000 _SHDL () C:\Users\UpdatusUser\Startmenü
2015-03-12 16:13 - 2015-03-12 16:13 - 00000000 _SHDL () C:\Users\UpdatusUser\Netzwerkumgebung
2015-03-12 16:13 - 2015-03-12 16:13 - 00000000 _SHDL () C:\Users\UpdatusUser\Druckumgebung
2015-03-12 16:13 - 2015-03-12 16:13 - 00000000 _SHDL () C:\Users\UpdatusUser\Documents\Eigene Musik
2015-03-12 16:13 - 2015-03-12 16:13 - 00000000 _SHDL () C:\Users\UpdatusUser\Documents\Eigene Bilder
2015-03-12 16:13 - 2015-03-12 16:13 - 00000000 _SHDL () C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2015-03-12 16:13 - 2015-03-12 16:13 - 00000000 _SHDL () C:\Users\UpdatusUser\AppData\Local\Verlauf
2015-03-12 16:13 - 2013-02-27 17:45 - 00000000 ____D () C:\Users\UpdatusUser\AppData\Local\Microsoft Help
2015-03-12 16:13 - 2012-02-02 11:58 - 00000000 ____D () C:\Users\UpdatusUser\AppData\Roaming\Macromedia
2015-03-12 16:13 - 2008-01-21 03:42 - 00000000 ___RD () C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-03-12 16:13 - 2008-01-21 03:42 - 00000000 ___RD () C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-03-12 16:12 - 2015-03-12 16:13 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-03-12 16:11 - 2012-12-29 09:26 - 04129720 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2015-03-12 16:11 - 2012-12-29 09:26 - 03001272 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc.dll
2015-03-12 16:11 - 2012-12-29 09:25 - 02557880 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2015-03-12 16:11 - 2012-12-29 09:25 - 00639928 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2015-03-12 16:11 - 2012-12-29 09:25 - 00108984 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2015-03-12 16:11 - 2012-12-29 09:25 - 00062904 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2015-03-12 16:10 - 2012-12-29 11:26 - 00053176 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2015-03-12 16:09 - 2015-03-12 16:09 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2015-03-12 16:05 - 2012-12-29 11:26 - 20450232 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv32.dll
2015-03-12 16:05 - 2012-12-29 11:26 - 17560504 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2015-03-12 16:05 - 2012-12-29 11:26 - 15129064 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dum.dll
2015-03-12 16:05 - 2012-12-29 11:26 - 12641120 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2um.dll
2015-03-12 16:05 - 2012-12-29 11:26 - 08904632 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2015-03-12 16:05 - 2012-12-29 11:26 - 07931896 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2015-03-12 16:05 - 2012-12-29 11:26 - 06263784 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2015-03-12 16:05 - 2012-12-29 11:26 - 02720696 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2015-03-12 16:05 - 2012-12-29 11:26 - 02504248 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi.dll
2015-03-12 16:05 - 2012-12-29 11:26 - 01985976 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2015-03-12 16:05 - 2012-12-29 11:26 - 01017272 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco32.dll
2015-03-12 16:05 - 2012-12-29 11:26 - 00889784 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco32.dll
2015-03-12 16:05 - 2012-12-29 11:26 - 00013153 _____ () C:\Windows\system32\nvinfo.pb
2015-03-12 15:54 - 2015-03-12 16:02 - 174957352 _____ (NVIDIA Corporation) C:\Users\user\Downloads\310.90-notebook-win8-win7-winvista-32bit-international-whql(1).exe
2015-03-11 19:42 - 2015-03-11 19:42 - 01055936 _____ (Adobe) C:\Users\user\Downloads\install_flashplayer16x32_mssd_aaa_aih.exe
2015-03-10 20:54 - 2015-01-29 02:35 - 00369664 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-03-10 20:53 - 2015-01-29 02:35 - 00975360 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-03-10 20:51 - 2015-02-26 01:18 - 02064384 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-03-10 20:42 - 2015-02-20 03:03 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-03-10 20:42 - 2015-02-20 01:28 - 00296960 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-03-10 20:41 - 2015-02-26 03:01 - 03604408 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-03-10 20:41 - 2015-02-26 03:01 - 03552184 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-03-10 20:41 - 2015-01-09 03:04 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-03-10 20:41 - 2015-01-09 01:18 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-03-10 20:40 - 2015-03-06 05:01 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-03-10 20:40 - 2015-01-21 03:02 - 00807936 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-03-10 20:39 - 2014-10-13 02:12 - 02264064 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-03-10 20:38 - 2015-02-18 03:02 - 11587584 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-03-10 19:50 - 2015-02-21 18:37 - 12375040 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-03-10 19:50 - 2015-02-21 18:34 - 00367104 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-03-10 19:50 - 2015-02-21 18:29 - 09747968 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-03-10 19:50 - 2015-02-21 18:28 - 01810944 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-03-10 19:50 - 2015-02-21 18:22 - 01139200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-03-10 19:50 - 2015-02-21 18:21 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-03-10 19:50 - 2015-02-21 18:21 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-03-10 19:50 - 2015-02-21 18:20 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-03-10 19:50 - 2015-02-21 18:20 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-03-10 19:50 - 2015-02-21 18:19 - 01803264 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-03-10 19:50 - 2015-02-21 18:19 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-03-10 19:50 - 2015-02-21 18:19 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-03-10 19:50 - 2015-02-21 18:19 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-03-10 19:50 - 2015-02-21 18:19 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-03-10 19:50 - 2015-02-21 18:18 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-03-10 19:50 - 2015-02-21 18:18 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-03-10 19:50 - 2015-02-21 18:18 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-03-10 19:50 - 2015-02-21 18:18 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-03-10 19:50 - 2015-02-21 18:18 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-03-10 19:50 - 2015-02-21 18:18 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-03-10 19:50 - 2015-02-21 18:18 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-03-10 19:50 - 2015-02-21 18:17 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-03-09 14:34 - 2015-03-09 14:34 - 00000000 ____D () C:\Users\user\AppData\Roaming\LavasoftStatistics
2015-03-09 14:29 - 2015-03-09 14:29 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_avchv_01009.Wdf
2015-03-07 19:18 - 2015-03-07 19:19 - 00000000 ____D () C:\Users\user\AppData\Roaming\Lenovo
2015-03-07 19:18 - 2015-03-07 19:18 - 00000000 ____D () C:\Users\user\SHAREit
2015-03-07 19:15 - 2015-03-02 18:02 - 00325944 _____ (Lavasoft Limited) C:\Windows\system32\LavasoftTcpService.dll
2015-03-07 19:10 - 2015-03-07 19:10 - 00000994 _____ () C:\Users\Public\Desktop\DVDVideoSoft Free Studio.lnk
2015-03-07 19:06 - 2015-03-07 19:06 - 03313192 _____ (DVDVideoSoft Ltd. ) C:\Users\user\Downloads\FreeYouTubeToMP3Converter.exe
2015-03-02 18:38 - 2015-03-02 18:38 - 00002044 _____ () C:\Users\user\Desktop\Sicherer Zahlungsverkehr.lnk
2015-03-02 18:36 - 2015-03-02 18:36 - 00001890 _____ () C:\Users\Public\Desktop\Kaspersky Total Security.lnk
2015-03-02 18:36 - 2015-03-02 18:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Total Security
2015-03-02 18:29 - 2015-03-02 18:29 - 00000000 ____D () C:\Program Files\Kaspersky Lab
2015-03-02 18:27 - 2014-12-13 18:21 - 00699576 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys
2015-03-02 18:27 - 2014-11-28 18:19 - 00120008 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klflt.sys
2015-03-02 18:27 - 2014-10-22 21:13 - 00036040 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klhk.sys
2015-03-02 17:31 - 2015-03-02 17:35 - 197116024 _____ (Kaspersky Lab) C:\Users\user\Downloads\kts15.0.2.361de-de.exe
2015-03-01 17:20 - 2015-03-01 17:20 - 00782544 _____ (Installer Program ) C:\Users\user\Downloads\FreeFileViewerDMSetup.exe
2015-02-17 16:04 - 2015-02-17 16:04 - 01202848 _____ (Microsoft Corporation) C:\Windows\system32\FM20.DLL

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-16 17:48 - 2011-06-28 16:41 - 01409722 _____ () C:\Windows\WindowsUpdate.log
2015-03-16 17:30 - 2015-02-03 20:10 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-16 17:29 - 2015-02-03 20:10 - 00000859 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-03-16 17:29 - 2015-02-03 20:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-03-16 17:29 - 2015-02-03 20:09 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2015-03-16 17:15 - 2012-03-29 15:03 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-16 16:22 - 2013-09-20 15:58 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2015-03-16 16:18 - 2013-07-15 18:51 - 00000434 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2015-03-16 16:18 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-16 16:18 - 2006-11-02 13:47 - 00005008 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-16 16:18 - 2006-11-02 13:47 - 00005008 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-16 16:16 - 2015-02-03 19:14 - 00000000 ____D () C:\AdwCleaner
2015-03-16 16:16 - 2006-11-02 14:01 - 00032610 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-03-15 09:12 - 2006-11-02 12:18 - 00000000 __RHD () C:\Users\Default
2015-03-15 09:12 - 2006-11-02 12:18 - 00000000 ___RD () C:\Users\Public
2015-03-15 09:06 - 2006-11-02 11:23 - 00000215 _____ () C:\Windows\system.ini
2015-03-15 09:00 - 2013-11-14 13:17 - 00000000 ____D () C:\Users\user\AppData\Local\1und1UpdaterCorpE
2015-03-13 16:57 - 2014-06-23 12:26 - 00000000 ____D () C:\Users\user\AppData\Local\Adobe
2015-03-13 16:55 - 2012-03-29 15:03 - 00778928 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-03-13 16:55 - 2011-05-17 06:45 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-03-13 16:23 - 2015-01-26 17:54 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-03-13 16:23 - 2010-12-18 07:53 - 00000000 ____D () C:\Users\user\AppData\Roaming\Mozilla
2015-03-13 16:23 - 2010-12-18 07:53 - 00000000 ____D () C:\Users\user\AppData\Local\Mozilla
2015-03-12 16:13 - 2010-11-26 09:57 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2015-03-12 16:12 - 2011-02-08 18:06 - 00000000 ____D () C:\temp
2015-03-12 16:11 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\Help
2015-03-11 18:36 - 2006-11-02 13:47 - 00381952 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-10 20:54 - 2013-02-01 17:17 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-03-10 20:51 - 2013-07-16 19:14 - 00000000 ____D () C:\Windows\system32\MRT
2015-03-10 20:44 - 2006-11-02 11:24 - 119837696 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2015-03-10 18:47 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\Msdtc
2015-03-10 18:46 - 2006-11-02 11:22 - 61341696 _____ () C:\Windows\system32\config\software_previous
2015-03-10 18:46 - 2006-11-02 11:22 - 41943040 _____ () C:\Windows\system32\config\components_previous
2015-03-10 18:46 - 2006-11-02 11:22 - 35913728 _____ () C:\Windows\system32\config\system_previous
2015-03-10 18:46 - 2006-11-02 11:22 - 00524288 _____ () C:\Windows\system32\config\default_previous
2015-03-10 18:46 - 2006-11-02 11:22 - 00262144 _____ () C:\Windows\system32\config\security_previous
2015-03-10 18:46 - 2006-11-02 11:22 - 00262144 _____ () C:\Windows\system32\config\sam_previous
2015-03-10 18:45 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\spool
2015-03-10 18:45 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\registration
2015-03-08 21:56 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system
2015-03-08 08:45 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\nap
2015-03-07 21:33 - 2013-07-05 17:42 - 00000000 ____D () C:\Windows\Minidump
2015-03-07 19:49 - 2006-11-02 11:33 - 01567488 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-07 19:10 - 2013-12-21 22:22 - 00002067 _____ () C:\Users\Public\Desktop\Free YouTube to MP3 Converter.lnk
2015-03-07 19:10 - 2011-02-01 11:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2015-03-07 19:10 - 2011-02-01 11:36 - 00000000 ____D () C:\Program Files\DVDVideoSoft
2015-03-07 19:09 - 2015-01-31 14:18 - 00000000 ____D () C:\Program Files\Free Codec Pack
2015-03-07 19:09 - 2011-02-01 11:36 - 00000000 ____D () C:\Program Files\Common Files\DVDVideoSoft
2015-03-07 19:08 - 2011-10-28 21:29 - 00000000 ____D () C:\Users\user\AppData\Roaming\DVDVideoSoft
2015-03-07 17:57 - 2013-12-20 11:59 - 00000000 ____D () C:\Users\user\Documents\Sprüche
2015-03-02 17:59 - 2012-03-19 17:32 - 00000000 ____D () C:\ProgramData\Avira
2015-02-25 04:40 - 2013-07-17 04:18 - 00000000 ____D () C:\Users\user\AppData\Roaming\Skype
2015-02-24 03:23 - 2010-11-26 08:52 - 00246920 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-02-14 12:36 - 2013-10-16 19:33 - 00000000 ____D () C:\Program Files\Seznam.cz
2015-02-14 12:36 - 2013-10-16 19:32 - 00000000 ____D () C:\Users\user\AppData\Roaming\Seznam.cz

==================== Files in the root of some directories =======

2011-02-01 11:32 - 2014-05-05 18:15 - 0000020 _____ () C:\Users\user\AppData\Roaming\AVSDVDPlayer.m3u
2011-11-07 09:38 - 2011-11-18 05:24 - 0000090 _____ () C:\Users\user\AppData\Roaming\blckdom.res
2010-11-25 19:39 - 2010-11-26 09:11 - 0000680 _____ () C:\Users\user\AppData\Local\d3d9caps.dat
2011-01-16 17:58 - 2015-02-01 19:24 - 0026112 _____ () C:\Users\user\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-02-01 11:40 - 2012-01-06 17:43 - 0019456 _____ () C:\Users\user\AppData\Local\WebpageIcons.db
2013-12-19 18:00 - 2013-12-19 18:00 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some content of TEMP:
====================
C:\Users\user\AppData\Local\temp\Quarantine.exe
C:\Users\user\AppData\Local\temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-16 16:25

==================== End Of Log ============================
         
--- --- ---

--- --- ---

--- --- ---



FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-03-2015
Ran by user (administrator) on USER-PC on 16-03-2015 18:12:51
Running from C:\Users\user\Downloads
Loaded Profiles: user & UpdatusUser (Available profiles: user & UpdatusUser)
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Total Security 15.0.2\avp.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(The Nielsen Company) C:\Program Files\NetRatingsNetSight\NetSight\NielsenUpdate.exe
(TomTom) C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Total Security 15.0.2\avpui.exe
(The Nielsen Company) C:\Program Files\NetRatingsNetSight\NetSight\nielsenonline.exe
(The Nielsen Company) C:\Program Files\NetRatingsNetSight\NetSight\nielsenonline.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(1und1 Mail und Media GmbH) C:\Program Files\GMX MailCheck\IE\GMX_MailCheck_Broker.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Syntek Ltd.) C:\Windows\STK02N\STK02NM.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbam.exe
(Farbar) C:\Users\user\Downloads\FRST(1).exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NielsenOnline] => C:\Program Files\NetRatingsNetSight\NetSight\NielsenOnline.exe [91872 2015-01-16] (The Nielsen Company)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM\...\Run: [MailCheck IE Broker] => C:\Program Files\GMX MailCheck\IE\GMX_MailCheck_Broker.exe [2096192 2014-11-17] (1und1 Mail und Media GmbH)
HKU\S-1-5-21-3327119800-673721398-2511221915-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-3327119800-673721398-2511221915-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [31087200 2015-01-23] (Skype Technologies S.A.)
HKU\S-1-5-21-3327119800-673721398-2511221915-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-3327119800-673721398-2511221915-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\PROGRA~1\PURPLE~1\VOODOO~1\VOODOO~1.SCR
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\STK02N 2.3 PNP Monitor.lnk
ShortcutTarget: STK02N 2.3 PNP Monitor.lnk -> C:\Windows\STK02N\STK02NM.exe (Syntek Ltd.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3327119800-673721398-2511221915-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3327119800-673721398-2511221915-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3327119800-673721398-2511221915-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.gmx.net/
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3327119800-673721398-2511221915-1000 -> {18FF90D1-7785-4AF0-9D4D-3E89E3191F84} URL = hxxp://go.web.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8
SearchScopes: HKU\S-1-5-21-3327119800-673721398-2511221915-1000 -> {5C95FD2B-06B2-48E5-95F1-B8B23DBC23F1} URL = hxxp://tv.seznam.cz/hledej?w={searchTerms}&sourceid=QuickSearch_16194
SearchScopes: HKU\S-1-5-21-3327119800-673721398-2511221915-1000 -> {7E9008BF-E68F-4DA8-93CF-5BAF677E6405} URL = hxxp://go.1und1.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8
SearchScopes: HKU\S-1-5-21-3327119800-673721398-2511221915-1000 -> {91E21A2D-9289-4733-8323-5AF4BFC3BB6B} URL = hxxp://search.gmx.com/web?q={searchTerms}&origin=tb_splugin_ie
SearchScopes: HKU\S-1-5-21-3327119800-673721398-2511221915-1000 -> {E8A9DC1C-8C29-465E-8CEC-B1A314F405B2} URL = hxxp://go.gmx.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8
SearchScopes: HKU\S-1-5-21-3327119800-673721398-2511221915-1000 -> {FEB9F5EF-80C9-42A4-9D0F-FF2AF0BD55CF} URL = hxxp://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=402027&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3327119800-673721398-2511221915-1000 -> {FEDA6C16-6DF4-45CF-A058-EF194B94AA2B} URL = hxxp://go.mail.com/tb/en-us/ie_searchplugin/?q={searchTerms}&enc=UTF-8
SearchScopes: HKU\S-1-5-21-3327119800-673721398-2511221915-1006 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Virtual Keyboard Plugin -> {4A66AD60-A03D-4D01-86F0-5F0F7C0EF1AD} -> C:\Program Files\Kaspersky Lab\Kaspersky Total Security 15.0.2\IEExt\ie_plugin.dll [2015-03-15] ()
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-01-25] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Content Blocker Plugin -> {93BC2EA7-2F17-4729-948A-D2E03FFB2412} -> C:\Program Files\Kaspersky Lab\Kaspersky Total Security 15.0.2\IEExt\ie_plugin.dll [2015-03-15] ()
BHO: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files\Windows Live\Companion\companioncore.dll [2012-03-08] (Microsoft Corporation)
BHO: Safe Money Plugin -> {AB379017-4C03-4E00-8EDF-E6D6AF7CCF82} -> C:\Program Files\Kaspersky Lab\Kaspersky Total Security 15.0.2\IEExt\ie_plugin.dll [2015-03-15] ()
BHO: GMX MailCheck BHO -> {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} -> C:\Program Files\GMX MailCheck\IE\GMX_MailCheck.dll [2014-11-17] (1und1 Mail und Media GmbH)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-25] (Oracle Corporation)
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: gmx - {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Program Files\GMX MailCheck\IE\GMX_MailCheck.dll [2014-11-17] (1und1 Mail und Media GmbH)
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation)
Handler: livecall - No CLSID Value -  []
Handler: msnim - No CLSID Value -  []
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\iescwgz0.default
FF NewTab: chrome://unitedtb/content/newtab/newtab-page.xhtml
FF Homepage: hxxp://www.gmx.net/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-03-11] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1216156.dll [2015-01-09] (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin: @canon.com/MycameraPlugin -> C:\Program Files\Canon\MyCamera Download Plugin\NPCIG.dll [2008-10-15] (CANON INC.)
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-25] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-25] (Oracle Corporation)
FF Plugin: @kaspersky.com/content_blocker_663BE84DBCC949E88C7600F63CA7F098 -> C:\Program Files\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\content_blocker@kaspersky.com [2015-03-02] ()
FF Plugin: @kaspersky.com/online_banking_08806E753BE44495B44E90AA2513BDC5 -> C:\Program Files\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\online_banking@kaspersky.com [2015-03-02] ()
FF Plugin: @kaspersky.com/virtual_keyboard_07402848C2F6470194F131B0F3DE025E -> C:\Program Files\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com [2015-03-02] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @nielsen/FirefoxTracker -> C:\Program Files\NetRatingsNetSight\NetSight\meter5\FirefoxAddOns\npfirefoxtracker.dll [2015-03-16] (Nielsen)
FF Plugin: @videolan.org/vlc,version=1.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin: @zylom.com/ZylomGamesPlayer -> C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll [2009-10-23] (Zylom)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2013-05-10] (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2010-11-26]
FF HKLM\...\Firefox\Extensions: [content_blocker_663BE84DBCC949E88C7600F63CA7F098@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\content_blocker@kaspersky.com
FF Extension: Modul zum Sperren von gefährlichen Webseiten - C:\Program Files\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\content_blocker@kaspersky.com [2015-03-02]
FF HKLM\...\Firefox\Extensions: [virtual_keyboard_07402848C2F6470194F131B0F3DE025E@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtuelle Tastatur - C:\Program Files\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com [2015-03-02]
FF HKLM\...\Firefox\Extensions: [online_banking_08806E753BE44495B44E90AA2513BDC5@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\online_banking@kaspersky.com
FF Extension: Sicherer Zahlungsverkehr - C:\Program Files\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\online_banking@kaspersky.com [2015-03-02]
FF HKLM\...\Firefox\Extensions: [netsight@nielsen.com] - C:\Program Files\NetRatingsNetSight\NetSight\meter5\FirefoxAddOns\netsight@nielsen.xpi
FF Extension: Nielsen NetSight - C:\Program Files\NetRatingsNetSight\NetSight\meter5\FirefoxAddOns\netsight@nielsen.xpi [2015-03-16]

Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [Not Found]
CHR HKLM\...\Chrome\Extension: [mkcedibhemacmilmkpndpkoidlnmgngg] - C:\Users\user\ChromeExtensions\mkcedibhemacmilmkpndpkoidlnmgngg\amazon.crx [2013-12-19]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVP15.0.2; C:\Program Files\Kaspersky Lab\Kaspersky Total Security 15.0.2\avp.exe [193400 2014-12-23] (Kaspersky Lab ZAO)
R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [61440 2006-10-19] (Hewlett-Packard Company) [File not signed]
R2 NielsenUpdate; C:\Program Files\NetRatingsNetSight\NetSight\NielsenUpdate.exe [2934496 2015-01-16] (The Nielsen Company)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-21] (Microsoft Corporation)
S4 AntiVirWebService; "C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE" [X]
S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 Afc; C:\Windows\System32\drivers\Afc.sys [18688 2006-11-10] (Arcsoft, Inc.)
R0 cm_km_w; C:\Windows\System32\DRIVERS\cm_km_w.sys [189136 2013-01-14] (Kaspersky Lab UK Ltd)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [143968 2014-03-31] (Kaspersky Lab ZAO)
R2 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [37896 2014-08-19] (Kaspersky Lab ZAO)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [120008 2014-11-28] (Kaspersky Lab ZAO)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [36040 2014-10-22] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [699576 2014-12-13] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [25800 2014-10-10] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [26824 2014-10-30] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [25696 2013-08-08] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [14432 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdf; C:\Windows\System32\DRIVERS\kltdf.sys [68808 2014-11-06] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [46152 2014-10-09] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [148296 2014-11-10] (Kaspersky Lab ZAO)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2015-03-16] (Malwarebytes Corporation)
R1 nnfwdk; C:\Program Files\NetRatingsNetSight\NetSight\meter5\nnfwdk.sys [23264 2015-01-16] (The Nielsen Company)
R2 NPF; C:\Windows\System32\drivers\npf.sys [50704 2009-10-20] (CACE Technologies, Inc.)
R3 NTIDrvr; C:\Windows\System32\DRIVERS\NTIDrvr.sys [6144 2012-11-21] (NewTech Infosystems, Inc.) [File not signed]
S3 optousb; C:\Windows\System32\DRIVERS\optousb.sys [18432 2009-08-26] (OPTO ELECTRONICS CO.,LTD.)
S3 optovcm; C:\Windows\System32\DRIVERS\optovcm.sys [26368 2009-08-26] (OPTO ELECTRONICS CO.,LTD.)
S3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1749376 2007-08-02] ()
R0 UBHelper; C:\Windows\system32\Drivers\UBHelper.sys [13952 2007-02-25] () [File not signed]
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
S3 avchv; system32\DRIVERS\avchv.sys [X]
S3 catchme; \??\C:\Users\user\AppData\Local\Temp\catchme.sys [X]
S3 cmnsusbser; system32\DRIVERS\cmnsusbser.sys [X]
U5 ewusbnet; C:\Windows\System32\Drivers\ewusbnet.sys [113664 2009-12-08] (Huawei Technologies Co., Ltd.)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
U4 klkbdflt2; system32\DRIVERS\klkbdflt2.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-16 18:12 - 2015-03-16 18:12 - 01135104 _____ (Farbar) C:\Users\user\Downloads\FRST(1).exe
2015-03-16 18:08 - 2015-03-16 18:08 - 00001203 _____ () C:\Users\user\Desktop\mbam.txt
2015-03-16 17:28 - 2015-03-16 17:28 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\user\Downloads\mbam-setup-2.0.4.1028(1).exe
2015-03-16 16:58 - 2015-03-16 16:58 - 00188786 _____ () C:\Users\user\Desktop\JRT.txt
2015-03-16 16:53 - 2015-03-16 16:53 - 01388333 _____ (Thisisu) C:\Users\user\Downloads\JRT.exe
2015-03-16 15:58 - 2015-03-16 15:58 - 02171392 _____ () C:\Users\user\Downloads\AdwCleaner_4.112.exe
2015-03-15 09:12 - 2015-03-15 09:12 - 00019723 _____ () C:\ComboFix.txt
2015-03-15 09:03 - 2015-03-15 09:03 - 00000540 _____ () C:\Windows\PFRO.log
2015-03-15 08:43 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-03-15 08:43 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-03-15 08:43 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-03-15 08:43 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-03-15 08:43 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-03-15 08:43 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2015-03-15 08:43 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2015-03-15 08:43 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2015-03-15 08:40 - 2015-03-15 09:12 - 00000000 ____D () C:\Qoobox
2015-03-15 08:38 - 2015-03-15 09:10 - 00000000 ____D () C:\Windows\erdnt
2015-03-15 08:37 - 2015-03-15 08:37 - 05615380 ____R (Swearware) C:\Users\user\Downloads\ComboFix.exe
2015-03-15 07:49 - 2015-03-15 07:49 - 00408787 _____ (AChat Animation Studios ) C:\Users\user\Downloads\AChat_German_setup.exe
2015-03-14 13:30 - 2015-03-14 13:32 - 00035761 _____ () C:\Users\user\Downloads\Addition.txt
2015-03-14 13:27 - 2015-03-16 18:12 - 00019338 _____ () C:\Users\user\Downloads\FRST.txt
2015-03-14 13:26 - 2015-03-16 18:12 - 00000000 ____D () C:\FRST
2015-03-14 13:25 - 2015-03-14 13:25 - 01135104 _____ (Farbar) C:\Users\user\Downloads\FRST.exe
2015-03-13 16:23 - 2015-03-13 16:23 - 00000818 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-03-13 16:23 - 2015-03-13 16:23 - 00000806 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-03-13 16:23 - 2015-03-13 16:23 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-03-13 16:20 - 2015-03-13 16:20 - 00243528 _____ () C:\Users\user\Downloads\Firefox Setup Stub 36.0.1.exe
2015-03-12 16:13 - 2015-03-12 16:13 - 00000020 ___SH () C:\Users\UpdatusUser\ntuser.ini
2015-03-12 16:13 - 2015-03-12 16:13 - 00000000 _SHDL () C:\Users\UpdatusUser\Startmenü
2015-03-12 16:13 - 2015-03-12 16:13 - 00000000 _SHDL () C:\Users\UpdatusUser\Netzwerkumgebung
2015-03-12 16:13 - 2015-03-12 16:13 - 00000000 _SHDL () C:\Users\UpdatusUser\Druckumgebung
2015-03-12 16:13 - 2015-03-12 16:13 - 00000000 _SHDL () C:\Users\UpdatusUser\Documents\Eigene Musik
2015-03-12 16:13 - 2015-03-12 16:13 - 00000000 _SHDL () C:\Users\UpdatusUser\Documents\Eigene Bilder
2015-03-12 16:13 - 2015-03-12 16:13 - 00000000 _SHDL () C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2015-03-12 16:13 - 2015-03-12 16:13 - 00000000 _SHDL () C:\Users\UpdatusUser\AppData\Local\Verlauf
2015-03-12 16:13 - 2013-02-27 17:45 - 00000000 ____D () C:\Users\UpdatusUser\AppData\Local\Microsoft Help
2015-03-12 16:13 - 2012-02-02 11:58 - 00000000 ____D () C:\Users\UpdatusUser\AppData\Roaming\Macromedia
2015-03-12 16:13 - 2008-01-21 03:42 - 00000000 ___RD () C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-03-12 16:13 - 2008-01-21 03:42 - 00000000 ___RD () C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-03-12 16:12 - 2015-03-12 16:13 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-03-12 16:11 - 2012-12-29 09:26 - 04129720 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2015-03-12 16:11 - 2012-12-29 09:26 - 03001272 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc.dll
2015-03-12 16:11 - 2012-12-29 09:25 - 02557880 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2015-03-12 16:11 - 2012-12-29 09:25 - 00639928 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2015-03-12 16:11 - 2012-12-29 09:25 - 00108984 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2015-03-12 16:11 - 2012-12-29 09:25 - 00062904 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2015-03-12 16:10 - 2012-12-29 11:26 - 00053176 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2015-03-12 16:09 - 2015-03-12 16:09 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2015-03-12 16:05 - 2012-12-29 11:26 - 20450232 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv32.dll
2015-03-12 16:05 - 2012-12-29 11:26 - 17560504 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2015-03-12 16:05 - 2012-12-29 11:26 - 15129064 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dum.dll
2015-03-12 16:05 - 2012-12-29 11:26 - 12641120 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2um.dll
2015-03-12 16:05 - 2012-12-29 11:26 - 08904632 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2015-03-12 16:05 - 2012-12-29 11:26 - 07931896 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2015-03-12 16:05 - 2012-12-29 11:26 - 06263784 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2015-03-12 16:05 - 2012-12-29 11:26 - 02720696 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2015-03-12 16:05 - 2012-12-29 11:26 - 02504248 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi.dll
2015-03-12 16:05 - 2012-12-29 11:26 - 01985976 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2015-03-12 16:05 - 2012-12-29 11:26 - 01017272 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco32.dll
2015-03-12 16:05 - 2012-12-29 11:26 - 00889784 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco32.dll
2015-03-12 16:05 - 2012-12-29 11:26 - 00013153 _____ () C:\Windows\system32\nvinfo.pb
2015-03-12 15:54 - 2015-03-12 16:02 - 174957352 _____ (NVIDIA Corporation) C:\Users\user\Downloads\310.90-notebook-win8-win7-winvista-32bit-international-whql(1).exe
2015-03-11 19:42 - 2015-03-11 19:42 - 01055936 _____ (Adobe) C:\Users\user\Downloads\install_flashplayer16x32_mssd_aaa_aih.exe
2015-03-10 20:54 - 2015-01-29 02:35 - 00369664 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-03-10 20:53 - 2015-01-29 02:35 - 00975360 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-03-10 20:51 - 2015-02-26 01:18 - 02064384 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-03-10 20:42 - 2015-02-20 03:03 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-03-10 20:42 - 2015-02-20 01:28 - 00296960 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-03-10 20:41 - 2015-02-26 03:01 - 03604408 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-03-10 20:41 - 2015-02-26 03:01 - 03552184 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-03-10 20:41 - 2015-01-09 03:04 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-03-10 20:41 - 2015-01-09 01:18 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-03-10 20:40 - 2015-03-06 05:01 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-03-10 20:40 - 2015-01-21 03:02 - 00807936 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-03-10 20:39 - 2014-10-13 02:12 - 02264064 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-03-10 20:38 - 2015-02-18 03:02 - 11587584 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-03-10 19:50 - 2015-02-21 18:37 - 12375040 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-03-10 19:50 - 2015-02-21 18:34 - 00367104 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-03-10 19:50 - 2015-02-21 18:29 - 09747968 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-03-10 19:50 - 2015-02-21 18:28 - 01810944 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-03-10 19:50 - 2015-02-21 18:22 - 01139200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-03-10 19:50 - 2015-02-21 18:21 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-03-10 19:50 - 2015-02-21 18:21 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-03-10 19:50 - 2015-02-21 18:20 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-03-10 19:50 - 2015-02-21 18:20 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-03-10 19:50 - 2015-02-21 18:19 - 01803264 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-03-10 19:50 - 2015-02-21 18:19 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-03-10 19:50 - 2015-02-21 18:19 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-03-10 19:50 - 2015-02-21 18:19 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-03-10 19:50 - 2015-02-21 18:19 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-03-10 19:50 - 2015-02-21 18:18 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-03-10 19:50 - 2015-02-21 18:18 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-03-10 19:50 - 2015-02-21 18:18 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-03-10 19:50 - 2015-02-21 18:18 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-03-10 19:50 - 2015-02-21 18:18 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-03-10 19:50 - 2015-02-21 18:18 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-03-10 19:50 - 2015-02-21 18:18 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-03-10 19:50 - 2015-02-21 18:17 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-03-09 14:34 - 2015-03-09 14:34 - 00000000 ____D () C:\Users\user\AppData\Roaming\LavasoftStatistics
2015-03-09 14:29 - 2015-03-09 14:29 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_avchv_01009.Wdf
2015-03-07 19:18 - 2015-03-07 19:19 - 00000000 ____D () C:\Users\user\AppData\Roaming\Lenovo
2015-03-07 19:18 - 2015-03-07 19:18 - 00000000 ____D () C:\Users\user\SHAREit
2015-03-07 19:15 - 2015-03-02 18:02 - 00325944 _____ (Lavasoft Limited) C:\Windows\system32\LavasoftTcpService.dll
2015-03-07 19:10 - 2015-03-07 19:10 - 00000994 _____ () C:\Users\Public\Desktop\DVDVideoSoft Free Studio.lnk
2015-03-07 19:06 - 2015-03-07 19:06 - 03313192 _____ (DVDVideoSoft Ltd. ) C:\Users\user\Downloads\FreeYouTubeToMP3Converter.exe
2015-03-02 18:38 - 2015-03-02 18:38 - 00002044 _____ () C:\Users\user\Desktop\Sicherer Zahlungsverkehr.lnk
2015-03-02 18:36 - 2015-03-02 18:36 - 00001890 _____ () C:\Users\Public\Desktop\Kaspersky Total Security.lnk
2015-03-02 18:36 - 2015-03-02 18:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Total Security
2015-03-02 18:29 - 2015-03-02 18:29 - 00000000 ____D () C:\Program Files\Kaspersky Lab
2015-03-02 18:27 - 2014-12-13 18:21 - 00699576 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys
2015-03-02 18:27 - 2014-11-28 18:19 - 00120008 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klflt.sys
2015-03-02 18:27 - 2014-10-22 21:13 - 00036040 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klhk.sys
2015-03-02 17:31 - 2015-03-02 17:35 - 197116024 _____ (Kaspersky Lab) C:\Users\user\Downloads\kts15.0.2.361de-de.exe
2015-03-01 17:20 - 2015-03-01 17:20 - 00782544 _____ (Installer Program ) C:\Users\user\Downloads\FreeFileViewerDMSetup.exe
2015-02-17 16:04 - 2015-02-17 16:04 - 01202848 _____ (Microsoft Corporation) C:\Windows\system32\FM20.DLL

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-16 17:48 - 2011-06-28 16:41 - 01409722 _____ () C:\Windows\WindowsUpdate.log
2015-03-16 17:30 - 2015-02-03 20:10 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-16 17:29 - 2015-02-03 20:10 - 00000859 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-03-16 17:29 - 2015-02-03 20:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-03-16 17:29 - 2015-02-03 20:09 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2015-03-16 17:15 - 2012-03-29 15:03 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-16 16:22 - 2013-09-20 15:58 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2015-03-16 16:18 - 2013-07-15 18:51 - 00000434 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2015-03-16 16:18 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-16 16:18 - 2006-11-02 13:47 - 00005008 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-16 16:18 - 2006-11-02 13:47 - 00005008 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-16 16:16 - 2015-02-03 19:14 - 00000000 ____D () C:\AdwCleaner
2015-03-16 16:16 - 2006-11-02 14:01 - 00032610 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-03-15 09:12 - 2006-11-02 12:18 - 00000000 __RHD () C:\Users\Default
2015-03-15 09:12 - 2006-11-02 12:18 - 00000000 ___RD () C:\Users\Public
2015-03-15 09:06 - 2006-11-02 11:23 - 00000215 _____ () C:\Windows\system.ini
2015-03-15 09:00 - 2013-11-14 13:17 - 00000000 ____D () C:\Users\user\AppData\Local\1und1UpdaterCorpE
2015-03-13 16:57 - 2014-06-23 12:26 - 00000000 ____D () C:\Users\user\AppData\Local\Adobe
2015-03-13 16:55 - 2012-03-29 15:03 - 00778928 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-03-13 16:55 - 2011-05-17 06:45 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-03-13 16:23 - 2015-01-26 17:54 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-03-13 16:23 - 2010-12-18 07:53 - 00000000 ____D () C:\Users\user\AppData\Roaming\Mozilla
2015-03-13 16:23 - 2010-12-18 07:53 - 00000000 ____D () C:\Users\user\AppData\Local\Mozilla
2015-03-12 16:13 - 2010-11-26 09:57 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2015-03-12 16:12 - 2011-02-08 18:06 - 00000000 ____D () C:\temp
2015-03-12 16:11 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\Help
2015-03-11 18:36 - 2006-11-02 13:47 - 00381952 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-10 20:54 - 2013-02-01 17:17 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-03-10 20:51 - 2013-07-16 19:14 - 00000000 ____D () C:\Windows\system32\MRT
2015-03-10 20:44 - 2006-11-02 11:24 - 119837696 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2015-03-10 18:47 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\Msdtc
2015-03-10 18:46 - 2006-11-02 11:22 - 61341696 _____ () C:\Windows\system32\config\software_previous
2015-03-10 18:46 - 2006-11-02 11:22 - 41943040 _____ () C:\Windows\system32\config\components_previous
2015-03-10 18:46 - 2006-11-02 11:22 - 35913728 _____ () C:\Windows\system32\config\system_previous
2015-03-10 18:46 - 2006-11-02 11:22 - 00524288 _____ () C:\Windows\system32\config\default_previous
2015-03-10 18:46 - 2006-11-02 11:22 - 00262144 _____ () C:\Windows\system32\config\security_previous
2015-03-10 18:46 - 2006-11-02 11:22 - 00262144 _____ () C:\Windows\system32\config\sam_previous
2015-03-10 18:45 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\spool
2015-03-10 18:45 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\registration
2015-03-08 21:56 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system
2015-03-08 08:45 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\nap
2015-03-07 21:33 - 2013-07-05 17:42 - 00000000 ____D () C:\Windows\Minidump
2015-03-07 19:49 - 2006-11-02 11:33 - 01567488 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-07 19:10 - 2013-12-21 22:22 - 00002067 _____ () C:\Users\Public\Desktop\Free YouTube to MP3 Converter.lnk
2015-03-07 19:10 - 2011-02-01 11:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2015-03-07 19:10 - 2011-02-01 11:36 - 00000000 ____D () C:\Program Files\DVDVideoSoft
2015-03-07 19:09 - 2015-01-31 14:18 - 00000000 ____D () C:\Program Files\Free Codec Pack
2015-03-07 19:09 - 2011-02-01 11:36 - 00000000 ____D () C:\Program Files\Common Files\DVDVideoSoft
2015-03-07 19:08 - 2011-10-28 21:29 - 00000000 ____D () C:\Users\user\AppData\Roaming\DVDVideoSoft
2015-03-07 17:57 - 2013-12-20 11:59 - 00000000 ____D () C:\Users\user\Documents\Sprüche
2015-03-02 17:59 - 2012-03-19 17:32 - 00000000 ____D () C:\ProgramData\Avira
2015-02-25 04:40 - 2013-07-17 04:18 - 00000000 ____D () C:\Users\user\AppData\Roaming\Skype
2015-02-24 03:23 - 2010-11-26 08:52 - 00246920 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-02-14 12:36 - 2013-10-16 19:33 - 00000000 ____D () C:\Program Files\Seznam.cz
2015-02-14 12:36 - 2013-10-16 19:32 - 00000000 ____D () C:\Users\user\AppData\Roaming\Seznam.cz

==================== Files in the root of some directories =======

2011-02-01 11:32 - 2014-05-05 18:15 - 0000020 _____ () C:\Users\user\AppData\Roaming\AVSDVDPlayer.m3u
2011-11-07 09:38 - 2011-11-18 05:24 - 0000090 _____ () C:\Users\user\AppData\Roaming\blckdom.res
2010-11-25 19:39 - 2010-11-26 09:11 - 0000680 _____ () C:\Users\user\AppData\Local\d3d9caps.dat
2011-01-16 17:58 - 2015-02-01 19:24 - 0026112 _____ () C:\Users\user\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-02-01 11:40 - 2012-01-06 17:43 - 0019456 _____ () C:\Users\user\AppData\Local\WebpageIcons.db
2013-12-19 18:00 - 2013-12-19 18:00 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some content of TEMP:
====================
C:\Users\user\AppData\Local\temp\Quarantine.exe
C:\Users\user\AppData\Local\temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-16 16:25

==================== End Of Log ============================
         
--- --- ---

--- --- ---

--- --- ---
Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 16.03.2015
Suchlauf-Zeit: 17:32:47
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.4.1028
Malware Datenbank: v2015.03.16.03
Rootkit Datenbank: v2015.02.25.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows Vista Service Pack 2
CPU: x86
Dateisystem: NTFS
Benutzer: user

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 382320
Verstrichene Zeit: 25 Min, 5 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente erkannt)

Module: 0
(Keine schädliche Elemente erkannt)

Registrierungsschlüssel: 0
(Keine schädliche Elemente erkannt)

Registrierungswerte: 0
(Keine schädliche Elemente erkannt)

Registrierungsdaten: 0
(Keine schädliche Elemente erkannt)

Ordner: 0
(Keine schädliche Elemente erkannt)

Dateien: 0
(Keine schädliche Elemente erkannt)

Physische Sektoren: 0
(Keine schädliche Elemente erkannt)


(end)

Hallo Schrauber,
ich hoffe es ist alles angekommen. Waren große Dateien und ich hoffe, das trotz Fehlermeldung alles geklappt hat. Wenn nicht, schreib bitte welche Dateien noch fehlen.

LG Wolfgang

Alt 17.03.2015, 06:33   #8
schrauber
/// the machine
/// TB-Ausbilder
 

Flackernde Bilder bei Mozilla firefox - Standard

Flackernde Bilder bei Mozilla firefox



Log von AdwCleaner und Co fehlt noch
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 17.03.2015, 17:21   #9
WolfHoffmann
 
Flackernde Bilder bei Mozilla firefox - Standard

log adw.cleaner



AdwCleaner Logfile:
Code:
ATTFilter
# AdwCleaner v4.112 - Bericht erstellt 16/03/2015 um 16:16:07
# Aktualisiert 09/03/2015 von Xplode
# Datenbank : 2015-03-05.1 [Lokal]
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (x86)
# Benutzername : user - USER-PC
# Gestarted von : C:\Users\user\Downloads\AdwCleaner_4.112.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\SecTaskMan
Ordner Gelöscht : C:\Program Files\DriverTuner
Ordner Gelöscht : C:\users\user\AppData\Local\SecTaskMan
Ordner Gelöscht : C:\users\user\AppData\Local\DriverTuner
Ordner Gelöscht : C:\users\user\AppData\Roaming\RHEng
Datei Gelöscht : C:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\iescwgz0.default\user.js

***** [ Geplante Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{9C81D00A-3DAA-48AB-90C7-8252119ABB93}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{1DA17428-323D-48FF-857C-98CFEE48BFD5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{50F60937-910A-4C05-8E36-FE4E299191CF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{63C63464-1423-4FDB-BA5D-6F75F491C63E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BDF61FAE-9D19-40F0-8F34-688DEB334CA9}
Schlüssel Gelöscht : HKCU\Software\DriverTuner_Init
Schlüssel Gelöscht : HKCU\Software\DriverTuner
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\adawarebp
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{97BBECCF-B1FD-4010-8D4B-EFC9E3CCEECF}

***** [ Internetbrowser ] *****

-\\ Internet Explorer v9.0.8112.16633


-\\ Mozilla Firefox v36.0.1 (x86 de)

[iescwgz0.default\prefs.js] - Zeile Gelöscht : user_pref("browser.newtab.url", "chrome://unitedtb/content/newtab/newtab-page.xhtml");

*************************

AdwCleaner[R0].txt - [11372 Bytes] - [03/02/2015 19:14:10]
AdwCleaner[R1].txt - [2843 Bytes] - [16/03/2015 15:59:08]
AdwCleaner[S0].txt - [11328 Bytes] - [03/02/2015 19:19:15]
AdwCleaner[S1].txt - [2774 Bytes] - [16/03/2015 16:16:07]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [2833  Bytes] ##########
         
--- --- ---
was meinst Du mit co, ich glaube ich bin heute ein wenig "Blond"

Alt 18.03.2015, 08:19   #10
schrauber
/// the machine
/// TB-Ausbilder
 

Flackernde Bilder bei Mozilla firefox - Standard

Flackernde Bilder bei Mozilla firefox



passt schon



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 18.03.2015, 20:55   #11
WolfHoffmann
 
Flackernde Bilder bei Mozilla firefox - Standard

Flackernde Bilder bei Mozilla firefox



ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=1a28b0a09487264890d6aa8481f65c23
# engine=22968
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-03-18 08:07:43
# local_time=2015-03-18 09:07:43 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode_1='Kaspersky Total Security'
# compatibility_mode=1301 16777213 100 100 18868 54284493 0 0
# compatibility_mode_1=''
# compatibility_mode=5892 16776574 100 100 101724 264241991 0 0
# scanned=184740
# found=13
# cleaned=0
# scan_time=9537
sh=C0F043342F015F016C8536DDCD5B5F51F97E49D2 ft=1 fh=2edad6a8a6366d43 vn="Variante von Win32/Toolbar.SearchSuite evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\del_DM_DLL_nse9621.dll.vir"
sh=B81BAAC9D35824000ADB556418067A9220C40F01 ft=1 fh=23a12d968d390125 vn="Variante von Win32/Toolbar.Visicom.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe.vir"
sh=5618448E0195BA9251A1A0A5132CE2612037D630 ft=1 fh=ccf0f11a65c989b1 vn="Variante von Win32/Toolbar.Visicom.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\searchquband.dll.vir"
sh=9069C1AE362702A5CFD0947D07C49791244CF7E1 ft=1 fh=b2a7890de2375dad vn="Variante von Win32/Toolbar.Visicom.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll.vir"
sh=1060187DDEF870A487D64831AB67108A834AE818 ft=0 fh=0000000000000000 vn="Variante von Win32/Mobogenie.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\users\user\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie2.1.37.zip.vir"
sh=CAC2EE8DDF6A64B037A357017CA4C4221141BD70 ft=1 fh=6d3baa21187c5208 vn="Variante von Win32/Mobogenie.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\users\user\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\DaemonProcess.exe.vir"
sh=079F5212D0CC3059077736D55C4B04C6CBBFD2B8 ft=1 fh=573a726a370e6e65 vn="Variante von Win32/Mobogenie.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\users\user\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\Mobogenie.exe.vir"
sh=95924D930E42925FCF9C31F268569AF088229675 ft=0 fh=0000000000000000 vn="Variante von Android/Mobserv.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\users\user\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\MUServer.apk.vir"
sh=678148EE00B38B9AAD38C549719F66F1D4E16604 ft=1 fh=0b483d240f3d026b vn="Variante von Win32/Mobogenie.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\users\user\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\New_UpdateMoboGenie.exe.vir"
sh=947BCFA4B2B0C0EFA7447211F3FB2BB06F79943B ft=1 fh=dbbf0ecf40164e38 vn="Variante von Win32/BrowseFox.AJ evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\users\user\AppData\Roaming\RHEng\3015A477B9AD4F349B91C9ADFFC602C3\setup0116.exe.vir"
sh=4034D1D79F6D56DC329680E3CF6311F5CEAFCC5B ft=1 fh=678d98ddc0256885 vn="Variante von Win32/DownloadGuide.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\user\Downloads\adobe-shockwave-player.exe"
sh=1F0AE9DDFBF8F53C7301B204C25202C0DB407C7D ft=1 fh=7d00b6d14374e688 vn="Variante von Win32/InstallCore.XA evtl. unerwünschte Anwendung" ac=I fn="C:\Users\user\Downloads\FreeFileViewerDMSetup.exe"
sh=82141496888CB118EBC37FA092B234CA2F8F6EDE ft=1 fh=61ed3794ba46d7dd vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\Users\user\Downloads\FreeImageConvertAndResize2.1.14.1123.exe"
Das war Nr. 1. Hat 3 Stunden gedauert, deshalb so spät noch.

Results of screen317's Security Check version 0.99.97
Windows Vista Service Pack 2 x86
Internet Explorer 9
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Kaspersky Total Security
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
CCleaner
JavaFX 2.0.3
Java 7 Update 51
Java 8 Update 31
Java version 32-bit out of Date!
Java 64-bit 8 Update 31
Adobe Flash Player 17.0.0.134
Adobe Reader 10.1.7 Adobe Reader out of Date!
Mozilla Firefox (36.0.1)
````````Process Check: objlist.exe by Laurent````````
NetRatingsNetSight NetSight nielsenonline.exe
Kaspersky Lab Kaspersky Total Security 15.0.2 avp.exe
Kaspersky Lab Kaspersky Total Security 15.0.2 avpui.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````
Numero 2. Das 3. kommt noch ;-)


FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-03-2015
Ran by user (administrator) on USER-PC on 18-03-2015 21:41:18
Running from C:\Users\user\Downloads
Loaded Profiles: user & UpdatusUser (Available profiles: user & UpdatusUser)
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Total Security 15.0.2\avp.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(The Nielsen Company) C:\Program Files\NetRatingsNetSight\NetSight\NielsenUpdate.exe
(TomTom) C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Total Security 15.0.2\avpui.exe
(The Nielsen Company) C:\Program Files\NetRatingsNetSight\NetSight\nielsenonline.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(The Nielsen Company) C:\Program Files\NetRatingsNetSight\NetSight\nielsenonline.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Syntek Ltd.) C:\Windows\STK02N\STK02NM.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil32_17_0_0_134_ActiveX.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
() C:\Users\user\Downloads\SecurityCheck.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Farbar) C:\Users\user\Downloads\FRST (1).exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NielsenOnline] => C:\Program Files\NetRatingsNetSight\NetSight\NielsenOnline.exe [91872 2015-01-16] (The Nielsen Company)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKU\S-1-5-21-3327119800-673721398-2511221915-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-3327119800-673721398-2511221915-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [31087200 2015-01-23] (Skype Technologies S.A.)
HKU\S-1-5-21-3327119800-673721398-2511221915-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-3327119800-673721398-2511221915-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\PROGRA~1\PURPLE~1\VOODOO~1\VOODOO~1.SCR
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\STK02N 2.3 PNP Monitor.lnk
ShortcutTarget: STK02N 2.3 PNP Monitor.lnk -> C:\Windows\STK02N\STK02NM.exe (Syntek Ltd.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3327119800-673721398-2511221915-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3327119800-673721398-2511221915-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3327119800-673721398-2511221915-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.gmx.net/
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3327119800-673721398-2511221915-1000 -> DefaultScope {E8A9DC1C-8C29-465E-8CEC-B1A314F405B2} URL = hxxp://go.gmx.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8
SearchScopes: HKU\S-1-5-21-3327119800-673721398-2511221915-1000 -> {18FF90D1-7785-4AF0-9D4D-3E89E3191F84} URL = hxxp://go.web.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8
SearchScopes: HKU\S-1-5-21-3327119800-673721398-2511221915-1000 -> {5C95FD2B-06B2-48E5-95F1-B8B23DBC23F1} URL = hxxp://tv.seznam.cz/hledej?w={searchTerms}&sourceid=QuickSearch_16194
SearchScopes: HKU\S-1-5-21-3327119800-673721398-2511221915-1000 -> {7E9008BF-E68F-4DA8-93CF-5BAF677E6405} URL = hxxp://go.1und1.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8
SearchScopes: HKU\S-1-5-21-3327119800-673721398-2511221915-1000 -> {91E21A2D-9289-4733-8323-5AF4BFC3BB6B} URL = hxxp://search.gmx.com/web?q={searchTerms}&origin=tb_splugin_ie
SearchScopes: HKU\S-1-5-21-3327119800-673721398-2511221915-1000 -> {E8A9DC1C-8C29-465E-8CEC-B1A314F405B2} URL = hxxp://go.gmx.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8
SearchScopes: HKU\S-1-5-21-3327119800-673721398-2511221915-1000 -> {FEB9F5EF-80C9-42A4-9D0F-FF2AF0BD55CF} URL = hxxp://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=402027&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3327119800-673721398-2511221915-1000 -> {FEDA6C16-6DF4-45CF-A058-EF194B94AA2B} URL = hxxp://go.mail.com/tb/en-us/ie_searchplugin/?q={searchTerms}&enc=UTF-8
SearchScopes: HKU\S-1-5-21-3327119800-673721398-2511221915-1006 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-01-25] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files\Windows Live\Companion\companioncore.dll [2012-03-08] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-25] (Oracle Corporation)
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation)
Handler: livecall - No CLSID Value -  []
Handler: msnim - No CLSID Value -  []
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\iescwgz0.default
FF NewTab: chrome://unitedtb/content/newtab/newtab-page.xhtml
FF Homepage: hxxp://www.gmx.net/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_134.dll [2015-03-17] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1216156.dll [2015-01-09] (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin: @canon.com/MycameraPlugin -> C:\Program Files\Canon\MyCamera Download Plugin\NPCIG.dll [2008-10-15] (CANON INC.)
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-25] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-25] (Oracle Corporation)
FF Plugin: @kaspersky.com/content_blocker_663BE84DBCC949E88C7600F63CA7F098 -> C:\Program Files\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\content_blocker@kaspersky.com [2015-03-02] ()
FF Plugin: @kaspersky.com/online_banking_08806E753BE44495B44E90AA2513BDC5 -> C:\Program Files\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\online_banking@kaspersky.com [2015-03-02] ()
FF Plugin: @kaspersky.com/virtual_keyboard_07402848C2F6470194F131B0F3DE025E -> C:\Program Files\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com [2015-03-02] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @nielsen/FirefoxTracker -> C:\Program Files\NetRatingsNetSight\NetSight\meter5\FirefoxAddOns\npfirefoxtracker.dll [2015-03-18] (Nielsen)
FF Plugin: @videolan.org/vlc,version=1.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin: @zylom.com/ZylomGamesPlayer -> C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll [2009-10-23] (Zylom)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2013-05-10] (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2010-11-26]
FF HKLM\...\Firefox\Extensions: [content_blocker_663BE84DBCC949E88C7600F63CA7F098@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\content_blocker@kaspersky.com
FF Extension: Modul zum Sperren von gefährlichen Webseiten - C:\Program Files\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\content_blocker@kaspersky.com [2015-03-02]
FF HKLM\...\Firefox\Extensions: [virtual_keyboard_07402848C2F6470194F131B0F3DE025E@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtuelle Tastatur - C:\Program Files\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com [2015-03-02]
FF HKLM\...\Firefox\Extensions: [online_banking_08806E753BE44495B44E90AA2513BDC5@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\online_banking@kaspersky.com
FF Extension: Sicherer Zahlungsverkehr - C:\Program Files\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\online_banking@kaspersky.com [2015-03-02]
FF HKLM\...\Firefox\Extensions: [netsight@nielsen.com] - C:\Program Files\NetRatingsNetSight\NetSight\meter5\FirefoxAddOns\netsight@nielsen.xpi
FF Extension: Nielsen NetSight - C:\Program Files\NetRatingsNetSight\NetSight\meter5\FirefoxAddOns\netsight@nielsen.xpi [2015-03-18]

Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [Not Found]
CHR HKLM\...\Chrome\Extension: [mkcedibhemacmilmkpndpkoidlnmgngg] - C:\Users\user\ChromeExtensions\mkcedibhemacmilmkpndpkoidlnmgngg\amazon.crx [2013-12-19]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVP15.0.2; C:\Program Files\Kaspersky Lab\Kaspersky Total Security 15.0.2\avp.exe [193400 2014-12-23] (Kaspersky Lab ZAO)
R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [61440 2006-10-19] (Hewlett-Packard Company) [File not signed]
R2 NielsenUpdate; C:\Program Files\NetRatingsNetSight\NetSight\NielsenUpdate.exe [2934496 2015-01-16] (The Nielsen Company)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-21] (Microsoft Corporation)
S4 AntiVirWebService; "C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE" [X]
S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 Afc; C:\Windows\System32\drivers\Afc.sys [18688 2006-11-10] (Arcsoft, Inc.)
R0 cm_km_w; C:\Windows\System32\DRIVERS\cm_km_w.sys [189136 2013-01-14] (Kaspersky Lab UK Ltd)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [143968 2014-03-31] (Kaspersky Lab ZAO)
R2 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [37896 2014-08-19] (Kaspersky Lab ZAO)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [120008 2014-11-28] (Kaspersky Lab ZAO)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [36040 2014-10-22] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [699576 2014-12-13] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [25800 2014-10-10] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [26824 2014-10-30] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [25696 2013-08-08] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [14432 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdf; C:\Windows\System32\DRIVERS\kltdf.sys [68808 2014-11-06] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [46152 2014-10-09] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [148296 2014-11-10] (Kaspersky Lab ZAO)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2015-03-16] (Malwarebytes Corporation)
R1 nnfwdk; C:\Program Files\NetRatingsNetSight\NetSight\meter5\nnfwdk.sys [23264 2015-01-16] (The Nielsen Company)
R2 NPF; C:\Windows\System32\drivers\npf.sys [50704 2009-10-20] (CACE Technologies, Inc.)
R3 NTIDrvr; C:\Windows\System32\DRIVERS\NTIDrvr.sys [6144 2012-11-21] (NewTech Infosystems, Inc.) [File not signed]
S3 optousb; C:\Windows\System32\DRIVERS\optousb.sys [18432 2009-08-26] (OPTO ELECTRONICS CO.,LTD.)
S3 optovcm; C:\Windows\System32\DRIVERS\optovcm.sys [26368 2009-08-26] (OPTO ELECTRONICS CO.,LTD.)
S3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1749376 2007-08-02] ()
R0 UBHelper; C:\Windows\system32\Drivers\UBHelper.sys [13952 2007-02-25] () [File not signed]
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
S3 avchv; system32\DRIVERS\avchv.sys [X]
S3 catchme; \??\C:\Users\user\AppData\Local\Temp\catchme.sys [X]
S3 cmnsusbser; system32\DRIVERS\cmnsusbser.sys [X]
U5 ewusbnet; C:\Windows\System32\Drivers\ewusbnet.sys [113664 2009-12-08] (Huawei Technologies Co., Ltd.)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
U4 klkbdflt2; system32\DRIVERS\klkbdflt2.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-18 21:41 - 2015-03-18 21:41 - 01135104 _____ (Farbar) C:\Users\user\Downloads\FRST (1).exe
2015-03-18 21:31 - 2015-03-18 21:31 - 00852604 _____ () C:\Users\user\Downloads\SecurityCheck.exe
2015-03-18 18:25 - 2015-03-18 18:25 - 00000000 ____D () C:\Program Files\ESET
2015-03-18 18:24 - 2015-03-18 18:24 - 02347384 _____ (ESET) C:\Users\user\Downloads\esetsmartinstaller_deu.exe
2015-03-17 21:15 - 2015-03-17 21:17 - 00002131 _____ () C:\Windows\IE9_main.log
2015-03-17 21:14 - 2015-03-17 21:15 - 18124080 _____ (Microsoft Corporation) C:\Users\user\Downloads\IE9-Windows7-x86-enu.exe
2015-03-17 20:35 - 2015-03-17 20:35 - 10485760 _____ () C:\Users\user\Downloads\places.sqlite
2015-03-17 20:23 - 2015-03-17 20:23 - 01055936 _____ (Adobe) C:\Users\user\Downloads\install_flashplayer17x32_mssd_aaa_aih.exe
2015-03-17 18:26 - 2015-03-17 18:26 - 00262144 _____ () C:\Windows\system32\config\elam
2015-03-16 18:12 - 2015-03-16 18:12 - 01135104 _____ (Farbar) C:\Users\user\Downloads\FRST(1).exe
2015-03-16 18:08 - 2015-03-16 18:08 - 00001203 _____ () C:\Users\user\Desktop\mbam.txt
2015-03-16 17:28 - 2015-03-16 17:28 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\user\Downloads\mbam-setup-2.0.4.1028(1).exe
2015-03-16 16:58 - 2015-03-16 16:58 - 00188786 _____ () C:\Users\user\Desktop\JRT.txt
2015-03-16 16:53 - 2015-03-16 16:53 - 01388333 _____ (Thisisu) C:\Users\user\Downloads\JRT.exe
2015-03-16 15:58 - 2015-03-16 15:58 - 02171392 _____ () C:\Users\user\Downloads\AdwCleaner_4.112.exe
2015-03-15 09:12 - 2015-03-15 09:12 - 00019723 _____ () C:\ComboFix.txt
2015-03-15 09:03 - 2015-03-15 09:03 - 00000540 _____ () C:\Windows\PFRO.log
2015-03-15 08:43 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-03-15 08:43 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-03-15 08:43 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-03-15 08:43 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-03-15 08:43 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-03-15 08:43 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2015-03-15 08:43 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2015-03-15 08:43 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2015-03-15 08:40 - 2015-03-15 09:12 - 00000000 ____D () C:\Qoobox
2015-03-15 08:38 - 2015-03-15 09:10 - 00000000 ____D () C:\Windows\erdnt
2015-03-15 08:37 - 2015-03-15 08:37 - 05615380 ____R (Swearware) C:\Users\user\Downloads\ComboFix.exe
2015-03-15 07:49 - 2015-03-15 07:49 - 00408787 _____ (AChat Animation Studios ) C:\Users\user\Downloads\AChat_German_setup.exe
2015-03-14 13:30 - 2015-03-14 13:32 - 00035761 _____ () C:\Users\user\Downloads\Addition.txt
2015-03-14 13:27 - 2015-03-18 21:41 - 00018241 _____ () C:\Users\user\Downloads\FRST.txt
2015-03-14 13:26 - 2015-03-18 21:41 - 00000000 ____D () C:\FRST
2015-03-14 13:25 - 2015-03-14 13:25 - 01135104 _____ (Farbar) C:\Users\user\Downloads\FRST.exe
2015-03-13 16:23 - 2015-03-13 16:23 - 00000818 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-03-13 16:23 - 2015-03-13 16:23 - 00000806 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-03-13 16:23 - 2015-03-13 16:23 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-03-13 16:20 - 2015-03-13 16:20 - 00243528 _____ () C:\Users\user\Downloads\Firefox Setup Stub 36.0.1.exe
2015-03-12 16:13 - 2015-03-12 16:13 - 00000020 ___SH () C:\Users\UpdatusUser\ntuser.ini
2015-03-12 16:13 - 2015-03-12 16:13 - 00000000 _SHDL () C:\Users\UpdatusUser\Startmenü
2015-03-12 16:13 - 2015-03-12 16:13 - 00000000 _SHDL () C:\Users\UpdatusUser\Netzwerkumgebung
2015-03-12 16:13 - 2015-03-12 16:13 - 00000000 _SHDL () C:\Users\UpdatusUser\Druckumgebung
2015-03-12 16:13 - 2015-03-12 16:13 - 00000000 _SHDL () C:\Users\UpdatusUser\Documents\Eigene Musik
2015-03-12 16:13 - 2015-03-12 16:13 - 00000000 _SHDL () C:\Users\UpdatusUser\Documents\Eigene Bilder
2015-03-12 16:13 - 2015-03-12 16:13 - 00000000 _SHDL () C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2015-03-12 16:13 - 2015-03-12 16:13 - 00000000 _SHDL () C:\Users\UpdatusUser\AppData\Local\Verlauf
2015-03-12 16:13 - 2013-02-27 17:45 - 00000000 ____D () C:\Users\UpdatusUser\AppData\Local\Microsoft Help
2015-03-12 16:13 - 2012-02-02 11:58 - 00000000 ____D () C:\Users\UpdatusUser\AppData\Roaming\Macromedia
2015-03-12 16:13 - 2008-01-21 03:42 - 00000000 ___RD () C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-03-12 16:13 - 2008-01-21 03:42 - 00000000 ___RD () C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-03-12 16:12 - 2015-03-12 16:13 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-03-12 16:11 - 2012-12-29 09:26 - 04129720 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2015-03-12 16:11 - 2012-12-29 09:26 - 03001272 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc.dll
2015-03-12 16:11 - 2012-12-29 09:25 - 02557880 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2015-03-12 16:11 - 2012-12-29 09:25 - 00639928 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2015-03-12 16:11 - 2012-12-29 09:25 - 00108984 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2015-03-12 16:11 - 2012-12-29 09:25 - 00062904 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2015-03-12 16:10 - 2012-12-29 11:26 - 00053176 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2015-03-12 16:09 - 2015-03-12 16:09 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2015-03-12 16:05 - 2012-12-29 11:26 - 20450232 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv32.dll
2015-03-12 16:05 - 2012-12-29 11:26 - 17560504 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2015-03-12 16:05 - 2012-12-29 11:26 - 15129064 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dum.dll
2015-03-12 16:05 - 2012-12-29 11:26 - 12641120 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2um.dll
2015-03-12 16:05 - 2012-12-29 11:26 - 08904632 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2015-03-12 16:05 - 2012-12-29 11:26 - 07931896 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2015-03-12 16:05 - 2012-12-29 11:26 - 06263784 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2015-03-12 16:05 - 2012-12-29 11:26 - 02720696 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2015-03-12 16:05 - 2012-12-29 11:26 - 02504248 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi.dll
2015-03-12 16:05 - 2012-12-29 11:26 - 01985976 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2015-03-12 16:05 - 2012-12-29 11:26 - 01017272 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco32.dll
2015-03-12 16:05 - 2012-12-29 11:26 - 00889784 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco32.dll
2015-03-12 16:05 - 2012-12-29 11:26 - 00013153 _____ () C:\Windows\system32\nvinfo.pb
2015-03-12 15:54 - 2015-03-12 16:02 - 174957352 _____ (NVIDIA Corporation) C:\Users\user\Downloads\310.90-notebook-win8-win7-winvista-32bit-international-whql(1).exe
2015-03-11 19:42 - 2015-03-11 19:42 - 01055936 _____ (Adobe) C:\Users\user\Downloads\install_flashplayer16x32_mssd_aaa_aih.exe
2015-03-10 20:54 - 2015-01-29 02:35 - 00369664 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-03-10 20:53 - 2015-01-29 02:35 - 00975360 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-03-10 20:51 - 2015-02-26 01:18 - 02064384 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-03-10 20:42 - 2015-02-20 03:03 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-03-10 20:42 - 2015-02-20 01:28 - 00296960 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-03-10 20:41 - 2015-02-26 03:01 - 03604408 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-03-10 20:41 - 2015-02-26 03:01 - 03552184 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-03-10 20:41 - 2015-01-09 03:04 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-03-10 20:41 - 2015-01-09 01:18 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-03-10 20:40 - 2015-03-06 05:01 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-03-10 20:40 - 2015-01-21 03:02 - 00807936 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-03-10 20:39 - 2014-10-13 02:12 - 02264064 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-03-10 20:38 - 2015-02-18 03:02 - 11587584 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-03-10 19:50 - 2015-02-21 18:37 - 12375040 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-03-10 19:50 - 2015-02-21 18:34 - 00367104 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-03-10 19:50 - 2015-02-21 18:29 - 09747968 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-03-10 19:50 - 2015-02-21 18:28 - 01810944 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-03-10 19:50 - 2015-02-21 18:22 - 01139200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-03-10 19:50 - 2015-02-21 18:21 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-03-10 19:50 - 2015-02-21 18:21 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-03-10 19:50 - 2015-02-21 18:20 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-03-10 19:50 - 2015-02-21 18:20 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-03-10 19:50 - 2015-02-21 18:19 - 01803264 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-03-10 19:50 - 2015-02-21 18:19 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-03-10 19:50 - 2015-02-21 18:19 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-03-10 19:50 - 2015-02-21 18:19 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-03-10 19:50 - 2015-02-21 18:19 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-03-10 19:50 - 2015-02-21 18:18 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-03-10 19:50 - 2015-02-21 18:18 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-03-10 19:50 - 2015-02-21 18:18 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-03-10 19:50 - 2015-02-21 18:18 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-03-10 19:50 - 2015-02-21 18:18 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-03-10 19:50 - 2015-02-21 18:18 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-03-10 19:50 - 2015-02-21 18:18 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-03-10 19:50 - 2015-02-21 18:17 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-03-09 14:34 - 2015-03-09 14:34 - 00000000 ____D () C:\Users\user\AppData\Roaming\LavasoftStatistics
2015-03-09 14:29 - 2015-03-09 14:29 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_avchv_01009.Wdf
2015-03-07 19:18 - 2015-03-07 19:19 - 00000000 ____D () C:\Users\user\AppData\Roaming\Lenovo
2015-03-07 19:18 - 2015-03-07 19:18 - 00000000 ____D () C:\Users\user\SHAREit
2015-03-07 19:15 - 2015-03-02 18:02 - 00325944 _____ (Lavasoft Limited) C:\Windows\system32\LavasoftTcpService.dll
2015-03-07 19:10 - 2015-03-07 19:10 - 00000994 _____ () C:\Users\Public\Desktop\DVDVideoSoft Free Studio.lnk
2015-03-07 19:06 - 2015-03-07 19:06 - 03313192 _____ (DVDVideoSoft Ltd. ) C:\Users\user\Downloads\FreeYouTubeToMP3Converter.exe
2015-03-02 18:38 - 2015-03-02 18:38 - 00002044 _____ () C:\Users\user\Desktop\Sicherer Zahlungsverkehr.lnk
2015-03-02 18:36 - 2015-03-02 18:36 - 00001890 _____ () C:\Users\Public\Desktop\Kaspersky Total Security.lnk
2015-03-02 18:36 - 2015-03-02 18:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Total Security
2015-03-02 18:29 - 2015-03-02 18:29 - 00000000 ____D () C:\Program Files\Kaspersky Lab
2015-03-02 18:27 - 2014-12-13 18:21 - 00699576 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys
2015-03-02 18:27 - 2014-11-28 18:19 - 00120008 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klflt.sys
2015-03-02 18:27 - 2014-10-22 21:13 - 00036040 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klhk.sys
2015-03-02 17:31 - 2015-03-02 17:35 - 197116024 _____ (Kaspersky Lab) C:\Users\user\Downloads\kts15.0.2.361de-de.exe
2015-03-01 17:20 - 2015-03-01 17:20 - 00782544 _____ (Installer Program ) C:\Users\user\Downloads\FreeFileViewerDMSetup.exe
2015-02-17 16:04 - 2015-02-17 16:04 - 01202848 _____ (Microsoft Corporation) C:\Windows\system32\FM20.DLL

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-18 21:26 - 2011-06-28 16:41 - 01477539 _____ () C:\Windows\WindowsUpdate.log
2015-03-18 21:22 - 2013-09-20 15:58 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2015-03-18 21:15 - 2012-03-29 15:03 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-18 20:53 - 2006-11-02 13:47 - 00005008 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-18 20:53 - 2006-11-02 13:47 - 00005008 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-18 18:17 - 2006-11-02 11:33 - 01567488 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-18 16:53 - 2013-07-15 18:51 - 00000434 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2015-03-18 16:53 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-17 21:53 - 2006-11-02 14:01 - 00032610 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-03-17 21:33 - 2013-07-17 04:18 - 00000000 ____D () C:\Users\user\AppData\Roaming\Skype
2015-03-17 20:20 - 2014-06-23 12:26 - 00000000 ____D () C:\Users\user\AppData\Local\Adobe
2015-03-17 20:20 - 2012-03-29 15:03 - 00778928 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-03-17 20:20 - 2011-05-17 06:45 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-03-16 17:30 - 2015-02-03 20:10 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-16 17:29 - 2015-02-03 20:10 - 00000859 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-03-16 17:29 - 2015-02-03 20:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-03-16 17:29 - 2015-02-03 20:09 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2015-03-16 16:16 - 2015-02-03 19:14 - 00000000 ____D () C:\AdwCleaner
2015-03-15 09:12 - 2006-11-02 12:18 - 00000000 __RHD () C:\Users\Default
2015-03-15 09:12 - 2006-11-02 12:18 - 00000000 ___RD () C:\Users\Public
2015-03-15 09:06 - 2006-11-02 11:23 - 00000215 _____ () C:\Windows\system.ini
2015-03-15 09:00 - 2013-11-14 13:17 - 00000000 ____D () C:\Users\user\AppData\Local\1und1UpdaterCorpE
2015-03-13 16:23 - 2015-01-26 17:54 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-03-13 16:23 - 2010-12-18 07:53 - 00000000 ____D () C:\Users\user\AppData\Roaming\Mozilla
2015-03-13 16:23 - 2010-12-18 07:53 - 00000000 ____D () C:\Users\user\AppData\Local\Mozilla
2015-03-12 16:13 - 2010-11-26 09:57 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2015-03-12 16:12 - 2011-02-08 18:06 - 00000000 ____D () C:\temp
2015-03-12 16:11 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\Help
2015-03-11 18:36 - 2006-11-02 13:47 - 00381952 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-10 20:54 - 2013-02-01 17:17 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-03-10 20:51 - 2013-07-16 19:14 - 00000000 ____D () C:\Windows\system32\MRT
2015-03-10 20:44 - 2006-11-02 11:24 - 119837696 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2015-03-10 18:47 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\Msdtc
2015-03-10 18:46 - 2006-11-02 11:22 - 61341696 _____ () C:\Windows\system32\config\software_previous
2015-03-10 18:46 - 2006-11-02 11:22 - 41943040 _____ () C:\Windows\system32\config\components_previous
2015-03-10 18:46 - 2006-11-02 11:22 - 35913728 _____ () C:\Windows\system32\config\system_previous
2015-03-10 18:46 - 2006-11-02 11:22 - 00524288 _____ () C:\Windows\system32\config\default_previous
2015-03-10 18:46 - 2006-11-02 11:22 - 00262144 _____ () C:\Windows\system32\config\security_previous
2015-03-10 18:46 - 2006-11-02 11:22 - 00262144 _____ () C:\Windows\system32\config\sam_previous
2015-03-10 18:45 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\spool
2015-03-10 18:45 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\registration
2015-03-08 21:56 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system
2015-03-08 08:45 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\nap
2015-03-07 21:33 - 2013-07-05 17:42 - 00000000 ____D () C:\Windows\Minidump
2015-03-07 19:10 - 2013-12-21 22:22 - 00002067 _____ () C:\Users\Public\Desktop\Free YouTube to MP3 Converter.lnk
2015-03-07 19:10 - 2011-02-01 11:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2015-03-07 19:10 - 2011-02-01 11:36 - 00000000 ____D () C:\Program Files\DVDVideoSoft
2015-03-07 19:09 - 2015-01-31 14:18 - 00000000 ____D () C:\Program Files\Free Codec Pack
2015-03-07 19:09 - 2011-02-01 11:36 - 00000000 ____D () C:\Program Files\Common Files\DVDVideoSoft
2015-03-07 19:08 - 2011-10-28 21:29 - 00000000 ____D () C:\Users\user\AppData\Roaming\DVDVideoSoft
2015-03-07 17:57 - 2013-12-20 11:59 - 00000000 ____D () C:\Users\user\Documents\Sprüche
2015-03-02 17:59 - 2012-03-19 17:32 - 00000000 ____D () C:\ProgramData\Avira
2015-02-24 03:23 - 2010-11-26 08:52 - 00246920 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

==================== Files in the root of some directories =======

2011-02-01 11:32 - 2014-05-05 18:15 - 0000020 _____ () C:\Users\user\AppData\Roaming\AVSDVDPlayer.m3u
2011-11-07 09:38 - 2011-11-18 05:24 - 0000090 _____ () C:\Users\user\AppData\Roaming\blckdom.res
2010-11-25 19:39 - 2010-11-26 09:11 - 0000680 _____ () C:\Users\user\AppData\Local\d3d9caps.dat
2011-01-16 17:58 - 2015-02-01 19:24 - 0026112 _____ () C:\Users\user\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-02-01 11:40 - 2012-01-06 17:43 - 0019456 _____ () C:\Users\user\AppData\Local\WebpageIcons.db
2013-12-19 18:00 - 2013-12-19 18:00 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some content of TEMP:
====================
C:\Users\user\AppData\Local\temp\Quarantine.exe
C:\Users\user\AppData\Local\temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-18 17:00

==================== End Of Log ============================
         
--- --- ---

--- --- ---

--- --- ---

So, jetzt habe ich alles ausgeführt, aber die Bilder flackern immer noch. Wie gesagt, nur auf Firefox. Beim Internet-Explorer sind die Bilder alle OK. Es betrifft auch nur die Spiele Aps, sowie am Rand die Werbung und Videos, zb. Facebook. Aber nur, wenn ich über Firefox einlogge. Hast Du eventuell noch eine Idee?

LG Wolfgang

Alt 19.03.2015, 10:42   #12
schrauber
/// the machine
/// TB-Ausbilder
 

Flackernde Bilder bei Mozilla firefox - Standard

Flackernde Bilder bei Mozilla firefox



Java und Adobe updaten. Download Ordner leeren.

Revo Uninstaller - Download - Filepony
damit Firefox deinstallieren, keine Daten behalten, Reste entfernen lassen, neu installieren.

Dann:
https://support.mozilla.org/de/kb/fi...einfach-loesen



Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [X]
Emptytemp:
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.

__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 19.03.2015, 17:26   #13
WolfHoffmann
 
Flackernde Bilder bei Mozilla firefox - Standard

Flackernde Bilder bei Mozilla firefox



Hallo Schrauber,
danke erst mal für Deine Mühen mit mir. Aber ich habe eine wichtige Frage. Wenn ich den Ordner "Download" lösche, was passiert mit den ganzen setup. exe und installer. exe? Gehen die nicht verloren?

LG Wolfgang

Alt 19.03.2015, 21:29   #14
schrauber
/// the machine
/// TB-Ausbilder
 

Flackernde Bilder bei Mozilla firefox - Standard

Flackernde Bilder bei Mozilla firefox



Du sollst den Ordner leeren, nicht löschen. Oder du löschst nur die Installer, die von ESET angemeckert wurden
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 22.03.2015, 17:49   #15
WolfHoffmann
 
Flackernde Bilder bei Mozilla firefox - Standard

Flackernde Bilder bei Mozilla firefox



Hallo Schrauber,
ich habe den ganzen Zyklus nochmal gemacht,die Bilder hatten immer noch geflackert. Hier erst mal die letzten Ergebnisse. FRST kommt noch.
LG WolfgangAdwCleaner Logfile:
Code:
ATTFilter
# AdwCleaner v4.112 - Bericht erstellt 22/03/2015 um 15:19:00
# Aktualisiert 09/03/2015 von Xplode
# Datenbank : 2015-03-22.1 [Server]
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (x86)
# Benutzername : user - USER-PC
# Gestarted von : C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QJU80WAB\AdwCleaner_4.112.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****


***** [ Geplante Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{22E9CC7A-04B2-4558-A993-763395274E42}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{506DDB16-455A-4746-AD77-D23228955FD3}
Daten Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <local>

***** [ Internetbrowser ] *****

-\\ Internet Explorer v9.0.8112.16633


-\\ Mozilla Firefox v

[iescwgz0.default\prefs.js] - Zeile Gelöscht : user_pref("browser.newtab.url", "chrome://unitedtb/content/newtab/newtab-page.xhtml");

*************************

AdwCleaner[R0].txt - [11372 Bytes] - [03/02/2015 19:14:10]
AdwCleaner[R1].txt - [2843 Bytes] - [16/03/2015 15:59:08]
AdwCleaner[R2].txt - [1509 Bytes] - [22/03/2015 15:15:30]
AdwCleaner[S0].txt - [11328 Bytes] - [03/02/2015 19:19:15]
AdwCleaner[S1].txt - [2913 Bytes] - [16/03/2015 16:16:07]
AdwCleaner[S2].txt - [1440 Bytes] - [22/03/2015 15:19:00]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1499  Bytes] ##########
         
--- --- ---
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=1a28b0a09487264890d6aa8481f65c23
# engine=23025
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-03-22 05:08:42
# local_time=2015-03-22 06:08:42 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode_1='Kaspersky Total Security'
# compatibility_mode=1301 16777213 100 100 13616 54619352 0 0
# compatibility_mode_1=''
# compatibility_mode=5892 16776574 100 100 176700 264576850 0 0
# scanned=183382
# found=13
# cleaned=0
# scan_time=9133
sh=C0F043342F015F016C8536DDCD5B5F51F97E49D2 ft=1 fh=2edad6a8a6366d43 vn="Variante von Win32/Toolbar.SearchSuite evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\del_DM_DLL_nse9621.dll.vir"
sh=B81BAAC9D35824000ADB556418067A9220C40F01 ft=1 fh=23a12d968d390125 vn="Variante von Win32/Toolbar.Visicom.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe.vir"
sh=5618448E0195BA9251A1A0A5132CE2612037D630 ft=1 fh=ccf0f11a65c989b1 vn="Variante von Win32/Toolbar.Visicom.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\searchquband.dll.vir"
sh=9069C1AE362702A5CFD0947D07C49791244CF7E1 ft=1 fh=b2a7890de2375dad vn="Variante von Win32/Toolbar.Visicom.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll.vir"
sh=1060187DDEF870A487D64831AB67108A834AE818 ft=0 fh=0000000000000000 vn="Variante von Win32/Mobogenie.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\users\user\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie2.1.37.zip.vir"
sh=CAC2EE8DDF6A64B037A357017CA4C4221141BD70 ft=1 fh=6d3baa21187c5208 vn="Variante von Win32/Mobogenie.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\users\user\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\DaemonProcess.exe.vir"
sh=079F5212D0CC3059077736D55C4B04C6CBBFD2B8 ft=1 fh=573a726a370e6e65 vn="Variante von Win32/Mobogenie.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\users\user\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\Mobogenie.exe.vir"
sh=95924D930E42925FCF9C31F268569AF088229675 ft=0 fh=0000000000000000 vn="Variante von Android/Mobserv.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\users\user\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\MUServer.apk.vir"
sh=678148EE00B38B9AAD38C549719F66F1D4E16604 ft=1 fh=0b483d240f3d026b vn="Variante von Win32/Mobogenie.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\users\user\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\New_UpdateMoboGenie.exe.vir"
sh=947BCFA4B2B0C0EFA7447211F3FB2BB06F79943B ft=1 fh=dbbf0ecf40164e38 vn="Variante von Win32/BrowseFox.AJ evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\users\user\AppData\Roaming\RHEng\3015A477B9AD4F349B91C9ADFFC602C3\setup0116.exe.vir"
sh=4034D1D79F6D56DC329680E3CF6311F5CEAFCC5B ft=1 fh=678d98ddc0256885 vn="Variante von Win32/DownloadGuide.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\user\Downloads\adobe-shockwave-player.exe"
sh=1F0AE9DDFBF8F53C7301B204C25202C0DB407C7D ft=1 fh=7d00b6d14374e688 vn="Variante von Win32/InstallCore.XA evtl. unerwünschte Anwendung" ac=I fn="C:\Users\user\Downloads\FreeFileViewerDMSetup.exe"
sh=82141496888CB118EBC37FA092B234CA2F8F6EDE ft=1 fh=61ed3794ba46d7dd vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\Users\user\Downloads\FreeImageConvertAndResize2.1.14.1123.exe"
Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 22.03.2015
Suchlauf-Zeit: 12:50:21
Logdatei: Mailwarebites.txt
Administrator: Ja

Version: 2.00.4.1028
Malware Datenbank: v2015.03.22.03
Rootkit Datenbank: v2015.02.25.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows Vista Service Pack 2
CPU: x86
Dateisystem: NTFS
Benutzer: user

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 382255
Verstrichene Zeit: 38 Min, 44 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente erkannt)

Module: 0
(Keine schädliche Elemente erkannt)

Registrierungsschlüssel: 0
(Keine schädliche Elemente erkannt)

Registrierungswerte: 0
(Keine schädliche Elemente erkannt)

Registrierungsdaten: 0
(Keine schädliche Elemente erkannt)

Ordner: 0
(Keine schädliche Elemente erkannt)

Dateien: 0
(Keine schädliche Elemente erkannt)

Physische Sektoren: 0
(Keine schädliche Elemente erkannt)


(end)
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=1a28b0a09487264890d6aa8481f65c23
# engine=23025
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-03-22 05:08:42
# local_time=2015-03-22 06:08:42 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode_1='Kaspersky Total Security'
# compatibility_mode=1301 16777213 100 100 13616 54619352 0 0
# compatibility_mode_1=''
# compatibility_mode=5892 16776574 100 100 176700 264576850 0 0
# scanned=183382
# found=13
# cleaned=0
# scan_time=9133
sh=C0F043342F015F016C8536DDCD5B5F51F97E49D2 ft=1 fh=2edad6a8a6366d43 vn="Variante von Win32/Toolbar.SearchSuite evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\del_DM_DLL_nse9621.dll.vir"
sh=B81BAAC9D35824000ADB556418067A9220C40F01 ft=1 fh=23a12d968d390125 vn="Variante von Win32/Toolbar.Visicom.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe.vir"
sh=5618448E0195BA9251A1A0A5132CE2612037D630 ft=1 fh=ccf0f11a65c989b1 vn="Variante von Win32/Toolbar.Visicom.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\searchquband.dll.vir"
sh=9069C1AE362702A5CFD0947D07C49791244CF7E1 ft=1 fh=b2a7890de2375dad vn="Variante von Win32/Toolbar.Visicom.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll.vir"
sh=1060187DDEF870A487D64831AB67108A834AE818 ft=0 fh=0000000000000000 vn="Variante von Win32/Mobogenie.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\users\user\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie2.1.37.zip.vir"
sh=CAC2EE8DDF6A64B037A357017CA4C4221141BD70 ft=1 fh=6d3baa21187c5208 vn="Variante von Win32/Mobogenie.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\users\user\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\DaemonProcess.exe.vir"
sh=079F5212D0CC3059077736D55C4B04C6CBBFD2B8 ft=1 fh=573a726a370e6e65 vn="Variante von Win32/Mobogenie.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\users\user\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\Mobogenie.exe.vir"
sh=95924D930E42925FCF9C31F268569AF088229675 ft=0 fh=0000000000000000 vn="Variante von Android/Mobserv.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\users\user\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\MUServer.apk.vir"
sh=678148EE00B38B9AAD38C549719F66F1D4E16604 ft=1 fh=0b483d240f3d026b vn="Variante von Win32/Mobogenie.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\users\user\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\New_UpdateMoboGenie.exe.vir"
sh=947BCFA4B2B0C0EFA7447211F3FB2BB06F79943B ft=1 fh=dbbf0ecf40164e38 vn="Variante von Win32/BrowseFox.AJ evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\users\user\AppData\Roaming\RHEng\3015A477B9AD4F349B91C9ADFFC602C3\setup0116.exe.vir"
sh=4034D1D79F6D56DC329680E3CF6311F5CEAFCC5B ft=1 fh=678d98ddc0256885 vn="Variante von Win32/DownloadGuide.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\user\Downloads\adobe-shockwave-player.exe"
sh=1F0AE9DDFBF8F53C7301B204C25202C0DB407C7D ft=1 fh=7d00b6d14374e688 vn="Variante von Win32/InstallCore.XA evtl. unerwünschte Anwendung" ac=I fn="C:\Users\user\Downloads\FreeFileViewerDMSetup.exe"
sh=82141496888CB118EBC37FA092B234CA2F8F6EDE ft=1 fh=61ed3794ba46d7dd vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\Users\user\Downloads\FreeImageConvertAndResize2.1.14.1123.exe"
FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-03-2015
Ran by user (administrator) on USER-PC on 22-03-2015 15:01:41
Running from C:\Users\user\Downloads
Loaded Profiles: user & UpdatusUser (Available profiles: user & UpdatusUser)
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Total Security 15.0.2\avp.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(The Nielsen Company) C:\Program Files\NetRatingsNetSight\NetSight\NielsenUpdate.exe
(TomTom) C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Total Security 15.0.2\avpui.exe
(The Nielsen Company) C:\Program Files\NetRatingsNetSight\NetSight\nielsenonline.exe
(The Nielsen Company) C:\Program Files\NetRatingsNetSight\NetSight\nielsenonline.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Syntek Ltd.) C:\Windows\STK02N\STK02NM.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
(Farbar) C:\Users\user\Downloads\FRST (1).exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NielsenOnline] => C:\Program Files\NetRatingsNetSight\NetSight\NielsenOnline.exe [91872 2015-01-16] (The Nielsen Company)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157480 2015-02-13] (Apple Inc.)
HKU\S-1-5-21-3327119800-673721398-2511221915-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-3327119800-673721398-2511221915-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [31087200 2015-01-23] (Skype Technologies S.A.)
HKU\S-1-5-21-3327119800-673721398-2511221915-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-3327119800-673721398-2511221915-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\PROGRA~1\PURPLE~1\VOODOO~1\VOODOO~1.SCR
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\STK02N 2.3 PNP Monitor.lnk
ShortcutTarget: STK02N 2.3 PNP Monitor.lnk -> C:\Windows\STK02N\STK02NM.exe (Syntek Ltd.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3327119800-673721398-2511221915-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3327119800-673721398-2511221915-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3327119800-673721398-2511221915-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.gmx.net/
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3327119800-673721398-2511221915-1000 -> DefaultScope {E8A9DC1C-8C29-465E-8CEC-B1A314F405B2} URL = hxxp://go.gmx.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8
SearchScopes: HKU\S-1-5-21-3327119800-673721398-2511221915-1000 -> {18FF90D1-7785-4AF0-9D4D-3E89E3191F84} URL = hxxp://go.web.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8
SearchScopes: HKU\S-1-5-21-3327119800-673721398-2511221915-1000 -> {5C95FD2B-06B2-48E5-95F1-B8B23DBC23F1} URL = hxxp://tv.seznam.cz/hledej?w={searchTerms}&sourceid=QuickSearch_16194
SearchScopes: HKU\S-1-5-21-3327119800-673721398-2511221915-1000 -> {7E9008BF-E68F-4DA8-93CF-5BAF677E6405} URL = hxxp://go.1und1.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8
SearchScopes: HKU\S-1-5-21-3327119800-673721398-2511221915-1000 -> {91E21A2D-9289-4733-8323-5AF4BFC3BB6B} URL = hxxp://search.gmx.com/web?q={searchTerms}&origin=tb_splugin_ie
SearchScopes: HKU\S-1-5-21-3327119800-673721398-2511221915-1000 -> {E8A9DC1C-8C29-465E-8CEC-B1A314F405B2} URL = hxxp://go.gmx.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8
SearchScopes: HKU\S-1-5-21-3327119800-673721398-2511221915-1000 -> {FEB9F5EF-80C9-42A4-9D0F-FF2AF0BD55CF} URL = hxxp://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=402027&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3327119800-673721398-2511221915-1000 -> {FEDA6C16-6DF4-45CF-A058-EF194B94AA2B} URL = hxxp://go.mail.com/tb/en-us/ie_searchplugin/?q={searchTerms}&enc=UTF-8
SearchScopes: HKU\S-1-5-21-3327119800-673721398-2511221915-1006 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_40\bin\ssv.dll [2015-03-19] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files\Windows Live\Companion\companioncore.dll [2012-03-08] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-19] (Oracle Corporation)
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation)
Handler: livecall - No CLSID Value -  []
Handler: msnim - No CLSID Value -  []
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\iescwgz0.default
FF NewTab: chrome://unitedtb/content/newtab/newtab-page.xhtml
FF Homepage: hxxp://www.gmx.net/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_134.dll [2015-03-17] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1216156.dll [2015-01-09] (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin: @canon.com/MycameraPlugin -> C:\Program Files\Canon\MyCamera Download Plugin\NPCIG.dll [2008-10-15] (CANON INC.)
FF Plugin: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-19] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-19] (Oracle Corporation)
FF Plugin: @kaspersky.com/content_blocker_663BE84DBCC949E88C7600F63CA7F098 -> C:\Program Files\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\content_blocker@kaspersky.com [2015-03-02] ()
FF Plugin: @kaspersky.com/online_banking_08806E753BE44495B44E90AA2513BDC5 -> C:\Program Files\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\online_banking@kaspersky.com [2015-03-02] ()
FF Plugin: @kaspersky.com/virtual_keyboard_07402848C2F6470194F131B0F3DE025E -> C:\Program Files\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com [2015-03-02] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=1.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin: @zylom.com/ZylomGamesPlayer -> C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll [2009-10-23] (Zylom)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Extension: GMX MailCheck - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\iescwgz0.default\Extensions\toolbar@gmx.net [2015-03-20]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2010-11-26]
FF HKLM\...\Firefox\Extensions: [content_blocker_663BE84DBCC949E88C7600F63CA7F098@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\content_blocker@kaspersky.com
FF Extension: Modul zum Sperren von gefährlichen Webseiten - C:\Program Files\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\content_blocker@kaspersky.com [2015-03-02]
FF HKLM\...\Firefox\Extensions: [virtual_keyboard_07402848C2F6470194F131B0F3DE025E@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtuelle Tastatur - C:\Program Files\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com [2015-03-02]
FF HKLM\...\Firefox\Extensions: [online_banking_08806E753BE44495B44E90AA2513BDC5@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\online_banking@kaspersky.com
FF Extension: Sicherer Zahlungsverkehr - C:\Program Files\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\online_banking@kaspersky.com [2015-03-02]
FF Extension: No Name - C:\Program Files\NetRatingsNetSight\NetSight\meter5\FirefoxAddOns\netsight@nielsen.xpi [Not Found]
FF Extension: No Name - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]

Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [Not Found]
CHR HKLM\...\Chrome\Extension: [mkcedibhemacmilmkpndpkoidlnmgngg] - C:\Users\user\ChromeExtensions\mkcedibhemacmilmkpndpkoidlnmgngg\amazon.crx [2013-12-19]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVP15.0.2; C:\Program Files\Kaspersky Lab\Kaspersky Total Security 15.0.2\avp.exe [193400 2014-12-23] (Kaspersky Lab ZAO)
R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [61440 2006-10-19] (Hewlett-Packard Company) [File not signed]
R2 NielsenUpdate; C:\Program Files\NetRatingsNetSight\NetSight\NielsenUpdate.exe [2934496 2015-01-16] (The Nielsen Company)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-21] (Microsoft Corporation)
S4 AntiVirWebService; "C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE" [X]
S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 Afc; C:\Windows\System32\drivers\Afc.sys [18688 2006-11-10] (Arcsoft, Inc.)
R0 cm_km_w; C:\Windows\System32\DRIVERS\cm_km_w.sys [189136 2013-01-14] (Kaspersky Lab UK Ltd)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [143968 2014-03-31] (Kaspersky Lab ZAO)
R2 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [37896 2014-08-19] (Kaspersky Lab ZAO)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [120008 2014-11-28] (Kaspersky Lab ZAO)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [36040 2014-10-22] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [699576 2014-12-13] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [25800 2014-10-10] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [26824 2014-10-30] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [25696 2013-08-08] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [14432 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdf; C:\Windows\System32\DRIVERS\kltdf.sys [68808 2014-11-06] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [46152 2014-10-09] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [148296 2014-11-10] (Kaspersky Lab ZAO)
R1 nnfwdk; C:\Program Files\NetRatingsNetSight\NetSight\meter5\nnfwdk.sys [23264 2015-01-16] (The Nielsen Company)
R2 NPF; C:\Windows\System32\drivers\npf.sys [50704 2009-10-20] (CACE Technologies, Inc.)
R3 NTIDrvr; C:\Windows\System32\DRIVERS\NTIDrvr.sys [6144 2012-11-21] (NewTech Infosystems, Inc.) [File not signed]
S3 optousb; C:\Windows\System32\DRIVERS\optousb.sys [18432 2009-08-26] (OPTO ELECTRONICS CO.,LTD.)
S3 optovcm; C:\Windows\System32\DRIVERS\optovcm.sys [26368 2009-08-26] (OPTO ELECTRONICS CO.,LTD.)
S3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1749376 2007-08-02] ()
R0 UBHelper; C:\Windows\system32\Drivers\UBHelper.sys [13952 2007-02-25] () [File not signed]
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
S3 avchv; system32\DRIVERS\avchv.sys [X]
S3 catchme; \??\C:\Users\user\AppData\Local\Temp\catchme.sys [X]
S3 cmnsusbser; system32\DRIVERS\cmnsusbser.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
U4 klkbdflt2; system32\DRIVERS\klkbdflt2.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-22 15:01 - 2015-03-22 15:01 - 00017548 _____ () C:\Users\user\Downloads\FRST.txt
2015-03-22 15:01 - 2015-03-22 15:01 - 00000986 _____ () C:\Users\user\Documents\checkup.txt
2015-03-22 14:47 - 2015-03-22 14:47 - 00001213 _____ () C:\Users\user\Desktop\Mailwarebites.txt
2015-03-22 14:42 - 2015-03-22 14:42 - 00000000 ____D () C:\Users\user\Documents\Mailware
2015-03-19 20:36 - 2015-03-19 20:36 - 00001624 _____ () C:\Users\Public\Desktop\iTunes.lnk
2015-03-19 20:36 - 2015-03-19 20:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-03-19 20:35 - 2015-03-19 20:36 - 00000000 ____D () C:\ProgramData\B0FFCDD9-5261-4e59-B29A-17A4FABDEBAB
2015-03-19 20:35 - 2015-03-19 20:35 - 00000000 ____D () C:\Program Files\iPod
2015-03-19 18:57 - 2015-03-19 18:57 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\user\Downloads\revosetup95.exe
2015-03-19 18:57 - 2015-03-19 18:57 - 00001017 _____ () C:\Users\user\Desktop\Revo Uninstaller.lnk
2015-03-19 18:57 - 2015-03-19 18:57 - 00000000 ____D () C:\Program Files\VS Revo Group
2015-03-19 18:46 - 2015-03-19 18:43 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2015-03-19 18:44 - 2015-03-19 18:44 - 00000000 ____D () C:\Program Files\Common Files\Java
2015-03-19 18:42 - 2015-03-19 18:42 - 00561064 _____ (Oracle Corporation) C:\Users\user\Downloads\jxpiinstall.exe
2015-03-19 18:40 - 2015-03-19 18:40 - 00001852 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk
2015-03-19 18:39 - 2015-03-19 18:39 - 00001804 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-03-19 18:39 - 2015-03-19 18:39 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2015-03-19 18:31 - 2015-03-19 18:32 - 76313280 _____ (Adobe Systems Incorporated) C:\Users\user\Downloads\AdbeRdr11010_de_DE.exe
2015-03-18 21:41 - 2015-03-18 21:41 - 01135104 _____ (Farbar) C:\Users\user\Downloads\FRST (1).exe
2015-03-18 21:31 - 2015-03-18 21:31 - 00852604 _____ () C:\Users\user\Downloads\SecurityCheck.exe
2015-03-18 18:24 - 2015-03-18 18:24 - 02347384 _____ (ESET) C:\Users\user\Downloads\esetsmartinstaller_deu.exe
2015-03-17 21:14 - 2015-03-17 21:15 - 18124080 _____ (Microsoft Corporation) C:\Users\user\Downloads\IE9-Windows7-x86-enu.exe
2015-03-17 20:35 - 2015-03-17 20:35 - 10485760 _____ () C:\Users\user\Downloads\places.sqlite
2015-03-17 20:23 - 2015-03-17 20:23 - 01055936 _____ (Adobe) C:\Users\user\Downloads\install_flashplayer17x32_mssd_aaa_aih.exe
2015-03-17 18:26 - 2015-03-17 18:26 - 00262144 _____ () C:\Windows\system32\config\elam
2015-03-16 17:28 - 2015-03-16 17:28 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\user\Downloads\mbam-setup-2.0.4.1028(1).exe
2015-03-16 16:53 - 2015-03-16 16:53 - 01388333 _____ (Thisisu) C:\Users\user\Downloads\JRT.exe
2015-03-16 15:58 - 2015-03-16 15:58 - 02171392 _____ () C:\Users\user\Downloads\AdwCleaner_4.112.exe
2015-03-15 09:12 - 2015-03-15 09:12 - 00019723 _____ () C:\ComboFix.txt
2015-03-15 08:43 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-03-15 08:43 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-03-15 08:43 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-03-15 08:43 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-03-15 08:43 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-03-15 08:43 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2015-03-15 08:43 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2015-03-15 08:43 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2015-03-15 08:40 - 2015-03-15 09:12 - 00000000 ____D () C:\Qoobox
2015-03-15 08:38 - 2015-03-15 09:10 - 00000000 ____D () C:\Windows\erdnt
2015-03-15 08:37 - 2015-03-15 08:37 - 05615380 ____R (Swearware) C:\Users\user\Downloads\ComboFix.exe
2015-03-15 07:49 - 2015-03-15 07:49 - 00408787 _____ (AChat Animation Studios ) C:\Users\user\Downloads\AChat_German_setup.exe
2015-03-14 13:30 - 2015-03-14 13:32 - 00035761 _____ () C:\Users\user\Downloads\Addition.txt
2015-03-14 13:26 - 2015-03-22 15:01 - 00000000 ____D () C:\FRST
2015-03-12 16:13 - 2015-03-12 16:13 - 00000020 ___SH () C:\Users\UpdatusUser\ntuser.ini
2015-03-12 16:13 - 2015-03-12 16:13 - 00000000 _SHDL () C:\Users\UpdatusUser\Startmenü
2015-03-12 16:13 - 2015-03-12 16:13 - 00000000 _SHDL () C:\Users\UpdatusUser\Netzwerkumgebung
2015-03-12 16:13 - 2015-03-12 16:13 - 00000000 _SHDL () C:\Users\UpdatusUser\Druckumgebung
2015-03-12 16:13 - 2015-03-12 16:13 - 00000000 _SHDL () C:\Users\UpdatusUser\Documents\Eigene Musik
2015-03-12 16:13 - 2015-03-12 16:13 - 00000000 _SHDL () C:\Users\UpdatusUser\Documents\Eigene Bilder
2015-03-12 16:13 - 2015-03-12 16:13 - 00000000 _SHDL () C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2015-03-12 16:13 - 2015-03-12 16:13 - 00000000 _SHDL () C:\Users\UpdatusUser\AppData\Local\Verlauf
2015-03-12 16:13 - 2013-02-27 17:45 - 00000000 ____D () C:\Users\UpdatusUser\AppData\Local\Microsoft Help
2015-03-12 16:13 - 2012-02-02 11:58 - 00000000 ____D () C:\Users\UpdatusUser\AppData\Roaming\Macromedia
2015-03-12 16:13 - 2008-01-21 03:42 - 00000000 ___RD () C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-03-12 16:13 - 2008-01-21 03:42 - 00000000 ___RD () C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-03-12 16:12 - 2015-03-12 16:13 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-03-12 16:11 - 2012-12-29 09:26 - 04129720 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2015-03-12 16:11 - 2012-12-29 09:26 - 03001272 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc.dll
2015-03-12 16:11 - 2012-12-29 09:25 - 02557880 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2015-03-12 16:11 - 2012-12-29 09:25 - 00639928 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2015-03-12 16:11 - 2012-12-29 09:25 - 00108984 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2015-03-12 16:11 - 2012-12-29 09:25 - 00062904 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2015-03-12 16:10 - 2012-12-29 11:26 - 00053176 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2015-03-12 16:09 - 2015-03-12 16:09 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2015-03-12 16:05 - 2012-12-29 11:26 - 20450232 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv32.dll
2015-03-12 16:05 - 2012-12-29 11:26 - 17560504 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2015-03-12 16:05 - 2012-12-29 11:26 - 15129064 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dum.dll
2015-03-12 16:05 - 2012-12-29 11:26 - 12641120 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2um.dll
2015-03-12 16:05 - 2012-12-29 11:26 - 08904632 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2015-03-12 16:05 - 2012-12-29 11:26 - 07931896 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2015-03-12 16:05 - 2012-12-29 11:26 - 06263784 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2015-03-12 16:05 - 2012-12-29 11:26 - 02720696 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2015-03-12 16:05 - 2012-12-29 11:26 - 02504248 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi.dll
2015-03-12 16:05 - 2012-12-29 11:26 - 01985976 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2015-03-12 16:05 - 2012-12-29 11:26 - 01017272 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco32.dll
2015-03-12 16:05 - 2012-12-29 11:26 - 00889784 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco32.dll
2015-03-12 16:05 - 2012-12-29 11:26 - 00013153 _____ () C:\Windows\system32\nvinfo.pb
2015-03-12 15:54 - 2015-03-12 16:02 - 174957352 _____ (NVIDIA Corporation) C:\Users\user\Downloads\310.90-notebook-win8-win7-winvista-32bit-international-whql(1).exe
2015-03-11 19:42 - 2015-03-11 19:42 - 01055936 _____ (Adobe) C:\Users\user\Downloads\install_flashplayer16x32_mssd_aaa_aih.exe
2015-03-10 20:54 - 2015-01-29 02:35 - 00369664 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-03-10 20:53 - 2015-01-29 02:35 - 00975360 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-03-10 20:51 - 2015-02-26 01:18 - 02064384 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-03-10 20:42 - 2015-02-20 03:03 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-03-10 20:42 - 2015-02-20 01:28 - 00296960 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-03-10 20:41 - 2015-02-26 03:01 - 03604408 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-03-10 20:41 - 2015-02-26 03:01 - 03552184 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-03-10 20:41 - 2015-01-09 03:04 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-03-10 20:41 - 2015-01-09 01:18 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-03-10 20:40 - 2015-03-06 05:01 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-03-10 20:40 - 2015-01-21 03:02 - 00807936 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-03-10 20:39 - 2014-10-13 02:12 - 02264064 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-03-10 20:38 - 2015-02-18 03:02 - 11587584 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-03-10 19:50 - 2015-02-21 18:37 - 12375040 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-03-10 19:50 - 2015-02-21 18:34 - 00367104 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-03-10 19:50 - 2015-02-21 18:29 - 09747968 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-03-10 19:50 - 2015-02-21 18:28 - 01810944 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-03-10 19:50 - 2015-02-21 18:22 - 01139200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-03-10 19:50 - 2015-02-21 18:21 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-03-10 19:50 - 2015-02-21 18:21 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-03-10 19:50 - 2015-02-21 18:20 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-03-10 19:50 - 2015-02-21 18:20 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-03-10 19:50 - 2015-02-21 18:19 - 01803264 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-03-10 19:50 - 2015-02-21 18:19 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-03-10 19:50 - 2015-02-21 18:19 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-03-10 19:50 - 2015-02-21 18:19 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-03-10 19:50 - 2015-02-21 18:19 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-03-10 19:50 - 2015-02-21 18:18 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-03-10 19:50 - 2015-02-21 18:18 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-03-10 19:50 - 2015-02-21 18:18 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-03-10 19:50 - 2015-02-21 18:18 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-03-10 19:50 - 2015-02-21 18:18 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-03-10 19:50 - 2015-02-21 18:18 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-03-10 19:50 - 2015-02-21 18:18 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-03-10 19:50 - 2015-02-21 18:17 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-03-09 14:34 - 2015-03-09 14:34 - 00000000 ____D () C:\Users\user\AppData\Roaming\LavasoftStatistics
2015-03-09 14:29 - 2015-03-09 14:29 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_avchv_01009.Wdf
2015-03-07 19:18 - 2015-03-07 19:19 - 00000000 ____D () C:\Users\user\AppData\Roaming\Lenovo
2015-03-07 19:18 - 2015-03-07 19:18 - 00000000 ____D () C:\Users\user\SHAREit
2015-03-07 19:15 - 2015-03-02 18:02 - 00325944 _____ (Lavasoft Limited) C:\Windows\system32\LavasoftTcpService.dll
2015-03-07 19:10 - 2015-03-07 19:10 - 00000994 _____ () C:\Users\Public\Desktop\DVDVideoSoft Free Studio.lnk
2015-03-07 19:06 - 2015-03-07 19:06 - 03313192 _____ (DVDVideoSoft Ltd. ) C:\Users\user\Downloads\FreeYouTubeToMP3Converter.exe
2015-03-02 18:38 - 2015-03-02 18:38 - 00002044 _____ () C:\Users\user\Desktop\Sicherer Zahlungsverkehr.lnk
2015-03-02 18:36 - 2015-03-02 18:36 - 00001890 _____ () C:\Users\Public\Desktop\Kaspersky Total Security.lnk
2015-03-02 18:36 - 2015-03-02 18:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Total Security
2015-03-02 18:29 - 2015-03-02 18:29 - 00000000 ____D () C:\Program Files\Kaspersky Lab
2015-03-02 18:27 - 2014-12-13 18:21 - 00699576 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys
2015-03-02 18:27 - 2014-11-28 18:19 - 00120008 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klflt.sys
2015-03-02 18:27 - 2014-10-22 21:13 - 00036040 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klhk.sys
2015-03-02 17:31 - 2015-03-02 17:35 - 197116024 _____ (Kaspersky Lab) C:\Users\user\Downloads\kts15.0.2.361de-de.exe
2015-03-01 17:20 - 2015-03-01 17:20 - 00782544 _____ (Installer Program ) C:\Users\user\Downloads\FreeFileViewerDMSetup.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-22 14:53 - 2011-06-28 16:41 - 01580557 _____ () C:\Windows\WindowsUpdate.log
2015-03-22 14:43 - 2015-02-03 20:10 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-22 14:26 - 2013-09-20 15:58 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2015-03-22 14:25 - 2006-11-02 13:47 - 00005008 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-22 14:25 - 2006-11-02 13:47 - 00005008 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-22 14:15 - 2012-03-29 15:03 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-22 12:12 - 2015-01-26 17:54 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-03-22 10:25 - 2013-07-15 18:51 - 00000434 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2015-03-22 10:25 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-21 16:03 - 2006-11-02 14:01 - 00032610 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-03-20 21:27 - 2011-01-08 13:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2015-03-20 17:52 - 2013-07-17 04:18 - 00000000 ____D () C:\Users\user\AppData\Roaming\Skype
2015-03-19 20:36 - 2014-03-06 18:41 - 00000000 ____D () C:\Program Files\iTunes
2015-03-19 20:35 - 2012-03-22 13:22 - 00000000 ____D () C:\Program Files\Common Files\Apple
2015-03-19 18:55 - 2014-03-11 20:05 - 00000000 ____D () C:\ProgramData\Oracle
2015-03-19 18:43 - 2011-03-14 07:57 - 00000000 ____D () C:\Program Files\Java
2015-03-19 18:39 - 2011-07-29 06:29 - 00000000 ____D () C:\Program Files\Adobe
2015-03-19 18:39 - 2010-12-13 18:35 - 00000000 ____D () C:\ProgramData\Adobe
2015-03-18 18:17 - 2006-11-02 11:33 - 01567488 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-17 20:20 - 2014-06-23 12:26 - 00000000 ____D () C:\Users\user\AppData\Local\Adobe
2015-03-17 20:20 - 2012-03-29 15:03 - 00778928 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-03-17 20:20 - 2011-05-17 06:45 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-03-16 17:29 - 2015-02-03 20:10 - 00000859 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-03-16 17:29 - 2015-02-03 20:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-03-16 17:29 - 2015-02-03 20:09 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2015-03-16 16:16 - 2015-02-03 19:14 - 00000000 ____D () C:\AdwCleaner
2015-03-15 09:12 - 2006-11-02 12:18 - 00000000 __RHD () C:\Users\Default
2015-03-15 09:12 - 2006-11-02 12:18 - 00000000 ___RD () C:\Users\Public
2015-03-15 09:06 - 2006-11-02 11:23 - 00000215 _____ () C:\Windows\system.ini
2015-03-15 09:00 - 2013-11-14 13:17 - 00000000 ____D () C:\Users\user\AppData\Local\1und1UpdaterCorpE
2015-03-13 16:23 - 2010-12-18 07:53 - 00000000 ____D () C:\Users\user\AppData\Roaming\Mozilla
2015-03-13 16:23 - 2010-12-18 07:53 - 00000000 ____D () C:\Users\user\AppData\Local\Mozilla
2015-03-12 16:13 - 2010-11-26 09:57 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2015-03-12 16:12 - 2011-02-08 18:06 - 00000000 ____D () C:\temp
2015-03-12 16:11 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\Help
2015-03-11 18:36 - 2006-11-02 13:47 - 00381952 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-10 20:54 - 2013-02-01 17:17 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-03-10 20:51 - 2013-07-16 19:14 - 00000000 ____D () C:\Windows\system32\MRT
2015-03-10 20:44 - 2006-11-02 11:24 - 119837696 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2015-03-10 18:47 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\Msdtc
2015-03-10 18:46 - 2006-11-02 11:22 - 61341696 _____ () C:\Windows\system32\config\software_previous
2015-03-10 18:46 - 2006-11-02 11:22 - 41943040 _____ () C:\Windows\system32\config\components_previous
2015-03-10 18:46 - 2006-11-02 11:22 - 35913728 _____ () C:\Windows\system32\config\system_previous
2015-03-10 18:46 - 2006-11-02 11:22 - 00524288 _____ () C:\Windows\system32\config\default_previous
2015-03-10 18:46 - 2006-11-02 11:22 - 00262144 _____ () C:\Windows\system32\config\security_previous
2015-03-10 18:46 - 2006-11-02 11:22 - 00262144 _____ () C:\Windows\system32\config\sam_previous
2015-03-10 18:45 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\spool
2015-03-10 18:45 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\registration
2015-03-08 21:56 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system
2015-03-08 08:45 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\nap
2015-03-07 21:33 - 2013-07-05 17:42 - 00000000 ____D () C:\Windows\Minidump
2015-03-07 19:10 - 2013-12-21 22:22 - 00002067 _____ () C:\Users\Public\Desktop\Free YouTube to MP3 Converter.lnk
2015-03-07 19:10 - 2011-02-01 11:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2015-03-07 19:10 - 2011-02-01 11:36 - 00000000 ____D () C:\Program Files\DVDVideoSoft
2015-03-07 19:09 - 2015-01-31 14:18 - 00000000 ____D () C:\Program Files\Free Codec Pack
2015-03-07 19:09 - 2011-02-01 11:36 - 00000000 ____D () C:\Program Files\Common Files\DVDVideoSoft
2015-03-07 19:08 - 2011-10-28 21:29 - 00000000 ____D () C:\Users\user\AppData\Roaming\DVDVideoSoft
2015-03-07 17:57 - 2013-12-20 11:59 - 00000000 ____D () C:\Users\user\Documents\Sprüche
2015-03-02 17:59 - 2012-03-19 17:32 - 00000000 ____D () C:\ProgramData\Avira
2015-02-24 03:23 - 2010-11-26 08:52 - 00246920 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

==================== Files in the root of some directories =======

2011-02-01 11:32 - 2014-05-05 18:15 - 0000020 _____ () C:\Users\user\AppData\Roaming\AVSDVDPlayer.m3u
2011-11-07 09:38 - 2011-11-18 05:24 - 0000090 _____ () C:\Users\user\AppData\Roaming\blckdom.res
2010-11-25 19:39 - 2010-11-26 09:11 - 0000680 _____ () C:\Users\user\AppData\Local\d3d9caps.dat
2011-01-16 17:58 - 2015-02-01 19:24 - 0026112 _____ () C:\Users\user\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-02-01 11:40 - 2012-01-06 17:43 - 0019456 _____ () C:\Users\user\AppData\Local\WebpageIcons.db
2013-12-19 18:00 - 2013-12-19 18:00 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-22 10:31

==================== End Of Log ============================
         
--- --- ---
Wie bekomme ich bei eset die als gefährdet eingestuften Sachen gelöscht?Hat mir keine Mölichkeit angeboten.

Antwort

Themen zu Flackernde Bilder bei Mozilla firefox
android/mobserv.a, fehlercode 0x0, fehlercode windows, internet-explorer, kaspersky total security, mobogenie, mobogenie entfernen, total security, win32/browsefox.aj, win32/downloadguide.d, win32/installcore.xa, win32/mobogenie.a, win32/toolbar.conduit, win32/toolbar.searchsuite, win32/toolbar.visicom.a, win32/toolbar.visicom.b, win32/toolbar.visicom.c



Ähnliche Themen: Flackernde Bilder bei Mozilla firefox


  1. win10 - Flackernde Taskleiste
    Log-Analyse und Auswertung - 21.09.2015 (18)
  2. Bilder auf USB Festplatte teilweise(nicht alle Bilder)mit Cryptowall 3 verschlüsselt
    Plagegeister aller Art und deren Bekämpfung - 08.08.2015 (3)
  3. Mozilla Firefox Problem
    Alles rund um Windows - 25.03.2014 (31)
  4. Im Firefox unter Windows 7, 64bit bekomme ich plötzlich Werbung im Browser (Links und rechts flackernde Anzeigen, pp. und Popups.
    Plagegeister aller Art und deren Bekämpfung - 05.01.2014 (51)
  5. auf firefox werden bilder der webseiten nicht angezeigt
    Plagegeister aller Art und deren Bekämpfung - 12.12.2013 (11)
  6. Trojaner? Online mit IE - flackernde Werbung und Videos wenn ich die öffne
    Plagegeister aller Art und deren Bekämpfung - 28.05.2011 (40)
  7. Bilder-Filter für firefox
    Überwachung, Datenschutz und Spam - 16.05.2011 (6)
  8. Mozilla Firefox Spinnt^^
    Alles rund um Windows - 20.03.2010 (1)
  9. Bilder können nicht runtergeladen werden, Trojaner on Board, Firefox stürzt ab...
    Log-Analyse und Auswertung - 27.02.2010 (26)
  10. Mozilla Firefox
    Alles rund um Windows - 17.05.2009 (0)
  11. Probleme Mit Mozilla Firefox!
    Log-Analyse und Auswertung - 18.05.2008 (16)
  12. IE pop-ups mit mozilla firefox
    Log-Analyse und Auswertung - 31.08.2007 (4)
  13. Warum werden bei mir keine Bilder im Firefox angezeigt?
    Alles rund um Windows - 16.06.2007 (3)
  14. Schutz bei Mozilla Firefox !
    Antiviren-, Firewall- und andere Schutzprogramme - 18.12.2005 (2)
  15. mozilla firefox probleme
    Alles rund um Windows - 11.11.2004 (3)
  16. Mozilla Firefox läd Bilder zu langsam
    Alles rund um Windows - 10.09.2004 (2)
  17. Mozilla Firefox hijacker
    Log-Analyse und Auswertung - 09.09.2004 (3)

Zum Thema Flackernde Bilder bei Mozilla firefox - Hallo zusammen, ich hatte beim Herunterladen von "Free YouTube Download" mir warscheinlich unerwünschte Werbung eingefangen. Diese schob sich von allen Seiten in meinen Bildschirm. Ich habe mir dann Kaspersky Total - Flackernde Bilder bei Mozilla firefox...
Archiv
Du betrachtest: Flackernde Bilder bei Mozilla firefox auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.