Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Trojaner oder Virus? (https://www.trojaner-board.de/139098-trojaner-virus.html)

Landei 31.07.2013 11:00
Trojaner oder Virus?
 
Hallo Gemeinde,

Avira meldet heute ein yonnosetup.exe als gefährlich.keine Ahnung woher das kommt was das ist da ich ein kompletter Laie bin.Mein Laptop hat auf einmal delta search als Startseite festgelegt.Ich hab mal Malware Bytes durchlaufen lassen und das ist das ergebnis.Kann mir jemand sagen ob ich einen Infizierten Rechner habe?Und wenn dann erklärt mir bitte alles wie ein Kind :D da ich echt Laie bin . danke euch im Voraus.


Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.07.31.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16635
oliver :: OLIVER-PC [Administrator]

31.07.2013 11:41:49
MBAM-log-2013-07-31 (11-54-25).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 57932
Laufzeit: 12 Minute(n), 24 Sekunde(n) [Abgebrochen]

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\$Recycle.Bin\S-1-5-21-1972273453-3807663751-171534141-1000\$RNUSF86.exe (PUP.BundleInstaller.DW) -> Keine Aktion durchgeführt.

(Ende)

schrauber 31.07.2013 11:22
hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)



So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
http://www.trojaner-board.de/picture...&pictureid=307

Landei 31.07.2013 11:36
das ist der FRST.txt
FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 30-07-2013 03
Ran by oliver (administrator) on 31-07-2013 12:33:25
Running from C:\Users\oliver\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe
(SAMSUNG Electronics) C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
(SEC) C:\Program Files (x86)\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Glarysoft Ltd) C:\Program Files (x86)\Glary Utilities 3\Integrator.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Synaptics, Inc.) C:\Program Files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\ToolbarUpdater.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\loggingserver.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\windows\System32\alg.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Program Files\Rainlendar2\Rainlendar2.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee Security Scan\3.0.313\SSScheduler.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe
(Nullsoft, Inc.) C:\Program Files (x86)\Winamp\winampa.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
() C:\Program Files (x86)\AVG Secure Search\vprot.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Google Inc.) C:\Users\oliver\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\oliver\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\oliver\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2735400 2011-03-31] (Synaptics Incorporated)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12558440 2011-07-07] (Realtek Semiconductor)
HKLM\...\InprocServer32: [Default-cscui]  <==== ATTENTION!
HKCU\...\Run: [Google Update] - C:\Users\oliver\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-03-23] (Google Inc.)
HKCU\...\Run: [Rainlendar2] - C:\Program Files\Rainlendar2\Rainlendar2.exe [4359680 2012-12-29] ()
HKLM-x32\...\Run: [UpdateLBPShortCut] - C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [CLMLServer] - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [103720 2009-06-03] (CyberLink)
HKLM-x32\...\Run: [UpdateP2GoShortCut] - C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePDRShortCut] - C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe [222504 2008-01-04] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl8] - C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe [91432 2009-04-15] (CyberLink Corp.)
HKLM-x32\...\Run: [PDVD8LanguageShortcut] - C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe [50472 2009-04-15] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePPShortCut] - C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe [218408 2008-12-03] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePSTShortCut] - C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe [210216 2009-07-21] (CyberLink Corp.)
HKLM-x32\...\Run: [WinampAgent] - C:\Program Files (x86)\Winamp\winampa.exe [80480 2013-06-19] (Nullsoft, Inc.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-01-28] (Apple Inc.)
HKLM-x32\...\Run: [vProt] - C:\Program Files (x86)\AVG Secure Search\vprot.exe [2285232 2013-07-29] ()
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [345144 2013-06-27] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-02-20] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files (x86)\McAfee Security Scan\3.0.313\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\oliver\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www1.delta-search.com/?babsrc=HP_ss&mntrId=546EB2004E647309&affID=119776&tsp=4960
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://samsung.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com
URLSearchHook: (No Name) - {40c3cc16-7269-4b32-9531-17f2950fb06f} -  No File
URLSearchHook: (No Name) - {c840e246-6b95-475e-9bd7-caa1c7eca9f2} -  No File
URLSearchHook: (No Name) - {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} -  No File
SearchScopes: HKLM-x32 - DefaultScope {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2625848
SearchScopes: HKLM-x32 - {80272FE5-DE96-4AB0-B0C0-A4D7F04CA654} URL = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com
SearchScopes: HKLM-x32 - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2625848
SearchScopes: HKCU - Plasmoo URL = hxxp://plasmoo.com/index.htm?SearchMashine=true&q={searchTerms}
SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://startsear.ch/?aff=1&src=sp&cf=026e8701-1615-11e1-adc0-e81132228219&q={searchTerms}
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www1.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=546EB2004E647309&affID=119776&tsp=4960
SearchScopes: HKCU - {6BE547F0-A203-4ECC-B476-C43C3A11B084} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=8B5D2D6E-FF6C-47C3-9383-4C9C9BDEF631&apn_sauid=0F8F2B84-FF2A-4FF0-814C-EB899A146906
SearchScopes: HKCU - {80272FE5-DE96-4AB0-B0C0-A4D7F04CA654} URL = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://isearch.avg.com/search?cid={49C1B477-3CDC-4BDC-B2BA-19C9EAEA7524}&mid=38b34050f28947d0a7a7395874c66bea-e93211ab6ec41e2e40e0d25a4d00b62141f29008&lang=de&ds=tt014&pr=sa&d=2012-06-22 17:03:30&v=15.2.0.5&pid=avg&sg=0&sap=dsp&q={searchTerms}
SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2625848
BHO: VshareComplete - {08337871-0e50-4031-9110-3bd21ca3c065} - C:\Users\oliver\AppData\Roaming\VshareComplete\64\VshareComplete64.dll (SimplyGen)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.313\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Winload Toolbar - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files (x86)\Winload\prxtbWinl.dll (Conduit Ltd.)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\15.4.0.5\AVG Secure Search_toolbar.dll (AVG Secure Search)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
Toolbar: HKLM-x32 - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
Toolbar: HKLM-x32 - Winload Toolbar - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files (x86)\Winload\prxtbWinl.dll (Conduit Ltd.)
Toolbar: HKLM-x32 - AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\15.4.0.5\AVG Secure Search_toolbar.dll (AVG Secure Search)
Toolbar: HKCU - No Name - {40C3CC16-7269-4B32-9531-17F2950FB06F} -  No File
Toolbar: HKCU - No Name - {C840E246-6B95-475E-9BD7-CAA1C7ECA9F2} -  No File
Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.4.0\ViProtocol.dll (AVG Secure Search)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\oliver\AppData\Roaming\Mozilla\Firefox\Path=C:\Users\oliver\AppData\Roaming\Mozilla\Profiles\o76bw92q.Standard-Benutzer
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\15.4.0\\npsitesafety.dll (AVG Technologies)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files (x86)\McAfee Security Scan\3.0.313\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @veetle.com/veetleCorePlugin,version=0.9.19 - C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF Plugin-x32: @veetle.com/veetlePlayerPlugin,version=0.9.18 - C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\oliver\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\oliver\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
FF Extension: No Name - C:\Users\oliver\AppData\Roaming\Mozilla\Firefox\profiles\extensions\extensions
FF Extension: ftdownloader2 - C:\Users\oliver\AppData\Roaming\Mozilla\Firefox\profiles\extensions\ftdownloader2@ftdownloader.com.xpi
FF Extension: No Name - C:\Users\oliver\AppData\Roaming\Mozilla\Firefox\profiles\extensions\user.js
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM-x32\...\Firefox\Extensions: [avg@toolbar] C:\ProgramData\AVG Secure Search\FireFoxExt\15.4.0.5
FF Extension: AVG Security Toolbar - C:\ProgramData\AVG Secure Search\FireFoxExt\15.4.0.5

Chrome:
=======
CHR HomePage: hxxp://www1.delta-search.com/?babsrc=HP_ss&mntrId=546EB2004E647309&affID=119776&tsp=4960
CHR RestoreOnStartup: "hxxp://www.t-online.de/"
CHR DefaultSearchURL: (Delta Search) - hxxp://www1.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=546EB2004E647309&affID=119776&tsp=4960
CHR DefaultSuggestURL: (Delta Search) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Users\oliver\AppData\Local\Google\Chrome\Application\28.0.1500.72\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\oliver\AppData\Local\Google\Chrome\Application\28.0.1500.72\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\oliver\AppData\Local\Google\Chrome\Application\28.0.1500.72\pdf.dll ()
CHR Plugin: (registryAccess) - C:\Users\oliver\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaojmikegpiepcfdkkjaplodkpfmlo\7.15.15.37265_1\background/registryAccess.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (vShare.tv plug-in) - C:\Program Files (x86)\Mozilla Firefox\plugins\npvsharetvplg.dll (vShare.tv )
CHR Plugin: (Winamp Application Detector) - C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll (Nullsoft, Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (AVG SiteSafety plugin) - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\14.2.0\\npsitesafety.dll (AVG Technologies)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U17) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (McAfee Security Scanner +) - C:\Program Files (x86)\McAfee Security Scan\3.0.313\npMcAfeeMss.dll (McAfee, Inc.)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File
CHR Plugin: (Veetle TV Player) - C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
CHR Plugin: (Veetle TV Core) - C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
CHR Plugin: (Shockwave Flash) - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.170.2) - C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Extension: (DVDVideoSoftTB DE) - C:\Users\oliver\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhphemoobgnikcoofkgackkaimpfmenm\10.16.70.501_0
CHR Extension: (VshareComplete plugin for chrome) - C:\Users\oliver\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlfienamagdnkekbbbocojppncdambda\1.1_1
CHR Extension: (vshare plugin) - C:\Users\oliver\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj\1.3_1
CHR Extension: (AVG Secure Search) - C:\Users\oliver\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\15.4.0.5_1
CHR Extension: (DVDVideoSoft Browser Extension) - C:\Users\oliver\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.0_1
CHR Extension: (Gutscheinsammler Finder) - C:\Users\oliver\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilobbegphefikcgjpajnneiiahhejam\2.1.1_0
CHR HKLM-x32\...\Chrome\Extension: [bhphemoobgnikcoofkgackkaimpfmenm] - C:\Users\oliver\AppData\Local\CRE\bhphemoobgnikcoofkgackkaimpfmenm.crx
CHR HKLM-x32\...\Chrome\Extension: [dlfienamagdnkekbbbocojppncdambda] - C:\Program Files (x86)\VshareComplete\chrome\VshareCompleteChrome.crx
CHR HKLM-x32\...\Chrome\Extension: [kpionmjnkbpcdpcflammlgllecmejgjj] - C:\Program Files (x86)\vShare.tv plugin\vshareplg.crx
CHR HKLM-x32\...\Chrome\Extension: [mbcjjdjanpccmehilicphhmeobiljcpk] - C:\Program Files (x86)\FTDownloader.com\FTDownloader10.crx
CHR HKLM-x32\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\ProgramData\AVG Secure Search\ChromeExt\15.4.0.5\avg.crx
CHR HKLM-x32\...\Chrome\Extension: [pilobbegphefikcgjpajnneiiahhejam] - C:\Users\oliver\Econa\Gutscheinsammler\Chrome\chrome.crx

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-06-27] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-06-27] (Avira Operations GmbH & Co. KG)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152 2009-07-07] ()
R2 ScrybeUpdater; C:\Program Files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe [1300264 2011-05-27] (Synaptics, Inc.)
R2 vToolbarUpdater15.4.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\ToolbarUpdater.exe [1616048 2013-07-29] (AVG Secure Search)

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [100712 2013-03-30] (Avira Operations GmbH & Co. KG)
R1 avgtp; C:\windows\system32\drivers\avgtpx64.sys [45856 2013-07-29] (AVG Technologies)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130016 2013-03-30] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-03-30] (Avira Operations GmbH & Co. KG)
S3 MHIKEY10; C:\Windows\System32\Drivers\MHIKEY10x64.sys [60288 2010-09-15] (Generic USB smartcard reader)
S3 rtport; C:\windows\SysWOW64\drivers\rtport.sys [15144 2011-02-15] (Windows (R) 2003 DDK 3790 provider)
S3 rtport; C:\windows\SysWOW64\drivers\rtport.sys [15144 2011-02-15] (Windows (R) 2003 DDK 3790 provider)
R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [395264 2009-09-28] ()
S0 PxHlpa64; System32\Drivers\PxHlpa64.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-31 12:33 - 2013-07-31 12:33 - 00000000 ____D C:\FRST
2013-07-31 12:32 - 2013-07-31 12:33 - 01781589 _____ (Farbar) C:\Users\oliver\Downloads\FRST64.exe
2013-07-31 12:32 - 2013-07-31 12:33 - 01781589 _____ (Farbar) C:\Users\oliver\Downloads\FRST64 (1).exe
2013-07-31 12:32 - 2013-07-31 12:32 - 00717160 _____ C:\Users\oliver\Downloads\ZipOpenerSetup.exe
2013-07-31 11:32 - 2013-07-31 11:32 - 00712264 _____ C:\windows\isRS-000.tmp
2013-07-31 11:28 - 2013-07-31 11:40 - 00000000 ____D C:\Users\oliver\AppData\Roaming\BabSolution
2013-07-31 11:28 - 2013-07-31 11:28 - 00000000 ____D C:\Users\oliver\AppData\Roaming\Babylon
2013-07-31 11:28 - 2013-07-31 11:28 - 00000000 ____D C:\Users\oliver\AppData\Local\Cool_Mirage
2013-07-31 11:28 - 2013-07-31 11:28 - 00000000 ____D C:\ProgramData\BrowserDefender
2013-07-31 11:28 - 2013-07-31 11:28 - 00000000 ____D C:\ProgramData\Babylon
2013-07-31 09:38 - 2013-07-31 11:33 - 00000112 _____ C:\windows\setupact.log
2013-07-31 09:38 - 2013-07-31 09:38 - 00000000 _____ C:\windows\setuperr.log
2013-07-30 10:59 - 2013-07-31 11:34 - 00000334 _____ C:\windows\Tasks\GlaryInitialize 3.job
2013-07-30 10:59 - 2013-07-31 11:34 - 00000000 ____D C:\Program Files (x86)\Glary Utilities 3
2013-07-30 10:59 - 2013-07-30 10:59 - 00002634 _____ C:\windows\System32\Tasks\GlaryInitialize 3
2013-07-30 10:59 - 2013-07-30 10:59 - 00001080 _____ C:\Users\Public\Desktop\Glary Utilities 3.lnk
2013-07-30 10:58 - 2013-07-30 10:59 - 16285968 _____ C:\Users\oliver\Downloads\gu3setup.exe
2013-07-29 19:01 - 2013-07-29 19:01 - 00003717 _____ C:\Program Files (x86)\Mozilla Firefoxavg-secure-search.xml
2013-07-26 10:47 - 2013-07-26 10:47 - 00000112 _____ C:\Users\oliver\Downloads\bremenvier.m3u
2013-07-14 11:24 - 2013-07-14 11:24 - 01067456 _____ (Solid State Networks) C:\Users\oliver\Downloads\install_flashplayer11x32au_ltr5x64d_awc_aih.exe
2013-07-10 20:55 - 2013-06-12 01:43 - 14329856 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2013-07-10 20:55 - 2013-06-12 01:43 - 02877440 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2013-07-10 20:55 - 2013-06-12 01:43 - 01767936 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2013-07-10 20:55 - 2013-06-12 01:43 - 01141248 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2013-07-10 20:55 - 2013-06-12 01:43 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2013-07-10 20:55 - 2013-06-12 01:43 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2013-07-10 20:55 - 2013-06-12 01:43 - 00039424 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2013-07-10 20:55 - 2013-06-12 01:42 - 13760512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2013-07-10 20:55 - 2013-06-12 01:42 - 02046976 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2013-07-10 20:55 - 2013-06-12 01:42 - 00391168 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2013-07-10 20:55 - 2013-06-12 01:42 - 00109056 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll
2013-07-10 20:55 - 2013-06-12 01:42 - 00061440 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2013-07-10 20:55 - 2013-06-12 01:42 - 00033280 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2013-07-10 20:55 - 2013-06-12 01:26 - 02241024 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2013-07-10 20:55 - 2013-06-12 01:26 - 01365504 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2013-07-10 20:55 - 2013-06-12 01:26 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2013-07-10 20:55 - 2013-06-12 01:25 - 19238912 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2013-07-10 20:55 - 2013-06-12 01:25 - 15404032 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2013-07-10 20:55 - 2013-06-12 01:25 - 03958784 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2013-07-10 20:55 - 2013-06-12 01:25 - 02648576 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2013-07-10 20:55 - 2013-06-12 01:25 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2013-07-10 20:55 - 2013-06-12 01:25 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2013-07-10 20:55 - 2013-06-12 01:25 - 00526336 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2013-07-10 20:55 - 2013-06-12 01:25 - 00136704 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2013-07-10 20:55 - 2013-06-12 01:25 - 00067072 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2013-07-10 20:55 - 2013-06-12 01:25 - 00053248 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2013-07-10 20:55 - 2013-06-12 01:25 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2013-07-10 20:55 - 2013-06-12 00:51 - 00071680 _____ (Microsoft Corporation) C:\windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-10 20:55 - 2013-06-12 00:50 - 00089600 _____ (Microsoft Corporation) C:\windows\system32\RegisterIEPKEYs.exe
2013-07-10 20:55 - 2013-06-07 05:22 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2013-07-10 20:55 - 2013-06-07 04:37 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2013-07-10 07:24 - 2013-06-05 05:34 - 03153920 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2013-07-10 07:24 - 2013-06-04 08:00 - 00624128 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll
2013-07-10 07:24 - 2013-06-04 06:53 - 00509440 _____ (Microsoft Corporation) C:\windows\SysWOW64\qedit.dll
2013-07-10 07:24 - 2013-05-06 08:03 - 01887744 _____ (Microsoft Corporation) C:\windows\system32\WMVDECOD.DLL
2013-07-10 07:24 - 2013-05-06 06:56 - 01620480 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMVDECOD.DLL
2013-07-10 07:24 - 2013-04-10 01:34 - 01247744 _____ (Microsoft Corporation) C:\windows\SysWOW64\DWrite.dll
2013-07-10 07:24 - 2013-04-03 00:51 - 01643520 _____ (Microsoft Corporation) C:\windows\system32\DWrite.dll
2013-07-05 10:14 - 2013-07-05 10:14 - 00000979 _____ C:\Users\Public\Desktop\Winamp.lnk
2013-07-05 10:12 - 2013-07-05 10:13 - 13306032 _____ (Nullsoft, Inc.) C:\Users\oliver\Downloads\winamp564_full_emusic-7plus_de-de.exe
2013-07-04 17:41 - 2013-07-04 17:41 - 00345856 _____ C:\Users\oliver\Downloads\lshunterAppsSetup20.exe
2013-07-01 11:52 - 2013-07-01 11:52 - 00019354 _____ C:\Users\oliver\Documents\Lebenlauf.odt

==================== One Month Modified Files and Folders =======

2013-07-31 12:33 - 2013-07-31 12:33 - 00000000 ____D C:\FRST
2013-07-31 12:33 - 2013-07-31 12:32 - 01781589 _____ (Farbar) C:\Users\oliver\Downloads\FRST64.exe
2013-07-31 12:33 - 2013-07-31 12:32 - 01781589 _____ (Farbar) C:\Users\oliver\Downloads\FRST64 (1).exe
2013-07-31 12:32 - 2013-07-31 12:32 - 00717160 _____ C:\Users\oliver\Downloads\ZipOpenerSetup.exe
2013-07-31 12:11 - 2012-03-29 23:10 - 00000884 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2013-07-31 11:55 - 2012-05-26 22:20 - 00001124 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1972273453-3807663751-171534141-1000UA.job
2013-07-31 11:52 - 2011-08-04 21:57 - 00001110 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-31 11:41 - 2009-07-14 06:45 - 00013936 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-31 11:41 - 2009-07-14 06:45 - 00013936 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-31 11:40 - 2013-07-31 11:28 - 00000000 ____D C:\Users\oliver\AppData\Roaming\BabSolution
2013-07-31 11:39 - 2010-11-08 01:10 - 01055937 _____ C:\windows\WindowsUpdate.log
2013-07-31 11:34 - 2013-07-30 10:59 - 00000334 _____ C:\windows\Tasks\GlaryInitialize 3.job
2013-07-31 11:34 - 2013-07-30 10:59 - 00000000 ____D C:\Program Files (x86)\Glary Utilities 3
2013-07-31 11:34 - 2013-02-06 19:44 - 00000000 ____D C:\Users\oliver\.rainlendar2
2013-07-31 11:34 - 2011-07-23 19:33 - 00000374 _____ C:\windows\system32\Drivers\etc\hosts.ics
2013-07-31 11:34 - 2011-07-09 19:35 - 00000000 ____D C:\Users\oliver\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite
2013-07-31 11:33 - 2013-07-31 09:38 - 00000112 _____ C:\windows\setupact.log
2013-07-31 11:33 - 2013-06-03 15:26 - 00000350 _____ C:\windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
2013-07-31 11:33 - 2012-06-19 19:42 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-07-31 11:33 - 2011-12-27 18:32 - 00000328 _____ C:\windows\Tasks\GlaryInitialize.job
2013-07-31 11:33 - 2011-08-04 21:57 - 00001106 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-31 11:33 - 2009-07-14 07:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2013-07-31 11:32 - 2013-07-31 11:32 - 00712264 _____ C:\windows\isRS-000.tmp
2013-07-31 11:32 - 2012-07-19 18:20 - 00001109 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-07-31 11:28 - 2013-07-31 11:28 - 00000000 ____D C:\Users\oliver\AppData\Roaming\Babylon
2013-07-31 11:28 - 2013-07-31 11:28 - 00000000 ____D C:\Users\oliver\AppData\Local\Cool_Mirage
2013-07-31 11:28 - 2013-07-31 11:28 - 00000000 ____D C:\ProgramData\BrowserDefender
2013-07-31 11:28 - 2013-07-31 11:28 - 00000000 ____D C:\ProgramData\Babylon
2013-07-31 11:28 - 2011-07-09 14:03 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-07-31 11:27 - 2013-04-08 09:55 - 00000000 ____D C:\Users\oliver\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FTDownloader.com
2013-07-31 10:55 - 2012-05-26 22:20 - 00001072 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1972273453-3807663751-171534141-1000Core.job
2013-07-31 09:44 - 2012-02-12 00:31 - 00003938 _____ C:\windows\System32\Tasks\User_Feed_Synchronization-{999711EC-264D-4CF4-933C-4C0B21BB1F68}
2013-07-31 09:38 - 2013-07-31 09:38 - 00000000 _____ C:\windows\setuperr.log
2013-07-30 11:00 - 2011-07-09 19:40 - 00000000 ___RD C:\Users\oliver\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-07-30 11:00 - 2009-08-02 04:27 - 00000000 ____D C:\windows\Panther
2013-07-30 10:59 - 2013-07-30 10:59 - 00002634 _____ C:\windows\System32\Tasks\GlaryInitialize 3
2013-07-30 10:59 - 2013-07-30 10:59 - 00001080 _____ C:\Users\Public\Desktop\Glary Utilities 3.lnk
2013-07-30 10:59 - 2013-07-30 10:58 - 16285968 _____ C:\Users\oliver\Downloads\gu3setup.exe
2013-07-30 10:59 - 2011-12-27 18:33 - 00000000 ____D C:\Users\oliver\AppData\Roaming\GlarySoft
2013-07-30 10:55 - 2011-07-09 13:45 - 00000000 ____D C:\Users\oliver\AppData\Roaming\Macromedia
2013-07-29 19:01 - 2013-07-29 19:01 - 00003717 _____ C:\Program Files (x86)\Mozilla Firefoxavg-secure-search.xml
2013-07-29 19:01 - 2012-08-30 20:43 - 00045856 _____ (AVG Technologies) C:\windows\system32\Drivers\avgtpx64.sys
2013-07-29 19:01 - 2012-06-22 17:03 - 00000000 ____D C:\Program Files (x86)\AVG Secure Search
2013-07-28 22:02 - 2011-07-09 13:52 - 00000000 ____D C:\Users\oliver\AppData\Roaming\Winamp
2013-07-26 20:37 - 2010-11-06 04:52 - 00654852 _____ C:\windows\system32\perfh007.dat
2013-07-26 20:37 - 2010-11-06 04:52 - 00130434 _____ C:\windows\system32\perfc007.dat
2013-07-26 20:37 - 2009-07-14 07:13 - 01500294 _____ C:\windows\system32\PerfStringBackup.INI
2013-07-26 10:47 - 2013-07-26 10:47 - 00000112 _____ C:\Users\oliver\Downloads\bremenvier.m3u
2013-07-23 22:38 - 2011-07-09 13:58 - 00000000 ____D C:\Users\oliver\Desktop\Nicht verwendete Desktop Dateien
2013-07-23 12:08 - 2013-06-23 14:19 - 00000000 ____D C:\Users\oliver\AppData\Roaming\Skype
2013-07-14 11:24 - 2013-07-14 11:24 - 01067456 _____ (Solid State Networks) C:\Users\oliver\Downloads\install_flashplayer11x32au_ltr5x64d_awc_aih.exe
2013-07-13 10:50 - 2012-05-26 22:20 - 00004096 _____ C:\windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1972273453-3807663751-171534141-1000UA
2013-07-13 10:50 - 2012-05-26 22:20 - 00003700 _____ C:\windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1972273453-3807663751-171534141-1000Core
2013-07-13 10:47 - 2011-08-04 21:57 - 00004106 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-07-13 10:47 - 2011-08-04 21:57 - 00003854 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-07-13 09:51 - 2009-07-14 07:08 - 00032640 _____ C:\windows\Tasks\SCHEDLGU.TXT
2013-07-12 12:57 - 2013-06-23 14:19 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-07-12 12:57 - 2013-06-23 14:19 - 00000000 ____D C:\ProgramData\Skype
2013-07-10 21:06 - 2009-07-14 06:45 - 00317528 _____ C:\windows\system32\FNTCACHE.DAT
2013-07-10 21:05 - 2013-03-13 22:04 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-10 21:05 - 2013-03-13 22:04 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-07-10 21:04 - 2010-11-06 04:31 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-10 21:04 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-10 21:04 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-07-10 20:56 - 2011-07-10 20:07 - 78185248 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2013-07-08 21:03 - 2013-06-23 14:15 - 00000000 ____D C:\Users\oliver\Documents\Images
2013-07-05 14:07 - 2011-07-25 23:05 - 00000000 ____D C:\Users\oliver\Downloads\German_TOP100_Single_Charts_04_07_2011-MCG
2013-07-05 10:14 - 2013-07-05 10:14 - 00000979 _____ C:\Users\Public\Desktop\Winamp.lnk
2013-07-05 10:14 - 2011-07-09 13:52 - 00000000 ____D C:\Program Files (x86)\Winamp
2013-07-05 10:13 - 2013-07-05 10:12 - 13306032 _____ (Nullsoft, Inc.) C:\Users\oliver\Downloads\winamp564_full_emusic-7plus_de-de.exe
2013-07-04 17:41 - 2013-07-04 17:41 - 00345856 _____ C:\Users\oliver\Downloads\lshunterAppsSetup20.exe
2013-07-01 11:52 - 2013-07-01 11:52 - 00019354 _____ C:\Users\oliver\Documents\Lebenlauf.odt

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-07-23 09:15

==================== End Of Log ============================
--- --- ---


und hier der Addition.txt
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 30-07-2013 03
Ran by oliver at 2013-07-31 12:34:13
Running from C:\Users\oliver\Downloads
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

 
Adobe Flash Player 11 ActiveX (x32 Version: 11.7.700.224)
Adobe Flash Player 11 Plugin (x32 Version: 11.7.700.224)
Adobe Reader XI (11.0.03) - Deutsch (x32 Version: 11.0.03)
Age of Mythology (x32)
Apple Application Support (x32 Version: 2.3.3)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (x32 Version: 2.1.3.127)
ASIO4ALL (x32)
Atheros Client Installation Program (x32 Version: 1.0.2.1119)
AVG Security Toolbar (x32 Version: 15.4.0.5)
Avira Free Antivirus (x32 Version: 13.0.0.3884)
BatteryLifeExtender (x32 Version: 1.0.5)
CDBurnerXP (x32 Version: 4.4.1.3243)
Commandos 2: Men of Courage (x32)
Commandos 3: Destination Berlin (x32)
Commandos Strike Force (x32)
Commandos: Hinter feindlichen Linien (x32)
Commandos: Im Auftrag der Ehre (x32)
concept/design onlineTV 6 (x32 Version: onlineTV 6)
CVE-2012-1889
CyberLink DVD Suite (x32 Version: 6.0.2806)
CyberLink LabelPrint (x32 Version: 2.5.1916)
CyberLink Power2Go (x32 Version: 6.0.3108a)
CyberLink PowerDirector (x32 Version: 7.0.3213)
CyberLink PowerDVD 8 (x32 Version: 8.0.2815b)
CyberLink PowerProducer (x32 Version: 5.0.1.1812)
eaner (Version: 3.11)
Easy Display Manager (x32 Version: 3.2)
Easy Network Manager (x32 Version: 4.3.3)
Easy SpeedUp Manager (x32 Version: 3.0.0.5)
EasyBatteryManager (x32 Version: 4.0.0.3)
ElsterFormular (x32 Version: 14.0.0.10960)
EVEREST Home Edition v2.20 (x32 Version: 2.20)
Free YouTube to MP3 Converter version 3.11.35.1031 (x32 Version: 3.11.35.1031)
FUSSBALL MANAGER 08 (x32)
Glary Utilities 2.40.0.1326 (x32 Version: 2.40.0.1326)
Glary Utilities 3.7 (x32 Version: 3.7.0.127)
Google Chrome (HKCU Version: 28.0.1500.72)
Google Earth (x32 Version: 7.0.3.8542)
Google Update Helper (x32 Version: 1.3.21.153)
Intel PROSet Wireless
Intel(R) Control Center (x32 Version: 1.2.1.1007)
Intel(R) Graphics Media Accelerator Driver (x32 Version: 8.15.10.2202)
Intel(R) PROSet/Wireless WiFi Software (Version: 13.02.0000)
Intel(R) Rapid Storage Technology (x32 Version: 9.5.4.1001)
iTunes (Version: 11.0.2.26)
Java 7 Update 25 (x32 Version: 7.0.250)
Java Auto Updater (x32 Version: 2.1.9.5)
Java(TM) 6 Update 26 (64-bit) (Version: 6.0.260)
Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300)
Marvell Miniport Driver (x32 Version: 11.22.3.3)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Klick-und-Los 2010 (Version: 14.0.4763.1000)
Microsoft Office Klick-und-Los 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Starter 2010 - Deutsch (x32 Version: 14.0.4763.1000)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Mozilla Firefox 22.0 (x86 de) (x32 Version: 22.0)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
MSXML4 Parser (x32 Version: 1.0.0)
Native Instruments Traktor 2 (Version: 2.0.1.10169)
Native Instruments Traktor 2 (x32)
OpenOffice.org 3.4.1 (x32 Version: 3.41.9593)
PokerStars (x32)
QuickTime (x32 Version: 7.70.80.34)
Rainlendar2 (remove only) (x32)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6410)
RollerCoaster Tycoon 3 (x32)
Samsung Recovery Solution 4 (x32 Version: 4.0.0.6)
Samsung Support Center (x32 Version: 1.0.2)
Samsung Update Plus (x32 Version: 2.0)
Skype™ 6.6 (x32 Version: 6.6.106)
Synaptics Gesture Suite featuring SYNAPTICS | Scrybe (x32 Version: 1.6.5.17120)
Synaptics Pointing Device Driver (Version: 15.2.20.0)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
User Guide (x32 Version: 1.0)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0)
Veetle TV (x32 Version: 0.9.19)
Video Power (x32 Version: 1.0.24)
vShare.tv plugin 1.3 (x32 Version: 1.3)
VshareComplete (x32)
Winamp (x32 Version: 5.64 )
Winamp Erkennungs-Plug-in (HKCU Version: 1.0.0.1)
WinExit-Pro (x32 Version: 8.02.0000)
Winload Toolbar (x32 Version: 6.8.5.1)
WinRAR 4.01 (64-Bit) (Version: 4.01.0)

==================== Restore Points  =========================

16-07-2013 07:39:28 Windows Update
23-07-2013 06:45:25 Windows Update
26-07-2013 06:57:42 Windows Update
30-07-2013 06:50:07 Windows Update
31-07-2013 09:47:43 Removed Bonjour

==================== Hosts content: ==========================

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {10794921-C732-4D2F-9A52-F949D0E41D6C} - System32\Tasks\User_Feed_Synchronization-{999711EC-264D-4CF4-933C-4C0B21BB1F68} => C:\windows\system32\msfeedssync.exe [2013-05-10] (Microsoft Corporation)
Task: {1F3B9A8B-BC2F-4E2C-80DF-115A3053C8E7} - System32\Tasks\EasyDisplayMgr => C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe [2010-06-08] (Samsung Electronics Co., Ltd.)
Task: {20B86333-C618-45F9-8A84-16D39A2D5A4E} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2013-03-12] (Oracle Corporation)
Task: {26046DA6-F723-4DA4-BDA0-D18865E3CC79} - System32\Tasks\SamsungSupportCenter => C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe [2010-05-06] (SAMSUNG Electronics)
Task: {27A2764E-F212-4C73-BFCE-90AEE80F43EE} - System32\Tasks\BatteryLifeExtender => C:\Program Files (x86)\Samsung\BatteryLifeExtender\BatteryLifeExtender.exe [2010-06-01] (Samsung Electronics. Co. Ltd.)
Task: {36A6A58D-E66A-4A32-B62E-7595918FF917} - System32\Tasks\{3F2B3DA9-B9F0-41CC-81E3-B50D68AF5996} => C:\Program Files (x86)\Pyro Studios\Commandos 3 Destination Berlin\Commandos3.exe No File
Task: {3DB2EF97-9BE7-43F5-972D-9364F10EC5C4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-08-04] (Google Inc.)
Task: {3F410E33-F90D-4504-8BFB-99B1398691B1} - System32\Tasks\EasySpeedUpManager => C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe [2009-10-13] (Samsung Electronics Co., Ltd.)
Task: {5677C437-8886-47A0-99D7-2799DCB2D95A} - System32\Tasks\Funmoods => C:\Users\oliver\AppData\Roaming\Funmoods\UPDATE~1\UPDATE~1.EXE No File
Task: {57AB46EC-4D5E-450D-98B3-1C28694485E8} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe [2010-11-20] (Microsoft Corporation)
Task: {5B06EBCC-E50B-45D3-8442-0E5954BFCFE8} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1972273453-3807663751-171534141-1000UA => C:\Users\oliver\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-23] (Google Inc.)
Task: {6C73195B-83F2-4BAB-81E7-E9365AAC05E6} - System32\Tasks\Microsoft\Windows\MUI\Lpksetup => C:\windows\System32\lpksetup.exe [2010-11-20] (Microsoft Corporation)
Task: {7946FB6B-B66F-4E7B-904F-1927A62BDFCA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-08-04] (Google Inc.)
Task: {8D301E05-EEEB-4269-ACEF-0C9DECD20EA0} - System32\Tasks\SUPBackground => C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe No File
Task: {8F9C0C37-1A97-4A16-8B01-A41B1851603E} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-12] (Adobe Systems Incorporated)
Task: {A6C2FD8E-08E7-40B3-96C1-21A55A037EE1} - System32\Tasks\advSRS4 => C:\Program Files (x86)\Samsung\Samsung Recovery Solution 4\WCScheduler.exe [2010-01-19] (SEC)
Task: {B33ABB2A-76E1-49F4-8140-0C84EA55511D} - System32\Tasks\GlaryInitialize => C:\Program Files (x86)\Glary Utilities\initialize.exe [2011-12-08] (Glarysoft Ltd)
Task: {B6D65EE5-4289-4823-B9BF-94622B5769A5} - System32\Tasks\{9CD5E585-D277-4745-9595-419370F0418B} => C:\Program Files (x86)\Pyro Studios\Commandos 3 Destination Berlin\Commandos3.exe No File
Task: {CDDCC9BB-D1C8-499B-8299-F4F151F85829} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv => C:\windows\TEMP\{D52FF551-F469-4C24-8E8A-E05846B6A1DF}.exe No File
Task: {D10C5F33-F00E-485B-ACA5-35BD2596EB2D} - System32\Tasks\Google Updater and Installer => C:\Users\oliver\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-23] (Google Inc.)
Task: {D661D820-CA35-4E59-99D8-142BECBA66F0} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04] (Adobe Systems Incorporated)
Task: {F3ED277E-E903-40E6-9FC6-F52B5F331978} - System32\Tasks\EasyBatteryManager => C:\Program Files (x86)\Samsung\EasyBatteryManager\EasyBatteryMgr4.exe [2009-10-16] (SAMSUNG Electronics co., LTD.)
Task: {F62B597E-2807-4019-B358-936BA595CF96} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1972273453-3807663751-171534141-1000Core => C:\Users\oliver\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-23] (Google Inc.)
Task: {F65376D7-9001-4DB7-A2D9-BA39C5FC21B0} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => c:\program files\windows defender\MpCmdRun.exe [2009-07-14] (Microsoft Corporation)
Task: {FD9C6457-981B-4C79-98C9-E993CFBE2F38} - System32\Tasks\GlaryInitialize 3 => C:\Program Files (x86)\Glary Utilities 3\Initialize.exe [2013-07-22] (Glarysoft Ltd)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => C:\windows\TEMP\{D52FF551-F469-4C24-8E8A-E05846B6A1DF}.exe
Task: C:\windows\Tasks\GlaryInitialize 3.job => C:\Program Files (x86)\Glary Utilities 3\Initialize.exe
Task: C:\windows\Tasks\GlaryInitialize.job => C:\Program Files (x86)\Glary Utilities\initialize.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1972273453-3807663751-171534141-1000Core.job => C:\Users\oliver\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1972273453-3807663751-171534141-1000UA.job => C:\Users\oliver\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/30/2013 01:15:04 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Die abhängige Assemblierung "Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (07/27/2013 03:47:29 PM) (Source: Bonjour Service) (User: )
Description: 456: ERROR: read_msg errno 0 (Der Vorgang wurde erfolgreich beendet.)

Error: (07/27/2013 03:47:29 PM) (Source: Bonjour Service) (User: )
Description: ERROR: mDNSPlatformReadTCP - recv: 10053

Error: (07/12/2013 07:08:20 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15803

Error: (07/12/2013 07:08:20 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15803

Error: (07/12/2013 07:08:20 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/12/2013 07:08:19 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 14789

Error: (07/12/2013 07:08:19 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 14789

Error: (07/12/2013 07:08:19 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/12/2013 07:08:18 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 13790


System errors:
=============
Error: (07/31/2013 11:36:18 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "UPnP-Gerätehost" ist vom Dienst "SSDP-Suche" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1058

Error: (07/31/2013 11:36:18 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "UPnP-Gerätehost" ist vom Dienst "SSDP-Suche" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1058

Error: (07/31/2013 11:36:18 AM) (Source: DCOM) (User: )
Description: 1068upnphost{204810B9-73B2-11D4-BF42-00B0D0118B56}

Error: (07/31/2013 11:36:18 AM) (Source: WMPNetworkSvc) (User: )
Description: WMPNetworkSvc0x80070422

Error: (07/31/2013 11:34:14 AM) (Source: ipnathlp) (User: )
Description: 0

Error: (07/31/2013 11:34:10 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "UPnP-Gerätehost" ist vom Dienst "SSDP-Suche" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1058

Error: (07/31/2013 11:34:10 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "UPnP-Gerätehost" ist vom Dienst "SSDP-Suche" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1058

Error: (07/31/2013 11:34:10 AM) (Source: DCOM) (User: )
Description: 1068upnphost{204810B9-73B2-11D4-BF42-00B0D0118B56}

Error: (07/31/2013 11:33:58 AM) (Source: Service Control Manager) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
PxHlpa64

Error: (07/31/2013 11:26:40 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "UPnP-Gerätehost" ist vom Dienst "SSDP-Suche" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1058


Microsoft Office Sessions:
=========================
Error: (07/30/2013 01:15:04 PM) (Source: SideBySide)(User: )
Description: Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"c:\program files (x86)\glary utilities 3\Native\wxp_x86\RegBootDefrag.exe

Error: (07/27/2013 03:47:29 PM) (Source: Bonjour Service)(User: )
Description: 456: ERROR: read_msg errno 0 (Der Vorgang wurde erfolgreich beendet.)

Error: (07/27/2013 03:47:29 PM) (Source: Bonjour Service)(User: )
Description: ERROR: mDNSPlatformReadTCP - recv: 10053

Error: (07/12/2013 07:08:20 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15803

Error: (07/12/2013 07:08:20 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15803

Error: (07/12/2013 07:08:20 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/12/2013 07:08:19 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 14789

Error: (07/12/2013 07:08:19 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 14789

Error: (07/12/2013 07:08:19 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/12/2013 07:08:18 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 13790


CodeIntegrity Errors:
===================================
  Date: 2012-06-19 19:04:08.096
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2012-06-19 19:04:08.034
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info ===========================

Percentage of memory in use: 49%
Total physical RAM: 3892.55 MB
Available physical RAM: 1949.6 MB
Total Pagefile: 7783.29 MB
Available Pagefile: 5534.25 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:179 GB) (Free:99.4 GB) NTFS (Disk=0 Partition=3)
Drive d: () (Fixed) (Total:266.66 GB) (Free:169.16 GB) NTFS (Disk=0 Partition=4)

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 466 GB) (Disk ID: 70B5646A)
Partition 1: (Not Active) - (Size=20 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=179 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=267 GB) - (Type=OF Extended)

==================== End Of Log ============================

schrauber 31.07.2013 15:14
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!
Downloade dir bitte Combofix vom folgenden Downloadspiegel

Link 1


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Landei 31.07.2013 15:43
hier ist combofix .

Code:
ComboFix 13-07-31.02 - oliver 31.07.2013  16:30:45.1.2 - x64
Microsoft Windows 7 Home Premium  6.1.7601.1.1252.49.1031.18.3893.2508 [GMT 2:00]
ausgeführt von:: c:\users\oliver\Downloads\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\oliver\videos\winrar-x64-401d.exe
.
.
(((((((((((((((((((((((  Dateien erstellt von 2013-06-28 bis 2013-07-31  ))))))))))))))))))))))))))))))
.
.
2013-07-31 14:37 . 2013-07-31 14:37        --------        d-----w-        c:\users\Public\AppData\Local\temp
2013-07-31 14:37 . 2013-07-31 14:37        --------        d-----w-        c:\users\Default\AppData\Local\temp
2013-07-31 10:33 . 2013-07-31 10:33        --------        d-----w-        C:\FRST
2013-07-31 09:32 . 2013-07-31 09:32        --------        d-----w-        c:\users\oliver\AppData\Local\Programs
2013-07-31 09:28 . 2013-07-31 09:40        --------        d-----w-        c:\users\oliver\AppData\Roaming\BabSolution
2013-07-31 09:28 . 2013-07-31 09:28        --------        d-----w-        c:\users\oliver\AppData\Roaming\Babylon
2013-07-31 09:28 . 2013-07-31 09:28        --------        d-----w-        c:\programdata\Babylon
2013-07-31 09:28 . 2013-07-31 09:28        --------        d-----w-        c:\users\oliver\AppData\Local\Cool_Mirage
2013-07-30 08:59 . 2013-07-31 12:14        --------        d-----w-        c:\program files (x86)\Glary Utilities 3
2013-07-30 06:50 . 2013-07-02 08:34        9460976        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{E7686D65-0730-4E84-82CC-8D8B8A8A94EB}\mpengine.dll
2013-07-17 11:07 . 2013-07-17 11:07        263576        ----a-w-        c:\program files (x86)\Mozilla Firefox\browser\components\browsercomps.dll
2013-07-17 11:07 . 2013-07-17 11:07        26520        ----a-w-        c:\program files (x86)\Mozilla Firefox\plugin-hang-ui.exe
2013-07-13 22:01 . 2013-07-13 22:01        893552        ----a-w-        c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2013-07-13 22:01 . 2013-07-13 22:01        42776        ----a-w-        c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2013-07-13 22:01 . 2013-07-13 22:01        1236816        ----a-w-        c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2013-07-10 05:24 . 2013-05-27 05:50        1011712        ----a-w-        c:\program files\Windows Defender\MpSvc.dll
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-29 17:01 . 2012-08-30 18:43        45856        ----a-w-        c:\windows\system32\drivers\avgtpx64.sys
2013-07-10 18:56 . 2011-07-10 18:07        78185248        ----a-w-        c:\windows\system32\MRT.exe
2013-06-27 10:19 . 2013-05-08 09:16        83672        ----a-w-        c:\windows\system32\drivers\avnetflt.sys
2013-06-23 09:09 . 2013-06-23 09:09        96168        ----a-w-        c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-06-23 09:09 . 2012-06-25 15:33        867240        ----a-w-        c:\windows\SysWow64\npdeployJava1.dll
2013-06-23 09:09 . 2011-10-16 18:00        789416        ----a-w-        c:\windows\SysWow64\deployJava1.dll
2013-06-12 16:11 . 2012-03-29 21:10        692104        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe
2013-06-12 16:11 . 2011-07-09 12:26        71048        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-13 05:51 . 2013-06-12 06:17        184320        ----a-w-        c:\windows\system32\cryptsvc.dll
2013-05-13 05:51 . 2013-06-12 06:17        1464320        ----a-w-        c:\windows\system32\crypt32.dll
2013-05-13 05:51 . 2013-06-12 06:17        139776        ----a-w-        c:\windows\system32\cryptnet.dll
2013-05-13 05:50 . 2013-06-12 06:17        52224        ----a-w-        c:\windows\system32\certenc.dll
2013-05-13 04:45 . 2013-06-12 06:17        1160192        ----a-w-        c:\windows\SysWow64\crypt32.dll
2013-05-13 04:45 . 2013-06-12 06:17        140288        ----a-w-        c:\windows\SysWow64\cryptsvc.dll
2013-05-13 04:45 . 2013-06-12 06:17        103936        ----a-w-        c:\windows\SysWow64\cryptnet.dll
2013-05-13 03:43 . 2013-06-12 06:17        1192448        ----a-w-        c:\windows\system32\certutil.exe
2013-05-13 03:08 . 2013-06-12 06:17        903168        ----a-w-        c:\windows\SysWow64\certutil.exe
2013-05-13 03:08 . 2013-06-12 06:17        43008        ----a-w-        c:\windows\SysWow64\certenc.dll
2013-05-10 19:03 . 2013-05-10 19:03        185344        ----a-w-        c:\windows\SysWow64\elshyph.dll
2013-05-10 19:03 . 2013-05-10 19:03        1054720        ----a-w-        c:\windows\system32\MsSpellCheckingFacility.exe
2013-05-10 19:03 . 2013-05-10 19:03        73728        ----a-w-        c:\windows\SysWow64\SetIEInstalledDate.exe
2013-05-10 19:03 . 2013-05-10 19:03        719360        ----a-w-        c:\windows\SysWow64\mshtmlmedia.dll
2013-05-10 19:03 . 2013-05-10 19:03        523264        ----a-w-        c:\windows\SysWow64\vbscript.dll
2013-05-10 19:03 . 2013-05-10 19:03        48640        ----a-w-        c:\windows\SysWow64\mshtmler.dll
2013-05-10 19:03 . 2013-05-10 19:03        38400        ----a-w-        c:\windows\SysWow64\imgutil.dll
2013-05-10 19:03 . 2013-05-10 19:03        226304        ----a-w-        c:\windows\system32\elshyph.dll
2013-05-10 19:03 . 2013-05-10 19:03        158720        ----a-w-        c:\windows\SysWow64\msls31.dll
2013-05-10 19:03 . 2013-05-10 19:03        150528        ----a-w-        c:\windows\SysWow64\iexpress.exe
2013-05-10 19:03 . 2013-05-10 19:03        138752        ----a-w-        c:\windows\SysWow64\wextract.exe
2013-05-10 19:03 . 2013-05-10 19:03        137216        ----a-w-        c:\windows\SysWow64\ieUnatt.exe
2013-05-10 19:03 . 2013-05-10 19:03        12800        ----a-w-        c:\windows\SysWow64\mshta.exe
2013-05-10 19:03 . 2013-05-10 19:03        110592        ----a-w-        c:\windows\SysWow64\IEAdvpack.dll
2013-05-10 19:03 . 2013-05-10 19:03        97280        ----a-w-        c:\windows\system32\mshtmled.dll
2013-05-10 19:03 . 2013-05-10 19:03        92160        ----a-w-        c:\windows\system32\SetIEInstalledDate.exe
2013-05-10 19:03 . 2013-05-10 19:03        905728        ----a-w-        c:\windows\system32\mshtmlmedia.dll
2013-05-10 19:03 . 2013-05-10 19:03        81408        ----a-w-        c:\windows\system32\icardie.dll
2013-05-10 19:03 . 2013-05-10 19:03        762368        ----a-w-        c:\windows\system32\ieapfltr.dll
2013-05-10 19:03 . 2013-05-10 19:03        62976        ----a-w-        c:\windows\system32\pngfilt.dll
2013-05-10 19:03 . 2013-05-10 19:03        61952        ----a-w-        c:\windows\SysWow64\tdc.ocx
2013-05-10 19:03 . 2013-05-10 19:03        599552        ----a-w-        c:\windows\system32\vbscript.dll
2013-05-10 19:03 . 2013-05-10 19:03        52224        ----a-w-        c:\windows\system32\msfeedsbs.dll
2013-05-10 19:03 . 2013-05-10 19:03        51200        ----a-w-        c:\windows\system32\imgutil.dll
2013-05-10 19:03 . 2013-05-10 19:03        48640        ----a-w-        c:\windows\system32\mshtmler.dll
2013-05-10 19:03 . 2013-05-10 19:03        452096        ----a-w-        c:\windows\system32\dxtmsft.dll
2013-05-10 19:03 . 2013-05-10 19:03        441856        ----a-w-        c:\windows\system32\html.iec
2013-05-10 19:03 . 2013-05-10 19:03        361984        ----a-w-        c:\windows\SysWow64\html.iec
2013-05-10 19:03 . 2013-05-10 19:03        281600        ----a-w-        c:\windows\system32\dxtrans.dll
2013-05-10 19:03 . 2013-05-10 19:03        27648        ----a-w-        c:\windows\system32\licmgr10.dll
2013-05-10 19:03 . 2013-05-10 19:03        270848        ----a-w-        c:\windows\system32\iedkcs32.dll
2013-05-10 19:03 . 2013-05-10 19:03        247296        ----a-w-        c:\windows\system32\webcheck.dll
2013-05-10 19:03 . 2013-05-10 19:03        235008        ----a-w-        c:\windows\system32\url.dll
2013-05-10 19:03 . 2013-05-10 19:03        23040        ----a-w-        c:\windows\SysWow64\licmgr10.dll
2013-05-10 19:03 . 2013-05-10 19:03        216064        ----a-w-        c:\windows\system32\msls31.dll
2013-05-10 19:03 . 2013-05-10 19:03        197120        ----a-w-        c:\windows\system32\msrating.dll
2013-05-10 19:03 . 2013-05-10 19:03        173568        ----a-w-        c:\windows\system32\ieUnatt.exe
2013-05-10 19:03 . 2013-05-10 19:03        167424        ----a-w-        c:\windows\system32\iexpress.exe
2013-05-10 19:03 . 2013-05-10 19:03        1509376        ----a-w-        c:\windows\system32\inetcpl.cpl
2013-05-10 19:03 . 2013-05-10 19:03        149504        ----a-w-        c:\windows\system32\occache.dll
2013-05-10 19:03 . 2013-05-10 19:03        144896        ----a-w-        c:\windows\system32\wextract.exe
2013-05-10 19:03 . 2013-05-10 19:03        1441280        ----a-w-        c:\windows\SysWow64\inetcpl.cpl
2013-05-10 19:03 . 2013-05-10 19:03        1400416        ----a-w-        c:\windows\system32\ieapfltr.dat
2013-05-10 19:03 . 2013-05-10 19:03        13824        ----a-w-        c:\windows\system32\mshta.exe
2013-05-10 19:03 . 2013-05-10 19:03        136192        ----a-w-        c:\windows\system32\iepeers.dll
2013-05-10 19:03 . 2013-05-10 19:03        135680        ----a-w-        c:\windows\system32\IEAdvpack.dll
2013-05-10 19:03 . 2013-05-10 19:03        12800        ----a-w-        c:\windows\system32\msfeedssync.exe
2013-05-10 19:03 . 2013-05-10 19:03        102912        ----a-w-        c:\windows\system32\inseng.dll
2013-05-10 19:03 . 2013-05-10 19:03        77312        ----a-w-        c:\windows\system32\tdc.ocx
2013-05-10 05:49 . 2013-06-12 06:17        30720        ----a-w-        c:\windows\system32\cryptdlg.dll
2013-05-10 03:20 . 2013-06-12 06:17        24576        ----a-w-        c:\windows\SysWow64\cryptdlg.dll
2013-05-08 06:39 . 2013-06-12 06:17        1910632        ----a-w-        c:\windows\system32\drivers\tcpip.sys
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Rainlendar2"="c:\program files\Rainlendar2\Rainlendar2.exe" [2012-12-29 4359680]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2009-06-03 103720]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"UpdatePDRShortCut"="c:\program files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-01-04 222504]
"RemoteControl8"="c:\program files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe" [2009-04-15 91432]
"PDVD8LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD8\Language\Language.exe" [2009-04-15 50472]
"UpdatePPShortCut"="c:\program files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408]
"UpdatePSTShortCut"="c:\program files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2009-07-21 210216]
"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2013-06-19 80480]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-06-27 345144]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-02-20 152392]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
c:\users\oliver\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.4.1.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2012-8-13 1199104]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\3.0.313\SSScheduler.exe [2012-10-26 271808]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
.
R0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 gupdate;Google Update-Dienst (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe;c:\program files (x86)\Google\Update\GoogleUpdate.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe;c:\program files (x86)\Google\Update\GoogleUpdate.exe [x]
R3 MHIKEY10;MHIKEY10;c:\windows\system32\Drivers\MHIKEY10x64.sys;c:\windows\SYSNATIVE\Drivers\MHIKEY10x64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys;c:\windows\SYSNATIVE\drivers\avgtpx64.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys;c:\windows\SYSNATIVE\Drivers\SABI.sys [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 ScrybeUpdater;Scrybe-Updateprogramm;c:\program files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe;c:\program files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 vToolbarUpdater15.4.0;vToolbarUpdater15.4.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\ToolbarUpdater.exe;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\ToolbarUpdater.exe [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-07-31 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 16:11]
.
2013-07-31 c:\windows\Tasks\GlaryInitialize 3.job
- c:\program files (x86)\Glary Utilities 3\Initialize.exe [2013-07-22 07:32]
.
2013-07-31 c:\windows\Tasks\GlaryInitialize.job
- c:\program files (x86)\Glary Utilities\initialize.exe [2011-12-27 08:50]
.
2013-07-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-04 19:57]
.
2013-07-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-04 19:57]
.
2013-07-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1972273453-3807663751-171534141-1000Core.job
- c:\users\oliver\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-26 20:17]
.
2013-07-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1972273453-3807663751-171534141-1000UA.job
- c:\users\oliver\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-26 20:17]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{08337871-0e50-4031-9110-3bd21ca3c065}]
2011-11-09 01:54        167416        ----a-w-        c:\users\oliver\AppData\Roaming\VshareComplete\64\VshareComplete64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-12-28 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-12-28 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-12-28 415256]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-07-07 12558440]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.bing.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uSearchAssistant = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com
IE: Free YouTube Download - c:\users\oliver\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
IE: Free YouTube to MP3 Converter - c:\users\oliver\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
TCP: DhcpNameServer = 192.168.178.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.4.0\ViProtocol.dll
FF - ProfilePath -
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{40c3cc16-7269-4b32-9531-17f2950fb06f} - (no file)
URLSearchHooks-{c840e246-6b95-475e-9bd7-caa1c7eca9f2} - (no file)
URLSearchHooks-{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - (no file)
BHO-{40c3cc16-7269-4b32-9531-17f2950fb06f} - (no file)
Toolbar-Locked - (no file)
Toolbar-{40c3cc16-7269-4b32-9531-17f2950fb06f} - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
WebBrowser-{40C3CC16-7269-4B32-9531-17F2950FB06F} - (no file)
WebBrowser-{C840E246-6B95-475E-9BD7-CAA1C7ECA9F2} - (no file)
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1972273453-3807663751-171534141-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
  00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-07-31  16:41:44
ComboFix-quarantined-files.txt  2013-07-31 14:41
ComboFix2.txt  2012-06-19 17:13
.
Vor Suchlauf: 11 Verzeichnis(se), 106.444.914.688 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 106.058.420.224 Bytes frei
.
- - End Of File - - AC3B430CD244967013A66BD1CBA0C49D
D41D8CD98F00B204E9800998ECF8427E

schrauber 31.07.2013 19:35
Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


und ein frisches FRST log bitte.

Landei 31.07.2013 20:02
Hi, danke erstmal

hier der adw cleaner
Code:
# AdwCleaner v2.306 - Datei am 31/07/2013 um 20:39:53 erstellt
# Aktualisiert am 19/07/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : oliver - OLIVER-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\oliver\Downloads\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\END
Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml
Datei Gelöscht : C:\Users\oliver\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_apps.conduit.com_0.localstorage-journal
Gelöscht mit Neustart : C:\Program Files (x86)\Common Files\AVG Secure Search
Gelöscht mit Neustart : C:\Users\oliver\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhphemoobgnikcoofkgackkaimpfmenm
Gelöscht mit Neustart : C:\Users\oliver\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhphemoobgnikcoofkgackkaimpfmenm
Ordner Gelöscht : C:\Program Files (x86)\AVG Secure Search
Ordner Gelöscht : C:\Program Files (x86)\Common Files\DVDVideoSoft\TB
Ordner Gelöscht : C:\Program Files (x86)\Conduit
Ordner Gelöscht : C:\Program Files (x86)\VshareComplete
Ordner Gelöscht : C:\Program Files (x86)\Winload
Ordner Gelöscht : C:\ProgramData\Ask
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\Users\oliver\AppData\Local\AVG Secure Search
Ordner Gelöscht : C:\Users\oliver\AppData\Local\Conduit
Ordner Gelöscht : C:\Users\oliver\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhphemoobgnikcoofkgackkaimpfmenm
Ordner Gelöscht : C:\Users\oliver\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlfienamagdnkekbbbocojppncdambda
Ordner Gelöscht : C:\Users\oliver\AppData\Local\PutLockerDownloader
Ordner Gelöscht : C:\Users\oliver\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\oliver\AppData\LocalLow\PriceGong
Ordner Gelöscht : C:\Users\oliver\AppData\LocalLow\Winload
Ordner Gelöscht : C:\Users\oliver\AppData\Roaming\BabSolution
Ordner Gelöscht : C:\Users\oliver\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\oliver\AppData\Roaming\DesktopIconForAmazon
Ordner Gelöscht : C:\Users\oliver\AppData\Roaming\dvdvideosoftiehelpers
Ordner Gelöscht : C:\Users\oliver\AppData\Roaming\Funmoods
Ordner Gelöscht : C:\Users\oliver\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FTDownloader.com
Ordner Gelöscht : C:\Users\oliver\AppData\Roaming\OpenCandy
Ordner Gelöscht : C:\Users\oliver\AppData\Roaming\VshareComplete

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\1ClickDownload
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\PriceGong
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Winload
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Toolbar
Schlüssel Gelöscht : HKCU\Software\BabSolution
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\DataMngr_Toolbar
Schlüssel Gelöscht : HKCU\Software\Delta
Schlüssel Gelöscht : HKCU\Software\Funmoods
Schlüssel Gelöscht : HKCU\Software\Google\Chrome\Extensions\bhphemoobgnikcoofkgackkaimpfmenm
Schlüssel Gelöscht : HKCU\Software\Google\Chrome\Extensions\leocdeigfnkaojcapikdjcdbedcjmffc
Schlüssel Gelöscht : HKCU\Software\IGearSettings
Schlüssel Gelöscht : HKCU\Software\InstallCore
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\StartSearch
Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gelöscht : HKLM\Software\AVG Security Toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2319825
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Schlüssel Gelöscht : HKLM\Software\DataMngr
Schlüssel Gelöscht : HKLM\Software\Delta
Schlüssel Gelöscht : HKLM\Software\InstallCore
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\FunmoodsSetup_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\FunmoodsSetup_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4D494D9D-1436-41D8-AC95-35AA4F4AEFAF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A1B48071-416D-474E-A13B-BE5456E7FC31}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Schlüssel Gelöscht : HKLM\Software\SimplyGen
Schlüssel Gelöscht : HKLM\Software\Winload
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\5e2d88cb569e415
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C9AE652B-8C99-4AC2-B556-8B501182874E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\bhphemoobgnikcoofkgackkaimpfmenm
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dlfienamagdnkekbbbocojppncdambda
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\leocdeigfnkaojcapikdjcdbedcjmffc
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AB9FE2F9-7166-4215-A41D-7BB999C351ED}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D4CE94F6-5E7C-4A68-BA43-99D13482F066}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{40C3CC16-7269-4B32-9531-17F2950FB06F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Winload Toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3D782BB2-F2A5-11D3-BF4C-000000000000}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C9AE652B-8C99-4AC2-B556-8B501182874E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{40C3CC16-7269-4B32-9531-17F2950FB06F}]
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{40C3CC16-7269-4B32-9531-17F2950FB06F}]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]

***** [Internet Browser] *****

-\\ Internet Explorer v10.0.9200.16635

Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Search - Default_Search_URL] = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com --> hxxp://www.google.com

-\\ Google Chrome v28.0.1500.95

Datei : C:\Users\oliver\AppData\Local\Google\Chrome\User Data\Default\Preferences

Gelöscht [l.2179] : homepage = "hxxp://www1.delta-search.com/?babsrc=HP_ss&mntrId=546EB2004E647309&affID=119776&tsp=[...]

*************************

AdwCleaner[S1].txt - [12643 octets] - [31/07/2013 20:39:53]

########## EOF - C:\AdwCleaner[S1].txt - [12704 octets] ##########
Malware kommt gleich auch

Malware

Code:
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.07.31.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16635
oliver :: OLIVER-PC [Administrator]

31.07.2013 20:45:52
mbam-log-2013-07-31 (20-45-52).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 222141
Laufzeit: 7 Minute(n), 1 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 2
C:\Users\oliver\Downloads\FlashPlayer_V.106188860c.exe (Adware.DomaIQ) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\oliver\Downloads\lshunterAppsSetup20.exe (PUP.BundleInstaller.DW) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

FRST


FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 30-07-2013 03
Ran by oliver (administrator) on 31-07-2013 20:59:45
Running from C:\Users\oliver\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe
(SAMSUNG Electronics) C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
(SEC) C:\Program Files (x86)\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Synaptics, Inc.) C:\Program Files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\ToolbarUpdater.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Glarysoft Ltd) C:\Program Files (x86)\Glary Utilities 3\Integrator.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\windows\System32\alg.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Program Files\Rainlendar2\Rainlendar2.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee Security Scan\3.0.313\SSScheduler.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe
(Nullsoft, Inc.) C:\Program Files (x86)\Winamp\winampa.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Google Inc.) C:\Users\oliver\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\oliver\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\oliver\AppData\Local\Google\Chrome\Application\chrome.exe
(Farbar) C:\Users\oliver\Downloads\FRST64 (1).exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2735400 2011-03-31] (Synaptics Incorporated)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12558440 2011-07-07] (Realtek Semiconductor)
HKLM\...\InprocServer32: [Default-cscui]  <==== ATTENTION!
HKCU\...\Run: [Rainlendar2] - C:\Program Files\Rainlendar2\Rainlendar2.exe [4359680 2012-12-29] ()
HKLM-x32\...\Run: [UpdateLBPShortCut] - C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [CLMLServer] - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [103720 2009-06-03] (CyberLink)
HKLM-x32\...\Run: [UpdateP2GoShortCut] - C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePDRShortCut] - C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe [222504 2008-01-04] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl8] - C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe [91432 2009-04-15] (CyberLink Corp.)
HKLM-x32\...\Run: [PDVD8LanguageShortcut] - C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe [50472 2009-04-15] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePPShortCut] - C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe [218408 2008-12-03] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePSTShortCut] - C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe [210216 2009-07-21] (CyberLink Corp.)
HKLM-x32\...\Run: [WinampAgent] - C:\Program Files (x86)\Winamp\winampa.exe [80480 2013-06-19] (Nullsoft, Inc.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-01-28] (Apple Inc.)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [345144 2013-06-27] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-02-20] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files (x86)\McAfee Security Scan\3.0.313\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\oliver\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM-x32 - {80272FE5-DE96-4AB0-B0C0-A4D7F04CA654} URL = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com
SearchScopes: HKCU - Plasmoo URL = hxxp://plasmoo.com/index.htm?SearchMashine=true&q={searchTerms}
SearchScopes: HKCU - {6BE547F0-A203-4ECC-B476-C43C3A11B084} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=8B5D2D6E-FF6C-47C3-9383-4C9C9BDEF631&apn_sauid=0F8F2B84-FF2A-4FF0-814C-EB899A146906
SearchScopes: HKCU - {80272FE5-DE96-4AB0-B0C0-A4D7F04CA654} URL = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com
BHO: VshareComplete - {08337871-0e50-4031-9110-3bd21ca3c065} - C:\Users\oliver\AppData\Roaming\VshareComplete\64\VshareComplete64.dll No File
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.313\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\oliver\AppData\Roaming\Mozilla\Firefox\Path=C:\Users\oliver\AppData\Roaming\Mozilla\Profiles\o76bw92q.Standard-Benutzer
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files (x86)\McAfee Security Scan\3.0.313\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @veetle.com/veetleCorePlugin,version=0.9.19 - C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF Plugin-x32: @veetle.com/veetlePlayerPlugin,version=0.9.18 - C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\oliver\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\oliver\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Extension: No Name - C:\Users\oliver\AppData\Roaming\Mozilla\Firefox\profiles\extensions\extensions
FF Extension: ftdownloader2 - C:\Users\oliver\AppData\Roaming\Mozilla\Firefox\profiles\extensions\ftdownloader2@ftdownloader.com.xpi
FF Extension: No Name - C:\Users\oliver\AppData\Roaming\Mozilla\Firefox\profiles\extensions\user.js
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR RestoreOnStartup: "hxxp://www.t-online.de/"
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Users\oliver\AppData\Local\Google\Chrome\Application\28.0.1500.95\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\oliver\AppData\Local\Google\Chrome\Application\28.0.1500.95\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\oliver\AppData\Local\Google\Chrome\Application\28.0.1500.95\pdf.dll ()
CHR Plugin: (registryAccess) - C:\Users\oliver\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaojmikegpiepcfdkkjaplodkpfmlo\7.15.15.37265_1\background/registryAccess.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (vShare.tv plug-in) - C:\Program Files (x86)\Mozilla Firefox\plugins\npvsharetvplg.dll No File
CHR Plugin: (Winamp Application Detector) - C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll (Nullsoft, Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (AVG SiteSafety plugin) - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\14.2.0\\npsitesafety.dll No File
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U17) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (McAfee Security Scanner +) - C:\Program Files (x86)\McAfee Security Scan\3.0.313\npMcAfeeMss.dll (McAfee, Inc.)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File
CHR Plugin: (Veetle TV Player) - C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
CHR Plugin: (Veetle TV Core) - C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
CHR Plugin: (Shockwave Flash) - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.170.2) - C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Extension: (DVDVideoSoft Browser Extension) - C:\Users\oliver\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.0_0
CHR Extension: (Gutscheinsammler Finder) - C:\Users\oliver\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilobbegphefikcgjpajnneiiahhejam\2.1.1_0
CHR HKLM-x32\...\Chrome\Extension: [mbcjjdjanpccmehilicphhmeobiljcpk] - C:\Program Files (x86)\FTDownloader.com\FTDownloader10.crx
CHR HKLM-x32\...\Chrome\Extension: [pilobbegphefikcgjpajnneiiahhejam] - C:\Users\oliver\Econa\Gutscheinsammler\Chrome\chrome.crx

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-06-27] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-06-27] (Avira Operations GmbH & Co. KG)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152 2009-07-07] ()
R2 ScrybeUpdater; C:\Program Files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe [1300264 2011-05-27] (Synaptics, Inc.)
R2 vToolbarUpdater15.4.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\ToolbarUpdater.exe [1616048 2013-07-29] (AVG Secure Search)

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [100712 2013-03-30] (Avira Operations GmbH & Co. KG)
R1 avgtp; C:\windows\system32\drivers\avgtpx64.sys [45856 2013-07-29] (AVG Technologies)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130016 2013-03-30] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-03-30] (Avira Operations GmbH & Co. KG)
S3 MHIKEY10; C:\Windows\System32\Drivers\MHIKEY10x64.sys [60288 2010-09-15] (Generic USB smartcard reader)
S3 rtport; C:\windows\SysWOW64\drivers\rtport.sys [15144 2011-02-15] (Windows (R) 2003 DDK 3790 provider)
S3 rtport; C:\windows\SysWOW64\drivers\rtport.sys [15144 2011-02-15] (Windows (R) 2003 DDK 3790 provider)
R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [395264 2009-09-28] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S0 PxHlpa64; System32\Drivers\PxHlpa64.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-31 20:40 - 2013-07-31 20:40 - 00000363 _____ C:\windows\DeleteOnReboot.bat
2013-07-31 20:39 - 2013-07-31 20:40 - 00012744 _____ C:\AdwCleaner[S1].txt
2013-07-31 20:39 - 2013-07-31 20:39 - 00666633 _____ C:\Users\oliver\Downloads\adwcleaner.exe
2013-07-31 16:41 - 2013-07-31 16:41 - 00024449 _____ C:\ComboFix.txt
2013-07-31 16:28 - 2013-07-31 16:39 - 00000000 ____D C:\windows\erdnt
2013-07-31 16:28 - 2011-06-26 08:45 - 00256000 _____ C:\windows\PEV.exe
2013-07-31 16:28 - 2010-11-07 19:20 - 00208896 _____ C:\windows\MBR.exe
2013-07-31 16:28 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe
2013-07-31 16:28 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe
2013-07-31 16:28 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe
2013-07-31 16:28 - 2000-08-31 02:00 - 00098816 _____ C:\windows\sed.exe
2013-07-31 16:28 - 2000-08-31 02:00 - 00080412 _____ C:\windows\grep.exe
2013-07-31 16:28 - 2000-08-31 02:00 - 00068096 _____ C:\windows\zip.exe
2013-07-31 16:27 - 2013-07-31 16:28 - 05096636 ____R (Swearware) C:\Users\oliver\Downloads\ComboFix.exe
2013-07-31 14:13 - 2013-07-31 20:55 - 00003712 _____ C:\windows\PFRO.log
2013-07-31 14:06 - 2013-07-31 14:06 - 02828552 _____ (AVAST Software) C:\Users\oliver\Downloads\avast-browser-cleanup_8.0.1484.29.exe
2013-07-31 14:06 - 2013-07-31 14:06 - 02828552 _____ (AVAST Software) C:\Users\oliver\Downloads\avast-browser-cleanup_8.0.1484.29 (1).exe
2013-07-31 12:34 - 2013-07-31 12:34 - 00018467 _____ C:\Users\oliver\Downloads\Addition.txt
2013-07-31 12:33 - 2013-07-31 12:33 - 00000000 ____D C:\FRST
2013-07-31 12:32 - 2013-07-31 12:33 - 01781589 _____ (Farbar) C:\Users\oliver\Downloads\FRST64 (1).exe
2013-07-31 11:28 - 2013-07-31 11:28 - 00000000 ____D C:\Users\oliver\AppData\Local\Cool_Mirage
2013-07-31 09:38 - 2013-07-31 20:55 - 00000280 _____ C:\windows\setupact.log
2013-07-31 09:38 - 2013-07-31 09:38 - 00000000 _____ C:\windows\setuperr.log
2013-07-30 10:59 - 2013-07-31 20:57 - 00000334 _____ C:\windows\Tasks\GlaryInitialize 3.job
2013-07-30 10:59 - 2013-07-31 20:56 - 00000000 ____D C:\Program Files (x86)\Glary Utilities 3
2013-07-30 10:59 - 2013-07-30 10:59 - 00002634 _____ C:\windows\System32\Tasks\GlaryInitialize 3
2013-07-30 10:59 - 2013-07-30 10:59 - 00001080 _____ C:\Users\Public\Desktop\Glary Utilities 3.lnk
2013-07-30 10:58 - 2013-07-30 10:59 - 16285968 _____ C:\Users\oliver\Downloads\gu3setup.exe
2013-07-29 19:01 - 2013-07-29 19:01 - 00003717 _____ C:\Program Files (x86)\Mozilla Firefoxavg-secure-search.xml
2013-07-14 11:24 - 2013-07-14 11:24 - 01067456 _____ (Solid State Networks) C:\Users\oliver\Downloads\install_flashplayer11x32au_ltr5x64d_awc_aih.exe
2013-07-10 20:55 - 2013-06-12 01:43 - 14329856 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2013-07-10 20:55 - 2013-06-12 01:43 - 02877440 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2013-07-10 20:55 - 2013-06-12 01:43 - 01767936 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2013-07-10 20:55 - 2013-06-12 01:43 - 01141248 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2013-07-10 20:55 - 2013-06-12 01:43 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2013-07-10 20:55 - 2013-06-12 01:43 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2013-07-10 20:55 - 2013-06-12 01:43 - 00039424 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2013-07-10 20:55 - 2013-06-12 01:42 - 13760512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2013-07-10 20:55 - 2013-06-12 01:42 - 02046976 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2013-07-10 20:55 - 2013-06-12 01:42 - 00391168 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2013-07-10 20:55 - 2013-06-12 01:42 - 00109056 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll
2013-07-10 20:55 - 2013-06-12 01:42 - 00061440 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2013-07-10 20:55 - 2013-06-12 01:42 - 00033280 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2013-07-10 20:55 - 2013-06-12 01:26 - 02241024 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2013-07-10 20:55 - 2013-06-12 01:26 - 01365504 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2013-07-10 20:55 - 2013-06-12 01:26 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2013-07-10 20:55 - 2013-06-12 01:25 - 19238912 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2013-07-10 20:55 - 2013-06-12 01:25 - 15404032 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2013-07-10 20:55 - 2013-06-12 01:25 - 03958784 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2013-07-10 20:55 - 2013-06-12 01:25 - 02648576 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2013-07-10 20:55 - 2013-06-12 01:25 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2013-07-10 20:55 - 2013-06-12 01:25 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2013-07-10 20:55 - 2013-06-12 01:25 - 00526336 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2013-07-10 20:55 - 2013-06-12 01:25 - 00136704 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2013-07-10 20:55 - 2013-06-12 01:25 - 00067072 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2013-07-10 20:55 - 2013-06-12 01:25 - 00053248 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2013-07-10 20:55 - 2013-06-12 01:25 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2013-07-10 20:55 - 2013-06-12 00:51 - 00071680 _____ (Microsoft Corporation) C:\windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-10 20:55 - 2013-06-12 00:50 - 00089600 _____ (Microsoft Corporation) C:\windows\system32\RegisterIEPKEYs.exe
2013-07-10 20:55 - 2013-06-07 05:22 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2013-07-10 20:55 - 2013-06-07 04:37 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2013-07-10 07:24 - 2013-06-05 05:34 - 03153920 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2013-07-10 07:24 - 2013-06-04 08:00 - 00624128 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll
2013-07-10 07:24 - 2013-06-04 06:53 - 00509440 _____ (Microsoft Corporation) C:\windows\SysWOW64\qedit.dll
2013-07-10 07:24 - 2013-05-06 08:03 - 01887744 _____ (Microsoft Corporation) C:\windows\system32\WMVDECOD.DLL
2013-07-10 07:24 - 2013-05-06 06:56 - 01620480 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMVDECOD.DLL
2013-07-10 07:24 - 2013-04-10 01:34 - 01247744 _____ (Microsoft Corporation) C:\windows\SysWOW64\DWrite.dll
2013-07-10 07:24 - 2013-04-03 00:51 - 01643520 _____ (Microsoft Corporation) C:\windows\system32\DWrite.dll
2013-07-05 10:14 - 2013-07-05 10:14 - 00000979 _____ C:\Users\Public\Desktop\Winamp.lnk
2013-07-05 10:12 - 2013-07-05 10:13 - 13306032 _____ (Nullsoft, Inc.) C:\Users\oliver\Downloads\winamp564_full_emusic-7plus_de-de.exe
2013-07-01 11:52 - 2013-07-01 11:52 - 00019354 _____ C:\Users\oliver\Documents\Lebenlauf.odt

==================== One Month Modified Files and Folders =======

2013-07-31 20:57 - 2013-07-30 10:59 - 00000334 _____ C:\windows\Tasks\GlaryInitialize 3.job
2013-07-31 20:57 - 2013-02-06 19:44 - 00000000 ____D C:\Users\oliver\.rainlendar2
2013-07-31 20:56 - 2013-07-30 10:59 - 00000000 ____D C:\Program Files (x86)\Glary Utilities 3
2013-07-31 20:56 - 2011-07-23 19:33 - 00000374 _____ C:\windows\system32\Drivers\etc\hosts.ics
2013-07-31 20:56 - 2011-07-09 19:35 - 00000000 ____D C:\Users\oliver\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite
2013-07-31 20:55 - 2013-07-31 14:13 - 00003712 _____ C:\windows\PFRO.log
2013-07-31 20:55 - 2013-07-31 09:38 - 00000280 _____ C:\windows\setupact.log
2013-07-31 20:55 - 2011-12-27 18:32 - 00000328 _____ C:\windows\Tasks\GlaryInitialize.job
2013-07-31 20:55 - 2011-08-04 21:57 - 00001106 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-31 20:55 - 2009-07-14 07:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2013-07-31 20:54 - 2010-11-08 01:10 - 01124193 _____ C:\windows\WindowsUpdate.log
2013-07-31 20:52 - 2011-08-04 21:57 - 00001110 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-31 20:51 - 2009-07-14 06:45 - 00013936 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-31 20:51 - 2009-07-14 06:45 - 00013936 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-31 20:40 - 2013-07-31 20:40 - 00000363 _____ C:\windows\DeleteOnReboot.bat
2013-07-31 20:40 - 2013-07-31 20:39 - 00012744 _____ C:\AdwCleaner[S1].txt
2013-07-31 20:39 - 2013-07-31 20:39 - 00666633 _____ C:\Users\oliver\Downloads\adwcleaner.exe
2013-07-31 20:11 - 2012-03-29 23:10 - 00000884 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2013-07-31 19:55 - 2012-05-26 22:20 - 00001124 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1972273453-3807663751-171534141-1000UA.job
2013-07-31 16:41 - 2013-07-31 16:41 - 00024449 _____ C:\ComboFix.txt
2013-07-31 16:41 - 2012-06-19 18:58 - 00000000 ____D C:\Qoobox
2013-07-31 16:39 - 2013-07-31 16:28 - 00000000 ____D C:\windows\erdnt
2013-07-31 16:38 - 2009-07-14 04:34 - 00000215 _____ C:\windows\system.ini
2013-07-31 16:28 - 2013-07-31 16:27 - 05096636 ____R (Swearware) C:\Users\oliver\Downloads\ComboFix.exe
2013-07-31 14:12 - 2011-07-29 08:52 - 00000000 ____D C:\Users\oliver\AppData\Roaming\SoftGrid Client
2013-07-31 14:06 - 2013-07-31 14:06 - 02828552 _____ (AVAST Software) C:\Users\oliver\Downloads\avast-browser-cleanup_8.0.1484.29.exe
2013-07-31 14:06 - 2013-07-31 14:06 - 02828552 _____ (AVAST Software) C:\Users\oliver\Downloads\avast-browser-cleanup_8.0.1484.29 (1).exe
2013-07-31 12:34 - 2013-07-31 12:34 - 00018467 _____ C:\Users\oliver\Downloads\Addition.txt
2013-07-31 12:33 - 2013-07-31 12:33 - 00000000 ____D C:\FRST
2013-07-31 12:33 - 2013-07-31 12:32 - 01781589 _____ (Farbar) C:\Users\oliver\Downloads\FRST64 (1).exe
2013-07-31 11:33 - 2012-06-19 19:42 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-07-31 11:32 - 2012-07-19 18:20 - 00001109 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-07-31 11:28 - 2013-07-31 11:28 - 00000000 ____D C:\Users\oliver\AppData\Local\Cool_Mirage
2013-07-31 11:28 - 2011-07-09 14:03 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-07-31 10:55 - 2012-05-26 22:20 - 00001072 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1972273453-3807663751-171534141-1000Core.job
2013-07-31 09:44 - 2012-02-12 00:31 - 00003938 _____ C:\windows\System32\Tasks\User_Feed_Synchronization-{999711EC-264D-4CF4-933C-4C0B21BB1F68}
2013-07-31 09:38 - 2013-07-31 09:38 - 00000000 _____ C:\windows\setuperr.log
2013-07-30 11:00 - 2011-07-09 19:40 - 00000000 ___RD C:\Users\oliver\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-07-30 11:00 - 2009-08-02 04:27 - 00000000 ____D C:\windows\Panther
2013-07-30 10:59 - 2013-07-30 10:59 - 00002634 _____ C:\windows\System32\Tasks\GlaryInitialize 3
2013-07-30 10:59 - 2013-07-30 10:59 - 00001080 _____ C:\Users\Public\Desktop\Glary Utilities 3.lnk
2013-07-30 10:59 - 2013-07-30 10:58 - 16285968 _____ C:\Users\oliver\Downloads\gu3setup.exe
2013-07-30 10:59 - 2011-12-27 18:33 - 00000000 ____D C:\Users\oliver\AppData\Roaming\GlarySoft
2013-07-30 10:55 - 2011-07-09 13:45 - 00000000 ____D C:\Users\oliver\AppData\Roaming\Macromedia
2013-07-29 19:01 - 2013-07-29 19:01 - 00003717 _____ C:\Program Files (x86)\Mozilla Firefoxavg-secure-search.xml
2013-07-29 19:01 - 2012-08-30 20:43 - 00045856 _____ (AVG Technologies) C:\windows\system32\Drivers\avgtpx64.sys
2013-07-28 22:02 - 2011-07-09 13:52 - 00000000 ____D C:\Users\oliver\AppData\Roaming\Winamp
2013-07-26 20:37 - 2010-11-06 04:52 - 00654852 _____ C:\windows\system32\perfh007.dat
2013-07-26 20:37 - 2010-11-06 04:52 - 00130434 _____ C:\windows\system32\perfc007.dat
2013-07-26 20:37 - 2009-07-14 07:13 - 01500294 _____ C:\windows\system32\PerfStringBackup.INI
2013-07-23 22:38 - 2011-07-09 13:58 - 00000000 ____D C:\Users\oliver\Desktop\Nicht verwendete Desktop Dateien
2013-07-23 12:08 - 2013-06-23 14:19 - 00000000 ____D C:\Users\oliver\AppData\Roaming\Skype
2013-07-14 11:24 - 2013-07-14 11:24 - 01067456 _____ (Solid State Networks) C:\Users\oliver\Downloads\install_flashplayer11x32au_ltr5x64d_awc_aih.exe
2013-07-13 10:50 - 2012-05-26 22:20 - 00004096 _____ C:\windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1972273453-3807663751-171534141-1000UA
2013-07-13 10:50 - 2012-05-26 22:20 - 00003700 _____ C:\windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1972273453-3807663751-171534141-1000Core
2013-07-13 10:47 - 2011-08-04 21:57 - 00004106 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-07-13 10:47 - 2011-08-04 21:57 - 00003854 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-07-13 09:51 - 2009-07-14 07:08 - 00032640 _____ C:\windows\Tasks\SCHEDLGU.TXT
2013-07-12 12:57 - 2013-06-23 14:19 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-07-12 12:57 - 2013-06-23 14:19 - 00000000 ____D C:\ProgramData\Skype
2013-07-10 21:06 - 2009-07-14 06:45 - 00317528 _____ C:\windows\system32\FNTCACHE.DAT
2013-07-10 21:05 - 2013-03-13 22:04 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-10 21:05 - 2013-03-13 22:04 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-07-10 21:04 - 2010-11-06 04:31 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-10 21:04 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-10 21:04 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-07-10 20:56 - 2011-07-10 20:07 - 78185248 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2013-07-08 21:03 - 2013-06-23 14:15 - 00000000 ____D C:\Users\oliver\Documents\Images
2013-07-05 14:07 - 2011-07-25 23:05 - 00000000 ____D C:\Users\oliver\Downloads\German_TOP100_Single_Charts_04_07_2011-MCG
2013-07-05 10:14 - 2013-07-05 10:14 - 00000979 _____ C:\Users\Public\Desktop\Winamp.lnk
2013-07-05 10:14 - 2011-07-09 13:52 - 00000000 ____D C:\Program Files (x86)\Winamp
2013-07-05 10:13 - 2013-07-05 10:12 - 13306032 _____ (Nullsoft, Inc.) C:\Users\oliver\Downloads\winamp564_full_emusic-7plus_de-de.exe
2013-07-01 11:52 - 2013-07-01 11:52 - 00019354 _____ C:\Users\oliver\Documents\Lebenlauf.odt

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-07-23 09:15

==================== End Of Log ============================
--- --- ---

--- --- ---

schrauber 31.07.2013 20:12

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)

Landei 31.07.2013 22:34
ist es normal das eset so lange braucht? 75min und erst bei 31 % er hat auch 2 infizierte sachen gefunden....

Eset

Code:
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=76c9082c84a86e45b9da92625db9f9eb
# engine=14605
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-07-31 09:24:24
# local_time=2013-07-31 11:24:24 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 96 10422 145977169 3201 0
# compatibility_mode=5893 16776573 100 94 9806 126935714 0 0
# scanned=222292
# found=2
# cleaned=0
# scan_time=7366
sh=B93D9DC67D85582DE1F18D984191EF2CD66A4A95 ft=0 fh=0000000000000000 vn="HTML/Iframe.B.Gen virus" ac=I fn="C:\Users\oliver\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000acd"
sh=964B729E956A434D2832AAB5E3BA7AADE8368890 ft=0 fh=0000000000000000 vn="HTML/Iframe.B.Gen virus" ac=I fn="C:\Users\oliver\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000ae4"

security check:

Code:
Results of screen317's Security Check version 0.99.71 
 Windows 7 Service Pack 1 x64 (UAC is enabled) 
 Internet Explorer 10 
``````````````Antivirus/Firewall Check:``````````````
Avira Desktop 
 Antivirus up to date!  (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
 Malwarebytes Anti-Malware Version 1.75.0.1300 
 Java 7 Update 25 
 Adobe Flash Player 11.7.700.224 
 Adobe Reader XI 
 Mozilla Firefox (22.0)
 Google Chrome 28.0.1500.72 
 Google Chrome 28.0.1500.95 
````````Process Check: objlist.exe by Laurent```````` 
 Avira Antivir avgnt.exe
 Avira Antivir avguard.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 
````````````````````End of Log``````````````````````



kannst du mir vielleicht auch mal genau erklären was ich da eigentlich für Infizierte Dinge habe und wo ich sowas herbekomme? Danke aber auch schon mal für die ganzen Tipps hier wie ich was machen muss ;) das hilft

Code:
Results of screen317's Security Check version 0.99.71 
 Windows 7 Service Pack 1 x64 (UAC is enabled) 
 Internet Explorer 10 
``````````````Antivirus/Firewall Check:``````````````
Avira Desktop 
 Antivirus up to date!  (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
 Malwarebytes Anti-Malware Version 1.75.0.1300 
 Java 7 Update 25 
 Adobe Flash Player 11.7.700.224 
 Adobe Reader XI 
 Mozilla Firefox (22.0)
 Google Chrome 28.0.1500.72 
 Google Chrome 28.0.1500.95 
````````Process Check: objlist.exe by Laurent```````` 
 Avira Antivir avgnt.exe
 Avira Antivir avguard.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 
````````````````````End of Log``````````````````````

schrauber 01.08.2013 09:24
Chrome bitte deinstallieren, keine Daten behalten, neu installieren.
Frisches FRST log fehlt.
Noch Probleme?

Die Kiste war voll mit Adware. Meist installiert das sic mit wenn man zu schnell klickt und nicht liest was man installiert. Auch niemals "Standard" installieren, immer "Benutzerdefiniert", so kann man Toolbars und Adware Haken raus machen bei der Installation.

Landei 01.08.2013 10:20
Hi, also augescheinlich sieht alles ganz gut aus, delta search ist weg, und anzeigen tut avira auch nichts mehr.

hier mal das Frische FSRT :


FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 30-07-2013 03
Ran by oliver (administrator) on 01-08-2013 11:18:56
Running from C:\Users\oliver\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(SAMSUNG Electronics) C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
(SEC) C:\Program Files (x86)\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Synaptics, Inc.) C:\Program Files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Program Files\Rainlendar2\Rainlendar2.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee Security Scan\3.0.313\SSScheduler.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\ToolbarUpdater.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(Glarysoft Ltd) C:\Program Files (x86)\Glary Utilities 3\Integrator.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe
(Nullsoft, Inc.) C:\Program Files (x86)\Winamp\winampa.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\windows\System32\alg.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2735400 2011-03-31] (Synaptics Incorporated)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12558440 2011-07-07] (Realtek Semiconductor)
HKLM\...\InprocServer32: [Default-cscui]  <==== ATTENTION!
HKCU\...\Run: [Rainlendar2] - C:\Program Files\Rainlendar2\Rainlendar2.exe [4359680 2012-12-29] ()
HKLM-x32\...\Run: [UpdateLBPShortCut] - C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [CLMLServer] - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [103720 2009-06-03] (CyberLink)
HKLM-x32\...\Run: [UpdateP2GoShortCut] - C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePDRShortCut] - C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe [222504 2008-01-04] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl8] - C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe [91432 2009-04-15] (CyberLink Corp.)
HKLM-x32\...\Run: [PDVD8LanguageShortcut] - C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe [50472 2009-04-15] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePPShortCut] - C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe [218408 2008-12-03] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePSTShortCut] - C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe [210216 2009-07-21] (CyberLink Corp.)
HKLM-x32\...\Run: [WinampAgent] - C:\Program Files (x86)\Winamp\winampa.exe [80480 2013-06-19] (Nullsoft, Inc.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-01-28] (Apple Inc.)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [345144 2013-06-27] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-02-20] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files (x86)\McAfee Security Scan\3.0.313\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\oliver\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM-x32 - {80272FE5-DE96-4AB0-B0C0-A4D7F04CA654} URL = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com
SearchScopes: HKCU - Plasmoo URL = hxxp://plasmoo.com/index.htm?SearchMashine=true&q={searchTerms}
SearchScopes: HKCU - {6BE547F0-A203-4ECC-B476-C43C3A11B084} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=8B5D2D6E-FF6C-47C3-9383-4C9C9BDEF631&apn_sauid=0F8F2B84-FF2A-4FF0-814C-EB899A146906
SearchScopes: HKCU - {80272FE5-DE96-4AB0-B0C0-A4D7F04CA654} URL = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com
BHO: VshareComplete - {08337871-0e50-4031-9110-3bd21ca3c065} - C:\Users\oliver\AppData\Roaming\VshareComplete\64\VshareComplete64.dll No File
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.313\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\oliver\AppData\Roaming\Mozilla\Firefox\Path=C:\Users\oliver\AppData\Roaming\Mozilla\Profiles\o76bw92q.Standard-Benutzer
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files (x86)\McAfee Security Scan\3.0.313\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @veetle.com/veetleCorePlugin,version=0.9.19 - C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF Plugin-x32: @veetle.com/veetlePlayerPlugin,version=0.9.18 - C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: No Name - C:\Users\oliver\AppData\Roaming\Mozilla\Firefox\profiles\extensions\extensions
FF Extension: ftdownloader2 - C:\Users\oliver\AppData\Roaming\Mozilla\Firefox\profiles\extensions\ftdownloader2@ftdownloader.com.xpi
FF Extension: No Name - C:\Users\oliver\AppData\Roaming\Mozilla\Firefox\profiles\extensions\user.js
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

Chrome:
=======
CHR HomePage: hxxp://www.bing.com/
CHR RestoreOnStartup: "hxxp://www.t-online.de/"
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Winamp Application Detector) - C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll (Nullsoft, Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
CHR Plugin: (Java(TM) Platform SE 7 U25) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (McAfee Security Scanner +) - C:\Program Files (x86)\McAfee Security Scan\3.0.313\npMcAfeeMss.dll (McAfee, Inc.)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
CHR Plugin: (Veetle TV Player) - C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
CHR Plugin: (Veetle TV Core) - C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave Flash) - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Extension: (Docs) - C:\Users\oliver\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0
CHR Extension: (Google Drive) - C:\Users\oliver\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0
CHR Extension: (YouTube) - C:\Users\oliver\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0
CHR Extension: (Google Search) - C:\Users\oliver\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0
CHR Extension: (DVDVideoSoft Browser Extension) - C:\Users\oliver\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.0_0
CHR Extension: (Gmail) - C:\Users\oliver\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM-x32\...\Chrome\Extension: [mbcjjdjanpccmehilicphhmeobiljcpk] - C:\Program Files (x86)\FTDownloader.com\FTDownloader10.crx
CHR HKLM-x32\...\Chrome\Extension: [pilobbegphefikcgjpajnneiiahhejam] - C:\Users\oliver\Econa\Gutscheinsammler\Chrome\chrome.crx
CHR StartMenuInternet: Google Chrome - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-06-27] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-06-27] (Avira Operations GmbH & Co. KG)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152 2009-07-07] ()
R2 ScrybeUpdater; C:\Program Files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe [1300264 2011-05-27] (Synaptics, Inc.)
R2 vToolbarUpdater15.4.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\ToolbarUpdater.exe [1616048 2013-07-29] (AVG Secure Search)

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [100712 2013-03-30] (Avira Operations GmbH & Co. KG)
R1 avgtp; C:\windows\system32\drivers\avgtpx64.sys [45856 2013-07-29] (AVG Technologies)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130016 2013-03-30] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-03-30] (Avira Operations GmbH & Co. KG)
S3 MHIKEY10; C:\Windows\System32\Drivers\MHIKEY10x64.sys [60288 2010-09-15] (Generic USB smartcard reader)
S3 rtport; C:\windows\SysWOW64\drivers\rtport.sys [15144 2011-02-15] (Windows (R) 2003 DDK 3790 provider)
S3 rtport; C:\windows\SysWOW64\drivers\rtport.sys [15144 2011-02-15] (Windows (R) 2003 DDK 3790 provider)
R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [395264 2009-09-28] ()
S0 PxHlpa64; System32\Drivers\PxHlpa64.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-08-01 11:18 - 2013-08-01 11:18 - 01781589 _____ (Farbar) C:\Users\oliver\Downloads\FRST64.exe
2013-08-01 10:58 - 2013-08-01 11:05 - 34992280 _____ (Google Inc.) C:\Users\oliver\Downloads\ChromeStandaloneSetup_28.0b1500.95.exe
2013-08-01 09:42 - 2013-08-01 09:42 - 00000818 _____ C:\windows\PFRO.log
2013-08-01 09:42 - 2013-08-01 09:42 - 00000056 _____ C:\windows\setupact.log
2013-08-01 09:42 - 2013-08-01 09:42 - 00000000 _____ C:\windows\setuperr.log
2013-07-31 20:40 - 2013-07-31 20:40 - 00000363 _____ C:\windows\DeleteOnReboot.bat
2013-07-31 20:39 - 2013-07-31 20:40 - 00012744 _____ C:\AdwCleaner[S1].txt
2013-07-31 16:41 - 2013-07-31 16:41 - 00024449 _____ C:\ComboFix.txt
2013-07-31 16:28 - 2013-07-31 16:39 - 00000000 ____D C:\windows\erdnt
2013-07-31 16:28 - 2011-06-26 08:45 - 00256000 _____ C:\windows\PEV.exe
2013-07-31 16:28 - 2010-11-07 19:20 - 00208896 _____ C:\windows\MBR.exe
2013-07-31 16:28 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe
2013-07-31 16:28 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe
2013-07-31 16:28 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe
2013-07-31 16:28 - 2000-08-31 02:00 - 00098816 _____ C:\windows\sed.exe
2013-07-31 16:28 - 2000-08-31 02:00 - 00080412 _____ C:\windows\grep.exe
2013-07-31 16:28 - 2000-08-31 02:00 - 00068096 _____ C:\windows\zip.exe
2013-07-31 12:33 - 2013-07-31 12:33 - 00000000 ____D C:\FRST
2013-07-31 11:28 - 2013-07-31 11:28 - 00000000 ____D C:\Users\oliver\AppData\Local\Cool_Mirage
2013-07-30 10:59 - 2013-08-01 09:45 - 00000000 ____D C:\Program Files (x86)\Glary Utilities 3
2013-07-30 10:59 - 2013-08-01 09:44 - 00000334 _____ C:\windows\Tasks\GlaryInitialize 3.job
2013-07-30 10:59 - 2013-07-30 10:59 - 00002634 _____ C:\windows\System32\Tasks\GlaryInitialize 3
2013-07-30 10:59 - 2013-07-30 10:59 - 00001080 _____ C:\Users\Public\Desktop\Glary Utilities 3.lnk
2013-07-30 10:58 - 2013-07-30 10:59 - 16285968 _____ C:\Users\oliver\Downloads\gu3setup.exe
2013-07-29 19:01 - 2013-07-29 19:01 - 00003717 _____ C:\Program Files (x86)\Mozilla Firefoxavg-secure-search.xml
2013-07-14 11:24 - 2013-07-14 11:24 - 01067456 _____ (Solid State Networks) C:\Users\oliver\Downloads\install_flashplayer11x32au_ltr5x64d_awc_aih.exe
2013-07-10 20:55 - 2013-06-12 01:43 - 14329856 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2013-07-10 20:55 - 2013-06-12 01:43 - 02877440 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2013-07-10 20:55 - 2013-06-12 01:43 - 01767936 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2013-07-10 20:55 - 2013-06-12 01:43 - 01141248 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2013-07-10 20:55 - 2013-06-12 01:43 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2013-07-10 20:55 - 2013-06-12 01:43 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2013-07-10 20:55 - 2013-06-12 01:43 - 00039424 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2013-07-10 20:55 - 2013-06-12 01:42 - 13760512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2013-07-10 20:55 - 2013-06-12 01:42 - 02046976 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2013-07-10 20:55 - 2013-06-12 01:42 - 00391168 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2013-07-10 20:55 - 2013-06-12 01:42 - 00109056 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll
2013-07-10 20:55 - 2013-06-12 01:42 - 00061440 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2013-07-10 20:55 - 2013-06-12 01:42 - 00033280 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2013-07-10 20:55 - 2013-06-12 01:26 - 02241024 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2013-07-10 20:55 - 2013-06-12 01:26 - 01365504 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2013-07-10 20:55 - 2013-06-12 01:26 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2013-07-10 20:55 - 2013-06-12 01:25 - 19238912 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2013-07-10 20:55 - 2013-06-12 01:25 - 15404032 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2013-07-10 20:55 - 2013-06-12 01:25 - 03958784 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2013-07-10 20:55 - 2013-06-12 01:25 - 02648576 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2013-07-10 20:55 - 2013-06-12 01:25 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2013-07-10 20:55 - 2013-06-12 01:25 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2013-07-10 20:55 - 2013-06-12 01:25 - 00526336 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2013-07-10 20:55 - 2013-06-12 01:25 - 00136704 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2013-07-10 20:55 - 2013-06-12 01:25 - 00067072 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2013-07-10 20:55 - 2013-06-12 01:25 - 00053248 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2013-07-10 20:55 - 2013-06-12 01:25 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2013-07-10 20:55 - 2013-06-12 00:51 - 00071680 _____ (Microsoft Corporation) C:\windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-10 20:55 - 2013-06-12 00:50 - 00089600 _____ (Microsoft Corporation) C:\windows\system32\RegisterIEPKEYs.exe
2013-07-10 20:55 - 2013-06-07 05:22 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2013-07-10 20:55 - 2013-06-07 04:37 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2013-07-10 07:24 - 2013-06-05 05:34 - 03153920 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2013-07-10 07:24 - 2013-06-04 08:00 - 00624128 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll
2013-07-10 07:24 - 2013-06-04 06:53 - 00509440 _____ (Microsoft Corporation) C:\windows\SysWOW64\qedit.dll
2013-07-10 07:24 - 2013-05-06 08:03 - 01887744 _____ (Microsoft Corporation) C:\windows\system32\WMVDECOD.DLL
2013-07-10 07:24 - 2013-05-06 06:56 - 01620480 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMVDECOD.DLL
2013-07-10 07:24 - 2013-04-10 01:34 - 01247744 _____ (Microsoft Corporation) C:\windows\SysWOW64\DWrite.dll
2013-07-10 07:24 - 2013-04-03 00:51 - 01643520 _____ (Microsoft Corporation) C:\windows\system32\DWrite.dll
2013-07-05 10:14 - 2013-07-05 10:14 - 00000979 _____ C:\Users\Public\Desktop\Winamp.lnk
2013-07-05 10:12 - 2013-07-05 10:13 - 13306032 _____ (Nullsoft, Inc.) C:\Users\oliver\Downloads\winamp564_full_emusic-7plus_de-de.exe

==================== One Month Modified Files and Folders =======

2013-08-01 11:18 - 2013-08-01 11:18 - 01781589 _____ (Farbar) C:\Users\oliver\Downloads\FRST64.exe
2013-08-01 11:11 - 2012-03-29 23:10 - 00000884 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2013-08-01 11:05 - 2013-08-01 10:58 - 34992280 _____ (Google Inc.) C:\Users\oliver\Downloads\ChromeStandaloneSetup_28.0b1500.95.exe
2013-08-01 11:05 - 2011-08-04 21:57 - 00000000 ____D C:\Users\oliver\AppData\Local\Google
2013-08-01 11:05 - 2011-08-04 21:57 - 00000000 ____D C:\Program Files (x86)\Google
2013-08-01 10:52 - 2011-08-04 21:57 - 00001110 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-08-01 10:52 - 2011-08-04 21:57 - 00001106 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-08-01 10:25 - 2012-02-12 00:31 - 00003938 _____ C:\windows\System32\Tasks\User_Feed_Synchronization-{999711EC-264D-4CF4-933C-4C0B21BB1F68}
2013-08-01 09:51 - 2009-07-14 06:45 - 00013936 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-01 09:51 - 2009-07-14 06:45 - 00013936 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-01 09:45 - 2013-07-30 10:59 - 00000000 ____D C:\Program Files (x86)\Glary Utilities 3
2013-08-01 09:44 - 2013-07-30 10:59 - 00000334 _____ C:\windows\Tasks\GlaryInitialize 3.job
2013-08-01 09:44 - 2011-07-23 19:33 - 00000374 _____ C:\windows\system32\Drivers\etc\hosts.ics
2013-08-01 09:44 - 2011-07-09 19:35 - 00000000 ____D C:\Users\oliver\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite
2013-08-01 09:43 - 2013-02-06 19:44 - 00000000 ____D C:\Users\oliver\.rainlendar2
2013-08-01 09:43 - 2011-12-27 18:32 - 00000328 _____ C:\windows\Tasks\GlaryInitialize.job
2013-08-01 09:42 - 2013-08-01 09:42 - 00000818 _____ C:\windows\PFRO.log
2013-08-01 09:42 - 2013-08-01 09:42 - 00000056 _____ C:\windows\setupact.log
2013-08-01 09:42 - 2013-08-01 09:42 - 00000000 _____ C:\windows\setuperr.log
2013-08-01 09:42 - 2009-07-14 07:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2013-07-31 23:48 - 2010-11-08 01:10 - 01157267 _____ C:\windows\WindowsUpdate.log
2013-07-31 20:40 - 2013-07-31 20:40 - 00000363 _____ C:\windows\DeleteOnReboot.bat
2013-07-31 20:40 - 2013-07-31 20:39 - 00012744 _____ C:\AdwCleaner[S1].txt
2013-07-31 16:41 - 2013-07-31 16:41 - 00024449 _____ C:\ComboFix.txt
2013-07-31 16:41 - 2012-06-19 18:58 - 00000000 ____D C:\Qoobox
2013-07-31 16:39 - 2013-07-31 16:28 - 00000000 ____D C:\windows\erdnt
2013-07-31 16:38 - 2009-07-14 04:34 - 00000215 _____ C:\windows\system.ini
2013-07-31 14:12 - 2011-07-29 08:52 - 00000000 ____D C:\Users\oliver\AppData\Roaming\SoftGrid Client
2013-07-31 12:33 - 2013-07-31 12:33 - 00000000 ____D C:\FRST
2013-07-31 11:33 - 2012-06-19 19:42 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-07-31 11:32 - 2012-07-19 18:20 - 00001109 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-07-31 11:28 - 2013-07-31 11:28 - 00000000 ____D C:\Users\oliver\AppData\Local\Cool_Mirage
2013-07-31 11:28 - 2011-07-09 14:03 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-07-30 11:00 - 2011-07-09 19:40 - 00000000 ___RD C:\Users\oliver\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-07-30 11:00 - 2009-08-02 04:27 - 00000000 ____D C:\windows\Panther
2013-07-30 10:59 - 2013-07-30 10:59 - 00002634 _____ C:\windows\System32\Tasks\GlaryInitialize 3
2013-07-30 10:59 - 2013-07-30 10:59 - 00001080 _____ C:\Users\Public\Desktop\Glary Utilities 3.lnk
2013-07-30 10:59 - 2013-07-30 10:58 - 16285968 _____ C:\Users\oliver\Downloads\gu3setup.exe
2013-07-30 10:59 - 2011-12-27 18:33 - 00000000 ____D C:\Users\oliver\AppData\Roaming\GlarySoft
2013-07-30 10:55 - 2011-07-09 13:45 - 00000000 ____D C:\Users\oliver\AppData\Roaming\Macromedia
2013-07-29 19:01 - 2013-07-29 19:01 - 00003717 _____ C:\Program Files (x86)\Mozilla Firefoxavg-secure-search.xml
2013-07-29 19:01 - 2012-08-30 20:43 - 00045856 _____ (AVG Technologies) C:\windows\system32\Drivers\avgtpx64.sys
2013-07-28 22:02 - 2011-07-09 13:52 - 00000000 ____D C:\Users\oliver\AppData\Roaming\Winamp
2013-07-26 20:37 - 2010-11-06 04:52 - 00654852 _____ C:\windows\system32\perfh007.dat
2013-07-26 20:37 - 2010-11-06 04:52 - 00130434 _____ C:\windows\system32\perfc007.dat
2013-07-26 20:37 - 2009-07-14 07:13 - 01500294 _____ C:\windows\system32\PerfStringBackup.INI
2013-07-23 22:38 - 2011-07-09 13:58 - 00000000 ____D C:\Users\oliver\Desktop\Nicht verwendete Desktop Dateien
2013-07-23 12:08 - 2013-06-23 14:19 - 00000000 ____D C:\Users\oliver\AppData\Roaming\Skype
2013-07-14 11:24 - 2013-07-14 11:24 - 01067456 _____ (Solid State Networks) C:\Users\oliver\Downloads\install_flashplayer11x32au_ltr5x64d_awc_aih.exe
2013-07-13 10:47 - 2011-08-04 21:57 - 00004106 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-07-13 10:47 - 2011-08-04 21:57 - 00003854 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-07-13 09:51 - 2009-07-14 07:08 - 00032640 _____ C:\windows\Tasks\SCHEDLGU.TXT
2013-07-12 12:57 - 2013-06-23 14:19 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-07-12 12:57 - 2013-06-23 14:19 - 00000000 ____D C:\ProgramData\Skype
2013-07-10 21:06 - 2009-07-14 06:45 - 00317528 _____ C:\windows\system32\FNTCACHE.DAT
2013-07-10 21:05 - 2013-03-13 22:04 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-10 21:05 - 2013-03-13 22:04 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-07-10 21:04 - 2010-11-06 04:31 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-10 21:04 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-10 21:04 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-07-10 20:56 - 2011-07-10 20:07 - 78185248 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2013-07-08 21:03 - 2013-06-23 14:15 - 00000000 ____D C:\Users\oliver\Documents\Images
2013-07-05 14:07 - 2011-07-25 23:05 - 00000000 ____D C:\Users\oliver\Downloads\German_TOP100_Single_Charts_04_07_2011-MCG
2013-07-05 10:14 - 2013-07-05 10:14 - 00000979 _____ C:\Users\Public\Desktop\Winamp.lnk
2013-07-05 10:14 - 2011-07-09 13:52 - 00000000 ____D C:\Program Files (x86)\Winamp
2013-07-05 10:13 - 2013-07-05 10:12 - 13306032 _____ (Nullsoft, Inc.) C:\Users\oliver\Downloads\winamp564_full_emusic-7plus_de-de.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-07-23 09:15

==================== End Of Log ============================
--- --- ---




Gehe ich als recht in der Annahme das mein Rechner wieder " sauber ist" ?

schrauber 01.08.2013 11:48
Jap, fertig :)

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.


Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.

Landei 01.08.2013 12:16
Hallo schrauber,

ja es sieht alles gut aus.Ein fettes danke schön an dich und das team!!!! danke danke ...

schrauber 01.08.2013 13:01
Gern Geschehen :)


Alle Zeitangaben in WEZ +1. Es ist jetzt 20:43 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131